LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for June 21, 2007The Linux Foundation collaboration summitThe first Linux Foundation Collaboration Summit was held June 13 to 16 on Google's campus in Mountain View, California. This event could be thought of as the coming-out party for the Linux Foundation, the organization which resulted from the merger of the Open Source Development Labs and the Free Standards Group. Your editor was able to join this group, moderate a panel of kernel developers, and present his "kernel report" talk to an interested subset of attendees. This event has been well covered by many others, so your editor will focus on his particular impressions. Some other reports worth reading include:
Your editor has been to a lot of Linux-oriented events over the years. The collaboration summit was nearly unique, however, in the variety of people who attended. It was certainly not a developer's conference, but quite a few free software developers were to be found there. It is not a business conference along the lines of OSBC, but plenty of executive-type business people were in the room. Throw in a certain amount of media (on the first day), a handful of lawyers, high-profile users from Fortune 500 companies, and some PR people and you get a cross-section of the Linux ecosystem from developers of low-level code through to the people trying to make that code work in serious business settings. It is rare that people from the wider community get together and talk in this sort of setting. The stated purpose of the event was to promote collaboration across this wider community. The first step toward collaboration is understanding; the summit was almost certainly successful in helping members of the community understand each other better. For example, the kernel panel was a useful exercise in communicating the developers' thoughts to their user community. But a comment your editor heard more than once was that the most interesting part of the panel was just seeing how those developers interact with each other. Users, vendors, lawyers, and more were all able to discuss the ups and downs of Linux from their point of view. The bottom line is that things are going great, but they could be made to go quite a bit better yet. Ubuntu founder Mark Shuttleworth was the keynote speaker for the first day of the summit. His talk covered a number of topics, but the core point, perhaps, was this: while we have many tools which promote collaboration within projects, we lack tools to help with collaboration between projects. Wouldn't it be nice to have one distributed bug tracking system and a comprehensive, distributed source management system? Maybe the kernel developers and the enterprise distribution vendors could get together and designate an occasional kernel development cycle as being targeted toward enterprise release - and, thus, put together with a larger emphasis on stability. In general, there is a great deal of friction within the system; removing that friction will be an important part of our future success. Some themes were heard many times. There is a lot of interest in GPLv3 and the impact it will have on the industry. The message from the summit was that little will happen in a hurry, and that the best thing to do is to sit and watch. Everybody wants better power management and better device driver coverage. There is real stress between the enterprise customers' desires for stability, security fixes, and new features. Freedom matters: it is fun to hear a manager from Motorola talk about how using Linux makes it possible for the company to create interesting new products that couldn't have been done on "somebody else's stack." And, some press headlines notwithstanding, large proprietary software vendors were absent from the room - both physically and from the discussions which were held. This was not a meeting intended to design a "counterattack"; it was a way for the larger free software community to promote cooperation and understanding within itself. Finally, the summit was clearly intended to help the Linux Foundation figure out what role it should really be playing. This organization is still relatively new; it has a short period of time to prove that it will be worth the fees that its members pay into it. The Foundation is settling into three basic roles: promoting the development of Linux, protecting Linux from threats, and working to standardize the platform. There appeared to be wide agreement that, by organizing events like this summit, the Foundation is off to a good start.
Test driving Firefox 3The Firefox 3.0 (FF3) development team has been busy, releasing a steady stream of alphas over the last six months, in preparation for a final release late this year. The latest release is Alpha 5, which seems like a good time to check in on the project and see what changes have been made. The project, codenamed Gran Paradiso, maintains an extensive set of documents on its planning center wiki. These documents are worth a look for anyone interested in what features are planned, but also provide insight into the planning process itself.
Much of the new functionality is under the covers in the Gecko 1.9 rendering engine. A specific goal of the engine development team was to pass the Acid2 browser test and they have succeeded in doing that. Switching the engine to use the Cairo 2D graphics library will provide support for SVG, PostScript, PDF and other formats. Performance enhancements and a more native look, especially for the Mac, are also on tap for FF3. The biggest new feature for users has not yet appeared in the browser. Places is a feature meant to unify bookmarks, history and RSS feeds, while providing a means to tag them to help organize them. In order to do that, FF3 is storing the Places information in an SQLite database. This database will also be available to Firefox Add-ons which can then offer other ways to view and organize them. Using SQLite for bookmarks has been enabled for Alpha 5, with numerous warnings about making a backup of your bookmarks file before running it. Tagging, history and RSS feeds are still awaiting a UI before their storage in the SQLite database is enabled.
Security is another area where the developers are putting in significant effort. Providing users with feedback, about the security of a site, without overwhelming them with warnings and popups, is a difficult problem, but some interesting ideas are emerging. With fairly simple UI changes, user confusion can be reduced. Modifying the location bar to remove the "favicon" (which some malicious sites set to the lock icon) and to highlight just the domain portion of the URL can go a long way towards helping users determine what sites they are visiting. Mozilla is also working with Google to generate a list of sites delivering malicious content and FF3 will block access to those sites. One worrisome development is the removal of the "same domain" restriction on XMLHttpRequest (XHR) calls. XHR is the workhorse of the AJAX style of browser interaction and web designers have long chafed under the restriction that JavaScript could only "call home". The World Wide Web Consortium (W3C) has some proposals on lifting that restriction by using "access control" lists and the FF3 team plans to implement them. The current restrictions have served us well, at least from a security perspective; hopefully this change has been well thought out. Another big addition, still in the "coming soon" category, is the addition of more offline capabilities to the browser. Being able to run web applications when not connected to the internet is one of the main goals. In order to do that, the history of pages will have to include the state of the Document Object Model (DOM) and the execution state of JavaScript embedded in the page. With a big enough browser cache, this would allow enough context to re-browse pages from weeks ago, even when offline. Overall, FF3 looks like an exciting release with a wide variety of new features. The current alpha does not really provide even an approximation of the full feature set, but it is still worth a look. At roughly the halfway point in FF3 development, great strides have been made with more to come.
Long-term support and backport riskOne of the main selling points touted by many Linux-oriented vendors is stability. Once a customer buys a subscription for an "enterprise" Linux or embedded systems product, the vendor will fix bugs in the software but otherwise keep it stable. The value for customers is that they can put these supported distributions into important parts of their operations (or products) secure in the knowledge that their supplier will provide updates which keep the system bug-free and secure without breaking things. This business model predates Linux by many years, but, as the success of certain companies shows, there is still demand for this sort of service.So it is interesting that, at the recently-concluded Linux Foundation Collaboration Summit, numerous people were heard expressing concerns about this model. Grumbles were voiced in the official panels and over beer in the evening; they came from representatives of the relevant vendors, their customers, and from not-so-innocent bystanders. The "freeze and support" model has its merits, but there appears to be a growing group of people who are wondering if it is the best way to support a fast-moving system like Linux. The problem is that there is a great deal of stress between the "completely stable" ideal and the desire for new features and hardware support. That leads to the distribution of some interesting kernels. Consider, for example, Red Hat Enterprise Linux 4, which was released in February, 2005, with a stabilized 2.6.9 kernel. RHEL4 systems are still running a 2.6.9 kernel, but it has seen a few changes:
The end result is that, while running uname -r on a RHEL4 system will yield "2.6.9", what Red Hat is shipping is a far cry from the original 2.6.9 kernel, and, more to the point, it is far removed from the kernel shipped with RHEL4 when it first became available. This enterprise kernel is not quite as stable as one might have thought. Greg Kroah-Hartman recently posted an article on this topic which makes it clear that Red Hat is not alone in backporting features into its stable kernels:
An example of how this works can be seen in the latest Novell
SLES10 Service Pack 1 release. Originally the SLES10 kernel was
based on the 2.6.16 kernel release with a number of bugfixes added
to it. At the time of the Service Pack 1 release, it was still
based on the 2.6.16 kernel version, but the SCSI core, libata core,
and all SATA drivers were backported from the 2.6.20 kernel.org
kernel release to be included in this 2.6.16 based kernel
package. This changed a number of ABI issues for any external SCSI
or storage driver that they would need to be aware of when
producing an updated version of their driver for the Service Pack 1
release.
Similar things have been known to happen in the embedded world. In every case, the distributors are responding to two conflicting wishes expressed by their customers: those customers want stability, but they also want useful new features and support for new hardware. This conflict forces distributors to walk a fine line, carefully backporting just enough new stuff to keep their customers happy without breaking things. The word from the summit is that this balancing act does not always work. There were stories of production systems falling over after updates were applied - to the point that some high-end users are starting to reconsider their use of Linux in some situations. It is hard to see how this problem can be fixed: the backporting of code is an inherently risky operation. No matter how well the backported code has been tested, it has not been tested in the older environment into which it has been transplanted. This code may depend on other, seemingly unrelated fixes which were merged at other times; all of those fixes must be picked up to do the backport properly. It is also not the same code which is found in current kernels; distributor-private changes will have to be made to get the backported code to work with the older kernel. Backporting code can only serve to destabilize it, often in obscure ways which do not come to light until some important customer attempts to put it into production. All of this argues against the backporting of code into the stabilized kernels used in long-term-support distributions. But customer demand for features, and (especially) hardware support will not go away. In fact, it is likely to get worse. Quoting Greg again:
For machines that must work with new hardware all the time (laptops
and some desktops), the 12-18 month cycle before adding new device
support makes them pretty much impossible to use at
times. (i.e. people want you to support the latest toy they just
bought from the store.) This makes things like "enterprise" kernels
that are directed toward desktops quite uncomfortable to use after
even a single year has passed.
So, if one goes on the assumption that the Plan For World Domination includes moving Linux out of the server room onto a wider variety of systems, the pressure for additional hardware support in "stabilized" kernels can only grow. What is to be done? Greg offers three approaches, the first two of which are business as usual and the elimination of backports. The disadvantages of the first option should have been made clear by now; going to a "bug fixes only" mode has its appeal, but the resulting kernels will look old and obsolete in a very short time. Greg's third option is one which your editor heard advocated by several people at the Collaboration summit: the long-term-support distributions would simply move to a current kernel every time they do a major update. Such a change would have obvious advantages: all of the new features and new drivers would come automatically, with no need for backporting. Distributors could focus more on stabilizing the mainline, knowing that those fixes would get to their customers quickly. Many more bug fixes would get into kernel updates in general; no distributor can possibly hope to backport even a significant percentage of the fixes which get into the mainline. The attempt to graft an old support model better suited to proprietary systems would end, and long-term support Linux customers would get something that looks more like Linux. Of course, there may be some disadvantages as well. Dave Jones has expressed some discomfort with this idea:
The big problem with this scenario is that it ignores the fact that
kernel.org kernels are on the whole significantly less stable these
days than they used to be. With the unified development/stable
model, we introduce a lot of half-baked untested code into the
trees, and this typically doesn't get stabilised until after a
distro rebases to that kernel for their next release, and uncovers
all the nasty problems with it whilst it's in beta. As well as
pulling 'all bugfixes and security updates', a rebase pulls in all
sorts of unknown new problems.
As Dave also notes, some mainline kernel releases are better than others; the current 2.6.21 kernel would probably not be welcomed in many stable environments. So any plan which involved upgrading to current kernels would have to give some thought to the problem of ensuring that those kernels are suitably stable. Some of the key ideas to achieve that goal may already be in place. There was talk at the summit of getting the long-term support vendors to coordinate their release schedules to be able to take advantage of an occasional extra-stable kernel release cycle. It has often been suggested that the kernel could go to an even/odd cycle model, where even-numbered releases are done with stability as the primary goal. Such a cycle could work well for distributors; an odd release could be used in beta distribution releases, with the idea of fixing the resulting bugs for the following even release. The final distribution release (or update) would then use the resulting stable kernel. There is opposition to the even/odd idea, but that could change if the benefits become clear enough. Both Greg and Dave consider the effects such a change would have on the providers of binary-only modules. Greg thinks that staying closer to the upstream would make life easier by reducing the number of kernel variants that these vendors have to support. Dave, instead, thinks that binary-only modules would break more often, and "This kind of breakage in an update isn't acceptable for the people paying for those expensive support contracts." If the latter position proves true, it can be seen as an illustration of the costs imposed on the process by proprietary modules. Dave concludes with the thought that the status quo will not change anytime soon. Certainly distribution vendors would have to spend a lot of time thinking and talking with their customers before making such a fundamental change in how their products are maintained. But the pressures for change would appear to be strong, and customers may well conclude that they would be better off staying closer to the mainline. Linux and free software have forced many fundamental changes in how the industry operates; we may yet have a better solution to the long-term support problem as well.
Security Red Hat and IBM get certifiedRed Hat and IBM recently announced that Red Hat Enterprise Linux 5 (RHEL5) has earned the highest level of security certification achievable by commercial off-the-shelf operating systems. The certification is applicable when RHEL5 is running on IBM hardware, but all of the software is freely available, which may reduce the worries of customers regardless of which hardware they are considering running Linux on. The Fedora and CentOS distributions will immediately benefit, because they use the same software and SELinux policies, but other distributions can use the information as well. The certification that RHEL5 achieved comes from one of the most acronym-dense regions of the internet, which is, perhaps, unsurprising for a partnership between industry and the US government. Here is how the press release puts it:
[RHEL5] has been approved by the National Information Assurance Partnership for
Common Criteria Evaluation & Validation Scheme [NIAP-CCEVS] at Evaluation Assurance Level 4 (EAL4+) for Labeled Security Protection Profile (LSPP), Controlled Access Protection Profile (CAPP), and Role-Based Access Control Protection Profile (RBAC).
The NIAP is overseen by the US National Security Agency (NSA) and exists to create and administer certification programs like CCEVS. The various protection profiles list the security requirements that need to be met to be certified. CAPP is concerned mostly with standard UNIX-style users and permissions, with some audit requirements thrown in. LSPP and RBAC are concerned with the security capabilities provided by SELinux along with auditing requirements. The profiles document the behavior that is expected while the testing verifies that the system does indeed behave that way. These kinds of certifications are nice, in a checkbox kind of way. There are many organizations that cannot or will not buy products that are not certified for a particular level and protection profile. Windows Server has been certified at EAL4, so filling in this checkbox for Linux may well remove a barrier to Linux adoption in some places. Obtaining certification at this level is great deal of work; Red Hat and IBM are to be commended for spending the time and money to get to this point. That being said, what does an EAL4+ mean for the security of servers that run RHEL5? As we said in late 2003, when (pre-Novell) SuSE teamed up with IBM to get an EAL2+ certification, the answer is, unfortunately, not much. It would seem that EAL4+ is a big step up from EAL2+, which it is, but not in the kinds of protections it provides. The EAL level is completely driven by how much testing and documentation go into the certification; how much "assurance" there is that the profile is met. The same profile (CAPP) was used in both. In addition, the protection profiles are limited to:
a level of protection, which is appropriate for an assumed non-hostile and well-managed user community requiring protection against threats of inadvertent or casual attempts to breach the system security. The profile is not intended to be applicable to circumstances in which protection is required against determined attempts by hostile and well-funded attackers to breach system security.
This puts most, if not all, interesting security threats outside of the scope of the testing. Adding two additional protection profiles, as was done this time, is certainly significant, but they still operate under the "no hostiles" caveat. Kernel hacker James Morris comments on the certification:
A lot of people thought it would be outright impossible to get an open source OS certified at this level. Not only were they wrong, but we've done it in a way which makes it part of the mainline kernel, upstream userland, and integrated into standard distributions. It is not some out-dated, incompatible and outrageously expensive fork of the OS, as has historically been the case with trusted OSes. "Military-strength" security is just now just another feature you get as standard in Linux, and it receives the same testing and community benefits as the rest of the OS.
Evidently, "military strength" security is only able to resist its own users making mistakes rather than a concerted effort by an enemy, but this is still a marvelous accomplishment. Perhaps the most unfortunate part of this certification process is that it is likely to vastly underestimate the abilities of an SELinux equipped system. It would be very interesting to see what kind of protection profile could actually be accommodated by RHEL5; it is likely to be much stronger than any we have seen from CCEVS. But, given that customers are typically interested in the checkbox much more than security, we will probably never know.
New vulnerabilities apache2: information disclosure
evolution-data-server: malicious server arbitrary code execution
gd: denial of service
iscsi-initiator-utils: denial of service
libexif: integer overflow
libphp-phpmailer: command execution
mplayer: buffer overflow
phpPgAdmin: cross-site scripting
phprojekt: multiple vulnerabilities
Updated vulnerabilities acroread: multiple vulnerabilities
apache: cross-site scripting
Asterisk: two SIP denial of service vulnerabilities
bugzilla: multiple vulnerabilities
clamav: denial of service
cpio: arbitrary code execution
vixie-cron: privilege escalation
cscope: buffer overflows
cscope: buffer overflows
cups: denial of service
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
dovecot: directory traversal
elinks: code execution
elinks: arbitrary file access
evolution: format string error
pop mail man-in-the-middle attacks
fail2ban: denial of service
file: integer overflow
firefox: multiple vulnerabilities
freetype: arbitrary code execution
freetype: integer overflows
gcc: file overwrite vulnerability
gd: buffer overflow
gedit: format string vulnerability
grip: buffer overflow
gzip: multiple vulnerabilities
horde-kronolith: local file inclusion
ImageMagick: integer overflows
imlib2: arbitrary code execution
ipsec-tools: denial of service
jasper: denial of service
java: multiple vulnerabilities
kdebase: information leak
kdelibs: kate backup file permission leak
kdelibs: cross-site scripting
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
kernel: denial of service
kernel: denial of service
kernel: denial of service
kernel: denial of service by memory consumption
kernel: denial of service
kernel: several vulnerabilities
kernel: several vulnerabilities
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
krb5: uninitialized pointers
krb5: local privilege escalation
krb5: multiple vulnerabilities
ktorrent: incorrect validation
lftp: shell command execution
libexif: integer overflow
libgadu: memory alignment bug
libgtop2: buffer overflow
libmodplug: boundary errors
libpng: denial of service
libpng: buffer overflow
libpng: heap based buffer overflow
libtiff: buffer overflow
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lookup-el: insecure temporary file
lynx: arbitrary command execution
madwifi-ng: multiple vulnerabilities
mecab: buffer overflow
mod_jk: proxy bypass
mod_perl: denial of service
moin: arbitrary JavaScript execution
mplayer: buffer overflow
mydns: buffer overflows
mysql: denial of service
mysql: format string bug
MySQL: privilege violations
MySQL: logging bypass
nbd: arbitrary code execution
ncompress: buffer underflow
OpenOffice.org: arbitrary code execution
OpenSSH: denial of service
openssh: remote denial of service
pam: privilege escalation
php: multiple vulnerabilities
php: several vulnerabilities
php: multiple vulnerabilities
php: buffer overflows
php: several vulnerabilities
phpbb2: missing input sanitizing
phpbb2: multiple vulnerabilities
phpwiki: remote code execution
postgresql: privilege escalation
pptpd: denial of service
pulseaudio: denial of service
python: information disclosure
qemu: multiple vulnerabilities
qt: "/../" injection
quagga: denial of service
quake: buffer overflow
rpm: arbitrary code execution
Mozilla: multiple vulnerabilities
slocate: information disclosure
snort: remote arbitrary code execution
spamassassin: local denial of service
squirrelmail: missing input sanitizing
Sun JDK/JRE: multiple vulnerabilities
tcpdump: denial of service
tetex: buffer overflow
tomcat: directory traversal
util-linux: access restriction bypass
vixie-cron: weak permissions may cause errors
wordpress: another pile of vulnerabilities
wordpress: SQL injection
XFree86 X.org: integer overflows
xine: format string vulnerabilities
xine-lib: arbitrary code execution
xine-lib: buffer overflow
xinit: race condition
xmms: BMP handling vulnerability
xscreensaver: password check bypass
zziplib: buffer overflow
Page editor: Jake Edge Kernel development Brief items Kernel release statusThe current 2.6 prepatch is 2.6.22-rc5, released by Linus on June 16. It contains a long list of fixes - enough that Linus complains a bit about the amount of stuff which is still going in this late in the cycle. See the long-format changelog for the details.A very small number of patches have gone into the mainline git repository since -rc5 was released. There have been no -mm releases over the last week, and no releases of older kernel trees. Evidently everybody has been too busy "discussing" GPLv3.
Kernel development news Quotes of the week
So, I've had enough. I'm out of here forever. I want to leave
before I get so disgruntled that I end up using windows. I may play
occasionally with userspace code but for me the kernel is a black
hole that I don't want to enter the event horizon of again.
-- Con
Kolivas
The moral of the story is that currently it just doesn't pay off to
do code reviews. From personal POV it pays much more to wait until
buggy patch hits the mainline and then fix the issues yourself (at
least you will get some credit). To change this we should put more
emphasis on the importance of code reviews by "rewarding" people
investing their time into reviews and "rewarding"
developers/maintainers taking reviews seriously.
-- Bartlomiej Zolnierkiewicz
More quotes of the week - scenes from a flame warAs it turns out, there is very little from the recent, 1000-message GPLv3 flame war that justified the expenditure of so many bits. For those who haven't gotten around to reading the whole thing, here's a few selections.
I think that the Open Source community (and the FSF too) is much
better off *not* concentrating so much on "legal rules" of what can
and cannot be done, and instead spend much more effort on showing
people why the whole "Open Source" thing actually works.
And in fact, I think that's _exactly_ what Linux has been doing for the
last decade!
-- Linus Torvalds
But if by the question you mean "would you think the GPLv3 is fine
without the new language in section 6 about the 'consumer
devices'", then the answer is that yes, I think that the current
GPLv3 draft looks fine apart from that.
-- Linus Torvalds
I don't see how you can claim that the vendor is infringing on your
freedom, _you_ made the decision to go out and buy the product
knowing that the vendor wasn't going to go out of their way to help
you hack the device. In many cases the vendor doesn't even have the
option (802.11b channels and certification come to mind, GSM, etc.)
of opening things up to the end user, and making changes to the
license isn't going to magically change any of this.
-- Paul Mundt
I see a lot more prohibitions than freedoms in what TiVo does. I
don't understand why you'd stand up for it. Is it more important
that a single company be allowed to impose prohibitions on others
in order for its business model to work, than to maintain the
spirit of hacking and sharing that enabled Free Software and Linux
to flourish? Do you expect Linux would have flourished if
computers had locks that stopped people from modifying Linux in
them?
-- Alexandre Oliva
So instead of thinking of Tivo as something "evil", I think of Tivo
as the working bee who will never pass on its genes, but it
actually ended up helping the people who *do* pass on their genes:
the kernel (to a small degree - not so much because of the patches
themselves, as the *mindshare* in the PVR space) and projects like
MythTV (again, not so much because of any patches, but because it
helped grow peoples understanding of the problem space!).
-- Linus Torvalds
I believe RMS should accept the fact that most of that code was
written without people having bought into his ideology, and he
should accept _responsibility_ for the power he has acquired by
genius or by accident (your choice) and he should try to
_understand_ how those people tick - instead of trying to further
his own personal agenda.
-- Ingo Molnar
I beg to differ. By adopting _his_ license you adopted his view. If
you don't like that then choose a different license (which
obviously you are free to do).
-- Michael Gerdau
The GPLv2 does not state that you have to become a slave of rms and
follow him in all things, and agree with him. Really. You must have
read some other (perhaps unreleased early draft?) version.
-- Linus Torvalds
What the fsck it is, linux-kernel or bleeding Council of Nikea?
-- Al Viro
btrfs and NILFSAlmost exactly one year ago, as the developers were discussing changes to the venerable ext3 filesystem, Andrew Morton was heard to say:
All that being said, Linux's filesystems are looking increasingly
crufty and we are getting to the time where we would benefit from a
greenfield start-a-new-one. That new one might even be based on
reiser4 - has anyone looked? It's been sitting around for a couple
of years.
Reiser4 looks like it may continue to sit around for a while yet. But that does not mean that there is no interest in the creation of interesting new filesystems. LogFS was discussed here in May, but it's not the only newcomer in the filesystem arena. The most interesting new contender, perhaps, is btrfs, which was announced by Chris Mason on June 12. It is an entirely new filesystem intended for standard rotating storage with a number of interesting features. These include:
Fast filesystem checking is also an important design goal for btrfs. The data and metadata are laid out in a way that allows the offline filesystem checker to read the disk in a nearly sequential manner. That should speed the process considerably; filesystem checking usually involves vast numbers of seek operations. Online filesystem checking is also in the plans, though it has not been implemented yet; once it is working, this feature could eliminate the need for separate, mount-time filesystem checks entirely. This filesystem is in a very early state - not recommended for data which one might actually want to keep. There's not been a whole lot of benchmarking done, and, presumably, a lot of optimization work still to happen. For example, the entire filesystem is currently protected by a single mutex, a solution which is unlikely to perform well on those leading-edge 4096-processor systems. Little details - like not oopsing when the filesystem runs out of space, direct I/O, writing via mmap(), extended attributes, asynchronous I/O, and more - have yet to be taken care of. But btrfs has garnered a considerable amount of interest; if it lives up to its initial promise we could find ourselves using btrfs-based systems in the future. (For more information, see the btrfs project page). Another recently-announced filesystem is NILFS, which is now at version 2.0. NILFS is a log-structured filesystem, in that the storage medium is treated like a circular buffer and new blocks are always written to the end. These filesystems tend to do very well on benchmarks which measure write performance, since all writes go to a contiguous set of blocks; read performance is not always quite as good. Log-structured filesystems are often used for flash media since they will naturally perform wear-leveling; it would appear, however, that NILFS is not aimed at flash devices. Instead, NILFS emphasizes snapshots. The log-structured approach is a specific form of copy-on-write behavior, so it naturally lends itself to the creation of filesystem snapshots. The NILFS developers talk about the creation of "continuous snapshots" which can be used to recover from user-initiated filesystem problems - those of the "rm -r" variety. NILFS claims scalability through 64-bit data structures, but, interestingly, support for the x86_64 architecture remains on the "TODO list." The filesystem does not yet have support for extents. More information on NILFS can be found on nilfs.org.
Getting the message from the kernelAs a general rule, Linux users would rather not hear from their kernel. If all is well, devices are working, applications are running, and the kernel just quietly makes it all happen. When things go wrong, however, it may become necessary to dig through the messages that the kernel puts out. These messages sometimes make sense to the developers who created them, but they are not always clear to the rest of the world. Neal Stephenson, in his In the Beginning was the Command Line, describes Linux kernel messages as having "the semi-inscrutable menace of graffiti tags." For a kernel developer, often as not, the main value of a kernel message is to pinpoint the location of the complaining code - from which the real problem can be determined.Non-developers have a harder time using kernel messages in that way, though, and people who are not native English speakers are at even more of a disadvantage. So it is not surprising that the topic of fixing up kernel messages has popped up occasionally. It's back, possibly in a more serious form this time around. People who would reform kernel messages generally have two goals in mind:
The problem, of course, is that attaching identifiers to messages is a significant job. There are tens of thousands of printk() calls in the kernel; each of them would need to have an identifier assigned and the code changed. New messages are added - in large numbers - with every kernel release; it's easy to imagine that the overhead of putting identifiers onto all of those messages would irritate developers in a hurry. For these reasons, Linus has, in the past, rejected schemes aimed at improving kernel messaging. The idea has come back anyway. A new approach has been proposed by users in Japan who are having trouble supporting Linux as well as they would like. In this scheme, every kernel message would be assigned a component name and a message number. The component would be a per-file define:
#define KMSG_COMPONENT "railgun"
Then printk calls would be modified to include the message number:
printk(KMSG_ERR(100) "Rail gun fired accidentally - sorry\n")
The end result would be a message prepended with the string "railgun.100:", enabling the message to be translated or looked up in a manual. To help ensure that there is a manual, the proposal requires kerneldoc-style documentation of messages within the source; something like:
/**
* message
* @100:
*
* Description:
* The rail gun fired accidentally in the absence of a specific
* user request.
*
* User Response:
* Operator should be sure to stand to the side.
*/
The kerneldoc scripts would be upgraded to collect all of these message descriptions and turn them into a printable manual. Another tool would check source files and complain about messages which lack accompanying descriptions. Schemes like this have been greeted with complaints in the past, and the same happened this time around. The overhead of documenting messages in this way is more than many developers want to take on; David Miller expressed this feeling well:
I think my general response to something like this, if it goes in,
would be to stop emitting useful kernel log messages in the code I
write because having to document it too on top of that is just too
much extra work to be worthwhile.
Keeping the message descriptions current would also be a challenge - code is often changed without updating the neighboring comments; there is no reason to believe that message descriptions would get a higher level of attention. Andrew Morton has come back with a counter proposal designed for easier developer acceptance. His scheme would add a new form of printk() which would take a message ID in some as-yet-undetermined format. That ID would be output with the message, but everything else - translations, descriptions, condolences, etc. - would be kept in a database outside of the kernel. The key point is that developers would not be expected to do much of anything with this database - or even with their kernel messages. Instead, there would be a "kernel messages team" charged with maintaining this information. Occasionally somebody from that team would look over new code, add message IDs where needed, and send a patch to the maintainer. Unless they were personally interested in helping, developers would not have to worry about the new mechanism at all. There are a few gaps in this proposal; how the kernel message team would be funded (or otherwise motivated) is one of them. But it may be sufficiently low-impact to be accepted by the rest of the development community. Someday soon, Linux users, too, may have to make room on their shelves for a hefty messages manual.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Access Control - What is it good for?There is a recent discussion on the Fedora-maintainers list calling for an end to the ACL (access control list). A pkg.acl file may exist for every Fedora package, and it lists the maintainer and co-maintainer and possibly others that are authorized to fix, rebuild and upload that package. This file exists by default, but may be modified or removed by the package maintainer.Here in the northern hemisphere it's summer, a time for vacations, a time when a package maintainer might not be around to maintain those packages. Sometimes you just don't want a package sitting around a week or two with a known (and fixed upstream) security issue. If a soname bump requires several packages to be rebuilt, it's better to have that happen sooner rather than later. Hence the call to remove all pkg.acl files to allow other Fedora maintainers access to all/most packages. The ACL is in place for security reasons, though. No one ever said, "Let's make it more difficult to get packages fixed when the maintainer is unresponsive." On the other hand, do you want some fairly inexperienced, casual maintainer messing with the kernel package? Even with the best of intentions, mistakes can really mess up the system for many users. Critical packages should have stricter restrictions, but for the vast majority of packages any Fedora maintainer should be able to deal with minor maintenance. A more important consideration may be security: if any Fedora maintainer can make changes to any package, vast amounts of damage might be done by a single compromised account. There are things that can be done to mitigate this risk, but it is a concern nonetheless. Some part of the issue is that there are an ever increasing number of Fedora maintainers, and not all of them know that ACLs are enabled by default. As a result of this thread wiki pages are being built which list critical packages, and document the default ACL behavior and how to change it. Also steps are being taken that would allow access to a select set of groups, such as FESCo (Fedora Engineering Steering Committee) and the Fedora Security team, to fix issues as necessary.
New Releases Novell Ships SUSE Linux Enterprise 10 Service Pack 1 and New Virtual Machine Driver PackNovell, Inc. has announced that the first service pack (SP1) for SUSE Linux Enterprise 10 is now available to customers worldwide. Novell also announced the commercial availability of the SUSE Linux Enterprise Virtual Machine Driver Pack, a bundle of paravirtualized network, bus and block device drivers that enable unmodified Windows* and Linux* guest operating systems to run with near native performance in virtual environments created with the Xen* hypervisor technology.
openSUSE 10.3 Alpha5 ReleasedopenSUSE 10.3 Alpha5 has been released. Some changes between Alpha4 and Alpha5 include Linux 2.6.22 rc4, reduced size and cleaned up dependencies of some packages, glibc 2.6, Emacs 22.1 and OpenOffice.Org 2.2.1 rc3. Click below for more information.
Slackware 12.0 Release Candidate 1The Slackware-current changelog entry for June 14 announces that the first release candidate for Slackware 12.0 is available. "It's that time again, and here we have Slackware 12.0 release candidate 1! :-) If we're lucky, we got it all right the first time. Big thanks to the crew."
Terra Soft Unifies Power Ecosystem with YDL v5.0.2Terra Soft has announced the release of Yellow Dog Linux v5.0.2, a single Install DVD with support for the Apple G4 and G5 computers, Sony PS3, and IBM 'System p' servers, including the JS20/21, OpenPower, and current POWER5 systems.
Distribution News RHEL certified at EAL4+James Morris notes that Red Hat Enterprise Linux has been certified at the EAL4+ security level - at least when properly configured on certain IBM server systems. "A lot of people thought it would be outright impossible to get an open source OS certified at this level. Not only were they wrong, but we've done it in a way which makes it part of the mainline kernel, upstream userland, and integrated into standard distributions. It is not some out-dated, incompatible and outrageously expensive fork of the OS, as has historically been the case with trusted OSes. 'Military-strength' security is just now just another feature you get as standard in Linux, and it receives the same testing and community benefits as the rest of the OS."
Shuttleworth: no negotiations with Microsoft in progressUbuntu founder Mark Shuttleworth has posted a message stating the Ubuntu is not discussing patent deals with Microsoft. "Allegations of 'infringement of unspecified patents' carry no weight whatsoever. We dont think they have any legal merit, and they are no incentive for us to work with Microsoft on any of the wonderful things we could do together. A promise by Microsoft not to sue for infringement of unspecified patents has no value at all and is not worth paying for. It does not protect users from the real risk of a patent suit from a pure-IP-holder (Microsoft itself is regularly found to violate such patents and regularly settles such suits). People who pay protection money for that promise are likely living in a false sense of security."
Debian Release Team MeetingThe Debian release team met in Juelich recently to discuss the Etch release cycle and kick-off the Lenny cycle. Click below for an overview of the meeting and a tentative schedule for the Lenny release.
Debbugs Feature Enhancements and ArchivingThere have been some feature enhancements to the Debian Bug Tracking System (BTS). "The first and most visible are the version graphs which are present to the right of all bugs with versioning information. Hopefully these will help resolve some of the queries about why the BTS feels that a particular bug applies to a particular suite."
Fedora-Devel-Announce is Now OpenThe Fedora-Devel-Announce list is now available. "The goal of this list is to make it easy for Fedora contributors to follow changes in that may be pertinent to developers within the Fedora Project. This is intended to be a LOW TRAFFIC announce-only list of development topics, so we hope subscribers wont feel the need to filter it away from their Inbox."
Fedora Board Recap 2007-JUN-12A recap of the June 12, 2007 meeting of the Fedora Board is available. There was a discussion of secondary arches, FUDCon F8, Fedora Advisory Board Membership, and more.
Magazine Fedora 7Linux Identity Magazine will be releasing an edition devoted to Fedora 7. The hardcopy magazine will be available in France and comes with 2 bootable DVDs attached to the magazine: for 32 bit and 64 bit systems.
Novell Announces Real-Time Linux Enhancements and PartnershipsNovell has announced new enhancements to SUSE Linux Enterprise Real Time and unveiled new partnerships that expand the ecosystem around Novell's low latency Linux solution.
Results of survey on use of proprietary software in openSUSEThe results are available for a survey about the use of proprietary software in openSUSE. "It shows that we ship on the media some software which is hardly used (e.g. PlanMaker, SEPsesam etc.). Software which is hardly used we don't neet to ship on our media. Therfor my suggestion is to drop some software totally and offer some software only via ftp. To be discussed on opensuse-project."
Ubuntu "gutsy" features announcedUbuntu has released a list of the planned features for the upcoming Ubuntu 7.10 ("gutsy gibbon") release. "Ubuntu 7.10 will ship with the latest edition of the GNOME desktop, 2.20, released a few weeks before our own release. Kubuntu 7.10 will ship with KDE 3.5.7, and should also include packages of KDE 4.0 rc 2 available for optional side-by-side installation. We are aiming for Ubuntu to be one of the first distributions to ship the newly merged Compiz and Beryl projects (compcomm/OpenCompositing); and enable it as the default window manager on systems with a supported combination of hardware and drivers."
Ubuntu Derivatives mailing listThe Ubuntu Derivatives mailing list has been announced. This mailing list is the place for discussions about Ubuntu derivatives, to achieve collaboration across derivatives, discus problems and search for solutions together.
SUSE Linux 9.3 security support is now discontinued.SUSE Linux 9.3 is now officially discontinued and out of support. Click below for a wrap up of security issues during this product's lifetime.
Reminder - Fedora Core 5 EOL on 2007-06-29Fedora Core 5 will reach its End of Life on Friday June 29th. There will be no security or bug fixes after that date.
Distribution Newsletters Fedora Weekly News Issue 92The Fedora Weekly News for June 18, 2007 covers Fedora Core 5 EOL, Fedora-Devel-Announce is now open, Fedora Board Elections, Working on Fedora L10n, End of "I didn't know about that change!?!" for Fedora devel (?), Workaround for kernel panic on suspend/resume, Magazine Fedora 7 (France), Fedora 7 Xen First Look, Maximum PC reviews Fedora 7, and much more.
Ubuntu Weekly News: Issue #45The Ubuntu Weekly Newsletter for June 16, 2007 covers Mark Shuttleworth's debunking of a rumor of a possible Microsoft deal, Gutsy translation opening, an interview with Matthew East and much more.
DistroWatch Weekly, Issue 207The DistroWatch Weekly for June 18, 2007 is out. "The first release candidate of Slackware Linux 12.0, Linus Torvalds' entertaining exchange with Sun Microsystem's Jonathan Schwartz, and Linspire's promise of a "better Linux" through a partnership with Microsoft were the most interesting headlines of the past week. We comment on these and other events of the week. In other distro-related news, the Debian project announces a tentative release schedule for Debian "Lenny", Max Spevack talks about the upcoming Fedora 8, and, in an exclusive DistroWatch interview, Adam Williamson introduces a number of projects that will shape the future of Mandriva Linux. Finally, don't miss the list of changes and updates to the DistroWatch package list as used for tracking version numbers of important software applications."
Distribution meetings participate in DebConf7 from abroadLive video streams of DebConf7 (ends June 23, 2007) are available. The email (click below) also has information on the IRC channels where discussions are taking place and a link to the video archive.
Distribution reviews Alternative GUIs: GoblinX (TuxMachines)TuxMachines reviews GoblinX. "GoblinX is a live Linux distribution based on Slackware 11, written by a Brazilian developer who goes by the pseudonym Grobsch. (You can contact Grobsch on the GoblinX forum.) GoblinX differs from other live distributions in two main ways. First, it manages to pack five different window managers/GUIs into a 305 MB ISO image, and uses custom artwork for each of them that's quite unlike anything you've seen before."
Page editor: Rebecca Sobol Development Google Summer of Code Series, OpenMRSThis is the third in LWN's series of Google Summer of Code 2007 articles. The first two articles covered the program launch and Ubuntu's projects. As Google's students continue working on their Summer of Code (GSoC) projects for one of 137 open source mentoring organizations, the relationships between Google's staff, the organization's administrators and mentors, and the students themselves emerge as showpieces for the open source development model. The Open Medical Record System (OpenMRS) project is a particularly interesting case, as it is one of several organizations participating in the GSoC 2007 whose work has widespread consequences for the international medical community. Those signed on with OpenMRS must overcome both technical and social challenges this summer while working within a heavily academic and international developer community. Read on for the impressions and testaments of the GSoC program from every side of OpenMRS' GSoC involvement, including Google's. Google's open source team sponsors code development through the GSoC and other programs, occasionally overlapping with charitable causes in cases like that of OpenMRS. Another branch of the company, Google.org, is devoted to philanthropy in the areas of global development, public health, and climate change. Another division, Google Grants, doles out free AdWords space to non-profit organizations. A medical records system widely used in a variety of developing nations presents unique requirements for developers. In addition to typical usability and security expectations, the system must be absolutely reliable, fully multi-lingual, easily extensible, and, above all, extremely scalable. Its developers would like it to assist in the treatment of tens of millions of HIV/AIDS patients and if possible, much of the rest of the population in the developing world. OpenMRS has already been implemented in a handful of African countries and receives support from the World Health Organization, Center for Disease Control, and other medical and charitable entities as a significant tool in the global fight against HIV/AIDS. Their software provides an architecture for managing medical records that includes an advanced data storage model, programming API, and a set of web applications that includes OpenMRS' standard interface. Their very informative web demo is the best place to learn more about the system. OpenMRS is new to the GSoC in 2007. Burke Mamlin, one of OpenMRS' founding fathers, admits that they only began to discuss applying a week before the organization application due date. They wrote the application the weekend before the deadline. Google's Open Source Program Coordinator Leslie Hawthorn explains that, like most other organizations, an exhaustive ideas list describing potential student projects was what won OpenMRS admission to the program. The ten student slots awarded to OpenMRS make it the thirteenth (of 137) most active participant this year, a lofty ranking which Hawthorn discloses is due directly to the amount of student applications the organization received - a phenomenal 134. The OpenMRS development team was eager to pitch in as mentors. Developer Andreas Kollegger writes, "When the participation was announced, I immediately expressed interest in being a mentor. I think we all did (all the developers)." Mamlin adds that they were looking for projects that addressed short term goals which could be addressed in just one summer, but were not "simple bug fixes." Hawthorn writes of students' attraction to OpenMRS, "I think that the intersection of open source and social change was incredibly inspiring for students, as it is for projects like One Laptop Per Child. It's one thing to hack on something cool, but it's even better to hack on something cool that will have an immediate effect on those in need." OpenMRS mentors would seem to agree. Hamish Fraser, an OpenMRS founder and mentor for Desmond Elliott's digital image tools extension project, concurs that it is the "humanitarian aspect" of his organization which attracted participants. Perhaps it is to be expected that the students tell a slightly different story. None of the students surveyed seemed to have had any prior involvement with OpenMRS, most only learning about it through advertisements in the GSoC IRC channel or by browsing the list of accepted organizations. Though students seem to feel ingratiated by working for a project aiding developing nations, three explicitly credited the friendly welcoming they received from the OpenMRS team as securing their application. Michael Zwolinski, a student working with mentor Justin Miranda on the Open Data Access Adapter and RESTful Web Service Module project, describes his courting process with the organization, "I first heard about OpenMRS browsing through the list of accepted mentoring organizations, as OpenMRS is not the type of project I would have come across on my own. At first I passed it up, not thinking much of it. However, I heard it being advertised in the GSoC IRC chat room, and hung out in the OpenMRS IRC room a while. I sometimes left, thinking that it might not be the organization for me, but I kept coming back for some reason. At some point, my current mentor explained the project I am working on now to me, and that hooked me. I liked the general atmosphere of the group, and my project sounded interesting, so I applied. I was actually accepted by another organization as well, but OpenMRS had both a great group of people and a great cause behind it, so the choice for me was a no-brainer." Although not directly asked, two students offered that they would continue contributing to OpenMRS after the conclusion of the GSoC. OpenMRS's GSoC program organizers felt strongly about this sort of applicant dedication. Although Mamlin acknowledges using standard criteria for student selection (quality of application and experience), he also lists the student's "eagerness and interest in the project" and presence on their IRC channel as vital qualifications. Geoffrey Rekier's reporting framework integration project mentor Ben Wolfe identifies a potential roadblock for GSoC participants: "OpenMRS is lacking in technical documentation and commenting - both will hinder [Rekier's] (and other students') ability to discern what is going on where and why." Nonetheless, Wolfe attests that the program has been "smooth sailing" thus far. The knowledgeable and attentive mentors supplied by OpenMRS are surely serving to ease students into the codebase and developer community. Fraser offers the international nature of the organization as another hurdle for student acclimation: "It's a very fast moving project spread out over many countries so communication and coordination is a big deal." He comments that he would have liked more time allotted by Google for the student selection and integration process, particularly for his organization whose members are so frequently engaged in travel. Participation in the GSoC has invited changes in OpenMRS outside of those being made by student developers. Zach Elko, a student working on the cross-platform installer project, testifies that a very amicable community of student applicants has formed around OpenMRS. He indicates that even those not accepted to work with the organization during the GSoC still keep in contact with the other students. Elko himself is not participating in the GSoC, but is one of two students being sponsored as summer interns by Paul Biondich, another OpenMRS founder. A hundred-thousand dollar grant from the IDRC will sponsor an additional twenty or more students year-round, starting in the Fall. For better or worse, the OpenMRS team has found themselves forced to look beyond the GSoC for student interns. Biondich says of student internship programs: "Needless to say, we are convinced that this approach is central to our future development growth, as medical record systems are too complex to expect people to easily integrate into the community. We want to provide a richer collaborative substrate that allows people to get some assistance up front. Given the strong philanthropic drive of many within the open source community, we've realized that there's definitely interest, but a mentored internship provides the infrastructure to codify that good will." Kollegger chimes in, "Google's sponsorship was just the right nudge to get us thinking the obvious, 'maybe we could get some interns to help out with some of this.'... The GSoC opportunity was enough to convince other OpenMRS related organizations that the summer of code should be the beginning of a continuous program sponsoring internships." The project Kollegger is mentoring is another outside of the GSoC realm, Matthew Harrison's very salient data entry alternatives project. Kollegger explains, "OpenMRS has an unfortunate dependency on Microsoft Infopath for form design and deployment. It makes for a disjunct user experience and increases the cost of ownership. While it has been an obvious candidate for change, what was there worked so it was hard to justify putting development resources on it instead of filling in missing features. Matt is spending the summer integrating OpenOffice. It will be less costly, multi-platform and more nicely integrated." Mamlin notes that OpenMRS has only made good use of IRC, now firmly integrated into their communications, since their entrance into the GSoC. It seems that an unexpected consequence of their participation in the program has been to, according to Mamlin: "force us to get organized in ways that might not have happened otherwise." Mamlin adds that "GSoC has taught us a ton about being a successful open source project and provided us with opportunities to interact with other successful projects." The nature of the OpenMRS project has attracted a largely-academic set of developers. Fraser, for instance, is an assistant professor at Harvard Medical School. Major supporters include the Regenstrief Institute and Partners in Health. Not surprisingly, the students who applied and were accepted by OpenMRS also come from a very well-educated background. Though all GSoC participants are college students, about forty-percent of those working for OpenMRS are graduate students. Also like the developer team, OpenMRS GSoC applications came from thirty-four countries and six continents. One student, Sarp Centel of the record linkage project, is a Fulbright Scholar who will be attending graduate school at Georgia Tech in the fall. His project incorporates data mining and machine learning techniques to couple patients' records across multiple hospitals and record systems. He writes, "I am thrilled with the communication and solidarity within my organization. Guidance of my mentor is great as well." He mentions that he would like to see Google encourage interaction between GSoC participants, though he adds, "considering the size of the program, I can say that it is being managed pretty well"
System Applications Database Software PostgreSQL Weekly NewsThe June 17, 2007 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
SQLite 3.4.0 releasedVersion 3.4.0 of SQLite, a lightweight DBMS, is out. "This release fixes two separate bugs either of which can lead to database corruption. Upgrading is strongly recommended."
Interoperability Samba 4.0.0 TP 5 releasedVersion 4.0.0 TP 5 of Samba is available for download. The WHATSNEW file from the source code says: "Work has continued on SWAT, the the libnet API behind it. These we hope will grow into a full web-based management solution for both local and remote Samba and windows servers. The DRSUAPI research effort has largely concluded, and an initial implementation of AD replication is present, included in torture test-cases. This includes the decryption of the AD passwords, which were specially and separately encrypted. This should be recognised as vital milestone. Likewise, the LDAP Backend project has moved from a research implementation into something that can be easily deployed outside the test infrastructure."
Security Pixy, an open-source vulnerability scanner for PHP applicationsVersion 3 of Pixy has been announced. "Pixy is a Java program that performs automatic scans of PHP source code, aimed at the detection of XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability."
Web Site Development First alpha release of REMO, the Rule Editor for ModSecurityThe first alpha release of REMO is available. "This is a project to build a graphical rule editor for ModSecurity with a positive/whitelist approach. Remo has been started in January 2007, there was a first alpha release in February and the first beta release in early June 2007."
Desktop Applications Audio Applications Amarok Weekly Newsletter Issue 9 (KDE.News)KDE.News has announced issue #9 of the Amarok Weekly Newsletter: "In this issue, we interview an Amarok developer (Ian Monroe), take a look at the future of Amarok - Version 2.0 - and continue to provide nice usage tips."
Desktop Environments GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Software AnnouncementsThe following new KDE software has been announced this week:
KDE Commit-Digest (KDE.News)The June 17, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "Work on engine configurability, data management, a packaging system for Plasmoids and themes, and new refinements in desktop icon interaction in Plasma. The Oxygen window decoration and widget are both moved into kdebase. Further work in the Icon Cache, Kopete Messenger update, KRDC and Context Help Summer of Code projects. Improved highscore handling and network management across kdegames. New keyboard engine becomes live in KTouch, whilst the Step physics simulation package receives support for annotations. Support for many new text styling options in KOffice..."
More About Nepomuk-KDE: Soprano and KDE Integration (KDE.News)KDE.News has announced the second part in a series on the Nepomuk-KDE Semantic-Desktop project. "In a follow up story to the "State and Plans of Nepomuk-KDE" post, the second post covers Soprano and the overall integration of NEPOMUK within KDE."
The Road to KDE 4: KDE PIM Libraries and Related Technologies (KDE.News)KDE.News continues a series on KDE 4 with a look at KDE PIM libraries. "KDE has a number of sub-projects that have blossomed into enormous projects of their own. A number of them, such as KOffice, or KDE-Edu get a lot of press in the open source world, while the KDE PIM project has been quietly gaining corporate acceptance as a suitable enterprise suite. Today's feature are the libraries that power the KDE PIM project, and specifically, what changes have taken place since KDE 3.5.x, wherein the KDE PIM project is one of the most successful and stable components of KDE. Read on for more details."
Electronics Qucs 0.0.12 releasedRelease 0.0.12 of the Qucs has been released. "Qucs is an integrated circuit simulator which means you are able to setup a circuit with a graphical user interface (GUI) and simulate the large-signal, small-signal and noise behaviour of the circuit. After that simulation has finished you can view the simulation results on a presentation page or window."
Financial Applications SQL-Ledger 2.8.6 releasedVersion 2.8.6 of SQL-Ledger, a web-based accounting system, is out. Changes include: document control number with modulo 10 control digit, remittance voucher number with modulo 10 control digit, option to include fields for timecards, added notes to timecard and "Generate Sales Order" report and option to record FX adjustments.
Games ChessX 0.5 releasedVersion 0.5 of ChessX, a chess database that allows you tobrowse, manage, and analyze chess games, has been announced. "Many features [have] been added, most notably the opening tree and engine analysis support."
Area and entity editing in Ember (WorldForge)The WorldForge game project has an article on a new capability in Ember, a 3d client for the WorldForge project. "Id like to showcase some of the new editing functionality in the current Ember cvs. First off is the area editing. There are many types of areas in the world. Some examples are the dirt area under the sty, the path to the village and the darker areas under the oaks. Each area belongs to an entity and is represented as a series of connected points which taken together create a 2d polygon."
Interoperability Wine 0.9.39 releasedVersion 0.9.39 of Wine has been announced. Changes include: Many MSHTML improvements, Several improvements to the sound support, A number of Winsock fixes, Several new supported constructs in the IDL compiler, Many Direct3D threading fixes and Lots of bug fixes.
Music Applications CAPS 0.4.0 releasedVersion 0.4.0 of CAPS, the C* Audio Plugin Suite, is out. "CAPS is a collection of LADSPA plugins enjoying worldwide favour for its instrument amplifier emulation. In addition, it provides a sizeable assortment of acclaimed audio DSP units, sound generators and effects. CAPS is distributed as open source under the terms of the GNU Public License."
Free Music Instrument Tuner 0.97.6 releasedVersion 0.97.6 of Free Music Instrument Tuner has been released. Changes include a new statistics module and a bug fix for JACK.
Video Applications Muxi 0.4.4 announcedStable version 0.4.4 of Muxi has been announced. "Muxi is a TV application and personal video recorder for DVB. It includes an electronic program guide, live stream recording, time shifting, movie playback, and Internet radio. It can run perfectly smoothly at high frame rates under HDTV resolutions. Current releases support DVB-T only; DVB-S is in development."
Miscellaneous GPSMan 6.3.2 releasedStable version 6.3.2 of GPSMan is out. "GPS Manager (GPSMan) is a graphical manager of GPS data that makes possible the preparation, inspection and edition of GPS data in a friendly environment. GPSMan supports communication and real-time logging with both Garmin, Lowrance and Magellan receivers and accepts real-time logging information in NMEA 0183 from any GPS receiver. GPSMan can also be used in command mode (with no graphical interface)".
Pootle 1.0.1 releasedVersion 1.0.1 of Pootle, a translation tool that aims to build standards compliant tools for localization to minority languages, is available from translate.sourceforge.net. (Thanks to Dwayne Bailey).
Languages and Tools Assembly Language The Linux binutils 2.17.50.0.17 is releasedVersion 2.17.50.0.17 beta of binutils for Linux is out. Numerous bug fixes have been made. "This is the beta release of binutils 2.17.50.0.17 for Linux, which is based on binutils 2007 0615 in CVS on sourceware.org plus various changes. It is purely for Linux."
Caml Caml Weekly NewsThe June 19, 2007 edition of the Caml Weekly News is out with new Caml language articles.
Java Managing Volatility in the Java World (developerWorks)IBM developerWorks looks at volatility in Java. "The Java language contains two intrinsic synchronization mechanisms: synchronized blocks (and methods) and volatile variables. Both are provided for the purpose of rendering code thread-safe. Volatile variables are the weaker (but sometimes simpler or less expensive) of the two -- but also easier to use incorrectly. In this installment of Java theory and practice, Brian Goetz explores some patterns for using volatile variables correctly and offers some warnings about the limits of its applicability."
Python Python 3000 status updateGuido van Rossum has posted a detailed update on the state of Python 3000. "A schedule was first published around a year ago; we were aiming for a first 3.0 alpha release by the end of the first half of 2007, with a final 3.0 release a year later... This schedule has slipped a bit; we're now looking at a first alpha by the end of August, and the final release is moved up by the same amount. (The schedule slip is largely due to the amount of work resulting from the transition to all-Unicode text strings and mutable raw bytes arrays. Perhaps I also haven't delegated enough of the work to other developers; a mistake I am frantically trying to correct.)"
Python-URL! - weekly Python news and linksThe June 19, 2007 edition of the Python-URL! is online with a new collection of Python article links.
Tcl/Tk Tcl-URL! - weekly Tcl news and linksThe June 20, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.
Version Control GIT 1.5.2.2 releasedVersion 1.5.2.2 of GIT is out with a number of bug fixes and some translation work.
Monotree 0.3 releasedVersion 0.3 of Monotree, a viewer for the distributed version control system monotone, has been released. "As a viewer it loads and reads monotone's database to create reports. As it is a Windows application with a graphical user interface it can help to understand monotone's data easier and more quickly. Monotree is not a graphical user interface for monotone. It doesn't even use monotone but loads monotone's database directly. It's possible to load a database created by monotone without having monotone installed at all."
Page editor: Forrest Cook Linux in the news Recommended Reading Why are privacy and advertising strange bedfellows? (Linux Journal)Doc Searls discusses a ranking of corporate web sites' attention to privacy issues in a Linux Journal article. "In A Race to the Bottom: Privacy Ranking of Internet Service Companies, Privacy International spray-paints the façades of landmark companies that line today's Main Street on the Web. The painted colors are assessments of each company's performance on privacy issues. Though the rankings are colorful, what they say isn't pretty. Nobody in the "interim rankings" gets the top (green) mark for "Privacy-friendly and privacy enhancing". The bottom (black) mark, for "Comprehensive consumer surveillance & entrenched hostility to privacy", goes to just one company: Google."
Free QA for patent trolls? Why? (LinuxWorld)Don Marti questions the Peer to Patent Project on his LinuxWorld weblog. "The Peer to Patent Project would give the bandits flintlocks. Instead of facing bandits armed with patents likely to be bad, we'll be facing bandits who are confident in their weapons. If you think the problem of mostly-bad software patents is bad today, try peer-reviewed patents that are more likely to go off."
GPL compliance issues are tearing Joomla! apart (Linux.com)Here's a Linux.com story on the debate over proprietary extension modules in the GPL-licensed Joomla project. "[Project leader Louis] Landry wants developers to understand that the reason Joomla! wants to move closer to the GPL is to protect the project. "If we are condoning violations, we're weaker in a legal sense. If someone challenged our license down the road, if we've systematically been condoning violations, they could say, 'What's different now?'""
Trade Shows and Conferences Don Marti reports from the LF Summit kernel panelDon Marti blogs from the kernel panel at the Linux Foundation Collaboration Summit. The panel, moderated by LWN editor Jonathan Corbet, touched on many issues relevant to the kernel development process.
Linux Summit: Forget Microsoft. Let's Get Back To Development (InformationWeek)InformationWeek covers the Linux Foundation Collaboration Summit. "A broad cross section of the Linux community, meeting on the Google campus Wednesday in Mountain View, Calif., focused on advancing the development of Linux and shrugged off the threat of Microsoft's claims of Linux patent infringement. The gathering included six kernel developers, who started off a Linux Foundation Collaboration Summit by holding a town-hall-style question-and-answer session with about 70 representatives of Linux users, independent software vendor firms, and reporters. The Linux Foundation organized the event as a way to bring together the different elements of the Linux community in one setting."
Linux movers and shakers seek common ground (Linux-Watch)Linux-Watch reports on the Linux Foundation Collaboration Summit. "At the Linux Foundation Collaboration Summit held at the Googleplex last week, Linux developers, IHVs (independent hardware vendors), and ISVs (independent software vendors) hashed out their differences in an attempt to find common ground."
Shuttleworth urges Linux patch and bug collaboration (Linux-Watch)Linux-Watch covers Mark Shuttleworth's keynote speech at the Linux Foundation Collaboration Summit at the Googleplex. "When Mark Shuttleworth, Ubuntu founder and CEO of Canonical Ltd., spoke at the Linux Foundation Collaboration Summit at the Googleplex, he didn't talk about Ubuntu, patents, or hardware vendor partnerships. Instead he devoted his keynote speech to the importance of collaboration in fixing bugs and getting timely patches out to Linux users."
Companies QuickBooks is now available for Linux servers -- but not for Linux desktops (Linux.com)Linux.com covers Intuit's release of QuickBooks Enterprise Solutions for Linux. "Companies that run their servers on Debian or Debian-derived distributions are apparently supposed to stick to open source accounting/ERP packages such as Compiere, Adempiere or WebERP. Or, if they insist on using QuickBooks Enterprise Solutions, they will have to work with RPMS, because neither .deb nor source packages are available. What about plans for QuickBooks on the Linux desktop? Thomson said, "We don't find that to be a compelling need today." He said Inuit makes product decisions "based on what we hear from clients," and that they are "not hearing any demand" for a desktop Linux version of QuickBooks."
Linux at Work Baylor neuroimaging lab has open source on the brain (Linux.com)Linux.com's Tina Gasperson looks at the use of Linux by the Baylor College Human Neuroimaging Lab. "The Baylor College Human Neuroimaging Lab (HNL) uses Functional Magnetic Resonance Imaging (fMRI) to record and research brain activity. The fMRI scans human brains at work, detecting areas of greater blood flow that indicate which part of the brain is active as subjects perform a variety of activities. The data flows from the scanners to a high-performance 32-node CentOS cluster to be analyzed and returned to researchers in statistical form. HNL Systems Administrator Justin King is a big fan of open source software and frequently writes his own applications when he can't find what he needs in the community. King also takes advantage of commercial open source projects."
Interviews Interview with Lars Knoll, creator of KHTML (Ars Technica)Ars Technica looks at the work of Lars Knoll. "Ars Technica sat down today to talk with KHTML developer and Trolltech employee, Lars Knoll. We talked about his involvement in the project that ultimately became the HTML rendering engine for Apple's Safari web browser, as well how Apple's involvement has shaped the future of web browsing for browsers on just about every platform imaginable."
Interview With Fred Miller - GNU/Linux Evangelist (LXer)LXer talks with Fred Miller. "Fred Miller is a prolific GNU/Linux evangelist and active member of the OpenSUSE community. He has converted numerous small businesses and individuals from Windows to GNU/Linux. He is also a big OpenOffice.org fan."
Amarok 2.0 Interview: Jeff Mitchell (KDE.News)KDE.News features an interview with Jeff Mitchell, a developer of the Amarok audio player. "In the lead-up to KDE 4, Amarok will be undergoing a number of large changes both under the hood, and cosmetically with the user interface. I managed to interview a developer, Jeff Mitchell, to talk about the things changing in Amarok from the 1.4 stable branch to version 2.0, including the playlist redesign, the context view and the new web services framework."
Resources Why Do People Write Free Documentation? Results of a Survey (O'ReillyNet)O'ReillyNet presents the results of a survey. "A unique survey ran on O'Reilly's web site during the first three months of 2007, aimed at people who contribute free documentation to online mailing lists, web sites, and other forums. The survey garnered 354 responses, which in itself indicates the thriving state of free documentation and the dedication of the people who write it."
Open Source - The future is open (The DoD Software Tech News)The DoD Software Tech News has devoted its latest edition to open source software. (The magazine is in PDF format and requires free registration.) It includes essays by David A. Wheeler, Terry Bollinger, John M. Weathersby, Mark Lucas (on Geospatial OSS), Peter Gallagher, Matt Asay (Alfresco) and Andrew Gordon.
Dual password encryption with EncFS (Red Hat Magazine)Red Hat Magazine provides a "how to" on using two passwords with the EncFS encrypted filesystem. "John Doe is a sales agent. He is using EncFS to protect data on his laptop. This includes day-to-day activities like e-mails, meeting appointments, todo list, etc. He is using secondary password stored on USB stick to protect confidential information. This includes upcoming contract details, company financial information, plans for future products. His laptop is stolen and personal password is guessed using dictionary attacks. John Doe did not pick up a strong password. Corporate data is still safe. The USB stick was not stolen."
Reviews Google Browser Sync extension clones Firefox settings (Linux.com)Linux.com looks at the Google Browser Sync extension. "Google Browser Sync provides more than just a simple method of syncing bookmarks. It syncs all your Firefox data -- bookmarks, cookies, passwords, history, tabs, and windows. So, not only are your bookmarks kept in sync, but you can even close a Firefox session with tabs and windows open, and reopen the same session on another PC."
Re: 32-bits, CLAM, and TAPESTREA (Linux Journal)Dave Phillips reviews the JackLab Audio Distribution (JAD) and some of the audio tools found therein. "Various improvements have been made in JAD since my earlier review, including the adoption of a 2.6.19 kernel optimized for superb realtime performance. Since I've profiled the system in an earlier blog entry I decided to briefly review some of the more unusual software included with the distribution or built with the help of its development packages. JAD contains more than 70 applications for audio and video composition and production, most of which are at their most recent release versions, so come join me in a look at some less typical sound & music software running on one of the best of the new breed of multimedia-optimized Linux distributions."
Feed your content cravings with Liferea (Linux.com)Ane Vidmar reviews Liferea on Linux.com. "I find myself not browsing the Web as much as I used to, thanks to Liferea, a Linux-based aggregator for online news feeds. A news aggregator eliminates the need for surfing the Web as much. Instead of going to all the Web pages you have bookmarked to read your favorite blogs, news, or media presentations, you can simply add an RSS/RDF or Atom syndication format to Liferea and have all the news feeds at your command. Of course this works only for Web sites that support these syndication formats, but most modern sites do support at least one of them."
X-Wrt extends OpenWrt router firmware (Linux.com)Linux.com reviews the X-Wrt user interface for monitoring and configuring Linux-based router firmware. "X-Wrt is a slick new project that makes using OpenWrt easier and more fun than ever. The attention to detail is excellent, the documentation and assistance on IRC is very good, and the quality of the software is high, just as it is in OpenWrt. On a scale of 1 to 10, I give it an 9."
RPM 'relaunched' at rpm5.org (Linux.com)Linux.com looks at the two RPM projects. "Two concurrently developed forks present RPM-based distros with a dilemma. Should they diverge to the point of incompatibility, distros would be forced to support one or the other. Even in the meantime, they must choose where to concentrate their time and personnel resources. Novell has joined Red Hat in the rpm.org project, while Mandriva, cAos, and PLD have decided to work with Johnson's rpm5.org effort."
ZFS on Linux: It's alive (LinuxWorld)LinuxWorld takes a look at a FUSE (Filesystem in userspace) implementation of the Solaris ZFS filesystem. "The project is working, with several users running and even booting from a ZFS volume. Correia has not undertaken any performance tuning yet, and one sysadmin, Chris Samuel, has posted benchmarks that clock only about half the speed of another Linux filesystem, XFS."
Miscellaneous Should We Fight for Ogg Vorbis? (Linux Journal)Glyn Moody looks at the FSF's PlayOgg campaign. "I'm a big fan of Richard Stallman and his work -- even though, the first time I interviewed him, he proceeded to criticise my questions before answering them, not a journalistic experience I'd had before. Without his vision and sheer bloody-mindedness in the face of indifference and outright hostility, we would not have the vast array of free software we enjoy today."
Page editor: Forrest Cook Announcements Non-Commercial announcements Database Patent Prior Art NeededJosh Berkus writes about the need for some prior art research on database software. "The USPTO has launched its promised Patent Application peer review site, with 5 new patent applications for us geeks to debunk with prior art. All I can say is, if this is the dreck the patent examiners have to deal with day in and day out, I'm not surprised that they're tempted to just stamp it "approved" and go home and drink. So let's help them out."
US Court: email is privateHere's a release from the EFF on the US 6th Circuit Appeals Court's ruling in Warshak v. United States. "Over the last 20 years, the government has routinely used the federal Stored Communications Act (SCA) to secretly obtain stored email from email service providers without a warrant. But today's ruling -- closely following the reasoning in an amicus brief filed the by the Electronic Frontier Foundation (EFF) and other civil liberties groups -- found that the SCA violates the Fourth Amendment." So email users have an expectation of privacy - at least in the 6th circuit.
Open Sound System open-sourced4Front Technologies has announced the release of the Open Sound System code under the GPLv2 and CDDL licenses. OSS was once the Linux sound driver subsystem, but it was taken proprietary some years ago and has since been replaced by ALSA. "The new open source community development model makes it possible to replace the obsolete and incompatible vendor specific sound subsystems and OSS implementations with a state-of-the-art implementation developed by 4Front Technologies. The goal has always been to standardize audio under POSIX compliant systems and this includes real time operating systems and embedded systems as well."
SFLC's open source law immersion programThe Software Freedom Law Center has launched a program aimed at helping lawyers learn more about open source issues. "The Software Freedom Law Center benefits the FOSS development ecosystem both by providing direct legal services and by promoting the general understanding of relevant legal issues. Most often, these issues include software licensing, trademarks, patents, government regulations on software, and aiding various nonprofit organizations within our community. The SFLC Open Source Law Immersion Program is designed to provide practicing lawyers an opportunity to learn first-hand about these issues in open source law."
Commercial announcements Clearswift and SpikeSource form technology partnershipSpikeSource has announced a partnership with Clearswift. "Clearswift and SpikeSource, a leading provider of business-ready open source solutions, today announced a strategic partnership focused on delivering secure, open source solutions to market. As part of the agreement, SpikeSource will offer to its customers Clearswift's content security products and services. The companies will also work to build integrated solutions that will allow businesses to capitalize on SpikeSource's broad portfolio of open source solutions and platform, and Clearswift's content filtering expertise."
First American company focused solely on K12 open-source launchedImpari Systems, Inc. has announced its opening. "Impari Systems, Inc. announced today that they are now open for business. "Our private stock sale was a complete success, and we're ready to start working with schools. We realized what open source could do for students across America and had to start this company to help local schools move to this cost-effective, secure and rich environment. Impari Systems is focused only on open source and solely for K through 12 schools," reported Matt Burkhardt, CEO of Impari Systems, Inc."
Linbox adds patch and application deployment to Linbox Rescue ServerLinbox has released a new module for its Linbox Rescue Server (LRS) under the GPL: the Linbox Secure Control (LSC). The Linbox Secure Control lets you automate patch and application deployment across heterogeneous IT environments. "Fully integrated into the LRS Web management interface, Linbox Secure Control monitors the status of each install and displays the status on screen, so you can quickly and easily ensure that each deployment has been successful. Software deployment tasks can be scheduled for later execution and can occur on any number of computers in parallel."
Linspire does the Microsoft dealNow Linspire has done a deal with Microsoft . "Through this agreement, the companies will work to advance office document compatibility, enhance instant messaging interoperability and reinforce existing collaboration on digital media. In addition, Linspire will be providing its customers with the option of acquiring a patent covenant from Microsoft for customers operating the Linspire desktop."
Lumen Software announces new PostgreSQL LAPP stackLumen Software has announced its decisions to use a PostgreSQL-supported Linux-Apache-PostgreSQL-PHP (LAPP) stack for its open-source Lumenation development platform. "After significant consideration of PostgreSQL and MySQL, which is part of the popular LAMP stack, developers at Lumen found that the PostgreSQL database offered a higher level of functionality and handled large amounts of data and traffic better than the alternatives."
Mandriva: We will not go to CanossaMandriva has put out its own declaration regarding deals with Microsoft. "We also believe what we see, and up to now, there has been absolutely no hard evidence from any of the FUD propagators that Linux and open source applications are in breach of any patents. So we think that, as in any democracy, people are innocent unless proven guilty and we can continue working in good faith. So we dont believe it is necessary for us to get protection from Microsoft to do our job or to pay protection money to anyone."
Novell unveils workgroup suite for small businessesNovell has announced the Novell Open Workgroup Suite Small Business Edition with support from Intuit. "The Novell Open Workgroup Suite Small Business Edition includes Linux server and desktop components with e-mail, collaboration and the most advanced open source office products available. The benefit? Customers get a markedly improved return on their IT investments and aren't locked into expensive, proprietary-only software bundles."
Open-Xchange gives feature boost to collaboration serverOpen-Xchange, Inc. has announced a feature update for Open-Xchange Server 5. "The upgrade adds more than 50 usability improvements to the Linux-based collaboration suite. Open-Xchange Server 5 provides customers with key messaging functions such as email, calendaring, contacts and task management that are fully integrated with advanced groupware features such as document sharing, project tracking, user forums, and a knowledge base. Service Pack 3 for Open-Xchange Server 5 offers major productivity improvements through performance enhancements and through supporting the latest Application Server of Red Hat Linux Enterprise Server 4."
Performance Technologies broadens its NexusWare carrier grade Linux distributionPerformance Technologies has announced new additions to its NexusWare(R) Linux-based operating system and development environment. "NexusWare V12 now supports Performance Technologies' wide range of single board computer hardware offerings, including both x86 and PowerPC(R) processor architectures, and operates across the entire Performance Technologies product line. Performance Technologies is showcasing NexusWare at NXTcomm 2007."
19" Linux Digital Photo Frame Kit seeks Hacker-Tinkerer-PhotographersRedPost has released a fun little gadget, a 19" LCD monitor that boots a modified version of Damn Small Linux from USB flash drive. You can upload pictures via USB or WiFi, display a web site, or just hack on it.
Wind River Carrier-Grade Linux Goes to SpaceWind River Systems has announced that it has been selected by Honeywell Aerospace to support the development of NASA's New Millennium Program Space Technology 8 (ST8) Dependable Multiprocessor. The contract marks the first time a Linux platform has been selected by Honeywell for a space mission.
New Books O'Reilly to sell book chapters onlineO'Reilly will be selling chapters of their books in PDF format. "In today's Web 2.0 driven publishing marketplace, it takes new and creative strategies to get authors and their work noticed by web savvy readers. But even when it is noticed, today's readers increasingly want content in new and convenient ways that suit their digital lifestyles. Along with traditional print formats, they want content they can read on computers, PDAs, and cell phones. For this reason O'Reilly Media--the pioneering publishing company that coined the term Web 2.0--has recently launched several innovative publishing programs aimed at delivering content in formats the tech generation craves. Starting this month, O'Reilly Media customers have the option to purchase book content by the chapter in PDF format for $3.99."
Resources Announcing the FLOSS License SlideDavid A Wheeler presents the FLOSS License Slide, which is available as both PDF version and an OpenDocument format version. "The "Free-Libre / Open Source Software (FLOSS) license slide" shows if software under some of the most widely-used FLOSS licenses are compatible (and if so, how). The figure and explanatory text all fit in a page, which can be handy."
FSFE NewsletterThe June 13, 2007 edition of the FSFE Newsletter is online with the latest Free Software Foundation Europe news. Topics include: FSFE and Digicomp announce Free Software Licensing course, Meeting Libre 2007 in Miraflores, Spain, FSFE at eLiberatica 2007 in Romania, Richard Stallman in Sweden, ConfSL, LUGConf and Fellowship meeting in Cosenza, Italy, Linuxtag in Berlin, Linuxwochen tour through Austria and Donations now tax-deductable in Switzerland.
Sharing medical software: FOSS licensing in medicine (LinuxMedNews)LinuxMedNews has an announcement for an online paper by Fred Trotter entitled Sharing medical software: FOSS licensing in medicine. "I have written a short guide to software licensing in medicine: Sharing medical software: FOSS licensing in medicine. This covers the problems of license proliferation, the issue of proprietarization and several other key licensing related issues."
Event Reports Global Rails community together and on track at RailsConf 2007O'Reilly has sent out a press release that covers the recent RailsConf event. "RailsConf 2007 was a resounding success with over 1,600 attendees, nearly triple the number of the previous year. The event, held at the Oregon Convention Center May 17 - 20, 2007, was co-presented by Ruby Central, Inc. and OReilly Media. One aspect that set this conference apart from others was the camaraderie and lets pull together spirit of the Rails community at large. In the opening presentation, program chair Chad Fowler spoke about the spirit of community as well as the opportunity for programmers to work together to spread Rails knowledge."
Calls for Presentations Piksel07 - call for projectsA call for projects has gone out for Piksel07. The event takes place on November 15-18, 2007, submissions are due by July 15. "Piksel is an international event for artists and developers working with open source audiovisual software, hardware & art. Part workshop, part festival, it is organised in Bergen, Norway, by the Bergen Centre for Electronic Arts (BEK) and involves participants from more than a dozen countries exchanging ideas, coding, presenting art and software projects, doing workshops, performances and discussions on the aesthetics and politics of FLOSS & art."
WORM 2007 CFP extensionThe call for papers deadline for the 5th ACM Workshop on Recurring Malcode (WORM) conference has been extended to June 24. The event takes place in Alexandria, VA on November 2, 2007.
Upcoming Events The Open Group's Enterprise Architecture Practitioners ConferenceThe Open Group has announced the 15th Enterprise Architecture Practitioners Conference. "... David Linthicum, internationally known services-oriented architecture expert, will be a featured keynote speaker at its 15th Enterprise Architecture Practitioners Conference. Linthicum will address conference attendees during the opening plenary session on Monday, July 23, at 9:40 a.m. The conference will be held July 23rd-25th, 2007 at the Four Seasons in Austin, TX."
Registration opens for the OpenOffice.org annual conferenceRegistration has opened for the 2007 OpenOffice.org Annual Conference. "OOoCon 2007 runs for three full days from September 19th-21st in Barcelona, Spain. OOoCon 2007 topics include technical presentations and workshops for developers, case histories from around the world, future product developments, how to get involved in the Community, and hints and tips for users. There is a special focus this year reflecting the growing interest in OpenOffice.org extensions and components - adding 'plug in' features to OpenOffice.org and using OpenOffice technology in other applications."
VMworld 2007 announcedVMworld 2007 will take place on Sept 11-13, 2007 in San Francisco, CA. "VMworld is the largest virtualization industry event, attended by thousands of IT professionals and executives, developers, technology providers, and industry experts from around the world."
The 2007 WebGUI users conferencePlain Black Corporation has announced the 2007 WebGUI Users Conference. "Plain Black Corporation(R) is pleased to bring this year's annual WebGUI Users Conference back to their hometown, Madison, WI from Oct. 17-19, 2007. The WebGUI Users Conference is an annual event that brings together Plain Black staff and field experts from around the globe to present on all things WebGUI."
Events: June 28, 2007 to August 27, 2007The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it. Web sites Hyperic Launches HyperFORGEHyperic Inc. has announced the HyperFORGE, Hyperic's open source software development site, which will provide developers with an easy way to create plug-ins to Hyperic HQ, the company's flagship systems management platform. Hyperic HQ is used by the social network hi5.
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Firefox 3.0 Main Window]](/images/ff3/fullwindow-sm.png)
![[Firefox 3.0 Page Info]](/images/ff3/pageinfo-sm.png)