LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
Recent Features
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for May 11, 2006Kernel bugs: out of control?As has been widely reported, Andrew Morton recently told an audience at LinuxTag about his fears that the Linux kernel is getting buggier over time. That worry resonates with a number of users and developers, many of whom have never gotten entirely used to the 2.6 development model. The result of this discussion may be a long look at how the kernel is developed, culminating in a discussion at the annual Kernel Summit in Ottawa this July. Easy answers may be difficult to come by, however.Even the core question - are more bugs being added to the kernel than are being fixed? - is not straightforward. Many developers have a sort of gut sense that the answer is "yes," but the issue is hard to quantify. There is no mechanism in place to track the number of kernel users, the number of known bugs, and when those bugs are fixed. Some information can be found in the kernel bug tracker run by OSDL, but acceptance of this tracker by kernel developers is far from universal, and only a subset of bugs are reported there. Distributors have their own bug trackers, but there is little flow of information between those trackers and the OSDL one; distributor trackers will also reflect problems (and fixes) in distributor patches which are not in the mainline kernel. Dave Jones publishes statistics from the Fedora tracker, but it is hard to know what to make of them. Part of the problem is that an increasing bug count does not, in itself, indicate that the kernel is getting worse. A kernel which is larger and more complex may have more bugs, even if the density of those bugs is going down - and the 2.6 kernel is growing quickly. Increased scrutiny will result in a higher level of reported bugs, but a lot of those bugs could be quite old. The recent Coverity scans, for example, revealed some longstanding bugs. If the user base is growing and becoming more diverse, more bugs will be reported in the same code, even if that code has not changed.
Clearly, there are limits to the conclusions which can be drawn from these sorts of statistics. The results which show up in Google may not be representative of the real troubles afflicting Linux users, and the lower levels for recent kernels may simply reflect the fact that fewer people are using those kernels. But the fact that these results are as good as anything else available shows how little hard information is available. Some other efforts are in the works to attempt to quantify the problem - stay tuned to LWN for information as it becomes available. In a way, however, whether the problem is getting worse is an irrelevant question. The simple fact is that there are more kernel bugs than anybody would like to see, and, importantly, many of these bugs are remaining unfixed for very long periods of time. So, regardless of whether the situation is getting worse, it seems worth asking (1) where the bugs are coming from, and (2) why are they not getting fixed? The first question has no easy answer. It would be nice if somebody would look at bug fixes entering the kernel with an eye toward figuring out when the fixed bug was first introduced - and whether similar bugs might exist elsewhere. That would be a long and labor-intensive task, however, and nobody is doing it. In general, the kernel lacks a person whose time is dedicated to tracking (and understanding) bugs. At the 2005 Kernel Summit, Andrew Morton indicated that he would like to have a full-time bugmaster, but this person does not yet exist. If, somehow, such a position could be funded (it is hard to see as a long-term volunteer job), it could help with the tracking and understanding of bugs - and with ensuring that those bugs get fixed. Why bugs do not get fixed might be a little easier to understand. Certainly part of the problem must be that it is more fun to develop cool new features than to track down obscure problems. The older development process - where, at times, new features would not even be merged into a development kernel for a year at a time - might have provided more motivation for bug fixing than the 2.6 process, where the merge window opens every month or two. But feature development cannot be the entire problem; most developers have enough pride and care about their work to want their code to work properly. The kernel is a highly modular body of code with a large development community. Many (or even most) developers only understand a relatively small part of it. So it is easy for kernel developers to feel that the bulk of the outstanding bugs are "not their department" - somebody else's problem. But the person nominally responsible for a particular part of the code may be overwhelmed with other issues, unresponsive and difficult to deal with, or missing in action. Many parts of the kernel have no active maintainer at all. So problems in many kernel subsystems tend to get fixed slowly, if at all - especially in the absence of an irate and paying customer. For this reason, Andrew has encouraged kernel developers to branch out and address bugs outside of their normal areas. That is a hard sell, however. Kernel bugs can be seriously hard to find and fix. The kernel must operate - on very intimate terms - with an unbelievable variety of hardware and software configurations. Many users stumble across problems that no developer or tester has ever encountered. Reproducing these problems can be impossible, especially if nobody with an interest in the area has the affected hardware. Tracking down many of these bugs can require long conversations where the developer asks the reporter to try different things and come back with the results. Developers often lack the patience for these exchanges, but, crucially, users often do as well. So a lot of these problems just fall by the wayside and are not fixed for a long time, if ever. Bug prevention is an area with ongoing promise. Many of the most error-prone kernel interfaces have been fixed over the years, eliminating whole classes of problems, but more can be done. More formal regression tests could be a good thing, but (1) the kernel developers have, so far, not found a huge amount of value in the results from efforts like the Linux Test Project, and (2) no amount of regression testing can realistically be expected to find the hardware-related problems which are the root of so many kernel bugs. Static analysis offers a great deal of promise, but free tools like sparse need quite a bit of work, yet, to realize that promise. The end result is that, while there are ways in which the kernel process can be improved, there is a distinct lack of quick fixes in sight. Fixing kernel bugs is hard work, and the kernel maintainers lack the ability to order anybody to do that work. So, while the kernel community can be expected to come to grips with the problem - to the extent that there is a problem - the process of getting to a higher-quality kernel could take some time.
The Grumpy Editor's guide to audio stream grabbers
KGNU airs an incredible variety of music and public affairs programming; much of what is heard there is available nowhere else in the area. Unfortunately, some of the most interesting programs are not broadcast at times when it is convenient for your editor to listen to them. Some of the best music is late at night, and the public affairs programs broadcast during the day tends to be incompatible with the need to write LWN articles. As a result, your editor has a strong desire to record shows of interest and listen to them at a later time. This is, of course, a classic, legal exercise of fair use rights. For years, this activity has been performed using a DAT deck, which will happily record a three-hour show without breaks. Unfortunately, this solution (1) requires somebody to push the "record" button at the right time, and (2) depends on the continued operation of an aging piece of audio equipment whose reliability was not the greatest even when it was new. It would make a lot of sense to, instead, simply record the audio stream from the net. Recording could be automated, and the result could be moved to a portable player for convenient listening. It is not surprising that proprietary players for streaming media lack a "record" option. But, one would think, free players would provide such an obvious bit of functionality. As it turns out, however, most of the free players which can tune in network streams also lack recording capability. Whether this omission is simply a matter of other development priorities coming first or is, instead, a capitulation to the entertainment industry is not clear. Regardless of why, a Linux user who has fired up totem, amarok, or xmms to play an audio stream will not readily find a "record" option there. There are, however, a number of options available for those who would record audio streams on a Linux system. Here are a few that your editor has found.
Recording through the sound systemAudio streams passing through the ALSA sound system are generally available to applications via a capture interface. So, in fact, almost any free recording application can be used to grab the stream as it passes through the kernel. A simple example can be made with arecord:
arecord -f cd -d 7200 stream.wav
This command will record a stream in WAV format, automatically stopping after two hours. Other recording applications (ecasound, ardour, etc.) can also be used. There are some downsides to this approach. Recording in this way occupies the sound system, making it impossible to listen to anything else. Changes to mixer settings can affect the recording. Depending on the sound hardware in use, the system might have trouble simultaneously playing an audio stream and recording it. And, regardless of other problems, this solution involves several transformations to the audio stream between the network interface and its eventual resting place on the disk. Your editor would rather store the stream as it was received from the source.
ogg123If the stream of interest is in the Ogg Vorbis format, the ogg123 tool can be used to capture it. A command like this will do:
ogg123 -d wav -f stream.wav http://stream-url
With a second option (-d oss), ogg123 can simultaneously play the stream and record it to the disk file. There is an option for specifying the duration of the recording (useful for grabbing shows via a cron job), but it did not work properly on your editor's system. For whatever reason, ogg123 lacks the ability to save an Ogg stream directly to disk - it must convert it to the uncompressed WAV format first. One can always re-encode the stream - at recording time using a pipe, even - but putting an audio stream through a second round of lossy encoding cannot do it any good. It would be much nicer to just save the stream directly to disk.
wgetIf something exists on the net, there is a way to tell wget to fetch it. Audio streams are no exception; running:
wget http://stream-url
will do the trick. No transformations will be applied to the stream - it will be saved as received from the source, which is as it should be. On the other hand, wget is not really designed with streams in mind. In particular, it lacks an option for setting the recording period, making it a bit harder to run in an automated mode - though a couple lines of shell scripting suffice to take care of that problem.
mplayerWhile most streaming media players lack a record option, mplayer is a notable exception. A stream can be recorded with a command like:
mplayer -dumpstream -dumpfile stream.ogg http://stream-url
Of course, streams in just about any format can be recorded in this manner; mplayer will save the stream as it receives it. The list of options understood by mplayer easily qualifies as one of the longest for any application anywhere on the planet. A definitive study could require some months, but, as far as your editor can tell, none of those options tell mplayer how long it should run. As with wget, that omission makes mplayer a little harder to use in an automated mode. Some distributions are more enthusiastic about including mplayer than others. Packages for almost any distribution are readily available, however, to those who search for them.
streamripperThe definitive tool for capturing streams may well be streamripper. This utility will grab a stream and store it to disk, possibly splitting it into separate tracks as it goes. It can function as a relay, making it possible to listen to a stream as it is being recorded - or to distribute a stream around an internal network. In its simplest form, streamripper is run as:
streamripper http://stream-url
Options exist to limit recording time, control separation into tracks, establish a stream relay, and automatically discard advertisements. There are graphical frontends for GNOME (streamtuner) and KDE (KStreamRipper). There is also an amarok plugin available.
To concludeFrom your editor's point of view, streamripper is the right tool for this job. It is the only one which was designed for the purpose of capturing audio streams in their original format. In a pinch, wget will do the job, as will mplayer. Employing a huge tool like mplayer for this purpose feels somewhat like using a nail gun to hang a calendar, however. For now, we are lucky in that there are quite a few high-quality streams which can be time-shifted and enjoyed in this manner. Unfortunately, the future looks to be made up of DRM-encrusted streams and no access for users of free software. No fair use rights. If we want to live in a world where broadcast streams are accessible with free tools and developers of stream players are not afraid to add "record" buttons, we need to ensure that the legal climate does not become more hostile than it is already. Otherwise, finding a good stream capture tool could become much harder than it is today.
Apple attempts to patent audio interfacesFor today's chapter on the ongoing software patent debacle, let us have a look at Apple's patent application #981993. This application, filed in November, 2004, has to do with providing an audio interface to a computing device. In particular, claim 1 reads:
A method for providing an audible user interface for a user of a
computing device, the method comprising: receiving a selection of a
user interface control on the computing device; selecting an audio
file associated with the selected user interface control; and
playing the selected audio file at the computing device such that
an audio prompt is audiblized for the user, the audio prompt
describing the selected user interface control or a displayed user
interface item corresponding to the selected user interface
control.
The additional, dependent claims make this technology more specific to media players in particular. There is another independent claim which reads like this:
A method for creating an audio file at a host computer system, the
method comprising: receiving a text string at a text to speech
conversion engine; creating an audio file based upon the text
string; and associating the audio file to a media file.
Numerous other claims assert ownership over various combinations of the two above techniques. In summary, what Apple is claiming is the ability to create voice files for a media player device, load them onto that device, and have the device play those files in response to user actions. This patent would appear to cover a relatively obvious technology. Speaking computers are not particularly new; corporate voice mail systems have operated in this way for quite some time. Experience shows, however, that this sort of prior art often carries little weight in the patent office. Unless something happens, the chances of Apple winning this patent would appear to be fairly good. The Rockbox project has produced a GPL-licensed firmware distribution which runs on a wide variety of media players from a number of vendors - including Apple. Rockbox adds a number of interesting and useful features; see this LWN review from last January for more information. One feature of particular interest at the moment, however, is the voice interface capabilities built into Rockbox. This feature would appear to be well described by the Apple patent application; it uses voice files generated on a host system to allow navigation through the menus in an audible manner. When the voice mode is enabled, Rockbox's prompts are indeed "audiblized" for the users. Rockbox has had this feature since early 2004. That is prior to the filing of this patent (though not the requisite one year prior), but Apple's application references an earlier one, filed in 2003. So Rockbox cannot serve as prior art in this case. One of the most encouraging and heartening things your editor has seen over the last year has been the stream of blind users showing up on the Rockbox mailing lists. By making this feature available, Rockbox has made media players accessible to a broad community of users who have been ignored by the manufacturers of these devices. It is a beautiful example of how the free software community can meet the needs of a user community which is not seen as being profitable in the proprietary world. Apple may have been busy filing patents back in 2003, but it was Rockbox which first brought a voice interface to the iPod. The voice menu feature in Rockbox has been an empowering addition for a number of people. The idea that it could be shut down by this patent is appalling. But Apple will have a clear incentive to do exactly that: Rockbox turns the competition's players into much nicer devices. Should Apple's near-monopoly on media players begin to erode (and there is no real reason why it should last forever), Apple will, beyond doubt, reach for legal weapons which might inhibit competing offerings. Apple has done that before, after all. This particular weapon should be neutralized before it becomes a real threat. It is a fight which should be winnable - the idea of an audio interface was not first conceived in 2003. But without some determined resistance, Apple may well obtain the patent it is asking for. At that point, the free software community will (in the U.S., at least) be fenced out of an area which it explored before - and better than - anybody else.
Security X.Org vulnerabilities and responsesOn May 2, the folks at Coverity sent out a press release congratulating themselves on having found a serious vulnerability (the "BIGGEST X WINDOW SECURITY HOLE SINCE 2000") in the X.Org server. Articles appeared in the mainstream press on a "new" problem on Linux (and other) systems. Linux users, however, rested easy, secure in the knowledge that this problem, first disclosed on March 20, had been fixed long before. In that context, however, it is interesting to note that the LWN vulnerability entry for this problem shows only three distributor updates, from Fedora, Mandriva, and SUSE.On the same day as the Coverity announcement, the X.Org developers disclosed another vulnerability which could result in root access for anybody who can access an X server. Seven distributors responded this time, all within three days. The one big name missing from the list of updates this time around is Debian. At a first glance, it would appear that a number of distributions remain vulnerable to the first problem, and Debian still has to update both. The real situation is rather better than that, but it still merits a look. Perhaps there is a lesson or two here. The first vulnerability remains unpatched by a number of distributors, including Gentoo, Red Hat, Slackware, and Ubuntu. They have a good excuse, though: they all ship X.Org 6.8.2, and this problem was introduced in version 6.9.0. These distributors, having not shipped the vulnerable code in the first place, just didn't feel the need to rush out an update. It is hard to fault these distributors for relaxing in the knowledge that they had dodged that particular bullet, but, at the same time, it seems likely that at least some of their users were wondering where the update was - especially after the Coverity press release came out. It would cost distributors very little to issue an advisory saying "we are not vulnerable" in cases like this. The additional peace of mind for users would be more than worth it. The second vulnerability, which does affect all X.Org users, elicited a nearly immediate response from most distributors. The one exception is Debian, and therein lies a different story. Debian's stable distribution does not include X.Org at all. Instead, this much-delayed release went out last year with the old XFree86 code - Debian is the last major distribution to ship that code. Your editor downloaded the XFree86 4.3.0 source, dusted off the cobwebs, and was able to convince himself that the X.Org buffer overflow vulnerability is not present there. So Debian did not need to issue an update, though, once again, a "don't worry" advisory would not have hurt. For those using X.Org via Debian backports, an update (based on the Ubuntu patch) has been made available. The fact that vulnerabilities have been found in X.Org, rather than XFree86, should not be seen as an indication that X.Org is a buggier product. Instead, these disclosures reflect the fact that the X.Org code is receiving a much higher level of scrutiny. It is doubtful that the XFree86 code is free of vulnerabilities; it is just that few people are looking for them. A quick glance at the XFree86 changelog shows a couple of surprising things:
Replacing something as fundamental as the X distribution in a stable Debian release is a daunting prospect, so it is not surprising that XFree86 remains in place after all this time. To rely on such musty old software has its risks, however. In less than one year, the Debian "etch" release should sweep XFree86 off of its remaining Linux desktops. In the mean time, Debian users are running a crucial package which few people actively care about.
New vulnerabilities busybox: insecure password generation
cgiirc: buffer overflows
mozilla firefox: potential remote code execution
kernel: multiple vulnerabilities
mysql: information leaks
nagios: buffer overflow
pdnsd: buffer overflow
quake: buffer overflow
rsync: integer overflow
Updated vulnerabilities apache: cross-site scripting
asterisk: several vulnerabilities
blender: integer overflow
bzip2: race condition and infinite loop
ktools: buffer overflow
clamav: buffer overflow
cpio: arbitrary code execution
curl: heap-based buffer overflow
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
dia: buffer overflows
emacs21: format string vulnerability in "movemail"
enscript: arbitrary code execution
ethereal: multiple vulnerabilities
fbida: insecure temporary file creation
fetchmail: multidrop bug
firefox: multiple vulnerabilities
Foomatic: Arbitrary command execution in foomatic-rip
freeradius: authentication bypass
gdb: multiple vulnerabilities
gdm: improper file permissions
gedit: format string vulnerability
gnupg: incorrect signature verification
grip: buffer overflow
gzip: arbitrary command execution
ipsec-tools: denial of service
kdebase: local root vulnerability
kdelibs: kate backup file permission leak
kernel: multiple vulnerabilities
kernel: multiple vulnerabilities
libgadu: memory alignment bug
libgd2: buffer overflows in PNG handling
libpam-ldap: authentication bypass
libpng: heap based buffer overflow
libtiff: denial of service
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lynx: arbitrary command execution
mailman: denial of service
mozilla: multiple vulnerabilities
Mozilla Thunderbird: remote code execution and DoS
MySQL: logging bypass
nbd: arbitrary code execution
ncpfs: multiple vulnerabilities
nessus: denial of service
ntp: uses wrong gid
openmotif: buffer overflows
OpenSSH: double shell expansion
perl: setuid vulnerabilities
php: several vulnerabilities
phpbb2: multiple vulnerabilities
phpMyAdmin: multiple vulnerabilities
phpWebSite: input validation
pound: HTTP Request Smuggling Attack
Py2Play: remote execution of arbitrary Python code
resmgr: bypass access control rules
ruby1.8: denial of service
scorched3d: multiple vulnerabilities
squirrelmail: multiple vulnerabilities
sudo: vulnerability via scripts
tetex: integer overflows
texinfo: temporary file vulnerability
tin: buffer overflow
unzip: long file name buffer overflow
w3c-libwww: possible stack overflow
webcalendar: multiple vulnerabilities
xine-lib: buffer overflow
xine-ui: format string vulnerabilities
xloadimage: buffer overflows
X.Org: buffer overflow
xpdf: buffer overflow
xpdf: denial of service
xpdf: integer overflows
xscreensaver: possible password exposure
xzgv: heap overflow
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current stable 2.6 kernel is 2.6.16.15, released on May 9. It adds four security patches, all of which apply to the SCTP code. Previously, 2.6.16.14 was released on May 5 with a patch for an smbfs problem which could enable a process to escape a chroot environment.The current 2.6 prepatch remains 2.6.17-rc3. A few hundred patches have been merged into the mainline git repository since -rc3 was released; they are mostly fixes, but there is also a set of splice() improvements and the ability add attribute groups to class_device entries at registration time. There have been no -mm releases over the last week.
Kernel development news Quote of the week
Actually, I think the system is working quite well. We've got a
quick route for getting bug fixes and security fixes to users, and
a shorter devel cycle helping distro folks get more regular drops
from upstream. This particular patch [2.6.16.14] applies all the
way back to the beginning of git time (over a year ago), and I'm
sure earlier. So it's hard to conclude it's a byproduct of the
release cycles.
-- Chris Wright
Multi-protection VMAsThe virtual memory area (VMA) structure (struct vm_area_struct) is one of the core building blocks of the Linux virtual memory code. Each VMA describes a piece of a process's address space; that piece is a (usually contiguous) series of pages from a single backing store (a file or, for anonymous memory, swap space) with a uniform set of access permissions. Each VMA maintains information on the address space covered, pointers to the backing store, permission information, a set of function pointers for operations on that VMA, and other housekeeping information.Before the 2.6 kernel was released, all VMAs mapped a range of address space onto a contiguous range of pages in the backing store. Things got a bit more complicated with the addition of the remap_file_pages() system call, which allows applications to rearrange the mapping of memory pages to backing store pages within a VMA. That system call includes a parameter for setting the permissions of the remapped pages, but that parameter is currently ignored. For now, it is still true that all pages within a VMA carry the same page permissions. If an application tries to break that rule - by calling mprotect() on a subset of the pages within a VMA, for example - the VMA will be split into multiple VMAs, each of which imposes uniform permissions on its (reduced) part of the address space. This behavior might just change however. Paolo Giarrusso has recently dusted off an old patch (developed with Ingo Molnar) which allows remap_file_pages() to change page permission as well. In theory, this change should be relatively straightforward. The page tables already hold the permissions for each page, so there is no need for any additional data structures to track the per-page permissions. The tricky part comes in when the page is swapped out. At that point, the kernel must take care to keep the permission information in the page table entry. A new VM_MANYPROTS VMA flag tells the kernel to use those saved permissions (instead of the permissions stored in the VMA itself) when the page is faulted back in. To change page permissions, an application must pass the new MAP_CHGPROT flag to remap_file_pages(). Interestingly, the current patch does not support creating or operating on VM_MANYPROTS areas with mprotect(); there is, apparently, a disagreement over just what the semantics should be in that case. The motivation behind this change is to improve performance for User-mode Linux. The UML code creates vast numbers (tens of thousands) of single-page mappings to simulate its own virtual memory environment. Each of those mappings creates a VMA. As the kernel works with all of those VMAs, memory-oriented operations slow down significantly. The memory overhead is also significant - each VMA requires at least 88 bytes of memory, 200 bytes on your editor's x86-64 system. Eliminating all of those VMAs can make UML much more efficient; Ingo Molnar reports that UML performance improves noticeably with the patch in place. Ordinary Linux users could also benefit from this patch, however. Ulrich Drepper explained how the C library uses VMAs currently; it turns out that linking to a single shared library can create up to five separate VMAs. An application which brings in a large number of libraries - as many desktop applications do - can end up creating hundreds of VMAs for shared library mappings. That leads to many VMAs being created on the system; just how many can be seen by looking at the vm_area_struct line in /proc/slabinfo. Your editor's system currently has over 13,000 VMAs active, using about 2.5MB of memory. Of the five VMAs potentially created by glibc for each shared library mapping, four are mappings into the same file with different permissions. The ability to have multiple permissions settings within a single VMA has the potential to collapse those four VMAs into one, leaving a single file mapping and an anonymous memory segment for each library. The result would be significantly reduced memory usage and faster kernel performance. Those benefits are likely to motivate the inclusion of this patch, sooner or later.
On the safety of Linux random numbersRandom number generation is an important operating system function. The generation of networking sequence numbers, cryptographic session keys, and public keys all depend on the creation of numbers which are sufficiently random that they cannot be guessed by an attacker. Weak random numbers can lead to session hijacking, disclosed secrets, forged identities, and predictable umber hulks. Any system which is serious about security has to be serious about creating good random numbers.Doing that, however, can be a challenge for computers. As a general rule, designers of computers like to make hardware which does the same thing every time. Randomness is not normally a desirable feature in computer operation; for most systems, it is restricted to emacs responding to mistaken keystrokes. So, while there is no shortage of algorithms which can produce a random-seeming sequence of numbers, those numbers are not truly random. Restart the algorithm with the same initial conditions, and the same sequence of numbers will result. Linux implements a purely algorithmic random number generator, accessible as /dev/urandom. Its results are good enough for most purposes, but there are times when true randomness is needed. To that end, the kernel attempts to harvest randomness (called "entropy") from its environment. The timing between the keystrokes as your editor types this article, for example, exhibits some randomness. The same is true of, for example, the timing of disk interrupts. The lower bits of the system time stamp counter can also provide a bit of entropy. The kernel collects this entropy into a special pool of bits, and uses this entropy pool when true random numbers (obtained from /dev/random) are required. The amount of accumulated entropy is also tracked; if there is insufficient entropy in the pool to satisfy a random number request, the requesting process will block until the needed entropy arrives. One of the most common ways of putting entropy into the pool is to register interrupt handlers with the SA_SAMPLE_RANDOM flag. That flag tells the kernel that the indicated interrupt will arrive at random times, so its timing can be used to generate entropy. This interface has been in place for many years, but Matt Mackall has recently decided that it is not the best way to go. So he has posted a series of patches removing SA_SAMPLE_RANDOM from a large number of request_irq() calls. Most of the changes are not controversial. For example, a number of disk drivers set SA_SAMPLE_RANDOM, but also use the block-specific add_disk_randomness() function. Removing SA_SAMPLE_RANDOM in those cases eliminates a source of redundant "entropy." But Matt rekindled an old debate when one of his patches removed SA_SAMPLE_RANDOM from a set of network drivers. The issue with network drivers is this: network interrupts are created by incoming and outgoing packets. If an attacker gets access to the network segment used by a target system, that attacker can observe the timing of packets entering and leaving that system. The attacker can also influence that timing by generating packets and sending them to the target in a carefully-timed manner. Over the years, a number of people have worried that a well-connected attacker might be able to guess the contents of the entropy pool and predict future random numbers. Others argue that nobody has shown a scenario where the ability to observe and generate packet timings could actually lead to the compromise of the entropy pool. The actual timing of packets hitting a given system can only be reliably observed by another system on the same network segment. But network segments are almost never shared anymore; most systems tend to be plugged into switches, and a switch will hide packets and change their timing. In addition, anybody who is in a position to get onto a target system's network segment is quite likely to be able to obtain physical access to the target itself. At that point, the installation of a keystroke logger or hostile kernel patch seems easier than trying to guess where the entropy pool will go. If we assume a particularly determined and masochistic attacker, however, then we can start to think about the other challenges this person will have to face. One is guessing the contents of the entropy pool at a given time. Such a guess will have to be made by observing the random numbers generated by the system, which can be done by looking at sequence numbers and keys emitted by that system. Then the attacker will have to find a way to reverse the algorithm (SHA-1) which is used to generate a given random number from the pool. That reversal will generate a large set of possible pool values which could all hash to the same value, so the attacker must be prepared to work with many simultaneous possibilities. Once the pool has been guessed, it is time to predict its future value, as determined by the incoming entropy. The problem here is that the timing of packets on the wire does not exactly match the timing of interrupts within the kernel. There are delays within the network card, delays in DMAing a packet into main memory (which can be influenced by other memory traffic being generated in the system), variable interrupt handling times caused by critical sections which mask interrupts, cache misses, etc. Then there is the occasional mixing of bits from the time stamp counter, the value of which is not available to the attacker. All told, it is a fair stretch to go from an observation of traffic on the network to any sort of guess as to what the random number generator will produce next. Meanwhile, many systems running as network servers have access to relatively few sources of entropy. If interrupt timings from network interfaces are made unavailable, those systems could run out of entropy altogether. Given that need, and given that most developers seem unworried about the potential weaknesses, the use of network timings is unlikely to go away anytime soon. What might happen, however, is the addition of some sort of runtime configuration option. Truly paranoid administrators could then disallow entropy from network interfaces. Those who are merely worried could, instead, use those timings, but reduce the amount of entropy which is credited to a network interface timing value. And most of the rest of us will probably leave things the way they are now. [See also: this paper by Z. Gutterman, B. Pinkas and T. Reinman [PDF] on potential weaknesses in the Linux random number generator (thanks to Neil Harris).]
The Xen patchesThe Xen hypervisor has been the source of large amounts of hype for some time now. The Xen paravirtualization scheme allows the running of guest operating systems, but the guest kernel must be ported explicitly to the "architecture" supported by the hypervisor. Paravirtualization provides strong isolation of virtual machines and can be quite fast, but it cannot run unmodified operating systems on its virtual machines. Many had expected support for Xen to be merged into the mainline by now, but that has not happened. In fact, it is only recently that the Xen patches have even been posted for developer review. A new set of Xen patches was posted on May 9, however, giving some insights into how Xen will affect the kernel.The patches in the 35-part set fall into two broad categories. The first of those creates a new architecture (a subarchitecture of i386) and a port of the Linux kernel for that architecture. This is the code which is built into the modified kernel which can run as a Xen guest. Some of the more significant changes include:
Then, there are a couple of changes to the core (host) kernel:
There has been a fair amount of comment on the patches, but few objections of great substance. Instead, the Xen developers look to have a long list of nits to address. The most fundamental complaints, perhaps, concern the network driver, which includes its own, built-in ARP implementation. The Xen developers defend this code as being necessary for fast migration of Xen guests. If the ARP code were moved to a more appropriate place - user space, for example - a migration which happens in milliseconds could turn into a one-second (or longer) affair, and that is not a cost the Xen folks want to pay. The addition of files to /proc is also unpopular, but that code was already on the list of things to fix. When Xen might actually merge is still unclear. There is work to be done still, and it is a large body of code for the developers to work through. But that date is getting closer, now that there is code to discuss.
Patches and updates Kernel trees
Build system
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Architecture-specific
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials A kernel for Dapper and EtchThis week there were discussions on both the Ubuntu-devel and Debian-kernel mailing lists about using the 2.6.16 kernel for Dapper and Etch respectively. Here are pointers to the thread on Ubuntu-devel and the thread on Debian-kernel.Both of these distributions began their development prior to the 2.6.16 release, so both are based on slightly older kernels. Now, however, the kernel developers are targeting the 2.6.16 kernel for stabilizing and long term maintenance. If these distributions stick with 2.6.15 (or older), their kernel maintainers will end up backporting security and bug fixes for some time (five years for Dapper and possibly longer for Etch). So why not just go with 2.6.16? Well, alert LWN readers may remember that 2.6.16 introduced some API changes; changes that will ripple through the rest of the system and cause other things to break. It's not a step to be taken lightly, and with only three weeks until the planned Dapper release it's far too late to make such a sweeping change. The Etch release is still a good six months out, so it's much more likely that 2.6.16 will be used for Etch.
New Releases SUSE Linux 10.1 is DoneSUSE Linux 10.1 has been declared final. At this writing the final version was not available on the mirrors, but should be by the time you read this. "Thanks a lot for all your testing, bug reporting, comments and encouragement through this especially long beta and release phase of SUSE Linux 10.1. I've heard early quite some critizisms but also in the end a lot of people saying that 10.1 is now a great release - and I would like to thank you for your part in making it great!"
Ubuntu Flight 7Flight 7, the latest alpha of Dapper Drake, is now available in Ubuntu, Kubuntu and Xubuntu flavors. Click below for a look at some known problems and links to mirrors.
Distribution News Edubuntu Council ElectedThe Edubuntu Council (EC) was officially appointed. Click below for the announcement. The EC will run similarly to the Ubuntu Community Council with five elected members. "The EC will therefore facilitate decisions on issues relating to the Edubuntu community, as well as deciding on new Edubuntu members - who will also automatically be granted an Ubuntu member status when becoming an Edubuntu member (Note that 3 quorum council votes are required for approval as a member)."
Fedora Project Board meeting summaryA summary of the May 2 meeting of the Fedora Board have been posted. "As always, the archives of fedora-advisory-board are fully public. In addition, we're working on getting a read-only copy of that list set up, so that people don't have to poll the archives to see what's going on."
Complete Fedora board namedMinutes from recent meetings of the Fedora Board have mentioned a "mystery member" who had not yet completed the necessary bureaucratic rituals at his place of employment. This shadowy figure has been unmasked at last: it is Matt Domsch, from Dell. The complete board is thus Max Spevack (chair), Jeremy Katz, Bill Nottingham, Elliot Lee, Christopher Blizzard, Rahul Sundaram (all from Red Hat), Seth Vidal, Paul W. Frields, Rex Dieter, and Matt Domsch. Minutes from Fedora Board meetings can be found over here.
Unofficial Fedora FAQ Updated for Fedora Core 5The Unofficial Fedora FAQ has been updated to include documentation for Fedora Core 5. "This was a HUGE update, which involved re-writing the instructions for almost every question. Now we have working instructions for yum, nVidia cards, ATI cards, NTFS drives, and much, much more."
Announcing the Fedora Music listA new mailing list has been announced for the discussion of getting Planet CCRMA into Fedora Extras.
Trustix will Move ForwardAjith Vargese Thampi looks at the future of Trustix Secure Linux. "Now its time to leave the past and to make the best of what is available to us, and to develop it to a level what everyone expects of it. Comodo Groupgives its support to making Trustix Secure Linux the most Secure and Stable Linux Operating System. The major support comes from the Community that has stuck through the turbulent times. Thank you Morten Nilsen, Vidar Tyldum, Matthias Subek and All the others who beleive in TSL."
Debian participates in Google's Summer of CodeHere is Debian's Google Summer of Code announcement. "More than 50 development tasks cover general improvements, quality assurance, releasing and testing the distribution, package management, new applications, security, infrastructure and the improvement of particular packages. For these tasks students will be assigned a Debian developer acting as their mentor."
Ubuntu Bug DayThis HUG DAY announcement notes: "Three weeks left until release, and counting, Bug Hunting became our favorite sport." But then why limit bug hunting to one day. Help squash Dapper bugs All Day, Bug Day, Hug Day and every day.
Distribution Newsletters Debian Weekly NewsThe Debian Weekly News for May 9, 2006 looks at interesting release names for packages, DebCamp in progress in Oaxtepec, Mexico, unified terminology for distribution names, moving irc.debian.org, an Etch release update, tracking forwarded bugs in the BTS, preseeding Debian installations, and several other topics.
Fedora Weekly News Issue 45The latest edition of the Fedora Weekly News covers the new mail list for package announcements, the Fedora Music list, the Unofficial Fedora FAQ Updated for FC 5, a report from Linuxfest Northwest, The Increasing Importance of Community, Sporting goods retailer now sporting Linux, La-Z-Boy retailer revamps with Linux, and several other topics.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for the week of May 8, 2006 covers new and improved Ada support in Portage, Gnome 2.14 unmasked, and several other topics.
DistroWatch Weekly, Issue 150The DistroWatch Weekly for May 8, 2006 is out. "The long delayed SUSE Linux 10.1, which is expected to be released on Thursday, should be the highlight of the week, but FreeBSD 6.1 is also likely to hit the download mirrors within the next day or two. In other news, confirmation of the Debian "etch" December release date target, an introduction to an Ubuntu-based live CD with a collection of genealogy software, and an announcement by a project developing a range of Gentoo-based virtual machines for VMware and Xen. In the interview section, we talk with the two lead developers of Damn Small Linux about their new product - DSL-N. Finally, don't miss the chilling opinion piece by Robert Storey who appeals to all US citizens to fight against the newly proposed COPE legislation."
Minor distribution updates Familiar v0.8.4-rc2 releasedFamiliar, a Linux distribution for handheld devices, has the second release candidate for v0.8.4 available for download. This version improves support for the HP iPAQ h2200, hx4700, and h6300 series of devices and includes other bugfixes.
RR64 Linux 3.0 RC1RR64 Linux is a cutting edge live CD for 64 bit systems. It's based on Gentoo and includes the KDE desktop.
Package updates Fedora updatesUpdates for Fedora Core 5: system-config-printer (new defaults in preparation for CUPS 1.2), ghostscript (update to version 8.15.2), system-config-netboot (bug fixes), bind (bug fixes), xterm (upgrade to version 212), anacron (bug fix), openoffice.org (improved fonts and translations), tzdata (update to upstream 2006f), gkrellm (build for FC5), yum (bug fixes), pango (update to 1.12.2), gnome-power-manager (upgrade to 2.14.2), vte (update to 0.12.1), gdm (bug fixes), gnome-power-manager (update to 2.14.3), hal (bug fix), libtiff (fix a problem with the previous patch), dbus (backport patch), cscope (bug fix), fetchmail (update to 6.3.4), libsepol (bump for FC5), selinux-policy (bump for FC5), isdn4k-utils (update to CVS-2006-02-13)Updates for Fedora Core 4: dhcdbd (bug fix), system-config-netboot (bug fixes), xterm (upgrade to version 212), tzdata (update to upstream 2006f)
Mandriva updatesUpdates for Mandriva Linux: cpio (rebuilt with the correct CPPFLAGS), gzip (fix the zgrep wrapper script to pass all available options to grep).
Slackware updatesThe Slackware current change log shows upgrades to firefox, smartmontools, libpng, rsync, tcl, tk, mod_ssl, gnupg, apache, gmp, mysql and cdrdao, plus some patching and rebuilding in the x11 packages.
Trustix updatesTrustix Secure Linux has various bug fixes available in iptables and pkgconfig for TSL versions 2.2 and 3.0.
Newsletters and articles of interest Edubuntu in Mexican Grade School Computer LabHere's an article about a new computer lab in the Manuel Dublan School in Nuevo Casas Grandes in the state of Chihuahua in northern Mexico. The computers run Edubuntu and LSTP. "LTSP is a dream come true in an educational environment. Now all the computers are running off of one server. When one of the students does something crazy to make their computer crash, we just reset and we are good to go. The students are free to use one computer during one class, and another computer during recess or the next class time, and still have access to their personal documents and desktop settings." (Thanks to James Call)
Distribution reviews Review: Trinity Rescue Kit (Linux.com)Linux.com reviews Trinity Rescue Kit. "Anyone who dual-boots, runs, or manages a heterogeneous network with Windows and Linux workstations must occasionally contend with offline or dead systems. Of course, the open source world has plenty of good tools to help get these boxes back on track, or at least recover valuable data. Trinity Rescue Kit (TRK) is a small yet powerful bootable Linux distribution that rescues, repairs, resets passwords, and clones dead Linux and Windows installations."
My desktop OS: PCLinuxOS 0.92 (NewsForge)NewsForge has an article from a PCLinuxOS fan. "The current version 0.92, released last November, comes with KDE 3.4.3 (with KOffice 1.4.2), X.org 6.9cvs, Linux kernel 2.6.12, and a host of applications. In addition to the normal download, developer Texstar offers ISOs fine-tuned for Nvidia and ATI chips."
Review: Frugalware Linux (Linux.com)Linux.com has a short review of Frugalware version 0.4. "Frugalware offers several installation options. The first is a network install based off a small, bootable ISO (x64 edition). All the program files you select are installed via Judd Vinet's pacman package manager and the Internet. The second installation option is to download one or both of the CD ISOs (not available for x64). You only need the first, but the second provides extra software. The third option is the DVD ISO (x64 edition), which is the route I took. It's a hefty download, but it comes jam-packed with software. If you want to help out a bit with server load, check out some of the torrents available."
Page editor: Rebecca Sobol Development What next for the Xfce Project?The Xfce Project has been quietly making a capable desktop environment for some time now. With the recent release of the first beta of Xfce 4.4, this seems like a good time to take a look at the project and the what's new in the upcoming release.![[Xfce logo]](/images/ns/xfce-logo.png){kind=logo}
The project started in 1997 when Olivier Fourdan decided that he wanted a desktop on Linux that resembled the CDE-based HP machines he used at work. Using XForms, a popular X toolkit at the time, he wrote a CDE-like panel to use with fvwm. With obvious ambitions to grow the tool, he called it XFCE: XForms Common Environment. Within a year, he added a window manager based on fvwm to create XFCE 2. By 1999, XForms was becoming a liability. XFCE's dependency on it, a non-free toolkit, prevented many Linux distributions from bundling the desktop. The XForms-based components were rewritten to use GTK+ for XFCE version 3. The 3.x series continued to grow, attracting developers and adding features like a file manager and a calendar. No longer based on XForms, the project acronym 'XFCE' simply became a name, 'Xfce'. The release of GTK2 in 2002 prompted a review of the code base. The code had become complex and difficult to maintain. The team decided to rewrite the environment from scratch with modularity as the main goal. The result of this effort, Xfce 4.0, was released in September 2003. Since then the project has averaged one major release a year. It has added features like a calendar, print manager, a session manager and more. It has succeeded in carving out a niche for itself between the large desktops like Gnome and KDE and minimalistic environments like fluxbox. The current stable version is 4.2.3.2. The 4.4 release is expected in the next couple of months. Arguably, the biggest change in Xfce 4.4 is the introduction of the Thunar file manager. Earlier releases of Xfce used the featureful Xffm file manager. Its quirky tree-based metaphor made it a powerful tool in the hands of those who could conquer the steep learning curve. However, after some debate, the team concluded that Xffm didn't fit the "Small, Fast and Easy To Use" philosophy of Xfce. Thunar, developed by Benedickt Meurer, fit the bill better. Xffm continues to be actively maintained, but is no longer part of the desktop distribution. Thunar is very responsive and by default has a simple layout modeled on the GTK file chooser. Basic file management is the main focus of the current release. While basic volume management is available, some of Xffm's advanced features like Samba support and archive management have not been implemented. However, a plugin interface makes it possible for third parties to extend Thunar with additional functionality. Plugins are available at xfce-goodies, they add media file management and archive management to Thunar. The panel has been rewritten to be much more flexible. Previously, a desktop was limited to a single panel. The taskbar and iconbox provided functionality that was very similar to the panel but were completely different codebases. While there was support for panel applets (plugins in Xfce parlance), a misbehaving plugin could crash the panel since they both ran in the same process. The new panel allows for multiple instances. The new plugin API provides for both internal and external plugins. A small selection of plugins is available in the base distribution, including some to replicate the functionality of the old taskbar and iconbox. Many third party plugins are available at xfce-goodies. Plugins are available for everything from checking the weather to checking your mail. Desktop icons have always been a minor controversy in the Xfce world. While there were persistent demands for them, few in the development team had enough enthusiasm to actually implement them. Desktop icons are finally in Xfce. They can either be used to display CDE-style minimized app icons or, more conventionally, the contents of $HOME/Desktop folder. There are a large number of smaller changes. For example, the window manager now automatically enables compositing support on accelerated hardware. The calendar, orage, has better support for recurring appointments and is now time zone aware. The print manager now supports LPRng based print backends, CUPS support is already in place. And there is a new keyboard shortcut manager. Xfce is growing to include things that are not necessarily desktop components. In the current development cycle, a text editor, a terminal emulator and an archive manager have been added to the core distribution. The addition of the archive manager, Xarchiver, is interesting because this the first example of an independent project seeing an advantage in merging with the Xfce project. Managing increased expectations is probably going to be the next challenge for the Xfce project. The desktop fulfills many of the expectations of a lightweight desktop. The panel, for example, has reached a level of functionality that is comparable to the equivalent apps in Gnome and KDE. The Xfce user community clearly expects the Xfce Desktop to provide a level of functionality, integration and slickness comparable to the larger desktops without sacrificing it's reputation for lightness. While the 4.4 release will be a big step in that direction, the Xfce project will still face the challenge of achieving parity with Gnome and KDE on the efforts of a developer community a fraction of the size. Biju Chacko is a core developer of the Xfce Desktop
System Applications Database Software MySQL 4.1.19 has been releasedVersion 4.1.19 of the MySQL DBMS is available. "This MySQL 4.1.19 release includes the patches for recently reported security vulnerabilities in the MySQL client-server protocol."
PostgreSQL Weekly NewsThe May 7, 2006 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
DBD::Pg 1.49 releasedVersion 1.49 of DBD::Pg, the Perl interface to PostgreSQL, has been announced. "This version adds support for the ParamTypes statment handle attribute, and fixes a small bug in ParamValues. It strips the final newline (as it did before) from error messages, so that Perl's die will report the line number of the error. It fixes an error that was causing $dbh->state() to not get set properly in some edge cases. Finally, it adds the ability to quote and bind the geometric types POINT, LINE, LSEG, BOX, PATH, POLYGON, and CIRCLE."
LDAP Software LAT 1.0.5 announcedVersion 1.0.5 of LAT, the LDAP Administration Tool, is out. "This is a bugfix release for the stable branch."
Printing CUPS 1.2.0 is availableVersion 1.2.0 of CUPS, the Common UNIX Printing System, has been announced. "CUPS 1.2.0 is the first stable feature release in the 1.2.x series and includes over 90 new features and changes since CUPS 1.1.23, including a greatly improved web interface and "plug-and-print" support for many local and network printers. For a complete list of changes and new features, please consult the What's New in CUPS 1.2 document".
Security Sussen 0.20 releasedVersion 0.20 of Sussen, a vulnerability and configuration security scanner, is out with some new features and bug fixes.
Web Site Development Infrae Document Library releasedInfrae has announced the first public release of its Document Library project. Document Library is a document management application built on the Zope 3 platform. Beyond document management, it offers format conversion, publication workflow management, version management, and more; click below for details and download information.
Zope 3.3.0 beta 1 releasedVersion 3.3.0 beta 1 of the Zope web content management system is available. "Zope 3 is the next major Zope release and has been written from scratch based on the latest software design patterns and the experiences of Zope 2. Cleanup of the Zope 3 packages has continued to ensure a flexible and scalable platform. We continued the work on making the transition from Zope 2 to Zope 3 by making Zope 2.10 use even more of the Zope 3 packages. But we're not there yet. **You can't run Zope 2 applications in Zope 3.**"
Desktop Applications Audio Applications TwoLAME version 0.37 releasedVersion 0.37 of TwoLAME is out with various improvements. "TwoLAME is an optimised MPEG Audio Layer 2 (MP2) encoder based on tooLAME by Mike Cheng, which in turn is based upon the ISO dist10 code and portions of LAME."
Data Visualization PLplot Development Release 5.6.0 is outVersion 5.6.0 of PLplot, a scientific plotting library, has been announced. "This is a stable release of PLplot. It represents the ongoing efforts of the community to improve the PLplot plotting package. Development releases in the 5.7.x series will be available every few months."
Desktop Environments GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Software AnnouncementsThe following new KDE software has been announced this week:
KDE Commit-DigestThe May 7, 2006 edition of the KDE Commit-Digest is out with new KDE software announcements. Topics include: "Coverity fixes continue to roll in. amaroK gets enhanced support for VFAT (ie. Generic Audio) devices. New themes for KTuberling. Preliminary support for both next-generation disc formats (Blu-ray and HD-DVD) in K3B. KDE 4 changes: More apps ported to D-BUS. JuK gets the ball rolling on porting to Phonon."
KDE 3: All About the Apps Part 3 (KDE.News)KDE.News has published part 3 of its look at KDE 3.5 applications. "Today, we look at the photo-manager digiKam, the plotting application QtiPlot, the LaTeX-dreamteam Kile and KBibTeX and the upcoming KDE 3.5.3 release."
Educational Software Open Administration for Schools 1.98 releasedVersion 1.98 of Open Administration for Schools "Open Administration for Schools is a GPL'd software package written in perl and uses MySQL or PostgreSQL for data storage. It is entirely web based and uses LaTeX to generate PDF reports. As a result it runs very well on most any Linux distro (I'm an old slackware man, myself)." This version adds a Transcript reporting system, automated attendance scanning with form letters, and gradebook updates.
Electronics XCircuit 3.6.22 releasedDevelopment version 3.6.22 of XCircuit, an electronic schematic drawing package, is out with bug fixes.
GUI Packages lbDMF 0.7.0 releasedVersion 0.7.0 of lbDMF, a wxWidgets-based GUI sample application, has been announced. "The new version includes improvements such as GUI state storage to file, a new property editor and layout capabilities and more. The sample can be used to rapidly develop database applications without writing a line of code."
Mail Clients MH-E 8.0 is availableStable version 8.0 of MH-E, the Emacs interface to the MH mail system, has been announced. "Version 8.0 supports GNU mailutils, S/MIME, picons, which-func-mode, sports an improved interface for hiding header fields, improves upon the MH variant detection, improves folder completion, makes the pick search equivalent to the other types of searches, spruces up the tool bar, creates the correct MIME type when including OpenOffice documents, works on a Mac, adds colors to buttons for signed or encrypted messages, incorporates new features introduced in Emacs 22.1, fixes a bunch of bugs, and best of all, comes with an updated manual!"
Music Applications CLAM Music Annotator 0.3.1 releasedVersion 0.3.1 of CLAM Music Annotator is out with lots of new capabilities. CLAM Music Annotator is: "an application of the CLAM framework that can be used to visualise, check and modify music information extracted from audio: low level features, note segmentation, chords, structure... The tool is intended to be useful for (though not limited to) the music information retrieval research..."
Dino 0.2 is outInitial version 0.2 of Dino is available. "Dino is a MIDI sequencer for GNU/Linux that uses JACK MIDI and JACK transport to send MIDI events to synths and synchronise with other sequencers or transport aware programs. It uses LASH to save and restore sessions. This is the first release."
Video Applications PiTiVi 0.10.0 releasedVersion 0.10.0, an alpha release, of PiTiVi is available for testing. "PiTiVi allows users to easily edit audio/video projects based on the GStreamer framework: Capture audio and video; mix, resize, cut, apply effects to audio/video sources; Render/Save the projects to any format supported by the GStreamer framework. PiTiVi is still in a very early stage of development, and contributions are much welcome."
Web Browsers Version 1.0 of the Firefox Client Customization Kit Released (MozillaZine)MozillaZine reports that the first version of the Firefox CCK (Client Customization Kit) has been released. "The Firefox CCK allows people to create an extension that customizes the browser for a particular installation or deployment. Example customizations include adding an indentifier to the user agent string, changing the default home page, title bar text and the animated logo, preinstalling browser plugins and search engines, adding bookmarks, registry keys and certificates."
Miscellaneous Pooter 4.1 announcedVersion 4.1 of Pooter is available. The author says: "Pooter is a cross-platform PIM program, which now includes a simple, but fast and powerful thought map. The version 4 series has a completely redesigned interface as well as many new features compared to earlier versions." See the change log file for more details.
Languages and Tools C++ Smart Pointers in C++ (O'Reilly)Julio M. Merino Vidal discusses C++ smart pointers on O'Reilly. "C++, with its complex and complete syntax, is a very versatile language. Because it supports object-oriented capabilities and has powerful object libraries--such as the STL or Boost--one can quickly implement robust, high-level systems. On the other hand, thanks to its C roots, C++ allows the implementation of very low-level code. This has advantages but also carries some disadvantages, especially when one attempts to write high-level applications. In this article I describe some common pitfalls that appear when manually managing dynamic memory in C++. This leads me to analyze which possible alternatives exist to avoid them, RAII-modeled classes being a good example. And finally, I present smart pointers and a description of some popular ones."
Caml Caml Weekly NewsThe May 9, 2006 edition of the Caml Weekly News is out with new Caml language articles.
PHP PHP 5.1.4 ReleasedVersion 5.1.4 of PHP has been released. "A critical bug with $_POST array handling as well as the FastCGI sapi have been discovered in PHP 5.1.3. A new PHP release 5.1.4 is now available to address these issues. All PHP users are encouraged to upgrade to this release as soon as possible." See the change log for more information.
Python Dr. Dobb's Python-URL!The May 8, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.
Ruby The Gemcutter's Workshop (Linux Journal)The May 9, 2006 edition of The Gemcutter's Workshop is available with new Ruby language information. "It has been another big bi-week, and the pace of the Ruby community is accelerating. The ruby-talk and rails mailing lists are full to overflowing, the ruby-core mailing list is quite active, project announcements seem to pop up on a daily basis, and new resources seem to appear overnight. It's an exciting time to be involved with the language."
Tcl/Tk Dr. Dobb's Tcl-URL!The May 8, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.
Page editor: Forrest Cook Linux in the news Recommended Reading Everyone Wants to 'Own' Your PC (Wired)Here's a Wired column by Bruce Schneier about the forces which would have your computer work for them, rather than for you. "You can fight back against this trend by only using software that respects your boundaries. Boycott companies that don't honestly serve their customers, that don't disclose their alliances, that treat users like marketing assets. Use open-source software -- software created and owned by users, with no hidden agendas, no secret alliances and no back-room marketing deals."
Linux kernel 'getting buggier,' leader says (ZDNet)ZDNet reports from Andrew Morton's talk at LinuxTag. "Morton said he hasn't yet proved this statistically, but has noticed that he is getting more e-mails with bug reports. If he is able to confirm the increasing defect rate, he may temporarily halt the kernel development process to spend time resolving issues."
What's in a name? (NewsForge)Joe 'Zonker' Brockmeier takes a look at naming conventions or the lack thereof. "As an editor and writer, I try to stick with the usage dictated by a project, but that's often difficult. Many projects don't agree on their usage on their own Web sites, documentation, and mailing lists. For example, on the Xpdf site, you see Xpdf and xpdf used interchangeably. On the KPDF site, KPDF and kpdf are also used interchangeably. Even though MySQL AB has managed consistent usage of MySQL, I frequently see articles that use Mysql and mySQL." GnomeDesktop also finds that suspend and hibernate names are not used consistently.
Trade Shows and Conferences KDE to Become Better Supported on the Ubuntu Platform (KDE.News)KDE.News covers a meeting of Kubuntu and KDE contributors at LinuxTag. "At the beginning of the meeting, Mark outlined Canonical's vision of the future of Ubuntu Linux and the role of Kubuntu and KDE therein. Canonical wants to create a free, professional economic eco-system and help to develop and transport KDE's vision of the future of the free desktop."
The 2006 LinuxWorld Canada Show (Linux Journal)Colin McGregor reports on LinuxWorld Canada 2006 from the Greater Toronto Area Linux User Group (GTALUG) booth and beyond. "Ross Chevalier of Novell spoke at the Wednesday afternoon keynote about Novell's efforts to bring Linux to the desktop via its SUSE subsidiary. There are several new efforts on that score. Novell is running a Web site, www.betterdesktop.org, that offers GNOME and KDE developers insights from Novell's usability studies. Novell has set up usability labs in Utah and in Boston, Massachusetts, and it has a portable lab. In the labs Novell asks ordinary computer users to perform a task, such as open and edit a document, then video tape what happens."
The SCO Problem April 14, 2006 SCO v. IBM Hearing Transcript (Groklaw)For those who are still interested in occasionally checking into the progress of the SCO case: Groklaw has the transcript of the April 14 hearing, which PJ describes as "one of the most interesting" since the beginning of the case. It shows that some things have changed little over the years: "I mean, the basic allegation, Your Honor, is that IBM dumped so much material into Linux that we made it a super operating system that killed SCO's UNIX business and that, therefore, they are entitled to billions of dollars in damages. Surely they don't contend that we are not entitled to understand exactly what it was that was supposed to be put in there and determine and evaluate whether that even matters to Linux, whether anyone is even using Linux because of that and whether, even if they are using it because of that, it has any bearing whatever on the competition between Linux, if any, and their UNIX products."
Companies Atmel bundles embedded Linux dev service with ARM SoCs (LinuxDevices)LinuxDevices covers a collaboration between Atmel and TimeSys. "Chip-maker Atmel has selected the TimeSys LinuxLink service as the "primary Linux distribution mechanism" for its new ARM-based processors, TimeSys says. Atmel customers will receive a free one-month subscription to LinuxLink, providing them with a starting point, including the newest kernel optimizations and validated binaries, according to the companies."
SGI Files for Bankruptcy (eWeek.com)eWeek looks at Silicon Graphics' bankruptcy filing. "The Mountain View, Calif., company on May 8 filed for Chapter 11 protection, saying it was a key step in the reorganization that is aimed at reducing SGI's debt by about $250 million. The filing occurred at the federal Bankruptcy Court for the Southern District of New York. Company officials say they will file their reorganization plan shortly and expect to come out of bankruptcy within the next six months."
Business BitTorrent inks studio distribution deal (ZDNet)ZDNet reports that BitTorrent has made a distribution deal with a Hollywood studio. "Warner Bros. Entertainment Group has agreed to use BitTorrent's peer-to-peer system to distribute movies and television shows, including "Dukes of Hazzard" and "Babylon 5," beginning this summer, the companies are expected to announce Tuesday."
Linux at Work Sporting goods retailer now sporting Linux everywhere (NewsForge)NewsForge looks at the use of Linux-based e-commerce software by outdoor sporting goods retailer Backcountry.com. "Jenkins hesitated at the last minute because he felt that Open-Xchange was "just copying Microsoft Exchange. Why go with a platform that's copying an eight-year-old piece of crap?" he says. "Why not go with something new and sexy?" He and the Backcountry.com staff decided to look a bit further, found Zimbra Collaboration Suite. Jenkins liked the AJAX-based interactivity of Zimbra. Backcountry began testing it with 25 users, who also fell in love with some of the same features that lured Jenkins, such as the interactive calendar that renders pages with one mouse click and "zimlet" plugins that let users do on-the-fly Wikipedia and Yahoo! Maps searches."
Legal Artistic License in software spat (NewsForge)NewsForge examines a lawsuit between Auto/Mate and Webswell involving the ownership of software derived from open-source code. "The two firms signed a contract last year under which Webswell would consult, develop, and test software for Auto/Mate. It appears that starting point for the work to be performed included both existing proprietary software, owned by Webswell, and open source code licensed under the Artistic License. In the lawsuit filed in the United States District Court, Northern District of New York, Auto/Mate asserts that it owns the software developed for the company by Webswell, and that by posting the source code for that software on various open source Web sites, Webswell has violated its copyright."Correction: The open source code was originally released under the Academic Free License, not the Artistic Free License.
Legal analysis of the GPLv3 patent provisionsDiane Peters, General Counsel for the Open Source Development Labs, presents an analysis of the GPLv3 patent provisions, the paper was presented at the 2006 AIPLA conference.
Interviews The Evolving ODF Environment: Spotlight on KOffice (ConsortiumInfo.org)ConsortiumInfo.org has an interview with Inge Wallin, the KOffice Promotions Lead. "A few weeks ago, KDE announced the release of KOffice 1.5, which achieves a high degree of support for ODF. In this extensive interview, I explore with Inge Wallin, the KOffice Promotions Lead, how KOffice is different from the other major office productivity releases that support ODF, which users may find it most appropriate to their needs, in what directions future development will proceed, and much more. In the future, I hope to provide similar interviews with representatives of the other major offerings, in order to illustrate the way in which the ODF standards-based office productivity environment is evolving in real time." (Found on KDE.News)
Trolltech sees a billion Linux phones (the Register)Andrew Orlowski talks to Eirik Chambe-Eng and Haavard Nord about Trolltech's plans in the cell phone market. "But when we caught up with Trolltech's two founders on a recent swing through San Francisco, it wasn't the most talked-about market that they believe will dip towards Linux. Eirik Chambe-Eng and Haavard Nord are quite happy to let Symbian and Microsoft duke it out for ascendency in the smartphones segment. It's the increasing complexity of feature phones where they're pitching their Qtopia embedded suite. "Microsoft and Symbian are established in smartphones, they have good support for business applications. It's the feature phones and low-end that we believe will be a success for Linux," says Eng."
Resources CLI Magic: Bash complete (Linux.com)Linux.com has some tips on using bash completion. "The auto complete feature of the Bourne Again SHell makes bash one of the most loved and newbie-friendly Linux shells. Just by pressing the Tab key you can complete commands and filenames. Press the Tab key twice and all files in the directory get displayed. But you can do more with autocomplete -- such as associating file types with applications, and automatically designating whether you're looking for directories, text, or MP3 files. With simple commands such as complete and the use of Escape sequences, you can save time and have fun on the command line."
Creating a Dual-Boot Windows XP and Ubuntu Laptop (O'Reilly)Kevin Farnham shows how to make a laptop computer dual boot Linux and Windows XP in an O'Reilly article. "Notebook computers are generally preloaded with Windows XP, but for those of us who do considerable work in the Linux environment, a Windows-only notebook is far from ideal. I worked with Unix on Windows packages such as Uwin and Cygwin for several years, but I finally decided I wanted a full Linux installation on my notebook."
strace - A very powerful troubleshooting tool for all Linux users (LinuxHelp)Linux Help takes a look at strace. "Many times I have come across seemingly hopeless situations where a program when compiled and installed in GNU/Linux just fails to run. In such situations after I have tried every trick in the book like searching on the net and posting questions to Linux forums, and still failed to resolve the problem, I turn to the last resort which is trace the output of the misbehaving program. Tracing the output of a program throws up a lot of data which is not usually available when the program is run normally. And in many instances, sifting through this volume of data has proved fruitful in pin pointing the cause of error."
Reviews GNU/Linux training with Damn Small Linux manual (Linux.com)Linux.com has a review of the book DSL -- Linux Operating System in Less Than 50 MB by Mike Weber. "First, it centers on Damn Small Linux (DSL), a distro which fits on a credit card-sized 50MB mini CD. Second, the book was originally written for "an elite group of grade school students," a group that's technically inclined, if not yet technically skilled. Third, rather than coming in regular book format, this manual is published as a binder that can receive regular updates. Finally, this hands-on manual is replete with practical tips and tricks and concludes with a valuable series of projects, such as creating a backup server, building an embedded system, and building an $18 computer."
First look: Dropline GNOME 2.14.0 (Linux.com)Linux.com takes a look at Dropline GNOME. "Once installed, dropline provides a nice, usable GNOME desktop. All the applications required for an average desktop user are on the menu: Firefox and Epiphany Web browsers, Evolution groupware suite, Thunderbird email, AbiWord word processor, the Gnumeric spreadsheet, and the GIMP graphics program. It offers a good selection of Internet programs, such as Gaim, Drivel, Liferea, gFTP, and Gnomemeeting; multimedia tools such as Totem, Gnomebaker, Rythmbox, and Soundjuicer; and graphics tools such as gThumb and Inkscape. Underneath it all I still have Slackware providing Apache, sendmail, Samba, and CUPS, so my PC is also the email, data storage, and printing server, and the Internet gateway/firewall for the rest of the computers at home."
Phonon and the future of KDE multimedia (Linux.com)Linux.com looks at Phonon and KDE. "Clearly, aRts could not serve as the next generation KDE multimedia framework, but, given that KDE's emphasis on integration effectively discourages adoption of established projects, what would? The solution will come in the form of a front end to these established frameworks, one for which plugins can be written to support any contemporary or future multimedia back end that has the basic features the Phonon API must provide. Phonon will support a sensible median of the playback, mixing, and effects features of Gstreamer, Helix, Xine, JACK, NMM, and other back ends (even aRts), while presenting them to developers in a simple and unified API. The choice of which back end to use, if the user has several installed, will be user-configurable, with some power reserved for applications to choose or recommend their preferred back ends."
Defeat spam with SpamBayes (NewsForge)NewsForge looks at SpamBayes. "The SpamBayes classification sorts out virtually all spam messages and almost never produces a false positive -- that is, a good message wrongly identified as spam. Only once have I had to fetch an email from the junk mail folder. This happened when a Spanish friend wrote me, presumably because Spanish messages are rare in my inbox. I corrected the wrong classification, and all her subsequent messages were recognized as good. The program improves precision with each manual correction."
Transcoding and streaming DVD films with VLC media player (NewsForge)Dmitri Popov reviews the VLC media player on SourceForge. "The VLC media player (VLC) is a versatile tool. It can handle virtually any media file, it can play network streams such as Internet radio stations, and it can stream media contents across the network. But that's not all; VLC can also 'stream' media to a file in a user-defined format, which makes it a handy transcoding tool. The most obvious use of this feature is to backup your film DVDs, a process that VLC makes straightforward. While VLC doesn't support so-called DVD shrinking (fitting a film onto a single-layer DVD or even CD), it's perfectly capable of converting an entire film into a single file that you can play in any media player, including VLC itself."
Miscellaneous Coming soon: ODF for MS Office (Linux-Watch)Linux-Watch covers an Open Document Format plugin for MS Office. "The [OpenDocument] Foundation is offering ODF support for Microsoft Office because "this isn't about 'Windows' or MS Office. It's about people, business units, existing workflows and business processes, and vested legacy information systems begging to be connected, coordinated, and re-engineered to reach new levels of productivity and service. It's also about the extraordinary value of ODF and its importance to the next generation of collaborative computing," said Edwards."
Page editor: Forrest Cook Announcements Non-Commercial announcements EFF: webcasting dropped from WIPOThe EFF reports that the draft WIPO treaty (covered in the May 4 LWN Weekly Edition) no longer grants 50-year copyright protection to webcasters. "So webcasting is out, but the question is for how long? The U.S., which proposed its inclusion, was not happy about the outcome. It said it was concerned with the 'missed opportunity' to provide protection for new entities, but said that it would reluctantly be prepared to accept the two-track approach -- on the condition that if the WIPO General Assembly did not convene a Diplomatic Conference dealing with 'traditional broadcasting' when it meets in September, any future discussions on a Broadcasting Treaty would include protection for new Internet entities." The DMCA-like DRM provisions are, presumably, still present in the draft.
FSFE welcomes KDE e.V. as new associate organizationKDE e.V., a registered non-profit organization that represents the K Desktop Environment in legal and financial matters, and the Free Software Foundation Europe (FSFE) have announced their associate status, working together for the promotion and protection of Free Software on users' desktops in Europe and worldwide.
CUPS in the Google Summer of CodeThe CUPS (Common Unix Printing System) project has announced its participation in the Google Summer of Code. "Qualifying students will be paid $4500 to work on any of the tasks on the CUPS roadmap page or a cool new idea of their own."
Google Summer of Code and OpenOffice.orgOpenOffice.org has announced its participation in the Google Summer of Code. "OpenOffice.org is proud to participate in the Summer of Code initiative sponsored by Google, and you are invited to join in the fun.... Last year's SoC was hailed by both students and mentors as a success, and we hope this year's will be even better."
Sun announces approval for Java EE 5 specificationSun Microsystems, Inc. has announced the unanimous approval of the Java EE 5 spec by the Java EE/SE Executive Committee. "With more than 30 licensees, Java EE is the premier platform for Java and Web services deployment. Java EE 5, described by JCP Java Specification Request (JSR) 244, includes innovations provided by more than 30 community experts and completed public review in August 2005. In all, 23 individual JSRs focusing on support for the latest web services and service-oriented architecture (SOA) technologies, a major revamp to the programming model, and simplified web application creation make up the Java EE 5 specification."
Commercial announcements Novell announces new Open Workgroup SuiteNovell, Inc. has announced the worldwide availability of its Open Workgroup Suite. "Novell Open Workgroup Suite is now available worldwide, giving customers an open, low-cost alternative to the Windows-centric solution many perceive as their only option. The first workgroup suite for the open enterprise that provides organizations with a flexible and cost-effective solution based on proven, standards-based software, the Novell Open Workgroup Suite includes server and desktop components with powerful management tools, collaboration capabilities and the most advanced open source office products in the market."
OpenLogic pays community experts to support open-source softwareOpenLogic, Inc. has announced the first program to provide consolidated, commercial-grade support across a wide range of open source products by tapping the open source development community for enterprise support. Through the OpenLogic Expert Community, "OpenLogic will pay qualified experts within the open source development community to provide in-depth support for open source products."
Open Source Vendors and Projects Unite to Form Open Management ConsortiumQlusters and Emu Software have announced the Open Management Consortium (OMC). ""The Consortium will promote the benefits offered by open source and open standard technologies and will provide a forum for product development collaboration among open source IT management projects. The founding members of the OMC include Nagios (sponsored by Ayamon), NetDirector (sponsored by Emu Software), openQRM (sponsored by Qlusters), openSIMS (sponsored by Symbiot), the Webmin project and the Zenoss project (sponsored by Zenoss, Inc.)."
Ranch Networks Develops Redundancy Solution for AsteriskRanch Networks has announced a Redundancy Solution for the Asterisk open-source telephony platform. "Ranch Networks, the first IP telephony network appliance provider to integrate security and bandwidth control for IP-based applications, today introduced 1+1 High Availability (HA) to its RN series of appliances. The 1+1 HA feature will provide users with reliable, redundant and uninterrupted VoIP service between any two Asterisk servers, even when the servers are not on the same network."
New Books PC Publishing Releases "Ableton Live 5 Tips and Tricks"PC Publishing has published the book Ableton Live 5 Tips and Tricks by Martin Delaney. "Ableton Live is the cross-platform software that's rocked the music world--gathering ardent fans in a way usually associated with performers rather than software."
Pragmatic Bookshelf releases "Enterprise Integration with Ruby"Pragmatic Bookshelf has published the book "Enterprise Integration with Ruby" by Maik Schmidt.
Learning UML 2.0 - O'Reilly's Latest ReleaseO'Reilly has published the book Learning UML 2.0 by Russ Miles and Kim Hamilton.
Linux Troubleshooting for System Administrators and Power Users publishedPearson has published the book Linux Troubleshooting for System Administrators and Power Users by James Kirkland, David Carmichael, Christopher Tinker and Gregory Tinker.
Programming PHP, Second Edition - O'Reilly's Latest ReleaseO'Reilly has published the book Programming PHP, Second Edition by Rasmus Lerdorf, Kevin Tatroe, and Peter MacIntyre.
Ubuntu Hacks: Rough Cuts Version - New from O'ReillyO'Reilly has published the book Ubuntu Hacks: Rough Cuts Version by Kyle Rankin, Jonathan Oxer, and Bill Childers.
Prentice Hall Announces "UNIX to Linux Porting: A Comprehensive Reference"Prentice Hall has published the book UNIX to Linux Porting: A Comprehensive Reference by Alfredo Mendoza, Chakarat Skawratananond and Artis Walker.
Resources Campware Good Gnewsletter #1Issue #1 of the Campware newsletter is available. Campware is an open-source platform for independent news media organizations in emerging democracies, "Welcome to the first issue of the Campware newsletter! We hope to bring you this kind of updates on a quarterly basis to let you know what we've been up to."
EasyLinuxCDs.Com Launches New Free ServicesEasyLinuxCDs.Com provides a wide range of Linux Distributions and Training materials to the Linux community. Now, in the true spirit of sharing, EasyLinuxCDs.com has widened the spectrum of free services to include games, wallpapers, how-to articles and more.
FSF Europe NewsletterThe May 10, 2006 edition of the Free Software Foundation Europe newsletter has been published.
Contests and Awards PyWeek Python Game Challenge winners announcedThe winners of the second PyWeek game programming challenge have been announced. Winners include Nelly's Rooftop Garden and Trip on the Funny Boat.
Education and Certification LPI Offers Certification Testing at LinuxWorld JohannesburgThe Linux Professional Institute will be holding certification testing at LinuxWorld in Johannesburg, South Africa on May 18, 2006.
TimeSys to Offer Technical Webinars for Embedded LinuxTimeSys will hold new Technical Webinars for Embedded Linux on May 11, 16 and 23, 2006. "TimeSys offers its services through LinuxLink subscriptions, which include a number of cross-development tools that simplify embedded development. Each session will explore cross-compilation and build challenges, highlight TimeSys tools for addressing these challenges, and enable live interaction with technical experts from TimeSys."
Event Reports Transcript: Richard Stallman at Porto AlegreCiaran O'Riordan has posted a transcript of Richard Stallman's GPLv3 talk at Porto Alegre last month. "So IBM has patent licences for loads of things that they don't know. So the result is that they could have a patent license that makes them safe and they don't know it. So, we said that it's not fair to put them in a worse position than you would be in just because they have a blanket cross-licence and somebody else is explicitly negotiating a licence, so we said, alright, it will only apply if you knowingly rely on a patent licence. So if IBM has a patent licence as part of a blanket cross-licence and doesn't know, then this doesn't apply to them, but if they find out that this problem is happening and they have a patent licence, then they have to do something. IBM doesn't seem to like this very much."
Slides from the Desktop Architects MeetingFew of us will be able to attend the second Desktop Architects Meeting, happening May 8 and 9 in Mainz, Germany. We all can, however, check out the slides from the presentations which will be made there. As of this writing, slides from a number of presenters, representing distributors, applications, desktop projects, and others, have been posted.
Upcoming Events Sun Microsystems Invites Developers to NetBeans DaySun Microsystems, Inc. has announced the Third Annual NetBeans Day. The event will take place at the 2006 JavaOne Conference on May 15, 2006 in San Francisco, CA. "The "Enterprise and Beyond" track will focus on development the upcoming Java EE 5 platform, while the "Client Application Development" track will highlight visual development of rich clients using the Project Matisse visual development tool and the Java SE platform. Featured guests will include Jonathan Schwartz, Sun's newly named Chief Executive Officer, and James Gosling, the father of Java."
Events: May 11 - July 6, 2006
Web sites The New and Improved KDE-Artists.org is Live! (KDE.News)KDE.News reports on the latest changes to KDE-Artists.org. "KDE-Artists.org is back up sporting a brand new look and feel. We have created a much more community centric site where those interested can submit news, tutorials, links and more. There is also a new feature we call Studios. This is a new twist on blogging that is completely focused on the creation of art and showcasing the process of creation. Artists who are interested will be able to share their artwork with others and talk about how they created it, and what influences them in their creative process."
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Graph]](/images/ns/kernel/kirkland-google-sm.png)