LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for April 20, 2006Guides to the patent commonsOSDL has recently released two documents aimed at helping free software developers who wish to make use of software patents which have been made put into a patent commons. They are (both in PDF format):
The Overview document provides a brief introduction to the legal theory behind patent infringement and talks about the various ways in which people can get in trouble for using patented technology. The core bit of advice would appear to be "know what the covered patent provides and do not go beyond it." Thus, for example:
Another affirmative act that may serve as a basis for patent
infringement liability is improving on patented technology the
alleged infringer is legally entitled to use, yet the improvements
are already patented.
The paper describes just how easy it is to get into trouble, even when using technology which, it seems, is covered by a patent which has been donated to the community:
A patent grants the right to exclude others from a particular area
of claimed technology, but does not confer the right to practice an
invention.... If, for example, Patent A claims a method of using a
particular algorithm with a particular type of processor, and
someone legally entitled to use Patent A tries to improve the
scalability of the algorithm so that it can be used with a second
processor, it is possible that a second patent, Patent B, already
claims this improvement. The result is that someone legally
entitled to use the Patent A must obtain a license to use the
technology claimed in Patent B, and an individual entitled to use
the technology claimed in Patent B must obtain a license to use the
technology claimed in Patent A.
Software patents, in other words, are dangerous territory, and even having the license to use a particular patented technology does not really mean that using that technology is safe. But we already knew that. The developer's guide is similar, in that it advocates understanding what is truly covered by a patent and not exceeding that patent's claims. Specifically:
Guideline 3: Developers should only use the technology in the way
described in the pledged patents, staying within the scope of
technology claimed. Developers should not assume that patented
improvements to the technology claimed in the patents have also
been pledged to the Patent Commons. Improvements are, by
definition, distinct from the contributed patents and may, in fact,
already be patented by someone else who has not made a pledge to
the Patent Commons. A search of patents for any improvements (when
you know you want to improve upon a pledged patent) is advisable.
It also suggests being clear on how any patent donation might be terminated in the future. This can only be good advice; a "patent pledge" which can vanish in the future is not worth a whole lot. For developers, however, the best information to be found in these documents may not be quite what its authors had intended. From the Overview:
In sum, the more an alleged infringer knows about a patent that is
claiming the technology of a product that she is making, using or
selling, the greater the likelihood that she will be liable for
damages for patent infringement.
Ignorance, sometimes, is bliss. That is why Linus Torvalds discouraged looking at patents back in 2002:
The fact is, technical people are better off not looking at
patents. If you don't know what they cover and where they are, you
won't be knowingly infringing on them. If somebody sues you, you
change the algorithm or you just hire a hit-man to whack the stupid
git.
The fact of the matter is that all of the discussion in these documents of "relying on pledged patents" to "innovate safely" is pretty well useless for developers. A patent pledged for use in free software is much like a single mine removed from a minefield. It is a good thing, but it does not make the field much safer to walk across. The existence of the patent commons does not change the nature of the minefield. Any developer who tries to "innovate safely" by restricting work to algorithms covered by pledged patents - while carefully avoiding improving on those algorithms in any way - will be unable to innovate and will be no safer. The range of algorithms covered by software patents in the U.S. (and elsewhere) is astounding; there is no way to write any sort of non-trivial program without infringing on at least a few of them. The patent commons will not change that situation in any useful way; it is not something upon which developers can rely. Where pledged patents may be more useful is with organizations like the Open Invention Network (discussed here last week) which can use patents offensively against those who attack the free software community. But the real solution is to fix the legal system and - in parts of the world which do not currently recognize software patents - keep it from becoming broken. As long as the system empowers and encourages patent trolls, there will be patent trolls, and a few "maybe safe if you do not try to improve on them" patents in a patent commons will not discourage them. So, while the new documents can provide some useful insights into the hazards of software patents, no developer should, after having read those documents, feel any safer.
Rockbox's jewelsLWN readers are familiar with Rockbox; this project (which has developed free firmware for a number of digital audio players) has been mentioned here several times, and was reviewed in detail last January. Since Rockbox operates in the sensitive area of media playback, it is not entirely surprising that the project has managed to attract an unpleasant cease-and-desist note from an outside party. It is surprising, however, that the dispute involves jewels.In particular, the Rockbox developers have received a notice from a manager at PopCap Games, the makers of "Bejeweled." He came out swinging:
The game PluginJewels, for use on RockBox and available at
http://www.rockbox.org/twiki/bin/view/Main/PluginJewels, is a
blatant copyright violation of Bejeweled, the popular match-three
game owned by my company, PopCap Games, Inc., of Seattle,
Washington, USA. I am writing to you to demand that you remove
PluginJewels from www.rockbox.org and all other sites where users
may download this game for the Rockbox, no later than April 30,
2006. PopCap Games takes seriously all copyright and trademark
violations of our games and, if necessary, we will enforce our
rights to the fullest extent of the law.
The initial reaction is best described as "befuddled"; the "Jewels" game found in Rockbox contains no code or other materials from PopCap's game, so it is hard to see where the copyright violation might come from. A subsequent message makes things more clear, however; PopCap takes issue with the jewel icons used in Jewels. It is, says PopCap, "obvious that someone on the PluginJewels team ripped the graphics from one of the Astraware-licensed versions of our game."
The message from PopCap makes it clear that the game itself is not a problem; it states that "non-infringing gem art needs to be substituted for the infringing gem art." So not only is Rockbox not threatened, but even the "Jewels" game should be safe. All that is required is to replace the artwork with something seen as being non-infringing. Jewels would be the same game if users were matching penguins, mathematical symbols, or mug shots of SCO executives. But even a change of that magnitude is not required; PopCap only wants "non-infringing gem art." The Rockbox developers have not, as of this writing, decided how they will respond to this request. None of them seem to think they have actually infringed upon PopCap's copyrights. But, says Daniel Stenberg:
However, I don't think we'd lose anything by being "soft" and
simply modify our jewels somewhat so that they don't look so
similar to their versions, just to be nice.
That seems like it could be a reasonable solution to the problem. There appears to be a number of people, however, who oppose making any changes to appease PopCap. Their position is that Rockbox has done nothing wrong, has violated no copyrights, and that to give in to this sort of demand would be an invitation to others who would harass the project with infringement claims. They would rather tell PopCap to simply take a hike. A smaller group suggests that, since Gwled provided the artwork under the GPL, (1) Gwled has stated that it has the right to distribute that artwork, and (2) PopCap should be sent over to present its claims to the Gwled developers. There would appear to be little support for the idea of simply dumping the problem onto another GPL-licensed project, however. Rockbox may well be in the right on this issue, and it may well be that, legally, the project is under no obligation to change anything. It may also well be that the project could find itself having to argue that point in court. The free software community faces a wide variety of legal challenges, with others certainly to come in the future. We should pick our battles carefully. The Rockbox developers will have to make their own decision in this case; in so doing, they will want to consider whether the goals of the project are truly served by taking a hard-line stand over a set of little jewel icons.
Some notes on Linux and free driversThe good folks at ZDNet have been doing their best to stir up the proprietary driver debate over the last week. Things got started with this article containing a classic quote:
For Nvidia, intellectual property is a secondary issue. 'It's so
hard to write a graphics driver that open-sourcing it would not
help,' said Andrew Fear, Nvidia's software product manager. In
addition, customers aren't asking for open-source drivers, he
said.
The first part seems better suited to somebody holding a management post at SCO. Free software developers have created a system which scales from tiny embedded systems to supercomputers. Their work powers much of the net. When given the necessary information, free software developers are able to support new hardware more quickly than anybody else. But, it seems, they are not up to the task of writing a driver for a graphics adapter. It is true that contemporary graphics cards are complicated devices. They are usually the most powerful processor in the system, and they have all kinds of strange timing and memory management issues. But the idea that the developers who built an entire free system would be stymied by the complexity of a graphics adapter would be insulting if it weren't so comical. The claim that customers have not been asking for free drivers is more discouraging, as many, many Linux users have been very clear about their wishes for years. Nvidia knows that there is demand for free drivers out there; it simply chooses to ignore that demand. Perhaps when Nvidia's real customers - large system integrators - start to complain, the message will be heard. To that end, those of us who buy systems need to insist that they come with fully free software. The vendors who sell "Linux-installed" systems with proprietary drivers, ndiswrapper, etc. are not really helping. When those vendors understand that their customers want free systems, they will, in turn, put pressure on their suppliers. From there, ZDNet columnist John Carroll was shocked to learn that Linux lacks a stable kernel API.
ATI may claim that they accept the fluidity of the kernel interface
"as part of our day-to-day responsibilities in Linux," but I bet
that is said through clenched teeth after months trying to get a
driver to work across distributions.
Fragmentation didn't work for old-school Unix. Linux solved the structural issue by providing a level of consistency made possible through use of the GPL. It's worth remembering that before attempting to justify an unjustifiable lack of a consistent Linux kernel interface. This discussion misses the point entirely. The way to get a driver to work across distributions is to get it into the mainline kernel. Then it will work across distributions - more distributions than any company could ever support - and across architectures as well. When the company abandons the driver in favor of next year's products, it will still work. When a security problem comes up, it will be fixed. And there will be no "fragmentation" problems. There are a lot of other reasons for insisting on free drivers - see this article from last November for a more thorough discussion. There also is no defensible reason for keeping hardware programming information secret. True competitors will reverse engineer the hardware anyway, and no hardware company makes its money by selling device drivers. Hardware manufacturers in many areas have figured this out, with the result that Linux has outstanding support for their products. Hopefully the remaining holdout vendors will catch on, soon, that there is a large and growing market waiting for them.
Security New Mozilla troublesThe Mozilla Foundation has owned up to a new list of vulnerabilities in its code; these holes open up the frightening prospect of arbitrary code execution by remote attackers. Any system running Firefox, Thunderbird, SeaMonkey, or anything based on the underlying Mozilla components (RSS aggregators) may be vulnerable, and should be looking for updates. Here's what has been turned up:
Disabling JavaScript should protect against the first set of vulnerabilities, but will do nothing for the rest of them. The only way to protect against the full set is to update the software; new versions are available from Mozilla. For distributor updates, see the LWN vulnerability entry. A list of remotely-exploitable vulnerabilities this long is worrisome, especially when it refers to a package as popular as Firefox. This browser has gained millions of users; its reputation for better security is one of the reasons for this success. But a single, widespread exploit of a Firefox vulnerability could set things back in a hurry. Unfortunately, it would seem that such an exploit is bound to happen, sooner or later. A web browser is a seriously complex piece of code which is simultaneously exposed to potentially hostile input from the net and used for tasks requiring a high degree of trust - working with financial sites, for example. Why should an attacker bother with phishing when a browser vulnerability can enable the installation of a keystroke logging "extension"? There can be no doubt that attackers will be tempted by a potential payoff of that magnitude. We must hope that the security fixes will continue to reach us ahead of the attackers. (See also: the CERT advisory for these vulnerabilities).
New vulnerabilities bsdgames: buffer overflow
fcheck: insecure temporary file
firefox: multiple vulnerabilities
gdm: improper file permissions
Updated vulnerabilities ADOdb: PostgresSQL command injection
apache: cross-site scripting
blender: integer overflow
bzip2: race condition and infinite loop
ktools: buffer overflow
clamav: multiple vulnerabilities
cpio: arbitrary code execution
crossfire: arbitrary code execution
curl: heap-based buffer overflow
dia: buffer overflows
doomsday: format string vulnerability
emacs21: format string vulnerability in "movemail"
enscript: arbitrary code execution
fetchmail: multidrop bug
Foomatic: Arbitrary command execution in foomatic-rip
freeradius: authentication bypass
gdb: multiple vulnerabilities
gedit: format string vulnerability
gnupg: incorrect signature verification
grip: buffer overflow
gzip: arbitrary command execution
horde: two remotely exploitable vulnerabilities
ipsec-tools: denial of service
kdebase: local root vulnerability
kdelibs: kate backup file permission leak
kernel: multiple vulnerabilities
kernel multiple vulnerabilities
libapreq2: algorithm weakness
libgadu: memory alignment bug
libgd2: buffer overflows in PNG handling
libimager-perl: denial of service
libpam-ldap: authentication bypass
libpng: heap based buffer overflow
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lynx: arbitrary command execution
mailman: denial of service
mozilla: multiple vulnerabilities
Mozilla Thunderbird: remote code execution and DoS
mplayer: integer overflows
MySQL: logging bypass
nbd: arbitrary code execution
ncpfs: multiple vulnerabilities
ntp: uses wrong gid
openmotif: buffer overflows
OpenSSH: double shell expansion
openvpn: arbitrary code execution
perl: setuid vulnerabilities
phpbb2: multiple vulnerabilities
phpMyAdmin: multiple vulnerabilities
plone: unauthorized access
pound: HTTP Request Smuggling Attack
Py2Play: remote execution of arbitrary Python code
scorched3d: multiple vulnerabilities
squirrelmail: multiple vulnerabilities
sudo: vulnerability via scripts
tetex: integer overflows
texinfo: temporary file vulnerability
tin: buffer overflow
unzip: long file name buffer overflow
w3c-libwww: possible stack overflow
webcalendar: multiple vulnerabilities
xine-ui - insecure temporary file creation
xloadimage: buffer overflows
xpdf: buffer overflow
xpdf: potential vulnerabilities
xpdf: denial of service
xpdf: integer overflows
xscreensaver: possible password exposure
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current stable 2.6 release isThe current 2.6 prepatch is 2.6.17-rc2, announced by Linus on April 18. There's a lot of fixes in this release, but it also contains a simplified form of the scheduler starvation avoidance patch, some tweaks to the memory overcommit algorithm, the removal of the obsolete blkmtd and qlogicfc drivers, the removal of the unmaintained Sangoma WAN drivers, the splice() and tee() system calls, and pollable sysfs attributes. See the long-format changelog for the details. For the record, it is worth noting that the prototypes for the splice() methods in the file_operations structure have changed again. This week's version:
ssize_t (*splice_write)(struct pipe_inode_info *pipe, struct file *out,
loff_t *offset, size_t len, unsigned int flags);
ssize_t (*splice_read)(struct file *in, loff_t *offset,
struct pipe_inode_info *pipe, size_t len,
unsigned int flags);
The offset parameter, describing where in the stream I/O should start, is new. A few dozen patches (all fixes) have been merged into the mainline after the -rc2 release. The current -mm tree is 2.6.17-rc1-mm3. Recent changes to -mm include an ACPI dock driver, i2c virtual adapter support, a number of memory management tweaks, a trusted platform module (TPM) driver update, and a new version of the zlib library.
Kernel development news Quotes of the week
I don't think anyone is smart enough to configure Apache with
SELinux. I've installed Apache maybe 20 times in my life, which is
plenty, and I eventually realized it was SELinux and just turned
the damn thing off after an hour of trying to fix it.
-- Dave Aitel
Keep in mind as well that SELinux "complexity" is purely a
reflection of complexity in Linux; SELinux just exposes the
existing interactions and provides a way to control them. The
SELinux mechanism itself is fairly simple.
Virtual timeThe developers interested in containers and virtualization have discussed interfaces to virtualize access to a number of system resources. None, however, have talked about virtualizing access to the system time. Until now, that is. With Jeff Dike's time virtualization patches any process tree can have its own idea of what time it is.Jeff's patch adds a new "time namespace" structure to the task structure. By default, all processes share the normal host system's idea of time. But a new option (CLONE_TIME) to the unshare() system call allows a process to disconnect from the system time. After such a call, that process - and any children it creates - will be able to keep its own time value. Setting a virtualized time value is, unlike changing the normal system time, an unprivileged operation. Internally, a virtualized time is stored as a simple offset; whenever a process requests the current time, the offset is added to the the current system time and the sum is returned. This approach has the advantages of being simple and fast; a process running with virtualized time also does not give up time adjustments made, for example, by NTP. On the other hand, this implementation does not support the ability to confuse processes by messing deeply with their idea of time - running time at a different rate, for example, or even backward. Chances are that this omission will not upset more than a small percentage of potential users of virtualized time, however. Jeff's purpose is to speed up the gettimeofday() system call in User-mode Linux instances. If the kernel allows process subtrees to have their own time values, then User-mode Linux can simply use the host's gettimeofday() call, rather than intercepting that call and implementing it itself. Since gettimeofday() is one of the most frequently-used system calls, this optimization can make a significant difference. One other change is required, however, for User-mode Linux to get the benefit from this change. UML performs much of its process control using ptrace(); in particular, it intercepts and interprets system calls with the PTRACE_SYSCALL operation. What is really needed for a fast gettimeofday() is the ability to not intercept that particular call. So Jeff's patch also extends ptrace() by adding a PTRACE_SYSCALL_MASK operation. This new operation can set a bitmask indicating which system calls should be intercepted, and which should be executed without stopping. The result, with a suitably patched UML, is a gettimeofday() call which runs at about 99% of the native process speed. That may well be good enough to make this patch a piece of the growing set of interfaces supporting virtualization and containers.
write(), thread safety, and POSIXDan Bonachea recently reported a problem. It seems that he has a program where multiple threads are simultaneously writing to the same file descriptor. Occasionally, some of that output disappears - overwritten by other threads. Random loss of output data is not generally considered to be a desirable sort of behavior, and, says Dan, POSIX requires that write() calls be thread-safe. So he would like to see this behavior fixed.Andrew Morton quickly pointed out the source of this behavior. Consider how write() is currently implemented:
asmlinkage ssize_t sys_write(unsigned int fd, const char __user *buf,
size_t count)
{
struct file *file;
ssize_t ret = -EBADF;
int fput_needed;
file = fget_light(fd, &fput_needed);
if (file) {
loff_t pos = file_pos_read(file);
ret = vfs_write(file, buf, count, &pos);
file_pos_write(file, pos);
fput_light(file, fput_needed);
}
return ret;
}
There is no locking around this function, so it is possible for two (or more) threads performing simultaneous writes to obtain the same value for pos. They will each then write their data to the same file position, and the thread which writes last wins. Putting some sort of lock (using the inode lock, perhaps) around the entire function would solve the problem and make write() calls thread-safe. The cost of this solution would be high, however: an extra layer of locking when almost no application actually needs it. Serializing write() operations in this way would also rule out simultaneous writes to the same file - a capability which can be useful to some applications. So some developers have questioned whether this behavior should be fixed at all. It is not something which causes problems for over 99.9% of applications, and, for those which need to be able to perform this sort of simultaneous write, there are other options available. These include user-space locking or using the O_APPEND option. So, it is asked, why add unnecessary overhead to the kernel? Linus responds that it is a "quality of implementation" issue, and that if there is a low-cost way of getting the system to behave the way users would like, it might as well be done. His proposal is to apply a lock to the file position in particular. His patch adds a f_pos_lock mutex to the file structure and uses that lock to serialize uses of and changes to the file position. This change will have the effect of serializing calls to write(), while leaving other forms (asynchronous I/O, pwrite()) unserialized. The patch has not drawn a lot of comments, and it has not been merged as of this writing. Its ultimate fate will probably depend on whether avoiding races in this obscure case is truly seen to be worth the additional cost imposed on all users.
The future of the Linux Security Module APIBack in 2001, the very first Linux kernel summit included a discussion on security policies. At that meeting, it was decided that there was no interest in patching in the several competing implementations which were available at that time. Instead, developers interested in security were asked to create a generic interface which could be used by any security policy. The result was the Linux Security Modules (LSM) API - a long list of hooks which can be used to intercept almost any operation of interest within the kernel.Last year, some developers were heard to mumble that perhaps LSM should be removed from the kernel. Since LSM was merged, there has been only one serious security mechanism using it to emerge: SELinux. Since there is only one LSM user, and since SELinux can be thought of as a fairly generic security framework in its own right, it is not clear that there is a need for the LSM interface. The discussion died down last year, however, and there has been little talk of yanking out LSM. Until now. In response to a current discussion on LSM hooks, James Morris has posted a patch adding LSM to the "feature removal" schedule. The end of LSM is not a distant event either: the proposed date is this coming June - the 2.6.18 kernel, in other words. If this patch goes through, LSM will be gone in the very near future. The early indications suggested that it could go through: several kernel developers have argued in favor of the removal of LSM, while none asked for it to be retained. The only disagreement - mild - was over the removal date, with some arguing that 2.6.18 is too soon. Those in favor of an early removal, however, claim that last year's discussion should count as the usual one-year warning for this sort of change, and that there is no need to wait any longer. One might well wonder what the hurry is to remove this API from the kernel. There is, in fact, more than just the "only one user" argument in circulation. James's patch includes this text:
[LSM] also attracts a regular stream of misconceived and broken
security module submissions to mainline, such as BSD Security
Levels, and developers are seeing LSM as the answer to everything
rather than really thinking about what they need and how to
architect the code properly and generally.
So LSM becomes a general temptation to solve problems in the wrong way. Beyond the security levels module (which, among other things, is seen as having open vulnerabilities and no maintainer interest), the developers may be thinking of past episodes like the debate over the realtime security module or the Integrity Measurement Architecture, neither of which is best implemented as a security module. The real issue, however, may be this one:
There is also a growing number of proprietary modules hooking into
LSM in unsafe ways, not necessarily even for security purposes. The
LSM interface semantics are too weak and such an API does not
belong in the mainline kernel.
The 2.6 kernel - intentionally - does not give loadable modules access to the system call table. But the LSM interface is almost as good - it gives a loadable module the opportunity to intercept almost any operation that the kernel may attempt to perform. The LSM hooks are supposed to limit themselves to internal record keeping and returning an allow/deny status to the kernel - but there is no way to enforce that sort of restriction. The GPL-only status of the LSM API does not help much either. The people involved are wary of publicly pointing fingers at companies suspected of misusing the LSM interface. One example which can be found, however, is the kernel generalized event management module which was posted to the kernel-mentors list last year. When KGEM was loaded, it would shove aside any currently-loaded security policy and install itself in its place. It would then feed security-related events through to a (proprietary) user-space application, which would make decisions aimed at protecting Linux users from the pressing threat of virus attacks. There were a lot of issues over how this module was implemented, but using LSM to override existing security policies and provide hooks for proprietary code was considered especially distasteful. These reasons and strong developer pressure notwithstanding, it is not clear that LSM will actually go away anytime soon. There is not yet a consensus that SELinux should be seen as the One True Security Policy; many potential users find its complexity hard to deal with and often simply turn it off. The power of SELinux is unquestioned, but its usability is another story. There are other users of the LSM API out there, they just have not been submitted for inclusion into the mainline. These include:
Given that security is something other than a completely solved problem, it would be surprising if there were any single approach which was suitable for all users. So something may well emerge and qualify as the second user which keeps the LSM API in place. Or, at least, which keeps some sort of API in place. If LSM stays around, the kernel developers will probably make changes which make the API harder to abuse. These might include finding ways to restrict what LSM hooks can do and providing compile-time options to wire in a single security policy at kernel build time. So, while there is a reasonable chance that future kernels will include an LSM interface, it might be a rather different interface than the one there today. Any security module developers who want to have a say in how the interface evolves would be well advised to join the discussion soon.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Memory management
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Ubuntu to get EdgyNow that the Dapper beta freeze has begun, it is time to start thinking about what comes next. According to the Mark Shuttleworth, Ubuntu will get Edgy.The Dapper Drake, due out June 1st, will be supported for five years. It will still be nice and fresh, if a bit staid and stable for those who need stability. It is the perfect time to launch the Edgy Eft, the cutting edge, youthful newt of a distribution. Edgy is ready to take risks and explore new territory, even if that means getting a little bloody. Look for Xen, Xgl/AIGLX, SELinux and other new technologies to show up in Edgy. Now is the time to get your "out there" ideas in. The Launchpad spec tracker is where this flood of new technology will be managed. The list is already full of ideas like Beagle integration, better Bluetooth support, Debian patch feeding, cluster installation management, embedded Ubuntu, thin clients and much more. What would you like to see in Edgy?
New Releases SUSE Linux 10.1 RC1 releasedThe OpenSUSE project has announced the first SUSE Linux 10.1 release candidate. There does not seem to be a set of release notes available, but a most annoying bugs page exists. Click below for the announcement and download pointers. Here is an update on known issues.
Aurora Sparc Linux Build-2.0The Aurora SPARC Linux Project has announced (click below) the release of Aurora SPARC Linux Build 2.0. The Aurora SPARC Project is an effort to support SPARC (32 and 64 bit) hardware on Linux. This release is a full tree of sparc packages that match up pretty closely to Fedora Core 3.
Debian GNU/Linux 3.1r2 releasedThe second update to Debian "sarge" is out. It contains a long list of security updates and a shorter list of important bug fixes.
Open SUSE Linux virtual image CD launchedStrategiy reports that ValueSYS and Loghat Al-Asr Magazine have made available an OpenSUSE live CD localized in Egyptian.
Distribution News A draft schedule for Fedora Core 6The draft schedule for the Fedora Core 6 release has been posted. The consensus of the Fedora developers seems to be that the nine-month schedule used with FC5 did not help make a better release, so FC6 will be a six-month release. The current plan calls for the first development freeze in early June and the final release on September 20.
Fedora Project Board UpdateHere's a quick update on the Fedora Project Board. Click below for the wiki links to see who is on the board, when they will be meeting, and a summary of the first board meeting at FUDCon.
Debian newsSteve Langasek covers the X11R7, AKA Xorg 7.0, transition in unstable. "While the XSF are busily working through the bugs that are properly their own, I'll take a moment to let the rest of you know what the implications are for other packages, now that things have settled somewhat and we have a clear idea of where things stand and where they're going."Anthony Towns covers the status of the AMD64 port in etch. "The amd64 architecture has been added to etch, and over the next few weeks (particularly as the X.org changes get worked out) should become fairly complete. amd64 in etch should be debootstrapable at this point, and usable in some situations, but is obviously pretty limited while it doesn't have X. Hopefully this will improve pretty rapidly." It's Bug-Squashing Party time. "For long-lasting delight, we will be squashing bugs from Thursday (April 20th) to Sunday (April 23rd), in all timezones. Coordination will, as usual, happen through the #debian-bugs channel on irc.debian.org. For real interaction, if you are attending FISL, look for us at the Debian booth; it should not be hard to find. Make sure you stop by for an hour at least, and feel free to spend your whole weekend working with us, as there are lots of things you can have fun with. If you are not a Debian Developer, do not be afraid; there is much you can do to help, such as triaging bugs and writing or testing patches that fix problems so a developer can prepare a maintainer or non-maintainer upload."
Distribution Newsletters Debian Weekly NewsThe April 18 issue of the Debian Weekly News is out; it looks at the project leader election, the newly-formed python modules team, the X11R7 transition, and several other topics.
Fedora Weekly News Issue 42This edition of the Fedora Weekly News covers Fedora Project Board Update, Fedora Reloaded 5 Podcast, FUDConBoston 2006 Videos, Users at LinuxWorld talk up security, LinuxWorld Boston 2006 Wrap-Up, Red Hat keeps its grip on Fedora, FUDCon and folding the Fedora Foundation, plus FC5 reviews and more.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for the week of April 17, 2006 covers LWE Boston, Python 2.4.3 in Portage, old-style PHP packages going away, Forums internationalization effort, and several other topics.
DistroWatch Weekly, Issue 147The DistroWatch Weekly for April 17, 2006 is out. "As usual, we'll start with re-visiting some of the interesting news events of the past week, including the release of SUSE Linux 10.1 RC1, the election of Anthony Towns as the new Debian Project Leader, and the announcement about a new 64-bit edition of Arch Linux. This is followed by links to a handful of interesting articles: an interview with Bruce Perens about reviving UserLinux, a new review of the latest alpha release of Ubuntu, and a useful tutorial about keeping a FreeBSD server farm up-to-date. Finally, a special report from Japan analyses the current state of Linux adoption in the country."
Package updates Fedora updatesUpdates for Fedora Core 5: netpbm (bug fixes), bind (bug fixes), at-spi (documentation improvements, new locales), librsvg2 (bug fixes), atk (enhanced documentation), dasher (update to 4.0.2), sound-juicer (bug fixes), glib2 (update to 2.10.2), gtk2 (update to 2.8.17), pango (update to 1.12.1), beagle (update to 0.2.4), metacity (bug fixes), gnome-terminal (update to 2.14.1), gtk-doc (update to 1.6), yelp (bug fixes), nautilus-cd-burner (update to 2.14.2), gnome-desktop (update to 2.14.1), gnome-session (update to 2.14.1), libgtop2 (updated translations), gnome-system-monitor (update to 2.14.1), libwnck (bug fixes), gnopernicus (update to 1.0.4), gnome-screensaver (update to 2.14.1), gnome-games (update to 2.14.1), gnome-applets (update to 2.14.1), gnome-panel (update to 2.14.1), gtkhtml3 (update to 3.10.1), gnome-user-docs (update to 2.14.2), gedit (bug fixes), gnome-desktop (update to 2.14.1.1), evolution (update to 2.6.1), eog (update to 2.14.1), epiphany (update to 2.14.1), libgnome (update to 2.14.1), libgnomeui (update to 2.14.1), file-roller (update to 2.14.1), eel2 (update to 2.14.1), gnome-power-manager (bug fixes), xorg-x11-server (bug fixes), gtksourceview (update to 1.6.1), gnome-utils (update to zenity 2.14.1), nautilus (update to 2.14.1), evolution-data-server (update to 1.6.1), evolution-connector (update to 2.6.1), libsoup (update to 2.2.92), control-center (bug fixes), kde-i18n (fix file conflict), gnome-pilot-conduits (rebuilt against pilot-link-0.11.8), arts (update to KDE 3.5.2), kdelibs (update to KDE 3.5.2), kdebase (update to KDE 3.5.2), kdeaccessibility (update to KDE 3.5.2), kdeaddons (update to KDE 3.5.2), kdeadmin (update to KDE 3.5.2), kdeartwork (update to KDE 3.5.2), kdebindings (update to KDE 3.5.2), kdeedu (update to KDE 3.5.2), kdegames (update to KDE 3.5.2), kdegraphics (update to KDE 3.5.2), kde-i18n (update to KDE 3.5.2), kdemultimedia (update to KDE 3.5.2), kdenetwork (update to KDE 3.5.2), kdepim (update to KDE 3.5.2), kdesdk (update to KDE 3.5.2), kdeutils (update to KDE 3.5.2), kdevelop (update to KDE 3.5.2), kdewebdev (update to KDE 3.5.2), gnome-pilot (rebuilt against pilot-link-0.11.8), jpilot (rebuilt against pilot-link-0.11.8), libvirt (upstream release update), pilot-link (rebuilt), util-linux (bug fixes), psmisc (rebuilt), gnupg (patched), perl-DBD-Pg (upgrade to upstream version 1.48), perl-XML-Dumper (upgrade to 0.81), jwhois (update), m2crypto (fix SSL.Connection.accept), firefox (fix broken language packs).Updates for Fedora Core 4: netpbm (bug fixes), bind (bug fix), evolution (rebuilt against the latest pilot-link), arts (update to KDE 3.5.2), kdeaccessibility (update to KDE 3.5.2), kdeaddons (update to KDE 3.5.2), kdeadmin (update to KDE 3.5.2), kdeartwork (update to KDE 3.5.2), kdebase (update to KDE 3.5.2), kdebindings (update to KDE 3.5.2), kdeedu (update to KDE 3.5.2), kdegames (update to KDE 3.5.2), kdegraphics (update to KDE 3.5.2), kde-i18n (update to KDE 3.5.2), kdelibs (update to KDE 3.5.2), kdemultimedia (update to KDE 3.5.2), kdenetwork (update to KDE 3.5.2), kdepim (update to KDE 3.5.2), kdesdk (update to KDE 3.5.2), kdeutils (update to KDE 3.5.2), kdevelop (update to KDE 3.5.2), kdewebdev (update to KDE 3.5.2), jpilot (rebuilt against pilot-link-0.11.8), gnome-pilot (rebuilt against pilot-link-0.11.8), gnome-pilot-conduits (rebuilt against pilot-link-0.11.8), pilot-link (rebuilt).
Newsletters and articles of interest Bruce Perens talks UserLinux and Ubuntu (Linux Format)Linux Format talks with Bruce Perens about UserLinux. "The problem for me with UserLinux was that when I started it I was an independent entrepreneur; I had a one-person consulting company. So I had to go and make enough sales so that I made a living every month, I had to be an open source leader, and I had to run a number of projects. There simply wasn't room for all of that, and at some point... no one was paying me to work on UserLinux, and supporting my family came first."
Building a FreeBSD Build System (O'ReillyNet)O'ReillyNet covers setting up a build system for FreeBSD. "To set up a FreeBSD build system, you need three components. A build server is the first requirement. It should be either a fairly beefy uniprocessor or a lesser SMP-based machine. The second component is a staging server, which is basically a test machine where you can test the build without potentially destroying a production box. This doesn't have to be a machine with much fanfare, but it should be as close as possible to the rest of your machines to ensure an accurate test platform. The third component, called the build set, consists of all the clients to which you want to install the updates. These are your production machines."
The Perfect Setup - Fedora Core 5 (64-bit) (HowtoForge)HowtoForge details the process of setting up a Fedora Core 5 server on a 64-bit system. "This is a detailed description how to set up a Fedora Core 5 based server that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/IMAP, Quota, Firewall, etc.). This tutorial is written for the 64-bit version of Fedora Core 5, but should apply to the 32-bit version with very little modifications as well."
Stunning Linux Distro Continues Development (LXer)The folks at Lobby4Linux.com take a look at Elive and interview the developer. "Lobby4Linux.com has been active in an attempt to not only simplify Linux, but to incorporate an easier menu and help system. We have described what this "Linux on Training Wheels" or "Linux-Lite" would look like. In our search for such a distro, we stumbled across Elive. Elive is a Debian-based distro that incorporates both the E-16 and E-17 Enlightenment environments."
Distribution reviews Looking Ahead: Ubuntu Linux 6.06 (Mad Penguin)Mad Penguin reviews Ubuntu's Dapper Drake Flight 5 (alpha). "Performance with this release was very good. It's been a while since I reviewed Ubuntu 5.10, but it feels faster to me. Call me crazy. It definitely outperformed Fedora Core 5 on the same machine. Hands down. This is good news for Ubuntu I suppose, since Fedora 5 is the "big thing" right now in distroland. When Ubuntu Dapper comes to fruition, it is going to be something to contend with on the desktop."
Fedora Core 5: Shape Shifter (eWeek)eWeek reviews Fedora Core 5. "Fedora 5 ships with an updated version of the open-source Xen hypervisor project, which first appeared in Fedora in Version 4. We noticed right away that the Fedora team has smoothed out some of the under-the-hood wrinkles that had marred Fedora's previous Xen implementation. For instance, Xen requires particular modifications to a system's C library to avoid a specific performance hit; with earlier Fedora versions, this called for some hackery to get Xen working properly."
My desktop OS: Frugalware (NewsForge)Here's a quick look at Frugalware. "Frugalware is in a good niche between Slackware and ArchLinux. Frugalware's philosophy is similar to that of ArchLinux -- make the system simple and logical so you don't have to rely on a GUI to use it. The thing I like most about Frugalware is that, unlike ArchLinux, it provides a full stable branch in addition to the current one, which is updated every six months."
Page editor: Rebecca Sobol Development Zope CMF Version 2.0.0Stable version 2.0.0 of CMF, the Zope Content Management Framework, was announced this week. Zope is an open source web application server, see the What Is Zope document for details.![[Zope]](/images/ns/zopecom.png)
Recently, the Zope project has been going through
a major rewrite, transitioning from Zope2 to
Zope3 with the help of
Five,
a Zope 2 to 3 transition product.
CMF is one of the major components of Zope.
The CMF (Content Management Framework) adds numerous tools and services to Zope to allow community or organization based content management, complete with a workflow system and a powerful customization framework. The CMF Workflow system uses Zope's built in security architecture. One thing this allows is for the "edit permission" to be taken away from an author who has submitted a document for review and publishing. This ensures that what the reviewer sees cannot change during or after review without the author intentionally taking back the document.
CMF 2.0.0 brings a lot of changes, including:
CMF 2.1 will add missing pieces to the Zope 3 integration effort, feature new local skin customization capabilities, convert all of the views to the Zope 3 style, complete the transition to Zope 3 container events and more. In short, this is a major move toward the Zope 3 technology. For further reading, see the CMF documentation resources. CMF 2.0.0 is available for download here.
System Applications Database Software PostgreSQL Weekly NewsThe April 16, 2006 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL database articles and resources.
Interoperability Samba: mod_ntlm_winbind Updated for Apache2The Samba news mentions changes to mod_ntlm_winbind. "Ronan Waide has done some work updating mod_ntlm_winbind for Apache2. mod_ntlm_winbind is an Apache module that provides NTLM and Basic authentication via winbind. Support for both plaintext and NTLM auth in the same module as also been added."
Mail Software Mailman 2.1.8 is outVersion 2.1.8 of Mailman, a mailing list management application, has been announced. "In this release, we have fixed a cross-site scripting security bug in the previous release (CVE-2006-1712), integrated a new version of email library (email-2.5.7), and added bounce processing supports for number of sites and MUAs. It is highly recommended that all sites using 2.1.7 and before should update to this release."
Security Sussen 0.18 announcedVersion 0.18 of Sussen, a tool that checks for vulnerabilities and configuration issues on computer systems, is out with new capabilities, cleaned up code and improved documentation.
Desktop Applications Audio Applications New release of AMB pluginsThe second release of the Ambisonics plugins, a set of audio plugins for the Ardour sound editor, have been announced. Changes include an 8-speaker cube decoder, and some code cleanups.
Snd-ls 0.9.6.2 announcedVersion 0.9.6.2 of Snd-ls, a distribution of the SND sound editor, is available. "The biggest thing about this release of Snd-ls is probably that the rt-player is enabled by default. The rt-player is an alternative player engine for SND that plays soundfiles using the rt-extension and reads data from disk through a buffer. The result is less clicks, and more channels can be played safely at once."
Desktop Environments GNOME 2.14.1 Released (GnomeDesktop)Gnomedesktop.org has announced the release of GNOME 2.14.1. "This is the first release in a series of point releases for the 2.14 branch. Come and see all the bug fixing, all the new translations and all the updated documentations brought to you by the wonderful team of GNOME contributors! While development has started on the Gnome 2.15/2.16 road, we didn't forget about making a new release that is rock solid. And simply better than the previous one."
GARNOME 2.14.1 announcedVersion 2.14.1 of GARNOME, the bleeding edge GNOME distribution, is out. "This release incorporates the GNOME 2.14.1 Desktop and Developer Platform, fine-tuned and updated with love by the GARNOME Team. It includes updates and fixes after the official GNOME freeze, together with a host of third-party GNOME packages, Bindings and the Mono(tm) Platform -- this is the second release of the current stable GNOME branch, ironing out yet-more bugs, hopefully adding yet-more stability and ships with the latest and greatest stable releases."
GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Software AnnouncementsThe following new KDE software has been announced this week:
KDE Commit-Digest for 16th April 2006 (KDE.News)KDE.News has announced the April 16, 2006 edition of the KDE Commit-Digest. "In this week's KDE Commit-Digest: Furious activity in Digikam, KmPlot and amaroK, compile and linking fixes for applications in trunk with CMake and multi-platform porting fixes. Furthermore, KSmileTris was removed from the kdegames module in trunk."
Xfce 4.4 beta 1 (4.3.90.1) releasedVersion 4.4 beta 1 of Xfce, a lightweight desktop environment, is out "Xfce 4.4 features new tools such as the much anticipated "Thunar" file manager as well as several huge improvements of its core components. Please help us making Xfce 4.4 the best Xfce release ever, download it, try it, help us fixing it!"
Electronics Covered 0.4.2 releasedVersion 0.4.2 of Covered, a Verilog code coverage utility, has been announced with the following changes: "Bug fix release and added support for multi-line definitions."
PCB 20060414 releasedDevelopment snapshot 20060414 of PCB is available. "PCB is an interactive printed circuit board editor for the X11 window system. PCB includes a rats nest feature, design rule checking, and can provide industry standard RS-274-X (Gerber), NC drill, and centroid data (X-Y data) output for use in the board fabrication and assembly process. PCB offers high end features such as an autorouter and trace optimizer which can tremendously reduce layout time. "
Financial Applications Release of GnuCash 1.9.5 (unstable) (GnomeDesktop)GnomeDesktop.org covers the latest release of GnuCash, a financial management application. "The GnuCash development team proudly announces GnuCash 1.9.5 aka "The final countdown begins", the sixth of several unstable 1.9.x releases of the GnuCash Open Source Accounting Software which will eventually lead to the stable version 2.0.0. This release contains many bugfixes since the fifth release but is still only intended for developers and adventurous testers who want to help tracking down bugs."
SQL-Ledger 2.6.9 releasedVersion 2.6.9 of SQL-Ledger, a web-based accounting system, has been announced. Changes include new code for multiple latex runs, pagebreak code improvements and bug fixes.
Games New Keep Module (WorldForge)The WorldForge virtual world project has an announcement for a new Keep module. "I guess you guys already found the keep model. I was going to post on Monday but today will work. This model builds on everthing that I have done. Same textures, dimension, same doors etc."
TuxFighter 0.49 announcedAsteroids meets XBill with the release of TuxFighter 0.49 on the PyGame site. "Your goal is to waste valuable lifetime (or even paid worktime) while steering and spinning a pinguin-shaped alter ego throug a universe full of nasty enemys. The enemys try to collide into you but YOU CAN FIGHT BACK ! Shoot rockets at your enemys but be careful, you have always just twice the number of rockets as the number of enemys on the screen. So aim careful, because some rockets may bounce back from the edge of the screen. Gain extra points or even applause by killing enemys be a rocket reflecting from walls."
Imaging Applications GIMP 2.2.11 Released (GnomeDesktop)Version 2.2.11 of the GIMP has been announced. "This is a bug-fix release in the stable 2.2 series."
Interoperability Wine 0.9.12 releasedVersion 0.9.12 of Wine has been announced. Changes include: "New Winelib Internet Explorer application (all 5 lines of it), Several improvements to the font support, More work on the IDL compiler, Faster drawing of the cards in Solitaire (very important feature), A number of fixes for issues found by the Coverity code cheker and Lots of bug fixes."
Medical Applications Hui Releases Major Upgrade to Hui OpenVistA (LinuxMedNews)LinuxMedNews covers the release of Hui OpenVista Version 4.0. "The most notable enhancement to Hui OpenVista 4.0 is a more streamlined installation process. Version 4.0 provides a preconfigured baseline system that simplifies the steps needed to convert the Freedom of Information Act (FOIA) version of VistA to Hui OpenVista. This enables users to quickly download the baseline as a starting point for configuring the system to their specific requirements..."
Mirror Med Highlights FOSS in Action (LinuxMedNews)LinuxMedNews looks at the MirrorMed project. "The MirrorMed project shows how Free and Open Source Software (FOSS) in medicine can create a successful electronic medical record/electronic health record(EMR/EHR) by using code from several projects: OpenEMR, FreeMed, Uversa's ClearHealth and the FreeB medical billing project. Together, these projects have threaded the needle and become the few that survive the real world in Health IT."
Music Applications Slag 0.1 pre 1 announcedRelease 0.1 pre 1 (the first public version) of Slag, a pattern-based audio sequencer that can be used as a simple drum box, is available. "Slag is a pattern-based audio sequencer that can currently be used as a simple drum box. It features real-time editing, optional JACK support with individual ports for tracks, volume settings for pads and tracks, a virtually unlimited number of tracks and patterns, the ability to link song parts together, and real-time audio file output. It's licensed under the GNU GPL."
News Readers Pan! It's Alive! (GnomeDesktop)GnomeDesktop.org covers the latest release of Pan. "The Pan newsreader project is active again making new releases. The 0.9x releases are a series of unstable betas of a C++ rewrite of Pan that adds multiserver and nzb support, reduces memory use by over two thirds, can cut the time to download new headers by over two thirds, and slashes the time it takes to load headers from disk by almost 90%."
Office Applications Beagle Newsletter - April 2006 (GnomeDesktop)GnomeDesktop.org has announced the April, 2006 edition of the Beagle Newsletter. "With the release of GNOME 2.14, three new additions to the desktop environment have come with the ability to search your Beagle index. First, Nautilus now allows users to create new searches within the file browser and save searches based on that query. If enabled, Nautilus will use Beagle for this searching. Second, a new panel applet has been included for quick searching. The panel applet, Deskbar, allows you to query Google, Yahoo! and a number of other websites in real time. If the Beagle plug-in is enabled, your files can be quickly searched using this handy tool. Finally, Yelp, the GNOME help tool can utilize Beagle for quick searching of the systems help documentation."
Office Suites OpenOffice.org build 2.0.2.7Build 2.0.2.7 of the OpenOffice.org office suite has been announced, it features a bug fix and a build improvement.
Web Browsers Security and Stability Updates for Firefox Released (MozillaZine)MozillaZine reports that Firefox 1.5.0.2 and Firefox 1.0.8 have been released. These updates contain several security fixes.
Word Processors AbiWord 2.4.4 released (GnomeDesktop)Version 2.4.4 of the AbiWord word processor has been announced. "The changes from v2.4.2 to v2.4.4 include, amongst others: Substantially updated the OpenDocument import and export filters, Lots of tweaks to the Windows interface, Various fixes to our Right-to-Left text handling routines".
Miscellaneous Release of Xj3D VRML/X3D browser for LinuxVersion 1.0 of Xj3D has been announced. "Xj3D is an open source X3D browser, developer library and test environment for the X3D virtual reality and augmented reality standard. A principal goal of Xj3D is conformance to the X3D spec while still maintaining high performance using OpenGL hardware acceleration. The milestone 1.0 release is available for Windows, Linux, Mac OS X, and Solaris. It implements CADGeometry, DIS, GeoSpatial, H-Anim, as well as extensions for Rigid Body Physics, Particle Systems, Clipping planes, Picking Utilities, Abstract Device IO."
Languages and Tools Caml Caml Weekly NewsThe April 11-18, 2006 edition of the Caml Weekly News is out with new Caml language articles.
Java KDE Look and Feel for Java Preview (KDE.News)KDE.News has an announcement for the KDE Look and Feel for Java effort. "Sekou Diakite has released an alpha version of a KDE Look and Feel for Java. This is an interesting step forward in Linux/Unix desktop integration since Java applications can now use the KDE/Qt libraries for drawing Java widgets and even directly use existing KDE widgets such as the file or color choosers. See the webpage for further details of this accomplishment including future plans and, of course, screenshots."
Python Urwid 0.9.3 announcedVersion 0.9.3 of Urwid, a console UI library for Python, is out. "This release adds support for gpm and mouse dragging to the raw_display module, improves mouse release reporting and fixes a few text layout bugs. If you are interested in Urwid's mouse support please try the input test example program and let me know if it works properly in your environment."
Dr. Dobb's Python-URL!The April 17, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.
Ruby The Gemcutter's Workshop: Canada on Rails (Linux Journal)Linux Journal covers the latest Ruby developments with a new edition of The Gemcutter's Workshop. "Recapping another busy couple of weeks in Ruby land as well as the first international Ruby conference. The past two weeks have been another busy bi-week in terms of Ruby releases and community activity. I'd like to start out with a couple of big release announcements and a mailing list posting and then move on to two big events."
Tcl/Tk Dr. Dobb's Tcl-URL!The April 18, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.
XML Query Census Data with RDF (O'Reilly)Joshua Tauberer uses RDF to work with census data in part two of an O'Reilly article series. "The U.S. government is a treasure trove of structured information. In my last article I talked about legislative information, but there's much more--gigabytes upon gigabytes more. The 2000 Census compiled tons of population statistics. Let's get some of it into the Semantic Web. So I'll grab one small 14MB slice of data out of the census records and turn it into RDF."
Page editor: Forrest Cook Linux in the news Recommended Reading The Rise of Media Independence (Linux Journal)Doc Searls predicts the end of radio. "Today, if I want to put a show on the radio, I don't bother with radio at all. I record an .mp3 file, put it on a Web site and "enclose" a pointer in an RSS feed. Anybody who picks up the feed or downloads the file can get the recording, anywhere on the Net. Which is "right here" for anywhere with a connection, anywhere in the world. Which is why radio as we know it is doomed."
Does open source encourage rootkits? (NetworkWorld)NetworkWorld covers a McAfee report claiming a correlation between open source software and the spread of root kits. ""The predominant reason for the growth in use of stealthy code is because of sites like Rootkit.com," says Stuart McClure, senior vice president of global threats at McAfee. Rootkit.com's 41,533 members do post rootkit source code anonymously, then discuss and share the open source code. But it's naïve to say the Web site exists for malicious purposes, contends Greg Hoglund, CEO of security firm HBGary and operator of Rootkit."
The SCO Problem Feb. 26, 2006 Hearing Transcript (Groklaw)Yes, the SCO case is still going on. Groklaw has had some fun with the transcript of a hearing regarding SCO's abortive subpoenas to Intel and others. Quoting Judge Wells: "Noting that at the outset of this case or prior to its filing, it was expressed to the media and others that SCO possessed evidence regarding the misappropriation of source code. At this point, don't you have enough evidence to go forward in that regard or, to be candid about it, does it constitute fishing at this point?"
Companies Micro Center isn't a happy home for Linux (NewsForge)Joe 'Zonker' Brockmeier looks for a Linspire PC at Micro Center. "Last November, Linspire issued a press release announcing that Micro Center would be devoting floor space and staff to desktop Linux. I decided to take a trip to my local Micro Center this week to see how that initiative was going. Unfortunately, the answer is not so well. According to the release, Micro Center customers should be able to "try and buy several desktop and laptop computers pre-installed with Linspire Linux." Further, "new sections will put desktop Linux software and products in high-traffic areas of the store, giving Linux products a significant amount of retail space and boosting visibility of Linux within each store.""
New Linux look fuels old debate (ZDNet)ZDNet revisits the proprietary driver debate. "For Nvidia, intellectual property is a secondary issue. 'It's so hard to write a graphics driver that open-sourcing it would not help,' said Andrew Fear, Nvidia's software product manager. In addition, customers aren't asking for open-source drivers, he said."
Lessig, Stallman on 'Open Source' DRM (The Register)The Register takes a look at Sun's press release for its open source DRM, which lists Lawrence Lessig as a supporter. "Was DRM less bad because it was 'open source'? Professor Lessig tells us that he should have reviewed the Sun Microsystems press release before it went out. It doesn't fully reflect his position, he says, and he's emphatic that this blessing doesn't constitute an endorsement." (Thanks to Ciarán O'Riordan)
Legal Prior Art and Its Uses: A Primer, by Theodore C. McCullough (Groklaw)Groklaw presents Prior Art and Its Uses: A Primer, by Theodore C. McCullough. "The question of what constitutes prior art can be confusing, to say the least. Moreover, the issue of when one can and cannot use a particular type of prior art in attacking the patentability of a particular invention is equally confusing. The following is a high-level outline of the some of the key concepts regarding what constitutes prior art, and how to apply it to address the patentability of an invention. The purpose of this primer is not to serve as formal legal advice, nor should it be considered as such. Rather, the purpose of this primer is to assist the general public, including those in the Open Source Community, with helping to improve patent quality."
Interviews Oracle considers venturing into Linux (FT)The Financial Times talks with Larry Ellison about Oracle's plans. "'I'd like to have a complete stack,' he said. 'We're missing an operating system. You could argue that it makes a lot of sense for us to look at distributing and supporting Linux.'" (Thanks to Thomas Kirby).
Q&A: New Mass. CIO offers update on Open Document Format plans (ComputerWorld)ComputerWorld talks with Louis Gutierrez, CIO of the Information Technology Division (ITD) of Massachusetts. "Gutierrez, a 2002 Computerworld Premier 100 honoree, left a position as chief technology strategist at the University of Massachusetts Medical School to fill the CIO post that had been vacant since Peter Quinn resigned in January. No stranger to government, he served as the state's first CIO from 1996 to 1998 and returned in 2003 as CIO of its executive office of Health and Human Services (HHS), where he worked through June 2004." (Thanks to Pete Link)
Kubuntu Developer Jonathan Riddell Interviewed (Behind Ubuntu)Behind Ubuntu presents an interview with Kubuntu developer Jonathan Riddell. "How and when did you get involved in Ubuntu? I knew that Ubuntu was going to be big and that it didn't feature my favourite desktop, so I wrote a blog post explaining why KDE people should get involved. That was the top google for "Ubuntu linux" for while and when Ubuntu dug out their plans for a KDE versions they contacted me to see if I could help." (Found on KDE.News)
Interview: Andrey Savochkin (KernelTrap)KernelTrap has an interview with Andrey Savochkin. "Andrey Savochkin leads the development of the kernel portion of OpenVZ, an operating system-level server virtualization solution. In this interview, Andrey offers a thorough explanation of what virtualization is and how it works. He also discusses the differences between hardware-level and operating system-level virtualization, going on to compare OpenVZ to VServer, Xen and User Mode Linux."
Resources CLI Magic: Is that CD still fresh? (Linux.com)Joe Barr looks at the cdck program. "Ever wonder if that ISO or backup CD or DVD you burned last year is still good? This week we'll take a look at a small command-line utility called cdck that checks the condition of data on the media and let you know if it's still good."
OOo Off the Wall: Combining Documents with OOo (Linux Journal)Linux Journal looks at combining documents and other advantages of using styles in OpenOffice.org. "WordPerfect veterans raise the idea of a Reveal Codes feature for Writer every couple of months. In response, a macro that gives the appearance of Reveal Codes without the functionality has been written. However, the feature isn't likely to appear in any upcoming version of Writer. For one thing, while WordPerfect is a code-based word processor, in which every piece of formatting is embedded in a manner not too different from HTML tags, Writer is a frame-based one processor. That means the characteristics for a selection of text are defined separately from the text itself. As a result, no direct equivalent of Reveal Codes is possible."
Improve your iPod with Rockbox (NewsForge)NewsForge looks at running Rockbox on an iPod. "Over the past few years, I've been ripping my CD collection to Ogg Vorbis, intending to one day find a portable player for all those tracks of synthpop, reggae, and comedy. Now I've finally found a player for my 60-or-so gigs of Ogg files which has the the ergonomics, battery life, and accessory market of the iPod. The secret to having a player that deals with so many codecs, but that looks and acts like an iPod, is that it is an iPod -- just one that I converted last night with a firmware swap to run the excellent, open source system called Rockbox. Rockbox isn't perfect -- and it sure isn't for everyone -- but I'm pleased as punch with it."
Porting Linux applications to 64-bit systems (developerWorks)IBM developerWorks looks at porting applications to 64-bit systems. "Linux was one of the first cross-platform operating systems to use 64-bit processors, and now 64-bit systems are becoming commonplace in servers and desktops. Many developers are now facing the need to port applications from 32-bit to 64-bit environments. With the introduction of Intel® Itanium® and other 64-bit processors, making software 64-bit-ready has become increasingly important."
Process your email with procmail (Linux.com)Linux.com covers email filtering using procmail. "Procmail is a Mail Delivery Agent (MDA), meaning it can be used along with a Mail Transfer Agent (MTA) such as mutt or sendmail to filter messages. Procmail processes all messages before they are delivered to your mailbox. You can have your incoming messages distributed into various folders based on preset criteria such as the subject of a message or the recipient. The use of regular expressions for creating rules and the ability to run multiple rules on messages make procmail a very precise mail filtering program."
My sysadmin toolbox (Linux.com)Linux.com presents another look into the toolbox with OpenSSH, Socat, Bash, Midnight Commander, Aptitude, Knoppix, awk, Expect, Scite and Ipcalc. "Carrying an operating system with me at all times is bliss. I rarely leave home without a Knoppix CD. Knoppix has always been great, but it got even better with the inclusion of UnionFS, which allows me to install packages as if the CD were writable."
Reviews ccPublisher gets a GNU outlook on cross-platform availability (NewsForge)NewsForge looks at the Python program ccPublisher 2. "Creative Commons (CC) offers licenses that allow you to publish material with clear-cut licensing terms that reserve some of your rights while giving the public others. CC offers a number of tools to implement the licenses into the metadata of various media formats. Until recently, its ccPublisher program, which allows you to upload CC-licensed content to the Internet Archive, had official binary releases only for Apple Macintosh OS X and Microsoft Windows XP. This is about to change, with the upcoming release of ccPublisher 2."
FOSS closes patient privacy gap for researchers (NewsForge)NewsForge looks at HMS Scrubber. " Two new open source software projects are ready to wipe patient histories clean of personal information so researchers can learn from medical cases without endangering privacy. One of the GPLed software programs, HMS Scrubber version 1.0, was recently able to remove more than 98 percent of identifiers -- such as name, address, and Social Security number -- from 1,254 pathology reports processed from three hospitals. Developed by a team from the Beth Israel Deaconess Medical Center in Boston and other American institutions, the software holds promise beyond pathology in nearly all medical records, which are integral to research, but are full of privacy pitfalls, says Bruce Beckwith, a Beth Israel doctor and developer of the new software."
New GNOME Does Search Right (eWeek)eWeek reviews GNOME 2.14. "Sabayon, interestingly, uses the nested X-Window capability of the X.org Foundation's X.org graphics system, in which you can launch a new session in a window within your current session. In this session within a session, we could set desktop preferences, add task bar items and change font sizes, among other things, and then save that set of configurations as a profile that we could apply to other users."
Package management meets version control in rPath (Linux.com)Linux.com looks at rPath. "rPath's goal, according to a white paper on the company Web site, is "a source control system married to a package system." To achieve this goal, rPath has developed three closely related projects: Conary, a package management system; rPath Linux; and rBuilder, a tool for working with Conary repositories. With these projects, rPath claims to be able to drastically reduce the time required to build a Linux release."
Social bookmarking with Scuttle (NewsForge)NewsForge looks at scuttle, a tool for setting up a local del.icio.us-like site. "Using del.icio.us to manage your bookmarks has its advantages, but it has its limitations too. You can't install del.icio.us on your local network, you can't modify it to suit your needs, and you can't be sure whether the service will still be there tomorrow. Scuttle, on the other hand, is an open source social bookmarking application that offers functionality similar to del.icio.us without the shortcomings."
VPNs Illustrated: Tunnels, VPNS, and IPsec -- A Book Review (Linux Journal)Linux Journal reviews the book VPNs Illustrated: Tunnels, VPNs, and IPsec by Jon C. Snader. "VPNs Illustrated: Tunnels, VPNS, and IPsec offers a clear and concise evaluation of the technology that allows private networks to extend through insecure channels. Overall, the purpose of this book is to inform readers of the benefits a VPN can offer. This is done through examples, diagrams and source code analysis. As a reference guide, the material does a good job of informing the reader about private networking over a public channel."
A first look at Zfone (NewsForge)NewsForge looks at Zfone. "Zfone is PGP creator Phil Zimmermann's latest brainchild, a small desktop application that encrypts VoIP softphone conversations using strong encryption and peer-to-peer communication. Zimmermann released the first public beta last month. While I'm intrigued by the concept, getting the application to work is another story."
Miscellaneous Fedora Frog brings the bling to Fedora (Linux.com)Linux.com goes to EasyLinux.info for a script called Fedora Frog. "Raivis Dejus, Linux Center project coordinator at the University of Latvia, runs EasyLinux.info. He finished Frog about a week ago, he says, adapting the Automatix script for the RPM-based Fedora Core and using yum to handle downloading and installing the packages. Dejus used his own ideas and some tips from others on the Internet to create Frog. "It seemed like a thing that had to be done," he says. "Ubuntu has Automatix and I decided that Fedora should have something similar.""
Hands-on testing of the new Linux virus (NewsForge)NewsForge tests a cross-platform virus. "Our tests shows the code's viral nature is sometimes -- but not always -- effective on both platforms, depending on the kernel being used. Of course, it's impossible for us to test every version of the kernel out there, but thus far, it looks like those prior to version 2.6.16 are susceptible, and at least some of those after that release are not. Here's how we tested at NewsForge."
Page editor: Forrest Cook Announcements Non-Commercial announcements Asterisk Advisory Council formedDigium has announced the formation of the Asterisk (telecom project) Advisory Council. "Composed of five experienced Asterisk community contributors, the Council will assist in the overall management of Asterisk including the selection and supervision of community developers, release cycles and contributions."
EFF: Digital Copyright Law Hurts Consumers, Scientists and CompetitionThe Electronic Frontier Foundation (EFF) has announced (click below) the release of Unintended Consequences: Seven Years Under the DMCA, a collection of reports of the misuses of the DMCA.
Open Source ParkingBruce Perens is bothered by a recent event: "Microsoft has been paying the large domain resellers to move their 'parked' sites to IIS on Microsoft Server. Moving the parked customers of a single large reseller, GoDaddy.com, caused a shift of 4.5 Million domain names, or 5% of total server share from Apache to Microsoft IIS in the Netcraft report. This is an 'appearance' change only, because the sites involved have no content. But managers believe figures like those in the Netcraft report, and act on them." His response is OpenSourceParking.com, a place where idle domains can be parked and show up in the Linux column. He also plans to use the resulting advertising revenue to fund an open-source political action committee.
California Bill on Open Voting To Be Heard on Tuesday (Technocrat.net)Technocrat.net looks at California AB2097, which implements the people's right to know how their votes are counted - rather than to have the details cloaked with DMCA and trade-secret law applying to present proprietary voting software. The hearing is Tuesday April 18 in Sacramento, California.
Commercial announcements FSMLabs and Advantech Announce PartnershipFSMLabs has announced a collaboration with Advantech on a single board computer platform. "The first qualified board is an Advantech fanless "3.5 inch Biscuit SBC" that uses 10 watts to run RTLinux hard real-time under the full load of sophisticated middleware like Java, databases, and web servers. Users can choose to run the industry standard Linux networking stack or FSMLabs' agile zero-copy real-time networking on the built in Ethernet."
Linux Networx Names Robert Neumeister, Jr. CFOLinux Networx has announced the naming of Robert Neumeister, Jr. as its new executive vice president and chief financial officer. "A proven CFO with extensive experience in the technology industry, Neumeister has achieved repeated success at Fortune 500 companies and technology start-ups both domestically and internationally. Mr. Neumeister's experience includes financial leadership through periods of rapid growth as well as leveraged buyouts and initial public offerings (IPO's)."
Solsoft Announces NetFilterOne 1.2 Upgrade for Netfilter Firewall ManagementSolsoft Inc. has announced Solsoft NetfilterOne 1.2, a graphical interface that will automate the design, deployment and documentation of security rules and policies as they pertain to a networked netfilter firewall. Linux Netfilter Iptables version 1.3 is now supported.
Unitrends Introduces Added Rapid Recovery CapabilitiesUnitrends Corporation has announced the GOLD release of their Rapid Recovery System. "Among the enhancements announced today are increased capabilities to Unitrends' Hot BareMetal(TM) capability, at the core of its exclusive Continuous System Protection(SM), allowing Linux users, running SuSe/Novell, Red Hat, Debian, Gentoo and more, to capture an image of the entire operating system at any point in time, without having to first shut down the server application or interrupt operations."
Contests and Awards Google Code - Summer of Code 2006 is LaunchedThe 2006 Google Summer of Code event has been launched. "The Google Summer of Code is a program that helps student developers create open source programs. Google is planning on identifying and funding several hundred projects over three months, with the help of open source, free software and technology companies mentoring and inspiring students. The application process opens officially on May 1 2006, and Google hopes to fund over 400 participants this year. Only students enrolled in an accredited institution to get the chance at the funding for the Summer of Code." See the 2006 Summer of Code web site for more information.
Hennessy wins OO.o article contestThe winner of the latest round of the OpenOffice.org article contest has been announced. "CP Hennessy has won the latest round of the contest with an excellent article on the citation facilities of OpenOffice.org. Titled, "Current Implementation of the OpenOffice.org Bibliographic Component," the work examines "the APIs available to the programmer to manipulate the citation data, and how these API calls actually map to real C++ classes in the OpenOffice.org source code.""
Programmers' prose sought in Linux essay contest (Linux.com)Linux.com has an announcement for the Linux Symposium essay contest. "First prize is a shiny new Intel Centrino Duo laptop. Second prize: an iPod nano. Entrants must be registered to attend the 2006 Linux Symposium in Ottawa, Canada, July 19-22, and must be at least 16 years old. The essays are to be no more than 1,500 words, and should be submitted in English as plain text, PDF, or Perl. The deadline is June 30, and winners will be announced during the welcome reception of the conference July 19."
Ludum Dare 48 Competition 8A new Ludum Dare 48-Hour Game Programming Competition will happen on April 28-30 2006. "The new competition has been announced, and I am currently working on getting the site ready for the competition. The last competition we used Wiki pages, and besides still not having the winners announced other things went fairly well. After I get the site up for the new competition the last competition will be moved into the new site and the winners will be announced."
Tux is alive - The Tux BuzzThe new tuxisalive.com contest has been announced. "Kysoh SA, a developer of electronic devices for geeks by geeks, today launched a big contest on their buzz site (www.tuxisalive.com). Tux is alive and it's not a plush. You always dreamed of having a live penguin at home but didn't know how? Take part of the genesis of Tux by participating with Kysoh's big contest."
Education and Certification Hui Announces VistA Training Institute (LinuxMedNews)LinuxMedNews has an announcement for a new VistA Training Institute. "In 2005, the Hui partnered with the University of Hawaii and VistA subject matter experts throughout the continental U.S. to develop a VistA training and certification curricula for clinical application coordinators and system administrators. The VistA Institute curricula will serve as a resource to enhance the technical and clinical training competency needed to implement, support and encourage adoption of VistA in the healthcare market worldwide, explained Hui Director Stanley M. Saiki, Jr., M.D..."
Event Reports CE Linux Forum conference report and videosMichael Opdenacker has sent in a report of the recent Consumer Electronics Linux Forum (CELF) conference. "For the first time, it was called "Embedded Linux Conference", as the ELC accronym is now free after the end of the Embedded Linux Consortium last year. For the first time too, it was open to the general public (for a very moderate registration fee), and not only to CELF members like last year. This conference featured approximately 40 talks, tutorials or Bird Of a Feather sessions as well as several product demos, 100% targeted to embedded system developers."
Calls for Presentations IPR implications for Free/Libre and Open Source Software CFPA call for papers has gone out for the IPR '06 Workshop on Intellectual Property protection for software and its implications for Free/Libre and Open Source Software. The event will take place in Como, Italy on June 10, 2006, papers are due by May 15.
Upcoming Events Recon 2006: speaker lineup announcementThe speaker lineup for the Recon 2006 security conference has been announced. The event will take place on June 16-18, 2006 in Montreal, Canada. Training sessions will be offered before and after the conference.
Events: April 20 - June 15, 2006
Web sites SpreadKDE: Try KDE (KDE.News)KDE.News has announced the new Try KDE site. "Try KDE is a new resource listing ways that you can try out KDE without commiting to a full GNU/Linux or BSD install. It includes links to live cds, VMware player images and Klik bundles as well as links to KDE desktops available over NX, with explanations of these technologies. It is linked to from the KDE frontpage and will be updated regularly as more resources are discovered."
Miscellaneous K3b Fundraiser 2006: A Complete Success (KDE.News)KDE.News follows the progress of the K3b Fundraiser 2006 effort. "At the beginning of March 2006, I started a fundraising campaign with the goal of collecting 1000 Euro by the end of the month in order to buy a new computer system. I soon discovered how very unrealistic this goal was! You -- the K3b users -- taught me a lesson: by the end of the second day I had already received more than 1000 Euro and in the end the goal was surpassed by far."
Page editor: Forrest Cook
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Rockbox
jewels]](/images/ns/rockbox-jewels.png)