LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for August 24, 2006Resolved: firmware is not softwareOn July 17, the Debian release team posted an update on the upcoming "etch" distribution. Things appeared to be moving along nicely. Many of the important transitions have been made, the kernel was set to be frozen on July 30, and the final release (to be numbered 4.0) was on track to happen, as scheduled, on December 4 of this year. It all looks like the smoothest release process Debian has had in quite some time.For experienced Debian watchers, this seems too good to be true. And, in fact, that's exactly what it might be; behind the scenes, it looks like the etch release may get caught up on an old problem. On August 3, Debian developer Nathanael Nerode claimed that the etch timeline is unrealistic because the kernel will not be ready in time. The issue, in particular, is that of device firmware. Some background: most devices attached to a modern systems are special-purpose computers in their own right, running their own software. Some of these devices store that software ("firmware") in a ROM within the device itself. Over the years, however, manufacturers have found that loading the firmware from the host system is both cheaper and more flexible. As a result, much current hardware is unable to function in any useful way until the host computer has fed it the requisite firmware. This firmware load is handled by the device driver. Once upon a time, a great many drivers had the necessary firmware linked into the kernel itself. In many cases, over time, that firmware has been stripped out into a separate file which can be fed to the kernel at device initialization time. In others, however, the firmware remains in the kernel itself. Often, that firmware carries explicit permission which allows it to be distributed in that way, so licensing issues do not usually come into the picture. The Debian Project, however, is not satisfied with distributable firmware - or, at least, many vocal Debian developers are not satisfied. Unless there is accompanying source which can be used to rebuild that firmware, said firmware is not seen to be truly free, and, thus, has no part in Debian. According to this point of view, it is not possible to ship a kernel which is compliant with the Debian Free Software Guidelines (DFSG) until all of that firmware has been torn out of it. Since this work has not been done - the Debian kernel maintainers being more concerned with the production of a working and secure kernel - the kernel cannot be frozen, and the etch timeline cannot be met. There is another point of view within the project however. According to this perspective, Debian is shipping an operating system for the host CPU, not for all of the peripherals attached to that CPU. As long as the core operating system is free, that is good enough. The peripheral devices will, regardless of anything Debian does, be running non-free software. Adopting a policy which favors devices having their proprietary software in ROM (where it can never, ever be changed) over those which accept their firmware from the host (where, maybe, someday it could be rebuilt and tinkered with) seems like a step in the wrong direction. To people who see things this way, trying to purge non-free firmware distracts developers from more useful work while simultaneously making things harder for Debian's users. This is, to put it mildly, not a particularly new discussion. Despite having come around many times over the years, however, this question has never really been resolved. In an effort to bring it to a resolution this time around, Steve Langasek has proposed a general resolution stating, in essence, that Debian can ship "data" without the need for accompanying source. Data, in this sense, includes things like graphics (splash screens, icons, etc.), videos, and fonts. If this resolution is voted on and passes, the position taken by the project will be that, as long as the "data" itself is freely distributable, the project can ship it without source and remain true to its goals. The final part of the proposed resolution takes things one step further by stating explicitly that firmware is, for the purposes of the DFSG's source requirements, not a program. Device firmware is, instead, data which, under the terms of the resolution, can be shipped without source. Needless to say, this proposal has inspired some discussion. Many developers are in favor of the proposal, and have seconded it. Others have requested that it be split into two parts, with the firmware-as-data issue being voted upon separately. Some remain firmly opposed to shipping anything without source; these people do not like the resolution at all. Then, there is the position taken by Sven Luther, a member of the Debian kernel team. Sven states that calling firmware "data" is fundamentally dishonest, and that this fiction will inevitably lead Debian toward becoming a non-free distribution. What he would like to see, instead, is a resolution that, while firmware remains a problem, it is one which has been with Debian for a long time and which is not going to be solved within the etch release schedule. So, Sven proposes:
We thus ask the project to temporarily waive the DFSG requirement
for those non-free firmware blobs, in order to let the etch release
to ship in a timely fashion, and let us work on these issues,
within the kernel and related affected teams, the project as a
whole (The DPL could mandate a delegate or delegate team to contact
manufacturers and such), but also upstream, in a calm and posed
way, not hurried by the needs of the release, and other such
pressure.
Sven will likely format this proposal into a competing resolution for a vote by the developers. What this alternative resolution really looks like, of course, is yet another decision to defer the issue and argue about it again in the next release cycle. But this could be just how the decision goes in the end. Many developers have little patience with the firmware battles and with the push to break working drivers. There is also a real unease, however, with shipping binary firmware blobs, and simply rebranding those blobs as "data" may not be enough to make people feel better about it. So Debian may well punt the issue again; expect its return in a year or two.
Who maintains RPM?RPM is an important piece of Linux infrastructure. It is the native package manager for a number of major distributions, including Red Hat's enterprise offerings, Fedora, and SUSE. The Linux Standard Base specification requires that all compliant systems offer RPM - even those which are built around a different package management system. If RPM does not work, the system is not generally manageable. So it may be a little surprising to learn that the current status and maintainership of RPM is unclear at best.Once upon a time, RPM was the "Red Hat Package Manager." In a bid to establish RPM as a wider standard - and, perhaps, to get some development help - Red Hat tried to turn RPM into a community project - rebranding it as the "RPM Package Manager" in the process. But core RPM development remained at Red Hat, under the care of an employee named Jeff Johnson. That, it would seem, is where the trouble starts. Back in early 2004, an RPM bug report was filed. The reporting user had made a little mistake, in that he had tried to install a package on a system where /usr was mounted read-only. Needless to say, this operation did not work as intended - an outcome which the bug reporter could live with. This person, however, did think that it might have been better if RPM had not corrupted its internal database in the process of failing. He suggested that RPM should keep its internal records in order, even if the system administrator has requested something which cannot be done. The ensuing conversation - lasting for over two years - deserves to become a textbook example in how not to respond to bug reports. Mr. Johnson took the position that, since RPM was being asked to do something erroneous, its subsequent mangling of the package database was not a bug. Instead, it seems, this behavior should be seen as an appropriate consequence for having done something stupid. Mr. Johnson repeatedly closed the bug, stating his refusal to fix it. Numerous other participants in the discussion made it clear that they disagreed with this "resolution" of the bug, but nothing, it seemed, could convince the RPM maintainer to put in a fix. In February, 2006 - almost two years after the bug report had been entered - Mr. Johnson posted a one-line comment to the effect that read-only mounts were properly detected in RPM-4.4.5. This might seem like the end of the story, except for one little problem: Fedora currently ships version 4.4.2, and even the Fedora development repository has not gone beyond that. SUSE remains at 4.4.2, and the current RHEL offerings have rather older versions. Mr. Johnson has continued to make RPM releases, but the distributors are not picking them up. They are, instead, shipping an older version of this crucial tool, augmented with a rather hefty list of patches. Part of what is happening here is that Mr. Johnson is no longer a Red Hat employee, having been encouraged to pursue other opportunities. He does, however, continue to show up on the Red Hat bug tracker when RPM issues are being discussed; as a current example shows, he does not appear to have adopted a friendlier attitude toward RPM users (or his former employer) over time. There has been talk on the mailing lists about removing his access to the bugzilla database - an action which may have occurred by now. Red Hat's Greg DeKoenigsberg, who has responsibility for the company's relations with the development community has stood up and pointed out, however, that simply silencing one difficult personality will not address the real problem:
When we fired jbj, we didn't have the courage to draw a line in the
sand and say "we're taking upstream ownership of RPM back." Why
not? Because we thought it would be difficult politically?
Because we didn't want the responsibility anymore? Because nobody
in management actually cared enough to think about the
ramifications? I don't know.
Fast forward a year plus, and here we are. We're in a position where we have, essentially, forked RPM -- and no one is willing to admit it. No one is willing to take ownership of what we've done. Perhaps jbj "owns" RPM, in its current incarnation, by default, because no one else is willing to touch it. That's fine. He can have it. But that is not what *we* are using. So, when Jeff Johnson walked out the door at Red Hat, he took RPM with him. Since then, few distributors have wanted to use his releases, but no other organized project around RPM has come into existence. For the purposes of the people using distributions from Red Hat and SUSE, RPM is essentially unmaintained. There has been no clear message to users about the state of RPM. Some Fedora users have asked, via yet another bugzilla entry, for an update to Jeff Johnson's current release, but nobody has posted a definitive reason as to why that will not happen. But it does appear that there is no interest within Fedora to depend on Mr. Johnson for anything, much less an important piece of infrastructure, so Fedora appears unlikely to move to the newer releases. What Greg DeKoenigsberg has said - backed up by Michael Tiemann - is that the time has come for Fedora and Red Hat to own up to what has happened and formalize the new status of RPM. The current situation, where RPM has been forked but nobody is saying so, will not lead to anything good in the long run. The new RPM - perhaps the "Red Hat Package Manager" yet again - needs to have its existence acknowledged and its maintainership made clear. Either that, or Red Hat and Fedora should acknowledge the current RPM maintainer and move toward rejoining with his version of the code. Until one of those things happen, there will continue to be a dark cloud of uncertainty surrounding a tool which is heavily depended upon by vast numbers of Linux users. (See also: the the Fedora rpm-devel wiki page, which lists features found in the current RPM release but not in Fedora's version).
What is a Linux laptop?Recently, Lenovo announced that it would be supporting Linux on one of its Thinkpad laptop models. This announcement was seen as a big turnaround, given that the company had said, only a few months ago, that it was no longer interested in Linux. Since Thinkpads tend to be relatively nice machines, and since support for Linux among laptop manufacturers tends to be nonexistent, Lenovo's announcement looks like good news. It is not, however, as good as many in the community might have hoped.Your editor had a brief conversation with Lenovo, and was able to confirm the news that came out of LinuxWorld: Lenovo's "Linux-supported" laptop does not, in fact, come with Linux installed. This machine is shipped with a blank disk and a note instructing the purchaser to go buy a copy of SUSE Linux Enterprise Desktop 10 and install it him- or herself. The only real differences with this offering are that (1) the proud owner has some reasonable assurance that the installation will actually work - a valuable thing - and (2) there is no Windows certificate to throw away. The other surprise is that this machine features the ATI "Mobility FireGL V5200" video adapter. This adapter is, by all accounts, a nice piece of hardware, but it lacks a free driver. The associated ThinkWiki page goes into what must be done to get this card working properly on a Linux system; it involves installing ATI's proprietary driver. So people who have bought this "Linux supported" system are not, in the end, running free software. Doubtless there will be customers who are happy with this deal - though Lenovo's pricing does not seem particularly attractive. But this offering raises an important question: what does it really mean for a vendor or a computer to "support Linux"? How can customers for such systems know whether they are getting a truly free system, or, instead, one which forces the use of proprietary software? Somehow, we need to get a handle on the claim of "supporting Linux" and make the distinction between free and proprietary systems clear. Without this transparency, there will be little incentive for manufacturers to create truly free systems. An independent body which could certify 100% free Linux systems would be ideal, but this body does not currently exist and it is not clear who could credibly take on that task. In its absence, all we can do is to insist that systems vendors be clear about just what they are selling.
Security Fighting image spamA number of spammers have been evading filters like SpamAssassin (SA) recently by encoding their messages as images. SA already has a set of rules that are meant to combat image spam, but the more recent messages (typically for stock scams or pharmacy products) have been crafted to avoid them. This would indicate, once again, that spammers are using SA to pre-test their messages and are modifying them to get through. SA developers, however, are up to the challenge and two specific countermeasures have been released. The first technique uses Optical Character Recognition (OCR) software to pull words out of the images and then uses a blacklist of words to increase the SA score. It was quickly realized that spammers are using similar obfuscation techniques in the images that they have long used in text emails (misspelling words, using characters that look like others, etc.) so a fuzzy matching was added to the plugin. Unsurprisingly, there are already reports of images that put a light background of random 'snow' behind the text (example). This practice does not affect the readability for humans, but does affect the quality of the OCR output. The FuzzyOCR developers have quickly adapted by using a feature that removes smaller particles before doing the OCR scan. The question remains, of course, whether the OCR software will be able to keep up with obfuscations that will still be readable to humans. Human pattern matching may be too good for the state of the art in OCR. The plugin uses several external programs from the netpbm tools, the gocr open source OCR program and several other libraries and perl modules. This is a fairly heavy handed approach, requiring a good bit of installation and configuration of the various pieces. Another approach is the ImageInfo plugin, which does not require any external tools. It looks at the GIF and PNG headers of images in the email and calculates the area, in pixels, that they cover. Those values can be used in SA rules to increase the score of those having the characteristics of the latest image spam. The current ruleset penalizes single images that are larger than 180K pixels as well as a combinations of four or more images that total to more than 180K. It seems very likely that the spammers will be using the plugin and testing their images so this ruleset will likely have to evolve rather quickly. It is interesting to watch the battle over our email inboxes as the level of cleverness of the spammers seems to be increasing over time. This is clearly an arms race and one that spam filtering developers will have to stay on top of for the foreseeable future. Long term solutions to the problem do not seem to exist and this incremental measure-countermeasure war is here to stay.
New vulnerabilities binutils: buffer overflow
imagemagick: buffer overflow
php: multiple vulnerabilities
php: arbitrary code execution
trac: missing input sanitizing
Updated vulnerabilities apache: cross-site scripting
audacious: buffer overflow
binutils: buffer overflow
busybox: insecure password generation
bzip2: race condition and infinite loop
ktools: buffer overflow
clamav: remote code execution
cpio: arbitrary code execution
vixie-cron: privilege escalation
cscope: buffer overflows
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
drupal: missing input sanitizing
fbi: incorrect filtering
mozilla: multiple vulnerabilities
freeradius: several vulnerabilities
freetype: integer overflows
gallery: multiple vulnerabilities
gdm: improper file permissions
gedit: format string vulnerability
grip: buffer overflow
gzip: arbitrary command execution
heartbeat: out-of-bounds read
ImageMagick: heap overflow vulnerability
kdebase: privilege escalation
kdelibs: kate backup file permission leak
kernel: denial of service by memory consumption
kernel: privilege escalation
krb5: local privilege escalation
libgadu: memory alignment bug
libgd2: denial of service
libmms: buffer overflows
libpam-ldap: authentication bypass
libpng: buffer overflow
libpng: heap based buffer overflow
libtiff: buffer overflows
libtiff: buffer overflow
libvncserver: authentication bypass
libwmf: integer overflow
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lynx: arbitrary command execution
mutt: IMAP namespace buffer overflow
mysql: format string bug
MySQL: logging bypass
nbd: arbitrary code execution
ncompress: buffer underflow
openoffice.org: several vulnerabilities
php: multiple vulnerabilities
phpbb2: missing input sanitizing
phpbb2: multiple vulnerabilities
phpMyAdmin: multiple vulnerabilities
postgresql: SQL injection
Py2Play: remote execution of arbitrary Python code
quake: buffer overflow
Ruby on Rails: several vulnerabilities
ruby: multiple vulnerabilities
sendmail: denial of service
shadow-utils: mailbox creation vulnerability
squirrelmail: insecure permissions
sudo: vulnerability via scripts
texinfo: temporary file vulnerability
tin: buffer overflow
unzip: long file name buffer overflow
w3c-libwww: possible stack overflow
warzone2100: buffer overflows
wireshark: multiple vulnerabilities
WordPress: privilege escalation
xine-lib: buffer overflow
xine-lib: buffer overflow
xine-ui: format string vulnerabilities
X.Org: buffer overflow
xpdf: buffer overflow
xpdf: integer overflows
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current stable 2.6 kernel is 2.6.17.11, released on August 23. It is a relatively large patch set with fixes for a number of important bugs. Before that, 2.6.17.10 was released on August 22. This one has three security fixes: one for a privilege escalation problem in the SCTP code, one for a UDF filesystem memory corruption bug, and one for a crash which can only be triggered by a privileged user. 2.6.17.9 was released on August 18 with a single, PowerPC-specific security fix.The current 2.6 prepatch remains 2.6.18-rc4. Linus surfaced from his vacation long enough to merge 100 or so fixes into the mainline repository, but little more than that has happened on that front. The current -mm tree is 2.6.18-rc4-mm2. Recent changes to -mm include a kernel stack protector patch set (labeled "security placebo"), the ability to filter core dumps through a helper application, and a lot of fixes. The current stable 2.4 kernel is 2.4.33.2, released on August 22. It contains a small number of fixes, including one for the latest SCTP vulnerability. Previously, 2.4.33.1 came out on August 19 with another pair of security fixes. The 2.4.34 process has begun with 2.4.34-pre1, with another small set of fixes (but see below as well).
Kernel development news Old kernels and new compilersUnder the long-lasting maintainership of Marcelo Tosatti, the 2.4 kernel went into a deep maintenance mode, with only important fixes being considered for merging. For some people, perhaps, it was a little too deep - Marcelo clearly had other tasks besides 2.4 maintenance keeping him busy. Even so, few expected major changes when Willy Tarreau took over 2.4 maintenance after the 2.4.33 release. Why mess with 2.4 at this point?So Willy's 2.4.34-pre1 announcement raised a few eyebrows. The prepatch itself contains a relatively small number of patches of the type one would expect. But the announcement itself notes that Willy is considering merging a set of patches to allow 2.4 kernels to be built with current gcc 4.x compilers. This is not a trivial set of changes; gcc 4.x is sufficiently different that a fairly wide-ranging set of fixes is required. The gcc 4.x transition for 2.6 was not an overnight affair. A clear question comes immediately to mind: why would somebody who is not interested in running a current kernel be bothering with contemporary compilers? One answer is to be found in the announcement itself: there are administrators who deploy 2.4 kernels on ultra-stable systems, but who build those kernels on their desktops. It is getting increasingly hard to find a current distribution with a compiler old enough to build 2.4 kernels, so these administrators are finding themselves in a bit of a bind. A 2.4 kernel which could be compiled with a current gcc would allow current systems to be used to build kernels for deployment on stable, production systems, many of which may not have their own compilers installed at all. Solar Designer has also noted that Openwall GNU/*/Linux is planning to upgrade to gcc 4.x and would really rather not have to change to the 2.6 kernel at the same time. For an interesting read, see Willy's description of the user base, as he sees it, for the 2.4 kernel. In his view, the major users are those setting up very high-reliability sites. These people prefer 2.4 kernels for this job:
Simply because we already know from collective experience that
these versions can achieve very long uptimes (while we don't know
this yet for a fresh new version which got 5700 patches in the last
3 months), and because with the addition of very few patches, you
can make a bet on security: as long as newly discovered
vulnerabilities don't affect you or are covered by your additional
patches, you win. If you need to update and induce excessive
downtime, you lose and pay penalties.
The idea is to keep these people happy - by enabling the use of current compilers, among other things - until a 2.6 kernel comes along which is able to provide the same sort of stability guarantees. The 2.6 development model makes that sort of guarantee harder, however, because older 2.6.x kernels go out of general maintenance relatively quickly (though distributors can and do maintain them for longer). It is hard to find a 2.6 kernel with a multi-year track record of reliability, security, and ongoing fixes. Willy's hope is that the current 2.6.16 kernel, which Adrian Bunk has stepped forward to maintain for the long term, will help in this regard. Once 2.6.16 has received a year or two of fixes (and nothing else), it might reach a point where high-reliability people might trust it in deployed systems. Time will tell if this kernel is able to reach that point. As an aside, it's worth mentioning that a small number of developers (well, OK, one developer) have expressed some discontent about the 2.6.16 long-term process. This developer has said that it would have been better to elect an extra-stable tree maintainer through some sort of popular vote, and, perhaps, to move on to a 2.7 development series as well. This complaint ignores the fact that volunteers to maintain 2.6 kernels over the long term have been in relatively short supply; in fact, Adrian would appear to be about the only one. It does not appear that Adrian's appointment as the long-term 2.6.16 maintainer has deprived anybody else of their lifetime dreams. So maintainer elections - other than those of the "vote with your feet" variety - seem unlikely to happen in the near future.
Kevents and review of new APIsThe proposed kevent interface has been covered here before - see this article and this one too. Kevents appear to have gained significant momentum over the last few weeks, to the point that inclusion in 2.6.19 is not entirely out of the question. Most developers who have reviewed the code seem to like the core idea (a unified interface for applications to get information on all events of interest) and the implementation within the kernel. Only now, however, is significant attention being paid to the user-space API which comes with kevents. But the definition of that API is of crucial importance. This article will look at it from two perspectives - first technical, then political.The discussion of the proposed API has been hampered somewhat by the lack of associated documentation - and the fact that said API is still changing quickly. In an attempt to pull together some of the available information, Stephen Hemminger has put up a page at OSDL describing the system call API. That page misses one important aspect of kevents, however: the ability to receive events via a shared memory interface. In an attempt to fill that gap, we'll look at the August 23 version of the memory-mapped kevent API. One of the goals behind kevents is to make the processing of events as fast as possible - the idea being that a high-performance network server (say) can work through vast numbers of events per second without appreciable system overhead. One way to achieve this is to avoid system calls altogether whenever possible. That is why there is interest in mapping kevents directly into user space; this approach will allow the application to consume them without calling into the kernel for each one. To use the mmap interface, the application obtains a kevent file descriptor, as usual. A simple call to mmap() will then create the shared buffer for kevent communication. The size of this buffer is currently determined by an in-kernel parameter - the maximum number of kevents which will be stored there. Presumably there will eventually be a KEVENT_MMAP_PAGES macro (or some such) to free the application from trying to figure out how many pages it should map, but that is not yet provided. The resulting memory array is treated as a big circular buffer by the kernel. There is a single index only, however - where the next event will be written by the kernel. In other words, the kernel has no way to know which events have been consumed by the application; if that application falls too far behind, the kernel will begin to overwrite unprocessed events. For this reason, perhaps, the buffer is made relatively large - 4096 events fit there in the current version of the patch. The events stored in the buffer are not the same ukevent structures used by the system call interface. There is, instead, a shortened version in the form of struct mukevent:
struct kevent_id
{
union {
__u32 raw[2];
__u64 raw_u64 __attribute__((aligned(8)));
};
};
struct mukevent
{
struct kevent_id id;
__u32 ret_flags;
};
The id field contains some information about what happened: the relevant file descriptor, for example. The actual event code itself is not present, however. The event ring is not quite a pure circular buffer. It is formatted with a four-byte field at the beginning of each page, followed by as many mukevent structures as will fit within the page. The four-byte field in the first page contains the current event index - where the kernel will write the next event. The application will, presumably, keep track of the last event it read from the buffer, moving that counter forward until it catches up with the kernel. The application must take care, however, to notice every time it crosses a page boundary so it can skip the count field. Since there is no way to inform the kernel that events have been consumed from the memory-mapped ring, and since the full event information is not available via that ring, the application must still call into the kernel for events. Otherwise, if nothing else, they will accumulate there until they reach their maximum allowed number. So the advantage of the memory-mapped approach will be hard to obtain with the current code. As was noted above, however, this API is very young. One assumes that these little problems will be ironed out in the near future. Meanwhile, kevents have created a separate discussion on how new APIs go into the kernel. One Nicholas Miell requested that some documentation for this interface be written:
Is any of this documented anywhere? I'd think that any new
userspace interfaces should have man pages explaining their use and
some example code before getting merged into the kernel to shake
out any interface problems.
The response he got was "Get real". Others suggested that, if Mr. Miell really wanted documentation, he could sit down and write it himself. It must be said that, through the discussion, Mr. Miell has comported himself in a way which is highly unlikely to inspire cooperation from anybody. He seems to carry a certain contempt for the interface, the process, and the people involved in it. But it must also be said that he has a point. The creation of user-space APIs differs from how most kernel code is written. Much is made of the evolutionary nature of the kernel itself - things continually evolve as better solutions to problems are found. User-space interfaces, however, cannot evolve - once they are shipped as part of a mainline kernel, they are set in stone and must be maintained forever. They must be right from the outset. So it is not unreasonable to expect that the level of review for new user-space APIs would be higher, and that documentation of proposed APIs, which can be expected to help the review process, should be provided. It is true, however, that the original developer is not always the best person to provide that documentation. One question which has been raised about this interface has to do with its similarity to the FreeBSD kqueue mechanism. The intent of the interface is the same, but no attempt to emulate the kqueue API has been made. Andrew Morton has said:
I mean, if there's nothing wrong with kqueue then let's minimise
app developer pain and copy it exactly. If there _is_ something
wrong with kqueue then let us identify those weaknesses and then
diverge. Doing something which looks the same and works the same
and does the same thing but has a different API doesn't benefit
anyone.
There are, evidently, real reasons for not replicating the kqueue interface, but those reasons have not, yet, been made clear. Kevents will, it is hoped, be a major improvement for people writing applications for Linux. This new API should bring together all information of interest into a single place, provide significant performance benefits, and ease porting of applications from other operating systems. But, if this API is going to meet the high expectations being placed on it, it will require a high level of review from a number of interested parties. That review is now starting to happen, so expect this API to remain in flux for some time yet.
KHB: A Filesystems reading listWe've all been there - you're wandering around a party at some Linux event clutching your drink and looking for someone to talk to, but everyone is having some obscure technical conversation full of unfamiliar jargon. Then, as you slide past a cluster of important-looking people, you overhear the word "superblock" and think, "Superblock, that's a file system thing... I read about file systems in operating systems class once." Gratefully, you join the conversation, only to discover while you know some of the terms - cylinder group, indirect block, inode - you're still unable to come up with stunning ripostes like, "Aha, but that's really just another version of soft updates, and it doesn't solve the nlinks problem." (Admiring silence ensues.) Now what? You want to be able to make witty remarks about the pros and cons of journaling while throwing back the last of your martini, but you don't know where to start.Fortunately, you can get a decent grasp of modern file systems without reading a whole book on file systems. (I haven't yet read a book on file systems I would recommend, anyway.) After reading these file systems papers (or at least their abstracts), you'll be able to at least fake a working knowledge of file systems - as long as everyone is drinking and it's too loud to hear anyone clearly. Enjoy!
The BasicsThese papers are oldies but goodies. While the systems they describe are fairly obsolete and have been heavily improved since these initial descriptions, they make a good introduction to file systems structure and terminology.A Fast File System for UNIX by Marshall Kirk McKusick, William Joy, Samuel Leffler and Robert Fabry. This paper describes the first version of the original UNIX file system that was suitable for production use. It became known as FFS (Fast File System) or UFS (UNIX File System). The "fast" part of the name comes from the fact that the original UNIX file system maxed out at about 5% of disk bandwidth, whereas the first iteration of FFS could use about 50% - a huge improvement. This paper is absolutely foundational, as the majority of production UNIX file systems are FFS-style file systems. While some parts of this paper are obsolete (check out the section on rotational delay), it's a simple, readable explanation of basic file system architecture that you can refer back to time and again. Also, it's pretty fun to read a paper describing the first implementation of, for example, symbolic links for a UNIX file system. For extra credit, you can read the original file system checker paper, Fsck - the UNIX file system check program, by Marshall Kirk McKusick and T. J. Kowalski. It describes the major issues in checking and repairing file system metadata consistency. Improving fsck is a hot topic in file systems right now, so reading this paper might be worthwhile. Vnodes: An Architecture for Multiple File System Types in Sun UNIX by Steve Kleiman. The original UNIX file system interface had been designed to support exactly one kind of file system. With the advent of FFS and other file systems, operating systems now needed to support several different file systems. Several solutions were proposed, but the dominant solution ended up being the VFS (Virtual File System) interface, first proposed and implemented by Sun. This paper explains the rationale behind VFS and vnodes. Design and Implementation of the Sun Network Filesystem by Russel Sandberg, David Goldberg, Steve Kleiman, Dan Walsh, and Bob Lyon. Once upon a time (1985, specifically), people weren't really clear on why you would want a network file system (as opposed to, for example, a network disk or copying around files via rcp). This paper explains the needs and requirements that resulted in the invention of NFS, the network file system everyone loves to hate but uses all the time anyway. It also discusses the design of the VFS. A fun quote from the paper: "One of the advantages of the NFS was immediately obvious: as the df output below shows, a diskless workstation can have access to more than a Gigabyte of disk!"
Slaying the fsck dragonOne of the major problems in file systems is keeping the on-disk data consistent in the event that a file system is interrupted in the middle of update (for example, if the system loses power). Original FFS solved this problem by running fsck on the file system after a crash or other unclean unmount, but this took a really long time and could lose data. Many smart people thought about this problem and came up with four major approaches: journaling, log-structured file systems, soft updates, and copy-on-write. Each method provided a way of quickly recovering the file system after a crash. The most popular approach was journaling, since it was both relatively simple and easy to "bolt-on" to existing FFS-style file systems.Journaling file systems solve the fsck problem by first writing an entry describing an update to the file system to a on-disk journal - a record of file system operations. Once the journal entry is complete, the main file system is updated; if the operation is interrupted, the journal entry is replayed on the next mount, completing any half-finished operations in progress at the time of the crash. Most production file systems (including ext3, XFS, VxFS, logging UFS, and reiserfs) use journaling to avoid fsck after a crash. No canonical journaling paper exists outside the database literature (from whence the idea was lifted wholesale), but Journaling the Linux ext2fs Filesystem by Stephen Tweedie is a good choice for learning both journaling techniques in general and the details of ext3 in particular.
The Design and Implementation of a Log-Structured File System by Mendel Rosenblum and John K. Ousterhout. Journaling file systems have to write each operation to disk twice: once in the log, and once in the final location. What would happen if we only wrote the data to disk once - in the journal? While the log-structured architecture was an electrifying new idea, it ultimately turned out to be impractical for production use, despite the concerted efforts of many computer science researchers. Today, no major production file system is log-structured. (Note that a log-structured file system is not the same as a logging file system - logging is another name for journaling.) If you're looking for cocktail party gossip, Margot Seltzer and several colleagues published papers critiquing and comparing log-structured file systems to variations of FFS-style file systems, in which LFS usually came out rather the worse for the wear. This led to a semi-famous flame war in the form of web pages, archived here.
Soft Updates: A Technique for Eliminating Most Synchronous Writes in the Fast Filesystem by Marshall Kirk McKusick and Greg Ganger. Soft updates carefully orders writes to a file system such that in the event of a crash, the only inconsistencies are relatively harmless ones - leaked blocks and inodes. After a crash, the file system is mounted immediately and fsck runs in the background. The performance of soft updates is excellent, but the complexity is very high - as in, soft updates has been implemented only once (on BSD) to my knowledge. Personally, it took me about 5 years to thoroughly understand soft updates and I haven't met anyone other than the authors who claimed to understand it well enough to implement it. The paper is pretty understandable up to about page 5, at which point your head will explode. Don't feel bad about this, it happens to everyone.
File System Design for an NFS File Server Appliance by Dave Hitz, James Lau, and Michael Malcom. This paper describes the file system used inside NetApp file servers, Write-Anywhere File Layout (WAFL), as of 1994 (it's been improved in many ways since then). WAFL was the first major use of a copy-on-write file system - one in which "live" (in use) metadata is never overwritten in place but copied elsewhere on disk. Once a consistent set of updates has been written to disk, the "superblock" is re-written to point to the new set of metadata. Copy-on-write has an interesting set of trade-offs all its own, but has been implemented in a production file system twice now; Solaris's ZFS is also a copy-on-write file system.
File system performanceEach of these papers focuses on file system performance, but also introduces more than one interesting idea and makes a good starting point for exploring several areas of file system design and implementation.Extent-like Performance from a UNIX File System by Larry McVoy and Steve Kleiman. This 1991 paper describes optimizations to FFS that doubled file system bandwidth for sequential I/O workloads. While the optimizations described in this paper are considered old hat these days (ever heard of readahead?), it's a good introduction to file system performance.
The Utility of File Names by Daniel Ellard, Jonathan Ledlie, and Margot Seltzer. File system performance and on-disk layout can be vastly improved if the file system can predict (with reasonable accuracy) the size and access pattern of a file before it writes it to disk. The obvious solution is to add a new set of file system interfaces allowing the application to give explicit hints about the size and properties of a new file. Unfortunately, the history of file systems is littered with unused per-file interfaces like this (how often do you set the noatime flag on a file?). However, it turns out that applications are already giving these hints - in the form of file names, permissions, and other per-file properties. This paper is the first in a series demonstrating that a file system can make useful predictions about the future of a file based on the file name and other properties.
Further reading and acknowledgmentsIf you are interested in learning more about file systems, check out the Linux file systems wiki, especially the reading list. If you have a good file systems paper or book, please add it to the list, which is publicly editable (look for the password on the front page of the wiki). Note that I will ignore any comments of the form "You should have included paper XYZ!" unless it is also added to the reading list on the file systems wiki - WITH a short summary of the paper. With any luck, we'll have a fairly complete list of Linux file systems papers in the next few days.If you are interested in working on file systems, or any other area of systems programming, you should contact the author at val dot henson at gmail dot com.
Thanks to Nikita Danilov, Zach Brown, and Kristen Accardi for paper suggestions and encouragement to write this article. Thanks to Theodore Y. Ts'o for actually saying something very similar to the stunning riposte in the first paragraph (which was, by the way, a completely accurate and very incisive criticism of what I was working on at the moment).
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Fedora house keepingThe Fedora Project states that it is "always free for anyone to use, modify and distribute, now and forever". This is a great goal, but sometimes it is harder to achieve in practice. Sometimes a package might slip through without a proper audit, or maybe the license has changed. For whatever reason, there are a few packages in Fedora that do not meet the definition of free software. As a result, the project is currently in the midst of a software licensing audit.Such audits take many iterations and are not without some pain, at least for some. As a result of this work, cdrtools has been moved back to an earlier, GPL-only version, netpbm has had a number of files removed, and ckermit and macutils are gone altogether. Openmotif looks likely to come out - and to take xpdf with it. Most people seem to embrace the concept of a totally free distribution, until some pet package is deemed "not free enough". Then the sparks fly and an adherence to open source is equated with religious zealotry. Sometimes freedom can be inconvenient. But Red Hat's Michael Tiemann objects to allegations that Fedora is trying to become another Debian:
You forget that Fedora participants have an inside track on seeing their
stuff become enterprise-ready. Some people actually care about seeing
their code running in mission-critical environments. And some people
actually appreciate the close interaction with Red Hat's engineers that
comes as a result in working in the same tree we do. So Fedora is the
best of both worlds (free software and proto-enterprise).
What we are seeing here is that Fedora is trying to take the "free software" part of the equation seriously.
New Releases 64 Studio 0.9.2 'Toe Rag Update 2' releasedThe third beta release of the 64 Studio is out. Click below for a short list of known bugs in this release.
BLAG50001 ReleasedBLAG50001 (smack) has been released. "BLAG50001 (smack) is based on Fedora Core 5 and uses packages from Extras, FreshRPMS, Dries, and ATrpms. It includes all Fedora updates as of time of release."
Familiar v0.8.4 releasedFamiliar v0.8.4 is out with initial support for the HP iPAQ h2200, hx4700, and h6300 series of devices. "Please consider support for these devices as a technology preview. h2200 and hx4700 are approaching full support although there may be a few rough edges. h6300 support is still in an earlier stage and may not be ready for daily use."
LFS LiveCD x86-6.2-2The Linux From Scratch LiveCD x86-6.2-2 is available. "The main change is that the CD now includes a 64-bit kernel for x86_64 (type "linux64" at the boot prompt). This makes it possible to use the "chroot" scenario from the CLFS book when building a CLFS x86_64 system (either pure 64-bit, or multilib) from this CD. Userspace on the CD is still 32-bit, and the old 32-bit kernel is still available for those people who have 32-bit PCs."
Slackware 11.0 release candidate 2The Slackware change log for August 19 says, "This is mostly frozen now unless bugs (or irresistible upgrades) come up, so I'll call this update Slackware 11.0 release candidate 2. :-)" See the full change log for details.
Trustix Secure Linux 3.0.5 Beta 1The first beta release of Comodo Trustix Secure Linux 3.0.5 is available. "The focus of this release is to re-introduce Anaconda as being the community preferred choice of installer. Trustix wishes to make use of Anaconda's features and integrate it into installing a secure right server."
Distribution News Debian BSP Marathon / BSP in Vienna 8.-10. SeptemberA Debian Bug Squashing marathon is underway with bug squashing parties coming up in Vienna, Germany, the Netherlands, and France.
Distribution Newsletters Debian Weekly NewsThe Debian Weekly News for August 22, 2006 covers the backports archive and the tilde character, Debian GNU/Linux support on HP servers, event coordination in the German-speaking area, a review of Debian development tools, new desktop features, publicity for Debian events, and several other topics.
Fedora Weekly News Issue 60This week the Fedora Weekly News looks at Max Spevack: Fedora on Slashdot, Jesse Keating: Fedora Legacy Answers, Rahul Sundaram: Red Hat and Intellectual Property Reform, Luke Macken: Teaching an old pup some new tricks, Tom Tromey: Fedora Core 6 Test 2, XenSource CTO Talks Up Xen Virtualization, OLPC laptops to debut with Thai kids, Where's Red Hat? Peek Under Fedora, and more.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for August 14, 2006 covers Linux World Conference and Expo, OSL Rackathon, PyBugz and more.
Ubuntu Weekly News #10The Ubuntu Weekly Newsletter for August 19, 2006 covers Ubuntu wins Golden Penguin, Ubuntu at LinuxWorldExpo in San Francisco, Ubuntu 6.06 LTS updates, Edgy new and updated apps, Summer of Code update and several other topics.
DistroWatch Weekly, Issue 165The DistroWatch Weekly for August 21, 2006 is out. "A slow week in terms of distribution releases, but an exciting one for those who attended the LinuxWorld show in San Francisco. Missing from the exhibition for the first time in years, Red Hat also failed to release the first beta of Red Hat Enterprise Linux 5 - apparently due to issues with Xen. But the company was represented by a Fedora booth - a distribution that is rapidly regaining trust among its users and passion among its developers. In other news, we'll take a quick look at Linux in Cuba, point you to a list of new features in Ubuntu "Edgy Eft", and link to a chart depicting Linux distribution timeline. A range of new distributions should make up for the lack of other news this week."
Package updates Fedora updatesUpdates for Fedora Core 5: kdeaccessibility (update to KDE 3.5.4), kdeaddons (update to KDE 3.5.4), arts (update to KDE 3.5.4), kdeadmin (update to KDE 3.5.4), kdebase (update to KDE 3.5.4), kdebindings (update to KDE 3.5.4), kdeedu (update to KDE 3.5.4), kdegames (update to KDE 3.5.4), kdegraphics (update to KDE 3.5.4), kde-i18n (update to KDE 3.5.4), kdelibs (update to KDE 3.5.4), kdemultimedia (update to KDE 3.5.4), kdenetwork (update to KDE 3.5.4), kdepim (update to KDE 3.5.4), kdesdk (update to KDE 3.5.4), kdeutils (update to KDE 3.5.4), kdevelop (update to KDE 3.5.4), kdewebdev (update to KDE 3.5.4), kdeartwork (update to KDE 3.5.4), cups (bug fixes), ksh (build for FC5), ftp (support for IPv6 multihome), scim-chewing (add patch), ypbind (bug fix), nfs-utils (bug fix), iptraf (bug fix), ncompress (CVE-2006-1168), system-config-printer (bug fixes), eject (update to 2.1.5), tzdata (upstream 2006j), transfig (add requires: ghostscript), nfs-utils (bug fix).
Ubuntu updatesUpdates for Ubuntu 6.06 LTS: xorg-server 1:1.0.2-0ubuntu10.3 (bug fixes), xorg-server 1:1.0.2-0ubuntu10.2 (bug fixes), xorg-server 1:1.0.2-0ubuntu10.4 (reverted patch 005_pci_domain.dpatch), yaboot 1.3.13-4.1ubuntu6 (backport bug fixes from Debian/Edgy).
Newsletters and articles of interest Securing the CentOS Perfect Setup with Bastille (HowtoForge)HowtoForge looks at securing CentOS. "This article shows how to secure a CentOS server using psad, Bastille, and some other tweaks. psad is a tool that helps detect port scans and other suspicious traffic, and the Bastille hardening program locks down an operating system, proactively configuring the system for increased security and decreasing its susceptibility to compromise."
Installing Debian GNU/Linux using debootstrap (Linux.com)Linux.com shows how to use debootstrap to install Debian. "If you're not afraid of getting your hands dirty with the command line, you can try an alternative method for installing Debian. Debootstrap creates a basic Debian installation, and can also be used for creating custom, minimal installations on embedded systems or for replacing a pre-installed Linux distribution with Debian on a co-located server."
Fedora Project Leader Max Spevack Responds (Slashdot)Slashdot interviews Fedora project leader Max Spevack. "The Fedora Project, as many of you know, is a partnership between Red Hat and the OSS community. The highest level of decision-making within Fedora is the Fedora Project Board, a group that is empowered to make the decisions about Fedora policy, to set priorities, and to hold the rest of the Fedora sub-projects accountable for what they are doing. The Fedora Board has nine members, five of whom are Red Hat employees, and four of whom are community members. That breakdown is not set in stone -- that's just what we started with. It is my hope that down the road, the majority of the Board will be Fedora's community leaders."
Distribution reviews Ark Linux 2006.1 Review (ExtremeTech)ExtremeTech reviews the recent release of Ark Linux 2006.1. "Ark is very much a KDE-based Linux distribution. After booting into it you'll see a snazzy KDE desktop. The welcome wizard greets you after Ark Linux boots and it allows you to customize your desktop to your preferences. If you've run Windows XP before, the Ark Linux desktop will remind you somewhat of that operating system."
A walk in the park with Puppy Linux (Linux.com)Linux.com reviews Puppy Linux. "Puppy Linux is a small Linux live CD distribution that can boot from a CD, DVD, or USB drive; a hard disk is optional. According to the Puppy Linux Web site, Puppy's goals include being Linux newbie-friendly, booting and running quickly, and including all the applications typical users need. The newest version is its most usable yet."
Page editor: Rebecca Sobol Development A comparison of Mail Transfer Agents - Part OneFor a lot of people the choice of the Mail Transfer Agent is important. The wrong choice can mean lost time and money, lower reliability and increased risk to networks. Debates over MTAs sometimes last for years, and this article covers the main points that come up over and over. Unfortunately, apart from this article there are no general comparisons of MTA characteristics on the Internet, and even very little benchmarking. The remarks here are personal opinions drawn from readily-verifiable facts and subjective comments drawn from experience. Nearly every MTA has a vociferous and sometimes combative group of supporters, not always including the principal authors of the MTA. It is easy to see why administrators care about which MTA they use. Large installations require a lot of time spent tuning the MTA, and for any site email is without doubt the most important use of the Internet. End users can get by without a web site or a browser for a little, but without email business stops. And so countless administrators invest time in learning how to tweak their internet mail delivery tool in order to meet their various goals. But which tool should they use when? Most Internet email seems to be delivered by one of four MTAs:There are other worthy free MTAs to talk about, such as zmailer and smail3, but since they are not so widely used I decided to omit them. There are some unworthy MTAs too, these I am delighted to omit.
How To Compare MTAsEach of these four widely-used MTAs have broadly similar features. All of them can handle large amounts of mail; can interact with databases in many formats; have an extensive knowledge of the many SMTP variants in use; are not trivially exploitable; have the source code available in a free manner; have third-party documentation available; and have significant user communities. They even have logos! There are some assumptions implicit in the rest of this article. If you are looking for a product that presents an administrative interface and performance results similar to Microsoft Exchange or Lotus Notes, this document is not for you. I do not believe either of these products and their aspiring competitors can be classed as MTAs, since they attempt to address dozens or hundreds of other functions besides delivering mail. On the other hand, if you want some guidance for selecting between credible alternatives for an important mail hub, read on. No MTA can score well in every way of measuring an MTA. The needs of users vary greatly and some criteria are mutually orthogonal. Commonly cited MTA selection criteria are:
Design features decide how much each MTA meets these criteria. But since opinions vary widely there are many equally valid different comparisons. Contradictory examples of these features are:
The rest of part one of this two-part article series is available here, it presents a detailed look at qmail and Postfix. Part two will be featured on next week's LWN.net development page.
System Applications Audio Projects Rivendell v0.9.71 announcedVersion 0.9.71 of the Rivendell radio automation system is out. Changes include: "Copying Carts from SoundPanel in RDAirPlay. It's now possible to copy carts from the SoundPanel button in RDAirPlay when touching the COPY button. VoiceTracker Rubberbanding. Audio fadeup/fadedown points and levels can now be set independently of the segue overlap in the Voice Tracker dialog by moving the 'rubberbands' in the waveform windows. Bugfixes."
Libraries IT++ 3.10.5 announcedVersion 3.10.5 of IT++ has been announced. " IT++ is a C++ library of mathematical, signal processing, speech processing, and communications classes and functions. It is being developed by researchers in these areas and is widely used by researchers, both in the communications industry and universities. Since 2004, IT++ is also being developed as a part of the European Network of Excellence in Wireless Communications (NEWCOM)." See the change log for more information on this release.
Networking Tools The ZABBIX monitoring SystemZABBIX is a new network monitoring system. "ZABBIX is software that monitors numerous parameters of a network and the health and integrity of servers. ZABBIX uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. ZABBIX offers excellent reporting and data visualisation features based on the stored data."
Security Sussen 0.28 releasedVersion 0.28 of Sussen, a vulnerability and configuration scanner, is out with new capabilities and bug fixes.
Web Site Development Campsite 2.6.1 releasedVersion 2.6.1 of Campsite, a multi-lingual content management system for newspaper and magazine-style websites, is available. "Campsite 2.6.1, a bug-fix update for 2.6.0, has been released. All users are encouraged to upgrade. A noteworthy news item for this release is that our automatic bug reporting tool, new in the 2.6.0 release, has already paid off with eight bugs reported by our users."
Gallery 1.5.4 released (SourceForge)Version 1.5.4 of Gallery, a web-based photo album, is available. "This release is a pure bug fix release with no security fixes. The most annoying bug was the broken permission dialog. See the Changelog for more detailed info. We recommend all Gallery 1 users upgrade to 1.5.4 to keep their Gallery up to date and avoid problems."
The Python Web Framework (about:cmlenz)Christopher Lenz' blog suggests that Python creator Guido van Rossum likes the Django web development framework. "Apparently, the unthinkable (in the Python microcosm, anyway) has happened over at SciPy06 during Greg Wilson's software carpentry talk. Guido just pronounced: Django is the [Python] web framework." This is a change of course for Guido, who previously avoided any web platform endorsements.
Zope 3.3.0 beta 2 releasedVersion 3.3.0 beta 2 of the Zope web development platform is available. "Zope 3 is the next major Zope release and has been written from scratch based on the latest software design patterns and the experiences of Zope 2. Cleanup of the Zope 3 packages has continued to ensure a flexible and scalable platform. We continued the work on making the transition from Zope 2 to Zope 3 by making Zope 2.10 use even more of the Zope 3 packages. But we're not there yet. **You can't run Zope 2 applications in Zope 3.**"
Miscellaneous Jitterbit 1.1 released (SourceForge)Version 1.1 of Jitterbit has been announced. "Jitterbit 1.1 is a major release for the Jitterbit open source integration product. Jitterbit is an open source integration tool that delivers a quick and simple way to design, configure, test, and deploy integration solutions. It supports many document types and protocols: XML, web services, database, LDAP, text, FTP, HTTP(S), file."
TightVNC 1.3.8 released (SourceForge)Version 1.3.8 of TightVNC, a free remote control package derived from the VNC system, has been announced. "Version 1.3.8 is expected to be final Release Candidate for the upcoming stable release. The changes include improved support for Win32 mirror display driver (DFMirage by DemoForge), GUI improvements, and a number of bugfixes including one for infamous disconnect problem of the Win32 Server."
Desktop Applications Audio Applications Traverso 0.30.1 releasedVersion 0.30.1 of Traverso, multi-track audio recording and editing program, has been announced. "Changes include 2 crash fixes, traverso builds on Mac OS X, and some improvements like improved Snapping and merged waveform drawing for stereo tracks."
BitTorrent Applications Azureus 2.5.0.0 released (SourceForge)Version 2.5.0.0 of Azureus has been announced. "Azureus is a powerful, full-featured, cross-platform Java BitTorrent client. This release contains many new features, improvements and fixes."
Business Applications SQL-Ledger 2.6.16 announcedVersion 2.6.16 of SQL-Ledger, a web-based accounting system, is out with several new features and a bug fix. See the What's New document for details.
Data Visualization Fltk_Contour 3.0 releasedVersion 3.0 of The Fltk_Contour widget has been announced. "This is the new Fltk_Contour widget which I developed from the old code Fl_Contour, I did rewrite a big part of the code to get a better performance and improved visualization, now you can get a good quality visualization of irregular distributed data, like topographic, population, temperature and so on, the new widget can make a complete 2D and 3D graphics as contour map and color map."
Desktop Environments GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Software AnnouncementsThe following new KDE software has been announced this week:
KDE Commit-Digest for 20th August 2006 (KDE.News)KDE.News has announced the August 20, 2006 edition of the KDE Commit-Digest. "In this week's KDE Commit-Digest: As the Summer Of Code draws to a conclusion, functional code imports and work in the avKode Phonon backend, KDevelop Teamwork and Advanced Session Management projects. Work begins on version 2 of the Kross scripting framework. More work on video file support in KPhotoAlbum. New features and streamlining in Konversation and Konsole. New Oxygen icons and other improvements in KGet. The introduction of wizards to automate many tasks in KMobileTools. Initial porting to KDE 4 of the console-based kdepim tools, with Kopete 0.12 moved into the KDE 3.5 branch. Experiments in fast PDF parsing in Strigi."
First Development Snapshot of KDE4: 'Krash' (KDE.News)KDE.News has the announcement for the first KDE4 snapshot. "This snapshot is meant as a reference for developers who want to play with parts of the new technology KDE4 will provide, those who want to start porting their applications to the new KDE4 platform and for those that want to start to develop applications based on KDE4." Some of the discussion on the lists suggest that the "Krash" name is appropriate - this is early-stage software.
Games WFMath 0.3.5 releasedVersion 0.3.5 of WFMath has been announced. "WFMath, or the WorldForge Math librarys main focus is geomotric objects, and it has classes for several shapes as well as the basic math objects, points, vectors, matrices and quaternions. It is required by all WorldForge components." This version features improvements to the Quaternion class and code efficiency improvements.
Instant Messaging ChatSniff 1.0 releasedVersion 1.0 of ChatSniff has been announced, it features bug fixes and code size reduction. "ChatSniff is an easy to use program for Linux that monitors, or "sniffs" networks for AIM, ICQ, MSN, Yahoo! and Jabber instant messages."
Mail Clients SquirrelMail 1.4.8 Released (SourceForge)Version 1.4.8 of SquirrelMail has been announced. "SquirrelMail is a PHP4-based Web email client. It includes built-in pure PHP support for IMAP and SMTP, and renders all pages in pure HTML 4.0 for maximum compatibility across browsers. It has strong MIME support and a flexible plugin system. This release contains an important security fix where a logged-in user could overwrite variables, and a collection of regular bugfixes. Details on all the changes in this release can be found in the ChangeLog. There's also two patches available against the 1.4.7 release for just the security issue: a minimal one that removes the function, because it was broken anyway, or more extended one which fixes the functionality and closes the hole."
Medical Applications New GNUmed Release (LinuxMedNews)LinuxMedNews has announced the release of version 0.2 of the GNUmed open-source medical practice management application, several new features have been added.
Music Applications NoteEdit 2.8.1 releasedVersion 2.8.1 of NoteEdit, a musical score editor, is out. "This is the last major release on NoteEdit. Since some month the core team concentrates it's development on the NoteEdit successor called Canorus. More information can be found here".
Miscellaneous Monopod Is Back (GnomeDesktop)GnomeDesktop.org covers the return of the Monopod project. "Monopod is a Podcast client for people who want to select a few channels, come back later, and find the the Podcast MP3s turn up on their hard disk. The application was originally written by the well-known Edd Dumbill & James Willcox hackers but after a year without updates the maintainership has passed to Nickolay Shmyrev who added some new goodies in the newly released v0.5: compiles with the newest Mono, Russian translation, cleanup of the EggTrayIcon and fixed an sqlite bug."
Languages and Tools Caml Caml Weekly NewsThe August 22, 2006 edition of the Caml Weekly News is out with new Caml language articles.
HTML Website Meta Language version 2.0.11 releasedVersion 2.0.11 of Website Meta Language is out with bug fixes and Cygwin platform build improvements. "Website Meta Language is a sophisticated offline HTML preprocessor that is composed of 9 different passes. It is very powerful, and suitable for the automatic generation of simple and complex web-sites."
Lisp CDR - Common Lisp Document RepositoryThe Common Lisp Document Repository has been launched. "This resource is 'a repository of documents that are of interest to the Common Lisp community'. Each document is guaranteed not to change, and references will always refer to it."
PHP PHP 4.4.4 and PHP 5.1.5 ReleasedVersions 4.4.4 and 5.1.5 of PHP are out. "These two releases address a series of security problems that were discovered since the release of PHP 5.1.4 and 4.4.3."
PHP OpenID 1.2.0-pre1 releasedVersion 1.2.0-pre1 of PHP OpenID has been announced. "This release includes i-name support, some small fixes, and the Ya[r]dis discovery library (bundled). Please give it a spin and give feedback!"
Python Python 2.5 release candidate 1Release candidate 1 of Python 2.5 has been announced. "This is not yet the final release - it is not suitable for production use. It is being released to solicit feedback and hopefully discover bugs, as well as allowing you to determine how changes in 2.5 might impact you. As a release candidate, this is one of your last chances to test the new code in 2.5 before the final release. Please try this release out and let us know about any problems you find. In particular, note that changes to improve Python's support of 64 bit systems mean that some C extension modules may very well break."
Urwid 0.9.6 announcedVersion 0.9.6 of Urwid, a console-based user interface library for Python, is out. "This release improves Unicode support with Python < 2.4 and new features were added to the tutorial and reference generation scripts. The graph.py example program introduced in 0.9.5 should now work properly for everyone."
Ruby Ruby Weekly NewsThe August 13th, 2006 edition of the Ruby Weekly News looks at the latest discussions on the ruby-talk mailing list and comp.lang.ruby newsgroup.
Tcl/Tk Dr. Dobb's Tcl-URL!The August 16, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.
Dr. Dobb's Tcl-URL!The August 21, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.
Cross Assemblers gputils 0.13.4 releasedVersion 0.13.4 of gputils, the GNU PIC Utilities, is out with bug fixes.
Profilers Profiling Your Applications with Eclipse Callisto (O'ReillyNet)John Ferguson Smart reviews Callisto on O'Reilly. "Callisto, a bundle of optional plugins for Eclipse, now comes with a profiling tool called the Test & Performance Tools Platform (TPTP). TPTP includes testing, tracing, performance monitoring, profiling, and static-code analysis tools. John Ferguson Smart offers this guided tour of how to use TPTP to speed up your apps."
Version Control monotone 0.29 releasedVersion 0.29 of monotone, a distributed version control system, is out with several new features and bug fixes.
Page editor: Forrest Cook Linux in the news Recommended Reading Free software's secret weapon: FOOGL (Linux Journal)Is FOOGL - Firefox/OpenOffice/GNU/Linux - the key to Linux desktop adoption? "It's a long-standing joke in the free software world that this will be the year when we see GNU/Linux make its breakthrough on the desktop - just like last year, and the year before that. What's really funny is that all the key GNU/Linux desktop apps are already being widely deployed, but not in the way that people have long assumed."
Linux phones will lock down users (vnunet)vnunet warns us that Linux phones will not be as hackable as we might like. "Consumers who run Linux on a PC are used to having full control over the operating system, but should not expect that same level of control on a Linux powered mobile phone, warned Mike Kelley, senior vice president of engineering at PalmSource."
Trade Shows and Conferences Get rid of software patents says leading open source law professor (ZDNet)ZDNet covers Eben Moglen's comments on software patents, made during a LinuxWorld panel discussion. "He said that tech companies were having to register software patents as a defensive move, and that none could "unilaterally disarm" and stop filing for patents. And with potentially many rights holders in software, negotiating licenses becomes very difficult and harms innovation. He said that many companies were having to bear the burden of IP laws that have been influenced by pharma, and that it was time for the tech industry to be freed of constraints created to serve the interests of just "the few.""
Lessig Addresses 'Crazy' Linux Users at LinuxWorld (ABC News)ABC News covers Lawrence Lessig's LinuxWorld keynote speech. ""What is read-only culture in the digital age? It's an Internet that can increasingly protect the control that the copywrite owner has over that content," Lessig said. "In that sense, the law embraces the read-only Internet. At the same time, there is a different Internet being built. A read-write Internet built by companies much more interested in how people create and share their creativity.""
LinuxWorld Expo Report, Part 2 - by Marty Connor (Groklaw)Groklaw has this LinuxWorld report. "In this part of my LinuxWorld Expo report, I'll share with you how we plan, prepare for, and execute our show experience. Hopefully, you will find it interesting to see how things look look from the inside. This is Open Source, after all, and transparency of mechanism is a central theme in what we do."
Linuxs iPod Generation Gap (Red Herring)Red Herring covers a LinuxWorld panel that looked at the intersection of desktop Linux and portable music players. "'The question I get asked most about Linux by people under 30 is will it work with my iPod?'' said Eric Raymond, a celebrated figure in the open-source movement who penned the popular book 'The Cathedral and the Bazaar.' For Windows and OS X fans, such questions dont enter the discussion. But the runaway popularity of iPods, iTunes, and digital media on PCs and devices has forced the open-source community to consider the wave of expectations for multimedia."
LinuxWorld day three (NewsForge)Joe 'Zonker' Brockmeier covers day three of the LinuxWorld Conference & Expo. "I went to two sessions on Wednesday, one about the GNU Compiler Collection (GCC) and another about desktop development and the Linux Standard Base (LSB). The GCC presentation by Janis Johnson, "Recent Developments in GCC," was an overview of the GCC project and recent changes in it -- with "recent" being within the last few years. Johnson is the test suite maintainer for GCC and is employed with IBM's Linux Technology Center. Since my main interaction with GCC is watching compiler messages float by when I build software from source, I found the talk somewhat interesting. Johnson explained the way that GCC works as a project and as a compiler, how decisions are made to add features, and what platforms supported by GCC."
LinuxWorld wraps up (NewsForge)NewsForge has a final LinuxWorld report. "During the last session, Kroah-Hartman gave a presentation on doing kernel version control with Quilt, Ketchup, and Git. As it turned out, Quilt and Git are actually useful for other projects as well, and Ketchup also looks like it could be useful for admins, so the presentation was of value for those of us who aren't kernel developers."
Open Warfare in Open Source (BusinessWeek)For the curious, here is how BusinessWeek sees the GPLv3 process. "At a panel at LinuxWorld, [Eben] Moglen described the process as nothing short of a massive community looking deep within itself and answering the lofty question: What does freedom mean? It's a very open-source way to solve a problem; only unlike fixing bugs in a code, there's no easy answer and big divides that are hard to bridge. 'It's an unusual activity,' Moglen says. 'It's more about the development of the society and less about the software license.'"
Companies Linux heavies plan lightweight virtualisation (ZDNet)ZDNet reports on containers and Linux distributions without getting into the vast amount of work which remains before an unpatched mainline kernel will support these technologies. "Novell, which wants to maintain Suse's reputation as the first place to find advanced new features for Linux, is more eager and is considering adding OpenVZ in Service Pack 1 of SLES 10. 'We are still evaluating if this is something we can take into SP1,' said Holger Dyroff, vice president of Linux product management."
Linux Adoption Hoosier Daddy? Indiana Schools Adopt Linux (Information Week)Information Week reports on a large Linux deployment by the Indiana Department of Education. "Local schools can choose which platform to use, according to Huffman. "Many will install Windows machines. What we're doing in our grant program is, when we put one-to-one computers in language arts classrooms, they are loaded with Linux. "We have a million kids in the state of Indiana," he continued. "If we were to pay $100 for software on each machine, each year, that's $100 million for software. That's well beyond our ability. That's why open source is so attractive. We can cut those costs down to $5 [on each computer] per year." Huffman said he's eager to get a read on student acceptance of Linux. In surveying one classroom last year, he asked a student what he thought of using a Linux desktop vs. a Windows desktop, and the student responded, "Who cares?""
Interviews Exclusive Q&A: Linus Torvalds (Red Herring)Red Herring has a brief interview with Linus Torvalds. "I don't think five-year planned economies work, and I don't think it works when you do software design, either. Linux development has always been a kind of open market, where the development direction gets set by customer demand, together with obviously a lot of what I simply call good taste - the avoidance of things that are obviously going to be problematic in the long run."
Resources Protect your applications with AppArmor (Linux.com)Linux.com presents an excerpt on AppArmor from the new O'Reilly book, SUSE Linux. "AppArmor is a product that Novell acquired when they bought the company Immunix in May 2005. It provides an interesting alternative to traditional security measures. AppArmor works by profiling the applications that it is protecting. A profile records the files that an application needs to access, and the capabilities it needs to exercise, during normal, "good" operation. Subsequently, a profile can be "enforced"; that is, attempts by the application to access resources not explicitly permitted by the profile are denied. Properly configured, AppArmor ensures that each profiled application is allowed to do what it is supposed to do, and nothing else."
Free Open Document label templates (Free Software Magazine)Free Software Magazine looks at open document format templates for labels, business cards and more. "If you've ever spent hours at work doing mailings, cursed your printer for printing outside the lines on your labels, or moaned "There has got to be a better way to do this," here's the solution you've been looking for. Working smarter, not harder, with the OpenOffice label templates will save you time, effort, and (if you want) make really cool-looking labels."
OOoBasic crash course: Creating a lookup macro (Linux.com)Dmitri Popov shows how to use OpenOffice.org's OOoBasic to write a macro. "Learning OOoBasic can be a bit like learning a foreign language. If you have the time and ambition to communicate fluently, you can spend months or even years studying grammar and expanding your vocabulary. But sometimes you just need some basic skills to get you through daily situations. In this case, a crash course that introduces you to some basic principles and building blocks of the language would do just fine. The same is true for OOoBasic -- if you need to write a simple macro that makes your daily computing life a bit easier, you don't have to spend time reading about methods, routines, and object properties. What you need is some working examples and an explanation of how they work."
W3C Updates XML (eWeek)eWeek covers the release of four core XML specifications by the World Wide Web Consortium. "The Cambridge, Mass.-based standards body announced the release of the fourth edition of XML (Extensible Markup Language) 1.0 and second editions of Extensible Markup Language (XML) 1.1, Namespaces in XML 1.0 and Namespaces in XML 1.1. W3C officials said these core XML specifications stand as the foundation for W3C-defined technologies for querying, transforming, displaying, encrypting, and optimizing XML. The new releases includes corrections for "all known errata and clarifications where there was some potential for misunderstanding," according to a W3C document about the XML updates."
Reviews Edgy Eft (Ubuntu 6.10) & GNOME 2.16 Features (A Stranger's Universe)A site called A Stranger's Universe has a review of GNOME 2.16 Beta under Ubuntu 6.10. "GNOME 2.16 Beta has been in Edgy Eft (Ubuntu 6.10) for the past few days [or even a week or so]. It is functioning extremely well. Ive seen some occasional crashes with Epiphany and Nautilus but I hope that it will be fixed soon. Other than that, there are lots of new things in GNOME 2.16".
The ongoing MythTV saga continues (Linux Journal)Linux Journal editor Nicholas Petreley is having a MythTV experience. "I admit that I find everything I have learned interesting, and I will enjoy writing it up as a Linux Journal article when I'm done taking this project to a point where I'm satisfied with the results. But I don't think I should have had to become so familiar with everything from driver firmware to the way television signals are formatted in order to get satisfactory results. It was never my goal to learn any of this."
Using screen for remote interaction (Linux.com)Linux.com looks at GNU Screen. "Recently I needed to do some distance education; one of my coworkers wanted me to show him how to do software builds on Linux. The only problem was that I'm on the East Coast and he is on the West. How could I show him the build and install process? After considering some alternatives, we found our solution in GNU Screen."
Syllable: A different open source OS (NewsForge)NewsForge reviews Syllable, a GPL-licensed operating system. "Once I had Syllable installed, I was floored by how fast it was on my test machine, a 1.8GHz Pentium 4 with 512 MB RAM. Syllable blew away Windows, Linux, and Solaris as far as speed is concerned. From the time the boot loader came up to the time the login prompt appeared was just under eight seconds. It took another two seconds or less from the time I logged in to the time the desktop was ready to go."
Take notes with Tomboy (Linux.com)Linux.com reviews Tomboy. "A few weeks ago, I started looking around for an application that makes it easy to take notes. I do all my writing in Vim, but I wanted something that was good for quick and dirty notetaking and for organizing information without maintaining a collection of text files. After some research, I settled on Tomboy."
Miscellaneous GNOME and Google reach out to women (NewsForge)NewsForge covers GNOME's Women's Summer Outreach Program. "Originally, the proposal was for three women, but after the GNOME Foundation gave thumbs up, Google doubled the funding so that six women could participate. The projects that were accepted are Cecilia Gonzalez Alvarez's work on optimizing Evolution components; Clare So's work to edit MathML expressions in GtkMathView; Fernanda Foertter's gJournaler, a tool for create a virtual library of PDFs; Maria Soler Climent's work to synchronize Tomboy notes; Monia Ghobadi's proposal to integrate GNU Screen with gnome-terminal; and Umran Kamar's project to create an Evince plugin for Mozilla."
Mozilla opens Calendar testing to user community (NewsForge)NewsForge announces a Mozilla Corp. Calendar Community Test Day. "Mozilla Corp. is preparing to release updates to its calendar applications for Sunbird and Lightning early next month. Before then, developers hope to get "lots of eyeballs" on it by inviting users to participate in Calendar Community Test Day on Tuesday, August 22."
Page editor: Forrest Cook Announcements Non-Commercial announcements EFF: Dangerous Patent Law Ruling Threatens Free and Open Source SoftwareThe EFF has sent out a release stating that it is going to the U.S. Supreme Court in an attempt to overturn a bad lower-court ruling. "In a recent decision, the Federal Circuit Court of Appeals affirmed its own 'suggestion test' as the main method for determining when a patent should be found obvious over knowledge in the public domain. Under this test, even the most obvious incremental advances and add-ons can be patented unless the Patent Office or a defendant in court produces a document that shows someone else suggested it prior to the patent being filed."
Commercial announcements EnterpriseDB launches EnterpriseDB NetworkThe EnterpriseDB Network has been launched. "EnterpriseDB, the worlds leading enterprise-class, open source database company, announced today the immediate availability of EnterpriseDB Network, a new service that includes real-time notification and delivery of product updates and patches, access to EnterpriseDB online forums, and enhanced product documentation. In addition, subscribers to EnterpriseDB Network receive access to a variety of advanced product features."
LVL7 and Wind River Strike Linux PartnershipLVL7 Systems, Inc. has announced its commitment to support the Wind River(r) Platform for Network Equipment, Linux Edition. The complementary solution of LVL7's FASTPATH(r) software combined with Wind River's Linux-based device software platforms provides a shared customer base of networking OEMs with support for high-end network devices.
Montilio, Penguin Computing announce Storage Access File ServerPenguin Computing has announced that it will use the Montilio RapidFile(TM) storage-to-LAN gateway on a PCI card in its file server offerings. "One RapidFile-enabled Penguin Computing server will be able to provide the I/O throughput of four traditional multi-processor systems without the prohibitive configuration cost of a 4-CPU or 8-CPU system. These Penguin Computing servers with RapidFile cards are ideal solutions for customers in the high performance computing (HPC) or enterprise markets with significant storage capacity and performance needs."
Sun releases Netbeans mobility packSun has announced the release of the NetBeans Mobility Pack (and the Connected Device Configuration version as well) under the CDDL. "Java ME development tools represent the cutting edge in mobile Java development and boasts unique visual authoring features that can simplify and speed the creation of applications for the vast majority of mobile devices."
Win4Lin announces support for Ubuntu 6.06Win4Lin has announced full support for the Ubuntu 6.06 distribution by its Win4Lin Pro Desktop and Win4Lin Virtual Desktop Server products. "Win4Lin Pro Desktop allows Linux users to run Windows applications from the security of the Linux desktop. Win4Lin Virtual Desktop Server is the enterprise/SMB product for delivering Windows applications on thin clients via a Linux server. Both products have been fully tested on Ubuntu 6.06."
New Books JavaScript: The Definitive Guide, Fifth Edition - O'Reilly's Latest ReleaseO'Reilly has published the book JavaScript: The Definitive Guide, Fifth Edition by David Flanagan.
Resources IDC report on open sourceIDC has announced the availability of a new study on open source and the software industry. "Although open source will significantly reduce the industry opportunity over the next ten years, the real impact of open source is to sustain innovations in mature software markets, thus extending the useful life of software assets and saving customers money."
Contests and Awards The Free Software Directory D5000 ContestThe Free Software Foundation has announced its plans to celebrate the upcoming milestone of 5000 software packages on the Free Software Directory. "To mark the milestone of reaching 5000 entries, the FSF is holding a "D5000 contest" the winner of which will be rewarded for submitting the five thousandth entry. From now, 2006-08-21, until 2006-09-21, each new, valid and completed directory entry that is submitted will count as one chit in the raffle for the prize. The winner will receive a thank you on the front page of gnu.org and directory.fsf.org."
Linux Journal and IDG World Expo Announce Winners of Product Excellence AwardsLinux Journal and IDG World Expo have announced the winners of the Product Excellence Awards. "The Linux Journal Product Excellence Awards distinguish product and service innovations by LinuxWorld exhibitors and are divided into 13 categories, including an overall Best of Show award. "All of the judges were very impressed by the nominations we received, it was a very difficult decision. Weve seen many new innovations, and improvements on old favorites," commented Linux Journal Products Editor and Product Excellence Awards judge James Gray."
LinuxWorld.com, Network World Announce Open Source ChallengeLinuxWorld.com, in conjunction with Network World, Inc., has announced the LinuxWorld Open Source Challenge, which will honor the most innovative use of open source in today's enterprise. "The contest invites organizations of all sizes to enter their most ingenious, business-critical open-source solutions for judging. Each project entered must use Linux with an open-source business application, and one or more other open-source software components such as Apache, MySQL, Ruby, PHP or Perl. Entries must be received by September 30, 2006."
Summer of Code Goodies Arriving (Blue Sky on Mars)Kevin Dangoor looks at early arrivals in the Google Summer of Code student coding effort. "Though we still have more than a month of good weather to look forward to here in Michigan, the thought of summer ending and heading into another long winter isnt pleasant. On the plus side, the end of summer brings the results of Googles Summer of Code. The one that Ive been most looking forward to is Migrate, assistance for SQLAlchemy database schema migration."
Education and Certification Python Bootcamp to be held Nov. 13-17The next Python Bootcamp will take place at the Big Nerd Ranch near Atlanta, Georgia on November 13-17, 2006. "The class, which provides instruction in one of the fundamental languages in the programming arena, marks the return of instructor Mark Lutz, whos the author of a number of textbooks in Python including Learning Python and the OReilly books Programming Python and Python Pocket Reference."
Event Reports Gelato GCC Improvement on Itanium Workshop SummaryAn event report has been posted from the Gelato GCC Improvement on Itanium Workshop that was held in Moscow on August 7-8, 2006. "Compiler experts from the GCC open-source community, Red Hat, SuSE, Intel, HP, and the Gelato Member community discussed specific GCC improvements for the Itanium platform. Several key areas were identified to improve Itanium GCC performance."
LinuxWorld Healthcare Day Presentations (LinuxMedNews)LinuxMedNews mentions the medical events at the recent LinuxWorld Expo. "There is a wiki page of all the presentations at the recent Linux World Healthcare Day presentations: 'On August 15th, 2006 OSDL hosted the first ever Healthcare Day at LinuxWorld Expo. Below is a recap of the event as well as links to the presentations from Medsphere CEO Dr. Kennth Kizer, Joe Alexander - Bull's Director of Strategy and Planning as well as panel discussions moderated by Bernard Golden and Fred Trotter...'"
Calls for Presentations ETech 2007 Call for Participation Is OpenA Call for Participation has gone out for the 2007 O'Reilly Emerging Technology Conference. "The call for participation for ETech 2007 has just opened, and O'Reilly Media invites technologists and strategists, CTOs and chief scientists, researchers, programmers, hackers, and standards workers, business developers, and entrepreneurs to lead conference sessions and tutorials. The next ETech takes place on March 26-29, 2007 in San Diego, California. Proposals are due no later than October 9, 2006."
Upcoming Events aKademy 2006 Sponsors (KDE.News)KDE.News has announced the KDE World Summit sponsors. "This is one of the our most impressive list of sponsors to date. Our Gold sponsors are the home of Linus Torvalds OSDL and the KDE based distribution Kubuntu. Housing the conference as our host institution is The School of Computer Science at Trinity College Dublin. Read on for the full list."
OOoCon 2006 announcedThe next OpenOffice.org conference will take place in Lyon, France on September 11-13, 2006. "This, our fourth conference, celebrates a year of triumphs. Governments, led by France, have adopted OpenOffice.org, replacing the proprietary Microsoft Office. Corporations such as Novell have switched entirely; and we have tracked over 67.5 million downloads to date. All want a suite that uses an open standard for the file format, that is flexible, that is easy to learn, and that is free."
Security OPUS Infosec Conference registration opensThe Security OPUS Infosec Conference will be held in San Francisco, CA on October 2-5 2006. Registration is now open.
World Summit on Intrusion PreventionThe World Summit on Intrusion Prevention will take place in Baltimore, Maryland on May 8 and 9, 2007. "The Summit is co-located with the 2nd Annual Web Services Security Conference."
Events: August 31, 2006 to October 30, 2006The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it. Mailing Lists A new cross-distribution collaborationUbuntu's Daniel Holbach has announced a cross-distribution discussion list. "In one of the GUADEC sessions we discussed the need of more collaboration across distributors. Especially long term support of GNOME releases was identified as one specific need. It's important to have a forum to discuss bugs, patches and implementation details on the distro side. The discussion continued on IRC and everybody liked the idea. Thanks Jeff for bringing the list to life."
Web sites FossExchange to create open-source banner exchange programFossExchange.com has been launched. "The site's primary purpose is creating a free advertising network among open source oriented websites. "FossExchange.com was created to fill the void, since no other open source banner exchange system exists", says FossExchange.com and Fossystems.com creator Ronnie Whisler. "We wanted to build an advertising exchange that was targeted specifically at the open source market.""
LinuxSecurity.com launches new web siteGuardian Digital has announced the launch of the LinuxSecurity.com web site. "LinuxSecurity.com, the Web's leading information source for Linux security, is pleased to announce the launch of its completely redesigned Web site. The new site is carefully tailored to meet the needs of our elite community of security-minded engineers, programmers, Web designers, system administrators and open source enthusiasts. The new LinuxSecurity.com offers the very latest security news as well as years of archived news items, features, HOWTOs, white papers and security advisories."
Page editor: Forrest Cook Letters to the editor Free drivers aren't enough
Being non-subscriber, but having read "X.org, distributors, and
Page editor: Jonathan Corbet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||