LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for November 23, 2005The end of USENETYour editor, ancient relic that he is, first discovered the wonders of global email around 1981, thanks to a BSD-running VAX with a blazingly fast 1200-baud uucp connection. A USENET addiction was quick to follow; on the net, it was possible to converse with a few thousand people on literally hundreds of computers! It was an eye-opening introduction to what a global conversation could be like, both good and bad; hopefully some of those ill-advised, youthful conversations on net.singles and net.politics are lost forever.As it happens, your editor was late to the party, and the old-timers were busily worrying about how the whole thing was going to collapse under the load of all these new, clueless users. USENET proved to be resilient, however, to the point that the "death of the net" idea became a sort of running joke. It survived its rapid growth, thanks to faster modems, better software (including a thing called "rn" posted by a young Larry Wall), and user education. USENET survived the loss of the central "seismo" hub, in the process (as seismo's connections were shifted over to a new host called "uunet") kicking off the commercial ISP industry. It survived the abrupt arrival of AOL, initially connected via a uucp link of its own (here's a classic posting on how the AOL folks were perceived at that time). It even survived the beginning of the spam onslaught - the famous "green card spam" was carried via USENET, not email. USENET was a useful medium for a long time. Among other things, much of the very early Linux development conversation happened over USENET; your editor decided to go for Linux after noting that the relevant groups had much more going on than the BSD groups. When LWN was first launched, the announcement went to comp.os.linux.announce - the news source for Linux users at that time. Many years earlier, Richard Stallman's first GNU Manifesto posting happened on USENET. The next time you complain about your distributor's repository, think back to the joy of receiving GNU emacs over USENET - as a large number of 50KB chunks which you got to piece back together yourself. The legacy of USENET also surrounds us in other forms. Many of the features in your fancy mail client which allow you to deal with your incoming flood were first worked out for netnews reading. News clients still have their uses; your editor would have a hard time keeping up with so many lists if it weren't for the highly useful, NNTP-based Gmane repository. The Globe and Mail has recently declared the death of USENET, as a result of Rogers Communications deciding to stop providing netnews access to its customers. Others might have noted the death of USENET earlier this year, when AOL disconnected its customers. But the fact of the matter is that USENET has been dead as a medium for useful conversations for some years now. It is too open, too easy to flood with spam, too easy to forge control messages for. The signal-to-noise ratio of USENET - often not all that high to begin with - sunk to a point that most people had no remaining desire to deal with it. So it is not surprising that the commercial service providers are pulling the plug on USENET. A news feed requires significant bandwidth, and its contents seem to be mostly spam and porn. Few customers care anymore. There are much better alternatives out there now; the global conversation has moved on to different forums. USENET is dead, and, at this point, few of us miss it. But USENET played an important role in the history of the net as a whole. Those of you who were there: raise a glass to the memory of USENET at your next opportunity.
Open document formats and the path to world dominationIt is almost ten years to the day that Bill Gates made his "Pearl Harbor" speech, which placed the Internet at the heart of everything Microsoft did. The recent announcements of Windows Live and Office Live may not be quite so epoch making, but it nonetheless represents a major change of direction for Microsoft, and has interesting implications for free software.The parallels between Microsoft's two strategy shifts are striking. Both were triggered in part by spectacular IPOs: Netscape's in 1995, Google's in 2004. Both sought to head off the same threat of OS-independent computing. Back in 1995, Gates was worried that Netscape's software might create a "Webtop" platform, where Java applets would be downloaded over the Internet into the browser to provide word processors, spreadsheets and the rest. In 2005, another Net-based approach software services of the kind popularized by Google not only allows the browser to provide those same functions, but comes with a flourishing ad-based revenue model to sustain it. Gates's response is also similar in both cases: to embrace the basic idea so as to reduce the appeal of rival offerings, and then, ultimately, to use it to tie users more closely to his products. The success of that technique can be seen in the dominance of Internet Explorer, which not only replaced Netscape Navigator as the most popular browser, but managed to subvert Web standards to such an extent that Navigator was ultimately perceived as inferior since it was unable to work with the huge number of IE-specific sites. One lesson to be learned from this history is that Microsoft should never be underestimated, even perhaps especially - when it seems to be wrong-footed and forced to adopt technologies that apparently threaten its empire. Fear has always given the company focus. The new Windows Live system may look innocuous and even conciliatory it can not only be accessed from GNU/Linux machines, but also explicitly supports Firefox - but the back-end hooks into Microsoft's products are likely to be deep. The second and probably more important lesson to be drawn is that the much talked-about Google Office service if and when it does come is not going to be the Microsoft Office killer that many seem to imagine. Whatever Google or anyone else might do in this sphere, Microsoft can simply match it, at least in terms of functionality. But one thing that Microsoft is unlikely to offer is support for truly open file formats, its recent announcement of the "open standardization" of Office formats notwithstanding. The technical and legal details of this will need to be examined closely to see whether it is yet another case of Microsoft apparently promising much, but in reality delivering considerably less. After all, if it did support a completely open file format, the barrier to switching to other office suites would disappear. Until the approval of the new OpenDocument Format (ODF) standard by OASIS, there were many alternatives to Microsoft's office file formats, but none around which other manufacturers or major users could rally. With ODF, there is now not only an official standard, but a real choice of software that supports (or will support) it. The key role that ODF will play in tomorrow's battles between open and proprietary approaches is already evident in the furore surrounding the Commonwealth of Massachusetts's decision to adopt ODF as an official file format. The rather forced logic of Microsoft's comments on this move is an indication of the company's difficulties in neutralizing this threat. Moreover, Massachusetts may turn out to be no simple loss of business, but a tipping point that could lead to large-scale defections from Microsoft's proprietary formats to open standards. Anyone who doubts that such a shift is possible should bear in mind that WordPerfect and Lotus 1-2-3 once dominated their respective sectors as totally as the programs that displaced them - Microsoft Word and Excel - do now. An even more serious blow to Microsoft's grip on the office market could come from Europe. The European Union (EU) is keen to promote what it calls open document exchange formats. One of its technical subcommittees approved a series of recommendations that effectively back ODF provided it becomes a recognized standard. Bizarrely, OASIS does not count as a standards body in this context, and so ODF has been submitted to the better-known International Organization for Standardization (ISO). ODF could emerge as an ISO standard sometime next year. At that point, the EU may well throw its considerable weight behind ODF by specifying it as the preferred format for public sector communications in Europe. Microsoft is acutely aware of this threat: it is no coincidence that it announced the standardization of its Office formats in Paris, not Redmond. Private sector support is gathering momentum, too. The original donor of the OpenOffice.org code, Sun, has naturally adopted ODF in its StarOffice 8.0, and also offers a grid-based service for bulk conversion of Microsoft Office documents into ODF files. Another major player in this area is IBM, which uses OpenOffice.org formats for its groupware product Workplace, likely to be the successor to Lotus Notes. The strength of both of these companies' commitment is shown by the fact that, despite their other differences, Sun and IBM jointly hosted an ODF summit at the beginning of November; those attending included Google, Nokia, Novell, Oracle and Red Hat. One of the items discussed was the creation of a formal ODF Foundation to promote the standard. An Open Document Fellowship bringing together individuals interested in the development of ODF (including the present writer) already exists. ODF is fast emerging as one of the most important recent developments in the software world had it not existed, Microsoft would surely never have embarked on its "open standardization" process. In time, its appearance in May this year might even turn out to be as pivotal as Bill Gates' Pearl Harbor Day speech. At the very least, it represents a rich new vein that can be mined by open source programmers keen to make their mark. As a young standard, there are still gaps in its software support. Items on the wish list include:
In the browser wars of the late 1990s, Bill Gates was able to wrest control of the web from Netscape because of the latter's short-sighted attempts to beat Microsoft at its own game notably by adding proprietary twists to HTML. Today, as Microsoft re-invents itself in the image of Web 2.0, the situation is rather different. The importance and power of open standards is more evident, and the free software community is no longer a small and apparently marginal group but, instead, the most important counterpoise to Microsoft, well placed to resist any moves to "de-commoditize" key technologies like Ajax. And this time, there is a chance to go on the offensive. The open source world has long had the desire to end Microsoft's dominance on the desktop; with ODF not GNU/Linux, as many have believed it may finally have the means. (Glyn Moody is author of Rebel Code: Linux and the open source revolution.).
A SonyBMG updateOne might think that the SonyBMG rootkit story would start to fade away, but that is not, yet, the case. Here's an update on the last week's developments.Those of you who have not yet read Bruce Schneier's Wired article on this episode may want to give it a look. He points out that one might have reasonably expected all of those security and anti-virus companies to say something about SonyBMG's software, given that it has been in circulation for over a year, has arguably infected hundreds of thousands of computers, and even phones home. Most of these companies have yet to explain why they missed such an obvious security compromise for so long. Meanwhile, the EFF has launched a class-action suit against SonyBMG. As Ed Felten points out, the EFF is taking an interesting approach by putting the spotlight on SonyBMG's other DRM software: Sunncomm's MediaMax. MediaMax lacks some of the rootkit features found in XCP, but it is still highly unpleasant software which, among other things, phones home.
Worse yet, one component of MediaMax, a system service called
sbcphid, is loaded into memory and ready to run at all times, even
when there is no disc in the CD drive and no music is being
played. And it runs as a kernel process, meaning that it has access
to all aspects of the system. This is another component that can
only add to security risk; and again the user has no choice.
Widening the focus to other invasive DRM software is an important step to take if we want to win the larger battle, rather than just punishing SonyBMG for the XCP episode. The state of Texas has also filed suit, charging SonyBMG with violations of the Texas anti-spyware act. What is perhaps most interesting - and hopeful - about this incident is how it has expanded the debate on DRM schemes. A quick news search shows just how widely the mainstream, non-technical press has covered this story. CERT has highlighted it for its November 15 Current Activity Report, offering some valuable advice: "Use caution when installing software. Do not install software from sources that you do not expect to contain software, such as an audio CD." Even the Gartner Group has chimed in, pointing out that the software is easily circumvented, and suggesting that the music industry is now likely to push (even more) for legislation requiring that DRM features be incorporated into computer products. A legislative attack seems like a fairly safe prediction - such attacks have been ongoing for some time, after all. But the climate, which was not entirely favorable to legally-mandated DRM even before, has become harsher. SonyBMG's nasty DRM code has not impeded file sharers or commercial "pirates" in any way - it was, instead, an attack on the people who chose to actually buy the CD for themselves. DRM schemes are an attack on paying customers, and those customers are now figuring that out. More encouragingly, there are occasional signs that the industry is getting a clue as well. Even more to the point, though, is that the SonyBMG rootkit has raised the question of whether we have the right to control our own computers. The nearly unanimous answer is that, yes, we have that right, and the entertainment industry cannot take that right away from us in the name of stopping copyright infringement - or, in the case of SonyBMG's software, simply keeping their customers from putting music onto their iPods. Your editor once heard Jim Gettys say, at some conference or other, that the DRM fight would be like the encryption battle: we would win, but there would be a decade or two of pain to endure first. SonyBMG, by making the issue so incredibly clear, may have done us the favor of shorting out several of those years of pain. Looking back some years from now, we might just find ourselves thanking them.
Security The Senate takes on spywareWhile some states in the U.S. have enacted anti-spyware legislation, nothing has yet happened at the federal level. That may soon change as a result of Senate bill 687, which has recently passed its first test in the Commerce, Science, and Transportation Committee. This bill, sponsored by Conrad Burns, carries the somewhat awkward title of the "Software Principles Yielding Better Levels of Consumer Knowledge Act," or "Spy block" for short. There are several parts to the proposed law:
This law, as written, is a good statement of users' rights to control their computers - as far as it goes. It is an interesting exercise to ponder how this act would apply to the SonyBMG rootkit episode. The software was not installed surreptitiously, and it's not clear that it engaged in the collection of information. Simply phoning home is not addressed by this bill, unfortunately. The law's exceptions also leave some large holes in its protection. So, despite its good intentions, the "Spy block" act is not likely to lead to much in the way of serious change.
Brief items Web Browser Developers Work Together on Security (KDE.News)KDE.News reports on a recent meeting of the security developers from the leading web browsers. "Our initial and primary focus is, and continues to be, addressing issues in PKI as implemented in our web browsers. This involves finding a way to make the information presented to the user more meaningful, easier to recognise, easier to understand, and perhaps most importantly, finding a way to make a distinction for high-impact sites (banks, payment services, auction sites, etc) while retaining the accessibility of SSL and identity for smaller organisations."
New vulnerabilities egroupware: multiple vulnerabilities
FUSE: mtab corruption through fusermount
gnump3d: insecure temp files, path traversal
inkscape: arbitrary code execution
kernel: multiple vulnerabilities
netpbm-free: buffer overflows
openswan: Denial of Service
xmail: buffer overflow
Updated vulnerabilities a2ps: input validation error
acidlab: SQL injection
bzip2: race condition and infinite loop
chmlib: several vulnerabilities
common-lisp-controller: design error
cpio: directory traversal
cyrus-imapd: buffer overflows
dia: missing input sanitizing
emacs: lisp execution vulnerability
emacs21: format string vulnerability in "movemail"
enigmail: information disclosure
enscript: arbitrary code execution
ethereal: multiple vulnerabilities
evolution: format string issues
fetchmailconf: insecure file creation
firefox: multiple vulnerabilities
flash-plugin: buffer overflow
Foomatic: Arbitrary command execution in foomatic-rip
ftpd: remote buffer overflow
gaim: buffer overflow
gdb: multiple vulnerabilities
gtk-pixbuf, gtk2: denial of service
gdk-pixbuf: multiple vulnerabilities
gedit: format string vulnerability
gettext: Insecure temporary file handling
grip: buffer overflow
groff: insecure temporary directory
gzip: arbitrary command execution
htdig: cross site scripting
imap: buffer overflow in c-client
kdebase: local root vulnerability
kdelibs: kate backup file permission leak
kernel: multiple vulnerabilities
krb5: double-free flaw
libconvert-uulib-perl: arbitrary code execution
libdbi-perl: insecure temporary file
libgadu: memory alignment bug
libgd2: buffer overflows in PNG handling
libgda2: format string vulnerabilities
libnet-ssleay-perl: weakened cryptographic operations
libpam-ldap: authentication bypass
libTIFF: buffer overflow
libungif: memory corruption
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
libXpm: new buffer overflows
lynx: arbitrary command execution
Mantis: multiple vulnerabilities
mod_python: remote access vulnerability
mysql: buffer overflow
mysql: low-impact security fix
ncpfs: multiple vulnerabilities
nfs-utils: arbitrary code execution
ntp: uses wrong gid
openssh: GSSAPI credential disclosure
openssl: protocol rollback
openvpn: format string vulnerability
pcre3: arbitrary code execution
perl: setuid vulnerabilities
perl: symlink vulnerability
php: multiple vulnerabilities
phpMyAdmin: local file inclusion and XSS
phpsysinfo: cross-site-scripting
phpsysinfo: programming errors
postgresql: database initialization errors
Pound: buffer overflow
pstotext: remote execution of arbitrary code
Py2Play: remote execution of arbitrary Python code
RAR: format string and buffer overflow
rp-pppoe, pppoe: missing privilege dropping
scorched3d: multiple vulnerabilities
smb4k: temporary file vulnerability
spamassassin: denial of service
squid: authentication handling
sudo: missing input sanitizing
sudo: race condition
sylpheed: buffer overflow
File overwrite vulnerability in tar and unzip
tcpdump: multiple DoS issues
texinfo: temporary file vulnerability
ucd-snmp: denial of service
uim: privilege escalation
unzip: race condition
up-imapproxy: format string vulnerabilities
util-linux: unintentional grant of privileges by umount
uw-imap: buffer overflow
vixie-cron: crontab allows any user to read another users crontabs
w3c-libwww: possible stack overflow
XChat 2.0.x SOCKS5 Vulnerability
xine-lib: buffer overflows
xine-ui - insecure temporary file creation
xloadimage: buffer overflows
xorg-x11: heap overflow
xpdf: buffer overflow
xpdf: denial of service
zlib: buffer overflow
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe 2.6.14.3 stable kernel release is in review as of this writing; it should be released sometime around November 25. It contains 23 patches with important fixes, most of which are in the networking subsystem.The current 2.6 prepatch is 2.6.15-rc2, released by Linus on November 19. It is mostly made up of a large pile of fixes, but there is also a big x86-64 update (including the DMA32 memory zone) which got missed for -rc1. The long-format changelog has the details. Linus's git repository contains 100 or so fixes merged since -rc2. Among them is the new VM_UNPAGED VMA feature, described below. The current -mm tree is 2.6.15-rc1-mm2. Recent changes to -mm include various memory management and memory hotplug patches, a relayfs update, a number of kernel shrinking patches from the -tiny tree, a reiser4 update, some software suspend improvements, a kdump update, and lots of fixes.
Kernel development news Dynamic USB device IDsThe market for USB devices is certainly dynamic; new gadgets are released at a high rate. Unfortunately, Linux kernels and their associated drivers are not always updated quite as quickly. The result can be that the kernel fails to recognize and drive a new gadget, even though existing drivers may be entirely capable of doing the job. The driver simply does not know that the device is one it can handle, so the kernel does not bind the two together.Greg Kroah-Hartman has posted a simple patch which should help fix this situation. With the patch in place, each USB driver gets a new sysfs attribute (new_id). If a system administrator writes two values (the vendor and product ID numbers reported by the device) to that attribute, those numbers form a new device ID associated with the driver. Immediately after the write, the driver will recognize the device, and everybody will be happy. No changes to the drivers themselves are necessary. Of course, one could create confusion by associating a device with an inappropriate driver, but a bit of attention should suffice to avoid that problem. This patch came out a bit late for 2.6.15, so it is more likely to show up in 2.6.16 or thereafter.
Making notifiers safeThe kernel contains a mechanism, called "notifiers" or "notifier chains," which allows kernel code to ask to be told when something interesting happens. A number of notifier chains are currently in use in the kernel; chains exist for memory hotplug events, CPU frequency policy changes, USB hotplug events, module loading and unloading, system reboots, network device changes, and more. Notifiers are a simple and easy way to get the word out, so they are increasingly being used throughout the kernel.The interface to notifiers is simple. There is one structure type:
struct notifier_block
{
int (*notifier_call)(struct notifier_block *self,
unsigned long event, void *data);
struct notifier_block *next;
int priority;
};
A notifier chain is thus a simple, singly-linked list with no separate head. A kernel subsystem which wishes to be notified of specific events fills out a notifier_block structure and passes it to:
int notifier_chain_register(struct notifier_block **chain,
struct notifier_block *notifier);
The chain is kept sorted in increasing priority order. Sending out an event is a matter of calling:
int notifier_call_chain(struct notifier_block **chain,
unsigned long event, void *data);
Notifiers registered in the chain will be called, in increasing priority order, with the given event and data values. Any notifier can return a value with the NOTIFY_STOP_MASK bit set, with the result that no further notifiers will be called. The return value from the last notifier is return from notify_call_chain(). In some cases, the combination of NOTIFY_STOP_MASK and the return value is used to allow notifiers to veto proposed actions. The current notifier implementation is quite simple, not much more than one page of code. Alan Stern recently noticed a little problem, however: notifier_call_chain() goes through the list without any sort of locking. Changes to the notifier list are protected by a global notifier lock, but that lock is ignored when notifiers are called. Thus, if notifier_call_chain() is called while some other part is adding or removing notifiers, a mess could result. One might be tempted to fix the problem by simply acquiring the lock in notifier_call_chain(), but life it not so simple. The current lock for notifiers is a spinlock, but, as it turns out, some notifier functions can sleep. So holding the lock while calling notifiers is not possible. Switching the lock to a semaphore is also out for similar reasons: some notifier chains can be called from atomic contexts. So a more complicated fix is called for. That fix has been posted by Chandra Seetharaman. It appears that notifier chains have to be split into two types: those which can sleep, and those which are entirely atomic. A new notifier_type enum has been created with two values: ATOMIC_NOTIFIER and BLOCKING_NOTIFIER. There is also now an explicit type (struct notifier_head) for the head of a notifier chain. Chains are now declared with something like:
NOTIFIER_HEAD(name, type);
Some new rules have been adopted for notifiers as well; one of those is that notifiers are only added or removed in non-atomic context. With that rule in place, each notifier_head structure can contain a semaphore (an rwsem, actually) which protects access to the chain. The new registration function is:
int notifier_chain_register(struct notifier_head *chain,
struct notifier_block *notifier);
Addition of a notifier is relatively easy to do in a safe manner. The "next" pointer in the new entry is set first, followed by the "next" pointer in the appropriate place in the list. By throwing in some memory barriers, the patch ensures that the chain is always in a consistent state. The new form of notifier_call_chain() is:
int notifier_call_chain(struct notifier_head *chain,
unsigned long event, void *data);
If the chain is of the BLOCKING_NOTIFIER variety, notifier_call_chain() can simply acquire the chain semaphore and call the notifiers safely. Acquiring the semaphore is not possible for ATOMIC_NOTIFIER chains, however, so, in that case, the code simply calls rcu_read_lock() to ensure that it will not be preempted while calling the notifiers. The new prototype for the unregistration function is:
int notifier_chain_unregister(struct notifier_head *chain,
struct notifier_block *notifier);
For blocking chains, removal of notifiers is straightforward; the code can simply acquire the semaphore and do its work knowing that nobody else will be traversing the chain. For atomic notifiers, however, notifier_call_chain() does not acquire the semaphore, so the possibility of races is real. Removing the notifier from the chain is still straightforward: a single pointer assignment takes the notifier out in an atomic manner. But code in another processor may have stumbled across that notifier before it was removed from the chain; in that case, it may still have a reference to it. So the destruction of the removed notifier must wait until the kernel can be sure that no references remain. This is just the sort of situation that the read-copy-update (RCU) mechanism was created for. In many applications, the way to destroy this structure would be to set up an rcu_head structure, pass it to call_rcu(), and wait for a callback to finish the job. In this case, however, callers to notifier_chain_unregister() are not expecting callbacks later on, and, in any case, notifier removal is not a performance-critical operation. So the unregister code simply calls synchronize_rcu() to block until all current RCU read locks have been released. Once synchronize_rcu() has returned, the unregistration code can safely return as well, knowing that no references to the removed notifier exist. The new design adds one other new constraint: notifiers cannot remove themselves from the chain. Both the use of the semaphore and the use of RCU would lead to deadlocks in that situation, resulting in developer notifications by way of bugzilla and annoyed email.
PG_reserved, VM_RESERVED, and VM_UNPAGEDThe page structure, used to describe the memory in the system, includes a set of flags; one of those flags is PG_reserved. For a long time, this bit has marked pages which are not part of the regular memory management regime; pages so marked include the kernel text (which really should not be swapped out) and the I/O memory in the legacy ISA hole at 640K. Occasionally, device drivers have explicitly set the reserved bit on ordinary memory so that it could be mapped into user space with remap_pfn_range(). This technique has been discouraged for years, but still persists in spots.The 2.6.15 kernel removes, for all practical purposes, the reserved bit. Space for page flags is tight, and it was figured that, in 2.6, this bit was no longer needed. The page reclaim code no longer cycles through the system memory map, so it does not need this bit to know which pages to avoid. For the other uses, the VM_RESERVED bit in the vm_area structure could be used instead. So, in 2.6.15-rc2, the PG_reserved bit is (almost) ignored, and the kernel respects VM_RESERVED by not freeing pages found in areas with that bit set. Unfortunately, it seems a number of drivers set VM_RESERVED for all VMAs which are mapped into user space. Some of these areas are actually normal memory pages, which the driver maps into the process's address space one-by-one when its nopage() function is called. Hugh Dickins noticed that, in this case, those pages will never be returned to the system, since the VM_RESERVED flag prevents them from being freed. The right fix for the problem is probably to get rid of VM_RESERVED altogether; its use is mostly a legacy from the 2.4 days. But going into a bunch of drivers and tweaking their memory management code when this kernel is already at a -rc2 release looks like a certain way to introduce obscure bugs. So Hugh decided to go in and make fundamental changes to the low-level memory management code instead. The result is a new VMA flag, VM_UNPAGED. This flag says, explicitly, that the pages in this VMA are not to be managed, and in particular, should not be freed. It essentially takes over the meaning previously held by VM_RESERVED, but in an arguably better-defined manner. Calls to remap_pfn_range() will cause the VM_UNPAGED flag to be set. But areas of RAM managed by a driver nopage() function will not have VM_UNPAGED set, so their memory will be managed normally. Various other subtleties, such as what happens when a process with VM_UNPAGED VMAs forks, had to be dealt with. But the end result of all this work should be that things function again, with no driver changes. At some point, the use of VM_RESERVED in drivers may be taken out, but that's a post-2.6.15 thing. Meanwhile, one other interesting result of the PG_reserved removal is that remap_page_range() can now be used to remap any set of addresses, not just those marked reserved.
Patches and updates Kernel trees
Build system
Core kernel code
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Architecture-specific
Miscellaneous
Page editor: Jonathan Corbet Distributions New Releases Gentoo Linux 2005.1-r1 releasedThe Gentoo Release Engineering team has announced Gentoo Linux 2005.1-r1. "The 2005.1-r1 release is simply a media refresh over the 2005.1 release. What this means is that it used the same base snapshot, and has very few changes. It is essentially nothing more than a bug-fix release. Though offered to all architecture teams, only a few had bugs that were large enough to warrant an interim release before 2006.0's release next year. This media refresh is only of stages and the InstallCD images. The PackageCD images from 2005.1 are still valid and have not been rebuilt."
Ubuntu releases Flight CD 1Flight CD 1 is the first in a series of milestone CD images that will be released throughout the Dapper development cycle. While Flight CD 1 should be reasonably free of showstopper CD-build or installer bugs, it just might break your system. It's available in both Ubuntu (GNOME) and Kubuntu (KDE) versions, so check it out and join in the bug day, on November 24.
Aurora Sparc Linux Build-2.0 Beta2The Aurora Sparc Project has announced (click below for the announcement) the second beta of Build-2.0 with ISO images. "For those of you who have no earthly idea what I'm talking about, allow me to explain. The Aurora SPARC Project is an effort to support SPARC (32 and 64 bit) hardware on Linux. Specifically, we rebuild Fedora Core for SPARC." Build-2.0 matches fairly well with Fedora Core 3.
New Distributions ZeroshellZeroshell is a Live CD distribution aimed at providing the main network services a LAN requires. It is also available as a 128MB Compact Flash image useful if you have to boot your box from this device instead from CDROM. Zeroshell 1.0.0 is undergoing testing, with a final release expected in December 2005.
SLAMPPSLAMPP is Live CD Linux distribution that can also be installed to a hard drive. This Slackware/SLAX based distribution is designed to be used as an instant home server. SLAMPP 1.1 was recently released.
Distribution Newsletters Debian Weekly NewsThe Debian Weekly News for November 22, 2005 looks at C++ library problems in testing, a live CD for children, project leader delegations, a new debtags package search, lca05 miniconf: call for presentations, new features for the packages overview page, and several other topics.
Fedora Weekly News Issue 23The latest Fedora Weekly News covers Boston FUDCon 2006, New Features Coming in moin 1.5, Fedora netdev Kernels, First Fedora Ambassadors Meeting, Fedora Logo on distrowatch.com, New Favicon on fedoraproject.org, How to build rpm for kmenu-gnome, Building a Simple Calendar Server with Fedora, Set up the VNC Server in Fedora, Flash Player 7.0.61 Released, Firefox 1.5 RC 3 Released, and several other topics.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for the week of November 21, 2005 covers the European Gentoo Developer Conference, the removal of phpgroupware from the tree, 2005.1-r1 release for select architectures, GWN via RSS feed, and more.
DistroWatch WeeklyThe DistroWatch Weekly for November 21, 2005 is out. "There is no rest for the developers of most distributions - following new development releases of SUSE and Ubuntu last week, the first test release of Fedora Core 5 is also expected shortly. What do you think of the new Mandriva 2006 and how does it compare with other KDE-centric distributions, such as Kubuntu 5.10? A long-time Mandriva user offers his views. Also in this issue: a new release of TheOpenCD, a quick look at RR4 Linux and an observation about the changing attitude of Microsoft towards Linux. Last but not least, the GNU Image Manipulation Program, affectionately known as GIMP, is exactly 10 years old today."
Package updates Fedora updatesFedora Core 4 updates: perl (bug fixes), GFS-kernel (update to 2.6.14-1.1637_FC4 kernel), dlm-kernel (update to 2.6.14-1.1637_FC4 kernel), cman-kernel (update to 2.6.14-1.1637_FC4 kernel), gnbd-kernel (update to 2.6.14-1.1637_FC4 kernel).
Mandriva updatesMandriva Linux 2006.0 updates file (corrects x86_64 segfault) and drakxtools (bug fixes).
Trustix updatesTrustix Secure Linux has various bug fixes for: cyrus-imapd, initscripts, mailman, xinetd, ebtables, iproute, isdn4k-utils, pkgconfig, tsl-utils and atk, backuppc, bind, clamav, curl, dhcp, expat, file, fontconfig, glib12, gtk12+, gtk2+, libglade, mono, opencdk, pango, pcre, php4, samba, vim, xorg-x11.
Distribution reviews First Look At Mandriva 2006 (Mad Penguin)Mad Penguin reviews Mandriva 2006. "Mandriva (the artist formerly known as Mandrake) has always been about the desktop. Sure, they've got their enterprise products just like any other major Linux software developer, but from this author's armchair, it sure would seem their heart and soul is rooted deeply in the Linux desktop... and there's nothing wrong with that. Their French heritage shows in their passion for excellence and it hasn't gone unnoticed. After all, somebody has got to make sure the Linux desktop is on a constant upswing, right?"
Linspire Review: In The Beginning, There Was Tux (Lockergnome)Lockergnome begins a review of Linspire. "Folks, I have installed more 'easy to use' Linux distros than I'd care to mention. Many of them have outstanding installers. Xandros for instance, is very attractive to install and gives you a user-friendly feel during the install process. Linspire also provides an outstanding install outline that is both easy to use and to follow for most users. Yet unlike every other distro that I have tried to install on my notebook computer, Linspire actually detected my video card without any help from me whatsoever."
Page editor: Rebecca Sobol Development Inkscape, a Scalable Vector Graphics EditorVersion 0.43 of Inkscape, a Scalable Vector Graphics (SVG) drawing tool, has been announced. Inkscape started out as a fork of the Sodipodi project. The Inkscape project definition states:![[Inkscape]](/images/ns/inkscape.png)
Inkscape is an Open Source vector graphics editor, with capabilities similar to Illustrator, Freehand, CorelDraw, or Xara X using the W3C standard Scalable Vector Graphics (SVG) file format. Supported SVG features include shapes, paths, text, markers, clones, alpha blending, transforms, gradients, patterns, and grouping. Inkscape also supports Creative Commons meta-data, node editing, layers, complex path operations, bitmap tracing, text-on-path, flowed text, direct XML editing, and more. It imports formats such as JPEG, PNG, TIFF, and others and exports PNG as well as multiple vector-based formats.
Inkscape's main goal is to create a powerful and convenient drawing tool fully compliant with XML, SVG, and CSS standards.
A number of new features have been added to version 0.43, including:
Inkscape is easy to learn, fun to use, and well documented. Some user-contributed screenshots show a variety of the images that have been created. If that's not enough, a list of online galleries is available. A sampling of the project's documentation includes the Inkscape FAQ, online user documentation with manuals and tutorials and the book A Guide to Inkscape by Tavmjong Bah. The future of Inkscape is outlined in the project roadmap. The future point releases leading up to the 1.0 release have been well defined. If you have not tried Inkscape yet, it is definitely worth the effort. The tutorials are well written, they provide a nice jump start on the learning curve. Source code and packaged versions of Inkscape 0.43 are available here.
System Applications Clusters and Grids New version of Simple Grid ProtocolSimple Grid Protocol version 1.02 has been released, it includes new features and bug fixes. "The Simple Grid Protocol is designed to allow users on a TCP/IP network or the Internet to run programs on their computer which utilize the unused CPU resources of other computers on a network or the Internet."
Database Software Firebird 2.0 Beta ReleasedVersion 2.0 Beta of the Firebird relational database is available with many new features. "This version of Firebird 2 is an beta version, meant for field testing only and not for use in production."
MySQL 5.0.16 has been releasedVersion 5.0.16 of the MySQL database has been released. "This is a bugfix release for the current production version."
PostgreSQL Weekly NewsThe November 20, 2005 edition of the PostgreSQL Weekly News is online, take a look for new PostgreSQL database resources and articles.
Interoperability John Terpstra on Managing SambaSamba.org mentions a new series on managing Samba. "SearchOpenSource.com is running a series of articles on Managing Samba by the Samba Team's John H. Terpstra. For part one, see Windows network identity basics. Part two is on User rights and privileges. John's goal in writing this series is to: provide a better understanding of the relationship between Windows networking accounts and their equivalent on the Unix or Linux server that is running Samba."
Web Site Development Midgard 1.7.3 releasedVersion 1.7.3 of the Midgard web content management system is out. "Midgard's 1.7 branch is a major overhaul of the whole Content Management System. Besides the stable and mature Content Management features of first generation Midgard, it also ships a preview version of second generation Midgard capabilities, allowing developers to have a glimpse at the new day of Midgard2."
Building E-Commerce Sites with Handel (O'Reilly)Christopher H. Laco works with Handel on O'Reilly. "While the CPAN community has solved most of the problems quite nicely with modules like Data::FormValidator, HTML::FillInForm, DateTime, and the various FromForm/QuickForm/FormBuilder modules, I still yearned for a lightweight, straightforward shopping cart module that didn't involve installed an entire CMS or B2B solution. Thus, Handel. Later I will show you how to get a functional shopping cart up and running using no lines of code. You heard that correctly: no lines of code. Zero. None. Nada."
Desktop Applications Audio Applications amaroK Project Introduces SVN Service (KDE.News)A new Subversion server for amaroK music player sub-projects has been announced. "Are you an amaroK script developer or are you developing a KDE application that should not be in KDE's Subversion for various reasons? We have the solution. The amaroK project is proud to announce the amaroK Subversion server, a service for amaroK script developers, launched as a thank you gesture to all the supporters who donated to the project during its fundraiser. We hope this will encourage the awesome amaroK community in their extremely valuable amaroK script writing."
QjackCtl 0.2.19 releasedVersion 0.2.19 of QjackCtl, a GUI control panel for the JACK Audio Connection Kit, has been released. Changes include build improvements, bug fixes, and other enhancements.
Rivendell v0.9.60 announcedVersion 0.9.60 of the Rivendell radio automation system is out with new capabilities and bug fixes.
Desktop Environments Dropline GNOME 2.12.1 '64 drops' (x86_64) has been released (GnomeDesktop)Dropline GNOME 2.12.1 has been announced. "We are pleased to announce the release of Dropline GNOME 2.12.1 ported to Slamd64 10.2 Linux (compiled for x86_64 architecture). An ISO image is available to download through bittorrent, a direct ISO download is also available from a mirror. This is our first port to x86-64 architecture and as such there may be bugs, please report them to our bug tracking page."Also, Freerock GNOME 2.12.1 (for Slackware) is also available.
GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
de Icaza: Mono directionsMiguel de Icaza notes the Mono 1.1.10 release with a lengthy document on where the Mono project (at least, the part of it housed at Novell) plans to go from here.
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Xfce 4.2.3.2 releasedVersion 4.2.3.2 of the Xfce lightweight desktop environment is out: "A "micro" release to fix a regression in the window manager settings".
Electronics gSpiceUI 0.7.93 announcedVersion 0.7.93 of gSpiceUI, a Spice electronic simulation engine, has been announced. "Again this version has some major changes to it. The most obvious are that the main application frame is now resizable and the addition of a configuration file. Be warned, this version hasn't had much testing."
Financial Applications SQL-Ledger 2.6.3 releasedVersion 2.6.3 of SQL-Ledger, a web-based double entry accounting package, is available. See the What's New document for change information.
Games Cyphesis 0.5.3 Released (WorldForge)The WorldForge game project has announced the release of Cyphesis 0.5.3. "Cyphesis is a small to medium scale server for WorldForge games, with builtin AI. This version includes the demo game Mason which is currently in development. This release is intended for server administrators wishing to run a Mason server and World developers developing new worlds or game systems."
GUIs with pygameMarcus von Appen explains GUI selection in PyGame with this tutorial. "From time to time questions about GUI elements for pygame come up. The following sections give some links to GUI modules and libraries written for pygame and try - where possible - to give an advice to which library you should refer for your pygame project."
GUI Packages SPTK 3.0.9 releasedVersion 3.0.9 of SPTK, the Simply Powerful Toolkit, is out with new database functionality and bug fixes.
Medical Applications FreeMED 0.8.1.1 Released (LinuxMedNews)Version 0.8.1.1 of FreeMED, an open-source medical record system has been announced. "This release is a bugfix and security release before the 0.8.2 release cycle."
Music Applications GTick 0.3.7 releasedVersion 0.3.7 of GTick, a metronome application, is out with the following changes: "Fixed FreeBSD sound interface, fixed integer size for sound file playback".
PDA Software wxEmbedded - wxWidgets support for GPEA port of the wxWidgets cross-platform GUI toolkit to the GPE Palmtop Environment has been announced. "wxGPE is the port of wxWidgets to the GPE Palmtop Environment. GPE is based on X11 and the GTK+ toolkit and runs on some PDAs otherwise running Microsoft PocketPC, such as many HP iPaq devices, Sharp Zarus devices, the Nokia 770 Internet Tablet device, as well as a number of specialized handheld devices and embedded devices. wxGPE is mostly based on wxGTK, the GTK+ port of the wxWidgets C++ GUI library plus a number of adaptions to smaller screen size and other pecularities of GPE."
Web Browsers Mozilla Firefox 1.5 Release Candidate 3 Available (MozillaZine)Version 1.5 Release Candidate 3 of Mozilla Firefox is available for testing. "Like the earlier release candidates, Mozilla Firefox 1.5 Release Candidate 3 is intended to allow testers to ensure that there are no last-minute problems with the Firefox 1.5 code."
Miscellaneous Benjamin Meyer on Type Managers (KDE.News)KDE.News mentions a new article by Benjamin Meyer on Type Managers, interfaces for specific file types. "KDE developer Benjamin Meyer explains the concept of a Type Manager as a new form of specialist file manager application. "In the past few years many of us have been introduced to a new type of application, the Type Manager. There are many Type Managers out there such as digiKam and amaroK that are gaining market share and a rabid fan base of users . Type Managers seem to have that magic combinations of features that makes users love them. I have been taking a closer look at the Type Manager, what makes them so useful, what they really provide for the user and came to some surprising results." He concludes that Type Managers are part of the future of the desktop."
Languages and Tools Caml Caml Weekly NewsThe November 15-22, 2005 edition of the Caml Weekly News is out with new Caml language discussions.
Haskell Haskell Communities and Activities Report (9th ed., November 2005)]The November 9, 2005 edition of the Haskell Communities & Activities Report is online with the latest news from the Haskell community.
Java This week on harmony-devThe November 13-20, 2005 edition of This week on harmony-dev covers the latest progress on Harmony, an open-source Java implementation. "Much of this weeks discussion was a controversy about a keyword scanning tool and some legal issues. There where two code contributions this week: Mikhail Loenko contributed "security, crypto, and x-net libraries" on behalf of Intel and Zoë Slattery contributed a "perl keyword scanner and sample files"."
Python Four python-dev SummariesA group of python-dev Summaries came out this week, take a look for the Python discussions for: September 1-15, September 16-30, October 1-15 and October 16-31.
Ruby ruby/audio 0.1.0 announcedVersion 0.1.0 of ruby/audio has been announced. "ruby/audio is a library that makes dealing with audio data a little easier than it has been historically in ruby. It also wraps libsndfile, which makes reading and writing audio data a LOT easier than it has been historically in ruby."
Ruby Weekly NewsThe November 20th, 2005 edition of the Ruby Weekly News looks at the latest discussions from the ruby-talk mailing list.
Tcl/Tk Dr. Dobb's Tcl-URL!The November 21, 2005 edition of Dr. Dobb's Tcl-URL! is online with the latest Tcl/Tk development news.
XML Introducing SPARQL: Querying the Semantic Web (O'Reilly)Leigh Dodds introduces SPARQL in an O'Reilly tutorial article. "This tutorial, the first of a three-part series, introduces SPARQL -- a query language and data access protocol for the Semantic Web. SPARQL is defined in terms of the W3C's RDF data model and will work for any data source that can be mapped into RDF. The specification is under development by the RDF Data Access Working Group (DAWG) and has recently reached Last Call Working Draft."
Debuggers First release candidate for GDB 6.4 availableThe first release candidate of the GDB 6.4 debugger is available for testing. "There should be no surprise there as I have been doing nightly builds off the branch since it was created and didn't receive any build breakage incident."
Page editor: Forrest Cook Linux in the news Recommended Reading Richard Stallman's Tin-Foil Hat (Bruce Perens' Journal)Bruce Perens reports from the UN World Summit on the Information Society (WSIS) in Tunis, Tunisia. "Richard [Stallman] is opposed to RF ID, because of the many privacy violations that are possible. It's a real problem, and one worth lobbying about. At the 2003 WSIS in Geneva, there was objection to the RF ID cards that were used, resulting in a promise that they would not be used in 2005. That promise, it turns out, was not kept. In addition, Richard was given a hastily-produced ID with a visible RF ID strip. Mine was made on a longer schedule, it seems, and had an RF ID strip that wasn't visible. I knew it was there because they clearly had us put our cards to a reader at the entrance gate."
That's Linux on the Line (BusinessWeek)BusinessWeek has run an article by OSDL chief Stuart Cohen on the use of Linux in mobile phones. "But Redmond critics forget sometimes why Microsoft won. Hardware makers rushed into a market with products that were compatible with Windows. By building "open systems" on Windows, IBM, Compaq, and others were able to compete with and beat Apple on the desktop. Open won over closed. Linux holds the same promise for the mobile industry, with none of the downside. No single vendor owns Linux, so you won't hear that horrible sucking sound of all the value flowing to one monopoly operating-system supplier. What crimped innovation on the desktop will not happen with mobile phones running Linux."
Companies CMP Media Buys Black Hat (eWeek)eWeek covers the sale of Black Hat to CMP Media. "Jeff Moss has sold his Black Hat security think tank to technology publisher CMP Media LLC in a deal valued in the range of $14 million. The deal gives the Manhasset, N.Y.-based CMP Media the assets and intellectual property of Black Hat Inc., one of the most prominent security conferences on the calendar. The DefCon underground hacker meet-up, which is also owned by Moss, was not included in the deal."
Real Story of the Rogue Rootkit (Wired)Bruce Schneier writes about Sony's rootkit in Wired. "What do you think of your antivirus company, the one that didn't notice Sony's rootkit as it infected half a million computers? And this isn't one of those lightning-fast internet worms; this one has been spreading since mid-2004. Because it spread through infected CDs, not through internet connections, they didn't notice? This is exactly the kind of thing we're paying those companies to detect -- especially because the rootkit was phoning home."
Linux Adoption Linux in Italian Schools, Part 5: Slackware in Sardinia (Linux Journal)Linux Journal continues looking at Linux use in Italian schools, with this article about the island of Sardinia. "Before installing Slackware, the only free software regularly used in Villacidro ran on Windows. The school ran Firefox and, on machines with at least 64MB of RAM, OpenOffice.org. In May of this year, the situation changed completely, thanks to two separate events."
Legal Massachusetts: The ODF Battle Gets Ugly (Groklaw)Groklaw follows the OpenDocument Format adoption issue in Massachusetts. "Does it get any uglier than what we are witnessing in Massachusetts? Serial killers are worse, I grant you. But watching the politicos in Massachusetts try to kill off OpenDocument Format is surely Top Ten ugly. Guess what they are now trying? I'll refer you to Andy Updegrove's blog, where he gives us the latest icky chapter. It seems opponents of ODF have come up with a new amendment to a new bill, since they couldn't get S 2256 passed this session, and ODF has become a political football in an old-fashioned power play."
The State of Texas v. Sony BMG Music Entertainment (Groklaw)The folks at Groklaw have already posted a copy of the state of Texas's complaint against SonyBMG in text format. It charges SonyBMG with violating the state's anti-spyware act, with particular attention to the cloaking aspect of Sony's software. "Despite Sony BMGs assertions, various news sources have recently reported the spread of newly created viruses which exploit Sony BMGs cloaking technology. As a result, a consumer without knowledge of the installation of the Aries.sys file on their computer may be vulnerable to new security risks, and given the cloaked nature of these files, and the extremely burdensome impediments to removing them, that consumer may find it difficult or impossible to protect themselves from future risks."Also of interest: this BoingBoing posting suggesting that this episode might just be resulting in the acquisition of some clue by Sony's management.
Interviews People Behind KDE: Christoph Cullmann (KDE.News)KDE.News mentions the latest interview in the People Behind KDE series. "This man maintains KDE's text editor Kate and the associated KTextEditor interface. He also keeps three cats and disappears from his girlfriend for a week each year in the name of KDE. The star of tonight's People Behind KDE interview is Christoph Cullmann."
Resources CLI Magic: Simple backup is Mirdir (Linux.com)Linux.com shows how to create mirror directories with Mirdir. "Mirdir is licensed under the GPL. You can download your choice of an executable RPM, source RPM, or a source tarball. To install it on my SUSE 10 desktop box, I chose the executable RPM, used su to install as root, and entered rpm -Uvh mirdir-2.1-1.i386.rpm. On my Ubuntu Breezy machine, I decompressed the tarball, entered the Mirdir subdirectory, ran ./configure and make."
Run Python Scripts on Your Nokia Smartphone (O'ReillyNet)Here's an O'Reilly book excerpt on Python hacks for the Nokia Smartphone. "The current Nokia phones do not come with the Python runtime environment preinstalled. You have to download and install Python yourself. You can download the Python for Series 60 package from the Forum Nokia web site under the Series 60 Platform --> Tools and SDKs category. The download package is a zip file with the .sis installation files, documentation, and example code. Make sure you read the Getting Started document in the download bundle to choose the correct .sis file for your phone."
16 papers on real-time and embedded Linux (Linux Devices)Linux Devices is hosting 16 papers on real-time and embedded Linux. "LinuxDevices.com is pleased to publish the proceedings from the Seventh Real-Time Linux Workshop held in Lille, France, November 3-4, 2005, at the University for Science and Technology of Lille (USTL). The papers span a broad range of topics, ranging from fundamental real-time technologies to applications, hardware, and tools. "
Ruby the Rival (O'ReillyNet)Chris Adamson queries a number of bloggers and prominent developers about the viability of Ruby as a successor to Java. "Bruce Tate's Beyond Java argues that Java's reign as the top enterprise development language must eventually come to an end and that, for the first time in a decade, major enterprise innovation is occurring outside of the Java realm. In the book, he looks at the unique traits that has allowed to Java to achieve its unprecedented level of success, and then considers what new languages would have to do and be to succeed Java. Later chapters look at specific languages contending in this space, and clearly favors Ruby as the front-runner."
Installing and Configuring Ubuntu on a Laptop (O'ReillyNet)Jeremy Jones writes about installing Ubuntu Linux on a Dell Inspiron laptop, on O'ReillyNet. "When I received the laptop, Hoary was the current version of Ubuntu. I have since upgraded to Breezy. I popped in the Ubuntu Hoary install CD (disk 1 of 1) and powered on the machine. Of course, I had to set the BIOS to boot from CD. The installer came up and started asking me questions."
Reviews The What, Why and When of Free Software in India (Linux Journal)Linux Journal looks at the Free Software Foundation - India. "Some of the Free Software Foundation India's (FSF-India) accomplishments include helping to fight patent threats in the country and promoting the use of free software in schools, government and other cultural institutions. In mid-2005, FSF-India put together an ambitious four-nation meeting in Kerala, India, which featured representatives from Venezuela, Brazil, Italy and India."
MIT's Free Patent Online Course (Groklaw)Groklaw takes a look at an online patent course. "Dr. Robert Rines, who has been inducted into the National Inventors Hall of Fame, taught the class from his book, Create or Perish, and the book is available, by chapters as PDFs. The course homepage has a graphic showing Thomas Edison's 1879 patent application for an "Improvement in Electric Lights." The final chapter is interesting, because he talks about some of the problems with the patent system, but you know about all that already. What is probably the most valuable chapter for us to read is the one on how patent law works, chapter 3. It explains what can and can't be patented. They keep stretching that line, of course."
Page editor: Forrest Cook Announcements Non-Commercial announcements EFF: Diebold Attempts to Evade Election Transparency LawsThe Electronic Frontier Foundation (EFF) is going to court in North Carolina to prevent Diebold Election Systems, Inc. from evading North Carolina law. "EFF, with the assistance from the North Carolina law firm of Twiggs, Beskind, Strickland & Rabenau, P.A., intervened in the case on behalf of McCloy, the founder of the North Carolina Coalition for Verified Voting. In a brief filed Wednesday, EFF argued that Diebold had failed to show why it was unable to meet various new election law provisions requiring source code escrow and identification of programmers. North Carolina experienced one of the most serious malfunctions of e-voting systems in the 2004 presidential election when over 4,500 ballots were lost in a voting system provided by Diebold competitor UniLect Corp."
EFF Files Class Action Lawsuit Against Sony BMGThe Electronic Frontier Foundation (EFF), along with two class action law firms, has filed a lawsuit against Sony BMG, demanding that the company repair the damage done by the First4Internet XCP and SunnComm MediaMax software it included on over 24 million music CDs. Click below for the EFFs press release. For information on other suits against Sony see sonysuit.com.
Ask GNOME Foundation candidate questions (GnomeDesktop)GnomeDesktop.org has announced the opening of the questioning phase of the GNOME Foundation election. "Before the voting starts, a debate will happen. We usually send questions to the candidates to launch the debate. If you want to see some discussion about what is important to you, here's your chance to make it happen!"
Gartner on SonyBMGEven the Gartner Group has put out a pronouncement on the SonyBMG debacle. "After more than five years of trying, the recording industry has not yet demonstrated a workable DRM scheme for music CDs. Gartner believes that it will never achieve this goal as long as CDs must be playable by stand-alone CD players. The industry may now refocus its attention on seeking legislation requiring the PC industry to include DRM technology in its products. Gartner believes the industry would be better-served by efforts to develop solutions that use DRM as an accounting/tracking tool, rather than as a lock. This approach would enable them to move to play-based business models not tied to hardware, and to track their digital assets without complicating users' ability to move legitimately acquired content to whatever devices they choose."
Commercial announcements McAfee Protection Comes to Linux with StandGuard Anti-VirusBytware Inc. has announced a new anti-virus solution for Linux. "StandGuard Anti-Virus for Linux brings the industry-leading power of McAfee's scanning engine and the ease-of-use of the award-winning StandGuard Anti-Virus to Linux running on x86-based PCs. StandGuard Anti-Virus for Linux (x86-based PCs) allows users to detect and clean the full 150,000+ threats identified by McAfee's AVERT, a huge improvement over the 40,000 viruses that some Linux solutions promise to detect."
Cluster File Systems, Inc. Releases Lustre Version 1.4.5Cluster File Systems, Inc. has announced the free availability of their Lustre file system V1.4.5. "Cluster File Systems(TM), Inc. (CFS), the leader in high-performance parallel file systems, this week released the latest update to the open source Lustre(TM) file system. Lustre version 1.4.5, available to CFS customers since August 2005, is now available to the general public at no cost."
Macromedia Releases Second-Generation Flash Media Server (Publish)Macromedia has released their Flash Media Server 2, according to an article on Publish.com. "Flash Media Server 2 is a foundation for delivering both recorded and live Flash video in large-scale deployments such as video on demand, live Web broadcasts, MP3 streaming, video blogging and video/audio chat applications, the company added. "Flash allows a publisher complete creative control over a piece of work," Chris Hock, Macromedia's director of product management for Flash video, told Ziff Davis Internet. "Because Flash just works across all platformsWindows, Linux, Mac, all of themthey can just QA it once and know it'll look good everywhere it's used.""
Novell Appoints Dr. Jeffrey Jaffe as Executive Vice President and CTONovell, Inc. has announced that Dr. Jeffrey Jaffe has been appointed executive vice president and chief technology officer for Novell. "Dr. Jaffe, 51, brings unparalleled technology and business experience from over 25 years at IBM and Lucent Technologies. He will be responsible for Novell's technology direction, as well as leading Novell's product business units. He will report to Ron Hovsepian, president and chief operating officer, Novell."
Eclipse CDT Gains Momentum, Sets PrioritiesQNX Software Systems has announced a set of development objectives for their CDT code base. "QNX Software Systems, the company leading the C/C++ Development Tools (CDT) project on behalf of the Eclipse Foundation, today announced the development objectives set by the contributing members at the CDT Contributors Summit held last month. The CDT team agreed upon several priorities for the next release of the CDT code base, including improved build management and debugging. A new indexer, called the Persisted Document Object Model (PDOM), will also be developed to improve system performance."
Sun Announces Support for Postgres Database on Solaris 10Sun Microsystems, Inc. has announced that it will be distributing, integrating and supporting (but not correctly spelling) the PostgreSQL database in Solaris 10. "Today Sun announced that it will be integrating the Postgres open source data base into the Solaris 10 OS and providing world-wide 24x7 support for customers who wish to develop and deploy open source database solutions into their enterprise environments. Sun is working with the PostgresSQL community to take advantage of the advanced technologies in the Solaris 10 OS, such as Predictive Self-Healing, Solaris Containers and Solaris Dynamic Tracing (DTrace)."
New Books Phishing Exposed--latest from SyngressSyngress has published the book Phishing Exposed by Lance James.
Essential PHP Security - O'Reilly's Latest ReleaseO'Reilly has published the book Essential PHP Security by Chris Shiflett.
Tips and Tools for Podcasting Like a Pro--O'Reilly's Latest ReleaseO'Reilly has published the book Podcasting Pocket Guide by Kirk McElhearn, Richard Giles and Jack D. Herrington.
Sams Publishing Publishes First Book on SUSE Linux 10Sams Publishing has published the book SUSE Linux 10 by Mike McCallister.
Twisted Network Programming Essentials - O'Reilly's Latest ReleaseO'Reilly has published the book Twisted Network Programming Essentials by Abe Fettig.
Signate Announces Second Edition of VoIP Telephony with AsteriskSignate has published the book VoIP Telephony with Asterisk, second edition by Paul Mahler.
Resources EFF: Guide for Student Bloggers Helps Kids Speak OutThe Electronic Frontier Foundation has announced a new guide to student blogging. "Just what are students allowed to publish about their school, their teachers, and their classmates? The Electronic Frontier Foundation (EFF) released a guide to student blogging Friday to help kids learn about their rights and how to defend them. These are important issues for millions of students: a study this month by the Pew Internet & American Life Project says approximately 4 million teens keep a blog."
Wireless HotSpot HowToA new Wireless HotSpot HowTo is available. "Yunus Bookwala has published a tutorial dealing with setting up a WLAN HotSpot on a Linksys WRT54GS router using OpenWrt, ChilliSpot, and FreeRadius."
Contests and Awards BitMover's open source awards programBitMover, the company behind BitKeeper, has announced an "open source awards program." The first recipient is Joe English, for his work on the Tile project.
GIMP 10th Anniversary Splash ContestA new GIMP splash screen contest has been announced. "It is GIMP's Tenth Anniversary and close enough to the time for the 2.2.10 release of stable GIMP making it a very good time for a splash contest. This contest is very simple. We are collecting images with tutorials and when it is all done, the GIMP's Lead Developers will pick the one they find most appropriate."
PathScale EKOPath Compiler Suite Receives Three SC05 AwardsPathScale, Inc. has announced the winning of three HPCwire 2005 awards for its EKOPath Compiler Suite. "The PathScale EKOPath Compiler Suite won the Editors' Choice award for the "Most Significant New HPC Software Product for 2005," and both the Readers' and Editors' Choice Awards for the software product with the "Best Software Price Performance.""
Education and Certification Linux Professional Institute exceeds 100,000 examsThe Linux Professional Institute has announced that it has now given over 100,000 Linux certification examinations. That is double the total from one year ago.
Event Reports First O'Reilly European Open Source Convention Wrap-upO'Reilly presents a wrap-up of the First Annual O'Reilly European Open Source Convention. "Nearly 500 developers, programmers, hackers, and systems and network administrators attended tutorials, sessions, on-stage discussions, informal events, and hallway conversations focusing on almost every aspects of the open source platform."
Upcoming Events openlab openday (london)The next openlab openday will be held on December 11, 2005 in London, England. "In the past year, openlab has been a self sufficient project driven by like minded people to promote and demonstrate the use of open source free software in the context of real-time audio/visual performance practice. We have organized live performances, workshops, a radio show and various other activities. Of course, we also enjoyed our meetings and drinking beers;)"
ShmooCon 2006 - Washington DCShmooCon 2006 will be held in Washington, D.C. on January 13-15. Event tracks include Break It!, Build It! and Bof It!.
SNORT Video ConferenceA SNORT video conference has been announced by the folks at Irvine Underground. "We will be having a Video Conference with SNORT Lead Developer, Marc Norton at our next meeting in Irvine, CA on December 9th." Snort is an open-source network intrusion prevention and detection system.
Events: November 23, 2005 - January 18, 2006
Web sites ganfyd: Medical Reference Wiki (LinuxMedNews)LinuxMedNews has an announcement for the new ganfydd site. "ganfydd is a qualified medical reference wiki established in the UK. It uses the Mediawiki software and has a variant Creative Commons content licence."
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||