LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for August 9, 2007On DTrace envyWhen Sun looks to highlight the strongest features of the Solaris operating system, DTrace always appears near the top of the list. Your editor recently had a conversation with an employee of a prominent analyst firm who was interested, above all else, in when Linux would have some sort of answer to DTrace. There is a common notion out there that tracing tools is one place where Linux is significantly behind the state of the art. So your editor decided to take a closer look.The Linux tool which is most similar to DTrace is SystemTap. This development is supported by a number of high-profile companies, including Red Hat, Intel, IBM, and Hitachi. Most distributions have SystemTap packages somewhere in their systems of repositories, making it readily available to Linux users. DTrace supporters have been known to say that SystemTap is merely a knock-off of DTrace, and a badly-done one at that. SystemTap proponents will counter that it is an independent development which can hold its own. Both tools are based on the insertion of probe points in the system kernel. Whenever a thread of execution hits one of those probe points, some sort of action - as described in the tool's C-like language - is run. That action can be as simple as printing a message, or it can be significantly more complicated than that. DTrace comes with a large set of pre-defined probe points wired into the Solaris kernel - seemingly tens of thousands of them. These points are well documented and cover most of the kernel. Some simple wildcarding is implemented for the selection of multiple probe points. It is claimed that the run-time overhead of unused probe points is negligible. [Update: see the comments for some useful clarification on the use of dynamic probe points in DTrace.] SystemTap, instead, does not depend on static probe points within the kernel; that capability exists, but nobody has much interest in maintaining all of those points. Instead, SystemTap uses dynamic probes (implemented with kprobes) which are inserted into the kernel at run time. A flexible language can enable probes to be easily inserted anywhere in the kernel, with fairly complete wildcard support which allows, for example, all functions within a source file or subsystem to be instrumented with a single statement. Unused probe points do not exist at all, and so cannot affect system performance. There are a couple of advantages to the DTrace approach. The probe points exist and can be easily found in the manuals; a SystemTap user, instead, is required to have a certain amount of familiarity with the kernel source code. DTrace probe points are fixed at locations where it is known to be safe to interrupt the execution of the kernel. The SystemTap documentation, instead, comes with warnings that placing probes in the wrong places can cause system crashes and mutterings about the possibility of implementing blacklists in the future. The number of "wrong places" appears to be quite small, but that is of limited comfort for an administrator trying to observe the operation of a production system - something which is supposed to be possible with either system. There is a set of predefined points provided in the "tapsets" packaged with SystemTap, but it is small. The "D" language provided with DTrace is more restricted than the SystemTap language, though it does have a few features - like the ability to print stack traces - which appear to be missing in SystemTap. The D language has no flow control or looping constructs. Instead, the code associated with a probe has a predicate expression determining whether that code is executed when the probe is hit. Thus each selected probe point can be thought of as having a single, controlling "if" statement around it, with no further flow control possible afterward. SystemTap's language, instead, has conditionals, loops, and the ability to define functions. It also has, for those who like to live dangerously, the ability to embed C code. There are clear advantages to a more powerful scripting language, but hazards as well: SystemTap must, for example, carry extra code to keep infinite loops in scripts from bringing down the system. D is, like Java, compiled to a special virtual machine and interpreted at run time. SystemTap, instead, compiles directly to C. So SystemTap code may execute more quickly, but D may benefit from the additional safety checks which a virtual machine allows. DTrace has the ability to work with user-space probes. As with the kernel, developers are required to insert the probe points before DTrace can use them; it is not clear that large amounts of user-space code have been so instrumented. There is clear elegance to the idea, though, and this capability may prove genuinely useful in the future as more applications are equipped with probe points. SystemTap does not currently have this capability. In practice, simply getting SystemTap to work can be a challenge - even when a distributor-supported package is available. SystemTap is clearly its own development which must be (somewhat painfully) integrated with a specific kernel. DTrace can be expected to simply work out of the box. And that is perhaps the biggest difference between the two tracing systems. SystemTap would appear to have all of the capabilities it really needs to be a powerful system tracing tool - at least on the kernel side. DTrace features which are missing - speculative tracing, for example - could certainly be added if there were demand for it. Evidently user-space tracing is in the works. But what SystemTap really needs is more basic than that. What's missing is the degree of maturity exhibited by DTrace. SystemTap needs to simply work on most systems - and be usable by the system administrators. To a great extent, the "simply work" part is something that the distributors must address. Current SystemTap packages as tested by your editor have the look of an edge-of-the-repository afterthought. They do not have the dependencies to bring in the needed kernel information, requiring a fair amount of manual "what does it need now?" administrative work. Even then, performance is spotty at best; the SystemTap utilities just do not have access to the sort of information (uncompressed kernel images, for example) that they need to operate correctly. Until an administrator can simply tell the package management system to install SystemTap and expect to have it work thereafter, it will be hard to convince anybody that we have a mature tracing tool. On the development side, there should be an extensive set of well-documented trace points which can be used without having to go into the kernel source. Digging deeply into the system in a flexible way is always going to require a certain amount of skill, but SystemTap all but requires its users to be kernel hackers. The hard work of making a tool which can match - and, in places, exceed - DTrace has been done. What remains is a large (but relatively straightforward) job: making this tool usable by a much wider set of system administrators. Until that is done, DTrace envy will remain with us.
Red Hat High teaches free software"Get 'em while they're young" should be the motto of Red Hat High (RHH), a summer camp program, funded by Red Hat, to introduce junior high school students to free software tools. Now in its second year, RHH has a curriculum designed to get students using creative tools to produce tangible works during the week-long camp. In addition to teaching 50 eighth and ninth grade students about free software, the project seeks to expand its reach, not by increasing its enrollment, but by exporting the concept to other venues. The students all came from schools in the area around Red Hat's North Carolina headquarters, and each had to be nominated by one of their teachers. RHH was looking for participants "that show great creative potential and an interest in technology, but perhaps lack the resources to pursue it outside of school." In addition to the technology focus, the camp also provided other social events in the evenings, all free of charge to the campers. The camp was held at North Carolina State University, allowing the students to experience dormitory life a few years early. The students could choose amongst five different tracks, each focused on a particular tool:
Two student projects are highlighted in a Red Hat Magazine article about RHH 2007. One is three minute audio clip, the other a fifteen second animation - both are quite impressive for 8th and 9th grade students. The organizers failed to get permission from all of the students to share their work, so these are the only examples available - something they hope to fix for next year's camp. By all accounts, RHH was a success, with the students and their parents as well as the organizers. But, just as important, the course content for each of the tracks will be made available to other projects with similar goals. Camp field trips included the Red Hat campus to "experience life in a technology company" as well as a visit to a college level 3D animation class, where the "free beer" part of free software really hit home. Project coordinator Greg DeKoenigsberg describes the scene:
When the kids reached the 3D Animation classroom, they were very impressed
by Maya — until one of them asked for a free copy. 'A full license
of Maya costs $7000,' the instructor said, which elicited an outraged
reaction from the kids. 'But Blender is free!' they cried in unison.
Then the teacher started to show them some of the things Maya could do, and he was clearly surprised at the kids' clueful responses. 'These are vertices,' he'd say, and then they'd say 'yeah, we've done that.' 'Okay, this is texturing.' 'Yeah, we've done that too.' In many ways, RHH is a testbed for free software outreach to young people. In the two years of the program, the organizers have learned what works, now they are ready to export that knowledge to others. The first step is to focus on tutorials for the various tools, by creating new versions specifically packaged into curricula that teachers can immediately use. DeKoenigsberg, puts it this way:
A strong community of teachers and free software enthusiasts should be able
to develop, validate, and license simple lesson plans, with the explicit
goal of teaching kids to do stuff that is both cool and immediately
useful. It's my hope that Red Hat High can serve as a model for that
development.
Once the curricula exist, training teachers to use it in their classrooms is the next step. The main barrier is teachers' time, but the way around that is through the professional development programs that many school districts have. Because professional development courses are often tied to their earnings, formal training sessions that fulfill those requirements, will be quite attractive to teachers that have an interest in free software, but lack the time. In many districts, funding is available for these kinds of training programs as well. The project is a worthy one, even if it never escapes beyond the Raleigh-Durham area. Even 50 students at a time, getting the word out about free software is a good thing. If the project's larger goals can be realized – spreading this knowledge far and wide – it can make a huge difference. Getting young folks hooked on expensive proprietary software may be good for the bottom line at Adobe or Microsoft, but it is not so good for the wallets of schools and parents. Free software is able to replace an awful lot of proprietary packages, with no licensing hassles, so that students can run it anywhere they can find an open computer. That message has not, yet, been widely heard, but RHH hopes to change that.
A report from OSCON 2007O'Reilly's annual OSCON in Portland, Ore., is perhaps the only major conference in North America that spans the entire spectrum of open-source communities. This makes it a great opportunity to learn from people who may be encountering the same sorts of problems in a vastly different environment. Other events such as FOSDEM or LCA already provide this kind of environment, but for those of us who are US-based, it's helpful to have one with a lower travel budget. I highly recommend giving a talk if you're going so you get in free, though, since registration costs hover around US$1000 and up. It's clearly not a nonprofit conference. Numerous groups met preceding the main part of the conference, one of them a group of people involved with running a variety of free/open-source projects. At the foundations summit, most of the discussion centered around dealing with the issues facing nonprofits, such as trademarks, fundraising and bookkeeping. But in the same way as a full conference, the "hallway track" here was the most useful. As the number of people grows, the discussion gets slower and slower, but meeting the people involved with other foundations is invaluable. The summit ended Tuesday, and next day, the exhibit hall and regular sessions began. In his session, Arjan van de Ven talked about efforts to reduce power use, focusing on a few main problems to avoid in your code. The first, not surprisingly, was polling. There is no excuse for polling, with the advent of things like inotify. He said, "Frequent polling causes spattergroit." His second enemy was timers. It costs power to keep moving your CPU in and out of idle states, so you want to group timer events together rather than having them randomly spread throughout time by a number of programs. On the kernel side, you can use round_jiffies() or round_jiffies_relative(), and in userland, you can use glib's g_timeout_add_seconds() — not g_timeout_add(). Some work is underway to add this functionality to glibc as well. You don't want the entire Internet doing this at the same time, however, so each computer must group its events at a slightly different time. Arjan's final enemy was disk I/O. Since disks have moving parts, they consume a lot of power (at least until solid-state disks grow more common). High-speed links such as SATA and SCSI also eat power when not in power-saving mode. Gotchas here include opening files, even when in cache, because of the access time update (use the O_NOATIME flag to open() when possible), and looking for files or directories that don't exist (even when using inotify, this always goes to disk). A special case of this is media playback. The key is avoiding constant spinups of DVDs as well as hard drives by using large buffers — Arjan suggested 20 minutes of video or a minute of audio. Also, decode in large batches so you can be idle longer. Tools such as powertop and strace are key in tracking down the culprits. Powertop can tell you where to look, and strace can tell you more about what any programs are doing. Near the end, Arjan showed a graph of how tuning and recent fixes dropped a Fedora 7 default installation from a power consumption of 21W down to about 15.5W. That just a few fixes dropped it by so much shows how broken things were, but we're now on the right track. A good goal is to aim for 50 or less wakeups a second, because getting below that level generally doesn't gain you much more. A man with the job title "Disruptive Innovator" gave a talk with about 550 slides in 45 minutes. Rolf Skyberg of Ebay applied Maslow's hierarchy of needs to technology to try to explain how users behave. The first level is survival, the second is security, and the third is belonging. Computer programs apparently haven't managed to get any higher up on the scale yet. In terms of programs, survival means the program runs without segfaults; security means the program is useful; and belonging means the program is pretty. The more energy users spend finding the basics (help, logging in, etc.), the less they have to spend doing something useful. But one thing worth remembering is that people using a program may have higher needs than you expected. For example, the iPod isn't just useful, it's pretty. And people really care about that prettiness despite the lack of features like an FM transmitter, a recorder, etc. that many other, less popular MP3 players have. Luke Kanies talked about Puppet, a server automation tool he wrote in Ruby. It's a replacement for earlier popular tools such as cfengine. He really promoted the architecture, because any component in the entire system can be replaced and reused separately. Puppet's made of three main layers: server, networking and client. The server layer contains a compiler, a file server, a certificate authority and a report handler. The networking is XMLRPC over HTTPS. The client layer includes a resource abstraction layer, transactions and a resource server. Each of these individual components can be ripped out and replaced if you don't like it. You could change the configuration language, use a different method of communication, or whatever else your heart desires. The resource abstraction layer contrasts the most with other tools such as cfengine. It abstracts all the concepts like "install a package," "add a user," "add a group" and so forth so you can run Puppet on any Linux or other Unix-like OS and retain a simple configuration file without OS-specific details. The layer supports about 10 different distributions and other operating systems, and it's not difficult to add more. Work is underway to create a library of Puppet config files (or recipes) to reduce all the duplication, and that should greatly ease adoption of Puppet. Puppet seems like a well-thought-out and extensible tool, so it will be interesting to watch where it goes.Clinton Nixon talked about dealing with legacy PHP code, but many of the points are generally applicable to refactoring any code. His three primary suggestions were to separate the controller and the view, even if you don't have a solid MVC architecture; to call methods instead of including code that runs from the include file; and to get rid of global variables. His rules for view code were that control structures, printing, and display-specific, unnested functions were allowed, but assignment and other function calls were prohibited. He suggested beginning by drawing a line at the top of the code and adding a comment that says "view code below here," then gradually migrating controller code above the line until you can move it to a separate file. For loops, encapsulate the variables in an object. Once you've gotten to this point, you may find duplicated views that you can factor out. Untangling a web of included files is a process of figuring out the inputs and outputs, wrapping the entire file in a method, then refactoring. The nice part about this style of refactoring is that the code always works. There's never a point where you check in the code and it's broken. Finally, he recommended two books: Working effectively with legacy code, by Michael Feathers, and Refactoring by Martin Fowler. Although the Fowler book is a classic, he recommended the newer book by Feathers because it's more approachable. At the close of the sessions Thursday, Dave Jones gave his now-infamous "User Space Sucks" talk. Since most people have gotten the basic idea of this talk, I'm only going to mention the new information. Dave re-ran his tests a week ago on Fedora 7 to look at disk I/O during the bootstrap process, and he found that it had actually gotten even worse since FC6. Counts of stat(), open() and exec() calls had either increased or stayed the same. But the problem has grown harder, because the offenders no longer stand out in the same way as the originals. OSCON always provides some entertaining and educational talks, provided you've got a way to get into them. But its free content isn't too shabby either. The exhibit hall, all of the BOFs and parties (of which there are many), and the accompanying OSCAMP (like FooCamp, BarCamp, etc.) and FOSCON (mostly about Ruby) are all gratis. It stands nearly alone in the U.S. as a conference that spans across all of the open-source world, although a niche certainly exists for a lower-margin meeting like FOSDEM or LCA on this side of the ocean.
Security Securing our votesThis has been a bad few weeks to be a voting machine vendor. Three separate governments, California, Florida and the UK looked at the devices and have come to remarkably similar conclusions. The machines they looked at are poorly designed, poorly implemented and subject to a wide variety of security threats. None of the studies mentioned it, but it is likely that the machines looked great. The most comprehensive study was done by California Secretary of State Debra Bowen's office. That study looked at three electronic voting systems, each from a different manufacturer. Each system had three separate teams investigating, one looking at the source code, a "red team" that had physical access to the device and an accessibility team. Their conclusions were not surprising to anyone who has paid attention to this issue over the years. All three of the voting machine systems were found to be sorely deficient by all three teams. Even accessibility, which is one of the major benefits touted by electronic voting advocates, was found lacking:
Although each of the tested voting systems included some accessibility
accommodations, none met the accessibility requirements of current law and
none performed satisfactorily in test voting by persons with a range of
disabilities and alternate language needs.
Though it is certainly terrible not to meet the needs of some individual voters, safeguarding the election process and accurately reporting the vote totals need to be higher priorities. Since they obviously had not successfully completed the accessibility task, one would hope they were able to secure the voting process. Unfortunately, they could not get the primary job done right either. The red team reports were released first and the conclusions were devastating:
The red teams demonstrated that the security mechanisms provided for
all systems analyzed were inadequate to ensure accuracy and integrity
of the election results and of the systems that provide those results.
The teams were able to defeat the physical security of the voting machines, modify or overwrite the software in the machines as well as subvert the tabulation machines in order to provide incorrect vote counts. All of this just by having access to the machines themselves; the same access that election officials, poll workers and, to a lesser extent, voters, have. Several days later, the source code teams' reports were released and, at that point, were almost anti-climactic. Unsurprisingly, they found numerous, hideous source code flaws in all three systems. Buffer overflows, hard coded passwords ('diebold' being a particularly difficult one to guess), misuse of encryption, integer overflows (wrapping vote counts to negative or zero perhaps); the list goes on an on. It is as if the voting machine vendors are completely unaware of the last twenty (or thirty or forty) years of software security flaws. In reality, they are most likely not unaware, they are just arrogant. Diebold, Hart and Sequoia (the companies whose machines were studied) do not depend solely on their technical "prowess" to win bids for providing voting machines, politics plays a huge role. These are well connected companies. It also helps that they are all uniformly bad, there are literally no secure choices for a government agency to make. Florida's study only covered Diebold equipment, but it echoed the findings in the California study. Avi Rubin of Johns Hopkins University, who participated in a 2003 study of Diebold's voting machine, notes:
So, Diebold is doing some things better than they
did before when they had absolutely no security, but they have yet to do
them right. Anyone taking any of our cryptography classes at Johns Hopkins,
for example, would do a better job applying cryptography.
One of the bigger problems found was that Diebold assigned cryptographic keys to each voting machine that is derived from an MD5 hash of the machine's serial number. Rubin again:
This is arguably worse than having a fixed static key in all of the
machines. Because with knowledge of the machine's serial number, anyone can
calculate all of the secret keys. Whereas before, someone would have needed
access to the source code or the binary in the machine.
The UK also released reports on the outcome of electronic voting trials held in May. The overall summary of the trial, was, once again, not very favorable:
The
level of implementation and
security risk involved was
significant and unacceptable.
There remain issues with the
security and transparency of the
solutions and the capacity of the
local authorities to maintain
control over the elections.
This was not the result of security professionals analyzing the systems for flaws, but was instead noted in actual trials of the equipment in an election. The California study was quite well done and well thought out, except for one thing: it was done long after the equipment was bought and used in elections. This is the kind of study that needs to be done before buying the equipment. Due to the conclusions of the study, Bowen revoked the certification of the equipment from all three vendors, but immediately had to conditionally re-certify them as a practical matter. Even with a six month lead time, replacement systems (either electronic or of some other kind) could not be deployed before the 2008 California presidential primary voting. The reaction to the California study by the manufacturers was typical. It is the same reaction they have had to each and every study done of the security of their devices: trivialize it. Each released a statement in reaction to the study conclusions, essentially admitting the flaws, but claiming that any "laboratory study" would find vulnerabilities. According to these vendors, it is impossible to make a secure voting system. As they certainly know, no one is asking these vendors to break the laws of physics or to produce perfectly secure code. It would appear that they expend far more effort in deflecting criticism and lobbying various legislative bodies than they spend trying to secure their code and equipment. It is not necessary that the equipment be tamper-proof, merely that tampering can be detected. At least minimal precautions, perhaps to the level taught to computer science undergraduates, should be taken with the software. This is not anywhere near as hard a problem as the vendors make it out to be. Many of the techniques needed to secure voting machinery are well known and well understood, at least outside of the vendors' labs. This is an area where open source methods could be and should be applied. Organizations like BlackBoxVoting.org and the NSF Accurate project should be working on solutions. Private companies have shown themselves to be completely incompetent at producing secure voting equipment, it is time for another solution to be tried.
New vulnerabilities gd: multiple vulnerabilities
gimp: integer overflows
java-1.5.0-sun: multiple vulnerabilities
mediawiki: cross-site scripting
moodle: cross-site scripting
openssl: private key attack
xpdf: bounds checking issues
Updated vulnerabilities acroread: multiple vulnerabilities
apache2: information disclosure
apache: multiple vulnerabilities
apache: cross-site scripting
Asterisk: two SIP denial of service vulnerabilities
avahi: denial of service
bind: DNS cache poisoning
bochs: buffer overflow
bugzilla: multiple vulnerabilities
centericq: buffer overflows
clamav: denial of service
cpio: arbitrary code execution
vixie-cron: privilege escalation
cscope: buffer overflows
cscope: buffer overflows
cups: denial of service
gpdf: integer overflow
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
dovecot: directory traversal
drupal: cross site request forgery
elinks: code execution
elinks: arbitrary file access
emacs21: denial of service
evolution: format string error
evolution-data-server: malicious server arbitrary code execution
pop mail man-in-the-middle attacks
festival: privilege escalation
file: integer overflow
firebird: buffer overflow
firefox: multiple vulnerabilities
firefox: multiple vulnerabilities
firefox, thunderbird, seamonkey: multiple vulnerabilities
flac123: arbitrary code execution
flash-plugin: input validation flaw
freetype: arbitrary code execution
freetype: integer overflows
gcc: file overwrite vulnerability
gd: buffer overflow
gd: denial of service
gdm: denial of service
gedit: format string vulnerability
gimp: multiple vulnerabilities
grip: buffer overflow
gzip: multiple vulnerabilities
HelixPlayer: arbitrary code execution
horde-kronolith: local file inclusion
ImageMagick: integer overflows
imlib2: arbitrary code execution
ipsec-tools: denial of service
jasper: denial of service
java: multiple vulnerabilities
kdebase: information leak
kdelibs: kate backup file permission leak
kdelibs: cross-site scripting
kernel: denial of service
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
kernel: denial of service
kernel: denial of service
kernel: denial of service
kernel: denial of service by memory consumption
kernel: denial of service
kernel: several vulnerabilities
kernel: signal handling flaw on PPC
kernel: several vulnerabilities
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
krb5: multiple vulnerabilities
krb5: uninitialized pointers
krb5: local privilege escalation
krb5: multiple vulnerabilities
ktorrent: incorrect validation
lftp: shell command execution
libexif: integer overflow
libgtop2: buffer overflow
libmodplug: boundary errors
libphp-phpmailer: command execution
libpng: denial of service
libpng: buffer overflow
libpng: heap based buffer overflow
libtiff: buffer overflow
libvorbis: multiple memory corruption flaws
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lighttpd: denial of service
lookup-el: insecure temporary file
lynx: arbitrary command execution
mod_jk: proxy bypass
moin: arbitrary JavaScript execution
mplayer: buffer overflow
mydns: buffer overflows
mysql: denial of service
mysql: format string bug
MySQL: privilege violations
mysql: multiple vulnerabilities
MySQL: logging bypass
nbd: arbitrary code execution
ncompress: buffer underflow
nginx: cross site scripting
OpenOffice.org: arbitrary code execution
OpenSSH: denial of service
openssh: remote denial of service
pam: privilege escalation
perl-Net-DNS: predictable id sequence
php: multiple vulnerabilities
php: several vulnerabilities
php: multiple vulnerabilities
php: buffer overflows
phpbb2: missing input sanitizing
phpbb2: multiple vulnerabilities
phpPgAdmin: cross-site scripting
phpwiki: remote code execution
pptpd: denial of service
proftpd: authentication bypass
pulseaudio: denial of service
python: information disclosure
qemu: multiple vulnerabilities
qt: arbitrary code execution
qt: "/../" injection
quake: buffer overflow
redhat-cluster-suite: denial of service
rpm: arbitrary code execution
slocate: information disclosure
snort: remote arbitrary code execution
Sun JDK/JRE: multiple vulnerabilities
tcpdump: integer overflow
tcpdump: denial of service
tetex: buffer overflow
tomcat: directory traversal
tomcat: cross-site scripting
unrar: integer signedness error
vim: arbitrary code execution
vixie-cron: weak permissions may cause errors
vlc: several vulnerabilities
wireshark: multiple vulnerabilities
XFree86 X.org: integer overflows
xfsdump: insecure temp dir
xine: format string vulnerabilities
xine-lib: arbitrary code execution
xine-lib: buffer overflow
xinit: race condition
xmms: BMP handling vulnerability
X.org: temp file vulnerability
zziplib: buffer overflow
Page editor: Jake Edge Kernel development Brief items Kernel release statusThe current 2.6 prepatch is 2.6.23-rc2, released by Linus on August 3. "So I tried to hold people to the merge window, and said no to a few pull requests, but this whole '-rc2 is the new -rc1' thing is a disease, and not only is -rc2 late, it's bigger than it should be. Oh, well." Along with a whole lot of fixes, -rc2 adds extensive documentation to the Lguest code, a mechanism where kernel-space code can request notification when it is about to be preempted from the CPU, new configuration options for software suspend and hibernation, the removal of support for SuperH sh73180 and 7300 CPUs, AMD Geode LX framebuffer support, the removal of the arm26 port, and a TCP congestion control API change. See the short-form changelog for details or the full changelog for lots of details.Roughly 50 changesets have been merged into the mainline repository since -rc2. The current stable 2.6 kernel remains 2.6.22.1. The 2.6.22.2 update is in review as of this writing, and may be released as soon as August 9. It contains 84 fixes for problems all over the tree. For older kernels: 2.6.21.7 was released on August 4 with a fair number of important fixes.
Kernel development news Quotes of the week
I don't doubt at all that virtualization is useful in some
areas. What I doubt rather strongly is that it will ever have the
kind of impact that the people involved in virtualization want it
to have. It would appear that virtualization is the
"message-passing microkernel" of this decade, and that people have
a really hard time accepting that the reason operating systems
still basically look 100% the same today as they did almost forty
years ago, is that that is simply a very practical arrangement!
-- Linus Torvalds
In Linux we never ever assume a driver is working simply because
the hardware vendor tested it. A decade of real world experience
PROVES precisely the opposite -- getting code out into the world
early and often repeatedly turned up problems not seen in hardware
vendor's testing.
-- Jeff Garzik
Tripping over trip pointsContemporary processors have an interesting problem: if they operate at their full rated capacity for extended periods of time, they run a real risk of heating to the point that they let the blue smoke out and never run again. To avoid this kind of problem, processors (and other components) are instrumented with temperature sensors. The BIOS programs the sensors with specific "trip points" - temperatures where things will happen to keep the system from overheating. At a given trip point, the system might turn on the fan, throttle the processor, or, if disaster is imminent, shut the system down hard.The Linux ACPI subsystem provides the ability to query these trip points; the relevant virtual files can be found under /proc/acpi/thermal_zone. Your editor's laptop, for example, reveals that it is set to throttle the processor at 86°C and to pull the plug at 91°. Traditionally, the ACPI code has also allowed a suitably privileged user to change those trip points by writing new values to the /proc files. That capability no longer exists, though; it was removed in the 2.6.22 kernel. Users are now starting to complain about that change. They feel that the BIOS-set trip points on some systems are positioned incorrectly, resulting in systems that run more slowly than they think they should, fans which come on at the wrong time, and so on. Naturally, they feel that the removal of the trip-point override feature has reduced the functionality of their systems. ACPI maintainer Len Brown responds that the override feature is a bad idea for a number of reasons. At the top of the list is the fact that the system cannot actually change the hardware trip points. All it can do is disable them. Then the processor must take over by polling the temperature sensors itself and responding when its software trip points are reached. Should that polling and response fail to happen for any reason, there is a real possibility that the hardware could be damaged. Meltdowns could also easily occur if the trip points are set incorrectly, leading to "Linux destroyed my laptop" postings echoed across the net. On top of that, the BIOS can change the trip points at any time for reasons of its own. Many of the use cases for trip-point overrides (controlling when fans go on and off, for example) are better done by having a user-space daemon control fan operation directly. And the truth of the matter is that overriding trip points is usually (Len would say always) an inappropriate response to problems which are better solved somewhere else. When the issue was discussed in May, he summarized it this way:
The fact that the trip-points are writable has obscured, rather
than clarified, the actual causes of the failures. No less than 4
people in that bug report declared that cleaning the dust out of
their fan fixed the root cause. A bunch more said that the issues
went away when they stopped using ubuntu's user-space power save
daemon.
There are a couple more with broken active fan control -- which also gets obscured rather than clarified by over-riding trip points. The remaining problems, says Len, are most likely not present when Windows is running on the affected hardware. And, he says, Windows is highly unlikely to be overriding the trip points. The conclusion is that Linux is doing something wrong in its thermal management on those systems. He would much rather find and fix the real problem than hide it through use of trip-point overrides. In the end, according to Len, there has never yet been a bug report which suggests that Linux should be messing with trip points in this way. This is a clear challenge for anybody who misses the trip-point override feature: send in a suitably documented report showing the problem that this feature solved. If the override feature truly turns out to be necessary, it may just come back - but it may just happen that a fix for the actual problem goes in instead.
Smack for simplified access controlSELinux provides a comprehensive security solution for Linux, but it is large and complex. A much simpler approach is taken by the Simplified Mandatory Access Control Kernel (Smack), a patch posted to linux-kernel by Casey Schaufler. Like SELinux, Smack implements Mandatory Access Control (MAC), but it purposely leaves out the role based access control and type enforcement that are major parts of SELinux. Smack is geared towards solving smaller security problems than SELinux, requiring much less configuration and very little application support. Smack allows an administrator to define labels, 1-7 characters in length, for kernel objects. Labels on objects are compared with the labels of a task that tries to access them. By default, access is only allowed if the labels match. There are a set of Smack-reserved labels that follow a different set of rules, which allows most system objects and processes to be unaffected by Smack restrictions. By default, Smack does not get in the way of the OS, allowing the administrator to concentrate on just the users and processes they want to secure. Smack uses filesystem extended attributes to store labels on files; administrators set the labels using the attr command. The security.SMACK64 attribute is used to store the Smack label on each file, so setting /dev/null to have the Smack-reserved "star" label would look like:
attr -S -s SMACK64 -V '*' /dev/null
For networks, NetLabel is used to set CIPSO
labels and domains of interpretation for sockets, allowing Smack systems to
interoperate in those strictly controlled networking environments.
An administrator can add rules, but there is no support for wildcards or regular expressions; each rule must specify a subject label, object label and the access allowed explicitly. The access types are much like the traditional UNIX rwx bits, with the addition of an a bit for append. For configuration, Smack uses the SELinux technique of defining a filesystem that can be mounted, smackfs. Typically, it will be mounted as /smack, providing various files that can be read or written, to govern Smack operation. For example, Smack access rules are written to /smack/load; to change rules, one just writes a new set of access permissions for the subject-object pair. An example, one of several provided in the patch announcement, uses the standard security levels for government documents. Smack labels are defined for each level: Unclass for unclassified, C for classified, S for secret, and TS for top secret. Then, with a handful of rules:
C Unclass rx
S C rx
S Unclass rx
TS S rx
TS C rx
TS Unclass rx
the traditional hierarchy of access is defined. Because of the Smack
defaults, Unclass will only be able to access data with that same
label,
whereas because of the rules above, TS can access S,
C and Unclass data.
Note that there is no transitivity in Smack rules, just because S can access C and TS can access S, that does not mean that TS can access C. That rule must be explicitly given. Also, because no write permissions have been given, tasks at each level can only write data with their own label. So secret tasks write secret data and so on. Files will inherit the label of the task that creates them, with Smack ensuring that the filesystem attribute is set. They will retain that label unless it is explicitly reset by an administrator using the attr command. A patched version of sshd is available from Schaufler's homepage which allows an administrator to assign labels to users. Those labels get set on the user's shell and terminal device as they log into the system, forcing the user to follow the rules established for their label. A patched version of ls is also available so that it can display the labels associated with files. Smack is useful for limiting user and specific process access to various resources, it is not meant to be as general purpose as SELinux. Constructing a set of Smack labels and rules governing system processes, network services and the like, to restrict their access as SELinux does, would be impossible. For administrators needing to secure those services, SELinux is probably a better tool, but for simple compartmentalization, Smack may well suffice.
Newer, newer NAPILast December, LWN looked at a proposal to rework the NAPI interface used for packet reception in high-bandwidth network drivers. Since then, the interface has gone through some changes, but now appears to be in something close to its final form. Anybody who maintains a NAPI-capable network driver will need to adapt to the new API; in many cases the changes will be simple, but New-NAPI offers some added features which may be of value to drivers of complicated hardware.The core idea behind the NAPI interface is that, on a busy network, the kernel does not need to be interrupted every time a network packet arrives. Instead, the kernel can simply poll occasionally in the sure knowledge that packets will be there waiting. Your editor likes to compare packet receive interrupts with the beeps we all had, once upon a time, to let us know when email had arrived. Few of us use those beeps anymore; we have no doubt that there will be email waiting whenever we see fit to look for it. Like us, the kernel can do without unneeded distractions; that is especially true when those distractions can take the form of thousands of interrupts every second. There are other advantages to the NAPI approach. If the networking subsystem is overwhelmed and must drop packets, NAPI makes it possible for them to be dropped before they are ever fed into the stack. For various reasons, packet reordering tends to be less of a problem with NAPI as well. The new napi_struct patch set (currently at version 5), like its predecessor, introduces a new structure for controlling packet reception:
struct napi_struct {
struct list_head poll_list;
unsigned long state;
int weight;
int quota;
int (*poll)(struct napi_struct *, int);
/* Netpoll-related fields omitted */
}
This structure is no longer part of the net_device structure, though; instead, drivers are expected to allocate it separately. Usually it will be part of whatever larger structure the driver uses to represent the device internally. One of the main advantages of this approach is that device drivers can, if need be, create more than one napi_struct structure for a given device. Contemporary hardware can support multiple receive queues with nifty features like CPU affinity and flow separation; multiple NAPI structures makes it easier to use those queues efficiently. Drivers need not fill in the fields of the napi_struct structure, though zeroing the whole structure at allocation time can only be a good idea. Instead, each NAPI instance must be registered with the system with:
void netif_napi_add(struct net_device *dev,
struct napi_struct *napi,
int (*poll)(struct napi_struct *, int),
int weight);
Here, dev is the net_device structure associated with the interface, napi is the NAPI structure, poll() is the polling method to be used with this instance, and weight is the relative weight to be given to this interface. Note that poll() and weight are no longer part of the net_device structure. As always, the setting of weight is somewhat arbitrary, with most values varying between 16 (for basic Ethernet) and 64 - though InfiniBand uses 100. There is talk of reworking weights in a future patch, but that is a separate issue. There is no netif_napi_remove(), as there is currently no need for it. The prototype of the poll() method has changed somewhat:
int (*poll)(struct napi_struct *napi, int budget);
The NAPI structure comes in as napi, of course. The budget parameter specifies how many packets the driver is allowed to pass into the network stack on this call. There is no need to manage separate quota fields anymore; drivers should simply respect budget and return the number of packets which were actually processed. Most of the other NAPI-related functions have had the obvious changes made to their prototypes. The two ways of turning on polling are:
void netif_rx_schedule(struct net_device *dev,
struct napi_struct *napi);
/* ...or... */
int netif_rx_schedule_prep(struct net_device *dev,
struct napi_struct *napi);
void __netif_rx_schedule(struct net_device *dev,
struct napi_struct *napi);
Polling is turned off with:
void netif_rx_complete(struct net_device *dev,
struct napi_struct *napi);
Since there can be more than one napi_struct structure in existence, each can have polling enabled independently. Drivers are responsible for disabling polling on all outstanding NAPI structures when the interface is shut down (or when its stop() method is called). The netif_poll_enable() and netif_poll_disable() functions no longer exist, since polling is no longer tied to the net_device structure. Instead, these functions should be used:
void napi_enable(struct napi *napi);
void napi_disable(struct napi *napi);
Networking maintainer David Miller, who has taken on the development of this patch, says:
I don't anticipate making any more changes, just fixing bugs.
So please help me with that so we can finalize this patch. I
intend to cut a net-2.6.24 tree and stuff this patch into it by
the end of the week.
So anybody charged with maintaining out-of-tree network drivers should be prepared for a significant API change in the 2.6.24 kernel.
Once upon atimeAmong the metadata maintained by most filesystems is the last file access time, or "atime." This time can be a useful value to have - it lets an administrator (or a program) know when a file was last used. There is a strong downside to this feature, though: it forces a write to the disk every time a file is accessed. So read-only operations, which might have been satisfied entirely from cache, turn into filesystem writes to keep the atime value up to date.A recent discussion on write throttling turned to atime after Ingo Molnar pointed out that atime was probably a bigger performance problem than just about everything else. He went on to say:
Atime updates are by far the biggest IO performance deficiency that
Linux has today. Getting rid of atime updates would give us more
everyday Linux performance than all the pagecache speedups of the
past 10 years, _combined_.
He also claimed that it was "perhaps the most stupid Unix design idea of all times." Such discussion leads quickly to the question of what should be done about this old situation. One step that any Linux user can take now is to mount filesystems with the noatime option, which turns off the tracking of access times. For filesystem-intensive tasks, the performance reward can be immediately apparent. Unfortunately, turning off atime unconditionally will occasionally break software. Some mail tools will compare modification and access times to determine whether there is unread mail or not. The tmpwatch utility and some backup tools also use atime and can misbehave if atime is not correct. For this reason, distributors tend not to make noatime the default on installed systems. Another approach was added in 2.6.20: the relatime mount option. If this flag is set, access times are only updated if they are (before the update) earlier than the modification time. This change allows utilities to see if the current version of a file has been read, but still cuts down significantly on atime updates. This option is not heavily used, perhaps because few people have heard of it and many distributions lack a version of mount which is new enough to know about it. Using relatime can still confuse tools which want to ask questions like "has this file been accessed in the last week?" To fix that problem, Linus suggested a tweak to how relatime works: update it if the current value is more than a certain time in the past - one day, for example. Ingo responded with a patch implementing that behavior and adding a couple of new boot options: relatime_interval, which specifies the update interval in seconds, and default_relatime, which turns on the relatime option in all filesystems by default. Something resembling this version of the patch might go into 2.6.24. It was suggested that, whenever a file's inode is to be written to disk anyway, the kernel might as well update atime as well. Alan Cox objected that this change might make the overall behavior less predictable, which might not be desirable. No new version of the patch with this feature has been posted, so chances are it will not be in the version which gets merged - if and when that happens.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Architecture-specific
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Fedora and the LiveContent distributionThe week at LinuxWorld Creative Commons and the Fedora Project released a live CD called LiveContent.The live CD boots Fedora 7 and contains additional content licensed under a free Creative Commons license. From the Red Hat press release:
The Fedora 7 operating system boots directly from the LiveContent CD, making use of the open source tools found in the latest Fedora distribution like Revisor, Pungi and more. The CD features a variety of Creative Commons-licensed content including audio, video, image, text and educational resources. From the desktop, users can explore free and open content and learn more about businesses like Jamendo, Blip.tv, Flickr and others supporting creative communities through aggregation and search tools.
Also included are a number of open source software applications including OpenOffice, The Gimp, Inkscape, Firefox, multimedia viewers, open document templates and others. The LiveContent CD is a product of collaboration across a number of organizations - Red Hat is providing in-kind engineering support via Fedora 7 and many open source community members collaborated on the included software applications. Worldlabel.com, member of the Open Document Format Alliance, is supplying ongoing support for the development and distribution of the LiveContent CD. As Fedora engineer Jack Aboutboul says in this blog post:
The purpose of the LiveContent Distribution is to act as as tool and an enabler to both educate people about what Creative Commons is and does, and to provide them the tools and a selection of content with which they can begin to explore the remix culture and how endless the possibilities really are when a culture of collaboration is fostered, not detested.
The CD can be downloaded from the Fedora torrent site.
New Releases Fedora 8 Test 1 releasedThe first Fedora 8 test release is out. "Test 1 is for 'alpha' users. This is the time when we would like to have full community participation. Without this participation both hardware and software functionality suffers." See the Fedora 8 feature list for an overview of what's new in this release.
Freespire 2.0 releasedLinspire has announced the availability of Freespire 2.0. "Building on the best of open source software using Ubuntu as its baseline, Freespire 2.0 adds legally licensed proprietary drivers, codecs, and applications in its core distribution, to provide a better user experience. Freespire 2.0 also continues to offer users the ability to choose what software they want installed on their computer, without limitations or restrictions, as a result, making available proprietary software where there are no viable open source alternatives."
Mandriva 2008 Beta 1 availableThe first beta of Mandriva 2008 has been released. See the release notes for some indications of what's coming; among other things, this release will feature a switch to AppArmor as the native security framework.
Custom NimbleX Desktop OSThe first release candidate of Custom NimbleX 2 has been announced. Custom NimbleX allows you to generate a customized Linux distribution.
Announcing openSUSE 10.3 Alpha7The seventh alpha release of openSUSE 10.3 is available for testing. Click below for a look at the changes since alpha6, most annoying bugs, things that need testing and the media and download information.
Distribution News Bits from the Debian Project LeaderDPL Sam Hocevar looks at FTP assistants, the Debian Maintainers proposal, APT's Recommends handling and the patch sharing project.
Changes to Debian APTThe latest version of apt in Debian's unstable and testing branches will install recommended packages by default on October 1st.
Results for General Resolution: Endorse concept of Debian maintainersDebian Developers have voted to "Endorse the concept of Debian Maintainers". LWN covered this general resolution last week.
The openSUSE Project Turns Two with Improved Build Service and 10.3 BetaNovell celebrates the second anniversary of the openSUSE project with the release of the first beta of openSUSE 10.3 (due August 9) and the continued growth of the openSUSE Build Service.
openSUSE has New Software Interface with 1-Click Installation OnlineSoftware.opensuse.org has a new face and a new search interface.
Automatix for Ubuntu is "actively dangerous"Matthew Garrett investigates Automatix, a tool for Ubuntu users to install software that is not officially supported. He reports on a short look at problems with the tool. "Automatix exists to satisfy a genuine need, and further work should be carried out to determine whether these user requirements can be satisfied within the distribution as a whole. However, in its current form Automatix is actively dangerous to systems - ranging from damage to small items of user configuration, through removing user-installed packages without adequate prompting or warning and up to the (small but existing) potential to leave a system in an unbootable state."
Distribution Newsletters Fedora Weekly News Issue 99The Fedora Weekly News for July 29, 2007 covers announcements on Fedora 8 Test 1, Virtual FudCon and the new column called AskFedora. Also some questions posed to AskFedora on a License Issue, Backups and Problem with Pup. In Developments, continuing discussions on CodecBuddy, Yum, Kmods, RPM Roadmap, KDE4 Status and more.
Mandriva Linux Community Newsletter Issue # 127The Mandriva Linux Community Newsletter for July 30, 2007 looks at new releases: Corporate Desktop 4.0 and Mandriva Linux 2007 Spring Powerpack CDs, Mandriva at the conferences: aKademy, GUADEC, LinuxWorld, French Ministry of Agricultural and Fisheries chooses Mandriva, and more.
PCLinuxOS Magazine Issue 12The August 2007 edition of PCLinuxOS Magazine covers Lessons from Children, KDE User Guide Chapter 7, and much more.
full circle magazine - issue #3 released!Full Circle, the Ubuntu Community Magazine, has announced its third issue containing Xubuntu install step-by-step, How-To : Get a Stunning Ubuntu Desktop, Learning Scribus part 3 and Ubuntu in Photography, Review of Ubuntu on a Macbook, Preview of several new Compiz Fusion effects and more.
Ubuntu Weekly Newsletter #51The Ubuntu Weekly Newsletter for August 4, 2007 covers job opportunities at Canonical, potential system issues caused by Automatix, the upcoming fourth alpha release of Gutsy Gibbon, coverage of the US LoCo Teams Project and meetup, and much much more.
DistroWatch Weekly, Issue 214The DistroWatch Weekly for August 6, 2007 is out. "The late Sunday release of Arch Linux 2007.08 provided some excitement on the otherwise quiet distribution release week, during which both Fedora and Mandriva failed to deliver the promised first development builds of their upcoming products. But on the distro news front, things were a lot more exciting: MEPIS has announced that it will switch to a Debian base before its next stable release, Ubuntu has published a detailed analysis of Automatix, Kevin Carmony has announced resignation from Linspire, a Swedish manufacturer has unveiled the world's cheapest laptop (running Fedora), and Ian Murdock has given some hints about Sun Microsystems Project Indiana in an interview. We also take a quick look at the current status of KNOPPIX and Gentoo and publish some interesting statistical data about the DistroWatch readership in Latin America and the Caribbean. Finally, we are pleased to announce that the recipient of the July 2007 DistroWatch donation is the FreeNAS project."
Newsletters and articles of interest Controlling and managing Edubuntu users' desktops (Linux.com)Linux.com has an excerpt from The Official Ubuntu Book, Second Edition. "The community-driven Edubuntu project aims to create a version of Ubuntu specially tailored for use in primary and secondary education. Perhaps the most useful feature present in the Edubuntu OS is the Linux Terminal Server Project environment, whose applications are not limited just to eduction. The LTSP model centers around one powerful machine that acts as a server and several often much lower-powered machines that act as clients and boot from an installation of Ubuntu on the server. Though you will not be installing anything on them, there are still some maintenance tasks specifically directed at clients."
MEPIS begins return to Debian Linux with alpha release (DesktopLinux)DesktopLinux reports that MEPIS Linux will return to using Debian as its base. "With this pre-beta, which is a preview of the upcoming SimplyMEPIS 7, MEPIS has discontinued using Ubuntu binary packages in favor of a combination of MEPIS packaged binaries based on Debian and Ubuntu source code. These programs will run on top of a Debian Stable OS core, which will also be using packages from the Debian package pools."
Linspire CEO Kevin Carmony resigns (Linux-Watch)Linux-Watch reports that Kevin Carmony has resigned as CEO of Linspire. "Carmony also said that Linspire is stronger than ever. "I can't speak for Linspire now, but I believe the upcoming release of Freespire 2.0 and open CNR (Click N' Run) will be great for Linspire and desktop Linux.""
Distribution reviews Absolute Linux is an absolute winner (Linux.com)Linux.com has a review of Absolute Linux. "Absolute, a lightweight Linux operating system based on the respected Slackware Linux distribution, just released version 12.0. It features kernel version 2.6.21.5, IceWM and Fluxbox window managers, and many graphical and ncurses-based configuration tools. Its goal is to provide a lighter, easier-to-use Slackware appropriate for newcomers and experienced Linux users alike. It is built for speed and performance but doesn't neglect stability or security."
EnGarde -- Secure Linux Server (PolishLinux)PolishLinux.org has a review of EnGarde Secure Server 3.0.16. "EnGarde is a server oriented distribution equipped with WebTool -- a web based interface for managing the system and various types of servers (HTTP, mail, FTP and many other). There are two editions of EnGarde -- the free Community edition and the commercial Professional edition. EnGarde and all it components are published on the GPL license. EnGarde is available for i686 and x86_64 architectures, uses RPM packages managed by APT-GET."
Graphics pros will find good tools in compact Grafpup distro (Linux.com)Linux.com reviews Grafpup 2.0. "Grafpup 2.0 is a compact Linux distribution based on Puppy Linux and aimed at graphics professionals. It offers a variety of options for installation, a custom set of configuration utilities, and a niche suite of applications for digital artists. The graphics are soothing, and the Openbox desktop runs smoothly even on older hardware. Despite a few problems, Grafpup is a good choice for graphic designers and writers on the go."
openSUSE 10.3 Alpha 7 report (TuxMachines)TuxMachines takes a look at openSUSE 10.3 Alpha 7. "So, all in all, it appears to me that openSUSE 10.3 is shaping up. We're still really early in the development process, so there's plenty time left. Things are looking better and working better for the most part. I get more excited each release but this one has really raised my pulse rate. I can hardly wait for final."
Red Hat releases Red Hat Enterprise Linux 5.1 beta (Linux-Watch)Linux-Watch takes a look at the first beta for Red Hat Enterprise Linux 5.1. "If it seems like it was only months ago that Red Hat launched its new major operating system, Red Hat Enterprise Linux 5, that's because it wasn't quite five months ago. Unlike Microsoft, which is still playing coy about when it will replace Vista Service Pack 1, Red Hat has just announced the beta to its next upgrade: RHEL 5.1."
Vyatta releases 2.2 beta (Linux.com)Linux.com reviews Vyatta 2.2 beta. "The beta release of Vyatta -- which is essentially a Debian-based Linux distribution focused on networking -- includes Border Gateway Patrol (BGP) enhancements, Network Address Translation (NAT) usability enhancements, improvements to the Dynamic Host Configuration Protocol (DHCP) server and DHCP relay, and new options for the "show version" command."
Wolvix 1.1.0 Mini-Review & Screenshots (TuxMachines)TuxMachines has a mini-review of Wolvix 1.1.0. "Wolvix is a Linux distribution released as an installable liveCD. Originally based on Slax, it is now built upon Slackware and seems to concentrate highly on multimedia. It features XFCE4 and Fluxbox and comes with a large suite of software. Version 1.1.0 was released a few days ago and comes in two variations. Hunter is the traditional more complete version, while Cub is a smaller edition designed to fit and run on 256MB USB Flash Drives. I've been a fan of Wolvix since the beginning because of it's unique look and feel while offering exceptional functionality and lots of useful applications. Realizing that I haven't looked at it in a while, I decided to give Wolvix 1.1.0 a little spin this weekend. Since on-disk beat me to the punch, I'll just post a mini-review and my screenshots."
Page editor: Rebecca Sobol Development The first beta release of KDE 4.0The K Desktop Environment (KDE) project has announced the first beta release of KDE version 4.0:
This release marks the beginning of the integration process which will bring the powerful new technologies included in the now frozen KDE 4 libraries to the applications.
Almost two months after the foundations of KDE 4 have been laid with the first alpha, KDE enters the stage of a full freeze of the library interface. From now on, the applications will focus on integrating the new technology refined during the last months, and the library developers will try to fix all bugs found during this process. No new applications will enter the official KDE modules and usability and accessibility work is of course an ongoing process. In the following weeks KDE developers will be able to add features to their applications until the next beta is released and the application features will be frozen as well.
![[KDE Logo]](/images/ns/kdelogo.png){kind=small}
One interesting new application that will be included with KDE 4.0 is Marble, a lightweight earth viewing application that is similar to Google Earth, but will work on systems without graphics accelerator hardware:
Marble is a generic geographical map widget that is meant to be used by KDE4 applications. It shows the earth as a sphere but doesn't make use of any hardware acceleration (No OpenGL). So although it might look similar to professional applications like Google Earth or Nasa World Wind it's rather meant to be a small light weight multi purpose widget.
Changes coming to existing KDE applications in version 4.0 will include: KWin, the KDE window manager, will have some new effects to work with, it will also run well on low-end video hardware. Integration between the Dolphin file manager and the Konqueror web browser will be improved. The Gwenview image viewer is getting some new features and usability improvements. The Konsole terminal emulator will have some user interface improvements, new background choices, support for clickable URLs and support for default color schemes. The okular universal document viewer will get usability improvements, better multithreading capabilities and improvements to the print previewer. The KRDC remote desktop tool will undergo a code rewrite, new features will include tabbed viewing and support for the KWallet password manager. The KDE PIM personal information management suite will get some new features from its Enterprise branch. KOrganizer, the calendar and scheduling component of the Kontact personal information management suite, will get new Gantt chart time line and Outlook-style views. The theming interface has also had some improvements added. If you want to give it a try, KDE 4.0 beta 1 is available for download here. An openSUSE-based KDE4 Live CD has also been released.
System Applications Database Software PostgreSQL Weekly NewsThe August 5, 2007 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
Libraries libnetfilter_queue release 0.0.15 announcedRelease 0.0.15 of libnetfilter_queue is out with an API change. "libnetfilter_queue is a userspace library providing an API to packets that have been queued by the kernel packet filter. It is is part of a system that deprecates the old ip_queue / libipq mechanism."
Networking Tools fetchconfig 0.8 releasedStable version 0.8 of fetchconfig has been announced "fetchconfig is a script for retrieving configurations for multiple devices. It has been tested under GNU/Linux, and currently supports a variety of devices, including Cisco IOS, Cisco Catalyst, FortiGate, ProCurve, Parks, Alcatel Ethernet Routers (Riverstone), and Dell PowerConnect switches."
Web Site Development Django weekly roundupThe August 6, 2007 edition of the Django weekly roundup has been published. Take a look for the latest Django web platform news.
Desktop Applications Audio Applications Ardour MIDI progress continuesThe Ardour multi-track audio editor project has announced project with the MIDI system. "Dave Robillard continues his work on Ardour's MIDI recording, playback and editing capabilities as part of the Google Summer of Code program. Since the last screenshot (below), Dave has added color coding of velocity values, percussion tracks, two modes for delivering MIDI CC data (discrete+interpolated), and some basic editing operations such as quantize, note selection and pencil-based note creation & deletion."
An Introduction to Linux Audio (O'Reilly)John Littler discusses the writing of Linux audio software on O'Reilly. "Now, let's have a look at what we're trying to do and the main options available for doing it. The three main things to do are capturing (recording) audio, replaying it, and altering it. All of this comes under the heading of Digital Signal Processing (DSP). We'll be looking at the first two options: capturing and replaying. What we want to do is talk to the sound card in the computer, tell it what to do, what sort of arrangement the data should have (bearing in mind the card's capabilities), and then store it somewhere."
Desktop Environments Compiz 0.5.2 releasedVersion 0.5.2 of the Compiz compositing window manager is out with some new features and bug fixes.
GARNOME 2.19.6 releasedVersion 2.19.6 of GARNOME, the bleeding edge GNOME distribution, is out. "This release includes all of GNOME 2.19.6 plus a bunch of updates that were released after the GNOME freeze date. This is the sixth release in the unstable cycle, with more features, more fixes and yet more madness added. It is for anyone who wants to get his hands dirty on the development branch, or who'd like to get a peek at future features. With this release, GNOME entered Feature Freeze for 2.20."
GNOME 2.19.6 releasedVersion 2.19.6 of the GNOME desktop environment has been announced. "This is our sixth development release on our road towards GNOME 2.20.0, which will be released in September 2007. New features are still arriving, so your mission is simple : Go download it. Go compile it. Go test it. And go hack on it, document it, translate it, fix it."
GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Quickies: Awards to Enter, Magnatune Hires Amarok Developer, and an Old Interview from the Time Machine (KDE.News)KDE.News presents another Quickies article collection. "A few quickies again this week: the 4th Trophées du Libre (International Free Software Awards) contest is open. Please consider submitting your favourite KDE applications since the award is some 3000 in each category. Also new this week: Nikolaj Hald Nielsen has announced that he is being hired full time to work on Amarok, courtesy of the Magnatune music store. (Don't worry, this doesn't exclude support for other music stores). PyQt released a new version of their bindings. And every once in a while, we stumble upon an old piece of KDE history that just needs to be shared. Check out this 1998 Interview with KDE's grand-daddy: Matthias Ettrich."
Xorg Software AnnouncementsThe following new Xorg software has been announced this week:
Desktop Publishing LyX 1.5.1 is releasedVersion 1.5.1 of LyX, a GUI front end to the TeX typesetting program, is out. "It includes a few bug fixes and, more importantly, fixes a bug where files produced with the Document>Compressed option on would be malformed on windows. It was therefore decided to revert to the trusty 1.4.x code in this area and release 1.5.1 sooner than anticipated. All 1.5.0 users are urged to upgrade to 1.5.1."
Financial Applications SQL-Ledger 2.8.7 releasedVersion 2.8.7 of SQL-Ledger, a web-based accounting system, is out with a number of new features and some bug fixes.
Games EGv8 version 0.4.1 releasedStable version 0.4.1 of EGv8 has been announced. "Evil Greg Vs. Eight Year Olds (EGv8) is an arcade game with a simple premise. You control an adult character named Evil Greg who battles swarms of eight year old children. As you battle the children you face new enemy types and gain new abilities. "
GUI Packages PyQt v4.3 releasedVersion 4.3 of PyQt, the Python bindings for Qt, is out. "The highlights of this release include: - Full support for Qt v4.3.0. - Partial functions can be used as slots. - Many Qt classes now support the standard Python pickle protocol for data serialisation."
Qt 4.3.1 Allows for More Free Software Licences (KDE.News)KDE.News covers the Qt 4.3.1 release. Perhaps the most significant change is that the license exemption list has been expanded, allowing Qt to be linked with software under a number of other free licenses without the requirement that the resulting work be distributed under the GPL.
Instant Messaging Zimbra Collaboration Suite 4.5.6 for RHEL5 released (SourceForge)Version 4.5.6 of the Zimbra Collaboration Suite has been announced. "We've released ZCS 4.5.6 for RHEL5 32 & 64. Zimbra is an open source server and client technology for next-generation enterprise messaging and collaboration. Zimbra delivers innovation for both the administrator and the end-user as well as compatibility with exising infrastructure and applications. ZCS 4.5.6 contains 121 fixes."
Mail Clients Mozilla Thunderbird 2.0.0.6 Released (MozillaZine)MozillaZine has announced the release of the Mozilla Thunderbird 2.0.0.6 email client. "This update fixes two security issues, which are detailed in the Thunderbird 2.0.0.6 section of the Mozilla Foundation Security Advisories page (they're the same bugs that were eliminated in the equivalent Mozilla Firefox 2.0.0.6 release earlier this week)." The security issues involve the passing of URIs to external programs and privilege escalation through chrome-loaded about:blank windows.
Medical Applications CK-ERP 0.23.1 released (LinuxMedNews)LinuxMedNews has announced the release of CK-ERP 0.23.1. "This release features connectors for MirrorMed, ClearHealth, OpenEMR, and osCMax. XOOPS connector has been enhanced to provide group-module ACL control. Locale-aware monetary figure printing has been added. Sample cheque format has been improved."
Music Applications horgand 1.9 releasedVersion 1.9 of horgand, an organ synthesizer, is out. "No new features, but a hard work to improve the sound engine, now is decent. Also is fixed the crash with RT-Kernels, and some minor bugs. This is the last release with my own code because at last a DSP guru is involved on this project and I think we have good perspectives and will rewrite all."
LV2 Simple Sine Generator plugin UpdatedRelease 20070808 of the LV2 Simple Sine Generator plugin has been announced. "This brings plugin in sync with latest lv2 (changed uri, double srate, header) LV2 Simple Sine Generator is very simple plugin, generating sine when feed with notes. It should load in any host supporting midi port LV2 extension, i.e. elven, ingen, lv2_jack_host and zynjacku."
PHASEX 0.11.0 releasedVersion 0.11.0 of PHASEX, the [P]hase [H]armonic [A]dvanced [S]ynthesis [EX]periment, has been announced. "This release contains many fixes and improvements and is highly recommended for all PHASEX users."
Streaming Media GNonLin 0.10.9 announcedVersion 0.10.9 of GNonLin is out with a bug fix and support for modifying compositions during playback. "The GStreamer team is proud to announce a new release in the 0.10.x stable series of GNonLin. This module contains a set of plug-ins for GStreamer to ease the creation of multimedia editors, or any other application where a timeline-oriented use of GStreamer makes sense."
Video Applications Freevo release 1.7.3 is out (SourceForge)Version 1.7.3 of Freevo has been announced. "Freevo is a Linux application that turns a PC with a TV capture card and/or TV-out into a standalone multimedia jukebox/VCR/PVR/HTPC. It uses MPlayer or Xine to play and record audio and video. It is optimized for use with a TV+remote. This release contains some new (Greek and Chinese) and updated translations. An audio scrobbler plug-in. Scrollable descriptions for various menus."
Web Browsers Gran Paradiso Alpha 7 available for downloadThe Alpha 7 release of Gran Paradiso is out. "Gran Paradiso Alpha 7 is an early developer milestone for Firefox 3 and the next generation of Mozilla? layout engine, Gecko 1.9. Gran Paradiso Alpha 7 is being made available for testing purposes only, and is intended for web application developers and our testing community. Current users of Mozilla Firefox should not use alpha releases."
SeaMonkey 1.1.4 Released (MozillaZine)MozillaZine covers the release of SeaMonkey 1.1.4. This release fixes several security issues. There is more information in the SeaMonkey 1.1.4 release notes.
Miscellaneous Twitux 1.0 releasedStable version 1.0 of Twitux, a Twitter client for the Gnome desktop, has been announced. "Twitux provides features such as Nedirect messages, time-lines and many other features."
Languages and Tools Haskell Haskell Weekly NewsThe August 7, 2007 edition of the Haskell Weekly News is online. This issue marks the second anniversary of the Haskell (not quite) Weekly News. Thanks to the Haskell community for support, content and for reading over the last two years!
Introduction to Haskell, Part 3: Monads (O'ReillyNet)O'Reilly has published part three of an article series on the Haskell language. "So far, Adam Turoff has given us the basics of Haskell and looked at pure functions. In the final part of his introduction to the language, he looks at Monads, which are functions that are allowed to have side effects."
Java Introduction to JavaFX Script (O'Reilly)Anghel Leonard introduces JavaFX on O'Reilly's ONJava site. "In the spring of 2007 Sun released a new framework called JavaFX. This is a generic name because JavaFX has two major components, Script and Mobile, and, in the future, Sun will develop more components for it. The core of JavaFX is JavaFX Script, which is a declarative scripting language. It is very different from Java code, but has a high degree of interactivity with Java classes. Many classes of the JavaFX Script are designed for implementing Swing and Java 2D functionalities more easily. With JavaFX Script you can develop GUIs, animations, and cool effects for text and graphics using only a few straightforward lines of code. And, as a plus, you can wrap Java and HTML code into JavaFX Script. The second component, JavaFX Mobile, is a platform for developing Java applications for portable devices."
Perl Making Perl Reusable with Modules (O'Reilly)Andy Sylvester discusses Perl modules on O'Reilly's Perl.com. "Perl software development can occur at several levels. When first developing the idea for an application, a Perl developer may start with a short program to flesh out the necessary algorithms. After that, the next step might be to create a package to support object-oriented development. The final work is often to create a Perl module for the package to make the logic available to all parts of the application. Andy Sylvester explores this topic with a simple mathematical function."
PostScript GPL Ghostscript 8.60 announcedVersion 8.60 of GPL Ghostscript has been announced. "The major milestone of this release is a merge from the ESP Ghostscript fork, used to support the CUPS printing system. This means that free operating systems can now ship a single copy of upstream Ghostscript with their releases. Thanks to Till Kamppeter and Mike Sweet for making this possible. This release also includes numerous important bug fixes over the previous stable versions, as well as improvements to performance, memory footprint, shading and image handling. We recommend this upgrade to all free users."
Python Jython 2.2 rc3 is outVersion 2.2 rc3 of Jython, a Java implementation of the Python language, has been announced. "A few new pieces of functionality have been added since 2.2rc2: * Added telnetlib from CPython * Added cpython_compatible_select to select. See here for information on when to use it. * Several more java.nio exceptions are mapped to their corresponding Python error codes when thrown."
Libraries html5lib 0.9 announcedVersion 0.9 of html5lib, a library for working with HTML5 documents, is available. Changes include: "* Parses invalid and valid HTML documents to a tree * Support for minidom, ElementTree and a custom simpletree output format * DOM to SAX converter * Collects parse errors * Character encoding detection * XML mode for working with illformed XML e.g. feeds * Many unit tests".
Version Control monotone 0.36 releasedVersion 0.36 of monotone, a version control system, is out with a number of new features and some bug fixes. "Finally, monotone 0.36 has arrived. There are quite a number of changes and corrections in this release, well worth investigating."
Page editor: Forrest Cook Linux in the news Recommended Reading Malware: Serious Business (Dark Reading)Criminal justice professor Thomas Holt presented the findings from his study of malware markets at Defcon 2007. Dark Reading provides coverage of the talk. "The average hackers' forum works much like a combination of eBay and a department store site, Holt reports. Many are divided into areas of interest -- such as programming, scripting, Mac, or Linux -- and there usually is some sort of buying area where shoppers can purchase tools or exploits, such as bots or credit card data collectors."
Why Microsoft Is Going Open Source (Linux Journal)Glyn Moody analyzes Microsoft's recent open source moves in a Linux Journal blog posting. "This, I think, goes to the heart of Microsoft's open source strategy. As well as adopting those aspects of an alternative development model that it finds useful, Microsoft is aiming to blunt the undeniable power of openness by hollowing it out. If OOXML is an open standard, and some of its own software licences become OSI-approved, Microsoft will be able to claim that it, too, is an open standard, open source company. For many busy managers, subject to all kinds of demands including increasing pressure to 'go open source' - the difference between Microsoft's open source and real open source won't matter, in the same way that the difference between Microsoft's open file formats and those of the OpenDocument Format won't really matter. In terms of keeping people happy, what matters for many is the label the appearance of going open and Microsoft's moves aim to provide just that."
Trade Shows and Conferences Black Hat USA 2007: That's a wrap (Linux.com)Linux.com's Joe Barr reports from this year's Black Hat conference. "I had one particular question in mind when I came to Black Hat this year: who does the the black hat ops for the United States? Unfortunately, I still don't have a good answer for that, though I probably have a better understanding than when I arrived. Black Hat and Defcon are crawling with feds each year, but all the feds who are willing to talk even in general terms about what they do say they are involved in keeping the bad guys out of our computers, not breaking into the Department of Defense systems in Hackistan, or wherever."
Embedded conference features Linux track (LinuxDevices)LinuxDevices notes that there will be a Linux track at the Embedded Systems Conference East. "The East Coast version of CMP's semi-annual embedded developer conference will once again include a track devoted to Linux and open source. Set for Sept. 18-21 in Boston, the Embedded Systems Conference East is co-located this year with conferences on Web development, software development, and RFID."
Open-source replacement for Microsoft Project on its way (Linux-Watch)Linux-Watch reports that Projity plans to announce some OpenProj deployments at the upcoming LinuxWorld conference. "With over 28 million project managers and users already using Microsoft Project, Projity executives believes that is considerable room for an inexpensive, open-source project management program like OpenProj. According to the company, instead of a $1,000 license fee for Microsoft Project, Projity customers can download OpenProj for free and use it anytime they want from their machine. Project teams can access the same documents and collaborate on projects, which enables distributed project teams to save time and money."
Andrew Morton calls for more kernel testing (Linux.com)Joe 'Zonker' Brockmeier covers a LinuxWorld keynote by Andrew Morton. "During the opening keynote at this week's LinuxWorld Expo, kernel developer Andrew Morton called for more assistance in testing the Linux kernel from users, and predicted that virtualization would be the big thing for the next few years of kernel development."
aKademy 2007: Text Layout Summit (KDE.News)KDE.News covers the Text Layout Summit at aKademy 2007. "The Text Layout Summit was a true cross platform event, and followed from the one last year at the Gnome Summit. Text layout is a complex area requiring advanced knowledge of dozens of different writing methods. With funding from The Linux Foundation they brought together people from Pango, Qt, IBM ICU (Intl. Components for Unicode), SIL Graphite, Unifont.org, m17n, W3C and DejaVu. Getting the various widget sets to have the same high quality support for all scripts is a problem the summit hoped to solve."
Text Layout Summit 2007 Takes Place in Glasgow (GnomeDesktop)GnomeDesktop.org covers the FreeDesktop.org Text Layout Summit 2007. "The FreeDesktop.org Text Layout Summit 2007 took place in July in Glasgow. With funding from The Linux Foundation they brought together people from Pango, Qt, IBM ICU (Intl. Components for Unicode), SIL Graphite, Unifont.org, m17n, W3C and DejaVu. Getting the various widget sets to have the same high quality support for all scripts is a problem the summit hoped to solve."
Companies Acer Installing Linux on Some Notebooks (PC World)PC World reports that Acer is experimenting with the sale of Linux laptops in Singapore. "While Memory World's offer has attracted attention outside Singapore for the use of Ubuntu on a notebook, Acer did not ship these notebooks with the Linux distribution preinstalled, said Ignatius Beh, a Memory World sales executive. "We actually installed it ourselves," Beh said. Acer shipped the notebooks to Memory World with another version of Linux installed, he said. At the time of writing, Acer did not respond to a request for comment."
Lenovo, Novell partner to offer Linux on the ThinkPad (ars technica)ars technica reports on the Novell-Lenovo announcement of SUSE Linux Enterprise Desktop preinstalled on Lenovo ThinkPad laptops. "Unlike Dell, which has targeted its Linux offering primarily at the enthusiast community, Lenovo's SLED laptops are targeted at the enterprise. Whether they are running Ubuntu, SLED, or some other distribution, the availability of Linux preinstallation from mainstream vendors increases the visibility of the operating system and gives component makers an incentive to provide better Linux drivers and hardware support. If Lenovo is willing to collaborate with the Linux development community to improve the Linux laptop user experience, it will be a big win for all Linux users, not just the ones who buy laptops from Lenovo."
Is IBM's Big Iron also Big Green? (InfoWorld)InfoWorld reports on IBM's efforts to save power by moving 3,900 of its servers to 30 virtualized System z9 mainframes. ""The cost of energy, power to run computers, storage, and networking equipment, as well as the power to the cooling equipment, is becoming the highest single cost of managing a datacenter," says David Gelardi, VP of industry solutions at IBM. "IBM took a look at these very interesting plums coming to the forefront at the same time. We have an opportunity with systems management tools, with Linux, and with virtualization, to be able to take the workloads that are principally running on much smaller, underutilized Unix servers and move them over to those 30 very large mainframes.""
Interviews Dirk Hohndel speaks (CNet)Matt Asay interviews Dirk Hohndel on his CNet weblog. "Open-source software is one of the pillars of the software stacks that our customers use today. We want to ensure that these stacks support Intel's leading technologies as we introduce them to the market and that customers have an incentive to run their software stacks on Intel hardware. This results in people recommending Intel."
People Behind KDE: Summer of Code 2007 (1/4) (KDE.News)KDE.News introduces this People Behind KDE interview with some of the Google Summer of Code participants. "The People Behind KDE series takes a temporary break, as we talk to students who are working on KDE as part of the Google Summer of Code 2007 - in the first of four interview articles, meet Aleix Pol Gonzàlez, Piyush Verma, Mike Arthur and Nick Shaforostoff!"
Resources Email Classification (Incl. Spam Classification) With POPFile On Ubuntu Feisty Fawn (HowtoForge)HowtoForge shows how to use POPFile on the Ubuntu Feisty Fawn distribution. "This article shows how you can install and use POPFile to classify incoming emails on an Ubuntu Feisty Fawn desktop. It is a POP3 proxy that fetches your mails from your mail server, classifies them and passes them on to your email client."
Quicktoots 17 announcedA new version of the Quicktoots guide to Linux audio applications is out. "DJing is an artform and freewheeling with JACK on Linux makes it possible to amaze your audience with live remixes of rare cuts and hidden gems that when put together produce sample Heaven... Ringheims Auto shows us how it's done."
Reviews Azureus vs. KTorrent (Linux.com)Anze Vidmar compares Azureus to KTorrent in a Linux.com article. "BitTorrent is popular peer-to-peer sharing communication protocol used for transferring all kind of files over the Internet. Two of the most popular BitTorrent clients for Linux are Azureus and KTorrent. If you're looking for a robust, fast, simple, and powerful BitTorrent client, you will probably go with KTorrent. If you want a Java-based client that runs on every platform and allows you to configure every detail for BitTorrent transfer, consider Azureus."
Portrait of a Linux iPhone-killer wannabe (ComputerWorld)ComputerWorld has published a lengthy look at the OpenMoko phone with a lot of talk with OpenMoko architect Sean Moss-Pultz. "In fact, the most intriguing possibilities are in the enterprise, where Linux servers and applications are common, he stressed... 'Pretty much all the big enterprises have contacted us and are interested,' he said. 'Enterprises have scores of IT staff who can customize and maintain Linux applications. With this phone, the company can customize it exactly the way they want it for their employees.' By contrast, most cell phones are notoriously uncustomizable."
Linux gains free telecom-oriented IPC stack (LinuxDevices)LinuxDevices covers the release of Linx for Linux. "A year later than expected, Enea has released an open source Linux version of its flagship IPC (interprocess communication) stack. The GPL/BSD-licensed Linx stack could allow for tighter control- and data-plane integration in mobile phones and telecom infrastructure equipment combining Linux with Enea's OSE/OSEck RTOS (real-time operating system)."
Miscellaneous What could you do with fat fiber? (Linux Journal)Doc Searls wonders about fiber. "Two years ago, Bob Frankston wrote Why Settle for Just 1%? while in the midst of his ramp-up as a Verizon FiOS customer. The question is still on the table. I'd like us to help answer it by re-phrasing the question: What could we, as Linux developers and users, do with fiber to our homes and businesses?"
Page editor: Forrest Cook Announcements Non-Commercial announcements ODF Alliance applauds New York for taking steps to preserve electronic recordsThe OpenDocument Format Alliance recognizes New York as the second state to enact legislation that calls for the study of electronic document formats. "'In calling for a study of electronic document formats, New York has recognized the critical importance of continued access to their valuable records,' said Marino Marcich, ODF Alliance Managing Director. 'The pending studies in New York and Minnesota will reveal the true value of ODF for maximizing access, control and interoperability of government documents and information. With the world's 11th largest economy, New York understands how important electronic document access is for maintaining their position as a leader in the domestic and global marketplaces.'"
Google signs up with the Open Invention NetworkThe Open Invention Network has announced that Google has signed up as its first end-user licensee. Quoting Chris DiBona: "We believe that by becoming an Open Invention Network licensee, we can encourage Linux development and foster innovation in a way that benefits everyone. We're proud to participate in OIN's mission to help Linux thrive."
Commercial announcements CadSoft EAGLE CAD 5 enters betaA beta release of CadSoft EAGLE 5, a printed circuit CAD system with a no-cost reduced capability version, has been announced. "CadSoft invites EAGLE users to participate in testing new versions of the EAGLE Layout Editor. We suggest that only users who already have experience with previous versions of EAGLE participate in the beta test."
Concurrent to Supply Real-Time Linux Solution to the U.S. NavyConcurrent has announced that it will supply real-time Linux systems running RedHawk Linux to the U.S. Navy for missile simulation development. "Currently in development, this missile simulator system will provide input signals to actual missile guidance hardware in real-time and read the missiles response to provide a closed loop simulation. NSWC Crane is developing the simulator in partnership with multiple DoD labs. The simulator will be used to determine the effectiveness of Navy and Marine Corps aircraft countermeasure systems that protect the aircraft from hostile missiles. The simulators multiple roles include optimizing new countermeasures in existing aircraft, determining the best use of existing countermeasures in new aircraft, and evaluating current aircraft capabilities against new missile system threats."
Mercury Computer Systems releases SDK for PLAYSTATION3Mercury Computer Systems, Inc. has announced the release of their software development kit for the PLAYSTATION 3 platform. "Mercury Computer Systems, Inc. announced the release of its MultiCore Plus(TM) SDK for PS3 - Base Package, which enables application developers to unleash the powerful Sony PLAYSTATION(R)3 (PS3) game console for low-cost, high-speed computing."
Oracle's contributions to the communityOracle has sent out a press release describing its contributions to the free software community. "A result of on-going work with the Linux community and strategic partners, Oracle has spearheaded enhancements including: development of a new file system designed for superior scaling; porting the popular Yet another Setup Tool (YaST) to Oracle(R) Enterprise Linux and the fully compatible Red Hat Enterprise Linux; open sourcing tools to streamline testing, collaborating on an interface for comprehensive data integrity and developing a new asynchronous I/O interface to reduce complexity."
Sun Microsystems announces fastest commodity microprocessorSun Microsystems, Inc. has announced the UltraSPARC(R) T2 microprocessor. "Available for sale separate from Sun's own systems, this new processor is the industry's first volume processor with eight cores and eight threads per core. Formerly known as the "Niagara 2" project, the UltraSPARC T2's world-record performance raises the bar on commodity processors while boasting the industry's highest energy efficiency per thread. With each thread capable of running its own operating system, the chip delivers a whopping 64-way system on a single chip."
Wyse and Novell collaborate on Linux thin clientsWyse and Novell have announced a partnership. "Wyse Technology, the global leader in thin computing, today announced it is working with Novell to bring the next generation of Linux-based thin clients to market. Both companies are committed to giving customers everything they need to transition from traditional desktops with proprietary operating systems to Wyse thin clients based on SUSE Linux Enterprise from Novell."
LinuxWorld inspired press releasesLinuxWorld always seems to inspire companies to generate press releases:
New Books The CSS Anthology, 2nd Edition -- New from SitePointSitePoint has published the book The CSS Anthology, 2nd Edition by Rachel Andrew.
Resources Linux Gazette #141Issue #141 of the Linux Gazette is online with the following topics: Mailbag, An Ongoing Discussion of Open Source Licensing Issues, Talkback, 2-Cent Tips, NewsBytes, News in General, Conferences and Events, Distro News, Software and Product News, GRUB, PATA and SATA, An NSLU2 (Slug) Reminder Server, Who is using your Network?, Serving Your Home Network on a Silver Platter with Ubuntu, One Volunteer Per Child - GNU/Linux and the Community and HelpDex.
Contests and Awards Black Hat's Oscars: The Pwnie Awards (Linux.com)Joe Barr covers the Black Hat Pwnie Awards on Linux.com. "In a hastily arranged ceremony, a small group of security researchers gathered last night at Black Hat to acknowledge the work of hackers, vendors, and music-makers in the First Annual Pwnie Awards. The brainchild of Alex Sotirov and Dino Dai Zovi, the awards were a very late addition to the Black Hat schedule. Therefore the crowd was small, but appreciative."
Education and Certification LPI Certification Program covered by VA benefitThe Linux Professional Institute is offering certification exams to US veterans. "VCampus Corporation, the North America Master Affiliate for the Linux Professional Institute (LPI) certification program, announced that all US veterans and active military can now use their Department of Veterans Affairs (VA) education benefits to cover examination fees for all LPI exams."
Calls for Presentations GNOME.conf.au 2008: Call for PresentationsA call for presentations has gone out for GNOME.conf.au 2008. The event will take place in Melbourne, Australia sometime in 2008, submissions are tentatively due by November, 2007.
Southern California Linux Expo CFPThe Southern California Linux Expo (Scale 6X) will take place in Los Angeles, CA on February 8-10, 2008. A call for participation has been announced.
Upcoming Events CMP's Embedded Systems Conference, BostonCMP Technology has announced the next Embedded Systems Conference. "CMP Technology today announced the program for its annual Embedded Systems Conference (ESC) Boston, running September 18th to the 21st at the Hynes Convention Center. ESC is the industry's largest international embedded technical conference and exhibition. This year's Boston conference will bring together some of the most respected and innovative minds in the field to offer attending systems architects and engineers their choice of more than 100 training sessions, courses and seminars covering methodologies, processes, and techniques fundamental to the development of embedded systems."
FOSS.IN announcedThe FOSS.IN conference will take place in Bangalore, India on December 4-8, 2007. "FOSS.IN is one of the world's largest and most focussed FOSS events, held annually India. Over the years, it has attracted thousands of participants, and the speaker roster reads like a "Who's Who" of FOSS contributors from across the world."
Terra Soft, Power.org Host Hack-a-thon IIThe Hack-a-thon II event has been announced. "Terra Soft Solutions is proud to announce Hack-a-thon II, to be held in Austin, Texas, September 22-25, two days prior to and then in conjunction with the Power Architecture Developer Conference. In this 4 day event, Terra Soft will host a 6 node PS3 cluster and hands-on workshop for the installation of Yellow Dog Linux, compute image deployment via Y-HPC, and use of Torque and Moab for job management. Hack-a-thon attendees will be invited to working hands-on with the cluster to test their own parallel and distributed code."
Linux Audio Conference 2008The Linux Audio Conference 2008 will be held in Cologne, Germany on February 28 - March 2, 2008. "The Academy of Media Arts, Cologne, is proud to host the Linux Audio Conference 2008, where once a year programmers and artists, musicians, composers and practioneers gather to discuss and explore new and important developments in making music and sounds with Linux and Open Source software. The Linux Audio Conference is both a meeting of developers writing audio software for Linux as it is a music festival, where artists from all over the world show how free software can create fresh and exciting new sounds."
Bradley Kuhn and Max Spevack to keynote at Ohio LinuxFestThe Ohio LinuxFest organizers have announced that Max Spevack and Bradley Kuhn will be keynoting this year at the Ohio LinuxFest 2007. OLF takes place September 28 - 30, 2007 in Columbus, Ohio.
Events: August 16, 2007 to October 15, 2007The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it.
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||