LWN.net Weekly Edition for August 5, 2004
LSB 2.0 and C++
The Linux Standard Base is a standardization effort aimed at making Linux friendly for application vendors. By nailing down issues like which libraries should be available, how packages are to be managed, where files should reside, etc., the LSB seeks to create a standard environment which will be present on every compliant distribution. Application vendors can then build their offerings for that environment and, with luck, have them run everywhere.A major release of the LSB (version 2.0) is in the final stages. The most recent plan had been to release this version at LinuxWorld, but, for reasons we are about to get into, that release may be delayed a bit. Version 2.0 adds a number of things; included therein is a description of the environment which should be available for C++ applications. A great many commercial programs are written in C++, so, for many vendors, the LSB is of little use until it covers that language. So the C++ description is a high-priority part of the LSB 2.0 release.
The standardization of the C++ environment has run into some opposition, however, as seen by this posting to the gcc list and the subsequent discussion. Many people, including a number of gcc developers, are unhappy with the choices that have been made for the LSB 2.0, and are pushing for changes.
The core of the problem is that the LSB specifies that compliant systems must offer a modified version of the "v5 ABI." This is the binary interface used by gcc 3.3; current versions of gcc 3.3, however, are not compliant with the specification. Patches exist toward a future 3.3.5 release which will bring it into compliance; this release will probably happen, though no promises to the effect have been made.
The real problem, however, is that gcc 3.3 is already old technology, and is considered to be a dead end. Current development efforts are going into gcc 3.4 and even 3.5; gcc 3.4 can already be found on some systems (such as your editor's Fedora Rawhide box). gcc 3.4 is widely held to be a superior release; it has much improved performance, better interoperability with other C++ compilers, and better standards support. It also has a different and incompatible binary interface, of course. Since the C++ environment is only now being nailed down by the LSB, it is asked, why not go with the newer, v6 ABI, which will actually be relevant into the future?
The reasons appear to come down to the following:
- The LSB is explicitly mandated to focus on existing, deployed
technology. At this time, none of the mainstream distributions are
shipping with the v6 ABI. Standardizing on that ABI would violate the
LSB requirements, and so will not be done.
- The 2.0 release has already been delayed; making a major change to the
C++ ABI specification would add another, long delay.
- The LSB 2.0 specification is planned to be submitted to the ISO/PAS
process. ISO certification would help vendors trying to sell Linux
solutions into a number of governmental and corporate environments.
That submission must happen by October, however, or the application
process must be restarted from the beginning.
- The v5 ABI is what (most) distributors are shipping now; standardizing on that ABI will make it easier for existing distributions to be brought into compliance.
Opponents argue that the version of the v5 ABI documented in the LSB has never been distributed either - though, in all fairness, the required changes appear to be small. The stronger complaints seem to be that the LSB has made its choices based on the short-term needs of commercial Linux distributors, to the detriment of what the community wants. Of course, determining what the community wants can be problematic, especially since Richard Stallman has prohibited the gcc steering committee from cooperating with the LSB process.
The truth of the matter is that the Linux Standard Base is in a bit of a bind. There is pressure from vendors to create a C++ standard in the near future, the LSB 2.0 process has already taken longer than expected, and, from the LSB's point of view, the v6 ABI has not yet reached a level of deployment or stability that would allow it to be used as the basis for a specification. The gcc C++ ABI remains a moving target, so any attempt to write a standard based on it is bound to encounter difficulties. The only option available at this time, assuming that the C++ section is not to be dropped altogether, is to go with the v5 ABI.
We talked briefly with Stuart Anderson, the lead developer for the LSB written specification. His belief is that the LSB 2.0 release will go forward essentially unchanged, though perhaps with an added statement regarding the C++ ABI and the fact that it will change in the future. The v6 ABI will then be incorporated into the LSB 3.0 release, which is currently planned for about one year from now. It is possible, however, that the C++ section will be dropped from the version of the specification submitted to the ISO.
Standards are a tricky subject in the free software world; they promote interoperability, but also freeze development in a community that values its ability to make changes and move forward. Occasionally a standard catches a development project at the wrong time; that appears to have happened with the C++ specification. As a result, some people are upset now. In a year or two, however, when the gcc C++ ABI has settled down and found its way into future LSB releases, few people will remember this episode.
Bash 3.0 released
GNU Bash has been in the low 2.0x series for some time, so the version jump to 3.0 last week was something of a surprise, at least to those who haven't been following Bash development closely. Since Bash is a core piece of infrastructure for most of the Linux community, we decided to take a look at the 3.0 release and find out what changed, and what users could expect from the new release.To that end, we touched base with Bash maintainer Chet Ramey, who was kind enough to reply to our questions about the latest release. The first question on our mind, of course, was "why the version bump?"
The changes in 3.0 include support for the bash debugger and internationalization support, as well as a number of smaller features that had been requested for some time (time-stamped history entries, better brace expansion) and better POSIX compliance. To that you add the multibyte character support introduced in bash-2.05b and the code cleanups and programming improvements in bash-2.05a.
The whole set of changes deserves a major version bump.
Indeed, there are quite a few changes in this release. A look at the CHANGES file or the NEWS with the release source shows a slew of bugfixes and changes to Bash and Readline.
One interesting new addition to Bash 3.0 is new type of brace expansion. The syntax for the new brace expansion is {x..y} where x and y can be an integer or a single character in ascending or descending order. For example, the set {z..a} would match all of the letters from z to a in descending order. (z,y,x, etc.) The set {1..1000} would match the each of the integers from 1 to 1000.
Another new feature of interest is the addition of history timestamps. This allows users to see when commands were run, which can provide some useful and interesting information.
There are several new options with Bash 3.0. The "failglob" option will probably be of interest to many users. When set, this option will cause an error when a glob expression fails to match any files -- as opposed to running the command anyway. The new "pipefail" option tells Bash to return a failure status if any command in a "pipeline" fails, as opposed to the default behavior of returning the status of the last job in a pipeline.
Of course, one might wonder if all of the improvements and changes in the release will affect existing shell scripts. Many Bash users have a number of shell scripts that are vital to our day to day work, this writer included, and aren't eager to see them break on a new version of Bash. According to the release notes, there are some incompatibilities between 3.0 and Bash version 1.14, but no mention of 2.0x versions. According to Ramey:
This writer has tried a number of shell scripts against the Bash 3.0 release, and didn't find any incompatibilities or issues. In fact, a (permanent) switch to a Bash 3.0 login shell may be in my very near future.
We also asked Ramey what, if any, features were planned for future versions of Bash. Ramey said that there were already plans for future releases
I'm intrigued by zsh's loadable module system as well.
As for interactive use, I think there's room for improvement in the programmable completion system.
Readline needs better support for threaded use (multiple threads in a single process all using separate instances of readline). This is very hard to do today.
Interested users who don't want to wait for Bash to ship with their favorite distribution can find the source on Ramey's Bash page, or the GNU mirrors.
OSRM's patent study
Open Source Risk Management has been in the limelight for a while as a result of its Linux insurance policies. This group has, just in time for LinuxWorld, issued a press release on software patents and the Linux kernel. The PR describes a survey performed by Dan Ravicher; it contains both good and bad news. The good news is that Mr. Ravicher performed a study of all U.S. software patents which had actually been litigated, and concluded that the Linux kernel infringes none of them. On the other hand, 283 patents were found which have not seen a day in court, but which could, perhaps, be used to make claims against Linux.It will, doubtless, come as a great surprise that OSRM is now gearing up to sell insurance policies to Linux users who fear patent infringement suits. A mere $150,000 per year buys $5 million in coverage.
There are certainly good things to be said about what OSRM is doing. Insurance against patent suits may give some large users the confidence they need to go forward with Linux development and deployment. The insurance pool could be used to aggressively challenge the validity of patents which are brought to bear against Linux - if the insurers choose to take that approach. The invalidation of a couple of patents could be a powerful deterrent for any other litigious patent holder who has thoughts of going up against the Linux community.
A white paper (PDF format) published by OSRM suggests that invalidation of patents is not the only, or even first approach that OSRM will take. An alternative which is discussed there is obtaining a license for the patent which applies to GPL-licensed software. This license might even be purchased:
The interesting fact here, of course, is that the GPL would make it very hard for OSRM to solve a patent problem only for its policy holders. If patent holders decide to target those users who are insured by OSRM (because that's where the money is), the entire community could benefit from the settlements. But OSRM could find itself in a situation where everybody waits for somebody else to buy the insurance and be the target.
The OSRM white paper also talks about rewriting code to sidestep patent suits. But, says OSRM:
One can only hope that they think very carefully before going out and issuing "recommendations" to the kernel development community.
OSRM describes itself as "vendor-neutral" more than once in its PR. But that is not entirely true: OSRM is a vendor of insurance products that, by some strange coincidence, address just the threat that the PR describes. Just to be sure you don't miss the point, the PR also discusses the multi-million dollar cost of defending a patent suit in court. This work may not be FUD in the normal sense, but it cannot be denied that OSRM's press release does seek to inspire a certain amount of fear, uncertainty, and doubt in Linux users.
OSRM is not without a potential conflict of interest here. A long list of scary patents can only help to sell OSRM's products, so its researchers have every incentive to be as inclusive as possible. The list itself is not directly available to the public. Interested parties can apparently get it, but only after being warned about exposure for triple damages for "willful" infringement. That is a risk that many will choose to avoid, so most of us will have to trust Mr. Ravicher when he says 283 problematic patents exist. Then again, many people see that number as implausibly small, given the large number of bogus software patents in the U.S.
The PR claims that "OSRM is active in promoting systematic patent policy reforms to address the issue at its roots, patent policies themselves," but is not particularly forthcoming on what form that activity takes. So we asked:
Here is another statement from the PR:
Who wouldn't like to become part of the "everyday cost of doing business" with Linux? OSRM only stands a chance of collecting its piece of that "everyday cost" as long as Linux users and developers see patent suits as a threat. That should be kept in mind when pondering the company's motivations and actions. The community is little served by headlines throughout the mainstream media that Linux violates almost 300 patents, but an insurance business may well benefit.
So is OSRM guilty of spreading FUD? They say not:
OSRM also pointed out to us that it can only be successful as long as free software is successful. Since fewer users means fewer customers for OSRM, the company has no interest in scaring people away. People in the free software community have been warning about patent threats for years; all OSRM has done is to try to quantify the risk.
It is worth noting that OSRM's patent insurance will be restricted to the kernel. The kernel, however, is a very small part of any deployed Linux system, and litigious software patent holders will certainly not restrict themselves to that one piece. Purchasers of OSRM's patent insurance will not have decreased their exposure by much.
And that exposure does exist. There is no doubt that Linux will be the target of a high-profile patent suit sooner or later. We (and many, many others) have been saying that for a very long time, to the point that many people may not believe it anymore. The SCO case has shown the world just how strongly the community will fight back when it is attacked, and how good the community is at digging up interesting history - such as prior art. The prospect of going up against the community may well deter a number of casual patent shakedowns. Even so, somebody will eventually give in to the perceived promise of easy money (or, perhaps, the salvation of a failing business) and go on the attack. It is just a matter of time.
Anything we can do to prepare ourselves for that day is good. Insurance policies are almost certainly a useful part of that preparation, and it is good that companies like OSRM are stepping up to provide those policies. But we should not forget that OSRM's interests are not precisely aligned with those of the community; if software patents went away, so would that part of OSRM's insurance business. A company like OSRM must walk a fine line; let us hope that they continue to stay on it.
A patent obstacle in Germany
Readers who made it all the way through the OSRM article may be wondering: what harm can a list of potential patent problems do, anyway? Consider this: in Munich, the Green Party, which is a steadfast opponent of software patents, compiled a list of patents which could be infringed by the city's future Linux-based IT system, should software patents be enacted in Europe. That list is available as a German-language PDF file. The intent was clearly to spread awareness of the potential consequences of software patents in Europe.The tactic may have worked a little too well: the first request for bids in the Munich project has been put on hold while the city examines its legal risks. At this time, Munich apparently remains committed to the change, but the process will be slowed down while the lawyers do their thing. The European Union has not, yet, adopted software patents, but software patents are already complicating life anyway.
Given events in much of the rest of the world, Europe is about all that stands in the way of a worldwide software patent regime. If software patents can be stopped there, there may be a chance of, someday, reforming the system elsewhere. If Europe falls, the job gets harder for everybody. So the upcoming, presumably final battle over the EU patent directive is critically important. There are signs that European governments are beginning to understand the problem. If making the issue clearer requires a delay in a high-profile municipal Linux deployment, it may turn out to be a price well paid.
Security
What happened to the other 8%
As reported last week, Evans Data recently announced the results of a survey which indicated (among other things) that 92% of their respondents have never suffered a virus infection on their Linux systems. The mainstream press made a big deal out of this result, but, to most Linux users, the interesting result was the 8%. Linux systems can have security problems, but virus problems, in particular, are almost unheard of. An 8% infection rate seemed too high.We dropped the folks at Evans Data a note asking for some more information. The result came back from none other than Nick Petreley, who is now the "Linux analyst" for Evans. He says:
In other words, they don't really know either. The survey was performed over the web (a private page accessible by invitation only) and didn't really provide for detailed answers.
Fun with RFID tags
The various privacy implications of widespread use of radio-frequency identification tags have been widely discussed. This eWeek article, reporting on a Black Hat Briefings session, brings up a new issue. It seems that the portion of most RFID tags which holds the product code is rewritable. Anybody who can haul a suitably equipped system into a store can rewrite the tags at will, creating no end of opportunities for confusion and theft.According to the article, things go even further than that:
That scenario seems unlikely; the capacity of an RFID tag, and the uses to which the tags are put, do not afford many opportunities for the injection of shell code into point-of-sale systems. But, then, somebody might just pull it off.
The real security risk is the number of systems which will be programmed to believe what their RFID readers are telling them. It is surprising that a device meant to be used as an identification token is rewritable in this way. It should not take too long before troublemakers with RFID writers convince the retail establishment that this was a bad decision.
Surge in Scans Seeking SSL Servers (Netcraft)
Netcraft reports that Internet scanning for servers running Secure Sockets Layer (SSL) has spiked in the past week. "Security firms are advising network administrators to install security patches for SSL servers, including a recent update for mod_ssl, which is widely used in Apache servers running OpenSSL. A security update was released July 16 to fix the vulnerability, which may allow a remote attacker to execute arbitrary code when Apache is configured to use mod_ssl and mod_proxy, according to an advisory from Gentoo Linux."
New vulnerabilities
gnome-vfs: backend script vulnerabilities
| Package(s): | gnome-vfs | CVE #(s): | CAN-2004-0494 | ||||||||||||
| Created: | August 4, 2004 | Updated: | February 21, 2005 | ||||||||||||
| Description: | Several scripts packaged with gnome-vfs, using its "extfs" capability, have security flaws. These scripts tend not to be used on many systems, but their presence can still be a threat. | ||||||||||||||
| Alerts: |
| ||||||||||||||
kernel information leak
| Package(s): | kernel | CVE #(s): | CAN-2004-0415 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | August 3, 2004 | Updated: | October 26, 2004 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | Paul Starzetz discovered
flaws in the Linux kernel when handling file
offset pointers. These consist of invalid conversions of 64 to 32-bit file
offset pointers and possible race conditions. A local unprivileged user
could make use of these flaws to access large portions of kernel memory.
Note that this vulnerability affects all 2.4 kernels through 2.4.26 and 2.6 kernels through 2.6.7.
A fix for this problem was added to the fifth 2.4.27 release candidate. | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
libpng: multiple vulnerabilities
| Package(s): | libpng | CVE #(s): | CAN-2002-1363 CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | August 4, 2004 | Updated: | February 10, 2005 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | There is yet another set of holes in libpng, versions 1.2.5 and prior, which can be exploited by a malicious image file; see this advisory from Chris Evans or this CERT advisory for details. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
phpMyAdmin: remote PHP execution
| Package(s): | phpmyadmin | CVE #(s): | |||||
| Created: | July 29, 2004 | Updated: | August 4, 2004 | ||||
| Description: | phpMyAdmin has a vulnerability that allows a remote attacker to modify variables and execute PHP code. The attacker must have a valid user account. | ||||||
| Alerts: |
| ||||||
MPlayer: GUI filename handling overflow
| Package(s): | mplayer | CVE #(s): | |||||
| Created: | August 2, 2004 | Updated: | August 4, 2004 | ||||
| Description: | The MPlayer GUI code contains several buffer overflow vulnerabilities, and at least one in the TranslateFilename() function is exploitable. By enticing a user to play a file with a carefully crafted filename an attacker could execute arbitrary code with the permissions of the user running MPlayer. | ||||||
| Alerts: |
| ||||||
Resources
"Cyber Adversary Characterization: Auditing the Hacker Mind" released
Syngress Publishing has announced the release of Cyber Adversary Characterization: Auditing the Hacker Mind, by Tom Parker, Matthew Devost, Marcus Sachs, Eric Shaw, and Ed Stroz. "By providing recent case studies and profiles of various cyber-terrorists, this is the must-have guide book for understanding the world of hackers."
What Countermeasures Really Means (O'ReillyNet)
Here's an O'ReillyNet article looking at the use of active countermeasures in the face of security threats. "One dirty little secret of information security is that corporations have been using 'tiger teams' for years in order to launch highly aggressive counterstrikes against attackers. Why? Because many more corporations get attacked and extorted through computer intrusions than the popular press will ever report."
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current 2.6 prepatch is 2.6.8-rc3, which was announced by Linus on August 3. Most of the additions this time around are relatively small fixes; they include some kbuild work, a great many "sparse" annotations, the removal of the (non-functional) "fastroute" networking option, some crypto-API work (including an x86-optimized AES implementation which may be yanked out due to licensing concerns), and several architecture updates. The long-format changelog has all the details.Linus's BitKeeper repository contains no patches after 2.6.8-rc3 as of this writing.
The current patch set from Andrew Morton is 2.6.8-rc2-mm2. Recent additions to -mm include some read-copy-update work (to address more latency issues), performance improvements for O_SYNC disk I/O, the staircase CPU scheduler (see below), token-based thrashing control (see below again), a change to /dev/mem allowing architectures block accesses to kernel memory, a new vprintk() function, and large numbers of fixes and updates.
The current 2.4 prepatch is 2.4.27-rc5, released by Marcelo on August 3. This one contains a fix for a new security issue (which could allow unprivileged processes to read kernel memory), takes out DVD-RW support for now (they will try again in 2.4.28), and adds a few fixes.
Kernel development news
Scheduler tweaks get serious
Con Kolivas has been working on his staircase scheduler patch for a while; it was covered here in the beginning of June. That scheduler found its way into the 2.6.8-rc2-mm2 patch, along with this comment from Andrew Morton:
So it would seem that it is now open season for scheduler work.
Initial reports on the staircase scheduler are generally - but not uniformly - good. Martin Bligh posted some benchmark results showing some significant performance improvements for the 2.6.8-rc2-mm2 kernel, especially for "low to mid loads." Ingo Molnar, instead, has found a workload which performs poorly with this scheduler; it involves running multiple processes each of which wants most, but not all, of the CPU.
Con, meanwhile, has posted a couple of additional patches implementing additional policies in the staircase scheduler. SCHED_BATCH is another attempt at an "idle process" mode, where batch processes only run if nothing else wants the processor. This patch attempts to avoid priority inversion problems by scheduling SCHED_BATCH processes at normal priority when they are running in kernel mode.
SCHED_ISO, instead, is an "isochronous" mode intended for applications which need soft real-time response. Putting a process into SCHED_ISO is an unprivileged operation, any user can do it. Isochronous tasks start out with a relatively high priority, and should get scheduled quickly. Their allocated time slices are half of what they would otherwise be, however, and their priority drops especially quickly with CPU usage. So this mode is suitable for I/O bound processes which need to respond quickly (audio recording, CD burning, etc.), but it should not allow a hostile user to take over the system.
Peter Williams has been working on a different set of scheduler patches. His approach is to get rid of the "expired" array (where processes go to languish when they have used up their time slices) and move everything to a single array. The patch offers two modes, being the traditional priority-based mode and a new "entitlement" mode which tries to figure how much processor time each task is entitled to, then works to ensure that each is given at least that much time. His patches are available in a dizzying number of varieties; they seem to have seen less testing so far, but Andrew has said that one of them might get a turn in -mm for a while.
Nick Piggin's -np trees also contain a new scheduler. Nick's work tries to simplify many of the scheduler calculations while retaining logic which tries to evaluate the "interactivity" of each process. Unlike some implementations, this scheduler gives longer time slices to higher-priority processes. All slices are scaled depending on the job mix, however; low-priority processes will get longer slices if there are no high-priority processes around.
Ingo Molnar has continued his work on voluntary preemption; his voluntary-preempt-2.6.8-rc2-O2 patch features a new implementation of the interrupt threads feature. The available reports indicate that, with this patch, latency problems in the 2.6 kernel are becoming few and far between.
There is no way to tell, at this point, which of these scheduler approaches - if any - will find its way into the mainline kernel. Evaluating schedulers takes a long time, and, for any given scheduler, there always seems to be some strange workload out there which makes it fall apart. The approaches described above (with the exception of voluntary preemption) share one nice feature, however, which is likely to argue in favor of including one of them: they all remove a significant amount of code and make the scheduler simpler and easier to understand. That, in and of itself, may be a worthwhile step toward the implementation of a top-quality Linux scheduler.
Token-based thrashing control
A system which is in the throes of VM thrashing is no fun to work with. The kernel is forever throwing out pages which it will need in the near future in favor of pages needed right now, and little work actually gets done. It seems like there has to be a better way.Rik van Riel has put together a patch based on the work of Song Jiang which might help. The basic idea is that a process which is currently bringing in pages should, for a short period, not have its other pages booted out to swap. With luck, that process will actually make some progress during that grace period before the VM grim reaper swoops down and consigns it, once again, to the swap ghetto.
Clearly, not all processes which are bringing in pages can be sheltered from page reclamation at the same time; if they could, the system would not be thrashing in the first place. This problem is addressed through the creation of a "swap token." A process holding the swap token will be allowed to bring in pages without having its current working set molested for a period of time. After a while, the token is passed on to the next needy process.
In Rik's patch, the (single, system-wide) token is implemented through swap_token_mm, a pointer to the mm structure of the process holding the token. If the kernel, on behalf of a process incurring a page fault, decides that the token is available, swap_token_mm will be set and the faulting process will get its breathing space for a while. The token is deemed to be available if (1) it has been held for longer than the maximum period, which is set to a surprisingly long 300 seconds, or (2) the process holding the token has not incurred any page faults recently. Once the token becomes available, the first process which comes looking for it will grab it - unless it has held the token in the recent past.
Rik's tests show some performance improvements with this patch applied. There are potential improvements which could be made, such as trying to add some intelligence to the decision of which process gets the token. A huge process may hold the token for some time, grow to fill much of memory, and still not have enough to get any real work done. Meanwhile, small processes which could have benefited from a few extra pages continue to thrash. Some tweaks could be made to the patch to address this issue, but there are limits to how much code and complexity should be added to the kernel to deal with a (hopefully) rare situation.
Recent patches of interest
A number of interesting kernel patches have been posted in recent times. Since your editor is pressed for time, a few of those patches will be quickly covered here.Nigel Cunningham has been working at getting some small pieces of his software suspend implementation into the kernel. One of those pieces is this patch, which has to do with the "freezing" of kernel threads prior to suspending the system. As processes are put on hold, the kernel risks stopping a process which is needed later on in the suspend process; think about a process handling NFS service or software interrupts, for example. To avoid this situation, kernel threads are simply not frozen. But many of them can be, and that would make the suspend process more robust. So Nigel's patch goes through and tries to set up each thread with the appropriate flags, so that only truly necessary kernel threads continue to run while the system is being suspended.
A number of these threads, it turns out, are part of a workqueue. As a way of setting up every workqueue process with the right flags, Nigel changed the interface to create_workqueue() and create_singlethread_workqueue(), thus breaking all code which creates its own workqueues. Andrew Morton expressed some discomfort at the API change, but acknowledged that it was useful in that it forces people to think about whether every workqueue needs to run during a system suspend operation or not. This patch has not yet appeared in -mm, as of this writing.
Rik van Riel and Arjan van de Ven have put together a new patch which allows normal users to lock memory into physical RAM without root privilege. The RLIMIT_MEMLOCK resource limit puts an upper bound on how much memory can be locked, and its default value is zero. By raising this limit, system administrators can enable users to lock a single page (useful for cryptographic applications which do not want to see passphrases and clear text swapped to disk) or larger amounts (for CD writing tasks, for example). Various issues were raised regarding the security of this patch, but the latest version appears to have resolved them. This code should eventually replace the magic "mlock group" hack that was covered here last May.
Fistgen 0.1 has been released; this is the first version for the 2.6 kernel. The announcement describes fistgen as "a package of stackable templates," which may not be particularly illuminating to many readers. More information can be found at filesystems.org; one developer calls it "a yacc for filesystems." Using fistgen and a small amount of code, a set of filters can be set up to create a filesystem with a given set of characteristics. For example, this template describes a filesystem which encrypts data using the sophisticated "rot13" algorithm. The fistgen parser reads the template file and generates C code implementing the filesystem, which can then be loaded into the kernel.
John McCutchan has been working on his inotify patch for some time. Inotify is meant to be a replacement for the dnotify mechanism, used by processes which wish to be alerted when files are changed. The inotify patch takes a different approach; it creates a char device which supports a small set of ioctl() operations. After opening this device and using ioctl() to express interest in a particular set of files, a process need only read the device to get the change events for those files.
OpenSSI 1.0 is out. OpenSSI is a "single system image" clustering environment based on the 2.4 kernel; it includes member ship functions, the CFS and Lustre Lite filesystems, process management, and a cluster-wide device mechanism built on devfs. See the OpenSSI web page for more information.
The sysfs directory /sys/module contains, among other things, attributes for parameters exported by loaded modules. Dominik Brodowski noticed that, if these modules are built directly into the kernel, those parameters are not available via sysfs. If they were, they shouldn't be under /sys/module in any case, since the code in question is not part of a module. So he has posted a patch creating a new directory (/sys/parameters) and putting attributes there, for both modules and built-in code. This is a user-space API change, but it is unlikely that anything of any consequence depends on parameters under /sys/module at this point.
Jens Axboe has posted a new SCSI generic ("sg") implementation (called "bsg") which works through the block layer. This driver implements the SG_IO ioctl() call, and also allows communication through regular reads and writes. The latter functionality caused some complaints; when structures are passed between user and kernel space with read() and write() calls, it becomes very hard to convert them when the process is running in 32-bit mode on a 64-bit platform. For all that the developers dislike ioctl(), that interface does, at least, make it clear when and where a structure is being transferred across the user-kernel boundary. To address these complaints, the bsg driver may be restricted to the ioctl() mode only.
Patches and updates
Kernel trees
Architecture-specific
Build system
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
A look at Gentoo 2004.2
Gentoo 2004.2 was released last week. As a relative Gentoo newbie, this writer decided this would be as good a time as any to slap Gentoo onto his Toshiba laptop for further study.Gentoo's installation process is, to put it mildly, different from most Linux distributions. Gentoo does not really offer an installer as such, but does have a process for installation that is well-documented.
At first glance, the quick install instructions for x86 machines gave the impression that it would be an extremely tedious process. In actuality, the install process for Gentoo was reasonably simple as long as the user is able to follow the directions and is willing to perform an install that requires more than point and click skills.
This writer wouldn't recommend installing Gentoo for anyone new (or newish) to Linux, but for Linux users with a decent amount of experience under their belt, installing Gentoo is no major feat. It's a bit time-consuming compared to other distributions, so be prepared to set aside a few hours to perform a Gentoo install from start to finish. Depending on the speed of your machine, and which stage you choose to begin from, the installation can easily consume a workday.
One of the things that was particularly nice about Gentoo's install was the ability to set up the SSH daemon after just a few steps, and log into the Gentoo system from my main desktop and finish the install from there -- allowing me to work on another project while doing the Gentoo install from an xterm, and to simply cut and paste most of the commands necessary to install Gentoo, rather than typing them.
One thing that did not endear me to Gentoo's installation process initially was the lack of a Vi-like editor by default. To install Gentoo, one needs to edit a few files in the process and the only available editor seems to be GNU nano. While having nano available is a good thing for users who aren't used to a Vi-like editor, most experienced Linux users expect a Vi-like editor to be present on almost any running Linux system.
For current Gentoo users, there's no need to go through the installation once again to reach 2004.2. Users who are on Gentoo 1.4, 2004.0 or 2004.1 can simply sync their Portage tree and run "emerge --update world."
The Portage system and Gentoo's management tools are what set Gentoo apart from other Linux distributions, and it takes a bit to get used to for those of us reared on package-based distributions like Slackware, Red Hat and Debian. (Ladislav Bodnar contributed a nice overview of Portage back in June.) Having only briefly toyed with Gentoo in the past, this writer spent quite a bit of time getting used to Portage. It is something of an acquired taste, but it works well and it's easy to see why so many Linux users are using Gentoo.
In fact, the Portage system actually came to the rescue about mid-way through the install. While editing the system's /etc/fstab, this writer became quite frustrated with trying to think in nano while editing the file. Instead of finishing the install with nano, a quick "emerge vim" made it possible to use Vim for the remainder of the install process.
Changes in the 2004.2 release are mostly incremental. One major change in this release is the inclusion of X.org-X11 as the default XServer for licensing reasons. This release also includes GNOME 2.6, KDE 3.2.2 and XFce 4.0.5. According to this week's Gentoo Linux Newsletter, GNOME 2.6.2, KDE 3.2.3 have been marked stable in the Portage tree, and XFce 4.0.6 will be there soon.
In all, Gentoo 2004.2 isn't a radical departure from previous versions of Gentoo. It's a good starting point for users who have been interested in using Gentoo, but haven't yet stepped up to the plate. For users who like to tweak things and get to know Linux in-depth, Gentoo is a user's paradise. For users who want something to work with minimal fuss, Gentoo is not the best way to go. That's not a criticism of the distribution, but a simple acknowledgment that Gentoo method is not a quick and easy way to install Linux.
The distribution is quite solid, and well-documented. In fact, Gentoo's documentation may be some of the best on the "market" -- it's easy to follow, and the Gentoo project has done a particularly good job at providing complete documentation for the installation and use of the system. While it is taking some time to get used to, this writer plans to continue using Gentoo on his laptop for some time to come.
Distribution News
Debian GNU/Linux
The Debian Weekly News for August 3, 2004 is out. Topics this week include Debian Birthday parties, sarge package removals, OSCON talks, and more.A long message sent to debian-devel by sarge release manager Steve Langasek gives a timeline for a Debian sarge release on September 15. It also breaks the news that Steve Langasek and Colin Watson are the release managers - it seems that A.J. Towns finally got fed up and stepped down from that position. The base and standard packages have gone into a hard freeze now, with a goal of having zero release-critical bugs (down from just under 300 now) by September 12.
Igor Genibel has announced a new version of the Debian Developer Packages Overview.
Frank Lichtenheld presents Bits from the WNPP with an explanation of the new RFH (Request For Help) tag that has been added to the Work-needing packages report.
Fedora Core
The Fedora News Updates is back. Issue #14 has a lengthy discussion of how Fedora packages the kernel source, along with articles on upgrading from FC1, translations, and more.The Fedora schedule has been updated, now showing a one-week slip. The Test 2 freeze is now scheduled for September 1, with a test 2 release set for September 13.
The Fedora Steering Committee has proposed to transfer Fedora Core 1 to the Fedora Legacy Project at the point Fedora Core 3 Test 2 is released.
FC2 updates:
- man-pages-ja: updated Japanese man pages fix typo and wrong filename
- gimp: update to v2.0.3
- gnumeric: adds plugins
Gentoo Weekly Newsletter - Volume 3, Issue 31
The Gentoo Weekly Newsletter for the week of August 2, 2004 is out. This week's top news is the release of Gentoo Linux 2004.2 for AMD64, HPPA, SPARC and X86.UserLinux plans anounced
Bruce Perens has sent out an announcement (click below) regarding a press conference to happen at LinuxWorld. His plans for UserLinux include a "mass beta" starting September 1, tracking the Debian sarge release, and a "pure AMD64" UserLinux release.Mandrakelinux
Mandrakelinux has an updated drakxtools package fixing many bugs.Slackware Linux
The slackware-current changelog shows just a few changes this week. Automake, binutils and gdb have been upgraded.
New Distributions
StartCom Linux
StartCom Ltd., a small software house located in Israel, has announced the release of StartCom Enterprise Linux. Based on Red Hat Advanced Server source code, StartCom Linux is meant to offer a free and supported alternative to previous users of Red Hat Linux systems. StartCom plans to release four flavors of StartCom Linux: Enterprise Linux, the MultiMedia Edition, the Office Edition and the Developer Edition. StartCom Linux Enterprise AS-3.0.0 was released August 2, 2004.New Mexico Software Releases Santa Fe Desktop Linux
New Mexico Software, Inc. has announced the first release of Santa Fe Desktop Linux. This is a Debian-based, non-technical desktop distribution that can be run from a live CD or installed to hard disk.IsaMorph
IsaMorph is a highly specialized GNU/Linux Live CD. It's based on Morphix and features the interactive theorem prover Isabelle, for a complete theorem proving environment. IsaMorph joins the list at version 0.2.1, released July 29, 2004.
Minor distribution updates
AGNULA/DEMUDI 1.2.0-rc1 is out
AGNULA/DeMuDi 1.2.0-rc1, the Debian-based GNU/Linux distribution for audio/video, has been released. This release candidate sports tighter integration with Debian, using the Sarge Debian Installer and the CDD (Custom Debian Distributions) framework. Click below for more information.Devil-Linux v1.2 Beta 2 is available!
Devil-Linux has released v1.2 Beta 2. "The new release fixes all the reported problems from the previous Beta and adds various program updates."
Linux Netwosix Official Support IRC Channel
Linux Netwosix has announced a new IRC Support Channel for users seeking help with Linux Netwosix.Lycoris Announces AI2, New Application Environment for Desktop/LX
Lycoris has announced that AI2, its new application environment for Linux, will be made available exclusively in Desktop/LX 1.4. AI2 (A-I-squared), which stands for Advanced Application Integration Infrastructure.Mediainlinux
Mediainlinux, formerly known as Medialinux, has a new web site and a new version 2 release with major feature enhancements. "Changes: Mediainlinux is now OpenMosix enabled, and will be introduced at the Siggraph 2004 in Los Angeles from 10 to 12 of August. Most of the work has been derived from Cluster Knoppix, and all packages are up to date."
New Quantian release 0.5.9.3 available
Quantian release 0.5.9.3 is available. "Quantian 0.5.9.3 adds over 360 GNU R packages from the CRAN and BioConductor archives, the GNU geda electronics design software, an almost complete debian-med suite, the complete scalapack development suite, atlas3 and lam development packages, fancy GL screensavers, lots of recommended documentation packages as well as a general update of over 300 Debian packages bringing the size of the iso to over 1.5gb corresponding to 4.4gb uncompressed."
Distribution reviews
A Linux Desktop for Die-Hard Windows Users (eWeek)
eWeek reviews Xandros Desktop OS Business Edition 2.5. "Xandros comes ready to work with both NT PDC (Primary Domain Controller) domains and W2K and Server 2003 AD (Active Directory) networks. This isn't just hype. I currently run Xandros on my main laptop and a secondary workstation on my hybrid Windows network, and I have no trouble working with NT, W2K and Server 2003 drive and printer resources. You'll have endlessly more trouble trying to get XP Home working with either PDC or AD-style networks."
Yellow Dog Linux on Power Mac G5
IBM developerWorks installs Yellow Dog Linux on a Power Macintosh G5 machine. "This article explores how to set up a dual-boot environment with Yellow Dog Linux/Y-HPC and OSX on G5 systems, including issues to watch for during installation and configuration. Note that the name of the higher performance distribution we are using is Y-HPC; this refers currently to the beta 64-bit product and will later be used for Terra Soft's production-ready 64-bit product. The company's 32-bit product is known as Yellow Dog Linux (YDL) and, for use on G5 machines, is also considered to be in beta."
Page editor: Rebecca Sobol
Development
Groovy, a Java-like Scripting Language
Groovy is a relatively new scripting language that resembles Java, it is built on top of the Java Virtual Machine (JVM). The main developers are James Strachan and Bob McWhirter.
![[Groovy]](https://static.lwn.net/images/ns/groovy.jpg)
One of the main features of Groovy is that it is very easy for
Java programmers to learn. The
Groovy FAQ
explains:
"One of the main design goals of Groovy is to be a scripting language for Java developers to use. So we wanted to reuse both Java's semantics and the whole set of J2SE APIs rather than introduce a port of a different language with different semantics and APIs to learn and implement/maintain.
"
Some of the basic features of Groovy include:
- It is a JRE-compliant scripting language.
- It is an agile development language.
- The core syntax is based on Java.
- It supports existing Java objects and libraries.
- Groovy is interpreted, compilation is performed at run time.
- It supports command line operation.
- Variables are dynamically typed.
- Tuples, lists, maps, and closures are part of the basic syntax.
- Closures are used for passing blocks of executable code.
- Regular expressions are supported with ~"..." expressions.
- Groovy provides operator overloading capabilities.
- GroovyMarkup for native support of XML, HTML, SAX and other markup languages.
- The GPath path expression language.
- Support for writing Java servlets (Groovlets).
- GroovySql for working with SQL databases.
- GroovyBeans, a simplified interface to Java Beans.
- The Groovy Template Engines provide a templating framework.
- Groovy supports scripting in Ant.
If you are interested in learning more about Groovy, take a look at Andrew Glover's introductory article on IBM's developerWorks entitled Feeling Groovy.
System Applications
Audio Projects
Speex 1.1.6 Released
Development version 1.1.6 of Speex, a voice codec, is out. Changes include a fixed jitter buffer, denoiser tuning, a better echo canceler, gapless playback, run-time identification of speex versions, and more.
Database Software
IBM contributes 'Cloudscape' database
IBM has announced that it will be contributing a version of its "Cloudscape" Java relational database to the Apache Software Foundation, under the name "Derby." "Derby is a Java-based relational database with a two megabyte footprint that is fully embeddable and requires zero administration support. The software is ideal for developers, enabling them to easily build and deploy applications and workloads that do not require an enterprise-class database system." The code will be available "over the next few weeks."
PostgreSQL Weekly News
The August 1, 2004 edition of the PostgreSQL Weekly News is online with OSCon coverage and other PostgreSQL database information.
Libraries
Pango-1.4.1 released
Version 1.4.1 of Pango, a library for layout and rendering of text, is out. "Pango-1.4.1 contains numerous bug fixes as compared to Pango-1.4.0, in particular for rendering of Indic languages. It also contains OpenType support for the Thai shaper."
Mail Software
Bogofilter 0.92.4 is out
Version 0.92.4 of Bogofilter, a spam mail filter, is out. "Bogofilter-0.92.4 has been been promoted from "current" status to "stable" status. Since the last stable release there have been documentation updates and minor enhancements and bug fixes."
Sendmail 8.13.1 is available
Version 8.13.1 of Sendmail has been announced. "It contains fixes for problems that have been found after release of 8.13.0 as well as some portability enhancements."
Security
Secure programming with the OpenSSL API (IBM developerWorks)
Kenneth Ballard works with OpenSSL on IBM's developerWorks. "Learning how to use the API for OpenSSL -- the best-known open library for secure communication -- can be intimidating, because the documentation is incomplete. Fill in the gaps, and tame the API, with the tips in this article. After setting up a basic connection, see how to use OpenSSL's BIO library to set up both a secured and unsecured connection. And learn a bit about error detection as well."
Web Site Development
ZopeMag Weekly News
The July 18-28, 2004 edition of the ZopeMag Weekly News is online with lots of Zope and Plone related articles.
Desktop Applications
Accessibility
gnopernicus 0.9.7 is out
Version 0.9.7 of gnopernicus, a GNOME desktop screen reader for the visually impaired, is available with several new user interface features and capabilities.
Desktop Environments
A GNOME 2.8 preview
Davyd Madeley has put up a "What's new in GNOME 2.8?" page with lots of pictures of new widgets which will appear in the next major GNOME release.gnome-applets 2.7.1 released
GNOME-Applets version 2.7.1 is available. Changes include several battery applet changes, translation work, and more.KDE-CVS-Digest (KDE.News)
The July 30, 2004 issue of the KDE-CVS-Digest is online with the following content summary: "New KDE system sounds. Digikam has a histogram viewer, new camera kioslave, image editor, HSL balance correction plugin. Kexi adds two run modes; final mode and design mode. New icons for Juk, Kommander, new splash screen for KDE. Plus many bug fixes in preparation for the release."
Electronics
Gnetman A GNU Netlist Manipulation Library
A new release of Gnetman, dated July 30, 2004, has been released. "The gnetman project has one simple goal: Enabling interoperability between open-source EDA tools."
Financial Applications
SQL-Ledger 2.4.1 released
Version 2.4.1 of SQL-Ledger, a web-based accounting system, has been announced. Changes include a new date selection menu for reports, bug fixes, and more.
Games
gnome-games 2.7.6 is available
Version of 2.7.6 of gnome-games, a collection of games for the GNOME desktop, has been released. Here are the changes: "Only one new item that should grab your attention: David Bellot's pure SVG card theme. Be warned that this theme is complex and is liable to expose speed issue and rendering bugs."
Mapacman 1.0 is out
Version 1.0 of Mapacman has been released on the PyGame site. "Mapacman is a multiplayer online pacman game. It requires pygame and the pyarianne packages. Arianne is a multiplayer online network engine designed for turn based and real time games."
Creating Games with Pygame (Linux Journal)
Patrick Rutledge works with PyGame in a Linux Journal article. "Python is an excellent language for rapid application development and prototyping. With Pygame, a wrapper built around SDL, the same can be true for games. In addition, because its built on top of Python and SDL, Pygame is highly portable. The only downside is it can be too slow for some computationally intensive types of games. If your game is too slow, the particular sub-routine(s) bringing down your execution speed can be rewritten in C/C++. This article is intended to be a short introduction and by no means covers all there is to know about Pygame. Using a simple Space Invaders-type game, I present what I feel are the fundamentals of Pygame."
GUI Packages
Gazpacho 0.3.0 announced
Version 0.3.0 of Gazpacho, a GUI builder for GTK+, is out. Changes include UI manager editor support, support for run without install, bug fixes, and more.GLib 2.4.5 released
Version 2.4.5 of GLib is available. "This is a bug fix release and is source and binary compatible with 2.4.0. The main reason for this release is a bug in the routines converting between filenames and URIs, which can cause problems when used with filenames which are not encoded in UTF-8."
Gtk2-Perl 2.7.90 released
Version 2.7.90 of Gtk2-Perl, the Perl bindings for GTK+, is available.
Interoperability
Wine Traffic
The July 30, 2004 edition of Wine Traffic is out with the latest Wine (Wine Is Not an Emulator) news.
Multimedia
GStreamer Plugins 0.8.3 released
Version 0.8.3 "Water" of the GStreamer Plugins are out with lots of bug fixes and improved translations.
Music Applications
Rosegarden-4 0.9.9 released - now officially in beta!
Beta release 0.9.9 of Rosegarden-4, an audio/MIDI sequencer, is out. "This release is feature complete for 1.0 and marks the start of official beta testing."
News Readers
Liferea 0.5.2c announced
Version 0.5.2c of Liferea, the Linux Feed Reader, is out with bug fixes and an updated Czech translation.
Office Applications
gcalctool v4.4.16 released
Stable version 4.4.16 of gcalctool, the default GNOME desktop calculator, is out. This is the third in a series of bug-fix releases this week.
Office Suites
OpenOffice.org Newsletter
The July, 2004 OpenOffice.org Newsletter is out with lots of new information on the OpenOffice.org office suite.
RSS Software
BLAM! 1.2.1 released
Version 1.2.1 of BLAM!, an RSS reader, is available. "Some people reported having problems with finding the default values in GConf which caused BLAM! to not start properly. This release should fix that".
Web Browsers
Firefox, Thunderbird, and Mozilla releases
MozillaZine reports that Firefox 0.9.3, Thunderbird 0.7.3, and Mozilla 1.7.2 have been released. In each case, the new release contains fixes for a set of recently discovered security issues.New Epiphany Releases
It's been a busy week for the Epiphany developers. Epiphany 1.2.7 (stable) and Epiphany 1.3.4 (development) are available.Also, Epiphany Extensions 1.0 (stable) and Epiphany Extensions 1.1.2 (development) have been released.
Independent Status Reports (MozillaZine)
The August 2, 2004 Mozilla Independent Status Reports are online. "This latest set of reports includes updates from cuneAform, Flipper, MAF, JRex, MAB, Mozilla Enterprise, MozManual, and more."
Mozilla Security Bugs Bounty Program Launched (MozillaZine)
The Mozilla Foundation has announced a Security Bug Bounty Program. "Under the new scheme, any user who reports a critical security vulnerability in end-user Mozilla software will receive a US$500 reward. The program is being funded by Linux distributor Linspire (formerly Lindows.com) and Internet entrepreneur and space tourist Mark Shuttleworth"
Third Alpha Milestone Added to Mozilla 1.8 Cycle (MozillaZine)
A third alpha milestone is now being planned for Mozilla 1.8. "This change is intended to prevent the final 1.8 release from clashing with the launches of Mozilla Firefox 1.0 and Mozilla Thunderbird 1.0. The updated Mozilla Development Roadmap targets Mozilla 1.8 Alpha 3 for a Friday 13th August release."
Miscellaneous
Blogfish 0.2 "Hard Core Prawn" is out
Version 0.2 of Blogfish is out with some new features. "Blogfish is a Gnome panel applet. It allows you to spread your blog URL, website URL or random thoughts to other users, with the help of tiny, internet-enabled fish. Good memes survive; bad ones are voted down and go belly up."
Languages and Tools
C
GCC Newsletter
The July 29, 2004 edition of the GCC Newsletter is out with the latest discussions on the Gnu Compiler Collection.
Caml
Caml Weekly News
The Caml Weekly News for July 27 - August 3, 2004 is available with the latest Caml language developments.
Java
Keeping Up with the Java Joneses (O'ReillyNet)
Ian F. Darwin looks at Java 1.5 on O'Reilly. "Ian Darwin covers a variety of new Java 1.5 features, including J2SE 1.5 threading, the return of printf, and the IDEs NetBeans and Eclipse. Ian wraps up this article with resources to help you keep up with the rest of the Java Joneses."
Perl
This Week on perl5-porters (use Perl)
The July 26 - August 1, 2004 edition of This Week on perl5-porters is online with the latest Perl 5 development news.
PHP
PHP Weekly Summary for August 2, 2004
The PHP Weekly Summary for August 2, 2004 is out. Topics include: 5.0.1 ahead, segfault reports, PHP 5 installer, sort() behaviour, Java extension, splitting the atom, and fstat caching.
Python
python-dev Summary
The python-dev Summary for July 1-15, 2004 is available with news of the latest Python language developments.Dr. Dobb's Python-URL!
Dr. Dobb's Python-URL! for August 2, 2004 is available. Take a look for dozens of Python language articles and resources.A look at DParser for Python (IBM developerWorks)
David Mertz investigates DParser on IBM's developerWorks. "Get an introduction to DParser, a simple but powerful tool for parsing, written by J. Plevyak. Then learn about DParser for Python, which gives Python programmers a seamless interface to DParser, and see how it compares to other parsers covered in previous installments. In a manner similar to Spark or PLY, grammar rules are input to DParser using Python function documentation strings."
Tcl/Tk
Dr. Dobb's Tcl-URL!
The August 2, 2004 edition of Dr. Dobb's Tcl-URL! is online with the week's Tcl/Tk article links.
XML
Decomposition, Process, Recomposition (O'Reilly)
Uche Ogbuji comments on ways to deal with potential XML problems. "The most common effect of this lack of attentiveness often leads people to very dangerous practices such as acting as if XML is an ASCII or even byte-oriented format. I have warned sharply about the ugly effects of such confusion in a few previous articles in this column. Another common effect I've seen is the tendency to create multi-megabyte or even gigabyte monolithic XML files. XML is so flexible for data representation because of its nature as an annotated hierarchy. But this very nature also makes efficient processing quite difficult, especially with regards to scaling according to number of nodes."
XML-Java Data Binding Using XMLBeans (O'ReillyNet)
Hetal C. Shah explores XMLBeans on O'Reilly. "XMLBeans, currently in the Apache incubation process, is a promising framework for providing XML/Java data binding unmarshalling well-formed XML into Java objects, and marshalling Java objects into XML files."
Improve performance in your XML applications, Part 2 (IBM developerWorks)
Elena Litani and Michael Glavassevich continue their IBM developerWorks series on XML performance with part two. "In this installment of a three-part series describing best practices for writing XML applications, authors Elena Litani and Michael Glavassevich explain how to improve your SAX and DOM applications' performance by using the Xerces2 implementation. They also include code samples to show you how to improve your application's performance by reusing parser instances."
Caveat Incumbent (O'Reilly)
Edd Dumbill writes about XHTML and ebXML on O'Reilly's XML.com. "In this week's XML-Deviant, we take a look at two conversations on the XML-DEV mailing list that highlight XML's disruptive aspect -- more specifically, the disturbance XML can cause to the dominant incumbent in a technology area in which XML is being introduced."
Editors
gedit 2.7.90 released
Version 2.7.90 of gedit, the GNOME text editor, has been released. Changes include bug fixes, improved translations and a new encoding selection command line option.
IDEs
YaPIDE 0.1 released
Initial release 0.1 of YaPIDE (Yet Another PIC IDE) is out. "YaPIDE aims to be a fully featured Microchip PIC simulator for Linux (and probably other UNIXes). YaPIDE is a GUI only application. If you need a commandline based PIC simulator there is the excellent GPSIM. The simulator kernel currently supports the PIC 16F628." Add this to the collection of PIC tools covered in last week's development page.
Cooking with Eclipse, Part 2 (O'ReillyNet)
O'Reilly has published part two in a book excerpt series by Steve Holzner. "In this second batch of recipes from O'Reilly's Eclipse Cookbook, find out how to connect Eclipse to a CVS repository and how to use Swing and AWT inside of SWT for Eclipse 3.0."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Andrew Morton's Speech at OLS - Transcript (Groklaw)
Groklaw has put together a transcript of Andrew Morton's OLS keynote. Worth a look if you weren't able to be there in person.O'Reilly Radar: OSCON 2004 (O'ReillyNet)
O'Reilly covers the OSCON 2004 keynote by Tim O'Reilly. "Tim's remarks focused on what is currently on his radar. He discussed Internet applications and social software, and ended with the announcement that O'Reilly will be producing the third annual MySQL Conference this year in Santa Clara, California."
Some photos from the first day of the event have been published.
Trade Shows and Conferences
Red Hat chief calls for idealism, reform, sharing (News.com)
News.com covers the keynote by Matthew Szulik, Red Hat CEO. "In a one-hour meeting, Szulik said, Indian President A.P.J. Abdul Kalam told the Red Hat chief of his enthusiasm for boosting education in India with open-source software. But Szulik told attendees that he continues to struggle to get his own local schools even to learn how to pronounce Linux."
Two Degrees of Freedom (O'ReillyNet)
Here is some O'ReillyNet coverage of OSCON. "The second morning keynote at the O'Reilly Open Source Convention in Portland, Oregon began with a clip from Star Trek: The Next Generation. George Dyson had brought the segment to introduce his father Freeman Dyson. The audience watched both the screen and the reaction of the elder Dyson to the Star Trek plot, which centered on the discovery of a Dyson Sphere..."
O'ReillyNet also has the inevitable OSCON photos available.
OSCON highlights new kind of community, componentized Linux, and GNOME desktop (NewsForge)
Here's some OSCON coverage from NewsForge. "Talk of a new type of software development community that spills into more traditional communities such as towns, churches and country clubs was matched with a new kind of pick-and-choose, componentized Linux distribution, and renewed efforts to push Gnome to desktop success at OSCON's second to last day."
Sun To Demo SunRay Linux at LinuxWorld (eWeek)
eWeek takes a look at Sun's LinuxWorld offerings. "Sun Microsystems Inc. will demonstrate a new version of its SunRay thin-client computing technology for Linux at this week's LinuxWorld conference here. The company is also announcing the release of its C, C++ and Fortran development tools for Linux."
KDE at USENIX 2004 Annual Technical Conference (KDE.News)
KDE.News covers the recent USENIX Annual Technical Conference in Boston. "The conference also featured a lot of other interesting talks. To name only a few: Matthias Ettrich presented the technical changes in Qt 4, in the plenary session Bruce Schneier held a thought-inspiring talk about how security-tradeoffs influence our lives and how we might be able to handle this in a sensible way and Rob Pike gave some insight in the amazing technology Google uses to power their search engine."
The SCO Problem
New date for SCO v IBM hearing (Register)
The SCO vs IBM motion hearing has been delayed until September 15, according to the Register. "A new court date has been set for the SCO v IBM motion hearing. Originally scheduled for 4 August, the hearing has been moved to 2pm on 15 September. Coming after eighteen months of legal wrangling, the September hearing will be a defining moment in the dispute, with SCO having by far the most to lose."
SCO tries to revive Unix System Labs name (LinuxWorld)
LinuxWorld reports on SCO's attempt to register the "Unix System Laboratories" trademark. "The Open Group, a San Francisco consortium that owns the trademark to the term Unix, claims that registering the name Unix System Laboratories would not only conflict with the Open Group's Unix trademark but would also violate a license between SCO and the Open Group, which allows SCO to use the term Unix. 'We'll be taking the issue up with the Patent and Trademark Office and objecting strenuously, and we'll be taking the issue up with SCO because it's a breach of the license they already hold with us,' said Graham Bird, vice president of marketing with the Open Group."
SCOForum 2004 - Day 2 (Groklaw)
For all of you who wish you could be at SCOForum, Groklaw has a lengthy summary of reports from the second day there. "What I gather from reading between the lines of reports in the media and general feedback is that they seem to have gotten a clue they are unlikely to win in the courts, and so they are trying to get the world to forget the litigation and see them as a Unix company with a future instead. They don't 'need' to sue any more customers at this time, they are saying. I guess that means, if you buy their new products, they won't sue you like they sued IBM, AutoZone and DaimlerChrysler. Not at this time." Our buddy Rob Enderle apparently spoke on "free software and the fools who use it."
Fun with SCO headlines
Here's a small set of SCO articles, mostly reporting from SCOForum. There's little there which isn't better expressed in Groklaw's summary, but the headlines tell a lot about how the company is perceived at this point.
- SiliconValley.com: SCO chief winning his battle with reality.
- The Register: Neutered
SCO no longer on the offensive. ("
Somebody get Mr. Clean a Viagra. This is a clear case of depression caused by premature indemnification.
") - TechWorld: Linux is mine, all mine, cackles distracted SCO head.
Companies
Dell Releases New Linux Workstations (Internetnews.com)
Internetnews.com reports that Dell is selling two new 64 bit machines with Red Hat Enterprise Linux 3 installed. "Dell is jumping on Intel's Extended Memory 64-bit Technology (EM64T) bandwagon pretty hard these days, but it is really moving product with the help of Linux. The Round Rock, Texas-based computer maker listed two new workstations at its online store Wednesday. The Dell Precision 470n and 670n workstations run on Intel's latest Xeon Nocona processors with its coordinating Tumwater chipset."
HP beefs up Linux portfolio (vnunet)
Vnunet covers HP's LinuxWorld announcements. "The vendor will expand its thin client t5000 desktop workstation range into Linux territory for the first time, and will extend support for Linux on Integrity servers configured beyond four-way and open out its reference architecture to include open source software."
IBM to make Java database open source (News.com)
News.com covers IBM's plans to create an open source project around Cloudscape, a specialized Java database. "Cloudscape is a niche product in IBM's overall data information line and has tiny market share compared with its multibillion-dollar DB2 franchise. IBM has used Cloudscape as an embedded data store as part of its Workplace desktop application line."
IBM pledges no patent attacks against Linux (News.com)
News.com reports from a LinuxWorld speech by an IBM executive. "'IBM has no intention of asserting its patent portfolio against the Linux kernel, unless of course we are forced to defend ourselves,' said Nick Donofrio, senior vice president for technology and manufacturing, drawing applause in a speech at the LinuxWorld Conference and Expo." It's not the strongest statement one could hope for, but it is a step in the right direction.
Novell to debut server Linux update (News.com)
News.com takes a look at Novell's plans to release SuSE Linux Enterprise Server 9. "The server Linux update will incorporate the new 2.6 kernel at its heart, sources said. Although Novell has already launched a version of Linux that uses the kernel, SLES is a flagship edition that comes with extensive support and partnerships with software and hardware companies."
Sun mulls buying Novell (News.com)
News.com has picked up a rumor that Sun Microsystems is toying with the idea of buying Novell. ""With our balance sheet, we're considering all our options," Sun Chief Operating Officer Jonathan Schwartz said in an interview Sunday regarding the possibility of acquiring Novell. "What would owning the operating system on which IBM is dependent be worth? History would suggest we look to Microsoft for comparisons.""
Linux Adoption
Bread, milk and a Linux PC (ZDNet)
ZDNet France finds Mandrakelinux at the grocery store. "Called "Compubox" by the supermarket, the PC is available from Carrefour's Internet site to shoppers from France, Belgium, Luxembourg and Monaco, with the machines rumored to be sold in one or two Carrefour stores beginning in August."
Linux at Work
Open Source and NASA's Mars Rover (O'Reilly)
Ann Barcomb examines the use of open-source software in NASA's Mars Rover program. "In addition to this cornucopia of Java, applications such as MySQL, Linux, CVS, and Emacs reduced the workload of the team. Open source software (OSS) was vital to the success of the project because it conserved team resources. In combination with commercial, off-the-shelf (COTS) hardware, open source software reduced costs, simplified the overall system design, and allowed access to outside experts."
Interviews
OSDL woos end users and ISVs (vnunet)
Vnunet interviews OSDL's William Weinberg. "What are we likely to see coming out of OSDL in the near future?"
More aggressive recruiting, and increasing the number of end-user companies that are members. A number of financial institutions and other vertically focused companies have announced their membership. Lots of companies want to come to the table but some of them are reluctant to publicise their membership or otherwise publicise their Linux adoption.
Resources
Connect KDE apps using D-BUS (IBM developerWorks)
IBM developerWorks connects applications with D-BUS. "The typical desktop has multiple applications running, and they often need to talk to each other. DCOP is a solution for KDE, but it is tied to Qt, and so is not used in other desktop environments. Similarly, Bonobo is a solution for GNOME, but it is quite heavy, being based on CORBA. It is also tied to GObject, so it is not used outside of GNOME. D-BUS aims to replace DCOP and Bonobo for simple IPC and to integrate these two desktop environments. Because the dependencies for D-BUS are kept as small as possible, other applications that would like to use D-BUS don't have to worry about bloating dependencies."
Plug OpenOffice.org into PostgreSQL (NewsForge)
NewsForge makes a connection between a PostgreSQL database and OOo. "Setting up the connection is pretty easy: just download the driver and configure a few things. You'll be able to connect with both Writer and Calc. I'll cover connecting with the word processor, using a PostgreSQL database that I had on my laptop. You can apply the same procedure for Calc."
Windows, Linux grapple in Great Gadget Smack-Down! (LinuxDevices)
LinuxDevices is running a comparison of embedded Linux and Windows on real-world devices. "We therefore have decided to hold the first-ever "Great Gadget Smack-Down," pitting OS vs. OS. Not on paper, according to oft-conflicting market share estimates, feature and architecture claims, or purported time-to-market benefits -- but instead, where it really counts: based on which OS powers the coolest and best gadgets."
Reviews
Four alternative Linux window managers (NewsForge)
NewsForge looks at AfterStep, Enlightenment, IceWM, and FVWM. "KDE and GNOME combine window managers with suites of applications to create comprehensive work environments. As complete as they are, it's easy to forget that there are other graphical ways to work on a Linux desktop. Sometimes a lighter-weight window manager is in order, such as for laptop usage, children's use, or quick startup applications. Here are four "alternative" window managers that are mature, fast, and functional."
Miscellaneous
Linux Scare Tactics (Forbes)
Here's a Daniel Lyons piece in Forbes with a rather cynical view of the OSRM's report on possible patent issues in the Linux kernel. "Linux advocates howl that SCO is running a shakedown racket. They point out that SCO still won't say which parts of Linux contain stolen SCO code, nor will SCO name Linux users it claims are paying license fees to SCO. Similarly, OSRM says there are 283 patents that Linux may violate, but won't say what those patents are. (OSRM says it will tell customers who insist, but warns this could make customers vulnerable to claims of 'willful infringement,' which could lead to triple damages.)"
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
Mozilla Foundation Looking for Volunteers (MozillaZine)
The Mozilla Foundation is looking for volunteers to help get Firefox 1.0 on computing magazine CDs.
Commercial announcements
Press releases from LinuxWorld
LinuxWorld is in full swing at the Moscone Center in San Francisco, with the usual flurry of press releases. Here are a few of the announcements we've seen today:- The Eclipse Foundation has announced the creation of a Test and Performance Tools Platform Top Level Project.
- Netline Internet Service has announced it will release its Open-Xchange Server under the GNU General Public License.
- The Gelato Federation has joined the Free Standards Group and ported Eclipse 3.0 to Linux-Itanium.
- Wyse Technology has announced a thin client based on the 2.6 kernel, the company has joined OSDL and the company is collaborating with AMD to provide the AMD Geodeprocessor in its Linux-based thin client devices.
- RealNetworks has announced the final GOLD versions of RealPlayer 10 for Linux and Helix Player.
Culled from the LinuxWorld flood
LinuxWorld has once again proven itself to be second to none for the generation of press releases. Here are a few of today's offerings:- Novell has announced SUSE LINUX Enterprise Server 9 which will include the JBoss Application server. Novell has also announced new partner initiatives.
- Pen&Internet has released riteForm, an advanced recognition solution for processing handwritten forms and notes on mobile pen-enabled devices on Linux.
- VERITAS Software a new member of OSDL, showcases its Linux offerings.
- BEA Systems, Inc. touts the wonders of Apache Beehive.
- Open Country is focused on managing the Linux-powered enterprise. The company is working with Progeny to provide customers with legacy Red Hat system updates.
- MySQL AB and MontaVista Software announced an extended partnership.
- CodeWeavers shows off the iTunes support to be included in the next release of CrossOverOffice.
- Penguin Computing joined PathScale's FastPath(TM) Partner program.
A selection from the PR flood
The LinuxWorld press release machine continues to crank out the hype. Here is a subset of what the corporate world would like us to know:
- Aduva
has released "OnStage 2.2," a Linux system deployment and management
utility.
- Computer Associates has announced the
release of the Ingres database under the "CA Trusted Open Source
License," and a
$1 million offer for developers who "
create solutions that enable users of Oracle, Microsoft SQL Server, Sybase Adaptive Enterprise Server, IBM DB2 Universal Database, Informix and/or MySQL to migrate to the Ingres r3 database platform.
" - Covalent
Technologies has contributed its ASP.NET module to the Apache
Software Foundation.
- HP
has announced a Linux-based notebook system, Linux on its "Integrity
Superdome" servers, an impending EAL 3+ certification for its
systems, and a set of "reference architecture solution stacks."
- MySQL
AB has a new set of "enterprise-class" technical support offerings.
- Network
Appliance has announced support for SUSE Linux Enterprise
Server 9.
- Pogo
Linux is offering an AMD64-based notebook system with Linux
installed.
- Red
Hat and Black Duck Software have some sort of joint offering which
will let companies monitor licensing compliance when developing with
free software.
- Red
Hat has made its "Red Hat Application Server" product available.
- Sun Microsystems has augmented Solaris 10 with "Project Janus," a feature which allows Solaris to run Linux binaries.
Linare Offers Professional Edition
Linare Corporation has announced availability of the Linare Linux Professional Edition distribution. "Features include a user-friendly installer, advanced User Interface with new theme, reliable Linux kernel v. 2.6, KDE 3.2.2 graphical desktop environment, Open Office, Evolution Email and other utilities. Professional edition includes one year of phone and email support."
MySQL AB Launches MySQL Hosting Powered by Rackspace
MySQL has announced that it is working with Rackspace to provide a MySQL database hosting service. "MySQL Hosting is provided in partnership with Rackspace, the fastest-growing managed hosting specialist in the world. Designed for Web sites and other MySQL database applications, MySQL Hosting provides a secure, scalable hosting environment with a 99.9 percent uptime guarantee, along with a commercial MySQL license and technical support."
Red Flag announces an Intel-compiled distribution
Red Flag has announced the availability of a version of its distribution built with Intel's proprietary compiler. The distribution comes with a "60-day evaluation copy" of the compiler as well.Unisys Delivers Industrial Strength Linux
Unisys Corporation has announced the availability of Linux on the company's ES7000 servers. Unisys is working with Novell, Inc. and Red Hat, Inc. to provide the business, government and scientific communities with services and support for Linux-based solutions.Enea Embedded Technology Announces Enea Orchestra
Enea Embedded Technology has announced their Enea Orchestra Distributed Systems Platform and Development Environment.
New Books
"Perl 6 and Parrot Essentials" Released by O'Reilly
O'Reilly has published the book Perl 6 and Parrot Essentials by Allison Randal, Dan Sugalski, and Leopold Totsch."Learning PHP 5" Released by O'Reilly
O'Reilly has published the book Learning PHP 5 by David Sklar.
Resources
Paul Graham on great hackers
Paul Graham has posted an essay on "great hackers," derived from his OSCON keynote. "When you decide what infrastructure to use for a project, you're not just making a technical decision. You're also making a social decision, and this may be the more important of the two. For example, if your company wants to write some software, it might seem a prudent choice to write it in Java. But when you choose a language, you're also choosing a community. The programmers you'll be able to hire to work on a Java project won't be as smart as the ones you could get to work on a project written in Python. And the quality of your hackers probably matters more than the language you choose. Though, frankly, the fact that good hackers prefer Python to Java should tell you something about the relative merits of those languages."
OSRM does a kernel patent review
Open Source Risk Management, the company selling litigation insurance policies for Linux users, has announced the results of a review of patents potentially affecting the Linux kernel. This review was done by Dan Ravicher of the Public Patent Foundation. "In conclusion, he found that no court-validated software patent is infringed by the Linux kernel. However, Ravicher also found 283 issued but not yet court-validated software patents that, if upheld as valid by the courts, could potentially be used to support patent claims against Linux. In response, OSRM will be expanding its risk mitigation and insurance offerings to cover this quantifiable risk."
PHP Tunisie
The php.net site mentions a new French language PHP magazine from Tunisia, PHP Tunisie. "PHP Tunisie has just released the second issue of its monthly french PHP Magazine. In this issue you'll find a large plan on PostgreSQL, Databases abstractions with PHP, your mini template engine, an article on images generation with PHP, the migration towards PHP5 with EasyPHP1.7... And many other articles and latests PHP news."
Giving Lightning Talks (O'Reilly)
Mark Fowler gives some tips on presenting lightning talks. "Lightning talks are a great way to start speaking, but they do come with their own potential problems. Even the seasoned presenter makes mistakes when presenting and has had lightning talks go horribly, horribly wrong. Luckily, Perl audiences are very forgiving when this happens after all, it's happened to half the audience at sometime too, so it's nothing to get too worked up about. However, there are a few things you can consider when writing your talk that will prevent you from sabotaging your own talk before it even begins."
Contests and Awards
2004 Editors' Choice Awards (Linux Journal)
The winners of Linux Journal's 2004 Editors' Choice Awards have been published. LWN.net even makes a cameo appearance this time around.2004 White Camel Award Winners (use Perl)
Use Perl has posted an announcement for the winners of the 2004 White Camel Award. Jon Orwant, Brian d Foy, and Dave Cross have received the honors.
Upcoming Events
Talk on Developing Hypermedia Applications with Mozilla (MozillaZine)
Andy Edmonds has announced his tutorial on Developing Hypermedia Applications with Mozilla. It will take place on August 9, 2004 in Santa Cruz, CA at the ACM Hypertext conference. "In addition to a wide survey of Mozilla technologies I'll be digging deep into powerful constructs like compound documents, combining SVG and XBL, and monitoring browser events. Myk Melez and Chris Aillon will be joining me to dig deeper into Mail and XPCOM."
O'Reilly and MySQL AB to Co-Present 2005 MySQL Users Conference
O'Reilly has announced that it will co-present the 2005 MySQL Users Conference along with MySQL AB. The event will take place in Santa Clara, CA on April 18-21, 2005.Events: August 5 - September 30, 2004
| Date | Event | Location |
|---|---|---|
| August 5, 2004 | LinuxWorld Conference & Expo | (Moscone Center)San Francisco, California |
| August 5 - 8, 2004 | UKUUG 2004 Linux Technical Conference | Leeds, England |
| August 21 - 29, 2004 | KDE Community World Summit 2004(aKademy) | (Filmakademie Ludwigsburg)Ludwigsburg (Stuttgart Region), Germany |
| September 2 - 3, 2004 | Python for Scientific Computing(SciPy) | (CalTech)Pasadena, CA |
| September 2 - 4, 2004 | 2nd Swiss Unix Conference | (Technopark)Zurich, Switzerland |
| September 9 - 10, 2004 | Linux Expo Shanghai | (Shanghai Exhibition Center)Shanghai, China |
| September 13 - 16, 2004 | Embedded Systems Conference | (Hynes Convention Center)Boston, MA |
| September 15 - 17, 2004 | YAPC::Europe 2004 | Belfast, Northern Ireland |
| September 20 - 23, 2004 | New Security Paradigms Workshop(NSPW) | (White Point Beach Resort)Nova Scotia |
| September 20 - 22, 2004 | Plone Conference 2004 | Vienna, Austria. |
| September 22 - 24, 2004 | OpenOffice.org Conference(OOoCon 2004) | (Humboldt University)Berlin, Germany |
| September 22 - 24, 2004 | php|works 2004 | (Holiday Inn Yorkdale Hotel & Conference Centre)Toronto, Canada |
| September 27 - October 1, 2004 | 4th International SANE Conference(SANE) | (Amsterdam RAI Centre)Amsterdam, The Netherlands |
| September 27 - 29, 2004 | ConSec '04 | (J.J.Pickle Research Center)Austin, Texas |
| September 29 - October 1, 2004 | OSCOM 4 | (Swiss Federal Institute of Technology)Zurich, Switzerland |
Event Reports
Notes from OSCON
Danny O'Brien (of NTK fame) has posted an extensive series of notes from OSCON. Worth a read. "Parrot licensing will cast you all into hell, he tells the audience, and lo they are sore afraid. Go ye through the Parrot source, and stick there proper copyright notices. Don't put 'all rights reserved', on fear of your mortal soul, because that the Lord RMS doth not think that it doth mean what thou thinkest it means. Put it instead under the GPL or the Artistic License. But don't put it under the Artistic License, put it under the Clarified Artistic License, for the Artistic License as it stands is sorely artistic, and lo it is ambiguous in many areas. And Brad Kuhn did come down from on high and suggest that the CAL be the license for Perl6, and he spake truth, for ye will be sent to Hell if you do not heed him! For he is the prophet of RMS, and the one who is to come that is greater, who is known as Hurd, and whose todo list is legion. (I am paraphrasing a fair bit here)."
FSMSI 2004 Proceedings available
Slides and audio recordings from the European seminar on Free Software for Multimedia Streaming over the Internet are available online. The event took place in Paris, France on June 23 and 24, 2004.Proceedings of lightning talks from LSM 2004 Lisp track
The Lisp track lightning talk proceedings from the Libre Software Meeting 2004 are online.
Web sites
Four New Mozilla Sites Launch (MozillaZine)
MozillaZine has announced the launching of four new web sites: the Mozilla AOM Reference, The Rumbling Edge weblog, the Mozilla Network, and Firedfox, a parody site.
Software announcements
This week's software announcements
Here are the software announcements, courtesy of Freshmeat.net. They are available in two formats:
- Sorted alphabetically,
- Sorted by license.
Page editor: Forrest Cook