LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for August 16, 2007MySQL stops distributing Enterprise Server source codeIn announcing changes to the way it does its releases, MySQL AB, the company behind the MySQL database, probably knew what element would be the most controversial. Listed last of five changes was the plan to no longer be distribute Enterprise Server source code. Very quickly noticed by members of the MySQL community, then by the wider free software community, it caused a bit of an uproar. A Slashdot headline, later reworded, proclaimed "MySQL Closing Off Its Source", which was easily enough to fan the flames. A closer look reveals that not all that much has changed, MySQL is trying to find ways to have a free software product that generates revenue – a difficult balancing act. The roots of the problem go back to the split of MySQL into two products: Enterprise Server and Community Server. That change was announced in October 2006 and was an attempt by MySQL AB to separate the needs of the "community" from those of their commercial, "enterprise" customers. The words chosen were, perhaps, a bit distasteful; one would think that all MySQL users are members of the community, the real distinction they were trying to make is: paying vs. non-paying. At the time of that split, there was talk that MySQL AB was turning its back on free software, "going corporate" as it were. In fact, the company has kept up its side of the bargain, releasing its code under the GPL. It has also worked with the Free Software Foundation on GPLv3; upcoming MySQL releases might very well be covered by that license. Its biggest sin, in some eyes, has been the unwillingness to forgo making a profit. The change that caused the latest stink is more subtle, as it just changes the Community Server development process. But, as a seemingly unnecessary part of that change, the Enterprise Server source tarballs will no longer be available on the the ftp.mysql.com site. The source will be distributed to customers who buy the Enterprise Server, but will no longer be accessible – from MySQL AB – by the community at large. The company evidently wants to make a sharp distinction between the two releases, which is what led them to restrict the source code. Various Linux distributions have been using the Enterprise source, rather than the the Community source, to build MySQL packages and the company would rather not see that. Kaj Arnö, VP of Community Relations for MySQL AB, puts it this way:
What we do intend is related to positioning: MySQL Community
Server is for
our users, MySQL Enterprise Server is for our paying customers. We want
people to associate MySQL Enterprise Server with a commercial
relationship
to MySQL as a company.
It seems a rather drastic step, likely to induce community annoyance, for very little gain. The marginal cost of maintaining another copy of the tarball should be nearly zero. In addition, Arnö has acknowledged that the source will still be available to anyone who truly wants it. Folks like DorsalSource are already planning to provide source and binary versions of the Enterprise products as they are released. GPL compliance, always a confusing topic, was at the heart of a lot of the complaints about withdrawing the source. The company is complying with the license by providing the source code to their Enterprise customers with the binary distribution. Given that they hold the copyright for the entire package, by requiring contributors to assign their copyrights, they could make other license arrangements with their customers, but choose to stick with the GPL. The other, less controversial changes announced were largely codifying the current Community release practices. One of those practices, leaving new features and bug fixes out of the community releases, at least until the next major release, seems contrary to the intent for the Community Server. When it was set up, it was to be the testbed for the Enterprise Server, but that role has clearly fallen by the wayside. There are legitimate differences between large, enterprise-class customers (who are more likely to pay for support) and the rest of the universe of MySQL users. One wants stable releases, on a fixed schedule, that have been extensively tested in real-world installations. The other wants new features and bug fixes more quickly, even if they have not yet had extensive testing. Unfortunately, it seems like MySQL AB may be confused about which group of users needs each style of release. A parallel is often drawn between the split that Red Hat made between Fedora and Red Hat Enterprise Linux (RHEL), but while the original reasoning seems to be the same, the implementation is rather different. For reasons that are not entirely clear, Enterprise Server gets monthly "hotfix" releases that often seem to contain fixes that are out of place for a stable release. Often, the changes have not yet been released in a community version, so they have only been tested in MySQL AB's labs. This is very different from the Fedora/RHEL model as the frequency of releases between community and enterprise has been reversed. In the Red Hat model, features (new packages) are released first in Fedora, vetted by the community, then released in an RHEL release sometime later, typically much later. It is hard to see what benefit monthly releases provide to a "stable" product. An exception must be made for security fixes, but those should not wait until the next scheduled release anyway. MySQL AB seems to see things differently, one must hope that they are right, and that they understand precisely what their customers want. It would be a tragedy for MySQL AB to falter; they are a free software company that does an enormous amount of work on the database software that is used freely by millions. Thankfully, even if that did happen, MySQL the software package, would continue, perhaps at a slower pace. That, in many ways, sums up what MySQL AB, or any company that uses a free license, gives to their users, paying or non-paying, the ability to keep using and extending the software even if the company fails.
A bad day for the SCO GroupSometimes, a little reminiscing is called for. Think back to March 7, 2003, when the SCO Group, once a Linux distributor named Caldera, filed its initial complaint against IBM:
Prior to IBM's involvement, Linux was the software equivalent of a
bicycle. UNIX was the software equivalent of a luxury car. To make
Linux of necessary quality for use by enterprise customers, it must
be re-designed so that Linux also becomes the software equivalent
of a luxury car. This re-design is not technologically feasible or
even possible at the enterprise level without (1) a high degree of
design coordination, (2) access to expensive and sophisticated
design and testing equipment; (3) access to UNIX code, methods and
concepts; (4) UNIX architectural experience; and (5) a very
significant financial investment.
IBM, by providing those things, was alleged to have misappropriated SCO's property, breached contracts, and generally ruined SCO's day. At the core of these allegations was the claim that IBM had funneled SCO's Unix code into Linux - up to one million lines' worth. IBM fought back strongly, and, over time, it became clear that no large-scale copying of Unix code into Linux had happened - in fact, almost no copying had happened at all. IBM continues to argue its case, but an interesting thing happened in May, 2003, when Novell issued a press release claiming that it, rather than SCO, was the owner of the Unix copyrights.
Importantly, and contrary to SCO's assertions, SCO is not the owner
of the UNIX copyrights. Not only would a quick check of
U.S. Copyright Office records reveal this fact, but a review of the
asset transfer agreement between Novell and SCO confirms it. To
Novell's knowledge, the 1995 agreement governing SCO's purchase of
UNIX from Novell does not convey to SCO the associated copyrights.
We believe it unlikely that SCO can demonstrate that it has any
ownership interest whatsoever in those copyrights.
According to Novell, all of SCO's attempts to sell "Linux licenses," and the lawsuit too, were built on a false foundation. SCO was suing over copyrights it did not even own. An interesting little detail that came out later on was that Novell, in selling the Unix licensing business to the Santa Cruz Operation ("old SCO"), had retained the right to waive any claims against Unix licensees; Novell proceeded to exercise that right by requiring SCO to drop its claims against IBM. SCO, of course, responded by suing Novell. Over the years, the suit grew into a complicated mess of claims and counterclaims upon which was built a series of motions for summary judgments. On August 11, the court, under Judge Dale Kimball, ruled on those motions [PDF]. The result was almost certainly the end of the SCO saga. In short, Judge Kimball ruled on several issues:
This judgment changes the entire game. Much of SCO's case against IBM is now gone - before IBM really even got a chance to defend itself. There has been no copying of SCO's "valuable intellectual property" - it would appear that SCO does not have much of that. SCO's claims that IBM had violated its Unix license agreements have always been tenuous, but they may now become moot, since Novell has exercised its now-clear right to waive any claims based on that agreement. SCO might still be able to push forward its claims that IBM treated it badly with regard to the Monterey initiative. That's far removed from the $5 billion jackpot the company had gone for, though - and it is totally irrelevant to the Linux community. It is worth remembering that there is a large pile of summary judgment motions pending in SCO v. IBM as well - and that they are before the same judge. It makes sense for Judge Kimball to have resolved the copyright ownership issue first. But the IBM motions have been outstanding for many months and are due for action. What happens there will be interesting; Judge Kimball may settle or moot many of them based on the Novell ruling. That would be a welcome result, but it would fail to provide a definitive answer to some interesting questions - like whether the Unix license agreements, prior to being waived by Novell, truly prohibited IBM from contributing work like read-copy-update or the JFS filesystem to Linux. Even so, IBM has some interesting motions - the GPL violation charges, for example - which will still need to be resolved in their own merits. SCO might just file an appeal as an attempt to stay any judgments which would bring an end to the IBM case. It is hard to see such an appeal as anything more than (yet another) delaying tactic, though. Given that SCO's lawyers have already seen all the revenue they will earn from this case, their enthusiasm for such a course might just be a little bit low. Meanwhile, Red Hat had filed suit in August, 2003, seeking to clear the title to its own products and to put an end to the SCO campaign. That case was put on hold pending the results of the IBM case. If Red Hat wanted to, it would appear that a case could now be made for moving that suit forward: Red Hat's products clearly are not infringing upon any intellectual property rights that SCO might own. At this point, though, that would be mostly an exercise in tying up loose ends. Few people have worried about the propriety of the Linux code base for some time, and SCO's anti-Linux campaign was effectively stopped some time ago. It may take a while to see where all the pieces land, but the SCO affair is, for all practical purposes, over. We, the Linux community, were incredibly lucky here, as painful and expensive as this whole series of events was. Given the success of Linux, it was certain that somebody, somewhere, was going to try to make a grab for it. What happened was that we were attacked by an opponent which was so inept, so lacking in any sort of real cause, and so misguided in its choice of targets that we would have been hard-put to lose. In the process, we took a hard look at where our code comes from, found that we have what must be one of the most legitimate code bases around, and tightened up our procedures anyway. The chances of there being another copyright-based attack of any note have dropped to almost zero. SCO has left us stronger than we were before. As we put the SCO case behind us, there remains one interesting question: now that Novell is unquestionably the owner of the Unix copyrights, what will it do with them? The commercial value of those copyrights must be near zero at this point - Linux and the BSDs have free code which is better. About the only value left is FUD value - and the SCO case has shown that those copyrights are not worth much in that area either. Still, Novell could provide a more than fitting end to this episode, and perhaps begin to rebuild its standing in the free software community, by releasing the Unix code under a free license - probably a permissive license - and closing the proprietary Unix era forevermore.
Getting started with GitNew jobs always come with learning "opportunities"; this one was no different in that respect. Once this long-time vi bigot learned enough emacs to create a daily security update, the big learning challenge was Git. I have used many different revision control systems along the way, starting with sccs, through RCS and CVS, to subversion – and a dash of mercurial. Git is fundamentally different than all of those – though mercurial is close – its learning curve is steep, its usage model is radically different. One of the major differences is that Git is a distributed revision (or version) control system, while most of the others are centralized. In a distributed system there is no central repository that everyone uses to put their changes into, there are, instead, numerous repositories, each residing on a developer's machine. Typically, those developer repositories have been "cloned" from a master repository somewhere. Each developer then owns their repository; they can make changes, commit them, make branches, tag releases, etc. – all without ever contacting the master repository. When they are ready to share their changes, they either "push" them into a repository, or, more likely, ask a repository owner to "pull" changes from a specific branch of their repository. Another reason for the steep learning curve is that Git started out as a fairly low-level tool, just providing the "plumbing" for version control. The intent was to add more user-friendly interfaces to the plumbing, so-called porcelain, as time went on. As Git matured, the porcelain has moved in with the plumbing, so the core Git package has had many of the rough edges filed off, but it is still lower-level than most other revision control systems. In my Git learning journey, I found a number of helpful sites, that can help get users up to speed rather quickly. For users who want to learn Git so they can look at Linux kernel source, the best starting point is Jeff Garzik's "The Kernel Hackers' Guide to Git". It provides a quick overview of the commands needed to grab a copy of Linus's kernel tree, make branches from it, commit to it, and keep it up to date. The main missing piece is on using tags, which is how different versions of the kernel are represented in the repository. If managing a project with Git is in the cards, the right starting point is: "A tutorial introduction to git". This covers the basics of setting up a repository to hold a project and importing the project's code. It also has sections on many of the tasks that a repository user will need to commit their changes, create branches for parallel lines of development, follow the history of changes, and collaborate with others. The second part of the tutorial covers some of the internal workings of Git: the object database and the index file. Those coming to Git from another version control system may want to look at the tutorials specific to their tool. CVS and subversion have their own tutorials, each geared towards users converting from those centralized version control systems. The "git for CVS users" page is a bit terse, often referring to the tutorial above, but it does provide some of the basics a CVS user will need. The "Git - SVN Crash Course" on the other hand is fairly in-depth coverage, presenting the exact Git equivalents for a large number of svn commands and concepts. Once the basics have been mastered, it is time for the serious reference material, which is where the Git User's Manual comes into play. It contains multiple chapters covering every facet of Git, including a detailed look at the internals of Git, its storage formats and the like. When trying to do something more complicated than is covered in the narrowly focused tutorials, the User's Manual is the place to go. Git commands are typically invoked from the command line as subcommands of the git command: git commit for example. When trying to track down the most serious reference material of all, though, using an alternate syntax to refer to the Git subcommands is required: man git-commit for example. From the command line, man git is a good starting point; the same information, with nice clicky links, is also available here. With these reference materials at hand, it should be fairly straightforward to get up and running with Git. For me, at least, there is still a lot to learn, but with these sites available, I am mastering more of it each time I dive in. If still more information is needed, the GitWiki and its documentation page are the next places to try.
Security Exploiting races in system call wrappersA technique that is often used by security software, and has historically been a source of security holes, has once again been shown to be exploitable on many systems. Research recently presented by Robert N.M. Watson at the USENIX Workshop on Offensive Technologies (WOOT07) demonstrates race conditions in software that uses "system call wrapping" (or "hooking"). The race conditions can be exploited to circumvent the protections that the software is supposed to provide. Well behaved Linux software is not vulnerable, but other free operating systems do allow, and even encourage, the practice. There are several different ways to implement wrappers, but at the core, they are kernel code that intercepts system calls from all applications, running their own code before and after the real system call. The wrapper code can see and modify all of the arguments being passed to and from the system call. This technique can be used to enforce various policies on the use of the system calls, denying or sharply restricting access. Logging, for audit trail purposes, all system call activity is another way the wrappers could be used. Anti-virus or intrusion detection and prevention are the kinds of applications that use system call wrapping. Intercepting all calls to open(), for example, checking the file for viruses or illegal access and if so, returning an error, are the kinds of tasks that system call wrappers are used for. Notable users of system call wrappers are the OpenBSD and NetBSD Systrace facility, the Generic Software Wrappers Toolkit and the CerbNG firewall for FreeBSD. Thus, intercepting system calls is a technique that is useful, but not without hazards. These recent vulnerabilities are endemic to the technique, not tied to a specific implementation. They exploit that bugaboo of system programmers everywhere: the race condition. Specifically, they are time-of-check-to-time-of-use (TOCTTOU) or other, similar, bugs. A TOCTTOU exploit abuses the gap in time between the test for a condition and the use of an object that passes the test. If the object is changed in that gap, the restrictions that were supposed to be enforced by the test can be bypassed. The classic example is a setuid() program that tests a file for legal access by the real user before opening it. If the user replaces the file with a symlink to a file they can't legally access after the test, but before the open(), they have circumvented the security check. Two similar race conditions have been identified for applications using system call wrappers: time-of-audit-to-time-of-use (TOATTOU) and time-of-replacement-to-time-of-use (TORTTOU). In both cases, the data that gets passed to the system call is manipulated. For TOATTOU, it is done to obscure the data from any auditing or logging that might be done, covering the tracks of an exploit from an intrusion detection application for example. In the TORTTOU case, if the data passed into the system call is changed by the wrapper, to implement "jail" functionality for instance, the exploit changes it back before the system call is made. In his paper, "Exploiting Concurrency Vulnerabilities in System Call Wrappers" (PDF), Watson shows techniques to reliably exploit the race conditions in a variety of packages that use system call wrappers. On both single and multi-processor systems, mechanisms were found to exploit the time gap – because system calls, especially with wrappers, are not atomic operations. For single processor systems, one of his examples used data that had its last byte on a swapped-out page. While the kernel is sleeping, awaiting the page to be swapped in, another process can change the data that has already been read. For multiprocessor systems, the windows are typically smaller, but it is not necessary to arrange for the kernel to sleep, a thread on a different processor can be used to alter the data. The main problem in that case is synchronizing with the kernel process so that the exploit knows when to change the data. Watson found several synchronization methods, one very simple one just spins waiting for the data to change and changes it back, effecting a TORTTOU exploit. For these and other reasons, Linux does not export its system call table and actively discourages programmers from taking this approach. There are no real solutions to the problems Watson has identified unless the system call wrapping technique is abandoned. The two solutions he has suggested are either moving to a "message passing" architecture for system calls or to integrate the security checks into the kernel itself. He specifically mentions the Linux Security Modules approach as one that alleviates the system call wrapper race. It is unfortunate that there are still many uses of system call wrapping in today's free operating systems. While the specific problems that Watson describes may not have been known, wrappers as a source of security bugs certainly have been. It is a seductive technique, one that seems simple to implement and foolproof, but it is clearly fraught with peril. The BSD family needs to find other ways to implement their security applications as do any Linux vendors who have ignored the kernel developers and continued to use the wrapping technique.
New vulnerabilities dovecot: privilege escalation
libarchive: pax extension header vulnerabilities
qtpfsgui: arbitrary code execution
squirrelmail: arbitrary code execution
terminal: arbitrary code execution
xvid: array indexing vulnerabilities
Updated vulnerabilities acroread: multiple vulnerabilities
apache2: information disclosure
apache: multiple vulnerabilities
apache: cross-site scripting
Asterisk: two SIP denial of service vulnerabilities
avahi: denial of service
bind: DNS cache poisoning
bochs: buffer overflow
bugzilla: multiple vulnerabilities
centericq: buffer overflows
clamav: denial of service
cpio: arbitrary code execution
vixie-cron: privilege escalation
cscope: buffer overflows
cscope: buffer overflows
cups: denial of service
gpdf: integer overflow
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
dovecot: directory traversal
elinks: code execution
elinks: arbitrary file access
emacs21: denial of service
evolution: format string error
evolution-data-server: malicious server arbitrary code execution
pop mail man-in-the-middle attacks
file: integer overflow
firebird: buffer overflow
firefox: multiple vulnerabilities
firefox: multiple vulnerabilities
firefox, thunderbird, seamonkey: multiple vulnerabilities
flac123: arbitrary code execution
flash-plugin: input validation flaw
freetype: arbitrary code execution
freetype: integer overflows
gcc: file overwrite vulnerability
gd: buffer overflow
gd: multiple vulnerabilities
gd: denial of service
gdm: denial of service
gedit: format string vulnerability
gimp: multiple vulnerabilities
gimp: integer overflows
grip: buffer overflow
gzip: multiple vulnerabilities
HelixPlayer: arbitrary code execution
horde-kronolith: local file inclusion
ImageMagick: integer overflows
imlib2: arbitrary code execution
ipsec-tools: denial of service
jasper: denial of service
java: multiple vulnerabilities
java-1.5.0-sun: multiple vulnerabilities
kdebase: information leak
kdelibs: kate backup file permission leak
kdelibs: cross-site scripting
kernel: denial of service
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
kernel: denial of service
kernel: denial of service
kernel: denial of service
kernel: denial of service by memory consumption
kernel: denial of service
kernel: several vulnerabilities
kernel: signal handling flaw on PPC
kernel: several vulnerabilities
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
krb5: multiple vulnerabilities
krb5: uninitialized pointers
krb5: local privilege escalation
krb5: multiple vulnerabilities
ktorrent: incorrect validation
lftp: shell command execution
libexif: integer overflow
libgtop2: buffer overflow
libmodplug: boundary errors
libphp-phpmailer: command execution
libpng: denial of service
libpng: buffer overflow
libpng: heap based buffer overflow
libtiff: buffer overflow
libvorbis: multiple memory corruption flaws
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lighttpd: denial of service
lookup-el: insecure temporary file
lynx: arbitrary command execution
mediawiki: cross-site scripting
mod_jk: proxy bypass
moin: arbitrary JavaScript execution
moodle: cross-site scripting
mplayer: buffer overflow
mydns: buffer overflows
mysql: denial of service
mysql: format string bug
MySQL: privilege violations
mysql: multiple vulnerabilities
MySQL: logging bypass
nbd: arbitrary code execution
nginx: cross site scripting
OpenOffice.org: arbitrary code execution
OpenSSH: denial of service
openssh: remote denial of service
openssl: private key attack
pam: privilege escalation
perl-Net-DNS: predictable id sequence
php: multiple vulnerabilities
php: several vulnerabilities
php: multiple vulnerabilities
php: buffer overflows
phpbb2: missing input sanitizing
phpbb2: multiple vulnerabilities
phpPgAdmin: cross-site scripting
phpwiki: remote code execution
pptpd: denial of service
proftpd: authentication bypass
pulseaudio: denial of service
python: information disclosure
qemu: multiple vulnerabilities
qt: arbitrary code execution
qt: "/../" injection
quake: buffer overflow
redhat-cluster-suite: denial of service
rpm: arbitrary code execution
snort: remote arbitrary code execution
Sun JDK/JRE: multiple vulnerabilities
tcpdump: integer overflow
tcpdump: denial of service
tetex: buffer overflow
tomcat: directory traversal
tomcat: cross-site scripting
vim: arbitrary code execution
vixie-cron: weak permissions may cause errors
vlc: several vulnerabilities
wireshark: multiple vulnerabilities
XFree86 X.org: integer overflows
xfsdump: insecure temp dir
xine: format string vulnerabilities
xine-lib: arbitrary code execution
xine-lib: buffer overflow
xinit: race condition
xmms: BMP handling vulnerability
X.org: temp file vulnerability
xpdf: bounds checking issues
zziplib: buffer overflow
Page editor: Jake Edge Kernel development Brief items Kernel release statusThe current 2.6 prepatch is 2.6.23-rc3, released by Linus on August 12. "Either people really are calming down, and figuring out that we're in the stabilization phase, or it's just that it's the middle of August, and most everybody at least in Europe are off on vacation." The changes are mostly limited to fixes; see the long-format changelog for the details.As of this writing, a few dozen post-rc3 fixes have been merged into the mainline repository. The current -mm tree is 2.6.23-rc2-mm2. Recent changes to -mm include a new e1000 network driver, a bunch of IDE updates, and support for NUMA nodes with no memory. The current stable 2.6 kernel is 2.6.22.3, released on August 15. It contains several fixes, one of which is security-related. 2.6.22.2, containing a rather larger set of fixes, was released on August 9. For older kernels: Willy Tarreau has announced his intention to put together "a few more" 2.6.20 stable updates. The first of those is due almost any time. 2.4.35.1 was released on August 15. It contains some build fixes and one security patch.
Kernel development news Smarter write throttlingWhenever a process performs a normal, buffered write() to a file, it ends up creating one or more dirty pages in memory. Those pages must eventually be written to disk. Until the data moves to persistent storage, the pages of memory it occupies cannot be used for any other purpose, even if the original writing process, as is often the case, no longer needs them. It is important to prevent dirty pages from filling too much of the system's memory; should the dirty pages take over, the system will find itself under severe memory pressure, and may not even have enough memory to perform the necessary writes and free more pages. Avoiding this situation is not entirely easy, though.As a general rule, software can create dirty pages more quickly than storage devices can absorb them. So various mechanisms must be put in place to keep the number of dirty pages at a manageable level. One of those mechanisms is a simple form of write throttling. Whenever a process dirties some pages, the kernel checks to see if the total number of dirty pages in the system has gotten too high. If so, the offending process is forced to do some community service by writing pages to disk for a while. Throttling things in this way has two useful effects: dirty pages get written to disk (and thus cleaned), and the process stops making more dirty pages for a little while. This mechanism is not perfect, however. The process which gets snared by the global dirty pages threshold may not be the one which actually dirtied most of those pages; in this case, the innocent process gets put to work while the real culprit continues making messes. If the bulk of the dirty pages must all be written to a single device, it might not be beneficial to throttle processes working with files on other disks - the result could be that traffic for one disk essentially starves the others which could, otherwise, be performing useful work. Overall, the use of a single global threshold can lead to significant starvation of both processes and devices. It can get worse than that, even. Consider what happens when block devices are stacked - a simple LVM or MD device built on top of one or more physical drives, for example. A lot of I/O through the LVM level could create large numbers of dirty pages destined for the physical device. Should things hit the dirty thresholds at the LVM level, however, the process could block before the physical drive starts writeback. In the worst case, the end result here is a hard deadlock of the system - and that is not generally the sort of reliability that users expect of their systems. Peter Zijlstra has been working on a solution in the form of the per-device write throttling patch set. The core idea is quite simple: rather than use a single, global dirty threshold, each backing device gets its own threshold. Whenever pages are dirtied, the number of dirty pages which are destined for the same device is examined, and the process is throttled if its specific device has too many dirty pages outstanding. No single device, then, is allowed to be the destination for too large a proportion of the dirty pages. Determining what "too large" is can be a bit of a challenge, though. One could just divide the global limit equally among all block devices on the system, but the end result would be far from optimal. Some devices may have a great deal of activity on them at any given time, while others are idle. One device might be a local, high-speed disk, while another is NFS-mounted over a GPRS link. In either case, one can easily argue that the system will perform better if the faster, more heavily-used devices get a larger share of memory than slow, idle devices. To make things work that way, Peter has created a "floating proportions" library. In an efficient, mostly per-CPU manner, this library can track events by source and answer questions about what percentage of the total is coming from each source. In the writeback throttling patch, this library is used to count the number of page writeback completions coming from each device. So devices which are able to complete writeback more quickly will get a larger portion of the dirty-page quota. Devices which are generally more active will also have a higher threshold. The patch as described so far still does not solve the problem of one user filling memory with dirty pages to the exclusion of others - especially if users are contending for the bandwidth of a single device. There is another part of the patch, however, which tries to address this issue. A different set of proportion counters is used to track how many pages are being dirtied by each task. When a page is dirtied and the system goes to calculate the dirty threshold for the associated device, that threshold is reduced proportionately to the task's contribution to the pile of dirty pages. So a process which is producing large numbers of dirty pages will be throttled sooner than other processes which are more restrained. This patch is in its eighth revision, and there has not been a lot of criticism this time around. Linus's response was:
Ok, the patches certainly look pretty enough, and you fixed the
only thing I complained about last time (naming), so as far as I'm
concerned it's now just a matter of whether it *works* or not. I
guess being in -mm will help somewhat, but it would be good to have
people with several disks etc actively test this out.
The number of reports so far has been small, but some testers have said that this patch makes their systems work better. It was recently removed from -mm "due to crashiness," though, so there are some nagging issues to be taken care of yet. In the longer term, the chances of it getting in could be said to be fairly good - but, with memory management patches like this, one never knows for sure.
timerfd() and system call reviewOne of the fundamental principles of Linux kernel development is that user-space interfaces are set in stone. Once an API has been made available to user space, it must, for all practical purposes, be supported (without breaking applications) indefinitely. There have been times when this rule has been broken, but, even in the areas known for trouble (sysfs, for example), the number of times that the user-space API has been broken has remained relatively small.Now consider the timerfd() system call, which was added to the 2.6.22 kernel. The purpose of this call is to allow an application to obtain a file descriptor to use with timer events, eliminating the need to use signals. The system call prototype, as found in 2.6.22, is:
long timerfd(int fd, int clockid, int flags, struct itimerspec *utimer);
If fd is -1, a new timer file descriptor will be created and returned to the application. Otherwise, a timer will be set using the given clockid for the time specified in utimer. The TFD_TIMER_ABSTIME flag can be set to indicate that an absolute timer expiration is needed; otherwise the specified time is relative to the current time. The flags argument can also be used to request a repeating timer. There is another aspect to the timerfd() API, though: a read on the timer file descriptor will return an integer value saying how many times the timer has fired since the previous read. If no timer expirations have happened, the read() call will block. In the 2.6.22 kernel, the returned value was 32 bits (on all architectures). It has since been decided that a 64-bit value would have been more appropriate, and a patch making that change has been merged for 2.6.23. The 2.6.22.2 stable update also contained the API change. That is not the full story, though. Michael Kerrisk, while writing manual pages for the new system call, encountered a couple of other shortcomings with the interface. In particular, it is not possible to ask the system for the amount of time remaining on a timer. Other timer-related system calls allow for this sort of query, either as a separate operation or when changing a timer. Michael thought that the timerfd() system call should work similarly to those which came before. Michael has now posted a patch fixing up the timerfd() interface. With this patch, the system call would now look like this:
long timerfd(int fd, int clockid, int flags, struct itimerspec *utimer,
struct itimerspec *outmr);
The new outmr pointer must be NULL when the file descriptor is first being created. In any other context, it will be used to return the amount of time remaining at any timerfd() call. So user space can query a timer non-destructively by calling timerfd() with a NULL value for utimer. If both timer pointers are non-NULL, the timer will be set to utimer, with its previous value being returned in outmr. This is, of course, an entirely incompatible change to an API which has already been exported to user space; any code which is using timerfd() now will break if it is merged. By the rules, such a change should not be merged, but it appears that there is a good chance that the rules will be bent this time around. One can argue that, in a real sense, the API has not yet been made available to user space: there has been no glibc release which supports timerfd(). The number of applications using this system call must be quite low - if, in fact, there are any at all. So a change at this point, especially if it can get into 2.6.23, will improve the interface without actually causing any user-space pain. Fixing timerfd() might still be possible. But there is no denying that we would be better off if we could eliminate this kind of API problem before it gets into a stable kernel release and possibly has to be supported for many years. Therein lies the real problem: system calls (and other user-space API features) are being added to the kernel at a high rate, but review of these changes tends to lag behind. Given the difficulty of fixing user-space API mistakes, it would seem that the review standards for API additions should be especially high. Causing that to happen will not be easy, though; reviewer attention is a scarce resource throughout the free software community. An idea which has been raised in the past is to explicitly mark new user-space interfaces as being in a volatile "beta" state. For as long as the API remains in that state, the kernel developers are free to change it. Applications would, during this period, rely in the API at their peril. This idea has been rejected in the past, though; it is seen as a way of avoid proper thought ahead of merging a new API into the kernel. Assuming that view still holds, another way will have to be found. One part of the solution might well be seen in how the timerfd() problems came to light. Michael has demonstrated something your editor has also encountered a number of times: one of the best ways to find shortcomings in an API is to attempt to document it comprehensively. If the kernel community were to resolve that it would not merge user-space API features in the absence of complete documentation, it might just provide the necessary incentive to get that last review pass done. This idea seems likely to come up at next month's kernel summit (for which a preliminary agenda has just been posted). How it will be received is anybody's guess; writing documentation appears to be a task so challenging that even kernel hackers fear to try it. This challenge may be worth taking up, though, if the reward is few long-lasting user-space API problems in the future.
Kernel markersLWN's recent look at SystemTap noted that the patch set currently lacks a set of static probe points like that provided with DTrace. There are a few reasons for this difference. For example, the rate of change of the kernel code base would make the maintenance of a large set of probe points difficult, especially given that developers working on many parts of the code might not be particularly aware of - or concerned about - those points. But there is also the simple fact that the Linux kernel has no built-in mechanism for the creation of static probe points in the first place.There is, naturally, a patch which makes the creation of probe points possible; it is called Linux kernel markers. This patch has been under development for some years. Its path into the mainline has been relatively rough, but there are signs that the worst of the roadblocks have been overcome. So perhaps a quick look at this patch is called for. With kernel markers, the placement of a probe point is easy:
#include <linux/marker.h>
trace_mark(name, format_string, ...);
The name is a unique identifier which is used to access the probe; the documentation recommends a subsystem_event format, describing the subsystem in which the probe is found and the event which is being traced. For example: in a part of the patch which instruments the block subsystem, a probe placed in elv_insert(), which inserts a request into its proper location in the queue, is named blk_request_insert. The format string describes the remaining arguments, each of which will be some variable of interest at the time the trace point is hit. Code which wants to hook into a trace point must call:
int marker_probe_register(const char *name, const char *format,
marker_probe_func *probe, void *pdata);
Here, name is the name of the trace point, format is the format string describing the expected parameters from the trace point (it must match the format string provided when the trace point was established), probe() is the function to call when the trace point is hit, and pdata is a private data value to pass to probe(). The probe() function will have this prototype:
void (*probe)(const struct __mark_marker *mdata, void *pdata,
const char *format, ...);
The mdata structure includes the name of the trace point, if need be, along with a formatted version of the arguments. The arguments themselves are passed after the format string. Registration of a marker does not, yet, set up the probe() function to be called. First, the marker must be armed with:
int marker_arm(const char *name);
Once the marker has been armed, probe() will be called every time execution arrives at the given trace point. When probe points are no longer of interest, they can be shut down with:
int marker_disarm(const char *name);
void marker_probe_unregister(const char *name);
Calls to marker_arm() will nest - if a given marker has been armed three times, then three marker_disarm() calls will be required to turn it off again. Internally, there are a lot of details to the management of markers. The code at the actual trace point, in the end, looks much like one would expect:
if (marker_is_armed) {
preempt_disable();
(*probe)(...);
preempt_enable();
}
In reality, it is not quite so simple. Getting marker support into the kernel requires that the runtime impact of kernel markers be as close to zero as possible, especially when the marker is not armed. A common use case for markers is to investigate performance problems on systems running in production, so they have to be present in production kernels without causing performance problems themselves. Adding a test-and-jump operation to a kernel hot path will always be a hard sell; the cache effects of referencing a set of global marker state variables could also be significant. To get around this problem, the marker code comes with a separate patch called immediate values. In the architecture-independent implementation, an immediate value just looks like any other shared variable. The purpose of immediate values, though, is to provide variables with the assumption that they will be frequently read but infrequently changed, and that the read operations must have the lowest impact possible. So, in an architecture-specific implementation (which only exists for i386 at the moment), changing an immediate value actually patches any code which reads the value. To say that the details of doing this sort of patching safely are ugly would be to understate the point. But Mathieu Desnoyers has dealt with those details, and nobody else need look at the resulting code. Through the use of immediate values, the code inserted by trace_mark() can query the setting of a trace point without generating a memory reference at all; instead, that setting is stored directly in the inserted code. So there will be no potential for an expensive cache miss at the probe point. The patch also provides an immediate_if() construct which is intended to allow jumps to be patched directly into the code, eliminating the test altogether, but that functionality has not yet been implemented. Even without this feature, immediate values allow the creation of trace points whose runtime impact is very nearly zero, eliminating the most common objection to their existence. If and when this code is merged, the way will be clear for the creation of a set of well-defined trace points for utilities like SystemTap and LTTng. That, in turn, could make the internal operations of the kernel more visible to system administrators and others who are not necessarily well versed in how the kernel works. This sort of tracing ability has been on many users' wish lists for some time; they might just be, finally, getting close to having that wish fulfilled.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Architecture-specific
Security-related
Virtualization and containers
Page editor: Jonathan Corbet Distributions News and Editorials The anatomy of a Linux distributionThe anatomy of a Linux distribution is pretty simple. It is a distribution of packages that includes a Linux kernel, bundled together to work on a given piece of hardware. There are plenty of other kernels to choose from; BSD, Hurd, Solaris, etc.; and plenty of distributions that include a similar package set. For example, the GNOME desktop looks about the same on OpenSolaris as it does on Linux.The type of hardware may impose certain constraints. Embedded devices of all kinds run a Linux kernel, but the package set varies with the function of the device. Linux runs on a wide variety of hardware and the overall set of Linux kernels currently in use is quite large, as each distributor makes their own tweaks and twists to get the best performance on their hardware. Most people reading this article are using some type of desktop Linux. The most common hardware is x86, but there will be many readers using x86_64, PPC, or something else entirely. Still, the packages on the desktop will be similar. This is, perhaps, one reason why there are so many Linux distributions. That number continues to grow: over 300 on our list a couple of years ago, now it's over 500 on the list. Each one is unique in some way. Sure, they all have some type of Linux kernel, but there are older kernels and newer kernels, and kernels that support non-x86 hardware of all kinds. Some of these distributions are not maintained anymore, but the source code remains available and someone, somewhere may find it useful. It was and still is very common to take a particular distribution and modify it until it becomes a unique distribution. Red Hat Linux used to be a very common base distribution. Now the most common base is Debian, but there are also distributions based on Red Hat Enterprise Linux, Fedora and Ubuntu. Knoppix, the original live CD, was spawned from Debian and now has dozens of spin-offs, each with their set of packages. These days we are seeing a new explosion of custom distributions. Fedora has spins and Ubuntu has flavors. Anyway you look at it the tools to create a customized distribution are maturing and becoming more usable. While the total number of Linux distributions is not likely to shrink any time soon, we may start to see a few base distributions take over the customized desktop.
New Releases Linux From Scratch 6.3-rc2 release announcementLFS 6.3-rc2 has been released. You can see all that's new since the last release here.
Announcing openSUSE 10.3 Beta 1openSUSE 10.3 beta 1 is out. Click below for a list of important changes since alpha 7 and the most annoying bugs you might run into during testing. Live/install CD images are available, one with GNOME and one with KDE.
Ubuntu Gutsy Gibbon Tribe 4 releasedThe Ubuntu project has announced the availability of Gutsy Gibbon Tribe 4, a milestone CD image that will lead up to Ubuntu 7.10. "Tribe 4 is the fourth in a series of milestone CD images that will be released throughout the Gutsy development cycle. The Tribe images are known to be reasonably free of show-stopper CD build or installer bugs, while representing a very recent snapshot of Gutsy."
Distribution News Feature: Fedora Electronic LabChitlesh GOORAH has been working on packaging open source tools for electronic engineering on Fedora. By the time that Fedora 8 ships there should be enough for a fairly complete Fedora Electronic Lab.
reducing power usage of Fedora - how you can help!The Fedora project is taking a serious look at reducing power consumption. There are a few ways you may be able to help out. Click below to find out more.
Site for Chilean users of FedoraFedora users and enthusiasts in Chile have a new web site and local Yum mirror.
New Lunar screenshot/images website launchLunar Linux has launched a screen shots website so developers and users alike can show off their desktops.
Distribution Newsletters Fedora Weekly News Issue 100The Fedora Weekly News for August 6, 2007 looks at announcements on Virtual FudCon8 and Fedora 8 Test 1. Ask Fedora answers questions on Intel IP2200 Wireless in Fedora 7, Distribution Upgrades And Peripherals and Yum Reverse Dependency Removal. In Daily Package there are few good reviews on Qcad - Simple 2D CAD program, Gscan2pdf - Frontend for scanning utilities, Xephyr - New nested X server and Really Slick Screensavers. Also to celebrate the 100th issue, one lucky winner will receive "Fedora 7 Bible" by Christopher Negus. See the Extras Extras section for more information.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for July 30, 2007 covers NVIDIA Drivers update, Portato review, Planet Summer of Code 2007, GUADEC 2007, and several other topics.
Ubuntu Weekly Newsletter #52The Ubuntu Weekly Newsletter for August 11, 2007 covers the release of Tribe 4, promoting Ubuntu through the use of viral videos, progress of the US Loco Teams Project, security breaches in community hosted servers, and much much more.
DistroWatch Weekly, Issue 215The DistroWatch Weekly for August 13, 2007 is out. "It was a great week for all those who enjoy testing open source software; not only are all the major Linux distributions busy readying their upcoming releases, the two main desktop environments, GNOME and KDE, are also keeping us interested in their latest desktop innovations. The openSUSE project especially has been generating plenty of news; it has published an update to its online software installation service and has released a new openSUSE live CD set. To add to the growing presence of openSUSE in the headlines, we have asked Stephan Kulow, the new Project Manager who took over in the middle of July, a few questions about the distribution's future direction. Also in this issue: ex-Gentoo's Daniel Robbins talks about the Portage package manager and DragonFly BSD's Matthew Dillon defends the BSD licence."
Distribution meetings Meet the Fedora desktop teamThe Fedora desktop team will be holding regular public meetings on IRC every Wednesday. "We'd like to start holding regular public irc meetings -- "meet the desktop team", if you want. The official form in which this happens in Fedora is in a SIG, so we will form a "Desktop SIG" and invite interested members of the Fedora community to work with us on making the Fedora desktop spin the best desktop in its class."
First Ever Ubuntu Live Conference Brings Developers and Business TogetherDawn Applegate presents a wrap up of the Ubuntu Live conference that preceded OSCON. "Co-sponsored by Canonical, Ltd. and O'Reilly Media, Inc., this first year gathering was the key forum for developers, experts, established companies, and newcomers alike to exchange thoughts and knowledge about the world of Ubuntu. Keynote presentations included industry leaders such as Mark Shuttleworth, Stephen O'Grady, and Jeff Waugh. In the spirit of community, the keynote presentations included interactive Q&A sessions that allowed conference attendees direct contact with industry experts."
Newsletters and articles of interest Interview: Matthew Dillon (KernelTrap)Jeremy Andrews interviews Matthew Dillon, creator of DragonFly BSD. "In this interview, Matthew discusses his incentive for starting a new BSD project and briefly compares DragonFly to FreeBSD and the other BSD projects. He goes on to discuss the new features in today's DragonFly 1.10 release. He also offers an in-depth explanation of the project's cluster goals, including a thorough description of his ambitious new clustering filesystem. Finally, he reflects back on some of his earlier experiences with FreeBSD and Linux, and explains the importance of the BSD license."
Ubuntu tries to go LoCo in all 50 states (Linux.com)Linux.com looks at Ubuntu's Local Community (LoCo) teams in the United States. "The Ubuntu community is seeking to get approved Local Community (LoCo) teams in all 50 states in the US by the end of this year, and it's making impressive progress. A LoCo team is a local group of Ubuntu users who help promote the operating system in their local community."
Distribution reviews Sabayon Linux: Something for everyone (Linux.com)Linux.com reviews Sabayon Linux. "The Sabayon Linux live DVD distribution, based on the unstable branch of Gentoo Linux, has been in development for several years and caters to a wide variety of users. Having started out with a beautiful but mainstream appearance, it now boasts one of the most unique looks in Linux and more usability options than most other distros. The distribution offers premium open source games, accelerated desktop effects, a large and varied software suite, and several variations. Besides the full release, Sabayon also comes in a Business Edition and usually a Mini edition. With all it has to offer, Sabayon has something for everyone."
Page editor: Rebecca Sobol Development Buddi - Personal finance software for the rest of usBuddi is a cross-platform financial program that was written by Wyatt Olson. The project news shows the first beta release came out in May, 2006.![[Buddi]](/images/ns/buddi.png)
Buddi is a personal finance and budgeting program, aimed at those who have little or no financial background. In making this software, I have attempted to make things as simple as possible, while still retaining enough functions to satisfy most home users.
Buddi is released as Open Source Software.
Buddi will run on almost any computer which has a Java virtual machine installed. This can include Windows, Macintosh OS X, Linux, and many other operating systems.
Buddi is currently available in Dutch, English, French, German, Greek, Italian, Norwegian, Portuguese, Russian, and Spanish.
The feature list for Buddi includes:
See the online screenshots for a look at the software in action. More information on Buddi is available from the FAQ document. Buddi installation was trivial on an Ubuntu 7.04 system using the provided .deb package. Sun's Java Virtual Machine (at version 1.5 or higher) was a required dependency. Running the code the first time brought up a series of first-run screens, then the main control panel. There were some indications that the software is still a little young. The help menu pulldown just listed the Ctrl+Shift+H command that had to be typed in manually to get the appropriate browser screen to display. Adding information to the transaction windows was a bit rough at first, several of the form's fields had no title and attempts to enter data were initially rejected with somewhat cryptic messages. Referring to the online tutorial document cleared up most of the confusion. Once some data was entered, creating reports and graphs became fairly intuitive. Stable version 2.6 of Buddi was recently announced: "This includes numerous minor UI enhancements, which should make life a little easier for everyone. Note that the API has been upgraded to 2.6; this means that the old plugins will not work for you anymore. I have released all stable plugins in the Buddi Plugins repository for 2.6 format". Financial software is often cited as an application space that is lacking for Linux, Buddi should help to fill that vacancy. The software is already useful enough for basic finance tracking, hopefully as the code matures, it will become a bit easier to use. Buddi downloads are available in .jar format for all platforms, and as packages for Debian/Ubuntu systems. Give it a try.
System Applications Clusters and Grids UNICORE 6.0 available (SourceForge)Version 6.0 of UNICORE is available. " UNICORE (Uniform Interface to Computing Resources) offers a ready-to-run Grid system including client and server software. UNICORE makes distributed computing and data resources available in a seamless and secure way through intranets and internet. The UNICORE team is proud to announce the availability of UNICORE 6.0, the latest, WSRF based implementation of the UNICORE Grid middleware."
Database Software PostgreSQL Weekly NewsThe August 12, 2007 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
SQLite version 3.4.2 announcedVersion 3.4.2 of SQLite, a light weight DBMS, is out. "While stress-testing the soft_heap_limit feature, a bug that could lead to database corruption was discovered and fixed. Though the consequences of this bug are severe, the chances of hitting it in a typical application are remote. Upgrading is recommended only if you use the sqlite3_soft_heap_limit interface."
Mail Software Apache SpamAssassin 3.2.3 is availableVersion 3.2.3 of Apache SpamAssassin, an email filter, has been announced. "3.2.3 is a major bug-fix release."
Networking Tools GNU SASL 0.2.19 (alpha) releasedAlpha version 0.2.19 of GNU SASL has been announced. "GNU SASL is a library that implements the IETF Simple Authentication and Security Layer (SASL) framework and some SASL mechanisms. SASL is used in network servers (e.g. IMAP, SMTP, etc.) to authentication peers, and can also integrity and privacy."
Printing Common UNIX Printing System 1.3.0 announcedVersion 1.3.0 of the Common UNIX Printing System (CUPS) has been announced. "CUPS 1.3.0 is the first stable feature release in the 1.3.x series and includes over 30 new features and changes since CUPS 1.2.12, including Kerberos authentication, DNS-SD/Bonjour/Zeroconf support, improved on-line help, and localized printer drivers."
Security Snare for Linux 1.2 released (SourceForge)Version 1.2 of Snare for Linux has been announced. "SNARE (System iNtrusion Analysis and Reporting Environment) is a series of log collection agents that facilitate centralised analysis of audit log data. Agents are available for Linux, Windows, Solaris, IIS, Lotus Notes, Irix, AIX, ISA/IIS + more. Finally, we have one package for the Snare for Linux agent! 32 and 64 bit RPMS are available for download with a number of updates and improvements".
Web Site Development KnowledgeTree OSS STABLE 3.4.2 is now available (SourceForge)Stable version 3.4.2 of KnowledgeTree, a document management system, has been announced. "This is a bugfix release that mainly addresses some webservices and XSS issues as well as several smaller issues related to i18n and issues created by the XSS fixes".
LimeSurvey 1.50 released (SourceForge)Version 1.50 of LimeSurvey, a PHP-based web application that allows you to develop and publish online multi-question multi-lingual surveys, is out. "The LimeSurvey development-team is very proud to announce the new stable version 1.50. The worldwide team of about seventeen developers and translators around project leader Carsten Schmitz invested over one year in developing and testing this new version of the currently most used open source survey system. The software, which was previously named PHPSurveyor and renamed May 2007 to LimeSurvey, has been improved a lot and many new wanted features have been added."
Smartweb Test 1.0.1 (stable) released (SourceForge)Stable version 1.0.1 of the SmartWeb framework has been announced. "The SmartWeb framework is targeted to support rapid development of simple to complex web applications, leading to development of clean and stable code. It's builded over consolidated open source frameworks and features the most useful design patterns."
Django RoundupThe August 12, 2007 edition of the Django Roundup covers the latest news from the Django web platform.
Desktop Applications Audio Applications Ardour 2.0.5 releasedVersion 2.0.5 of Ardour, a multi-track audio editor, is out. "As we grow nearer to the dog days of the northern hemisphere's summer, we bring you Ardour 2.0.5 ( DMG available), a fixup release coming after various issues were discovered on OS X while preparing a package of 2.0.4." See the release notes for more information.
Ecasound 2.4.6 releasedVersion 2.4.6 of Ecasound, a multi-track audio recorder and sound file modification tool, is out with the following changes: "Ability to specify a custom configuration resource file has been added. Several long-standing bugs have been fixed. The licensing of rubyecasound has been changed." See the release notes for the full announcement.
Mammut V0.60 and Snd-ls V0.9.8.1_betaMammut version 0.60, an audio FFT application and Snd-ls 0.9.8.1 beta, a sound editor, have been announced. Both feature bug fixes and other improvements.
Business Applications JasperReports 2.0.0 released (SourceForge)Version 2.0.0 of JasperReports is out. "JasperReports, the market leading open source business intelligence and reporting engine. This project is being moved to http://www.jasperforge.org/. This project is the home for all things Jasper, Reports, Analysis, Server, and Intelligence."
Desktop Environments Compiz Fusion Release 0.5.2 is outRelease 0.5.2 of Compiz Fusion has been announced. "This is the first development release of Compiz Fusion, the result of more than six months of work and polish. The first stable release, 0.6.0, will follow after the Compiz 0.6.0 release. Compiz Fusion is the result of a merge between the Compiz community plugin set "Compiz Extras" and the parts of the Beryl project that are independent of the window manager core. The two communities have re-united to create a user experience for Linux that rivals anything available on other platforms."
GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Xorg Software AnnouncementsThe following new Xorg software has been announced this week:
Games FreeCol 0.7.1 released (SourceForge)Version 0.7.1 of FreeCol has been announced. "FreeCol is an open version of the turn based strategy game Colonization. This release fixes the bug causing native units to be frozen on the mapboard."
G3D 7.00 Engine released (SourceForge)Version 7.00 of the G3D engine, a C++ 3D graphics library for game developers, researchers, and students, has been announced. "Version 7.00 of the G3D engine is a complete graphics solution for building 3D games and simulators. It contains powerful features like a skinnable GUI, loading of many popular 3D model formats, and hardware shaders. G3D is used at many top universities including Brown University and Williams College, and has appeared in several commercial games."
Interoperability Wine 0.9.43 releasedRelease 0.9.43 of Wine has been announced. Changes include: Direct3D support on top of WGL instead of GLX for better portability, Many DirectSound fixes, Still more gdiplus functions, Many crypt32 improvements and Lots of bug fixes.
Music Applications nova 0.1 releasedVersion 0.1 of nova, a computer music system with a dataflow syntax, has been released. "Compared to earlier releases, few new features have been added, but quite a number of bugs have been fixed and some architectural changes have been made to gain some performance."
PHASEX 0.11.1 announcedVersion 0.11.1 of PHASEX, an experimental software synthesizer, is out. "PHASEX-0.11.1 contains fixes for the segfault issues some users have seen with version 0.11.0. Special thanks goes to Adam Sampson for tracking this down, and to the rest of you who sent in bug reports. Upgrading to 0.11.1 is recommended for all users, since it appears that this bug will corrupt memory used by the synth engine even if it doesn't trigger a segfault."
Digital Photography UFRaw 0.12.1 releasedVersion 0.12.1 of UFRaw, a utility to read and manipulate raw images from digital cameras, is out. "This is just a bug correction version".
Science Jmol 11.2 released (SourceForge)Version 1.12 of Jmol, a Java molecular viewer for three-dimensional chemical structures, has been announced. "Jmol 11.2 introduces many new capabilities, including "flying" through the molecule in "navigation mode", internal (arbitrary plane) slabbing, surface cavity depiction, mapping of user-derived data onto surfaces, loading of files without replacing already-loaded files, variable translucency, the translating, rotating and inverting of selected atoms, the use of calculated mathematical values in all commands, and the writing of JVXL surface data directly to files."
Miscellaneous GPE 2.8 releasedVersion 2.8 of GPE for the Maemo Internet tablet has been announced. "The first stable release of GPE for the Maemo environment is now available. GPE for Maemo includes the following applications: gpe-calendar, gpe-contacts, gpe-todo, gpe-timesheet, gpe-filemanager, starling (audio player) and gpesyncd."
Languages and Tools C GCC 4.3.0 Status ReportThe August 9, 2007 status report for GCC 4.3.0 is online. "We entered Stage 2 on July 6th. I plan to put us into Stage 3 on September 10th. At that point, we will accept only bug-fixes -- no more new features until Stage 1 for GCC 4.4."
Ctalk 1.0.8 announcedStable version 1.0.8 of Ctalk has been announced. "Ctalk provides object oriented features, like classes, methods, and inheritance, to C programs. Programs can use only a few object oriented features, or they can be written almost completely with ctalk objects. Ctalk includes the ctalk interpreter, the C99 compliant preprocessor, ctpp, and the ctalk run time library, which provides objects and methods with support for run time events."
Python Spreading Python applications (Linux.com)Linux.com provides a mini-tutorial on distutils, the standard packaging tool for Python apps. "You have just written a fantastic and useful Python application, and you're ready to share it with the world. Distutils, a Python module that provides a standard way of distributing and installing Python apps, can help you simplify the process of installation."
Python-URL! - weekly Python news and linksThe August 13, 2007 edition of the Python-URL! is online with a new collection of Python article links.
Ruby Behavior Driven Development Using Ruby (Part 1) (O'ReillyNet)O'Reilly has published part one in a series on Behavior Driven Development with Ruby. "You've heard of Test Driven Development. You may have even heard of Model Driven Development. But now get ready to learn Behavior Driven Development, a methodology all about making sure that your code produces the right end results, rather than just executing correctly. Gregory Brown starts us on our way by showing us how to use RSpec in Ruby."
Tcl/Tk Tcl-URL! - weekly Tcl news and linksThe August 10, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.
Tcl-URL! - weekly Tcl news and linksThe August 15, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.
Page editor: Forrest Cook Linux in the news Recommended Reading Linus explains why open source works (Linux.com)Bruce Byfield talks with Linus Torvalds, on Linux.com. "Asked point-blank which is more important, sharing code or empowering users -- the declared goal of the free software champions whom Torvalds is routinely depicted as being in opposition with -- and his first response in what he calls "the usual Linus polite words" is "That's a really stupid question. Why do you put it as an 'either or' kind of concept?" He then goes on to explain that, because open source operates in the same manner as scientific query, and is a matter of enlightened self-interest, sharing code and empowering users "are not at odds at all" -- a view that, in the end, places him closer to the free software position than either free software or open source followers might care to admit."
Shuttleworth: Emerging consensus in favour of a unified document format standard?Mark Shuttleworth writes at length about the upcoming vote on Microsoft's OpenXML format as an ISO standard. "A vote of 'no OpenXML' is vote against multiple incompatible standards, and hence a vote in favour of unity.If the ISO vote is 'no', then there is every reason to expect that Microsoft will adopt ODF, and help to make that a better standard for everybody including themselves."
Trade Shows and Conferences Antivirus Tools Underperform When Tested in LinuxWorld 'Fight Club' (Dark Reading)Dark Reading covers an antivirus competition at LinuxWorld."'What's surprising about a test like this is how much difference there is between the antivirus products' performance,' says Dirk Morris, CTO and co-founder of Untangle. 'Some of the products you think will do well don't, and some of the lesser-known products, like open source tools, end up doing well.'"
Novell Calls For Standardized Certification Of Linux ISVs (InformationWeek)InformationWeek covers the LinuxWorld keynote speech by Novell's Ron Hovsepian. "Novell president and chief executive Ron Hovsepian on Wednesday called on the Linux community to develop a standard certification process for independent software vendors to ensure that applications run across the different distributions of the open source operating system. During his keynote at the LinuxWorld conference in San Francisco, Hovsepian said what drives customers' choice of either Linux or Windows comes down to the applications that run on the operating system. "Whether we like it or not, the application is what drives the final customer decision," he said. To drive more development on Linux, the community has to make it easier for ISVs to build software that can run across Linux distributions."
Linux Geeks Dust Nerds In Golden Penguin Trivia Bowl (CRN)CRN covers the LinuxWorld Golden Penguin Trivia Bowl. "As Barry Bonds smashed Hank Aaron's home run record Tuesday evening at AT&T Park, another great sporting triumph went down less than a mile to the north at Moscone Center, where a team of Linux Geeks vanquished a Nerd squad of Dell employees in LinuxWorld's annual trivia smackdown, the Golden Penguin Bowl. The three-man Team Geek sealed its victory and secured a trio of the coveted glass Golden Penguin statuettes by besting their rivals from Dell in two rounds of tech trivia, capped with a decisive bout of Robosapien sumo."
Vista Aiding Linux Desktop, Strategist Says (eWeek)eWeek covers a LinuxWorld talk on the Linux desktop by a Dell strategist. "Windows Vista has probably created the single biggest opportunity for the Linux desktop to take market share, Cole Crawford, an IT strategist at Dell, said in an address titled, "The Linux DesktopFact, FUD or Fantasy?" at the annual LinuxWorld Conference & Expo here. For example, a number of companies have moved back to Windows XP after deploying Vista, Crawford said, before quoting Scott Granneman, an author, entrepreneur and adjunct professor at Washington University in St. Louis, as saying, "To mess up a Linux box, you need to work at it; to mess up your Windows box, you just have to work on it.""
FOSS and the philosophers (Linux.com)Matt Butcher covers the North American Computers and Philosophy conference on Linux.com. "I used to think of myself as something of a rare bird -- a philosopher and software developer with a keen interest in the Free and Open Source Software (FOSS) movements. But as I discovered at last month's North American Computers and Philosophy (NA-CAP) conference in Chicago, there are many with similar interests. The conference, held at Loyola University Chicago, featured keynotes by Richard Stallman, of GNU fame, and philosopher Peter Suber, an advocate of the Open Access (OA) movement in scholarly journals. Academic philosophers and computer scientists from North America, Europe, and Africa traveled to Chicago to attend the conference and present their research."
The SCO Problem Court Rules: Novell owns the UNIX and UnixWare copyrights! (Groklaw)Groklaw has the news: one of the first big rulings in Novell v. SCO has come in, and Novell wins. In particular, Novell has been determined to be the owner of the Unix copyrights, and Novell has the right to waive claims against others (like IBM) based on that code. The full ruling [PDF] is available. Update: one of the (presumably many) interesting points in the ruling is that SCO owes Novell the bulk of the money it got from Sun and Microsoft. That's more money than SCO has now.
The SCO Group: we're not dead yetHere (by way of Groklaw) is the SCO Group's response to its loss in court last week. "Although the district judge ruled in Novell's favor on important issues, the case has not yet been fully vetted by the legal system and we will continue to explore our options with respect to how we move forward from here."
What's Left? - A Chart of the Summary Judgment Rulings in SCO v Novell (Groklaw)Groklaw charts the remaining claims in the SCO v. Novell case. "To help us get beyond just the overview, Feldegast has done a chart showing what the decision was on each summary judgment motion and what claim or counterclaim it connects to. I've put urls to the documents in his chart so we can connect the dots. And below the chart, I've made a list of what each claim or counterclaim is about. The chart is in the order that Judge Dale Kimball listed them in his conclusion."
Linux Goes Legit (WindowsITPro)Here's a brief WindowsITPro article giving a view of the Novell/SCO ruling from a Windows perspective. "But the big news here is that the uncertainty over Linux is no more. Linux is now legally legitimate and free from the worrisome cloud of legal exposure that existed for the previous four years. Suddenly, using Linux isn't troublesome anymore, at least from a legal standpoint. And all that Microsoft language over the past few years about indemnification and so forth suddenly sounds a bit trite, unless you're still worried that Microsoft will unleash a patent attack on the open-source community."
Companies Dell to Offer Inspirons With Linux in Europe (PC World)PC World notes that Dell plans to sell pre-installed Linux systems in Europe. "Following up on its Spring 07 announcement that it will ship Inspiron notebook and desktops with the Linux OS, Dell chose the LinuxWorld conference in San Francisco to add the United Kingdom, France, and Germany to its Linux stable of models. The Inspiron 1505n notebook and Inspiron 530n desktop will now both be offered with Ubuntu 7.04 Linux distribution installed at the factory."
MySQL ends distribution of Enterprise source tarballs (Linux.com)Linux.com reports on a change in the distribution of MySQL Enterprise Server source code. "MySQL quietly let slip that it would no longer be distributing the MySQL Enterprise Server source as a tarball, not quite a year after the company announced a split between its paid and free versions. While the Enterprise Server code is still under the GNU General Public License (GPL), MySQL is making it harder for non-customers to access the source code. Kaj Arnö, the company's vice president of community relations, wrote that the Enterprise tarballs "will be removed from ftp.mysql.com. These will move to enterprise.mysql.com, and will be available for our paying subscribers only.""
Legal Linux Foundation adds legal eagles (Linux-Watch)Linux-Watch reports that the Linux Foundation (LF) has hired two attorneys. "Once upon a time, the only thing Linux needed was great coders. That was a long time ago. Today, Linux needs excellent lawyers as well to navigate the 21st century's increasingly lawsuit-happy IT world. To address that concern, the LF (Linux Foundation) has added two top attorneys to its ranks. Last week, at LinuxWorld in San Francisco, LF, the nonprofit organization dedicated to accelerating the growth of Linux, announced that open-source licensing expert Karen Copenhaver and standards and consortium expert Andy Updegrove have joined the Foundation's legal team to provide leadership on legal issues affecting Linux."
Interviews People of openSUSE: Stephan KulowHere's a People of openSUSE interview with Stephan Kulow, release manager of the openSUSE distribution. "What do you think the future holds for the openSUSE project? I hope we can grow our community as we did in the past years. I envision an even stronger integration between community, distribution and users through the use of build service. This is a very strong tool. And who wouldn't want to have it's own kernel patch maintained by an automatic build service, so that if you update your distribution to the latest factory, you get a new kernel and your patch is still in there."
Resources How To Convert Songs From An Audio CD Into MP3/Ogg Files With K3b (HowtoForge)HowtoForge has published a tutorial on converting audio CDs to MP3 and Ogg files using K3b. "This guide describes how you can use the CD/DVD burning application K3b to convert songs from an audio CD into MP3 or Ogg files that you can use on your MP3 player, for example (if you choose the Ogg format, your MP3 player must support it)."
Is my hardware Linux-compatible? Find out here (Linux.com)Linux.com takes a look at choosing Linux compatible hardware. "Deciding whether a particular computer is a good candidate for installing GNU/Linux can involve a nightmare of details about hardware compatibility. Nor is assembling a custom computer on which to run GNU/Linux any easier. In both cases, you need to evaluate video cards, sound cards, printers, scanners, digital camera, wireless cards, and mobile devices for compatibility with the operating system. Fortunately, help is available."
Mono: A Progress Report (O'ReillyNet)Edd Dumbill discusses the state of the Mono project on O'Reilly's OnLamp site. "Mono has always been a bit of an outsider. Open source folks distrust it because it helps people use Microsoft technologies on non-Microsoft platforms. Microsoft people don't see the need for it. But this social outcast has been making steady progress and can offer a lot if you take the time to check it out."
Anatomy of the Linux networking stack (developerWorks)As seen on Slashdot, IBM developerWorks has an overview of the Linux networking stack. "Practically speaking, the layers of the networking stack go by much more recognizable names. At the link layer, you find Ethernet, the most common high-speed medium. Older link-layer protocols include the serial protocols such as the Serial Line Internet Protocol (SLIP), Compressed SLIP (CSLIP), and the Point-to-Point Protocol (PPP). The most common network layer protocol is Internet Protocol (IP), but other protocols exist at the network layer that satisfy other needs, such as the Internet Control Message Protocol (ICMP) and the Address Resolution Protocol (ARP). At the transport layer is the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). Finally, the application layer includes many familiar protocols, including the standard Web protocol, HTTP, and the e-mail protocol, Simple Mail Transfer Protocol (SMTP)."
Reviews LyX 1.5: What you see is what you mean (Linux.com)Linux.com reviews LyX 1.5. "According to its Web site, LyX is "the first WYSIWYM document processor," coupling a familiar word processing front end to the powerful LaTeX typesetting engine. Last month's new version 1.5 release includes a revamped interface, big improvements in multilanguage support, and enhanced tools for incorporating math, tables, and outlines."
MEPIS releases KDE 4 Beta 1 Live DVDs (DesktopLinux)DesktopLinux looks at a MEPIS release with KDE 4 Beta 1. "Warren Woodford of MEPIS announced on Aug. 10 that his company has built KDE 4 Beta 1 Live DVDs to verify the compatibility of KDE 4 with SimplyMEPIS 7.x."
Watch online video? Get Miro (Linux.com)Nathan Willis looks at Miro on Linux.com. "First it was called DTV, then Democracy Player, and now it is Miro. Whatever you call it, the Mozilla-based, cross-platform, open source video player is now in public release. Miro differs from playback front ends like VLC by offering integrated content-finding and content-management tools. If you think that's a meaningless distinction, think again."
Mylyn 2.0, Part 1: Integrated task management (developerWorks)IBM developerWorks looks at Mylyn 2.0. "Now in release 2.0, Mylyn (formerly called Mylar) enhances productivity by seamlessly integrating tasks into Eclipse and automatically managing the context of those tasks as you work. Mylyn Project Lead Mik Kersten has updated his two-part guide to using Mylyn to cover the improvements driven by the massive amounts of user feedback since Mylyn 1.0. Part 1 introduces Mylyn's task management facilities and integration with repositories such as Bugzilla, Trac, and JIRA. You'll learn how context management eases multitasking and reduces information overload in Part 2."
Children's Reviews of OLPC XO Technology (OLPC News)One Laptop Per Child News reports on several children's reviews of the XO. "Note that Gabe had never seen one of these things before, and with practically no help from the adults, he had started painting, typing, and playing with the webcam, cackling quite evilly the whole time."
The Ultimate Linux Handheld (Linux Journal)Doc Searls and Jim Thompson search for the Ultimate Linux Handheld. "Last year's winner in this category, the Nokia 770, has a younger sibling, and, as oft happens, the kid takes the cake. Nokia's N800, the follow-up to the 770, is smaller, lighter, better-looking, faster and has a larger brain."
Page editor: Forrest Cook Announcements Non-Commercial announcements Protesters call on the BBC to eliminate DRM from the iPlayerThe Free Software Foundation's Defective by Design campaign has targeted the the BBC iPlayer. "Two weeks after the BBC officially launched the iPlayer, protesters wearing bright yellow Hazmat suits gathered outside BBC Television Center in London and BBC headquarters in Manchester to demand that Digital Restrictions Management (DRM) be eliminated from the BBC."
EFF: Appeals Court Battle Over NSA Surveillance on August 15The Electronic Frontier Foundation has sent out a press release concerning a court battle over surveillance by the US National Security Agency. "In the wake of Congress approving a dramatic expansion of U.S. warrantless wiretapping powers, the 9th U.S. Circuit Court of Appeals will hear arguments on the future of two critical lawsuits over illegal surveillance of Americans. The hearing is set for August 15, at 2 p.m. in San Francisco. The government is fighting to get the cases thrown out of court, contending that the litigation jeopardizes state secrets."
Commercial announcements FiveRuns releases free, multi-platform Rails stackFiveRuns has announced the launch of RM-Install, a free, multi-platform Rails stack. "RM-Install is the second component available from the FiveRuns Enterprise Management Suite for Rails, designed to manage the full Rails application lifecycle."
Two Microsoft licenses submitted for OSI approvalMicrosoft has, as promised, requested Open Source Initiative approval for its Microsoft Community License and Microsoft Permissive License. The initial responses on the mailing list are generally positive.
Next generation multimedia architecture now available from Motama for free (Motama GmbH)Motama has announced its next-generation multimedia architecture. "Motama's key technology provides a ground-breaking new software solution - called Network-Integrated Multimedia Middleware (NMM) - which allows for developing distributed and networked multimedia applications easily. For the first time, Motama now offers a greatly improved and extended version of its NMM technology as free download".
Novell launches ZENworks Configuration ManagementNovell, Inc. has announced the availability of Novell(R) ZENworks(R) Configuration Management to its systems management portfolio. "This flexible, easy-to-use solution for configuration management allows companies to add patch, asset and endpoint security management capabilities to meet the specific needs of their IT environments. As a result, companies can centrally manage their IT resources to meet compliance and auditing needs, ease costs, improve security, and streamline business processes."
Oracle announces general availability of Oracle(R) Database 11gOracle Corporation has announced Oracle(R) Database 11g for Linux. "Oracle Database 11g delivers the next-generation of enterprise information management, helping customers tackle the demands of rapid data growth, changing environments, and the need to deliver higher quality of services while reducing and controlling IT costs."
Sun releases new license for Java Compatibility Tests to the OpenJDK communitySun Microsystems, Inc. has announced the OpenJDK(TM) Community Technology Compatibility Kit (TCK) License. "With this release, Sun is placing the means for certifying "Write Once, Run Anywhere(TM)" compatibility into the hands of the community. This license is for the Java(TM) Compatibility Kit (JCK). The JCK is the Technology Compatibility Kit, a suite of tests, tools and documentation that determines whether or not an implementation complies with the Java Platform Standard Edition 6 specification."
Resources Second and final AGPL draft releasedThe second and final discussion draft of the Affero GPL version 3 has been released. "The GNU Affero GPL version 3 consists of the text of GPLv3, slightly adapted for the new name, and an additional paragraph in section 13 that requires people who modify the software to publicly provide source when users interact with the software over a network." The changes this time around are mostly tweaks to that additional paragraph. People who are interested in this license should speak now; more information is available at the AGPL second draft guide page.
FSFE NewsletterThe August 9, 2007 edition of the FSFE Newsletter is online with the latest Free Software Foundation Europe news. Topics include: Mythbusting MS-OOXML, First Swedish Fellowship meeting held in Gothenburg, Free Software on Exit festival 2007, Novi Sad, Serbia, Freedom in the hills: the Bergtagung, GNU GPL licence confirmed once again in a court of law, Submit Free Software projects to the Trophées du Libre, Ongoing work of spreading GNU GPLv3 understanding and Tell a friend about the Fellowship, share this newsletter.
The Linux Platform Weather ForecastFor a little while now, LWN editor Jonathan Corbet has been working with the Linux Foundation to maintain a page called the Linux Platform Weather Forecast. The idea is to summarize developments in (mostly, but not limited to) the Linux kernel area so that interested parties can get a sense for what is coming. The Linux Foundation has gotten around to announcing the existence of this page, leading to a number of articles (1, 2...). LWN readers, of course, will not be surprised by much that is found there.
Surveys Vote in the 2007 Desktop Linux Survey (Linux-Watch)Linux-Watch has announced the voting for the 2007 Desktop Linux Survey. "DesktopLinux.com launched its 2007 Desktop Linux Survey on August 13, asking users of Linux desktops to identify what distributions they use, as well as their choice of windowing environment (KDE, GNOME, etc.), web browsers, email clients, and Windows-on-Linux solutions."
Event Reports The Ninth Annual OSCONO'Reilly has sent out a press release for the recently held Ninth Annual Open Source Convention (OSCON). "The O'Reilly Open Source Convention (OSCON), held July 23-27 at the Oregon Convention Center in Portland, Oregon brought together over 3,000 industry luminaries, developers, hackers, and business people to advance the discussion and share information surrounding open source computing. The conference covered every area of the open source arena: Administration, Business, Databases, Emerging Topics, Java, Linux, People, Perl, PHP, Programming, Python, Ruby, Security, and Web Applications. A "united nations" of computing languages, attendees at OSCON were not only speaking in multiple technical languages, they were finding unique solutions to integrating tools seamlessly."
Calls for Presentations The O'Reilly Emerging Technology Conference expands it's scopeO'Reilly has announced the 2008 Emerging Technology Conference. The event will be held in San Diego, CA on March 3-6, 2008. "Program Chair Brady Forrest is formulating an even more comprehensive program for 2008: "We are going to be expanding the scope of ETech," notes Forrest, " looking beyond the Web to manufacturing, biotech, large-scale systems, sensor networks, alternate reality games, visualizations, robotics, policy, human enhancement and clean tech.""
Upcoming Events Linux Installfest workshop in Davis, CAThe Linux Users' Group of Davis will be holding its next Linux Installfest workshop in Davis, CA on Saturday, August 18th, 2007.
Summercon 2007, AtlantaSummercon 2007 will be held from August 24-26 at the Wyndham Midtown Hotel in Atlanta, GA. "Summercon is our chance to get together, talk to each other face-to-face, and swap information about innovations, trends, practices, and rumors in the field of computer security. We welcome all walks of life and all sides of the debate to Summercon: hackers, crackers, script kiddies, w4r3z dud3z, feds, narcs, cops, concerned parents, hangers-on, strippers, media whores, Geraldo Rivera, and Kevin Mitnick."
Fall Von Conference and Expo, BostonPulvermedia has announced the eleventh annual Fall VON Conference & Expo. The event will be held in Boston, MA on October 29 - November 1, 2007. "This year, Pulvermedia's flagship event, which is the largest, longest- running, and most significant event in the IP communications industry, will feature several new adjoining conferences, and multiple new events and pavilions on the expo floor. As a result, a record number of attendees, participating companies and speakers are expected to take part throughout the four-day event."
Events: August 23, 2007 to October 22, 2007The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it.
Page editor: Forrest Cook
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||