LWN.net Weekly Edition for July 29, 2004
The 2004 Ottawa Linux Symposium
The 2004 Ottawa Linux Symposium is now history. OLS has, once again, proved itself to be one of the leading development conferences worldwide. By many accounts, this![[Ottawa lightshow]](https://static.lwn.net/images/ns/lightshow-sm.jpg)
was one of the best years yet. This view is supported by the standing
ovation given to conference organizer Andrew Hutton at the end.
This year, OLS expanded to fill a larger part of the Ottawa Conference Center, to good effect; the extra space was appreciated by all. AMD sponsored an opening reception featuring a talk by author Jim Munroe; unfortunately, in your editor's opinion, Mr. Munroe's speeches are not as interesting as his books. He characterized Linux as being a response to Microsoft, rather than something valuable in its own right, and he thought that his audience, full of IBM, SGI, AMD, Intel, Novell, etc. employees, would be interested in a lecture on the evils of corporate power. The closing reception, held at the newly-expanded Black Thorn, was as successful as ever - to the obvious regret of the crowd of hungover developers on the airport shuttle the next morning.
Kernel developer Andrew Morton was this year's keynote speaker. He called for unifying the kernels shipped by the distributions, and asked that distributors work toward getting their patches into the mainline quickly. He acknowledged that some distributors see kernel enhancements as part of the value they can add, but asked those distributors to find some other way to provide value to their customers. Fragmenting the kernel may be within the rights granted by the license, he said, but he sees it as being bad for the long-term future of Linux. He warned these distributors that he would actively work to undermine that strategy.
Andrew spent much of his time on the advantages of having a community-run platform upon which to build products, noting that "system software" is often where free software is most successful. He urged developers working on kernel code - drivers or new features - to get their code into the kernel early, so that it can benefit from the community process. He also acknowledged the community's debt to Richard Stallman.
Andrew finished by noting that, while Linux tends to enter companies from the bottom, it does not stay there. And neither do the people who brought in Linux in the first place. Some of them eventually get promoted into management, which helps the process along. "World domination," says Andrew, "is proceeding according to plan."
Along those lines, it is worth noting that the mix of attendees was a little different this year. The core of developers which defines OLS was as strong as ever, but, on the edges, one could see a fair number of management types, representatives from technical companies worldwide, and members of the press. The visibility of this conference, in other words, is growing beyond the developer community that it serves.
(LWN's coverage from a few OLS talks can be found below. The slides from LWN editor Jonathan Corbet's talk (on what to expect from kernel development in the next year) are available for the curious.)
X at OLS
Two sessions at the Ottawa Linux Symposium hosted by Keith Packard and Jim Gettys combined to give a good overview of where the X window system is going. This article is an attempt to pull together the material covered in those talks. X, which, in Jim's words, "just sat there for years with nothing interesting happening," is now the focus of a flurry of activity. Expect to see interesting things happening over the next year or two - especially if a few more developers can be brought into the fold.
![[Keith Packard]](https://static.lwn.net/images/ns/people/keith-packard-sm.jpg)
Keith Packard's talk had to do with separating the X server from the
hardware. X currently does all kinds of interesting things, from direct
programming of video modes through to remapping the PCI bus (to get around
interesting BIOS behavior), scary DMA operations from user mode, direct
interpretation of mouse events, and no end of user-space busy-waiting.
There are all kinds of unfortunate side effects from this behavior;
remapping the PCI bus and attempting DMA from user mode can bring down the
whole system without much trouble. X's busy-waiting behavior leads, among
other things, to poor interaction with the scheduler, which sees X as a CPU
hog process whose priority should be lowered. Things would improve greatly
if X did not get its hands quite so dirty with the hardware.
Interestingly, Keith blames himself for much of the current situation. Very early X11 implementations dealt with the operating system for their frame buffer access. Then Sun came out with a closed video adaptor which required some user-space tweaking; Keith duly hacked this up. More closed hardware came out, making the problem worse. Things led to the current situation, where X knows all about the hardware, deals with it at a very low level, and occasionally lets things go wrong in spectacular ways.
Things are, says Keith, starting to get better. The direct rendering infrastructure (DRI) is "a glimmer of sanity"; it returns DMA and interrupt handling to the kernel. The kernel frame buffer subsystem has helped to move hardware detection and mode selection back into the kernel. And /dev/input has gotten X out of the business of directly interpreting mouse sequences and trying to figure out which protocol is in use; the input subsystem also allows marking input events with proper, accurate timestamps, which is important to many applications. The input subsystem is still not perfect, however, especially on multi-head systems: there is no easy way to associate input devices with specific displays.
The process of separating X from the hardware needs to continue, however. X is still often in the business of configuring video modes, which is a complex and unforgiving task. "Everybody just hopes that X gets it right." This task should be moved out of X, and into some appropriate combination of kernel and user-space code. Keith's vision goes beyond mode selection, though; he would eventually like to see the X server using GL to speak with the hardware. Turning X into a GL client would make proper 3D support easier, would further separate X from the hardware, and would give hardware vendors a single set of drivers to write.
A huge remaining issue with the hardware side of X is hotplug monitors. The assumption that the available screens will never change is wired very deeply into the X server, and will not be easy to root out. But this work must be done; people are increasingly wanting to, for example, plug their laptop into different projectors from one day to the next, and it would be nice if it actually worked.
Jim Gettys's talk covered just about every aspect of the window system - and most of those are currently in flux. The fork in X development, which saw almost all of the XFree86 developers moving over to X.org, has revitalized development in a number of ways. Many longstanding problems are being addressed, and lots of new ideas are being kicked around.
Jim started with a list of current issues with X:
- The X font architecture, as originally designed, was terminally
broken.
- The internal 2D graphics engine was poor; the plan from the beginning
had been to replace it quickly. Once again, we see how "temporary"
code can stay with us for decades.
- For various reasons, screen magnifiers and other accessibility aids
are very hard to implement.
- X needs better "eye candy" support: translucent graphics, drop
shadows, etc. Competing window systems (OS X, Longhorn) are
raising the bar in this area, and X needs to stay up with them - if
not ahead.
- Three-dimensional graphics are increasingly commonplace, and must be
properly supported.
- Shared use of X (shared projector walls were an example that came up repeatedly) is poorly supported currently.
Anybody who has worked with X in any depth knows that its font mechanism has not aged well. What is happening now is that fonts are, increasingly, the responsibility of the client; the centralized font engine model has failed. This is, says Jim, the biggest single architectural change happening with X. Putting font support in the clients allows quicker distribution of new technologies; Jim notes that there have been five generations of font formats so far during the lifetime of X, and there is no reason to expect things to slow down. Any change which requires X server support cannot expect to see widespread deployment for at least two years; client-side changes can propagate much more quickly.
One of the reasons for putting font support in the X server initially was to keep bandwidth usage down. As it turns out, moving font support into the clients has left bandwidth usage almost unchanged, but has eliminated about 1/4 of the round trips to the server during application startup. Anybody who has ever run an X application over a high-latency link knows that those round trips hurt; eliminating them can only be a good thing.
Jim noted some lessons which come from the font experience. One is that downward compatibility is absolutely necessary. New technologies (such as newer font schemes) only became accepted when libraries were provided to make them work with older servers. No developer is interested in adopting technologies which restrict the distribution of their applications. It is also necessary to solve the full problem; in the case of fonts, that means solving the problem for printing as well. With that in place, "even OpenOffice" is moving over to the new font code.
Next point: eye candy is important. To a great extent, "eye candy" means translucent windows in one form or another. The real use for translucence is likely to be in window managers; once the new capabilities become available, Jim expects yet another round of window manager experimentation. "Another thousand flowers will bloom; many of them will stink." But what survives will enrich the graphical experience for all of us.
Keith took the stage for one of his famous demonstrations. His desktop is looking better all the time, with menus fading in and out and extensive (some might say excessive) use of translucence everywhere. He pointed out that translucence is a pixel-by-pixel property. He runs an xterm with a translucent background, but the text is opaque, and casts solid shadows. High bandwidth applications, such as full-motion video, run in a translucent mode with no apparent performance problems - on a fast laptop, anyway.
"Eye candy" also means tools like screen magnifiers (which keep up in real time) for people who have a hard time reading the screen's contents. "Thumbnailers" (such as those often used for virtual desktops) will also benefit from this work. Animation needs better support, and X needs better integration into three-dimensional environments. "We live in a 3D world, perhaps our work environments should be 3D as well." Eliminating "flashing" (making desktop updates look nice) is also an important goal.
All of this is happening, in classic computer science manner, through the addition of another level of indirection. X applications have typically rendered their graphics directly into the frame buffer, unless they made explicit use of off-screen pixmaps. In the new world, all rendering will happen into off-screen memory. A new "compositing manager," which typically works in conjunction with the window manager, renders the off-screen windows onto the display, perhaps transforming them along the way. It is this process which, for example, causes a newly maximized window to fade, fully rendered, onto the screen, rather than just flashing up blank and being redrawn in place. The policy for when and how such effects should be used lives entirely within the compositing manager.
To accomplish all of this, four new extensions have been added to the X protocol. "XFixes" is a sort of repository for minor repairs for things that were done wrong in the original protocol. Among other things, XFixes promotes Regions to a first-class X protocol object. The "Damage" extension allows X clients to be notified when the contents of windows changes; it can be used by the compositing manager, screen magnifiers, thumbnailers, and any other process which needs to know when things happen. Interestingly, the Damage extension actually shrinks the size of the X server; a sign, according to Jim, of something that should have been done that way from the beginning. The "Composite" extension handles the off-screen rendering of windows and the interactions with the compositing manager. And "Xevie" allows the interception of input events; it is used both for compositing (where event locations may have to be transformed on their way to the client) and for accessibility functions.
The latency issue is on the X developers' minds. X client startup can be slow, especially on high-latency links. This slowness is caused by the large number of round trips required between the client and the server during initialization. Client-side fonts eliminated 25% of those, but, for a typical client, some 130 round trips still need to happen before any actual work can get done. Jim believes that 90% of those can be eliminated; some will be harder than others. One of the biggest remaining offenders, it turns out, is X extensions; apparently an "Extension extension" may be required to batch together extension information.
In the 2D world, the Cairo library, by Carl Worth and Keith Packard, is starting to come into use. This engine, says Jim, brings "world-class, two-dimensional, anti-aliased graphics" to the free software world; it is second to none. Along with top-quality graphics, Cairo turns printing into a first-class citizen; the audience reacted to this statement with loud applause. There is work left to be done with Cairo, including the addition of more backends and, inevitably, optimization.
Security is another issue. Currently, the only rational way to use X remotely is through an ssh tunnel, but that has its costs: extra processes in the loop, more latency, etc. X clients need to be able to talk directly with the server in a secure manner. Jim notes that X terminals are coming back. Maintenance of desktop clients is costly, and the deployment of simple X terminals can reduce those costs. But it has to be possible to use them in a secure manner.
The other interesting security issue is access to shared resources. It would be nice to be able to walk up to a projector wall with a laptop and start making use of it. Handling of input devices also figures into this equation; how does one connect a mouse to a wall screen? If this problem could be solved, there is the potential to "explode the PC into its component pieces" and create an interesting, dynamic world. There are no security policy options in X for this kind of shared use, however. Jim briefly mentioned some ideas involving integration with SELinux as a way of addressing this area.
A related topic is mobility. Wouldn't it be nice, asks Jim, if you could leave the office, go home, and pick up with your applications on your home system? This is a hard problem, but it is being addressed; there is prototype migration code in GTK now. There are security issues to deal with, of course, along with little things like teaching Xlib to deal gracefully with connection loss.
Other issues mentioned in passing include proper network audio support ("all of the current audio servers are lame; we need one good one"), better color management (for things like printers too), and proper support for compression in the X protocol. It seems that the bulk of X traffic, anymore, is image data, and much of that data compresses very well.
Finally, there are the packaging and development issues. Work to split the X distribution into its component pieces (server, libraries, applications, fonts) continues; there will eventually be no "tarball from hell" to deal with. Modern building tools are being adopted; imake is on its way out. Much of this work is done, but some pieces remain.
On the community side, Jim notes that X.org is a very different place from what it was a year ago. Most of the XFree86 developers have come over, and it is clearly the focal point for X development.
Perhaps the most important part of Jim's talk was repeated several times: the X developers have ambitious aims and a great deal of work that needs to be done; they are actively looking for developers to take on pieces of it. For anybody out there who is looking for a project to support, X.org represents a major opportunity. X is the core, the kernel, as it were, of the Linux graphical environment. The development effort is healthy again, and it has no end of interesting and challenging tasks to address. It is hard to imagine a better, more interesting, more visible, or more important project to work with. If you are looking to do some hacking, X would be an ideal place to do it.
OLS: Enforcing the GPL
Harald Welte, the current netfilter maintainer, ran a session on dealing with GPL violations. Harald has made a name for himself over the last year by reaching settlements with several manufacturers who were shipping products containing the netfilter code without complying with its licensing requirements. In most cases, these settlements have been relatively easy to reach, with the offending companies releasing their code and, in many cases, making a donation to the FSF or a related worthy cause. Harald is also the force behind the injunction in the Sitecom case, which just received another court ruling that the GPL is valid and enforceable in Germany.Harald's approach differs from that of the Free Software Foundation. The FSF tries to resolve GPL violations in the most quiet, friendly way possible; in most cases, the wider world never even hears that there is a problem. Harald found himself frustrated with this way of doing things; it takes far too long (perhaps longer than the lifetime of the offending product) and gives no real disincentive for companies considering ignoring the GPL. So he took matters into his own hands; by bringing in lawyers early, making violations public, and threatening immediate damage to the offenders' bottom line, he has gotten some real results.
Some interesting features of the German legal system have worked in Harald's favor in this campaign. By (his lawyers' interpretation of) German law, simple use of the netfilter/iptables internal API is a strong indication of a derivative work. Since it is not a "standard" API, there is no copyright boundary there; by this same reasoning, any binary-only kernel module is a GPL violation. This interpretation of the GPL also rules out putting GPL-licensed code onto hardware which only runs signed binaries - unless the key is distributed with the source.
German law requires that any request for injunctive relief be filed within four weeks of the discovery of the infringement. This is an inflexible, externally-imposed deadline which forces companies to move quickly to resolve the issue. When a company has received a cease-and-desist notice, it knows that it cannot drag it issue out over time; it will, instead, find itself in court in short order.
Harald was asked about the completeness of the code releases he has won so far; apparently not all vendors have released kernels which actually can be rebuilt into a working image - or which even compile. His response is that his ability to compel code releases really only extends as far as his copyrights in the netfilter code. If a vendor does not release a full kernel, copyright holders in other parts of the system will have to get involved.
The last part of the talk covered things developers can do to help make copyright enforcement easier. They include:
- Don't fix spelling errors and typos, and leave strange messages
(example: "Rusty needs more caffeine") in place. The presence of this
sort of text in a binary image is an obvious sign of copying. The
removal of this text, instead, would be a clear sign of a willful
violation, which raises the stakes considerably.
- The copyright message needs to be in the binary as well.
- It is important to track the names of all contributors to the code, so
they can be found for enforcement actions or the distribution of any
sort of damages.
- When a violation is found, it should not be made public at the time, as that can make getting injunctive relief harder. Instead, a lawyer should be brought in to prepare and send the "cease and desist" note.
Expect to hear about more resolved violations in the near future. Harald indicated that a couple of settlements have been reached, but the companies involved have been given a grace period to prepare for the fallout once the situation has been made public. Once that period has passed, the press releases will go out.
OLS: An introduction to Conary
Specifix, a company founded by a number of early Red Hat developers, recently came out of hiding. At the 2004 Ottawa Linux Symposium, Eric Troan gave a presentation on Conary, the company's system for package, repository, and distribution management. It was a technical talk from the beginning to the end; Eric would not talk about Specifix's business model even when asked (though he offered to do so in private). If nothing else, he understands what the OLS crowd is looking to hear.Package management systems have come into use in almost every distribution out there. They are a clear step up from what came before, but, as Eric pointed out, significant problems have been building for years. These include:
- Repositories are an afterthought. A typical repository is a simple
collection of files in whatever package format is being used, perhaps
with a bit of metadata.
- The version scheme used by most package managers follows a straight
line model; there is no provision for branches. That makes it hard,
for example, to determine which version of a package is appropriate
for a specific release of a given distribution.
- Packages contain scripts which handle parts of the installation and removal process which go beyond the simple management of files. These scripts tend to contain a lot of boilerplate, and are replicated in every package file. Bugs, too, are replicated, and there is no one place to go to fix them. The scripts are also not portable across distributions (even those using the same package format) and cannot be customized for an individual site's needs.
Conary was developed as a way of addressing the above limitations and to make it possible for users to create their own, customized distributions in an easy manner. In the simplest sense, one can think of Conary as a package management system with a more consistent view of objects from the repository level down to individual files, combined with a version management scheme.
Conary treats files as "first class objects," which are managed by the framework as a whole. Files have a unique ID and a version history; they also have a set of attributes. One of those attributes is the file's location in the filesystem; moving a file is a simple matter of changing that attribute.
A "trove" is a container holding one or more files and other troves. Files are contained by reference. A "component" is a collection of files, by reference. Example components listed by Eric for the bzip2 package might be bzip2:runtime (binary files to run the program), bzip2:lib, bzip2:doc, and, of course, bzip2:source. Components can be aggregated together into packages. Both components and packages are considered to be "troves," for what it's worth.
Version strings are hung onto everything; Specifix has added some complexity to the versioning system, though. Each version string includes the repository name, a namespace (think of it as a distribution name), a branch name (for the creation of trees in the version space), the upstream package version, and a two-part local revision number. Needless to say, the version strings get long, but the system hides the full string most of the time. Creating versions in this way allows the system to easily determine which version of a package is the newest, which version of which distribution is built for, and so on.
Branching is done by adding a branch name to the version string. Branching allows the tracking of versions of packages which were shipped with a specific distribution, along with updates to those packages. There is also a special type of branch called a "shadow" which tracks changes to the trunk it was branched from. Essentially, the shadow is automatically merged with each new version of the trunk it is following. This feature would be useful for somebody maintaining a derivative distribution; they want to keep up with what the source distribution is doing without losing track of their own changes. The only problem with shadows is that, like a number of other Conary features, they are not actually implemented yet.
"Flavors" are another Conary feature; they seem to be patterned after Gentoo's "USE flags." A flavor is a set of configuration options describing how all packages are to be built. This feature is used for multiple architecture support, or for building versions of distributions with different feature sets (e.g. creating a distribution without PAM support). Multiple flavors of a package can be installed on a system if they don't conflict with each other; this allows, for example, the installation of 32-bit libraries on x86-64 systems.
Then, there is the concept of "changesets." A changeset is a collection of modifications to files (including attribute changes) and the troves which contain them. A changeset is, essentially, a patch to a package or a distribution. Changesets, which track only changes, can be much smaller than the packages they describe, and can thus be an efficient way of distributing updates. Changesets describe changes to configuration files in diff format, which often allows them to be merged automatically with local changes. A system administrator can also create a changeset describing his or her local changes to the system; that changeset can then be used for merging with updates, or replicating the system elsewhere. Local changesets can also be used for version control and the tracking of system changes.
"Tags" are Conary's answer to the package script problem (and, also, to the complex set of interactions represented by the RPM "trigger" mechanism). A tag is a file attribute describing the type of the file, be it "shared library," "info file," or any of a long list of alternatives. Most files can be tagged automatically by Conary. Tags have scripts associated with them; there is, for example, a script which handles the installation of an info file and updating the relevant directory. These scripts are distributed separately; there is only one copy of them on the system. The scripts are thus easily fixed when bugs turn up, and they can be customized by the local administrator if need be. Separating out the management scripts in this way should also make it easier to install packages from other distributions.
A "fileset" is an arbitrary collection of files built from components in the repository. Filesets seem to be intended to help in the creation of small system images for embedded systems; they allow an easy picking and choosing of an exact set of desired files. "Groups" are, instead, the analog of the Debian "task" or Anaconda "component." They allow the management of several packages as a unit, but they come with their own local changesets so that local changes to the group are tracked properly.
The paper from the OLS proceedings (PDF format) is worthwhile reading for anybody wanting more details on how Conary works.
Interested parties can download an early Conary release from the Specifix web site. Be warned, however, that a few features are still missing; they include shadows, dependencies (an important issue that they "think" they know how to implement), flavors, package signatures, and more. "Release early" is an important part of the free software development process, however, and the Specifix founders understand that process well. Conary's vaporware features will, beyond doubt, be filled in soon. As that happens, expect interest in this tool to increase; it truly does have the potential to change the way we set up and manage our projects, distributions, and systems.
Security
Brief items
The value of privacy policies
Most serious web sites post a privacy policy describing what the site's owners will do with data collected from and about the site's users. For users who are concerned about the spread of their personal information, a strongly-written privacy policy can be a reassuring feature. A recent court ruling, however, suggests that web privacy policies may not be worth the paper they aren't printed on, at least some of the time.Northwest Airlines was recently faced with a class-action lawsuit headed by some of its customers, who were upset that the airline had provided passenger name record (PNR) data to the U.S. government after the September 11 attacks. The plaintiffs made several allegations, including the violation of various laws and, crucially, breach of contract as a result of Northwest's failure to live up to its privacy policy.
The policy reads, in part:
There is nothing here about giving PNR data (which includes hotel and car information, along with credit card numbers) to interested governmental agencies. One might well conclude that the privacy policy has been breached.
The court struck down the breach of contract claim, however. The reasoning was:
The implications are clear: weasel words in a privacy statement can be used against you. If you ever think you may want to take a site operator to court for the violation of a privacy statement, you will, at a minimum, have to be able to show that you read that statement before the violation occurred. It seems unlikely that many potential plaintiffs in privacy policy cases will be able to make that demonstration. Privacy policies, thus, may not be worth a whole lot - at least, not in countries which lack more general restrictions on the use of personal data.
(For the curious, the full ruling is available in PDF format).
Evans Data on Linux security
Evans Data has sent out a press release about a Linux security survey done by the company. "Ninety two percent of survey respondents indicated that their Linux systems have never been infected with a virus, according to Evans Data's new Summer 2004 Linux Development Survey." The PR lacks an answer for the most interesting question, however: what, exactly, happened to the other 8%?
New vulnerabilities
courier: cross-site scripting vulnerability
| Package(s): | courier | CVE #(s): | CAN-2004-0591 | ||||||||
| Created: | July 23, 2004 | Updated: | August 4, 2004 | ||||||||
| Description: | The sqwebmail application has a cross-site scripting vulnerability. An attacker can inject and execute a web mail script via an email message. | ||||||||||
| Alerts: |
| ||||||||||
mailreader: directory traversal vulnerability
| Package(s): | mailreader | CVE #(s): | CAN-2002-1581 | ||||
| Created: | July 23, 2004 | Updated: | July 28, 2004 | ||||
| Description: | Mailreader has a directory traversal vulnerability. A remote attacker can view arbitrary files with the privileges of the nph-mr.cgi process. | ||||||
| Alerts: |
| ||||||
Pavuk: Digest authentication helper buffer overflow
| Package(s): | pavuk | CVE #(s): | |||||
| Created: | July 26, 2004 | Updated: | July 28, 2004 | ||||
| Description: | Pavuk contains several buffer overflow vulnerabilities in the code handling digest authentication. An attacker could cause a buffer overflow, leading to arbitrary code execution with the rights of the user running Pavuk. These vulnerabilities have been fixed in pavuk-0.9.28-r3. | ||||||
| Alerts: |
| ||||||
samba: potential buffer overruns
| Package(s): | samba | CVE #(s): | CAN-2004-0600 CAN-2004-0686 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | July 22, 2004 | Updated: | September 2, 2004 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | According to this Samba advisory, Evgeny
Demidov discovered that the Samba SMB/CIFS server has a buffer overflow bug
in the Samba Web Administration Tool (SWAT) on decoding Base64 data during
HTTP Basic Authentication. Samba versions between 3.0.2 through 3.0.4 are
affected. (CAN-2004-0600)
Another buffer overflow bug has been located in the Samba code used to support the "mangling method = hash" functionality. The default setting for this parameter is "mangling method = hash2" and therefore Samba is not vulnerable by default. Samba versions between 2.2.0 through 2.2.9 and 3.0.0 through 3.0.4 are affected. (CAN-2004-0686) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
sox: buffer overflow
| Package(s): | sox | CVE #(s): | CAN-2004-0557 | ||||||||||||||||||||||||||||||||||||||||
| Created: | July 28, 2004 | Updated: | February 21, 2005 | ||||||||||||||||||||||||||||||||||||||||
| Description: | Sox suffers from buffer overflows in its WAV file handling; these overflows could conceivably be exploited by way of a malicious sound file. | ||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||
subversion: access control bypass
| Package(s): | subversion | CVE #(s): | |||||||||
| Created: | July 23, 2004 | Updated: | July 28, 2004 | ||||||||
| Description: | Subversion has a vulnerability in the mod_authz_svn Apache authentication module that can allow a local user to bypass read restrictions in the repository. | ||||||||||
| Alerts: |
| ||||||||||
Page editor: Rebecca Sobol
Kernel development
Brief items
Kernel release status
The current 2.6 prepatch remains 2.6.8-rc2; no new prepatches have been released over the last week.Linus has been committing patches to his BitKeeper repository, however; they include lots more code annotations and fixups, various networking fixes, some NX improvements for old binary support, and a number of other fixes. Things appear to be stabilizing for the real 2.6.8 release.
The current prepatch from Andrew Morton is 2.6.8-rc2-mm1. Recent additions to -mm include the pmdisk/swsusp merge (covered here last week), some performance counter tweaks (enables inheritance of settings across fork() and exec()), some scheduling domains cleanup work, various latency reductions, and a large number of other fixes.
The current 2.4 prepatch is 2.4.27-rc3 and has been since July 3.
Kernel development news
Another look at the new development model
Discussions held at OLS, on the mailing lists, and elsewhere have made it clear that a certain degree of confusion still exists regarding the new kernel development process and what has really changed. In an attempt to clear things up, we'll take one more look at what was decided at this year's kernel summit.The old process, in use since the 1.0 kernel release, worked with two major forks. The even-numbered fork was the "stable" series, managed in a way which (most of the time) attempted to keep the number of changes to a minimum. The odd-numbered fork, instead, was the development series, where anything goes. The idea was that most users would use the stable kernels, and that those kernels could be expected to be as bug-free as possible.
This mechanism has been made to work, but it has a number of problems which have been noticed over the years. These include:
- The stable and development trees diverge from each other quickly,
especially since big API changes have tended to be saved for early in
the development series. This divergence makes it hard to port code
between the two trees. As a result, backporting new features into the
stable series is hard, and forward-porting fixes is also a challenge.
2.6.0 came out with a number of bugs which had long been fixed in 2.4.
- The stable tree, after a short while, lacks fixes, features, and
improvements which have been added to the development tree. That code
may well have proved itself stable in the development series, but it
often does not make it into a stable kernel for years. The kernels
that people are told to use can run far behind the state of the art.
- The stable kernels are often very heavily patched by the distributors. These patches include necessary fixes, backports of development kernel features, and more. As a result, stock distribution kernels diverge significantly from the mainline, and from each other. Distributor kernels sometimes are shipped with early implementations of features which evolve significantly before appearing in an official stable kernel, leading to compatibility problems for users.
The focus on keeping changes out of the stable kernel tree is now seen as being a bit misdirected. Well-tested patches can be safely merged, most of the time. Blocking patches, instead, creates an immense "patch pressure" which leads to divergent kernels and a major destabilizing flood whenever the door is opened a little.
So how have things changed? The "new" process is really just an acknowledgment of how things have been done since the 2.6.0 release - or, perhaps, a little before. It looks like this:
- New patches which appear to be nearing prime-time readiness are
added to Andrew Morton's -mm tree. This addition can be done by
Andrew himself, or by way of a growing number of BitKeeper
repositories which are automatically merged into -mm.
- Each patch lives in -mm and is tested, commented on, refined, etc. Eventually, if the patch proves to be both useful and stable, it is forwarded on to Linus for merging into the mainline. If, instead, it causes problems or does not bring significant benefit, the patch will eventually be dropped from -mm.
The -mm tree has proved to be a truly novel addition to the development process. Each patch in this tree continues to be tracked as an independent contribution; it can be changed or removed at any time. The ability to drop patches is the real change; patches merged into the mainline lose their identity and become difficult to revert. The -mm tree provides a sort of proving ground which the kernel process has never quite had before. Alan Cox's -ac trees were similar, but they (1) were less experimental than -mm (distributors often merged -ac almost directly into their stock kernels), and (2) -mm does a much better job of tracking each patch independently.
In essence, -mm has become the new kernel development tree. The old process created a hard fork and was not designed to merge changes back into the "old" stable tree. -mm is much more dynamic; it exists as a set of patches to the mainline, and any individual patch can move over to the mainline at any time. New features get the testing they need, then graduate to the mainline when they are ready. New developments move into the stable kernel quickly, the development kernel benefits from all fixes made to the stable branch, and the whole process moves in a much faster and smoother way.
More than one observer in Ottawa made this ironic observation: it would appear that Andrew Morton is now in charge of the development kernel, while Linus manages the stable kernel. That is not quite how things were expected to turn out, but it seems to be working. Consider some of the changes which have been merged since 2.6.0:
- 4K kernel stacks
- NX page protection and ia32e architecture support
- The NUMA API
- Laptop mode
- The lightweight auditing framework
- The CFQ disk I/O scheduler
- Netpoll
- Cryptoloop, snapshot, and mirroring in the device mapper
- Scheduling domains
- The object-based reverse mapping VM
Some of these changes are truly significant, and things have not stopped there: new patches are going into the kernel at a rate of about 10MB/month. Yet 2.6.7 was, arguably, the most stable 2.6 kernel yet. It contains many of the latest features, has few performance problems, and the number of bug reports has been quite small. The new process is yielding some good results.
Naturally, there are some issues to resolve. One of those is the deprecation of features, which used to be tied to the timing of the old process. The new plan, it seems, is to give users a one-year notice, including a printk() warning in the kernel. The first features to be removed by this path are likely to be devfs and cryptoloop. There is also the question of changes which are simply too disruptive to merge anytime soon. Page clustering, if it is merged, could be one of those. When such a feature comes along, we may yet see the creation of a 2.7 tree to host it. Even then, however, 2.7 will track 2.6 as closely as possible, and it may go away when the feature which drove its existence becomes ready to go into the mainline.
This change to the development process is significant. It is not particularly new, however. The actual change happened the better part of a year ago; it was simply hidden in plain sight. All that has really happened in Ottawa is that the developers have acknowledged that the process is working well. One can easily argue, in fact, that the kernel development process has never functioned better than it does now. So, rather than break such a successful model, the developers are going to let it run.
Voluntary preemption and hardware interrupts
Ingo Molnar's voluntary preemption work, described here two weeks ago, has continued to progress. Indeed, since Mr. Molnar did not attend the kernel summit or OLS, this could well have been the fastest-moving kernel project over the last week. The 2.6.8-rc1-L2 version of the patch, released on July 27, claims a maximum 100μs latency - almost good enough, says Ingo, for hard real-time work. One of the methods used may raise some eyebrows, however.The core of the voluntary preemption patch stays true to its original intent: it adds scheduling points in places where the kernel may hold onto the CPU for overly long periods. As kernel testers report problems, Ingo has been going in and breaking up the offending bits of code. Ingo has also added a new knob to control the maximum number of sectors the block I/O subsystem will try to transfer at once; if block operations get too big, the IDE completion routines can take too long to perform their cleanup.
That change pointed at a larger problem, however: some interrupt handlers can, despite conventions to the contrary, occupy the processor for a long time. While an interrupt handler is running, high-priority processes cannot run. Ingo decided to address this problem head on: he has moved hardware interrupt handling into process context.
To do this, he had to change the core kernel interrupt dispatcher. That code now checks to see if the interrupt comes from the timer; if so, it is handled immediately, in the traditional manner. Otherwise, the IRQ number is added to a per-CPU list of pending hardware interrupts, and control returns to the scheduler without having actually serviced the interrupt. Calling the real interrupt handler falls to the ksoftirqd process (which has been renamed irqd). Once it is scheduled, it simply iterates through the list of pending interrupts and calls all of the registered handlers for each. Due to the change in context, the pt_regs structure is no longer available to the handler, but, since almost no interrupt handlers ever use that argument, that will not be a problem.
The irqd process runs at a high priority, but a high-priority, real-time process can still preempt it. While it is dispatching an interrupt to its handler(s), irqd goes into a simulated interrupt mode and cannot be preempted. It drops out of that mode between interrupts, however, making scheduling possible. It is also possible for an interrupt handler to enable preemption at a given point with a call to cond_resched_hardirq() (or one of its variants). Without such a call, hardware interrupt handlers will not be put to sleep.
There are no such calls in drivers in Ingo's current patch - at least, not directly. Ingo has also added a new version of end_that_request_first() (the function used to indicate partial completion of a block I/O request) which allows preemption. The IDE completion handler calls the new version, which makes it preemptable - even though it is an interrupt handler.
Ingo claims some very good results from this work. The software latencies are now all very small. It would be interesting to see whether the redirecting of hardware interrupts has any effect on interrupt response latency, however. It remains to be seen whether a change of this magnitude will be accepted - especially since (involuntary) kernel preemption is supposed to be the real solution to latency problems. Building trust in involuntary preemption is an ongoing process, while the voluntary approach appears to have solved the problem now. In the end, that is likely to count for something.
(Coincidentally, Scott Wood has posted a different patch moving interrupt handlers into process context. His patch creates a separate thread for each interrupt, which allows the priority of each interrupt handler to be set independently. There is also an SA_NOTHREAD flag to request_irq() which allows a driver to request the old, IRQ-context mode. Ingo has said that he is likely to adopt the multi-thread approach for his patch as well).
A kernel events layer
As Linux desktop implementations become more sophisticated, they increasingly need to know about what is going on in the kernel. The desktop code would like to be able to respond properly to events like "disc inserted," "disk full," "processor overheating," "printer on fire," and so on. So far, much of this functionality has been implemented by polling devices and /proc files and looking for changes. That solution is, to say the least, inelegant.As a way of improving things, Robert Love has posted a patch (since updated) adding a kernel event notification. This patch, initially by Arjan van de Ven, uses the netlink mechanism to broadcast events out to interested user-space processes. The intent is for the events to be further redistributed using D-BUS, but other uses are possible.
Within the kernel, events are created with a call to send_kevent():
int send_kevent(enum kevent type,
const char *object,
const char *signal,
const char *fmt, ...);
The type argument gives the broad class of the event; current options are KEVENT_GENERAL, KEVENT_STORAGE, KEVENT_POWER, KEVENT_FS, and KEVENT_HOTPLUG. The object is a unique string giving the source of the event; it is derived from the location of the source file in the kernel tree. The signal says what is actually happening, and the rest of the arguments are a printk()-style format string and arguments giving further information. The patch only adds one set of calls, for noting CPU temperature transitions; they look like:
send_kevent(KEVENT_GENERAL,
"/org/kernel/arch/kernel/cpu/temperature", "high",
"Cpu: %d\n", cpu);
The patch as a whole is not particularly controversial, but there are some concerns about the "object" namespace. Some developers would like to see the mechanism more closely tied into the device model, so that the object as represented here is related to an object in the sysfs hierarchy. Some have asked whether this mechanism should replace the current hotplug interface; that is not the intent, however. There has also been a call for some wrappers to ensure that, for example, device drivers all generate the same sort of event for the same kind of situation.
This is all detail work; chances are that the event code will find its way into the mainline in some form. Then there is the little issue of making the desktop actually respond to these events in a useful way. But that, of course, is just a user-space problem.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Documentation
Memory management
Networking
Security-related
Miscellaneous
Page editor: Forrest Cook
Distributions
News and Editorials
A look at Progeny Debian Beta
The Progeny Debian 2.0 Developer Edition beta has been out for a little while now, long enough for this writer to whip it onto a laptop and take it for a spin.There's a lot to like in the latest release. Though it's not quite bug free, it is looking much more polished, and good enough for day to day usage if one doesn't mind a few rough edges. For example, the installer set the mouse pointer to "/dev/input/mice" rather than "/dev/psaux" -- which caused X to come to an abrupt halt until this was corrected. Sound was not detected or correctly configured, though my wireless network card was automatically recognized.
Users are given the choice of desktop, workstation, server or custom installation. While the installer worked flawlessly, it seemed to take quite a long while to copy over packages. This isn't a major issue, but one hopes that the installation will be optimized by a final release for users who have to perform multiple installs. In all, the install closely resembles a Fedora Core install, so users who have some experience with Anaconda will feel right at home.
By default, this release installs the 2.6.6 Linux kernel. A 2.4 kernel is available as a component -- though some components are non-functional in the beta, so it's not entirely clear whether the 2.4 kernel component can be installed.
Speaking of components, it would be negligent not to mention that this release is "
Unfortunately, the beta's "sources.list" is strictly for loading packages off of CD-ROM. Users who have become used to using apt to install packages anywhere they happen to have a network connection will not be pleased with needing to cart CDs with them. It's not immediately obvious how to add Progeny's componentized package lists to the "sources.list," which has confused a number of the beta testers. Of course, packages from Debian testing seem to work quite well in absence of a Progeny network package source.
In all, the release shows a lot of promise. While it's not quite yet ready for prime time, the Progeny folks have made a lot of progress since the alpha release back in April.
a showcase of Progeny's Componentized Linux technology
", and not just any Linux distribution. (Interested users can find the entire list of available components here.) From the end user's perspective, it's nice to be able to install a single package rather than picking a slew of packages that are necessary to run a program. Even with apt's wonderful dependency system, it is often necessary to install several packages to arrive at one functional program.
Distribution News
New Xandros Desktop OS Version 2.5 Now Shipping
Xandros has announced the release of version 2.5 of the Xandros Desktop OS, with CrossOver Office 3.0.1, Linux kernel 2.4.24 and version 1.6 of the Mozilla communications suite.Debian GNU/Linux
The Debian Weekly News for July 27, 2004 is out. This issue looks at a Debian 11th birthday party in Brazil; the Dictator Test for new licenses; a Java in Main update; the continuing AMD64 saga; debtags become an Alioth Project; and more.Steve Langasek reports on the status of the sarge release. A hard-freeze of base+standard is now scheduled for July 31, 2004.
Gentoo Weekly Newsletter - Volume 3, Issue 30
The Gentoo Weekly Newsletter for the week of July 26, 2004 covers the retirement of .net-www; a call for volunteers to help organize a meeting in the UK; meet Stephen Becker, the featured Developer of the Week; and more.Fedora Legacy
Fedora Legacy has announced that support for Red Hat Linux 7.2 and 8.0 has been dropped due to a lack of community participation. (Thanks to Troels Arvin)OpenPKG support for 1.x ended
OpenPKG has announced that older versions of the distribution (OpenPKG 1.0, 1.1, 1.2 and 1.3) are no longer maintained. Security advisories and updated SRPMs will be provided for OpenPKG 2.0 and 2.1.Linux Netwosix Bugzilla - Bugtracking System
Linux Netwosix has announced that a Bugzilla software bugtracking system is now available for Netwosix users.Turbolinux First to Bundle Commercial DVD Player for Linux
Here's a press release from Turbolinux and CyberLink Corp. announcing the inclusion of CyberLink's PowerDVD player with the multimedia version of Turbolinux 10D.Fedora Core
Fedora Core 2 updates:- gimp: upgrade to version 2.0.2
- gstreamer: solves some ALSA-related issues reported in Bugzilla
- gstreamer-plugins: solves some ALSA-related issues reported in Bugzilla
- gnome-applets: update to version 2.6.2.1
Mandrakelinux
Mandrakelinux has updated libneon packages that fix issues with the compression interface.Slackware Linux
The slackware-current changelog shows a variety of updates this week. Upgrades include koffice-1.3.2, xsane-0.94, gimp-2.0.3, totem-0.99.15.1, xfce-4.0.6, xine-lib-1-rc5, xine-ui-0.99.2, getmail-4.0.0, gtk+-2.4.4, glib-2.4.4, doxygen-1.3.8, distcc-2.16, gimp-print-4.2.7, xchat-2.0.10, ImageMagick-6.0.3-5, ncftp-3.1.8, getmail-4.0.1, dnsmasq-2.10, galeon-1.3.16 and perl-5.8.5. PHP 5.0.0 and gcc 3.4.1 are in testing.
New Distributions
Catux-USB
Catux-USB is a distribution created by the GNU/LINUX User Association from central Catalonia, that boots and runs from USB devices such as Pendrives. It is useful with Pendrives with 128 MB or 256 MB, but it can be resized to other capacities. It is Debian-based, with Knoppix scripts to autodetect hardware. It includes XFree86, some email clients, Web clients, etc., but using apt-get you can install or remove packages. It uses the e2compr patch to write to Pendrives more efficiently. The initial release of Catux-USB, version 0.0.1, is dated July 23, 2004.PHP Solutions Live
PHP Solutions Live is a bootable Linux distribution, created for people who want to run and test scripts in a new environment without modifying the current platform. PHP Solutions Live joins the list at version 1.2.0 released July 23, 2004.
Minor distribution updates
Astaro Security Linux
Astaro Security Linux has released v5.016 with minor bugfixes. "Changes: This Up2Date fixes two bugs in the transparent POP3 Proxy that occurred on malformed email messages."
Compact Flash Linux Project
Compact Flash Linux Project has released v0.1.4 with minor feature enhancements. "Changes: The SNMP daemon now runs as the unprivileged "snmp" user. The rp-l2tp and poptop packages have been added to cflinux."
Coyote Linux
Coyote Linux has released v2.12 with minor feature enhancements. "Changes: This release adds some new statistics output and configuration options to the Web administrator."
Damn Small Linux
Damn Small Linux has released v0.7.3 with minor feature enhancements. "Changes: This release boots directly into an enhanced X desktop at 1024x768x32 and the mouse is auto-detected when the default video mode is used. New boot time options were implemented along with the ability to mount and umount the .ci extensions via the myDSL button. cardmgr was updated to 3.2.2, nfs-common was removed from startup, a .wgetrc was added, and permissions on /dev/cdrom were corrected to let users play audio CDs."
Feather Linux
Feather Linux has released v0.5.4 with minor feature enhancements. "Changes: This release adds a script to download Apache, MySQL, and PHP4, includes lrzsz and rdesktop, and fixes various bugs involving permissions, readability, and corrupted files. The XFCE script is now also more economical with memory usage."
Hiweed GNU/Linux
Hiweed GNU/Linux has released v0.3 with minor bugfixes. "Changes: This version fixed a root-path-loosing bug, added gcc and make, added three Debian documents (the Debian reference, apt-howto, and dselect beginner's guide). removed unrar and zip, and upgraded all packages to Debian sid's last version."
Linux Live
Linux Live has released v4.2.0 with major bugfixes. "Changes: This release modifies the dir2img script to properly handle a third parameter. The size of initrd has changed to 9999 KB. Non-existing EXT3, NTFS, or ReiserFS kernel modules no longer cause fatal errors (during livecd_create)."
SLAX-Live CD
SLAX-Live CD has released v4.1.3 with major feature enhancements. "Changes: This release adds kernel 2.4.27-pre3 with SATA support, aslax-install script, and a "GUI" boot option to skip textmode login and autostart X with KDE. There is also a DEVELOPMENT module, allowing sourcecode to be compiled. XFree was replaced by X.org."
Distribution reviews
Review: OpenBSD 3.5 (NewsForge)
NewsForge reviews OpenBSD 3.5. "OpenBSD is secure by default; that means that it does not start any services or daemons without your telling it to. It installs nothing secretly and does not leave any opening for a local or remote attack. The downside to this cautious approach is that you must configure and enable all of the features and services that you need. This is an ideal learning opportunity for beginners who are learning how to configure a server, and a more secure approach than that of most operating systems, which enable a lot of services and servers by default and then expect administrators to disable what isn't needed. While hotshot sysadmins might prefer the latter method to get a server set up more quickly, less experienced people will derive much more benefit from the result of the secure by default philosophy. This is not to imply that OpenBSD is meant only for beginners, but it is designed so that you don't need to be a security expert to properly administer your system."
Novell eyes lean, mean Linux (Register)
The Register reports that Novell plans to release a slimmed-down version SUSE Linux. "SuSE Linux 9.1 Professional, the latest version of the desktop OS, comes with 3,000 packages and seven web browsers, according to Novell. Steve Brown, Novell's European VP, said there was a danger of the OS becoming too "top heavy". In response, Novell is working a version of SuSE Linux occupying a smaller footprint and supporting only one Web browser. This approach would make it easier to roll out standardised Linux deployments across an enterprise. With a simpler, less diverse set-up companies would benefit from a lower variety of support questions, or so the idea goes."
Page editor: Rebecca Sobol
Development
gputils, the GNU PIC Utilities
gputils is a set of open-source cross-platform tools for developing code for the Microchip PIC processors. PIC processors are inexpensive stand-alone micro-controller chips that feature a RISC architecture, several data path widths, and a variety of memory and I/O port configurations. Over 250 PIC processor types are supported by gputils. The project was started in 1997 by James Bowman as an effort to build a complete set of open-source replacements for the Microchip utilities. Numerous other developers have contributed to the project.gputils consists of the following components:
- gpal: An Ada-like high level language compiler.
- gpasm: The PIC assembler.
- gplink: The PIC linker for joining object files.
- gplib: A tool for building and maintaining COFF library archives.
- gpdasm: A dis-assembler for converting hex files into assembly instructions.
- gpvc: A .cod symbol file viewer for analyzing the assembler output.
- gpvo: A COFF object file viewer for analyzing object files.
Building gputils is very straightforward, it involves the standard configure, make, and make install steps. The code is run in the manner of typical UNIX command line utilities. The build worked the first time for your editor.
Version 0.12.3 of gputils was recently released, it adds support for more processors in the ever-expanding line of PICs, it also includes bug fixes. The code is available for download here. The Support section of the gputils site has all of the available documentation.
Apparently gputils does not yet support the new PIC10F chips, these are possibly the smallest micro-controller chips available, featuring a tiny 6 pin SOT-23 package. Hopefully PIC10F support is being considered for future releases of gputils.
System Applications
Audio Projects
Planet CCRMA Changes
The latest changes from the Planet CCRMA audio utility packaging project include the inclusion of the latest versions of Ardour, MusE, Alsa Modular Synth, Lilypond, Jackmix, and Fltk.Speex 1.0.4 Released
Version 1.0.4 of Speex, an open-source speech CODEC, is out. Changes include pseudo-gapless playback, bug fixes, and more.
Database Software
libgda/libgnomedb 1.1.5 released
Version 1.1.5 of libgda/libgnomedb, a database framework for GNOME, is out. "This is another development release in the road to 1.2, which will be the next stable release, and which shows a preview of the new features getting into the 1.2 final release. It is not intended for production use, but by people wanting to experiment with the new features and to help on the development."
Embedded Systems
BusyBox 1.0.0-rc2 released
Version 1.0.0-rc2 of BusyBox, a collection of command line utilities for embedded systems, is out. See the Change Log for release details.
Interoperability
Samba 2.2.10 and 3.0.5 Available
Two new security related releases of Samba, versions 2.2.10 and 3.0.5, are available. Also, a new Samba security page has been created to help track security issues.
Printing
PyKota 1.19 beta released
Version 1.19 beta of the PyKota printing quota system is available with numerous improvements and bug fixes.
Web Site Development
MediaWiki 1.3.0beta5 released (SourceForge)
Version 1.3.0 beta 5 of MediaWiki, the collaborative editing software, is out. Here are the changes: "Accumulated bug fixes since the last beta. Hopefully this should resolve most major upgrade and installation issues (missing user_real_name field, PEAR error with bad temp dir)."
Building Applications with POE (O'Reilly)
Matt Cashner works with POE on O'Reilly. "Earlier, we talked about the fundamental principles of application design with POE. Now it's time to put my money where my mouth is and build some actual working code. To make life a bit easier, let's lay out a very simple problem. Let's say we would like accept and parse data that resembles CGI query strings."
Desktop Applications
Desktop Environments
GNOME 2.7.4 Development Release
The GNOME 2.7.4 development release is out; click below for the details. The big change this time around is the replacement of the MIME subsystem with the shared FreeDesktop.org version. That will be the last change for a bit; GNOME 2.7 has gone into a feature freeze as of this release.Announcing KDE 3.3 Beta 2 'Kollege' (KDE.News)
The beta 2 version of KDE 3.3 has been announced. "As another step towards the aKademy in late August, this release is named Kollege. This beta release shows astonishing stability, so the KDE team asks everyone to try the version and give feedback through the bug tracking system."
aKademy schedules posted
The schedules for the KDE Community World Summit ("aKademy") have now been posted. The Summit will be a lengthy affair, with separate developer and user conferences, and a week of tutorials in between. It's all happening in Ludwigsburg, Germany, starting August 21.Trolltech and KDE Free Qt Foundation Announce Updated Agreement (KDE.News)
KDE.News reports that Trolltech and the KDE Free Qt Foundation have signed an updated agreement. "The revised Agreement continues to honour the original purposes of the Foundation. In particular, should Trolltech ever discontinue making regular releases of the Qt Free Edition for any reason - including a buyout or merger of Trolltech or the liquidation of Trolltech - the Qt Free Edition will be released under the BSD license and optionally under one or more other Open Source Licenses designated by the Board of the Foundation."
Games
Buttonmasher 0.3 released
Version 0.3 of Buttonmasher has been released on the Pygame site. "Button Masher is a simple tool to help you analyze and improve your execution of fighting game moves, combos, etc. It's similar to the input display in the practice modes of various fighters."
WorldForge Weekly News
Issue #2 of the WorldForge Weekly News is online with the latest news from the WorldForge game project. "The news of the week has been a steady succession of releases from all over the project culminating in the meta-release of Mason 0.2 on Thursday. First to make it out the door was sear 0.5.0 by Simon Goodall, followed by a succession of library releases comprising wfmath released by Ron Steinke, and Atlas-C++ and Mercator released by myself. A stable release of cyphesis 0.3.1 followed."
GUI Packages
New FLTK software
The latest new software for FLTK, the Fast, Light ToolKit, includes version 1.0.10 of Fl_PlotXY, version 0.6.1 of vtkFLTK, and more.PyGTK 2.3.94 (unstable) announced
Unstable version 2.3.94 of PyGTK, the Python language bindings to GTK, is out with bug fixes and other minor changes.
Instant Messaging
CWirc 1.8.7 released
Version 1.8.7 of CWirc, an application that transmits Morse code over IRC channels, has been announced. Here are the changes: "A section was added in the README to explain how to use CWirc with the aRts daemon. The DTR line is now explicitely set so that CWirc can read back the state of the Morse key contact(s), even if another program left the serial port in a bad state."
Interoperability
Wine Traffic
Issue #132 of Wine Traffic is online with the latest Wine project development news. Also, last week's Wine Traffic came out after our publication deadline.
News Readers
Liferea 0.5.2 announced
Version 0.5.2 of Liferea, the Linux Feed Reader, has been announced. This release adds several new GUI features, bug fixes, and more. "Liferea (Linux Feed Reader) is a fast, easy to use, and easy to install GNOME news aggregator for online news feeds. It supports a number of different feed formats including RSS/RDF, CDF, Atom, OCS, and OPML."
Version 0.5.2b was also announced this week, it features one bug fix.
Office Applications
Gnumeric 1.3.1 aka Polished Weasel announced
Version 1.3.1 of the Gnumeric spreadsheet has been announced. "Fixes and improvements are everywhere. Some of the most noteworthy are: improved xls graph import, initial support for rich text, better xls evaluation compatibility for operators, and improved accuracy for lots of statistical and financial functions."
Peer to Peer
Furthur 1.7.4 released (SourceForge)
Version 1.7.4 of Further, a P2P music client, has been announced. "Unlike many P2P's, Furthur specializes in lossless, CD-quality audio and video. Version 1.7.4 adds support for FLAC-encoded filesets at 16 and 24 bits (joining SHN, OGG, MP3, MPEG, DVD, DIVX, VCD, SVCD and other formats), fixes some problems caused by the Apple JRE, polishes up the user interface, and removed some irritating little bugs that no one liked anyway."
Web Browsers
Firefox 1.0 Update (MozillaZine)
MozillaZine mentions the availability of a new Firefox browser status report by Ben Goodger. "The decision has been made to call the next release "Firefox 1.0 Preview Release" externally, and 0.10 internally. Ben also goes into detail on what extension authors can do to ensure compatibility with this next release."
Minutes of the mozilla.org Staff Meeting (MozillaZine)
The minutes are available for the July 12, 2004 Mozilla.org staff meeting. "Issues discussed include Mozilla 1.8a2, Firefox 1.0, Thunderbird, modified versions of logos, the localisation trademark policy, Webstats and more."
Miscellaneous
GNOME CPU Frequency Scaling Monitor 0.2.1
Version 0.2.1 of the GNOME CPU Frequency Scaling Monitor is out with bug fixes and installation improvements.Devhelp 0.9.1 announced
Version 0.9.1 of Devhelp, a GNOME API documentation browser, is out. is out. Changes include Mozilla 1.7 support, translation work, and more.
Languages and Tools
Caml
Caml Weekly News
The July 27, 2004 edition of the Caml Weekly News is available with a number of new Caml language articles.
Java
Attribute-Oriented Programming with Java 1.5, Part 2 (O'ReillyNet)
Don Schwarz continues his series on Java attribute-oriented programming with part two. "In the previous article in this series, "Peeking Inside the Box, Part 1," I introduced the concepts of Attribute-Oriented Programming, Java 1.5 annotations, and bytecode instrumentation. I used these concepts to provide a JStatusBar GUI component that reports on the progress of an application without any explicit code. In this article I will introduce a completely different implementation of the same JStatusBar that uses thread sampling rather than bytecode instrumentation. I will then combine the two practices to develop a solution that has the best features of each."
Get started with the AUIML Toolkit (IBM developerWorks)
IBM's developerWorks is running an introduction to the AUIML Toolkit. "The Abstract User Interface Markup Language toolkit is a rapid-development tool to assist developers in writing GUIs to run as either Swing applications or on the Web -- without any changes. Toolkit creators Andy Arhelger, Andy Hanson, and Tony Erwin take you on a tour of their technology, detailing where to get it, how to install it, and how to use it in this step-by-step article."
Lisp
GCL 2.6.3 released
Version 2.6.3 of GCL (GNU Common Lisp) has been announced. "This version, the latest in the `stable' series, fixes some issues discovered after 2.6.2 was released. Among the highlights of 2.6.2 are a compiler stress test suite, performance improvements to the compiler, native support for FreeBSD, OpenBSD, and MacOSX, support of AMD64, and more."
SBCL 0.8.13 released
Version 0.8.13 of Steel Bank Common Lisp is out. "This version features package locks, a new way of loading shared libraries, the SB-PROF module working on most non-x86 architectures, some performance optimizations, and more."
Perl
Ponie snapshot 3 released (use Perl)
Project Ponie is intended to bridge Perl 5 into Perl 6. "The Perl 5 interpreter will be rewritten to run on Parrot, the Perl 6 virtual machine. This will ensure the future of the millions of lines of Perl 5 code at thousands of companies around the world." The third snapshot of Ponie has been announced. "
The purpose of this release is to make sure this approach keeps on working with the XS modules available on CPAN and to let people test with their own source code."
These Weeks on perl5-porters (use Perl)
These Weeks on perl5-porters are available for for July 28, 2004. "This week's summary actually covers two weeks. Anyway, with OSCON, vacations and all that stuff, those are quiet weeks."
This Week on Perl 6 (O'Reilly)
The July 23, 2004 edition of This Week on Perl 6 is available with the latest Perl 6 news.
PHP
PHP Weekly Summary for July 19, 2004
The PHP Weekly Summary for July 19, 2004 is out. Topics include: Hash table copy, file_get_contents(), alloca() revisited, test roll, threaded bcmath, PHP 5.0.0, PHP 4.3.8, HTTP_AUTH, commit policy for HEAD, load-order dependencies, TRUE, FALSE, NULL, exslt support on win32.PHP Weekly Summary for July 26, 2004
The PHP Weekly Summary for July 26, 2004 is out. Topics include: empty_string deleted, memory leak (again), html_entity_decode(), reflection test suite needed, new array functions, PHP-GTK revival, stream functions, realpath() caching, full gif support, and fp guru required.
Python
Dr. Dobb's Python-URL!
This week's Dr. Dobb's Python-URL! is out with another collection of Python language articles.Python-dev Summary
The June 16-30, 2004 edition of the Python-dev Summary is available with the latest Python language development news.Initial Release of the Durus object database
Initial version 0.1 of the Durus object database has been announced. "I am happy to announce the first public release of the Durus object database. Durus offers an easy way to maintain a consistent persistent collection of Python object instances used by one or more processes."
Ruby
Ruby/Tk Primer, Part 2 (O'ReillyNet)
O'Reilly has published part two of an introduction to Ruby. "In part one of this series, Chris Roach introduced you to programming basics in Ruby, and in the process, created the back end for the GUI we're working on. Here, he spends some time with the Tk library." Part three of the series is also available.
Tcl/Tk
Dr. Dobb's Tcl-URL!
The July 26, 2004 edition of Dr. Dobb's Tcl-URL! is available with the latest Tcl/Tk article links.
XML
Vex 1.0.0 released (SourceForge)
Initial version 1.0.0 of Vex, a CSS-styled XML editor based on the Eclipse platform, has been announced. "It provides a word processor-like interface for document-style XML documents such as DocBook and xhtml."
Introducing o:XML (O'Reilly)
Martin Klang introduces o:XML on O'Reilly. "So what is o:XML? Well, it's a dynamically typed, general-purpose object-oriented programming language. It's got threads, exception handling, regular expressions, namespaces, and all the other things you would expect from a modern language. And it's expressed entirely in XML. Maybe o:XML is a bit like Python crossed with XML."
XML on the Web Has Failed (O'Reilly)
Mark Pilgrim explores the problems with XML on the web. "The other apparent success of XML is the rise of syndicated feeds, in a range of XML vocabularies like CDF, RSS, and now Atom. There are feed directories; there are feed search engines; there are feed validators. Every major blogging tool -- from freeware like Blogger to commercial software like Movable Type to open source software like WordPress -- every tool publishes at least one of these XML formats. Syndicated feeds are wildly popular, but they're not a success for XML. XML on the Web has failed: miserably, utterly, and completely."
Designing Extensible, Versionable XML Formats (O'Reilly)
Dare Obasanjo covers XML versioning techniques on O'Reilly. "This article explores some of the points to consider when versioning XML formats as well as some approaches to designing extensible XML formats in a manner compatible with existing XML technologies."
Improve performance in your XML applications (IBM developerWorks)
Elena Litani and Michael Glavassevich show how to write XML with an emphasis on performance on IBM's developerWorks. "Write your application to get the best possible performance, plus learn which SAX or DOM operations and features affect application performance. In this first of a three-part article, authors Elena Litani and Michael Glavassevich describe best practices for writing XML apps and documents, and for developing applications with the standard SAX and DOM APIs."
Describe open source projects with XML, Part 4 (IBM developerWorks)
Edd Dumbill wraps up his series on open-source project documentation and XML with part four. "In this installment of XML Watch, Edd Dumbill concludes the development of a vocabulary for describing open source software projects, exploring the documentation, tools, and community that are required for the successful launch of the DOAP vocabulary. The steps taken are drawn from the author's experience with both open source projects and vocabularies such as FOAF and RSS."
IDEs
DrPython 3.2.4 stable is available
Stable version 3.2.4 of DrPython, a Python language IDE, has been released. The changes include bug fixes, code cleanup, and more. Version 3.2.5 was also released this week, if fixes several bugs.
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Q&A: Carol Stafford, IBM worldwide vice president of Linux sales (vnunet)
Vnunet interviews Carol Stafford about her work with IBM and Linux. "How did you first get involved with Linux?"
I have been working in Linux and especially Linux on the mainframe since 1997. It was very exciting. I was working with the IBM engineers in Germany and they were running Linux on the mainframe without any operating system underneath it and developing it from there.
Choosing an open source license (NewsForge)
This NewsForge article touches on the process of selecting an open source license. "There isn't one answer for all open source projects, according to Lawrence Rosen, the founding partner of Rosenlaw and Einschlag, general counsel for OSI and author of a new book Open Source Licensing: Software Freedom and Intellectual Property Law. "I say, 'Tell me about your software.' There are companies that want to open source some of their [code] and not all of it," says Rosen. In order to advise them, "I have to understand what their product is.""
Trade Shows and Conferences
Ottawa Linux symposium offers insight into kernel changes (NewsForge)
NewsForge has an OLS report from David 'cdlu' Graham. "Dan Aloni started the first presentation in Room B on the subject of a project called Cooperative Linux, a project similar to user-mode Linux (UML) except designed to run a Linux kernel on top of Windows as well as within Linux."
Linux symposium examines technicalities of upcoming Perl 6 (NewsForge)
NewsForge covers sessions on CKRM, Perl 6, and Linux on Laptops from day two of the Ottawa Linux Symposium. "Day 2 of the four-day Linux symposium here was a highly technical one. It began with Rik van Riel of kernelnewbies.org and Red Hat and a host of other members of the CKRM kernel resource management project explaining how it works."
OLS Day 3: Failed experiments, Linux-Tiny, and the Linux Standard Base (NewsForge)
NewsForge continues reporting from OLS. "Michael Meeks of Ximian, now owned by Novell, gave a presentation called the 'Wonderful World of OpenOffice.org'. OpenOffice.org, he said, needs more developers. Stop working on GNOME and KDE Office, he implored, they served their purposes, there is now a viable open source office suite -- and it's OpenOffice.org."
Ottawa Linux Symposium day 4: Andrew Morton's keynote address (NewsForge)
NewsForge wraps up its OLS coverage. "The Ottawa Linux Symposium wrapped up its busy 4 days with a 6-hour long bar party at the Black Thorn Café across the street from the American Embassy in Ottawa. And for some, it was that social aspect that they came for. For most attendees, though, stable Linux kernel maintainer Andrew Morton's keynote address was the highlight of the day."
OSCON 2004
NewsForge covers OSCON 2004. "Other Monday sessions included: "Stop Spamming Me," featuring Matt Sergeant of Message labs; "Real-world Xforms;" cross-platform, Rendezvous programming; and a "Presentation Aikido" from Damian Conway of Monash University. This course covered preparation, content selection, delivery techniques, handling questions, and also provided an in-depth tutorial on improving presentations' look and feel."
O'ReillyNet shows pictures taken on Day One at the O'Reilly Open Source Convention.
Geeks, nonprofits parlay community at Penguin Day (NewsForge)
NewsForge attends Penguin Day. "The intent of the event, hosted by a group of Portland computer reuse raiders known as FreeGeek, was to find how nonprofits such as Multiple Sclerosis Society, Child Aid, Water Watch, and others can benefit from open source software and how the programming community and provider community can join their efforts, which are similar in ethos and economy."
The SCO Problem
The Afterglow (Groklaw)
Groklaw has compiled some reactions to yesterday's ruling in the DaimlerChrysler case. "That Seattle newspaper had grave difficulty absorbing the news of the defeat. My all-time favorite intro to any of the stories was theirs: "A Michigan judge on Wednesday dismissed most parts of a lawsuit that sought to force auto giant DaimlerChrysler AG to comply with copyright laws and software agreements with a Utah-based software company.""
Companies
The mainframe is back (Register)
The Register runs an article by Robin Bloor of Bloor Research. "However, there can be little doubt that the jewel in the mainframe crown is Linux in combination with the mainframe's architecture, which delivers an unmatched virtualization capability. The Linux contribution is twofold. It provides applications (and after all its applications that sell computers) and it can act as a useful capability for consolidation projects."
The coolest IT ad ever? (NewsForge)
For a bit of Friday afternoon amusement, take a look at the latest animated advertisement from Lindows.com, as reported on NewsForge. Macromedia Flash 7 is required for viewing. "Linspire President Kevin Carmony, a former music industry executive and no stranger to parodied song with the previous single "Lindows Rock" (ala Chubby Checker's "Limbo Rock") under his belt, said while he came up with the lyrics, Linspire engineer Clifford Beshers suggested the use of the Doors' top hit, "Light My Fire." "It's good fun," Carmony said. "Hopefully, Microsoft will appreciate the humor.""
Red Flag and Miracle Linux launch Asianux 1.0 (DigiTimes)
DigiTimes.com carries the news of the beta 1.0 release of Asianux. "China-based Red Flag Software and Miracle Linux of Japan officially launched their beta version of Asianux 1.0 at Oracle OpenWorld, a technology seminar held in Shanghai from July 20-22. Asianux is a standardized Linux operating environment developed specially for enterprises in Asia. Oracle, a supporter of Asianux, has decided to put the Linux-based operating system on its "unbreakable" support program."
Linux Adoption
Linux in Government: How to Misunderstand the Enterprise Linux Desktop (Linux Journal)
Tom Adelstein and Sam Hiser explain why switching from Microsoft to Linux makes good business sense. "Add to Microsoft's security woes an under-reported challenge enterprises will face in making the transition to Microsoft's next version of Windows. The next version of Windows produces an equally disruptive effect on Microsoft's installed base. Microsoft's technologies place as much if not more demands on an enterprise IT departments as a full-house transition to Linux, which wouldn't be required given the cross-platform nature of open-source software."
Canadian Provincial Medical Association To Use Open Source Platform For EMR Project (LinuxMedNews)
LinuxMedNews reports that the Newfoundland and Labrador Medical Association (NLMA) has announced its intention to develop its provincial electronic medical record (EMR) using open source software. "NeLL, as the EMR project is known, will network all the province's 1,000 physicians. In its first phase, NeLL will include electronic prescribing, billing, and charting. NeLL will run on a Linux desktop, which will be the default and only supported operating system on PCs shipped with NeLL."
Linux at Work
NASA taps SGI, Intel for supercomputer (News.com)
News.com covers the latest big Linux cluster deployment. "With an eventual 10,240 processors, the Space Exploration Simulator will be among the world's largest supercomputers based on the Linux operating system, [SGI] said."
Interviews
Accelerating Linux in the enterprise (vnunet)
Vnunet interviews William Weinberg, newly appointed architecture specialist at the Open Source Development Labs (OSDL). "We're seeing big-name companies joining OSDL. What are their expectations?"
What the OSDL is most about today is the three initiatives we have established. The one that's best established is the carrier grade initiative. [Then there's] the data centre initiative and the newest one is the desktop initiative. The goal of these initiatives is to limit the inhibitors to Linux adoption and to accelerate Linux adoption in the enterprise. Each initiative has a marketing working group and a technical working group.
Resources
Cooking with Eclipse (O'ReillyNet)
O'ReillyNet shows excerpts from the Eclipse Cookbook. "Although Eclipse provides a host of automatic syntax and problem-checking features, sometimes those features can be annoying. Fortunately, Eclipse is almost endlessly customizable."
Detecting Network Intrusions with Packet Filtering (O'Reilly)
Don Parker explains packet filtering techniques on O'Reilly. "In an effort to put the usage of these filters into context I will explain a normal day in the life of a network security analyst. This day will focus on the usage of building and further explaining some complex examples. To clarify our example, I assume that the make-believe network has all packets that are flagged by the intrusion detection system logged to a central database. I mention this stipulation because not every real network operates in this fashion."
Visualize your data with gnuplot (developerWorks)
IBM developerWorks looks at Gnuplot 4.0. "Gnuplot is a freely distributed plotting tool with ports available for nearly every major platform. It can be operated in one of two modes: when you need to adjust and prettify a graph to "get it just right," you can operate it in interactive mode by issuing commands at the gnuplot prompt. Alternately, gnuplot can read commands from a file and produce graphs in batch mode."
OOo Off the Wall: Setting Up Page Styles in OOo Writer (Linux Journal)
Linux Journal takes a look at page styles in OpenOffice. "Page styles are one of OpenOffice.org's strongest innovations. Together with text frames and integration with Draw, these features nudge OOo Writer out of the word processor category and into the lower reaches of desktop publishing."
How to run your own yum repository (NewsForge)
David Murphy writes about yum, the Yellow Dog Updater, Modified, on Linux.com. "Yum is a powerful tool that greatly improves package handling on RPM-based Linux distributions. This tutorial explains how to create a local yum repository, configure your machine to use this repository, and customise a yum RPM to automatically use this repository."
Creating Games with Pygame (Linux Journal)
Linux Journal has a tutorial on using Pygame for game development. "Python is an excellent language for rapid application development and prototyping. With Pygame, a wrapper built around SDL, the same can be true for games. In addition, because its built on top of Python and SDL, Pygame is highly portable."
Creating Custom Email Queries (O'ReillyNet)
Robert Bernier shows how to search through your email in an O'Reilly article. "Searching your corpus of email should be easy, but with a mishmash of text and binary attachments, it can be difficult. If you're clever, though, you can build a system to translate Microsoft Word documents into searchable, indexable text. Robert Bernier demonstrates building custom email queries with DBMail, PostgreSQL, IMAP, and a little Unix magic."
Miscellaneous
pushing KDE's science: Evolution Simulation (KDE.News)
KDE.News looks at the G System. "Ever dreamed of a nice piece of software that actually tries to simulate the evolution of an universe? Ever thought it would be possible? Now after a long time of planning and writing of some source code a small group of developers goes public with their innovative project: the G System."
How Desktop Linux Should Behave (OSnews)
OSnews is carrying a list of complaints about the X desktop which appears to have been inspired by last year's distributions. "Please support the Y Window System. There's no fixing X11 that doesn't involve superhuman genius hackery. Workaround after workaround will only make it more big and bloated. X11 must be retired. Y Windows is a natural choice since the project plans X11 compatibility to ease migration." (Thanks to Jay R. Ashworth).
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
FSFE to challenge Microsoft in its appeal against European Commission
The Free Software Foundation Europe has sent out a press release concerning its participation in an EC case involving Microsoft. "After having participated as third party in the antitrust case before, the Free Software Foundation Europe has participated to the preliminary hearing on Tuesday 27th of July 2004 to enter court in order to defend the decision of the European Commission and the freedom to use Free Software SAMBA."
Commercial announcements
Devon IT launches Linux-based thin terminal
If you're looking for a cheap way to deploy Linux desktops, this announcement from Devon IT may point the way forward: X terminals are back. The "NTA Virtual Office" terminal runs Linux, has no moving parts, and starts at $149.OSDN becomes OSTG
The Open Source Developers Network, host to Slashdot, NewsForge, SourceForge, etc., has gone through a makeover and is now the Open Source Technology Group. The company's web sites have been fixed up "...to deliver more in-depth articles and resources to help our forward-thinking audience make critical business and purchasing decisions."
ActiveState unleashes Komodo 3.0
ActiveState has announced Komodo 3.0, the latest release of its IDE for dynamic languages. The announcement, made at the O'Reilly Open Source Conference, details Komodo's new capabilities.Big Nerd Ranch Announces PostgreSQL Bootcamp
Big Nerd Ranch will be holding another PostgreSQL Bootcamp in Atlanta, GA on October 4-8, 2004.Clouds in SCO/BayStar deal
The SCO Group has sent out a press release stating that it has registered the stock to be used in paying off BayStar, and that it considers the whole issue to be closed. However... "BayStar has notified SCO that it is BayStar's position that the repurchase transaction has not closed, pending resolution of claims by BayStar that SCO's recent public statements regarding SCOsource licensing opportunities are inconsistent with statements previously made by SCO to representatives of BayStar.... BayStar has also claimed that it will not consider the repurchase transaction closed until SCO provides BayStar with confidential information supporting the accuracy of SCO's recent public disclosures regarding its SCOsource business. SCO has declined to provide the SCOsource information requested by BayStar in order to protect the confidential and proprietary nature of the information and the names of the companies engaged in SCOsource licensing discussions and to avoid fostering speculation regarding its SCOsource business." Looks like SCO may have another lawsuit in the works.
Eclipse Launches Web Tools Platform Project
The Eclipse Foundation has launched a new Web Tools Platform Project. "The Web Tools Platform project is an exciting new expansion of both the Eclipse technology portfolio and our community of developers," said Mike Milinkovich, executive director of Eclipse. "ObjectWeb's support was instrumental in establishing the project and we look forward to continuing to work with them in the future."
Mandrakesoft: quarterly results ending June
Mandrakesoft has announced its quarterly results. "During the quarter, the company registered an operating income of 0.17 M euro (0.04 euro per share) compared to an operating loss of 0.47 M euro during the same period of the previous fiscal year. The net income increased to 0.19 M euro (0.04 euro per share) compared to a net loss of 0.37 M euro during the previous fiscal year."
Seagate and Linspire Bring Linspire Linux OS to Latin America
Seagate Technology and Linspire, Inc. have announced an extension of their agreement to offer the LinspireEspanol desktop pre-loaded on Seagate Barracuda hard drives for emerging markets. This package will enable computer manufacturers to offer affordable Spanish language Linux desktop computers to their customers in Latin America.Versata Announces Versata Logic Suite on JBoss Application Server
Versata has announced Edition 3.2 of its Versata Logic Suite for the JBoss Application Server. "With Versata, developers replace tedious Java programming with a declarative, model-based approach to application development based on business rules and data models. This automated approach dramatically reduces development time and eliminates the need for expensive and error-prone Java programming of service components."
DownloadOpenOffice.org Offers Free Online Staff Support
Enfobridge has announced a new support site for OpenOffice.org users. "Enfobridge this week announced DownloadOpenOffice.org, a new website that offers free downloads and support for OpenOffice.org software. For the first time ever, downloaders have access to a professional online support staff free of charge."
New Books
New AxKit Book From O'Reilly (use Perl)
Use Perl has an announcement for the book XML Publishing with AxKit by Kip Hampton. "Using the power of Perl (and mod_perl) to transform the Apache Web server into a fully-featured XML publishing and application enviroment, Apache AxKit is one of the Perl-XML community's flagship projects. This book covers the spectrum from the basics of XML-based site development to the details of writing your own custom AxKit extensions (in Perl, natch)."
Resources
The Perl Review's first print issue! (use Perl)
Use Perl has an announcement for a new Perl magazine. "brian_d_foy writes "The first print issue of The Perl Review is coming off the presses now. I'll be sending it out to subscribers as soon as I can, and I will have a bunch at OSCON too."
The LDP Weekly News
The latest new documentation releases are available from the Linux Documentation Project, read all about them on the July 28, 2004 edition of the LDP Weekly News.
Contests and Awards
LinuxWorld Product Excellence Awards finalists announced
LinuxWorld has sent out a PR naming the finalists for its "product excellence awards." As one might expect, it is a celebration of proprietary offerings, but it does include a strange category called "best open source solution." The contenders are Firefox, Ingres, SUSE Linux enterprise server 9, and Gentoo Linux 2004.2.
Upcoming Events
aKademy Team Announces International Lineup
A press release has been posted for the 2004 KDE Community World Summit. "The aKademy Team announces the schedules for the KDE Community World Summit 2004, code-named "aKademy", taking place in Ludwigsburg, Germany from August 21st to 29th. Featuring speakers from IBM, Novell, SuSE, Connectiva, Trolltech, HP and many community hackers and activists, it promises to be a highlight of the Free Software calendar."
ApacheCon 2004 US CFP
A call for participation has gone out for the ApacheCon 2004 US conference. The event will take place on November 14-17, 2004 in Las Vegas, Nevada. The submission deadline is August 2, 2004.Volunteers needed for OSCON TPF booth (use Perl)
Volunteer help has been requested for the OSCON Perl booth. "The Perl Foundation will have a booth at the O'Reilly Open Source Convention again this year, and we need volunteers to staff the booth. No special experience or abilities are needed, other than a willingness to talk with interested people about Perl and TPF."
LinuxWorld Returns to San Francisco
IDG World Expo has sent out a press release about LinuxWorld Conference & Expo, coming next week to San Francisco's Moscone Center.Two FSF Seminars on the GPL in California (Groklaw)
Two FSF Seminars on the GPL will be held at Stanford University Law School on August 24 and 25, 2004, according to a notice on Groklaw. "I would recommend it to anyone wanting to know how the GPL works, including coders and journalists and executives, and I'm living proof that you don't need to be a lawyer to get something out of it. There are no pop quizzes. And you don't have to do anything but listen and learn. If your boss is in the fearful "The Company Shalt Not Use GPL" category, he or she needs to go to find out how a company can get set up to appropriately benefit from GPL software."
SANE Conference announcement
The 2004 SANE (System Administration and Network Engineering) conference will take place in Amsterdam, the Netherlands on September 27 - October 1.SANE conference and free software bazaar
The SANE Conference will feature a Free Software Bazaar with a lecture by Richard Stallman. "Wednesday evening is reserved for the Free Software Bazaar. You will have a chance to discuss the latest developments in Free and Open Source Software with members of the many groups that will present their work. A highlight of the Bazaar will be a lecture given by Richard M. Stallman. Admission to the Bazaar is free."
No Starch Press authors to appear at DEFCON 12
Jon Erickson and Andrew bunnie Huang will appear at the DEFCON 12 underground hacking event on July 30 - August 1, 2004 in Las Vegas, NV.Events: July 29 - September 23, 2004
| Date | Event | Location |
|---|---|---|
| July 29 - 30, 2004 | O'Reilly Open Source Software Convention 2004(OSCON) | Portland, OR |
| July 29 - 30, 2004 | IBM pSeries Technical Conference | Cairns, Australia |
| July 31 - August 2, 2004 | Vancouver Python Workshop | Vancouver, Canada |
| August 2 - 5, 2004 | LinuxWorld Conference & Expo | (Moscone Center)San Francisco, California |
| August 5 - 8, 2004 | UKUUG 2004 Linux Technical Conference | Leeds, England |
| August 21 - 29, 2004 | KDE Community World Summit 2004(aKademy) | (Filmakademie Ludwigsburg)Ludwigsburg (Stuttgart Region), Germany |
| September 2 - 3, 2004 | Python for Scientific Computing(SciPy) | (CalTech)Pasadena, CA |
| September 2 - 4, 2004 | 2nd Swiss Unix Conference | (Technopark)Zurich, Switzerland |
| September 9 - 10, 2004 | Linux Expo Shanghai | (Shanghai Exhibition Center)Shanghai, China |
| September 13 - 16, 2004 | Embedded Systems Conference | (Hynes Convention Center)Boston, MA |
| September 15 - 17, 2004 | YAPC::Europe 2004 | Belfast, Northern Ireland |
| September 20 - 23, 2004 | New Security Paradigms Workshop(NSPW) | (White Point Beach Resort)Nova Scotia |
| September 20 - 22, 2004 | Plone Conference 2004 | Vienna, Austria. |
| September 22 - 24, 2004 | OpenOffice.org Conference(OOoCon 2004) | (Humboldt University)Berlin, Germany |
| September 22 - 24, 2004 | php|works 2004 | (Holiday Inn Yorkdale Hotel & Conference Centre)Toronto, Canada |
Event Reports
Group Photos from the Kernel Summit
Harald Welte has posted his best photos from the 2004 Linux Kernel Summit.Summary of the LSM Free Software Printing Summit
Roger Leigh has posted a summary of the LSM Free Software Printing Summit in Bordeaux. "What we worked on will have an impact on the Debian printing infrastructure in the medium to long term, and this will affect a potentially large number of printing packages, and so I have also CC'd the maintainers of the relevant packages."
Web sites
Nvu Development Forums Launched (MozillaZine)
MozillaZine has announced a new nvu forum. "NvuDev.org, the development site for Nvu, has launched a set of forums for those wanting to discuss the standalone version of Mozilla Composer. There are seven forums, including one that allows anonyomous posting."
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Page editor: Forrest Cook