LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for February 1, 2007The Fiduciary License AgreementOn Thursday, February 1, the Free Software Foundation Europe (FSFE) is releasing a new license and with it an offer to help FOSS projects deal with copyright issues. The license is called the Fiduciary License Agreement (FLA), and it's a new type of copyright assignment agreement, designed to be effective internationally, whereby a project with many authors can designate FSFE or a single organization or individual as the copyright holder, while maintaining complete autonomy as far as project management otherwise.Projects may apply to be accepted by FSFE's Fiduciary Project, whereby copyrights and the responsibility to protect and enforce them are turned over to FSFE. Bacula.org and OpenSwarm are examples of projects already accepted into the program. You can see that version of the FLA here. Alternatively, projects can use the newly released license, choosing another entity - such as a foundation it sets up itself - or designating one individual to hold the copyrights. FSFE's Freedom Task Force is willing to help projects with that too as far as sharing insights and their experience. What need does the FLA license fill? I see several. First, it's international, not US-centric. Second, maybe you don't have a lawyer on call. Maybe you are among those who just don't want to think about legal things and or realize you are not equipped financially or legally to handle that task yourself. Then you may wish to apply for the FSFE's Fiduciary Project. You retain rights to the management of the project. But they have the headache of license compliance enforcement. Third, it's of interest to projects that have more than one author and are concerned about the future (what happens if one of the authors dies, leaves the project, etc.?) but for any number of reasons the authors don't want to assign copyright to the Free Software Foundation or don't want to be a GNU project under that umbrella. In countries where such terms are allowed, it's designed to "be temporally unlimited" so once the agreement is signed, future contributions, such as patches, are covered. An important purpose of the license is to ensure project survival. Shane Coughan, coordinator of the Freedom Task Force confirms that one goal is to make sure people think about and plan for the possibility that a project might have to withstand a legal attack, but as to which of the two ways to use the license a project should choose, he says that FSFE is neutral:
Deciding which approach is best for a project depends on many different
factors and always boils down to individual circumstances. Ideally,
organsations handling these issues should be non-profit and have a clear
primary focus on Free Software. Do you have to choose the GPL or LGPL to make use of the license? Coughan:
The FLA allows fiduciary activity with all types of Free Software
licenses, though naturally the GNU GPL is our preferred license.
There is a list of Free Software licenses here. Some issues you may wish to consider: The FLA is a one-time copyright assignment (or in countries where that isn't possible, like in Germany, Austria, Slovenia and Hungary, an exclusive license grant) worldwide. The grant reads that the beneficiary assigns the following rights: a) the right to reproduce in original or modified form; There are countries where you can't assign copyright in a future work, France, for example. In such a country, I'm told a project would need to work out a strategy to deal with that restriction. As just one example, authors might assign each patch as it is contributed. The authors' "moral or personal rights remain unaffected" by the agreement. Also, "modifications that are not derived from the subject matter and that have to be regarded as independent and original software" are excluded from the agreement. In some countries, an employer is deemed to be the owner of the rights on materials developed by an employee in the course of his or her employment, unless the parties have agreed otherwise, so there is language that authors acknowledge that he or she is aware of that and "warrants, represents and guarantees" that the materials are "free of any of his or her employer's exclusive exploitation rights." What FSFE, or the designated entity, gets is the authority to "enjoin third parties form using the software and forbid any unlawful or copyright infringing use of the Software, and shall be entitled to enforce all its rights in its own name in and out of court." The authors keep a "non-exclusive, worldwide, perpetual and unrestricted license in the Software," which includes all the rights, listed above, and FSFE or the entity grants the authors "additional nonexclusive, transferable license to use, reproduce, redistribute and make available" the software "as needed for releases of the Software under other licenses." Some may not feel comfortable with any copyright assignment, but with projects with many authors, it's a matter of deciding which kinds of problems you'd rather deal with. The Linux kernel specifies "GPLv2 only" to keep control over licensing decisions. The same kinds of concerns that might come to mind with regard to a license will likely also be considered when it comes to a copyright assignment to another entity. On the other hand, that same restriction is what left the kernel in a position where it would be a great deal more difficult to upgrade the license even if desired. The license itself says this:
FSFE shall only exercise the granted rights and licences in
accordance
with the principles of Free Software. FSFE guarantees to use the rights
and licences transferred in strict accordance with the regulations
imposed by Free Software licences, including, but not limited to, the
GNU General Public Licence (GPL) or the GNU Lesser General Public
Licence (LGPL) respectively. In the event FSFE violates the principles
of Free Software, all granted rights and licences shall automatically
return to the Beneficiary and the licences granted hereunder shall be
terminated and expire.
Some questions come to mind. What principles, precisely? How would you know when they are violated if they are not listed? We certainly have some guidance. The Free Software Foundation Europe is committed to following publicly defined principles. The Free Software Foundation Europe (FSFE) is a non-profit and (in some countries) a charitable non-governmental organization dedicated to Free Software as in freedom, so that restricts what it can and can't do. Their principles are listed here and in a longer version here. I would assume, then, that a violation of the principles of Free Software would be any action undertaken with the intent to violate one of the famous four software freedoms. But if one has concerns about assigning copyright, then it's something to factor in to the decision. Legally, FSFE could do things it almost certainly never would, such as relicense. If you have control issues, the best thing would be to seek legal advice. That's always good advice anyway. And some may choose to set up their own foundation, to establish certain ground rules of their own, for that very reason. The choice is yours. Finally, if you choose to assign copyrights to FSFE, German law applies to the agreement as the default, unless otherwise negotiated, and any conflicts would have to be settled in Munich. The license is being released under the GNU Free Documentation License (GFDL) and the Creative Commons Attribution/Share-alike (CC by-sa) licenses. The FLA was written by Dr. Axel Metzger (ifrOSS) and FSFE in consultation with other international legal and technical experts, and the final version was then compiled by Georg Greve, president of the Free Software Foundation Europe (FSFE) and Shane M Coughlan based on feedback provided by Dr. Lucie Guibault of the Institute for Information Law in the Netherlands. The final text of the license is expected to be released on February 1.
Embedded Linux: Using Compressed File SystemsThis series is all about making small systems, from the kernel on up. In the first part I covered the TinyLinux project and its eventual integration into the kernel to help reduce kernel sizes for small systems. In the second part, I looked at the use of the Initramfs and its role in providing a root file system (directly or indirectly) for an embedded system.Now it's time to look at getting applications and utilities into the system, still keeping an eye on size. The most direct approach is to use as few utilities as possible, even replacing /sbin/init with a single application. This is possible in very small systems but, generally speaking, if you only have a single application to run you probably didn't need the complexity of a multitasking system like Linux to run it anyway. There are other, smaller operating systems that might be better suited in that case. There are a number of ways to keep application layer tools small. If you have multiple applications and/or require the facilities in Linux, then you can (and should, for production systems) consider stripping your binaries of all symbols. The symbols are useful for debugging purposes but won't be of much value to your users. Additionally, using compile-time features to reduce size is another option, and will be the focus of the final article in this series. For now, we'll consider yet another option: using a compressed file system.
Compressed File SystemsFile systems provide the structure for managing files on storage media, such as disks or tapes. While a device driver knows how to get data to and from those devices, file system provide the logical structure of that data. There are a huge number of file systems types, ranging from the standard ext3 you'll find on many Linux systems to parallel and clustered file systems, to steganographic file systems that can both encrypt and hide data on the media. (Note that Wikipedia has a nice long list of file systems). A compressed file system is one that uncompresses data as it is retrieved and may or may not compresses data as it goes into the storage media. Working with compressed files is an obvious benefit for saving space on small systems. The decision to use a compressed file system is usually based on the storage media you'll use in your system. A ram-disk based system, for example, might copy data from flash into the ramdisk. Since RAM is essential for system operation the size of the ram disk would probably be best kept small. Compact flash or hard disk based systems, on the other hand, offer more storage but may still be too small to fit all the required files without some sort of compression. While compressed file systems offer you more space for files, they also may affect performance. There may be unacceptable overhead in managing the decompression of large files at run time. And compressing files on the fly is computationally expensive; random writes of compressed data is difficult to achieve. Therefore it is far more common for compressed file systems to be read-only. Compressing data is a common practice for live CD distributions, which use compression to squeeze a more complete distribution onto the limited size of a CD or DVD. But many of the live CD distributions don't actually use a compressed file system, instead using an conventional file system image made up of compressed blocks which are uncompressed when read using the "cloop", or compressed loopback, device. But this isn't a compressed file system. It's a block level device handling compressed data. The Knoppix distribution popularized the use of cloop when its author, Klaus Knopper, picked up support of the driver. Many other live CDs followed suit. One advantage of using this kind of compressed image is that, since the blocks are compressed independently, it is possible to seek to specific blocks without uncompressing all the blocks. The disadvantage of such a device is that the entire image must fit into memory in order to be uncompressed. An example of a real compressed file system is CramFS, a file system popular with embedded users of the 2.4 kernel for use with the initrd image. This file system actually has compressed files with uncompressed metadata. The files are placed in the file system from a standard directory using the mkcramfs program, which compresses the files one page at a time. This is done, for example, when creating an initrd image. Another example of a compressed file system is e2compr. This is actually a set of patches to make the well known EXT2 file system handle on-the-fly compression and decompression. It supports both 2.4 and 2.6 kernels, but has not been submitted for inclusion in either because of the complexity of the patches. As with CramFS, metadata in e2compr is not compressed.
SquashFSA more recent (and more actively supported, the last updates coming in mid January 2007) compressed file system is SquashFS. SquashFS is a kind of successor to CramFS because it aims at the same target audience while providing a similar process for creation and use of the file system. What makes SquashFS an improvement over CramFS is best stated by Phillip Lougher in a linux-kernel mailing list post: "SquashFS basically gives better compression, bigger files/file system support, and more inode information." Both SquashFS and CramFS use zlib compression. However, CramFS uses a fixed size 4KB block while SquashFS supports from 0.5KB to 64KB. This variable block size allows for much larger file systems under SquashFS, something desirable for complex embedded systems like digital video recorders. Also SquashFS supports compression of both the metadata and block fragments while CramFS does not. And, while CramFS is integrated with the kernel source, SquashFS is not. It comes as a set of kernel patches and the driver module. The CELinux Forum provides some comparisons of SquashFS against other file systems (compressed and uncompressed).
JFFS2Another compressed file system is JFFS2, the Journaling Flash file system, version 2. It was designed specifically for use with both NOR and NAND flash devices, and recently received an update via David Woodhouse for the NAND flash memory being used in the OLPC project. JFFS2 is actually a bit more sophisticated than SquashFS because it provides mechanisms for plugging in different compression algorithms, including not using any compression at all. But unlike SquashFS, JFFS2 is integrated into the kernel. So if you're building an embedded system with flash storage, wouldn't you be better with JFFS2? Not necessarily. According to the OpenWRT project, which uses both SquashFS and JFFS2, SquashFS provides better performance than JFFS2. Additionally, at least in the case of the few files that need to be updated for a production version of the project, there is little advantage to using a read/write JFFS2 compressed root file system with respect to the performance hit it incurs vs a read-only SquashFS root file system used with a writable JFFS2 file system for stored files. JFFS2 is a read/write file system while SquashFS is a read-only file system. A runtime system very often needs to write to its root file system. Imagine making updates to /etc/hosts, for example, as you might with a embedded video recorder client trying to access a server backend on a local network. If writing to the file system is required for an embedded system, how could you use SquashFS at all? Some projects, like OpenWRT, use a hybrid system that uses a read-only root file system mixed with a read/write file system for saving files. In such a hybrid you might use special configurations or modified applications to access read/write file systems, but that doesn't help if you need write access to /etc/hosts on a read-only file system. What you need is a method of having parts of the directory structure writable while other parts are read-only. What you need is a stackable file system like UnionFS.
Using UnionFS: BusyBox and SquashFS togetherUnionFS is a mechanism for mounting two directories from different file systems under the same name. For example, I could have a read-only SquashFS file system and a read/write JFFS2 file system mounted together under the root directory so that the JFFS2 would be /tmp and /etc while the SquashFS might be everything else. So how might you use this with a compressed file system and our BusyBox based utilities we created in the last article? First, we build our kernel with SquashFS patches and then build the UnionFS driver as a loadable module. Next, we build BusyBox with all the runtime utilities we need and install the result to a local directory on the build machine, let's call it "/tmp/busybox". Next, we package those files into a compressed SquashFS file system:
mksquashfs /tmp/busybox /tmp/busybox.sqfs -info
This command takes the contents of /tmp/busybox and compresses it into a file system image in /tmp called busybox.sqfs. The -info option increases verbosity, printing the filenames, original size and compression ratio as they are processed. We then create an initramfs with another build of BusyBox that has only minimal utilities - enough to do mounting of the loopback device and loading kernel modules, plus the UnionFS module we built previously (which we manually copy into the directory after we rebuild BusyBox). We might add support for other devices like a CDROM if we store the SquashFS file there or JFFS2 and support for flash memory if we store the SquashFS file there. At runtime, I need a writable file system to go with my read-only SquashFS file system. I'll use the tmpfs file system which puts all the files I'll write at runtime in virtual memory. In my init script for my initramfs, I add:
mkdir /.tmpfs
mount -w -t tmpfs -o size=90% tmpfs /.tmpfs
mkdir /.tmpfs/.overlay
The overlay directory will be used to store data written by my embedded system. When you boot your 2.6 kernel, you'll have a BusyBox based initramfs with an init script and your SquashFS file system (or a way to get to that file system via commands in your init script). I'm mounting the busybox.sqfs file from the root directory of a CD over the loopback device onto a directory in my initramfs, so I add the following to the init script:
mkdir /.tmpfs/.cdrom mount -r -t iso9660 /dev/cdrom /.tmpfs/.cdrom losetup /dev/loop0 /.tmpfs/.cdrom/root.sqfs Then I can mount the loopback device as a SquashFS file system to another directory I've created in my tmpfs:
mkdir /.tmpfs/.sqfs mount -r -t squashfs /dev/loop0 /.tmpfs/.sqfs UnionFS mounts multiple directories, in either read-only or read-write mode, onto a single directory. In the init script, I place three directories side by side under a single UnionFS directory:
mount -w -t unionfs -o \ dirs=/.tmpfs/.overlay=rw:/.tmpfs/.cdrom=ro:/.tmpfs/.sqfs=ro \ unionfs /.union What this does is place all three directory structures, which are referred to as branches under UnionFS, under /.union; any conflicting directory names are resolved by taking the first one found, searching the branches left to right. So if there is an /.tmpfs/.overlay/etc/hosts (a file we've created at runtime, for example), it takes precedence over /.tmpfs/.sqfs/etc/hosts. With this command, when you write to /.union (which later becomes the root directory due to a switch_root in the init script), the writes go to the read/write directory which is on the tmpfs file system. But this writable space is in memory and won't survive reboots. If you need to save data between boots, you could mount a compact flash drive under /.tmpfs/cf and use that instead of /.tmpfs/.overlay in the previous mount command. Which directory gets the write if there are two read-write branches? UnionFS uses "copy-up", which causes any attempt to write to a read-only branch to be written to the next read-write branch on its left. Imagine creating a SquashFS for /etc, one for /var and one for everything else in your root partition. Then if you had 2 compact flashes you could use one for writes to /etc and one for writes to /var simply by ordering these correctly when you mounted them under the UnionFS file system. UnionFS is considered by some to be too buggy for production use, though I've never had much trouble with it when building live CDs. If you experience problems using UnionFS, you might consider AuFS as an alternative. AuFS started out as a rewrite of UnionFS but has since evolved into its own file system. SLAX, a Slackware based live CD that originally used UnionFS, has migrated to AuFS. In fact, a bug bounty was offered by SLAX for a bug and the winner of that bounty, Junjiro Okajima, is the author of AuFS.
Next in the series: uClibcThis long running series (it's taken me awhile to write each of the three articles so far) has one piece left: using uClibc to reduce program size. This is a reduced size version of the standard glibc library, specifically built for small footprint systems.
An LWN reader surveyThe first announced LWN Weekly Edition was published on January 29, 1998 - though we had quietly put out a test issue the week before. So, it seems, we just had our ninth birthday. We could never have imagined we would still be at it after this many years - but we have no intention of stopping now. Thanks to all of you for keeping us going for so long.Every now and then, an LWN reader notes that there have been no "state of LWN" postings in recent times. There is a reason for that: LWN is supposed to be about the Linux and free software community. LWN talking about itself just seems less interesting, somehow. There is another reason, however: things simply have not changed that much. The number of subscribers grows very slowly; subscription counts still have not reached a level where LWN can truly be said to be paying for itself. We would like to change that, and make LWN better in the process. To that end, we would like to get a better handle on what our subscribers think of LWN now. For our subscribers: if you could please take a few minutes and give us your input on the ups and downs of LWN, we would more than appreciate it. The survey will remain open until February 8. For those coming after that date, you can see what answers we got by going directly to the results page. Thank you for helping us to make LWN better.
Security Who owns your domain?Using a domain registrar to reserve a domain seems a relatively straightforward transaction; one pays the registrar to ensure that the domain resolves to the addresses specified. The content at the domain would seem to be the responsibility of the registrant, leaving the registrar unconcerned with anything other than the technical DNS issues and making deposits. Unfortunately, that is not always the case as Fyodor (of Nmap fame) found out recently when GoDaddy effectively shut down his seclists.org site. With essentially no warning, GoDaddy stopped anyone from viewing the content of seclists (an excellent, comprehensive archive of security mailing lists) due to a complaint from MySpace. Evidently concerned about MySpace username/password lists that were floating around the Internet and being posted to mailing lists, such as full-disclosure, MySpace went directly to the registrar of a site that archives the list. They made no attempt to contact Fyodor, whose email is prominently listed on the seclists contact page, to request that he remove the offending posts. When contacted, GoDaddy evidently deliberated for a minute or two before rerouting DNS requests for seclists.org to NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM. One would like to think that a registrar might require a complaining party to take some steps to try and have the offending content removed. One would also hope that a registrar might check with their customer about the complaint before taking any action. Unfortunately, if one uses GoDaddy, neither of those is likely to be the case. GoDaddy was willing to completely block access to content, the vast majority of which is outside the scope of the complaint, based on a single request from a large company. It is also unclear what steps GoDaddy took to confirm the validity of the complaint before shutting down the site. One would hope that randomly calling GoDaddy and claiming to be from MySpace (or another large organization) would not be a route to shutting down sites. In Fyodor's account of the incident, he had to make numerous attempts to contact someone at GoDaddy to even find out why the site had been blocked. GoDaddy did not even see fit to tell their paying customer why they blocked the site and provided no easy route for reinstatement. This kind of behavior is not likely to lead to customer satisfaction; unsurprisingly, Fyodor is currently looking for a new registrar. He has also started the NoDaddy site to document abuses by GoDaddy and to help find alternative providers that will not cave in to the slightest pressure. After numerous phone calls and emails, Fyodor was finally able to get the site back up. He was quite willing to remove the content that so offended MySpace as he has in the past for content, mostly from the full-disclosure list, that has generated legitimate complaints. It should be noted, however, that removing the content from seclists.org did almost nothing to fix the problem; much like trying to put toothpaste back in the tube, reversing an information leak onto the Internet is well nigh impossible. Worse yet, the way they went about things caused enough of a stink that now even casual observers know how to track down this password list; the malicious folks, of course, already had it. This story might have been less damaging to GoDaddy (and MySpace for that matter) had they admitted a mistake was made and that in the future they would make some efforts to work with their customer to resolve complaints. Instead, they did the opposite and went on the offensive claiming that giving any notice was "generous" while essentially admitting that the notice was on the order of one minute. They were also quick to play the "its for the children" card in defending their actions. Somehow the fact that the lists had been available for nine days and that MySpace did nothing at their end (such as suspending the accounts if there was a password match from the list) to alleviate the problem, went completely over the heads of the folks at GoDaddy. It seems implausible that MySpace would put up with the same treatment. If one were to find a page at MySpace with a list of usernames and passwords for that site or some other site frequented by teenagers, does that mean you can have MySpace routed to spam-and-abuse.com with a simple phone call to their registrar? The whole idea of registrars participating in web censorship is a slippery slope and one that sensible registrars will avoid; do they want to be in the middle of these kinds of disputes? It probably seemed very easy to GoDaddy in this case, MySpace vs. a 'hacker', but where are they going to draw the line? For domain owners, this situation should provide an opportunity to go back and review the Terms of Service at your registrar. A community effort, like the one at NoDaddy, can hopefully identify a number of registrars who are more interested in providing the service they are paid for to the people who pay them than they are in appeasing the MySpaces of the world.
New vulnerabilities bind: denial of service
cvstrac: denial of service
rmake: privilege escalation
ulogd: buffer overflow
Updated vulnerabilities acroread: multiple vulnerabilities
apache: cross-site scripting
bind: denial of service
bluez-utils: hidd vulnerability
bugzilla: multiple vulnerabilities
busybox: insecure password generation
cacti: multiple vulnerabilities
centericq: buffer overflow
cpio: arbitrary code execution
vixie-cron: privilege escalation
cscope: buffer overflows
cscope: buffer overflows
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
dbus: denial of service
dovecot: index cache file handling error
ed: symlink attack
elinks: arbitrary file access
fetchmail: password disclosure and DOS
ffmpeg: buffer overflows
Mozilla stuff: multiple vulnerabilities
freeradius: several vulnerabilities
freetype: integer overflows
ftpd: privilege escalation
gcc: file overwrite vulnerability
gdb: buffer overflow
gdm: improper file permissions
gedit: format string vulnerability
geoip: path traversal
gnupg: stack overwrite
grip: buffer overflow
gtk2: denial of service
gv: stack-based buffer overflow
gzip: multiple vulnerabilities
horde-kronolith: local file inclusion
imagemagick: buffer overflows
ImageMagick: buffer overflows
imlib2: arbitrary code execution
java: multiple vulnerabilities
kdelibs: integer overflow
kdelibs: kate backup file permission leak
kdenetwork: denial of service
kernel: denial of service
kernel: denial of service
kernel: denial of service by memory consumption
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
koffice: integer overflow
krb5: uninitialized pointers
krb5: local privilege escalation
libgadu: memory alignment bug
libgtop2: buffer overflow
libmodplug: boundary errors
libpng: buffer overflow
libpng: heap based buffer overflow
libsoup: denial of service
libtiff: buffer overflow
libvncserver: authentication bypass
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lynx: arbitrary command execution
mysql: format string bug
MySQL: privilege violations
MySQL: logging bypass
nbd: arbitrary code execution
ncompress: buffer underflow
netrik: insufficient escaping
openldap: security bypass
OpenSSH: denial of service
openssh: privilege separation issue
openssh: remote denial of service
php: several vulnerabilities
php: buffer overflows
phpbb2: missing input sanitizing
phpbb2: multiple vulnerabilities
poppler: denial of service
postgresql: SQL injection
proftpd: denial of service
proftpd: stack-based buffer overflow
quake: buffer overflow
rpm: arbitrary code execution
shadow-utils: mailbox creation vulnerability
squid: denial of service
squirrelmail: multiple cross-site scripting vulnerabilities
unzip: long file name buffer overflow
w3c-libwww: possible stack overflow
xine: format string vulnerabilities
xine-lib: buffer overflow
xine-lib: buffer overflow
xine-ui: format string vulnerabilities
xinit: race condition
X.org: local privilege escalations
X.org: integer overflows
xpdf: buffer overflow
xsupplicant: potential code execution
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch is 2.6.20-rc7, released on January 30. Says Linus: "Yes, I know I said I would only do -rc6 and then the final 2.6.20, but the thing is, the known regressions list didn't get whittled down as quickly as I hoped, and as a result we now have a -rc7." There's a fair number of fixes in this release, but not much else.Previously, 2.6.20-rc6 was released on January 24. It includes quite a few fixes and a couple of new memory technology device (flash) drivers. As of this writing, no patches have been added to the mainline git repository since the -rc7 release. The current -mm tree is 2.6.20-rc6-mm3. Recent changes to -mm include a big ACPI update, a new set of dynamic tick and high-resolution timer patches, sysfs shadow directory support, a rework of page cache accounting, preemptible RCU, and a massive set of sysctl() cleanup patches. For older kernels: 2.6.16.39 was released on January 31. It fixes a relatively small number of problems, none of which have immediately obvious security implications.
Kernel development news Quotes of the week
[T]he time taken to do a community graphics driver for any GPU where
specs have been available approaches infinity, unless the vendor
actually does the driver or pays someone to do the driver the hope
of a community supported driver reaching maturity while the product
is still available is slim.
-- Dave Airlie
So yes, if a user reports a bug that's attributable to a single bit
memory error that's otherwise unreproduced and unexplained, it's
totally reasonable to chalk it up to cosmic rays until some sort of
pattern of reports emerges.
-- Matt Mackall
Free Linux driver development offeredGreg Kroah-Hartman has sent out an offer to the hardware industry: the kernel development community will write its device drivers for free. "No longer do you have to suffer through all of the different examples in the Linux Device Driver Kit, or pick through the thousands of example drivers in the Linux kernel source tree trying to determine which one is the closest to what you need to do." There is nothing new here, of course, but it is a clear description of the benefits of providing hardware information.
A report from the Linux wireless developers meeting
A summary of 2.6.20 API changesAs of this writing the final 2.6.20 kernel has not yet happened. It is close, however. Since any internal API changes meant for 2.6.20 should have happened at least a month ago, it should be safe to put a summary of the most significant changes. There have been a few of them in this kernel cycle, some of which caused widespread churn through the code base.
For those looking forward to what might happen in 2.6.21, a couple of significant changes can be predicted. The old SA_* flags used with request_irq() are likely to go away; the newer IRQF_* flags should be used instead. There is also a timer API change waiting for the next development cycle. Beyond that, a surprise or two is guaranteed; watch LWN for the details as the patches get merged.
Network namespacesIn recent times there has been quite a bit of attention paid to hypervisors and full virtualization (or paravirtualization) solutions. The proponents of the container approach - where all virtualized systems run in well-contained sandboxes on the host's kernel - have been relatively quiet. They have not been idle, however, as can be seen in the large amount of work going into network namespaces.For the container approach to work, every global resource in the system must be wrapped in some sort of namespace. This wrapping has been done for some relatively simple resources, such as the utsname information or process IDs; some of the resulting code has already found its way into the mainline. There is not a whole lot of use, however, for containers which are completely isolated from the rest of the world; usually some sort of networking capability is needed. For example, containers can usefully contain a web browser (keeping it from exposing the rest of the system should it prove vulnerable) or a web server - but only if networking works. But containers should not be able to see each others' packet streams, and, ideally, should be able to bind to the same ports without interfering with each other. Making that work requires network namespaces. These namespaces virtualize all access to network resources - interfaces, port numbers, etc., - allowing each container the network access it needs (but no more). As with all other problems in computer science, the network namespace issue can be addressed with another layer of indirection. There is a small problem with this approach, however: the networking code is a vast pile of complex, highly-tuned code overseen by developers who have little tolerance for changes which introduce performance overhead or potential bugs. Getting any sort of network namespace implementation merged is going to require quite a bit of very careful work. One approach can be seen in the L2 network namespace patch set posted recently by Dmitry Mishin. These patches concentrate on the lower levels of the network stack, trying to get proper namespaces established for network devices and the IPv4 layer. In an attempt to minimize churn in the networking code, the L2 namespace patch introduces the idea of the "current network namespace," kept in a per-CPU variable. The current namespace is implemented as a stack, with push and pop operations; in theory, it allows all network operations to happen within the proper namespace. Your editor was unable to convince himself that this scheme would work properly in the face of any sort of kernel preemption, but that may just be a matter of not having looked hard enough. The net_device structure gains a net_ns field, providing the namespace to which the device belongs. It is set to whatever namespace is current when the device is created. The device lookup functions have become namespace-aware; if a device does not belong to the current namespace, it becomes invisible. A different version of the loopback device is created for each namespace. Then, the IPv4 routing code has been extended so that each namespace gets its own set of routing tables. The code which matches incoming packets to sockets has also been made namespace-aware; there is still a single hash table, but the namespace has been made part of the match criteria. Network interfaces made up of real hardware will normally remain in the root namespace. Communication with other namespaces is made possible by way of a "virtual Ethernet" device, included with the patch set. A virtual device can be thought of as a wire into a restricted namespace; it presents one device within that namespace and one in the parent (normally root) namespace. Packets written to one end show up at the other. With the addition of a few routing rules in the root namespace, packets meeting the right criteria can be directed into (and out of) specific namespaces. The L2 namespace patch provides the plumbing for the creation of little virtualized Internets within a single system, but they do not yet provide complete isolation. A process within its namespace can reconfigure its interfaces, perhaps creating problems for the system as a whole. Tightening things down is left to the L3 namespace patch, posted by Daniel Lezcano. An L3 namespace is always the child of an L2 namespace; it is the end of the line, however, being unable to have child namespaces of its own. There are also no network admin capabilities in an L3 namespace; once an L3 namespace is created, it is stuck with whatever network configuration its parent gave it. The end result is that a contained system can be put within an L3 namespace and it should be able to perform networking without interfering with (or even seeing) other systems in other namespaces. A somewhat different approach can be seen in the network namespace patches posted by Eric W. Biederman. Eric, aware of the challenges involved in getting network namespaces merged, is far more concerned with the process than the specific namespace implementation. So his patches focus mostly on getting the internal APIs right. The first step is to figure out how network namespaces are to be represented. Rather than use a structure, Eric has opted for a mechanism which marks all network-related global resources in a special way. These resources get linked into a special section of the kernel which can be cloned when a new namespace is created. Each global variable becomes an offset into the per-namespace section; it must be accessed by way of a special macro. This approach appears cumbersome, but it has a couple of advantages. If a module with per-namespace variables is loaded, those variables can be added to each existing namespace on the fly. And, if namespaces are not in use, the overhead of the whole mechanism drops to zero. This is an important feature: to have a hope of being merged, a network namespace implementation will have to have no impact on systems which are not using it. The patch set (31 parts strong) then works through various parts of the networking API, adding a namespace parameter to functions which need it. There is no global "current namespace" concept in Eric's patches; it is, instead, an explicit parameter everywhere. Thus, for example, every function which creates a socket (they exist in every protocol implementation) gets a namespace parameter. The sk_buff structure (which represents a packet) has a namespace field assigned from either the process creating it (for outbound packets) or the device it was received from; the various protocol-specific functions are expected to take that namespace into account. Functions dealing with netlink sockets get namespace parameters, as do those which implement network device lookup, event generation, and Unix-domain sockets. Like the L2 patches, Eric's implementation includes a virtual network device (called "etun") which can be use to route packets between namespaces. Unlike the L2/L3 patches, Eric's work deals with the virtualization of the networking-related /proc, sysctl, and sysfs interfaces. Doing so requires adding shadow directory support to sysfs. Shadow directories loosen the connection between sysfs and the internal kobject hierarchy, allowing different namespaces to see different contents in the same locations. A key aspect of Eric's patch is that it implements little namespace mechanism. Instead, much of the networking stack is made to test the namespace it is given and fail if the root namespace is not in use. The idea is to get the interfaces right first, then to start to fill in the mechanism in relatively small pieces. The tests ensure that the network stack will not surprise users by doing the wrong thing if it is not yet fully prepared to handle non-root namespaces. Despite the posting of all these patches, the amount of discussion has been quite low. One gets the sense that the network developers have not yet started to take these patches seriously. This issue seems unlikely to go away, however; there remains a great deal of interest in getting container features into the mainline kernel. Sooner or later, this discussion is likely to take off.
Fibrils and asynchronous system callsThe kernel's support for asynchronous I/O is incomplete, and it always has been. While certain types of operations (direct filesystem I/O, for example) work well in an asynchronous mode, many others do not. Often implementing asynchronous operation is hard, and nobody has ever gotten around to making it work. In other cases, patches have been around for some time, but they have not made it into the mainline; AIO patches can be fairly intrusive and hard to merge. Regardless of the reason, things tend to move very slowly in the AIO area.Zach Brown has decided to stir things up by asking a basic question: could it be that the way the kernel implements AIO is all wrong? The current approach adds a fair amount of complexity, requiring explicit AIO handling in every subsystem which supports it. IOCB structures have to be passed around, and kernel code must always check whether it is supposed to block on a given operation or return one of two "it's in the works" codes. It would be much nicer if most kernel operations could simply be invoked asynchronously without having to clutter them up with explicit support. To that end, Zach has posted a preliminary patch set which simplifies asynchronous I/O support considerably, but doesn't stop there: it also makes any system call invokable in an asynchronous mode. The key is a new type of in-kernel lightweight thread known as a "fibril." A fibril is an execution thread which only runs in kernel space. A process can have any number of fibrils active, but only one of them can actually execute in the processor(s) at any given time. Fibrils have their own stack, but otherwise they share all of the resources of their parent process. They are kept in a linked list attached to the task structure. When a process makes an asynchronous system call, the kernel creates a new fibril and executes the call in that context. If the system call completes immediately, the fibril is destroyed and the result goes back to the calling process in the usual way. Should the fibril block, however, it gets queued and control returns to the submitting code, which can then return the "it's in progress" status code. The "main" process can then run in user space, submit more asynchronous operations, or do just about anything else. Sooner or later, the operation upon which the fibril blocked will complete. The wait queue entry structure has been extended to include information on which fibril was blocked; the wakeup code will find that fibril and make it runnable by adding it to a special "run queue" linked list in the parent task structure. The kernel will then schedule the fibril for execution, perhaps displacing the "main" process. That fibril might make some progress and block again, or it may complete its work. In the latter case, the final exit code is saved and the fibril is destroyed. By moving asynchronous operations into a separate thread, Zach's patch simplifies their implementation considerably - with few exceptions, kernel code need not be changed at all to support asynchronous calls. The creation of fibrils is intended to make it all happen quickly - fibrils are intended to be less costly than kernel threads or ordinary processes. Their one-at-a-time semantics help to minimize the concurrency issues which might otherwise come up. The user-space interface starts with a structure like this:
struct asys_input {
int syscall_nr;
unsigned long cookie;
unsigned long nr_args;
unsigned long *args;
};
The application is expected to put the desired system call number in syscall_nr; the arguments to that system call are described by args and nr_args. The cookie value will be given back to the process when the operation completes. User space can create an array of these structures and pass them to:
long asys_submit(struct asys_input *requests, unsigned long nr_requests);
The kernel will then start each of the requests in a fibril and return to user space. When the process develops an interest in the outcome of its requests, it uses this interface:
struct asys_completion {
long return_code;
unsigned long cookie;
};
long asys_await_completion(struct asys_completion *comp);
A call to asys_await_completion() will block until at least one asynchronous operation has completed, then return the result in the structure pointed to by comp. The cookie value given at submission time is returned as well. Your editor notes that the current asys_await_completion() implementation does not check to see if any asynchronous operations are outstanding; if none are, the call is liable to wait for a long time. There are a number of other issues with the patch set, all acknowledged by their author. For example, little thought has been given to how fibrils should respond to signals. Zach's purpose was not to present a completed work; instead, he wants to get the idea out there and see what people think of it. Linus likes the idea:
Yee-haa! [...]
I heartily approve, although I only gave the actual patches a very cursory glance. I think the approach is the proper one, but the devil is in the details. It might be that the stack allocation overhead or some other subtle fundamental problem ends up making this impractical in the end, but I would _really_ like for this to basically go in. There are a lot of details - Linus noted that there is no limit on how many fibrils a process can create, for example - but this seems to be the way that he would like to see AIO implemented. He suggests that fibrils might be useful in the kevent code as well. On the other hand, Ingo Molnar is opposed to the fibril approach; his argument is long but worth reading. In Ingo's view, there are only two solutions to any operating system problem which are of interest: (1) the one which is easiest to program with, and (2) the one that performs the best. In the I/O space, he claims, the easiest approach is synchronous I/O calls and user-space processes. The fastest approach will be "a pure, minimal state machine" optimized for the specific task; his Tux web server is given as an example. According to Ingo, the fibril approach serves neither goal:
Now where do all these LWP, fibre, firbril, micro-thread or N:M
concepts fit? Most of the time they are just a /weakening/ of the
#1 concept. And that's why they will lose out, because #1 is all
about programmability and they don't offer anything new: because
they cannot. Either you go for programmability or you go for
performance. There is /no/ middle ground for us in the kernel!
Ingo makes the claim that Linux is sufficiently fast at switching between ordinary processes that the advantages offered by fibrils are minimal at best, and not worth their cost. Anybody wanting performance will still have to face the full kernel AIO state machine. So, he says, there is no real advantage to fibrils at this time that are worth the cost of complicating the scheduler and moving away from the 1:1 thread model. These patches are in an early stage, and this story will clearly take some time to play out. Even if a consensus develops in favor of the fibril idea, the process of turning them into a proper, robust kernel feature could make them too expensive to be worthwhile. But it's an interesting idea which brings a much-needed fresh look at how the kernel does AIO; it's hard to complain too much about that.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Memory management
Networking
Architecture-specific
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials gNewSense makes senseA relatively new Linux distribution has emerged whose mission is to provide a completely free and open source Linux distribution. gNewSense (originally known as gnubuntu and Gnuiscance) is designed for those who just want to use free software for everything in their operating system. Based on Ubuntu, the gNewSense Linux distribution is officially supported by the Free Software Foundation. Even though gNewSense is based on Ubuntu, it stands out from other Linux distributions since it does not focus on having numerous features; its goal is to produce a completely free distribution--in every aspect.gNewSense was created by Paul O'Malley and Brian Brazil, two Irish FOSS (free and open source software) advocates. The distribution was born because neither Ubuntu nor Debian meets O'Malley and Brazil's definition of a completely free distribution. Builder, a program that was developed in-house, was created to assemble gNewSense and it also aids the creation of a new GNU/Linux distribution based on Ubuntu 6.06 Dapper Drake. It requires that a large amount of disk space be reserved, since it downloads over 25 gigabytes of data. Builder not only configures most of the distribution but it also creates a Live CD of the newly created Linux distro. The gNewSense distribution differs from its parents in many ways, primarily in the removal of some non-free firmware from the Linux kernel. Furthermore it includes several software development tools such as gcc, make, and GNU Emacs which it installs by default, and it only runs on the x86 platform. To cater to hackers, bsdgames and nethack are also installed. The gNewSense community's beliefs on kernel firmware are stricter than Fedora's so that gNewSense users can be one hundred percent free of proprietary software. The second major difference between it and Ubuntu is gNewSense's repository changes. The "multiverse" repository is disabled and the "restricted" repository was removed entirely. gNewSense encourages users to download free and open source software by enabling the "universe" and "main" repositories. Although most software in the "universe" repository is free and open source, the gNewSense team has been forced to remove several packages that were not completely free due to licensing issues, such as nvidia-xconfig (a package to configure non-free drivers) and gstreamer-0.10-plugins-ugly-multiverse (which allows gstreamer applications to play a myriad of closed-source codecs). In the kernel, over 115 files that are in Ubuntu that did not comply with gNewSense's free software beliefs were removed from project since its 1.1 release earlier this month. Recently, gNewSense has been making some changes and considering others. The community recently set up a forum and although gNewSense provides its users with full security updates, they are also planning a community-managed software repository, with some of the same principles of the Fedora community (which maintains livna.org). The community managed repository would be for software that gNewSense will not distribute. Some users have also proposed a new distribution logo which combines the aspects of the Ubuntu and GNU logos. The results look promising. Some potential users may be discouraged by a question that was raised about the frequency of gNewSense package updates. Brian Brazil responded "7 months isn't old, it's actually very new. 10 years is old. Stability is important, and it's a lot easier to track LTS which has major changes once every 3 years, rather than every 6 months. Thus far, noone [sic] has put any effort into working on the non-LTS releases." This could be one disadvantage to using gNewSense over Fedora. gNewSense is a great example of what a completely free Linux distribution should be. It allows its users to free themselves from proprietary clutches with ease of the apt package manager, while giving it the stability and speed of Ubuntu and Debian. This project has a promising future.
New Releases Foresight Linux 1.0 goes gold (DesktopLinux.com)DesktopLinux.com carries an announcement of the Foresight Linux 1.0 release. "Project maintainer Ken VanDine on Jan. 28 announced the release of Foresight Linux 1.0, the first stable release of the rPath-based desktop Linux distribution after nearly two years of development. It sports a new 2.6.19.2 kernel and the GNOME desktop environment."
LFS LiveCD 6.2-5 releasedA new stable version of the Linux From Scratch LiveCD, v6.2-5, has been released. This version has features a 2.6.16.38 kernel, and several bug fixes.
openSUSE 10.2 Live DVD availableopenSUSE 10.2 Live DVD image is available. "The Live DVD image has a size of 1.7 GB and can be used on every x86 compatible system with at least 512 MB of memory. It contains a base desktop system (KDE and Gnome) with applications for office, multimedia and internet usage."
Trustix Secure Linux 3.0.5 RC 1The first release candidate for Trustix Secure Linux 3.0.5 is available for testing. This release features a 2.6.19.2 kernel, MySQL 5.0.27 plus lots of security and bug fixes.
Distribution News Ubuntu Live: Call for Participation is OpenUbuntu Live is the first official conference dedicated to Ubuntu users. "Program chairs are building an event that will offer expert-led tutorials, big-picture plenary gatherings, focused sessions, and a lively "hallway track" to bring participants face to face with the worldwide Ubuntu community." Ubuntu Live is happening July 22-24, 2007 in Portland, Oregon, right alongside the O'Reilly 2007 Open Source Convention (OSCON). Proposals are due by February 14, 2007.
openSUSE-community.orgA new website for the openSUSE community has been unveiled. openSUSE-Community.org. "We invite all openSUSE users to contribute and use the pages on the website there, and hope that with the help of the entire community we can make it a truly valuable and unified resource, along with openSUSE.org."
SUSE Style Guides Open to the CommunityThe style guidelines of SUSE documentation and program texts have been released as an openSUSE project hosted by Novell Forge. "These guides should apply to both internal and external openSUSE projects, so your participation can influence the future of texts in YaST and the official manuals, among other things. The guides are licensed under the GFDL to allow other projects to take advantage them."
New openSUSE Mailinglists - networking/usabilityThe openSUSE project has two new mailing lists available, one for networking and the other for usability discussions. Click below for subscription information.
Metisse: you thought you knew what 3D was...Mandriva has announced plans to integrate the Metisse window system into its next distribution and unveils this technology in a Live CD. "Metisse is a window management tool in 3D developed by two French researchers from the In Situ project, available under the GPL license, for Linux only. Contrary to a 3D graphical environment (a "cube"), Metisse offers an innovative way to manage windows: only the windows move, making the possible variations endless. Metisse is not a 3D desktop but a Human-Computer Interface (HCI) technology."
Commercial DVR Software Comes to Desktop LinuxLinspire, Inc. and SageTV have announced the availability of SageTV Media Center Version 6 for users of the Linspire and Freespire desktop Linux operating system.
Smolt: Fedora Hardware ProfilerSmolt is a hardware profiler for Fedora. The Fedora folks would like to get a better idea of what type of hardware is out there in the Fedora universe. It's still in beta but those of you running FC6 or newer (rawhide) can participate.
Congratulations and thank youMatthew Szulik, Chairman and CEO of Red Hat, has sent out this open letter. "On behalf of all Red Hat associates, I want to thank all members of the worldwide open source community for committing their time, skill and intellect in creating a free and open source success - the Fedora OS."
D-I RC2 kick-off (or: bits from the D-I team)Frans Pop has some bits from the Debian Installer team. "With the upload of the new kernel for Etch, we can now start seriously preparing the RC2 release of Debian Installer. As you all know, this is one of the main remaining things that needs to happen before Etch can be released."
New Distributions NimbleXNimbleX is a small but versatile operating system which is able to boot from a small CD, from flash memory like USB pens or MP3 players and even from the network. Because it runs entirely from a CD, USB or network it doesn't require installation or even much hardware. NimbleX is based on Slackware with the use of linux-live scripts. NimbleX 2007 is the current version. TuxMachines has this review of NimbleX 2007. (Thanks to Stefan Grigorescu)
Distribution Newsletters Debian Weekly NewsThe Debian Weekly News for January 30, 2007 covers an interview with Anthony Towns on Dunc Tank, status of the Alpha port, standards for how applications organize data and configuration files, a proposed Social Committe for Debian, a request for translation updates, a Debian-Installer Loader for win32, a new UTF-8 Migration Wizard, Debian at the Chemnitzer Linux-Tage 2007, and several other topics.
Fedora Weekly News Issue 75The Fedora Weekly News for January 29, 2007 has articles on Fedora 7 Test 1 Freeze, Fedora 7 Test 1 Approaching, Plymouth: The next generation RHGB, The Top Ten Reasons to Attend SCALE, Amanda 2.5.1p2 RPMS are available for Fedora Core 6, and much more.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for January 22, 2007 covers the release of Flash Player 9, Adopt-a-dev update, end of KBase and much more.
Ubuntu Weekly News: Issue #29The Ubuntu Weekly Newsletter for January 27, 2007 covers the new Ubuntu Scribes team, the Ubuntu Support Team, Ubuntu IRC Channels Statistics, LoCo News, Weekly Quiz Update, Changes in Feisty, OSDL Survey Says: Ubuntu most popular Linux Distro, Canonical named in top 20, and several other topics.
Minor distribution updates Source Mage Stable Grimoire 0.6 ReleasedSource Mage GNU/Linux has a new version of the Grimoire. "Users of stable merely need to run 'sorcery system-update'. Spells listed on the release wiki were tested and qualified to have no known defects of "gating" severity at the time of this release."
Package updates Debian Packages for 2.0.8 of Linux-HADebian packages of the recent Linux-HA (High Availability) 2.0.8 release are available for Debian Sarge (2.0.8-0bpo0 backports.org) and Sid/Etch (2.0.8-1 at debian.org).
Fedora updatesUpdates for Fedora Core 6: spamassassin (annoying typo fix), squirrelmail (clean up .orig files), systemtap (development refresh), crontabs (rebuilt), xorg-x11-drv-trident (update to 1.2.3), cman (synched to the latest RHEL5 cman package), enscript (bug fix), policycoreutils (update to upstream), xorg-x11-drv-mouse (update to 1.2.1), hsqldb (updgrade to 1.8.0.7), nautilus (fix crash), glib2 (update to 2.12.9), gtk2 (update to 2.10.8), gfs2-utils (new upstream sources), xorg-x11-drv-mga (mga-1.4.5-no-hal-advertising.patch), gnome-python2-extras (correct a packaging error), autofs (unspecified), pinfo (bug fixes), gnome-screensaver (bug fix), emacs (update to 21.4-17.3), dvgrab (new upstream release v2.1), PyQt (update to 3.17), sip (update to PyQt-3.17/sip-4.5), fetchmail (bug fix), libdv (new upstream release), netpbm (bug fixes), autofs (not specified), traceroute (bug fixes).Updates for Fedora Core 5: squirrelmail (clean up .orig files), gcc (update from gcc-4_1-branch), enscript (bug fix), gphoto2 (bug fix), spamassassin (annoying typo fix), pinfo (bug fixes), PyQt (update to PyQt-3.17/sip-4.5), fetchmail (bug fix), netpbm (bug fixes), sip (update to PyQt-3.17/sip-4.5).
rPath updatesUpdates for rPath Linux 1: conary, conary-build, conary-repository (Conary 1.1.16 maintenance release).
Ubuntu updatesUpdates for Ubuntu 6.10: app-install-data-commercial (added channels/opera.desktop and channels/realplayer.desktop), app-install-data-commercial (fix edgy-commercial channel description), xubuntu-system-tools (add debian/patches), lvm2 (fix dev_is_md check on big endian machines), system-tools-backends (no-change upload to edgy-updates), gnome-applets (no-change upload to edgy-updates), gnome-system-tools (no-change upload to edgy-updates), xubuntu-system-tools (no-change upload to edgy-updates), gnome-netstatus (no-change upload to edgy-updates), app-install-data-commercial (new opera/realplayer packages added), gnome-panel (no-change upload to edgy-updates), lvm2 (backport endian fix for dev_is_md from upstream), digikam (bug fixes), foo2zjs (bug fixes), udev (no-change upload to edgy-updates), azureus (bug fixes), python-imaging (backport of missing ${shlibs:Depends}), nautilus (debian patches), python-apt (protect against not-parsable strings sent from dpkg), epiphany-browser (debian patches).Updates for Ubuntu 6.06 LTS: app-install-data-commercial (added sugarcrm), synaptic (bug fix), app-install-data-commercial (fix capitalisation/description of sugarcrm and dapper-commercial.eula), glibc (bug fixes), lvm2 (fix dev_is_md check on big endian machines), lvm2 (backport endian fix for dev_is_md from upstream), mousepad (address issues raised by QA Team), apt (bug fixes), python-apt (protect against not-parsable strings sent from dpkg).
Newsletters and articles of interest Debian ARM accelerates via EABI port (LinuxDevices)LinuxDevices looks at Debian's ARM port. "Embedded system specialist Applied Data Systems (ADS) has contributed an experimental new root filesystem for the ARM architecture to the Debian project. Comprised of 9,877 packages and growing, the ADS-contributed filesystem offers greatly improved floating point performance, thanks to support for ARM's EABI (embedded application binary interface)." For more information on the ARM EABI see the wiki page. (Thanks to Lennert Buytenhek)
Expert shares secrets to saving thousands with K12LTSP (Linux.com)Linux.com looks at the K12 Linux Terminal Server Project. "The K12 Linux Terminal Server Project (K12LTSP) is a thin client distribution designed for use in schools. Recently, I was invited by Robert Arkiletian, a K12LTSP contributor, to see the software in action in his computer lab at Eric Hamber Secondary School in Vancouver, Canada. We talked about the system requirements for a K12LTSP installation, investigated the available software, and discussed the success of Arkiletian's own lab, which has saved his school thousands of dollars in hardware costs."
Inside PC-BSD 1.3 (O'ReillyNet)O'ReillyNet has an interview with three members of the PC-BSD release engineering team: Kris Moore, Director of PC-BSD, Andrei Kolu, PC-BSD Quality Manager and Charles Landemaine, translation coordinator.
Distribution reviews BSD goes live with FreeSBIE 2.0 (NewsForge)NewsForge reviews FreeSBIE. "Last year the Italian FreeBSD user group, GUFI, rekindled the FreeSBIE project to develop a live CD based on the FreeBSD operating system. After more than four months of development, and an equal number of beta releases, the project released FreesBIE 2.0 this month. Codenamed Clint Eastwood, the live CD is based on the recent FreeBSD 6.2 release, and is an ideal platform to experience BSD and learn how things are done in BSD land."
E is for elegant with Elive live CD (Linux.com)Linux.com reviews Elive. "Elive is a live CD Linux distribution based on Debian that uses the Enlightenment window manager. Elive aims to provide an aesthetically pleasing environment with a full suite of desktop applications that runs efficiently on older systems. Its developers aren't finished yet, but they've come a long way with Elive since the release of 0.3 more than a year ago. This CD shows how beautiful distributions can become without being bloated."
Ubuntu Christmas Edition and Linux Mint Review (OSWeekly)OSWeekly reviews Linux Mint and the Ubuntu Christmas Edition. Both projects strive to make it easier for users to install proprietary applications. "[It's] Ubuntu's perceived openness that both helped propel its adoption as well as hinder it. It's an interesting double edged sword as a large number of us from the Linux community have dropped our previous distributions in favor of using Ubuntu, but at the same time, we see people from the Windows world showing little patience with it when they discover that much of the things that they need to successfully make the switch are not included with this particular distribution."
Lesser known "mini" Linux runs from RAM (Linux Devices)Linux Devices covers the release of Mustang Linux 2.3.1. "Mustang Linux, a fork of Buffalo Linux and a newcomer to the "mini" Linux distribution field, achieved a v2.3.1 release earlier this month. The lightweight distro, which can run entirely from RAM, is based on a 2.6.16 kernel and offers a choice of desktops, the project team said. Like some other "mini" Linux distros, such as Puppy, Mustang boots from the CD and loads the base operating system into RAM, without requiring a hard drive. It occupies 168MB of RAMDISK and requires a system having a 586 (or greater) processor and at least 256MB of total RAM."
Pardus gives Linux a custom lift (Linux.com)Linux.com reviews Pardus 2007. "Apart from a KDE desktop and applications, the developers of the Pardus 2007 Linux distribution have built an entire distribution from scratch. Pardus, released last month, has its own multilingual installer, custom dependency-resolving package manager, and an INIT system that slashes boot times by several seconds. The distribution has come a long way since its first release in 2005, when it was based on Gentoo and lacked a package manager. Thanks to its custom tools, it's one of the easiest Linux distribution to run and manage."
Page editor: Rebecca Sobol Development The release of KDE 3.5.6The K Desktop Environment team has announced the release of version 3.5.6 of KDE:
The KDE Project today announced the immediate availability of KDE 3.5.6, a maintenance release for the latest generation of the most advanced and powerful free desktop for GNU/Linux and other UNIXes. KDE now supports 65 languages, making it available to more people than most non-free software and can be easily extended to support others by communities who wish to contribute to the open source project.
This release includes a number of bugfixes for KHTML, Kate, the kicker, ksysguard and lots of other applications. Significant features include additional support for compiz as a window manager with kicker, session management browser tabs for Akregator, templating for KMail messages, and new summary menus for Kontact making it easier to work with your appointments and to-do's.
The majority of changes documented in the KDE 3.5.6 Change Log are bug fixes, feature additions that address other problems and general code cleanup. Some of the new features introduced in this release include:
If you want to try KDE out, it has been integrated into this list of Linux distributions, the more adventurous may want to look at the KDE 3.5.6 Info Page for download and build instructions. New KDE users should delve into the Getting Answers to Your Questions document for background information.
System Applications Database Software Firebird 2.0.1 Release Candidate 1 is availableVersion 2.0.1 RC 1 of the Firebird DBMS is available. "The Firebird team has placed Windows and Linux kits of a Firebird 2.0.1 release candidate in the pre-release area. Feedback to the Firebird-devel or Firebird-test forums, please."
SQLite version 3.3.12 releasedVersion 3.3.12 of the SQLite DBMS has been announced. "The first published build of the previous version used the wrong set of source files. Consequently, many people downloaded a build that was labeled as "3.3.11" but was really 3.3.10. Version 3.3.12 is released to clear up the ambiguity. A couple more bugs have also been fixed and PRAGMA integrity_check has been enhanced."
Filesystem Utilities dbtoy 0.8 releasedStable version 0.8 of dbtoy has been announced. "DBToy is a FUSE-based filesystem for GNU/Linux that lets you browse the contents of a relational database through a set of directories and XML files. Additional formats can be obtained through XSL stylesheets."
oyepa 2.0 releasedStable version 2.0 of oyepa has been announced. "oyepa implements a "fake but working" tagging file system. Users can organize and retrieve documents based on the tags attached to them. No changes to the operating system or applications are [n]ecessary."
Interoperability Samba 4 technology preview release 4The fourth technology preview release of Samba 4 is available for testing. "Samba 4 is the ambitious next version of the Samba suite that is being developed in parallel to the stable 3.0 series. The main emphasis in this branch is support for the Active Directory logon protocols used by Windows 2000 and above. While we welcome your interest in Samba 4, we don't want you to run your network with it quite yet."
Mail Software Bogofilter 1.1.5 releasedStable version 1.1.5 of Bogofilter, a spam filter, is out. "This release fixes a problem in the block-on-subnets option and fixes a Makefile problem for MAC-OSX."
Security Sussen 0.34 releasedVersion 0.34 of Sussen, a configuration and vulnerability scanner, is out with bug fixes and other improvements.
Web Site Development Drake CMS v0.2.8 Alpha (SourceForge)Version 0.2.8 alpha of Drake CMS has been announced. "Drake CMS is a dynamic web authoring and content managment system; it can be installed in a few minutes, almost all databases are supported plus an embedded flat file database. Its top features are security, speed, easy management and high customization. Some features and bugfixing for this new version 0.2.8 release".
Midgard 1.8.2 releasedVersion 1.8.2 of the Midgard content management system is out. "Midgard 1.8.2 release includes major bugfixes and replication framework en[]hancements: Improved replication API, Major sitegroup and multilang fixes, Major stability fixes for PHP5 bindings".
Desktop Applications Audio Applications Ardour progressProgress continues on the Ardour digital audio workstation project, as told in the development diary. "Work is proceeding on getting Ardour 2.0 ready to enter the RC (release candidate) phase. Today, I managed to fix two significant issues". The Ardour fund raising effort is also moving forward, it has reached 78% of its February 28 goal of $8000.
eSpeak 1.19 releasedVersion 1.19 of eSpeak is out. "eSpeak produces good quality English speech. It uses a different synthesis method from other open source TTS engines, and sounds quite different. It's perhaps not as natural or "smooth", but I find the articulation clearer and easier to listen to for long periods. It can run as a command line program to speak text from a file or from stdin. A shared library version is also available."
Gnome Simple Stateful Music Player 0.1 releasedVersion 0.1 of Gnome Simple Stateful Music Player has been announced. "Gnome Simple Stateful Music Player is a small, simple music player that keeps out of your way whenever possible. It remembers what you were playing when you exited, and continues in the same place the next time you start. It doesn't build a database of your audio tracks: instead it works with your files and directories directly."
BitTorrent Applications Azureus 2.5.0.4 released (SourceForge)Version 2.5.0.4 of Azureus 2.5.0.4 is available. "Azureus is a powerful, full-featured, cross-platform Java BitTorrent client. This release contains new features, improvements and fixes, such as reduced memory footprint and faster startup times. This is primarily a bugfix release."
CAD Kicad 2007-01-15 releasedVersion 2007-01-15 of Kicad, an electronic printed circuit board CAD system, is out with bug fixes.
Data Visualization RRDtool 1.2.18 releasedVersion 1.2.18 of RRDtool, a logging and graphing utility for time-series data, is available. "Use it to write your custom monitoring shell scripts or create whole applications using its Perl, Python or PHP bindings." The source code and change information is available from the download area.
Desktop Environments GNOME 2.16.3 releasedVersion 2.16.3 of the GNOME desktop environment is out. "This is the final release in a series of point releases for the 2.16 branch. Come and see all the bug fixing, all the new translations and all the updated documentations brought to you by the wonderful team of GNOME contributors! While development continues on the GNOME 2.17/2.18 road, we didn't forget about making a new release that is rock solid. And simply better than the previous one."
GNOME 2.17.90 Development Release (GnomeDesktop)GnomeDesktop has announced the release of GNOME 2.17.90. "This release marks the start of the UI Freeze. If you break the freeze your picture will be added to the HIG under the heading "Banned for Life" and will have to live with the stigma of causing the "worst freeze ever"."
GARNOME 2.17.90 releasedVersion 2.17.90 of GARNOME, the bleeding-edge GNOME distribution, is out. "We are pleased to announce the release of GARNOME 2.17.90 Desktop and Developer Platform. This release includes all of GNOME 2.17.90 (aka 2.18.0 Beta 1), tweaked and updated with love by the GARNOME Team."
GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
The Road to KDE 4: Kalzium and KmPlot (KDE.News)KDE.News looks at upcoming versions of the Kalzium and KmPlot utilities. "And finally, the most visible change to Kalzium is the inclusion of the Kalzium 3D work, which turns the program into a 3D molecule viewer. Initially, it was developed by the Kalzium developers for use in this application only, but some collaboration has since happened and it will now be using libavogadro a library jointly developed by the Kalzium and Avogadro developers."
KDE Software AnnouncementsThe following new KDE software has been announced this week:
KDE Commit-Digest (KDE.News)The January 28, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "KGoldRunner begins the transition to a scalable graphics interface. okular gains support for DjVu metadata, and investigates the use of threaded text extraction in order to prevent interface freezes. Continued improvement in the font KControl configuration module. More 3d and contemporary effects in the kwin_composite branch. Multiple, discriminatory language spellchecking develops in Sonnet. Improved support for BMP and ZIP files in Strigi. Import of user documentation for Mailody. Optimisations in the Dolphin filemanager. An important stage in the replacement of kdesktop elements with krunner is completed. KTorrent makes exploratory moves towards a KDE 4 port. KSirc, an IRC client, is removed from KDE SVN."
Xorg Software AnnouncementsThe following new Xorg software has been announced this week:
Electronics Icarus Verilog 20070123 releasedDevelopment snapshot 20070123 of Icarus Verilog, an electronic simulation language compiler, has been announced, See the release notes for change information.
Games Eris 1.3.12 releasedVersion 1.3.12 of Eris has been announced. "Eris is the WorldForge client-side session layer, used by many existing clients. This is a development release, as the API may change prior to the final release of Eris 1.4.0. However, any changes should be minor and easy to incorporate into clients - testing is recommended and appreciated."Also, the WorldForge site mentions the availability of packaged versions of Ember, Sear and Cyphesis.
MaNGOS 0.6 released (SourceForge)Version 0.6 of MaNGOS is available. "MaNGOS is an object-oriented Massively Multiplayer Online Role-Playing Game Server (MMORPGS). It's an educational project, to help developers get familar with large scale C++ and C# development projects. Version 0.6 introduces a lot of improvements, and feature completions since MaNGOS 0.5 has been released."
Graphics K-3D 0.6.7.0 released (SourceForge)Version 0.6.7.0 of K-3D has been announced. "K-3D is the free (as in freedom) 3d modeling, animation, and rendering system. K-3D 0.6 is the third major release of K-3D. All users are strongly encouraged to upgrade to K-3D 0.6 for its completely rewritten user interface, many new features, and significantly improved stability over 0.4."
GUI Packages wxPython 2.8.1.1 releasedVersion 2.8.1.1 of wxPython, a GUI toolkit for the Python programming language, has been announced. "This release adds a few minor enhancements and a number of bug fixes designed to further stabalize the 2.8.x release series."
Interoperability Wine 0.9.30 releasedVersion 0.9.30 of Wine has been announced. "Wine 0.9.30 was released today, with the following main changes: Many improvements to Direct3D shaders and state management. Support for inter-process memory allocations. OLE32 marshalling fixes. Lots of bug fixes."
Multimedia Christine 0.0.3 releasedStable version 0.0.3 of Christine has been announced. "Christine lets you play your audio and video files in the same application. In a very very easy way. As christine is inte[n]ded to be small, and cute we currently had no support for internet radio station, but we will in the future."
Music Applications Goggles Music Manager 0.6.2 announcedVersion 0.6.2 of Goggles Music Manager is out with lots of new features. "Goggles Music Manager is a music collection manager and player that automatically categorizes MP3, MP4, Ogg Vorbis, FLAC, and Musepack files based on genre, artist, album, and song. There is no need to create playlists of any kind. Just select one or more artists and albums to start playing your music."
Office Suites OpenOffice.org NewsletterThe January, 2007 edition of the OpenOffice.org Newsletter is out with the latest OO.o office suite articles and events.
Video Applications PiTiVi 0.10.2 releasedVersion 0.10.2 of PiTiVi, a video editor, is available. "The goal of this series is to allow users to test new versions often, give their feedback, and remove bugs more often."
Languages and Tools C GCC 4.1.2 RC1Version 4.1.2 RC1 of GCC, the Gnu Compiler Collection, is out. "As with all prereleases, the issue of most concern to me is packaging. Therefore, please test the actual pre-release tarballs, rather than sources from SVN. Beyond packaging problems, I'm most concerned about regression from previous 4.1.x releases, since the primary purpose of 4.1.2 is to provide an upgrade path from previous 4.1.x releases, incorporating the bug fixes since 4.1.1."
Caml Caml Weekly NewsThe January 30, 2007 edition of the Caml Weekly News is out with new Caml language articles.
Haskell Haskell Weekly NewsThe January 31, 2007 edition of the Haskell Weekly News is online. A great number of new libraries and projects are announced.
XML Qexo 1.9.1 has been releasedVersion 1.9.1 of Qexo, the GNU Kawa implementation of XQuery, is available with a build fix. See the news file for more information.
IDEs KDevelop 3.4 announced (KDE.News)KDE.News has announced the release of KDevelop version 3.4, the KDE development environment. "The first major release in over a year closes more than 500 bugs. There is an impressive list of additional features including improved Qt 4 support, new debugging abilities, more attractive default user interface layout and improvements for C++, Ruby and PHP support. Packages are available for Kubuntu and openSUSE with unofficial builds for several others on the download page."
Sun and NetBeans community announce NetBeans 5.5 IDESun Microsystems, Inc. has announced the release of version 5.5 of the NetBeans 5.5 IDE for the Japanese, Simplified Chinese, Brazilian Portuguese and Traditional Chinese languages. "In addition, the NetBeans Translation Project has received numerous other language contributions including: Albanian, Azerbaijani, Czech, Dutch, French, German, Greek, Italian, Spanish and Swedish. A number of these language translations are the result of interest from Java User Groups around the world."
Profilers Valgrind 3.2.2 is availableVersion 3.2.2 of Valgrind, a suite of simulation-based debugging and profiling tools, is out. "3.2.2 fixes a bunch of bugs in 3.2.1, adds support for glibc-2.5 based systems (openSUSE 10.2, Fedora Core 6), further reduces memcheck's false error rate on all targets, improves support for icc-9.X compiled code, and brings modest performance improvements in some areas."
Page editor: Forrest Cook Linux in the news Recommended Reading GPL 3: An Open-Source Earthquake? (CRN)CRN has published a lengthy look at the GPLv3 debate. "An eventual detente is what open-source evangelist Bruce Perens predicts. 'There's usually about a two-year cycle where Linus [Torvalds] and some people have trouble with something, and then they work it out,' said Perens, who co-founded the Open Source Initiative. 'Despite their kicking and screaming, they eventually will go to GPL 3.'"
Fedora's metrics have ripple effect (Linux.com)Linux.com looks at Fedora's efforts to collect data from its users. "Fedora announced this month that by using a tracking tool to monitor unique IP addresses, it was able to determine that Fedora Core 6 now has more than one million users. What does all this metric gathering mean for future Fedora releases? Moreover, what does it mean for the Linux community at large? The answer on both counts: plenty."
PR's 'pit bull' takes on open access (Nature)Here's an article in Nature on how the scientific publishing industry is reacting to the open access movement. It seems they have hired Eric Dezenhall, a media consultant known for his attack-oriented tactics. "In an enthusiastic e-mail sent to colleagues after the meeting, Susan Spilka, Wiley's director of corporate communications, said Dezenhall explained that publishers had acted too defensively on the free-information issue and worried too much about making precise statements. Dezenhall noted that if the other side is on the defensive, it doesn't matter if they can discredit your statements, she added: 'Media messaging is not the same as intellectual debate'."
Trade Shows and Conferences Regional Ruby Conferences Are Taking Shape (Linux Journal)Pat Eyler's Ruby blog looks at regional Ruby conferences. "Last summer, I wrote about local Ruby events and the RubyConf*MI event that was (at that time) just announced. Since then, I've taken some time to write about regional conferences, and to encourage people to check out the Ruby Central grant program."
Companies PDF to become an open, ISO standard (Linux-Watch)Linux-Watch reports that Adobe is hoping to make PDF an ISO standard. "Adobe Systems Inc. on Jan. 29 announced that it has released the full PDF (Portable Document Format) 1.7 specification to AIIM, the Association for Information and Image Management. AIIM, in turn, will start working on making PDF an ISO standard."
Whatever happened to Diebold's brazilian Linux distro of choice? (Linux in Brazil)Linux in Brazil covers an attempt by Diebold to sell Linux PCs to the Brazilian government. "Dazed and confused? The brazilian Linux community was surprised this week with news about Diebold trying to sell Linux-running PCs to the brazilian government. And boy, Diebold seems to be having a hard time selling those "Flux Linux" based PCs to the Ministry of Communication."
IBM donates new privacy tool to open-source (ZDNet)ZDNet looks at Identity Mixer software. "IBM has developed software designed to let people keep personal information secret when doing business online and donated it to the Higgins open-source project. The software, called "Identity Mixer," was developed by IBM researchers. The idea is that people provide encrypted digital credentials issued by trusted parties like a bank or government agency when transacting online, instead of sharing credit card or other details in plain text, Anthony Nadalin, IBM's chief security architect, said in an interview."
Linspire's Linux software service goes cross-distribution (Computer Business Review)Computer Business Review reports on Linspire's plans to expand its Click and Run software delivery system to other Linux distributions. "CNR was originally designed to enable users of San Diego, California-based Linspire's Linspire OS to find, download, and install desktop applications and drivers, and was made available free of charge in August 2006 under the company Freespire community-led distribution. Via the new CNR.com web site, it will now also be made available as a service to users of the Debian, Fedora, openSUSE, and Ubuntu distributions during 2007, with other distributions expected to be added in 2008."
Business What's the best Linux for resellers? (Linux-Watch)Linux-Watch looks at Linux distributions for resellers. "I recently was contacted by a major Unix reseller. The company had a very simple question: with the writing on the wall for Unix growing bigger and bigger with every quarter, which Linux should they adopt? It's a good question, and the answer depends not just on the pluses and minuses of each Linux distribution, its distributors, and its channel programs, but what you bring to the table."
Interviews Liberty Alliance is alive and kicking (ZDNet)ZDNet interviews Roger Sullivan, president of the Liberty Alliance. "Q: What is the simple four-line definition of Liberty Alliance today? Sullivan: Liberty Alliance is an assembly of both enterprise customers as well as vendors from all around the world. We have come together to develop open standards for identity management. Historically, all of those standards have focused on federation protocols, one enterprise interacting with another enterprise in a secure way and being able to exchange identity credentials from one enterprise to the other."
Portrait: Rosegarden's D. Michael McIntyre (Linux.com)Linux.com interviews D. Michael McIntyre. "If there is anything like a "typical" member of the free/open source community, that template is probably nothing like D. Michael McIntyre. By profession a truck driver, McIntyre holds a bachelor's degree in Foreign Languages, and he's used his facility with words to document the popular Rosegarden project. He's since gone on to do whatever he sees that needs to be done on the project, and has become an integral part of the Rosegarden team."
Resources Desktop Linux 2006: The Year in Review (DesktopLinux.com)DesktopLinux.com has a report written by OSDL on the state of the Linux desktop. "This report will spotlight several of the most important advances for the Linux desktop in 2006, including improved desktop functionality, new applications, standards and interoperability, Linux distribution activities and market growth."
Reviews Denx rev's free embedded Linux distro (LinuxDevices)LinuxDevices covers an embedded Linux development kit. "Denx Software Engineering has updated its free embedded Linux distribution and development tool suite. "Embedded Linux Development Kit" (ELDK) Release 4.1 is based on a 2.6.19.2 Linux kernel and Denx's freely licensed U-Boot 1.2 bootloader, and features support for the Xenomai 2.3 real-time extensions."
New Drupal 5 shines (Linux.com)Linux.com reviews Drupal 5. "It's been five years since Drupal, the popular GPLed Web development framework, has had a major version release. The new Drupal 5, which debuted in earlier this month, was eight months in development and incorporates more than 1,000 patches from nearly half as many contributors. It also features overhauls and updates in system performance, usability, user interface, and theming."
IBM tunes up for Jazz open-source project (ZDNet)ZDNet looks at Jazz. "IBM is working on an open-source project called Jazz to promote programming tools for globally distributed teams. Set to launch in June at Jazz.net, the project will be based on work from IBM Research and its Rational tools division around geographically distributed collaborative software development."
A handful of reviews for the Nokia N800 (GnomeDesktop)GnomeDesktop.org has assembled a list of reviews of the Nokia N800. "A lot of reviews online these days for the recently released Linux/GTK-based Nokia N800 internet tablet: C|Net's review, MobileCrunch's, Brighthand's, MobileBurn's, NYTimes', ToughtFix's and my own at OSNews. There is also an interesting usability/comparison study, the N800 vs the Apple Newton!"
SourceKibitzer tracks open-source Java apps (Linux-Watch)Linux-Watch looks at SourceKibitzer, a website that tracks open-source projects written in Java. "SourceKibitzer is a group of Estonian-Russian-Swedish developers who together decided to create a knowledge base that adds transparency to open-source Java projects through analysis, benchmarking, and criticism. According to their estimates, there are already some 5,000 active Java open-source projects. At the site, the company has already checked into the Java projects of Apache, Codehaus, JBoss, and ObjectWeb and counts more than 500 projects."
Miscellaneous The cost of monoculture (Gen Kanai)Gen Kanai looks at technology decisions by South Korea's government which have led to an absolute Microsoft dominance there. "This nation is a place where Apple Macintosh users cannot bank online, make any purchases online, or interact with any of the nation's e-government sites online. In fact, Linux users, Mozilla Firefox users and Opera users are also banned from any of these types of transactions because all encrypted communications online in this nation must be done with Active X controls." (via BoingBoing).
A visual timeline of the Microsoft-Novell controversyArs Technica has some fun with a review of the Novell/Microsoft deal. "For your edification and amusement, we have translated the entire debate into the colorful patois of the average Internet message board and produced an informative visual guide that will illuminate the facts and show you what our favorite confrontational corporate executives are really saying."
Page editor: Forrest Cook Announcements Non-Commercial announcements OSS Student Lab deployed in VietnamVietLUG has announced the deployment of a Linux student lab at the Nam Thanh Cong elementary school in Hanoi, Vietnam. "With project fund of $850 and used monitors donated by VietLUGers residing in Vietnam and abroad, and IFI (Institut de la francophonie pour l'informatique), we are able to set up the lab with one server and 5 thin-clients. vnlinuxEDU (based on Mandriva and LiveCD project) utilizes terminal-server package to provide connectivity and applications, such as, kdeedu and gcompris to the thin-client workstations. SchoolTool is also included for teachers who wish to administer their students activities."
Patent Office Orders Re-Examination of Blackboard PatentThe United States Patent and Trademark Office (USPTO) has ordered re-examination of the e-learning patent owned by Blackboard Inc. in response to a request from the Software Freedom Law Center (SFLC). "SFLC, provider of pro-bono legal services to protect and advance Free and Open Source Software, had filed the request in November on behalf of Sakai, Moodle, and ATutor, three open source educational software projects. The Patent Office found that prior art cited in SFLC's request raises "a substantial new question of patentability" regarding all 44 claims of Blackboard's patent."
Patent office grants PUBPAT requests to reexamine EpicRealm PatentsThe Public Patent Foundation has announced a grant from the US patent office to reexamine the EpicRealm dynamic web site patents. "In its filings, PUBPAT had submitted prior art that the Patent Office was not aware of when reviewing the applications that led to the two patents and described in detail how the prior art invalidates the patents. The Patent Office found that PUBPAT's filings indeed raised "substantial questions" regarding the validity of the EpicRealm patents."
Mobile Leaders Around the World Launch LiMo FoundationThe LiMo Foundation has been launched. "To support their goal of creating the world's first globally competitive, Linux-based software platform for mobile devices, Motorola, NEC, NTT DoCoMo, Panasonic Mobile Communications, Samsung Electronics, and Vodafone announced today the official launch of the LiMo Foundation. A not-for-profit organization, the LiMo Foundation is aimed at blending the community-based development benefits of transparency, innovation and scalability with the best development practices from the mobile community to create an innovative new business model."
FFII on proposed OpenXML adoptionThe FFII has sent out a release opposing the proposed fast-track adoption of Microsoft's OpenXML format as an ISO standard. "OpenXML relies on undisclosed patents, and undisclosed or incomplete licensing terms that make any independent reimplementation impossible or heavily risky. It obliges implementors to reverse-engineer the behavior of old closed Microsoft applications and formats. It uses non-standard formats for languages and dates, and specifies known bugs, such as treating 1900 as a leap year."
The Vista message: Upgrade to GNU/Linux now!The Free Software Foundation Europe recommends Linux over Microsoft Vista. ""Unfortunately, many of the articles and statements about problems with Microsoft Vista are not truly specific to Vista. Very similar problems exist in any proprietary software," says Georg Greve, FSFE's president. "Ever since the first FSF was founded in 1985, the Free Software Foundations have understood and worked against the threats that proprietary software poses to our society." He continues: "Because these dangers are more widely understood today we have seen an unprecedented move to Free Software by governments, users and companies alike in the past years. The more proprietary software makes use of its absolute control over the user, the more people are starting to look for alternatives.""
Commercial announcements Free utility keeps documents secure on flash drivesRuntime Revolution Ltd. has announced the AppSnapper Lite free version. "AppSnapper links documents to applications located on smart drives that include the U3 launcher. When a document is launched, AppSnapper intercepts the launch and automatically directs it to the appropriate application stored on the smart drive without interacting with applications stored on the host computer even if the same application is available there. With an AppSnapper "snap," users never launch an application on the host computer."
BitRock InstallBuilder 4.0 releasedBitRock Incorporated has announced BitRock InstallBuilder 4.0, which adds new support for Linux 64-bit platforms and RPM generation. "The development tool turns the application packaging, distribution and deployment process of multiplatform applications into a fast, easy and cost effective task for independent software vendors and custom application developers. The ability to generate RPMs from installer project files saves hours of development time and eliminates the need to maintain separate RPM and installer-building processes."
Coverity Names David Maxwell as Open Source StrategistCoverity, Inc. has announced the naming of David Maxwell as the company's open-source strategist. "Maxwell will manage the continuation and expansion of Coverity's Department of Homeland Security-sponsored open source scans, as well as other new partnerships with the open source community. As part of a three-year contract awarded by the US Department of Homeland Security Science and Technology Directorate under its "Vulnerability Discovery and Remediation Open Source Hardening Project," Coverity currently analyzes over 50 popular open source projects in an effort to better secure the software that powers critical national infrastructure."
Interact-TV announces MyTellyHD Media ServerInteract-TV Inc. has announced the availability of its Linux-based MyTellyHD Media Center. "Starting from $899, MyTellyHD delivers all the features and functionality consumers have come to expect from a media server including a subscription-free PVR, Video Library with save DVD capabilities as well as Music and Photo Libraries. MyTellyHD incorporates many new features that are critical to the expanding home theater market including 720p Component video output, Gigabit Ethernet, a high performance processor, and all new MPEG2 video encoding."
Mainsoft releases Grasshopper 2.0 technology previewMainsoft Corporation has announced the release of Grasshopper 2.0 Technology Preview 2. "Mainsoft Corporation, the leading cross-platform company, today announced the release of the Grasshopper 2.0 Technology Preview 2, a plug-in to the Microsoft(R) Visual Studio(R) development environment that enables C# developers to write ASP.NET 2.0 Web applications using C# 2.0 and generics and deploy them on Linux and other Java-enabled platforms. Community forums and technical articles that demonstrate how to port existing .NET 2.0 applications to Java are available free to developers who register at http://dev.mainsoft.com."
Novell announces open-source identity servicesNovell, Inc. has announced new services that integrate with Microsoft CardSpace and Liberty Alliance-Enabled products. "The Bandit(TM) and Eclipse Higgins Projects today announced the achievement of a key milestone in the development of open source identity services. Based on working code from the two projects and the larger community of open source developers, the teams have created a reference application that showcases open source identity services that are interoperable with Microsoft's Windows* CardSpace* identity management system and enable Liberty Alliance-based identity federation via Novell(R) Access Manager."
PSA Peugeot Citroen Chooses SUSENovell, Inc. has announced a contract with PSA Peugeot Citroen for the deployment of up to 20,000 desktop and 2,500 server systems. ""We found SUSE(R) Linux Enterprise Desktop to be well supported and extremely user friendly," said an IT representative for PSA Peugeot Citroen. "Novell's commitment to open source and close collaboration with leading hardware and application vendors to ensure the support of our IT requirements were key factors in our choice. In addition, SUSE Linux Enterprise Desktop integrates seamlessly in our Windows-based infrastructure.""
PIKA launches Asterisk enhancementsPika Technologies Inc. has announced a new version of PIKA Connect. "PIKA Technologies Inc., a designer and manufacturer of plug-in media processing hardware and software building blocks that provide network connectivity and superior echo cancellation, announced today the release of a new version of its PIKA Connect for Asterisk software package. Among the improvements and new features it contains, this release allows Asterisk users to take advantage of the DSP-quality software-based echo cancellation offered by PIKA's PrimeNet T1/E1 Gateway board and PIKA Connect for Asterisk software."
rPath gets $9.1M in FundingrPath has announced the receipt of (another) $9.1 million in venture funding. "The company plans to use this new capital to expand its market leading position as the provider of technology for creating and maintaining software appliances."
SugarCRM Available to Ubuntu UsersSugarCRM Inc has announced the the availability of SugarCRM customer relationship management software for the Ubuntu distribution. "Canonical Ltd, the commercial sponsor of Ubuntu, today announced the availability of Sugar Open Source for users of Ubuntu 6.06 LTS edition (Long Term Support). The simplified deployment process and ease-of-use of Ubuntu, combined with SugarCRM's feature-rich business processes, will enable companies to build better customer relationships at a lower cost."
Sun and Intel Announce partnershipSun Microsystems, Inc. has announced a partnership with Intel. "Sun Microsystems, Inc. and Intel Corporation today announced a broad strategic alliance centered on Intel's endorsement of the Solaris(TM) Operating System (OS) and Sun's commitment to deliver a comprehensive family of enterprise and telecommunications servers and workstations based on Intel(R) Xeon(R) processors. The scope of the agreement spans Solaris, Java(TM) and NetBeans(TM) software and Intel Xeon microprocessors, as well as other Intel and Sun enterprise-class technologies. The alliance also includes joint engineering, design and marketing efforts."
Zenoss releases new version of Zenoss CoreZenoss, Inc. has announced a new release of Zenoss Core. "Zenoss, Inc. today announced a new version of its open source Zenoss Core enterprise network and systems monitoring software that adds automatic configuration change tracking, automated remediation of IT infrastructure problems, and other features that are critical for effective IT management."
New Books Everyday Scripting with Ruby - New from the Pragmatic ProgrammersPragmatic Programmers has published the book Everyday Scripting with Ruby by Brian Marick.
Software Testing Foundations, 2nd Edition - New from Rocky NookRocky Nook has published the book Software Testing Foundations, 2nd Edition by Andreas Spillner, Tilo Linz, and Hans Schaefer.
Education and Certification LPIC-1 Linux certification training available online (Linux Watch)Linux Watch notes the online availability of LPIC-1 certification exams. "Want a job working in Linux? Then one of your first steps should be to get an LPIC-1 (Linux Professional Institute first level) certification. In the past, getting this entry-level certification could be easier said than done, since classes aren't available everywhere. Now, however, the SUNY (State University of New York) Linux Learning Collaborative, a partnership between Millard Fillmore College at the University at Buffalo and Just-in-Time Resources, is offering online Linux training leading to the LPIC-1."
LPI announces training partner in the NetherlandsThe Linux Professional Institute is partnering with AT Computing in the Netherlands for training and certification. ""We are proud to welcome AT Computing to our global network of LPI Approved Training Partners. Given AT Computing's stature and long history, their decision to promote LPI certification demonstrates the growing importance of our program to Linux professionalism in the Netherlands," said Jim Lacey, President and CEO of LPI."
Event Reports KDE PIM annual meeting coverage (KDE.News)KDE.News covers the KDE PIM annual meeting. "On Friday 14 January 2007, members of the KDE PIM developer group came together for the fifth year in a row in Osnabrück, Germany to review the state of the project. Important topics including Akonadi, KDE PIM maintenance and enterprise usage. A record number of attendees were welcomed into the Intevation office and made at home by Bernhard Reiter, Jan-Oliver Wagner and the rest of the team."
Calls for Presentations 2007 GCC Developers Summit CFPA call for papers has gone out for the 2007 GCC Developers Summit. The event takes place in Ottawa, Canada on July 18-20, 2007, submissions are due by February 5.
International PHP Conference CFPA call for papers has gone out for the International PHP Conference. "The International PHP Conference Spring Edition 2007 will take place in Stuttgart from 21 23 May 2007, in parallel to the brand new S&S Media conference webinale07 on Web technologies and Web 2.0." Submissions are due by February 2.
Rapid Application Development with Dynamically Typed Languages CFPA call for papers has gone out for the publication IEEE Software Special Issue on Rapid Application Development with Dynamically Typed Languages, submissions are due by February 15. "Dynamically typed programming languages were once seen as slow, unreliable, and suitable only for small throw-away tasks. However, their ability to aid rapid systems development and to facilitate the pervasive, mobile, and frequently updated systems that are increasingly in demand in the modern world has led to their stock rising considerably."
Upcoming Events TimeSys Sponsors Open Source SummitTimeSys has announced their sponsorship of the TiE Open Source Summit. "The event will bring together entrepreneurial leaders to discuss the strategic importance of the open source movement on the entire software marketplace. Co-sponsoring the event with TimeSys are IBM, Information Week and thoughtform design. The Open Source Summit will be held Thursday February 15, 2007 from 6-9pm at the Lexus Club at PNC Park in Pittsburgh. The event will include a Keynote address and panel discussion from open source industry experts."
Events: February 8, 2007 to April 9, 2007The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it.
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[KDE]](/images/ns/kdebar.png){kind=small}