LWN.net Weekly Edition for October 9, 2008

Some views from Vision

Your editor had the honor of speaking at MontaVista's Vision 2008 conference recently. This conference - a gathering of MontaVista's customers - provided an opportunity to observe how (part of) the embedded industry sees itself and its role in the larger Linux community. Relations between embedded systems and Linux as a whole have often been a little uneasy; a situation which probably will not change in the near future. That said, there are signs that embedded developers are starting to think about the value of engaging more directly with the development community that they depend on.

William Mills is the Chief Technologist for Open Linux Solutions at Texas Instruments; his brief presentation at Vision was an interesting demonstration of how attitudes in the industry are changing. According to Mr. Mills, TI's method for developing Linux drivers for its products involved doing the work behind closed doors, then distributing the result through MontaVista. That approach has changed, though. TI now does its driver work in a public git tree, with a focus on merging the code upstream as a first priority. Customers who want to work directly with upstream kernels can get the code directly.

In a sense, it would appear that TI has removed MontaVista as the intermediary which distributes drivers for TI hardware. But TI still distributes code through MontaVista, so customers looking for a supported, integrated offering can still get a distribution which suits their needs. There's no shortage of embedded systems vendors who lack the skills and the desire to support a Linux distribution themselves; for those vendors, buying a supported system makes a lot of sense. For everybody else, the software is free and part of the mainline kernel, as it should be.

MontaVista founder Jim Ready discussed "the state of embedded Linux," focusing on areas where there is a bit of a mismatch between what the Linux community is providing and what the embedded industry needs. Certain kinds of functionality are missing; the ability to do user-space interrupt synchronization was one example. The rate of change in the kernel is very high, presenting embedded vendors with the difficult choice of backporting fixes or upgrading to a more recent kernel. Tracing and profiling tools are not up to the level needed by the industry.

Jim also talked some about realtime functionality, which currently must be patched into the kernel separately. He complained that changes made to the mainline kernel often break the realtime patch sets, leaving developers scrambling to make things work again. Keeping these patches in a working state requires constant effort; it is a significant cost.

All of this may sound like whining from an industry which has earned a reputation for taking more from Linux than it is willing to put back in. But Jim put the blame directly on the embedded industry itself; embedded vendors, he says, still haven't quite gotten it. While taking some pride in MontaVista's position in the list of top contributors to the kernel, he suggested that MontaVista should be enjoying the company of more embedded systems firms. The embedded industry should be contributing more to the kernel than it is.

What it comes down to, says Jim, is that the center of gravity in the Linux development world can be found in enterprise computing. Vendors in that industry are contributing heavily to the kernel and, as a result, the kernel tends to fit their needs better. The embedded community needs to get together and figure out how it, too, can become a more prominent contributor and work to drive the kernel in directions which suit its needs.

Judging from the response in the room, many of those in the audience seem to agree with this point of view. Some see it differently, though. During your editor's talk, a member of the audience asked whether the embedded community should stop using a kernel developed by enterprise system vendors and, instead, make its own version of the kernel suited to its needs. Needless to say, your editor discouraged this approach; the cost of forking the kernel and fragmenting the development community would vastly exceed the value of any benefits gained. But the questioner seemed unconvinced.

The clear conclusion to be made from that exchange is that there are still people in the embedded industry who do not see the value of working with the larger Linux development community. It is easy to fault the embedded community for its failure to contribute back, but it also makes sense to look in the mirror and ask if we couldn't make a more persuasive case for joining in. There has been a sustained effort to encourage the embedded systems industry to become a full participant in our community; over the years, that work has yielded a steady stream of successes. By continuing and improving this work, we'll continue the process of bringing our community together. Then we'll truly have a single system that runs on everything from wrist watches to supercomputers.

Comments (8 posted)

Plugging into GCC

Almost one year ago, LWN examined the GCC plugin mechanism - or, more exactly, the lack of such a mechanism. Despite the increasing level of interest in adding special-purpose modules to the GCC compiler, GCC has no API which allows this addition to be done. So developers working on GCC extensions are faced with the daunting prospect of patching their code directly into the compiler. This situation looked unlikely to change; the Free Software Foundation's fears that a plugin mechanism would be used by proprietary extensions was just too strong. One year later, though, things look a little different; there may be a plugin-capable GCC available in the (relatively) near future.

There are a lot of good reasons for wanting to add plugins to the GCC compiler. The implementation of better optimization techniques is an obvious example, but there is more than that. The EDoc++ project has put together a static analysis tool which performs checking of exception handling in C++ code - and generates documentation while it's at it. Mozilla uses its Dehydra tool to find potential problems in the browser's code base. The LLVM compiler can be thought of as a sort of GCC plugin, currently. The Middle End Lisp Translator project is working on a Lisp-like language which, in turn, can be used within plugins for static analysis and code transformations. The list goes on; just about any project working on the processing of programs can benefit from hooking into the GCC platform.

The concern that has long been expressed by the FSF (which owns the copyrights on GCC) is that a general plugin mechanism would make it possible for companies to traffic in binary-only GCC modules. Rather than contribute a new analysis or optimization tool - or a new language - to the community, companies might have an incentive to distribute their work separately under a restrictive license. That runs very much counter to what the FSF is trying to accomplish, so opposition from that direction is not particularly surprising.

But the pressure for some sort of plugin API is not going away, so the GCC developers have been thinking about ways to make it possible without upsetting Richard Stallman. One alternative which has been discussed is to require plugins to be written in a high-level scripting language - Python or Perl, perhaps. Then plugins would, for all practical purposes, have to be distributed in source form. Even if they carried a hostile license, it would be possible to study them and learn how they actually work.

Another possibility is to take a page from the Linux kernel's book and keep the plugin API unstable. If the API changed with every GCC release, GCC would become a moving target which would be much harder for proprietary vendors to keep up with. An unstable API may be the way things go in any case - there may be no other way to allow GCC itself to continue to progress quickly - but experience with the kernel shows that an unstable API is not, by itself, enough to scare off a determined proprietary software vendor. It might reduce the number of proprietary GCC modules, but it would not eliminate them.

Alternatively, one could require plugin modules to declare their license to the GCC core, which could then reject plugins that lack a suitable license. Again, experience with the kernel suggests that there are limits to how far one can get with this approach. Proprietary plugin vendors could distribute a version of GCC with the license check patched out - or just have their plugin lie about its license.

Yet another possibility is to not worry about the problem at all; it is not clear that the world is full of vendors waiting for an opportunity to abuse a GCC plugin API. As GCC developer Ian Lance Taylor puts it:

Someday, perhaps, the FSF will feel sufficiently confident to allow unrestricted plugin access to GCC, but that does not appear to be in the cards at this time.

What does appear to be happening, though, is an attempt to enable plugins by way of some licensing trickery. The GCC suite is covered by the GPL, a fact which does not, in itself, affect the licensing of any program which is compiled by GCC. But GCC is more than just the compiler; it also includes a runtime library needed to make most GCC-compiled programs actually run. Linking to the runtime library could cause the resulting program to be a derived product of that library; since the runtime library is licensed under the GPL, that could be a concern for anybody compiling non-GPL-licensed code. To address that concern, the runtime code has long carried an exception to the GPL:

That is the language which enables the distribution of proprietary software built with GCC. The plan, said to be under consideration currently, is to change the wording of that exemption; essentially, it would no longer apply to code compiled with the use of proprietary GCC plugins. The new license is not finalized, but Mr. Taylor guesses it will look something like this:

The actual wording of the new runtime license has been a long time in coming; the FSF's lawyers want to get it right so that it discourages undesired conduct while staying out of the way for everybody else. It also does not appear to be the FSF's highest priority at the moment. So nobody really knows when it might become official - though there have been notes to the list suggesting that it could happen in the near future.

What we do seem to know is that it will happen, sooner or later, and the addition of a plugin mechanism to GCC will become possible. So the developers are starting to think about how the API will work. There are a couple of existing GCC plugin frameworks already, and plenty of thoughts on how they could be improved; see, for example, this discussion for an idea of what is being talked about. But the details are likely to be of interest mostly to GCC hackers, while the end result will be beneficial to a much wider community of developers and users.

Comments (73 posted)

Accessibility in Linux systems

The Linux kernel recently saw the addition of a "basic Braille screen reader", and thus, the addition of a drivers/accessibility subdirectory and its corresponding CONFIG_ACCESSIBILITY option. It is worth noting that one of the first reactions was "what the heck is accessibility?" This shows how the idea is still quite unknown to developers.

And yet the issue of GNU/Linux accessibility, i.e. the usability of GNU/Linux by disabled people (e.g. blind people) is, of course, not new. Work in that area has been conducted for a long time: the speakup speech screen reader saw its 0.07 version against Linux 2.2.7 in 1999, and the brltty Braille screen reader started in 1995. The basic Braille screen reader that has just been added to the Linux kernel is just the emerging part of that work which has been around since then.

With the popularization of GNU/Linux among non-technical people, there has been renewed interest in mainline accessibility support: the GNOME desktop, OpenOffice.org and Firefox 3 can now be rendered via Braille and speech synthesis thanks to the AT-SPI framework and the Orca screen reader. KDE will soon follow when these technologies get rebased on D-BUS. In addition, accessibility menus have started appearing in the upstream distributions.

One of the main concerns for disabled people used to be the lack of support of Javascript in text-mode web browsers and office suite support. With more and more companies and governments migrating to Linux—particularly since some states require accessibility of tools used in government—renewed development effort was becoming more and more of a must. In Massachusetts, people had even signed a petition against the migration to libre software because it was not yet accessible at the time!

What is Accessibility?

Accessibility, sometimes abbreviated a11y, means making software usable by disabled people. That includes blind people of course, but also people who have low vision, are deaf, colorblind, have only one hand, can move only a few fingers, or even only the eyes. It also includes people with (even light) cognitive troubles or just not familiar with the language. Last but not least, it includes elderly people, who often have a bit of all these disabilities. Yes, that actually means everybody is concerned, eventually. That means support for special devices, but also general care during development, like not assuming that an audible alarm will be heard or a transient message will be read.

Maybe one of the most obvious accessibility techniques is speech synthesis, which turns text into audio that can be sent to speakers or headphones. There used to be hardware speech synthesis (supported by the speakup drivers), but these have often been replaced by software speech synthesis. While the quality of commercial software speech synthesis is very good these days, the quality of free software vary a lot. While there is very good libre English speech synthesis, the support of other languages is quite diverse. For instance, the Festival and eSpeak libre engines easily support a wide range of languages, but their sound is rather robotic. There are better phoneme libraries like mbrola, but they are often not completely libre. To better handle all these potential speech synthesis backends, the speech dispatcher daemon takes care of automatically choosing the appropriate synthesis according to the desired language and style.

Another very popular kind of device is Braille terminals. These "show" text by raising and lowering little pins which thus form Braille patterns. Because their cost is very high, a Braille terminal often has room for only 40 characters or even 20 or 12. They integrate keys to navigate around the screen, so the user ends up reading it piece by piece. Compared to speech synthesis, the reading accuracy is far better, but not everybody can read Braille, and the cost remains very high (on the order of $5,000). The support of the various existing devices is very good: both the brltty and suseblinux screen readers support a very wide range of devices.

Blind people will actually often use a combination of speech synthesis and Braille devices. As for other kinds of disabilities, the kind of devices varies a lot. It ranges from joysticks (natively supported by X.org) to eye-tracking systems (managed by dasher), via press button (supported by the GNOME Onscreen Keyboard) or mere screen magnification (implemented by gnome-mag).

Everyday Use

The eternal Command Line Interface vs Graphical User Interface flamewar actually also holds for people using a Braille terminal or speech synthesis. The contrast is perhaps even exacerbated by the inherent difficulties of performing anything with a computer when being disabled.

The old traditional way of using a GNU/Linux system, the text console, has been working well with Braille devices and speech synthesis for a long time. The principle is indeed quite simple: there are 25 lines of 80 characters and text appears sequentially. Screen readers for Braille terminals would thus just automatically display what was last written and permit the user to navigate among these 25 lines. Screen readers for speech synthesis (e.g. speakup or yasr) would speak text as it appears on the screen, and have some review facilities similar to what Braille screen readers have. This works quite well because applications are limited to the TTY interface, they cannot have non-accessible fancy features such as graphical buttons. Some applications may still not be so easy to read, e.g. if they draw ASCII art or use colors to show active buttons, but they often have options to get more accessible, a collection of tips can be found on this wiki.

Accessibility of graphical desktops is on the other hand a quite recent matter, in part because the issue is technically much less simple: while applications on the text console are limited to producing text, these days graphical applications usually render text as bitmaps themselves, so that the textual information is not available outside of the application for screen readers. There have been application adaptation attempts in the past (like ultrasonix), but they never really got popular. The GNOME project has been developing AT-SPI (Assistive Technology Service Provider Interface) for the past decade, and that has become really promising with the advent of the Orca screen reader. AT-SPI can be understood as a protocol between screen readers (e.g. Orca) and applications. To be "accessible", applications thus have to implement AT-SPI, or use a toolkit that implements it (like GTK and soon Qt), so that screen readers can get the logical and textual content of the application. Orca is not yet as good as what mature, proprietary Windows screen readers can achieve, but it is already usable for everyday work. It is progressing rapidly, notably thanks to the support of Sun and the involvement of the Accessibility Free Software Group. At the time of writing, only gtk+ 2 (and thus the GNOME desktop and gtk+ 2 applications), Java/Swing, the Mozilla suite, OpenOffice.org, and acrobat reader implement AT-SPI and thus are accessible. Qt (and thus the KDE desktop) is expected to support it once it gets rebased on D-BUS. To get the best results, the latest versions of applications should be used: for instance, Firefox is really usable only starting from version 3.

Another approach is the use of self-reading applications. For instance, Firevox is a version of Firefox that integrates a dedicated screen reader. That permits a tighter interaction between the reader and the application, but that is of course limited to that particular application. Another example is emacspeak, which is a vocalized version of emacs. Some people simply just use emacspeak and nothing else, as emacs already meets all their needs.

All in all, as usual the mileage varies. Some people will be very happy with the mature, efficient screen reading of the text console, while other people will consider that as a regression (like going back to DOS) and prefer using intuitive environments such as the GNOME desktop, even if the Orca screen reader is still quite young. It is actually quite common to use both: for instance the text console for the usual work, and the graphical environment for tasks that require it, like browsing Javascript-powered websites or manipulating OpenOffice documents.

Upstream Integration

Now, how can all of that be installed? Most distributions already provide most of the useful packages, but they often lack documentation on which tools are useful according to the various disabilities. The Linux Accessibility Resource Site is a quite complete source of information on the various tools that one could use. There is also a wiki page meant for administrators to get started with accessibility needs.

A point worth noting, however, is that some distributions have accessibility components built into their installation CDs. For instance, starting from Etch (aka Debian GNU/Linux 4.0), the Debian installer automatically detects Braille terminals and if found, switches to text mode, runs brltty, and makes sure that brltty gets installed and configured on the target system. Other distributions often have been non-officially adapted into so-called "Braillified" installation images. The very important point is that it permits disabled people to be completely independent from the help of sighted people, even when the (re)installation of a system has to be done! That is clearly one area in which Windows is far behind GNU/Linux achievements.

Future Challenges

To sum it up, "accessible" GNU/Linux is getting its democratization step as well, just a bit shifted in time compared to the average Linux democratization. There are, of course, things that could be improved. Even if distributions usually contain accessibility software, it is hard for accessibility-newcomers to know which software will be useful for the various kinds of disabilities users can have, so distributions will have to develop wizards to help them. In the meanwhile, websites such as the Linux Accessibility Resource Site can be used as sources of information. In any case, discussion with the disabled users is essential to establish a suitable solution (setting up Braille output would be useless if the user can not read Braille for instance).

Beyond the mere use of GNU/Linux or its installation, one area that still is not really accessible at all is the early stages of the boot process. With future development of the recently added basic Braille screen reader, the Linux kernel should eventually be able to provide basic feedback even before user space screen reader daemons can be started from the hard disk. Bootloaders like lilo and grub are able to emit basic beeps, but being able to accurately edit the kernel command line, for example, would require some support. Last but not least, tinkering with BIOS settings is currently possible for disabled people only on high-end machines that can drive a serial console. The democratization of the EFI platform could be an opportunity to embed basic screen reading functionalities.

[Samuel Thibault has been working on accessibility since 2002, when he and a blind colleague designed the BrlAPI client/server Braille output engine, now used by Orca for Braille support . Since then he has worked on various accessibility tasks, from the Debian installer support to Braille standardization. In his professional life, he conducted a PhD on thread scheduling on high-end machines, and is now a lecturer at the University of Bordeaux.]

Comments (19 posted)

Page editor: Jonathan Corbet

Security

Partial disclosure

We are increasingly seeing disclosures of security vulnerabilities that don't actually disclose much, except that the researcher has found something. Unfortunately, we have also seen lots of evidence that once the presence of a flaw is known, it doesn't take very long for folks to figure out what the vulnerability is. Of course, we don't have any data on how long it takes those with a malicious intent to find the flaws, but clearly the "white hats" find them quickly. So what or who, exactly, are those practicing "partial disclosure" protecting?

Partial disclosure is clearly a part of the "security circus" that Linus Torvalds recently castigated, as it serves to increase the notoriety of security researchers, without necessarily doing anything to help protect users. Several recent examples come to mind of researchers who have found real flaws, but for various reasons don't want to disclose the details. Instead they "tease" the world by talking around what they found, trying—and generally failing—to leave out enough information so that others can't immediately follow in their footsteps.

Dan Kaminsky's DNS flaw was an interesting example in that Kaminsky only disclosed the vulnerability to affected software vendors, allowing them multiple months to produce patches. He then wanted to give administrators time to apply the patches so he delayed disclosing the flaw for another month or so. He also had an admittedly selfish reason for delaying disclosure: he wanted to announce it at the Black Hat security conference.

Because of the addition of source port randomization as the fix, it didn't take very long for other security researchers to come up with the vulnerability. Attackers may have come up with it even more quickly, but because there were no details available, developers of other, smaller DNS servers—not privy to the initial disclosure—were unable to determine whether their code was vulnerable. It is commendable that Kaminsky worked with the vendors to fix the problem, but there were clearly holes in his disclosure methods.

A worse case can be seen with the recent spate of reports about "clickjacking". It started with a report of a canceled talk at the OWASP AppSec conference. The name is clearly suggestive of where the vulnerability might be, and the description of the canceled talk gave enough information that others were able to duplicate it. This led one of the original researchers to release the vulnerability information.

So, in the interim, there was enough information floating around to find and exploit the flaws, and now the vulnerability info has been released, but there are no fixes available for many of them. It is hard to see what delaying the disclosure did for anyone—researchers or users—here. It did generate lots of press, though, partially because of the name as Bruce Schneier pointed out pre-disclosure:

Yet another recent example is the denial of service reported for nearly any TCP device. Like clickjacking, it is being described in scary ways—which may well be justified:

There may well be enough information in the description of what the researchers found—and, in particular, how they found it—for an enterprising attacker to find it for themselves. In the meantime, the rest of us are left in the dark. Security researchers are clearly under no obligation to disclose their research sensibly, but it would seem that either releasing all the details at once, or keeping them completely secret, would be better than these partial disclosures.

Comments (4 posted)

New vulnerabilities

condor: multiple vulnerabilities

Package(s):	condor	CVE #(s):	CVE-2008-3826 CVE-2008-3828 CVE-2008-3829 CVE-2008-3830
Created:	October 8, 2008	Updated:	October 10, 2008
Description:	From the Red Hat advisory: A flaw was found in the way Condor processed user submitted jobs. It was possible for a user to submit a job in a way that could cause that job to run as a different user with access to the pool. (CVE-2008-3826) A stack based buffer overflow flaw was found in Condor's condor_schedd daemon. A user who had permissions to submit a job could do so in a manner that could cause condor_schedd to crash or, potentially, execute arbitrary code with the permissions of condor_schedd. (CVE-2008-3828) A denial-of-service flaw was found in Condor's condor_schedd daemon. A user who had permissions to submit a job could do so in a manner that would cause condor_schedd to crash. (CVE-2008-3829) A flaw was found in the way Condor processes allowed and denied netmasks for access control. If a configuration file contained an overlapping netmask in the allow or deny rules, it could cause that rule to be ignored, allowing unintended access. (CVE-2008-3830)
Alerts:	Fedora FEDORA-2008-8733 2008-10-09 Red Hat RHSA-2008:0911-01 2008-10-07 Red Hat RHSA-2008:0924-01 2008-10-07

Comments (none posted)

feta: insecure temp file handling

Package(s):	feta	CVE #(s):	CVE-2008-4440
Created:	October 7, 2008	Updated:	October 8, 2008
Description:	From the Debian advisory: Dmitry E. Oboukhov discovered that the "to-upgrade" plugin of Feta, a simpler interface to APT, dpkg, and other Debian package tools creates temporary files insecurely, which may lead to local denial of service through symlink attacks.
Alerts:	Debian DSA-1643-1 2008-10-05

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):	kernel	CVE #(s):	CVE-2008-4113 CVE-2008-4445
Created:	October 8, 2008	Updated:	November 3, 2008
Description:	From the Red Hat advisory: Missing boundary checks were reported in the Linux kernel SCTP implementation. This could, potentially, cause information disclosure via a specially crafted SCTP_HMAC_IDENT IOCTL request. (CVE-2008-4113, CVE-2008-4445)
Alerts:	Mandriva MDVSA-2008:223 2008-10-31 Ubuntu USN-659-1 2008-10-27 SuSE SUSE-SA:2008:053 2008-10-27 Debian DSA-1655-1 2008-10-16 Red Hat RHSA-2008:0857-02 2008-10-07

Comments (none posted)

lighttpd: multiple vulnerabilities

Package(s):	lighttpd	CVE #(s):	CVE-2008-4298 CVE-2008-4359 CVE-2008-4360
Created:	October 6, 2008	Updated:	January 12, 2010
Description:	From the Debian advisory: CVE-2008-4298: A memory leak in the http_request_parse function could be used by remote attackers to cause lighttpd to consume memory, and cause a denial of service attack. CVE-2008-4359: Inconsistent handling of URL patterns could lead to the disclosure of resources a server administrator did not anticipate when using rewritten URLs. CVE-2008-4360: Upon file systems which don't handle case-insensitive paths differently it might be possible that unanticipated resources could be made available by mod_userdir.
Alerts:	SuSE SUSE-SR:2009:020 2010-01-12 Fedora FEDORA-2008-11923 2008-12-30 Gentoo 200812-04 2008-12-02 SuSE SUSE-SR:2008:026 2008-11-24 rPath rPSA-2008-0309-1 2008-10-30 Debian DSA-1645-1 2008-10-06

Comments (none posted)

mediawiki: HTML injection

Package(s):	mediawiki	CVE #(s):	CVE-2008-4408
Created:	October 7, 2008	Updated:	October 8, 2008
Description:	MediaWiki has released versions 1.13.2 and 1.12.1 with security and bugfix updates.
Alerts:	Fedora FEDORA-2008-8678 2008-10-07 Fedora FEDORA-2008-8639 2008-10-07

Comments (none posted)

mplayer: integer overflow

Package(s):	mplayer	CVE #(s):	CVE-2008-3827
Created:	October 7, 2008	Updated:	January 12, 2009
Description:	From the Debian advisory: Felipe Andres Manzano discovered that mplayer, a multimedia player, is vulnerable to several integer overflows in the Real video stream demuxing code. These flaws could allow an attacker to cause a denial of service (a crash) or potentially the execution of arbitrary code by supplying a maliciously crafted video file.
Alerts:	Gentoo 200901-07:02 2009-01-12 Mandriva MDVSA-2008:219 2008-10-29 Debian DSA-1644-1 2008-10-05

Comments (none posted)

pam_krb5: privilege elevation

Package(s):	pam_krb5	CVE #(s):	CVE-2008-3825
Created:	October 2, 2008	Updated:	January 14, 2009
Description:	From the Red Hat alert: A flaw was found in the pam_krb5 "existing_ticket" configuration option. If a system is configured to use an existing credential cache via the "existing_ticket" option, it may be possible for a local user to gain elevated privileges by using a different, local user's credential cache. (CVE-2008-3825)
Alerts:	SuSE SUSE-SR:2008:027 2008-12-09 rPath rPSA-2009-0007-1 2009-01-13 Mandriva MDVSA-2008:209 2007-10-03 Fedora FEDORA-2008-8618 2008-10-03 Fedora FEDORA-2008-8605 2008-10-03 CentOS CESA-2008:0907 2008-10-05 Red Hat RHSA-2008:0907-01 2008-10-02

Comments (none posted)

php5: several vulnerabilities

Package(s):	php5	CVE #(s):	CVE-2008-3658 CVE-2008-3659 CVE-2008-3660
Created:	October 7, 2008	Updated:	June 1, 2009
Description:	From the Debian advisory: Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-3658: Buffer overflow in the imageloadfont function allows a denial of service or code execution through a crafted font file. CVE-2008-3659: Buffer overflow in the memnstr function allows a denial of service or code execution via a crafted delimiter parameter to the explode function. CVE-2008-3660: Denial of service is possible in the FastCGI module by a remote attacker by making a request with multiple dots before the extension.
Alerts:	Fedora FEDORA-2009-3768 2009-04-21 Fedora FEDORA-2009-3848 2009-04-21 Red Hat RHSA-2009:0350-01 2009-04-14 CentOS CESA-2009:0338 2009-04-07 CentOS CESA-2009:0337 2009-04-06 Red Hat RHSA-2009:0337-01 2009-04-06 Red Hat RHSA-2009:0338-01 2009-04-06 rPath rPSA-2009-0035-1 2009-03-02 Ubuntu USN-720-1 2009-02-12 Mandriva MDVSA-2009:023 2009-01-21 Mandriva MDVSA-2009:022 2009-01-21 Slackware SSA:2008-339-01 2008-12-05 Gentoo 200811-05 2008-11-16 SuSE SUSE-SR:2008:021 2008-10-17 Debian DSA-1647-1 2008-10-07 Mandriva MDVSA-2009:024 2009-01-21 Mandriva MDVSA-2009:021 2009-01-21

Comments (none posted)

xen: multiple vulnerabilities

Package(s):	xen	CVE #(s):	CVE-2008-1945 CVE-2008-1952
Created:	October 2, 2008	Updated:	May 13, 2009
Description:	From the Red Hat alert: It was discovered that the hypervisor's para-virtualized framebuffer (PVFB) backend failed to validate the frontend's framebuffer description properly. This could allow a privileged user in the unprivileged domain (DomU) to cause a denial of service, or, possibly, elevate privileges to the privileged domain (Dom0). (CVE-2008-1952) A flaw was found in the QEMU block format auto-detection, when running fully-virtualized guests and using Qemu images written on removable media (USB storage, 3.5" disks). Privileged users of such fully-virtualized guests (DomU), with a raw-formatted disk image, were able to write a header to that disk image describing another format. This could allow such guests to read arbitrary files in their hypervisor's host (Dom0). (CVE-2008-1945)
Alerts:	Ubuntu USN-776-2 2009-05-13 Ubuntu USN-776-1 2009-05-12 Debian DSA-1799-1 2009-05-11 CentOS CESA-2008:0892 2008-10-05 Red Hat RHSA-2008:0892-01 2008-10-01

Comments (none posted)

Page editor: Jake Edge

Kernel development

Brief items

Kernel release status

The current 2.6 development kernel is 2.6.27-rc9, released on October 6. Says Linus: "I know, I know, I said that -rc8 was supposed to be the last -rc, and that I'd release 2.6.27 this weekend. I lied. Sue me. I merged two subtle regression fixes today, and while both looked perfectly fine and had been tested by the people involved in the regressions, I just couldn't bring myself to then just slap a 'v2.6.27' on it without some more testing." Expect the final 2.6.27 release in the near future.

It is worth noting that, as of this writing, 2.6.27 does not contain a fix for the e1000e hardware corruption bug. What it does contain, though, is a series of patches which will prevent that bug from actually damaging the hardware. That makes the kernel safer to run, which is an important step in the right direction.

No stable kernel releases have been made over the last week. As of this writing, though, there were large updates for the 2.6.25 and 2.6.26 kernels in the review process.

Comments (2 posted)

Kernel development news

Quotes of the week

-- David Miller

-- Linus Torvalds starts a blog

Comments (none posted)

Some development statistics for 2.6.27

It's that time of the development cycle again: the 2.6.27 kernel, if not yet released by the time you read this, will be shortly. Various other LWN articles have looked at features found in this release; here we will look at where that code came from.

As of 2.6.27-rc9, a total of 10,604 non-merge changesets had been added to the mainline for the 2.6.27 kernel; those patches added a total of 826,000 lines of code while removing 608,000, for a net growth of 217,000 lines. There were 1,109 developers who contributed to 2.6.27, representing over 150 employers. 376 of those developers contributed a single patch during this development cycle.

The most active developers for 2.6.27 were:

Most active 2.6.27 developers

By changesets Ingo Molnar 238 2.2% Bartlomiej Zolnierkiewicz 235 2.2% Adrian Bunk 221 2.1% David S. Miller 206 1.9% Alan Cox 196 1.8% Yinghai Lu 192 1.8% Jeremy Fitzhardinge 162 1.5% Tomas Winkler 128 1.2% Ben Dooks 120 1.1% Jean Delvare 113 1.1% Steven Rostedt 108 1.0% Harvey Harrison 105 1.0% Pavel Emelyanov 103 1.0% Thomas Gleixner 101 1.0% Jean-Francois Moine 89 0.8% Lennert Buytenhek 88 0.8% Hans Verkuil 81 0.8% Joerg Roedel 81 0.8% Arnd Bergmann 76 0.7% David Brownell 75 0.7%

By changed lines Paul Mackerras 138374 12.1% David Woodhouse 44759 3.9% Jean-Francois Moine 41157 3.6% Adrian Bunk 35160 3.1% Artem Bityutskiy 34545 3.0% Luis R. Rodriguez 31825 2.8% Sam Ravnborg 27443 2.4% Karsten Keil 24674 2.2% Russell King 22861 2.0% Eilon Greenstein 19470 1.7% Alan Cox 16957 1.5% Felipe Balbi 16287 1.4% Kumar Gala 14490 1.3% David Brownell 12551 1.1% Ralf Baechle 11057 1.0% Lennert Buytenhek 9735 0.9% David S. Miller 8621 0.8% Juergen Beisert 8516 0.7% Steven Rostedt 8455 0.7% Ben Dooks 8399 0.7%

On the changeset side, Ingo Molnar ended up on top by virtue of the creation of large numbers of mostly x86-related changes, including a big subarchitecture reorganization; Ingo's count also includes the addition of ftrace, though much of that code was written by others. Bartlomiej Zolnierkiewicz continues to rework the old IDE layer, and Adrian Bunk, as always, energetically cleans up code all over the tree. David Miller's total includes the multiqueue networking code and a lot of other changes; Alan Cox did a lot of TTY work and big kernel lock removal.

Your editor was disappointed to come in at #23, and, thus, off the bottom of the table. Time to send in some quick white space fixes. More seriously, though, it's worth noting that there are relatively few patches of the "trivial change" variety in the mix this time around.

If we look at changed lines, Paul Mackerras comes out on top as the result of a single patch removing the obsolete ppc architecture. David Woodhouse reworked the management of firmware throughout the driver tree. Jean-François Moine brought the GSPCA webcam drivers into the tree, then put vast amounts of effort into cleaning them up. Artem Bityutskiy added the UBIFS flash filesystem, and Luis Rodriguez merged the ath9k wireless driver.

If we look at the companies behind this work, we get the following results (note that, as always, these results are somewhat approximate):

Most active 2.6.27 employers

By changesets (None) 1925 18.2% Red Hat 1405 13.2% (Unknown) 921 8.7% IBM 791 7.5% Intel 605 5.7% Novell 586 5.5% Movial 234 2.2% SGI 197 1.9% (Consultant) 193 1.8% Sun 184 1.7% XenSource 165 1.6% Parallels 157 1.5% Oracle 148 1.4% Marvell 143 1.3% Fujitsu 138 1.3% AMD 129 1.2% Renesas Technology 125 1.2% linutronix 121 1.1% Simtec 119 1.1% (Academia) 108 1.0%

By lines changed IBM 207215 18.1% (None) 129998 11.4% Red Hat 109970 9.6% (Unknown) 108878 9.5% Nokia 52022 4.5% Novell 49944 4.4% (Consultant) 46529 4.1% Broadcom 43438 3.8% Atheros 38212 3.3% Movial 35439 3.1% Intel 32887 2.9% Freescale 25511 2.2% SGI 23444 2.0% Marvell 20967 1.8% Renesas Technology 15723 1.4% MIPS Technologies 15701 1.4% Pengutronix 13334 1.2% Atmel 10786 0.9% Analog Devices 10725 0.9% Sun 9176 0.8%

There are not too many surprises in this table - in particular, the list of companies at the top tends not to change very much. That said, a few things are worthy of note. One is that Sun Microsystems has made its first appearance on this list. People complain about this company, but Sun's engineers have been quietly fixing things all over the tree. Broadcom is another company with a mixed reputation in the Linux community, but Broadcom is happy to provide support for some of its network adapters. Nokia's strong showing in the lines-changed table results primarily from the contribution of the UBIFS filesystem.

The most welcome change, though, is the first appearance of Atheros on this list. Atheros is a company which has quickly moved from a position of complete non-cooperation to one of supporting all of its hardware in the mainline kernel. To say that this is an encouraging development would be an understatement.

All told, the 2.6.27 development cycle shows that the process continues at full pace in a seemingly healthy state. Developers from all over the industry are all working together to make the kernel better for all. The number of companies which see participation in the process as being in their interest is growing, as is the number of developers who contribute patches. The Linux kernel, it seems, is in good shape.

Comments (22 posted)

Btrfs to the mainline?

One of the kernel projects that seems to be attracting a fair amount of attention these days is the new, copy-on-write filesystem, Btrfs. While still rather immature—the disk format is slated to be finalized by the end of the year—Btrfs has reached a point where lead developer Chris Mason wants to start talking about when to merge it into the mainline. Some are advocating moving quickly, while others are a bit more skeptical that merging it will lead to faster development.

Merging Btrfs would have a number of advantages, but more eyes is what Mason is seeking:

Typically, kernel code is not merged until it is ready, but an argument can be made that filesystems, like device drivers, are sufficiently isolated from the rest of the kernel that an early inclusion will do little harm. Also, a kind of precedent was set by the early "merge" of ext4, though that was an evolution of the existing ext3 filesystem, while Btrfs is entirely new. Andrew Morton has been encouraging Mason to get Btrfs "into linux-next asap and merge it into 2.6.29." He describes his reasoning:

Adrian Bunk is not convinced that an early merge will bring the benefits that Morton is touting. He points to an early ext4 development plan, noting that the timelines outlined in that message were, perhaps, overly optimistic. "When comparing with what happened in reality it kinda disproves your 'acceleration' point."

There is a difference, though, between ext4 and Btrfs, that Serge Hallyn points out:

The original timeline showed mid-2007 as a target for a stable ext4 filesystem, but the project overshot that by a year or so. A recent patch proposes renaming ext4dev to ext4 because it "is getting stable enough that it's time to drop the 'dev' prefix." Unexpected difficulties led to ext4 development taking longer, as Mason describes:

Many seem to think that Btrfs is different, but it still has a ways to go. Currently, it does not handle I/O errors very well, while running out of space on the disk can be fatal. But it is getting close to usable—at least for testing and benchmarking. Getting the code into the mainline would cause more folks to look at it, as well as test various filesystem changes against it. Mason gives an example of how that can work:

Btrfs has an aggressive schedule that targets a 1.0 release this year. The focus of that release is to nail down the on-disk format so that changes after that point will be backward compatible. Given that 2.6.29 will likely be released in early to mid-2009, it seems quite possible that Btrfs will be "merge-worthy" by then, which means that it really is not premature to start considering it now.

Comments (6 posted)

Moving interrupts to threads

Processing interrupts from the hardware is a major source of latency in the kernel, because other interrupts are blocked while doing that processing. For this reason, the realtime tree has a feature, called threaded interrupt handlers, that seeks to reduce the time spent with interrupts disabled to a bare minimum—pushing the rest of the processing out into kernel threads. But it is not just realtime kernels that are interested in lower latencies, so threaded handlers are being proposed for addition to the mainline.

Reducing latency in the kernel is one of the benefits, but there are other advantages as well. The biggest is probably reducing complexity by simplifying or avoiding locking between the "hard" and "soft" parts of interrupt handling. Threaded handlers will also help the debuggability of the kernel and may eventually lead to the removal of tasklets from Linux. For these reasons, and a few others as well, Thomas Gleixner has posted a set of patches and a "request for comments" to add threaded interrupt handlers.

Traditionally, interrupt handling has been done with top half (i.e. the "hard" irq) that actually responds to the hardware interrupt and a bottom half (or "soft" irq) that is scheduled by the top half to do additional processing. The top half executes with interrupts disabled, so it is imperative that it do as little as possible to keep the system responsive. Threaded interrupt handlers reduce that work even further, so the top half would consist of a "quick check handler" that just ensures the interrupt is from the device; if so, it simply acknowledges the interrupt to the hardware and tells the kernel to wake the interrupt handler thread.

In the realtime tree, nearly all drivers were mass converted to use threads, but the patch Gleixner proposes makes it optional—driver maintainers can switch if they wish to. Automatically converting drivers is not necessarily popular with all maintainers, but it has an additional downside as Gleixner notes: "Converting an interrupt to threaded makes only sense when the handler code takes advantage of it by integrating tasklet/softirq functionality and simplifying the locking."

A driver that wishes to request a threaded interrupt handler will use:

    int request_threaded_irq(unsigned int irq, irq_handler_t handler,
	    		     irq_handler_t quick_check_handler,
			     unsigned long flags, const char *name, void *dev)

This is essentially the same as request_irq() with the addition of the quick_check_handler. As requested by Linus Torvalds at this year's Kernel Summit, a new function was introduced rather than changing countless drivers to use a new request_irq().

The quick_check_handler checks to see if the interrupt was from the device, returning IRQ_NONE if it isn't. It can also return IRQ_HANDLED if no further processing is required or IRQ_WAKE_THREAD to wake the handler thread. One other return code was added to simplify converting to a threaded handler. A quick_check_handler can be developed prior to the handler being converted; in that case, it returns IRQ_NEEDS_HANDLING (instead of IRQ_WAKE_THREAD) which will call the handler in the usual way.

request_threaded_irq() will create a thread for the interrupt and put a pointer to it in the struct irqaction. In addition, a pointer to the struct irqaction has been added to the task_struct so that handlers can check the action flags for newly arrived interrupts. That reference is also used to prevent thread crashes from causing an oops. One of the few complaints seen so far about the proposal was a concern about wasting four or eight bytes in each task_struct that was not an interrupt handler (i.e. the vast majority). That structure could be split into two types, one for the kernel and one for user space, but it is unclear whether that will be necessary.

Andi Kleen has a more general concern that threaded interrupt handlers will lead to bad code: "to be honest my opinion is that it will encourage badly written interrupt code longer term," but he seems to be in the minority. There were relatively few comments, but most seemed in favor—perhaps many are waiting to see the converted driver as Gleixner promises to deliver "real soon". If major obstacles don't materialize, one would guess the linux-next tree would be a logical next step, possibly followed by mainline merging for 2.6.29.

Comments (14 posted)

Patches and updates

Kernel trees

• Linus Torvalds: Linux 2.6.27-rc9. (October 7, 2008)

Core kernel code

• Thomas Gleixner: [RFC patch 0/5] genirq: add infrastructure for threaded interrupt handlers. (October 6, 2008)

• Oren Laadan: Kernel based checkpoint/restart. (October 8, 2008)

Development tools

• Mathieu Desnoyers: LTTng 0.27, vmap-less buffering and splice(). (October 2, 2008)

• Arjan van de Ven: ftrace: Add a C-state tracer to help power optimization. (October 4, 2008)

• Steven Rostedt: ring-buffer: less locking and only disable preemption. (October 6, 2008)

• Steven Rostedt: ftrace: separate ftrace from ftrace. (October 7, 2008)

• Tom Zanussi: relay revamp v5. (October 6, 2008)

• Paul E. McKenney: RCU-based detection of stalled CPUs for Classic RCU. (October 6, 2008)

• Andy Whitcroft: checkpatch: update to version 0.24. (October 6, 2008)

• Arnaldo Carvalho de Melo: blktrace: conversion to tracepoints. (October 7, 2008)

Device drivers

• Benjamin Herrenschmidt: Block device for the ISS simulator. (October 4, 2008)

• Rafael J. Wysocki: PM: Simplify the new suspend/hibernation framework for devices. (October 6, 2008)

• Arjan van de Ven: RFC: banning device driver reserved resources from /dev/mem. (October 6, 2008)

• Arjan van de Ven: resource: ensure MMIO exclusivity for device drivers. (October 7, 2008)

• Matthew Garrett: thermal: Make it simpler to use the thermal layer inside the kernel. (October 6, 2008)

• Matti Linnanvuori: WAN: add driver retina. (October 6, 2008)

• Rodolfo Giometti: LinuxPPS (RESUBMIT 7): the PPS Linux implementation.. (October 6, 2008)

• Christian Pellegrin: MAX3100 SPI UART driver. (October 6, 2008)

• Carlos Chinea: OMAP Synchronous Serial Interface (SSI) driver. (October 6, 2008)

• Alex Chiang: PCI: let the core manage slot names. (October 6, 2008)

• Alan Cox: Queued TTY Patches. (October 6, 2008)

• Mark Brown: WM8350 support. (October 6, 2008)

• Herbert Poetzl: i2c: Floppy controller bus driver (V0.6.1). (October 6, 2008)

• Herbert Poetzl: hwmon: LM96000 support. (October 7, 2008)

• Atsushi Nemoto: ide: Add tx4939ide driver (v3). (October 7, 2008)

• Jon Smirl: [RFC PATCH 0/4] V3 - Implementation of IR support using the input subsystem. (October 7, 2008)

• Bill Gatliff: Proposal for a Generic PWM Device API. (October 8, 2008)

Documentation

• Jesse Barnes: Intel Releases IGD OpRegion Specification. (October 6, 2008)

• Michael Kerrisk: man-pages-3.11 is released. (October 7, 2008)

Filesystems and block I/O

• Arjan van de Ven: Give kjournald a IOPRIO_CLASS_RT io priority. (October 2, 2008)

• Tom Tucker: RDMA Transport Support for 9P. (October 6, 2008)

• Ryo Tsuruta: [PATCH 0/2] dm-ioband: I/O bandwidth controller v1.7.0: Introduction. (October 6, 2008)

• Kiyoshi Ueda: dm: request-based dm-multipath. (October 6, 2008)

• Daniel Phillips: Tux3 Report: It's What Next time once again. (October 6, 2008)

• Evgeniy Polyakov: Distributed storage release.. (October 6, 2008)

• Evgeniy Polyakov: The new POHMELFS release.. (October 8, 2008)

• Theodore Ts'o: Updated fiemap patches. (October 6, 2008)

• Theodore Ts'o: ext4: Rename ext4dev to ext4. (October 7, 2008)

• Sage Weil: Ceph distributed file system v0.4 (snapshot support). (October 8, 2008)

• Dave Chinner: Combine the XFS and Linux inode structures V2. (October 8, 2008)

Memory management

• Peter Zijlstra: Swap over NFS - v19. (October 6, 2008)

• Mel Gorman: Report the size of pages backing VMAs in /proc V3. (October 6, 2008)

• Nick Piggin: ddds: "dynamic dynamic data structure" algorithm, for adaptive dcache hash table sizing (resend). (October 7, 2008)

• Andy Whitcroft: gigantic compound pages part 2. (October 8, 2008)

Networking

• Remi Denis-Courmont: Phonet pipes protocol (take 3). (October 6, 2008)

• Lennert Buytenhek: [NET] Distributed Switch Architecture protocol support. (October 8, 2008)

• Willy Tarreau: add a sysctl to disable TCP simultaneous connection opening. (October 8, 2008)

• Patrick McHardy: netfilter 00/79: netfilter update. (October 8, 2008)

Architecture-specific

• K.Prasad: Hardware Breakpoint interfaces. (October 7, 2008)

Security-related

• Kees Cook: ELF: implement AT_RANDOM for future glibc use. (October 4, 2008)

• Paul Moore: Labeled networking patches for 2.6.28. (October 7, 2008)

• Mimi Zohar: integrity. (October 8, 2008)

Virtualization and containers

• Alok Kataria: CPUID usage for interaction between Hypervisors and Linux.. (October 6, 2008)

• KAMEZAWA Hiroyuki: memcg: update patch set v7. (October 7, 2008)

Benchmarks and bugs

• Rafael J. Wysocki: 2.6.27-rc8-git7: Reported regressions from 2.6.26. (October 6, 2008)

• Arjan van de Ven: Top kernel oopses/warnings for the week of October 7th, 2008. (October 7, 2008)

Miscellaneous

• Kay Sievers: udev 129 release. (October 7, 2008)

• Kay Sievers: udev 130 release. (October 8, 2008)

Page editor: Jonathan Corbet

Distributions

News and Editorials

New Release Season

Right now there are several major distributions preparing new releases. Ubuntu, openSUSE, Mandriva and Fedora are all on semi-regular six-month schedules; releasing each spring and fall. Debian has a much longer schedule, but that project is also nearing the release of Debian 5.0 "Lenny".

Ubuntu 8.10, "Intrepid Ibex" is due for a final release on October 30, 2008. Some new features have been added since the release of Ubuntu 8.04 "Hardy Heron". Some highlights include GNOME 2.24 with tab support in the Nautilus file manager and new file types supported by File Roller. X.Org 7.4 has better support for hot-pluggable input devices such as tablets, keyboards, and mice. Ubuntu 8.10 Beta includes Linux kernel 2.6.27, a release with better hardware support and numerous bug-fixes. The ecryptfs-utils package has been included with support for a secret encrypted folder in your Home Folder. The "Last successful boot" recovery entry retains a copy of your running kernel and makes it available from the boot loader as a "Last successful boot" option. Network Manager 0.7 has some new features that are included in this release. There are also a few known issues with the beta release, so check the wiki before installation.

openSUSE 11.1 is currently at beta 2. Some changes since the first beta include VirtualBox 2.0.2, the Intel e1000e have been disabled, OpenOffice.org 3.0RC2 from the openSUSE build service, plus GNOME 2.24.0, KDE 4.1.2, Mono 2.0 RC 3, Compiz 0.7.8, and more. You can see an expanded package list for the factory tree at DistroWatch. Just scroll down to see all the packages with version numbers. You can also find out more about openSUSE 11.1 on this page, which includes links to the most annoying bugs and the roadmap which calls for a final release on December 18, 2008.

Mandriva 2009.0 "sophie" could already be officially released, since it is due on October 9, 2008. The second release candidate wiki site lists some major new features including improved boot speed, support for LUKS encrypted partitions in installer and diskdrake, improved support for netbook hardware, support for Intel G41 graphics chipset, and GNOME 2.24 final. KDE4 is the default desktop for sophie. You can find out more about KDE/Mandriva integration here. The 2009.0 Development page has more information.

Fedora 10 "Cambridge" is currently scheduled for release on November 25, 2008. The accepted feature list for F10 includes an AMQP Infrastructure, that makes it easy to build scalable, interoperable, high-performance enterprise applications. F10 also has better printing, better remote support, faster startup, the Echo Icon Theme, Eclipse 3.4, GNOME 2.24, RPM 4.6, the Sugar desktop (used in OLPC), and much more.

Debian 5.0 "lenny" was originally scheduled for release in September. Now the release date is "when it's ready", which should be soon. We covered lenny in the July 31st edition, at the freeze. "Now to explain what, exactly, we mean by "freeze". The freeze upload policy of uploading changes in through unstable if possible will be continued to apply until the release." Since then there has been lots of bug fixing. See more in the Debian "lenny" Release Information page. Debian 5.0 won't have the newest packages like the distributions mentioned above, but when Debian 5.0 is declared stable you will have just that; a stable system that will be supported for several years.

Comments (4 posted)

New Releases

ALT Linux 4.1 Desktop is released

ALT Linux 4.1 Desktop has been announced. "This is a general purpose GNU/Linux distribution intended for use on desktop stations, laptops and netbooks."

Full Story (comments: none)

New Fedora 9 Re-spins

The Fedora Unity Project has announced the release of new ISO Re-Spins of Fedora 9. These Re-Spin ISOs are based on the officially released Fedora 9 installation media and include all updates released as of October 4, 2008.

Full Story (comments: none)

Development Release: openSUSE 11.1 Beta 2 Now Available

A second beta of openSUSE 11.1 is available for testing. Click below for a look at the changes since beta 1, the status of the e1000e issue, in bugs in the OpenOffice.org packages, the call for testing, the most annoying bugs, and download information.

Full Story (comments: none)

Platform Development Kit 0.9.6 released

The 64 Studio Platform Development Kit (PDK) is a Free Software tool (GPLv2) that is used to automate the production and maintenance of several different projects. PDK is a kind of version control system for distributions, that facilitate the creation and management of many different custom products based on Debian and Ubuntu sources. PDK has roots in Progeny's Componentized Linux, and is now maintained by 64 Studio.

Full Story (comments: 3)

Ubuntu 8.10 Beta released

The beta release of Ubuntu 8.10 "Intrepid Ibex" Desktop and Server has been announced. Ubuntu 8.10 Desktop Edition delivers the features you need for an increasingly mobile digital life, including 3G wireless support and guest sessions that lets users temporarily share computers without compromising security. Ubuntu 8.10 Server consolidates its support for virtualization with an integrated Virtual Machine builder, and brings with it a fully-supported Java stack and support for per-user directory encryption."

Full Story (comments: 7)

VC4.1 and new Vyatta Reference Guides released

Vyatta has released an update to Vyatta Community Edition v4. VC4.1 fixes some issues and includes some new, experimental features to test prior to VC5. Click below for a peek at the major new features. New reference guides for VC4.1 are also available.

Full Story (comments: none)

Distribution News

Debian GNU/Linux

What you can do for "Lenny"

The Debian project is looking for folks to help them kick "Lenny" out the door. To that end, they have created a detailed list of tasks suitable for regular users as well as developers. "The big question is: What can you do, to help release "Lenny" at least in this quarter? That's pretty easy: Fix rc-bugs, take care, that the fixed packages are migrated to "Lenny", do upgrade tests, document problems in the release-notes. Pretty simple, isn't it? Click below for the full list.

Full Story (comments: 28)

Fedora

Fedora Board Recap

Click below for a brief summary of the Fedora Board meeting, held September 30, 2008. Topics include Codecs (again), a Trademark Update, and some new business.

Full Story (comments: none)

Mandriva Linux

Notice of discontinuation of Mandriva Linux 2007.1

Mandriva Linux 2007.1 will no longer be supported as of October 13 2008. "Any users still using 2007.1 are encouraged to upgrade. As well, as of October 9 2008, Mandriva Linux 2008.0 will be moving to a basic maintenance mode and will no longer be receiving desktop-related updates."

Full Story (comments: 1)

SUSE Linux and openSUSE

Advance notice of discontinuation of openSUSE 10.2

openSUSE 10.2 is nearing the end of its supported life. "SUSE Security announces that openSUSE 10.2 will be discontinued soon. Having provided security-relevant fixes for more than two years, we will stop releasing updates after November 30th 2008."

Full Story (comments: none)

Third anniversary of openSUSE Project's first release

The openSUSE project is celebrating its third anniversary. The project was announced at LinuxWorld Expo in San Francisco in August of 2005, and announced the release of openSUSE 10.0 on October 6, 2005. Happy birthday openSUSE.

Comments (none posted)

Ubuntu family

Ubuntu Foundations team meeting minutes

The minutes for the Ubuntu Foundations team meeting held September 24, 2008 are available. The agenda includes Outstanding actions from last meeting, Chris to upload openoffice.org3 to the ~openoffice-pkgs PPA (carried over), Alexander to write mobile broadband MIRs (carried over), Any business from activity reports, Open``JDK's compiler targets Java 1.6 bytecode, What should we do with acpi-support?, some bugs, and more.

Full Story (comments: none)

Ubuntu Has New Sample Content Art (Linux Pro Magazine)

Linux Pro Magazine covers the results of contest to provide example-content for Ubuntu 8.10. "While Ubuntu users submitted a host of audio samples, there were only two video submissions. The winner in the audio category was Andrés Vidau of Mexico. Bacon's blog includes Vidau's instrumental track that he created using the free OGG format. The video category winner was 14 year old Andrew Higginson with his stop motion animation produced almost exclusively with free software (Whiteboard, Ffmpeg, Mencoder among others). The 2-Mbyte video can be seen on the archive.org site. Vidau's and Higginson's submissions will become part of the next Ubuntu 8.10."

Comments (none posted)

Distribution Newsletters

Ubuntu Weekly Newsletter #111

The Ubuntu Weekly Newsletter for October 4, 2008 covers: Ubuntu 8.10 Beta released, Intrepid Countdown banner, Intrepid CDs for Approved LoCo's, New Ubuntu Members, Ubuntu Testing Day, Kernel Hug Day, PackageKit call for testing, Ubuntu 8.10 release party(San Francisco), MOTU news, LoCo News, Launchpad News, Ubuntu Kung Fu by: Keir Thomas, e1000e patch, and much more.

Full Story (comments: none)

OpenSUSE Weekly News/41

This week, the openSUSE Weekly News covers Advance notice of discontinuation of openSUSE 10.2, openSUSE-Education 1.0 for 11.0 is Ready, openSUSE 11.1 Beta 2 Now Available, Board Election - Phase 1: Nomination of second voters, openSUSE News: Status of the e1000e Issue, and more.

Comments (none posted)

Fedora Weekly News #146

The Fedora Weekly News for the week ending October 5, 2008 includes the announcement of the beta for Fedora 10 (Cambridge) and several other topics.

Full Story (comments: none)

Echo Monthly News, Issue 2

Echo is a new theme for Fedora 10. The Echo Monthly News provides a look at new icons, tutorials, and more. Echo is currently enabled in Fedora Rawhide.

Full Story (comments: none)

DistroWatch Weekly, Issue 273

The DistroWatch Weekly for October 6, 2008 is out. "After two weeks or refining the package management cheatsheet, DistroWatch takes a break from this project to update its rapidly ageing Major Distributions page. Linux Mint, which has become the third most-often used Linux-based operating system among the visitors of this web site gets a well-deserved place among the elite, while CentOS, an increasingly popular community distribution among users preferring stability and reliability over bleeding-edge features also enters the exclusive list for the first time. Read on for brief overviews of the two projects. In the news, Barry Kauler resigns from the position of a benevolent dictator at Puppy Linux, OpenSolaris 2008.11 gets a range of excellent new features, and DistroWatch is showcased on Voice of America's Website of the Week. Also in this week's issue, two new distributions for those users who like to preserve their privacy while surfing the Internet: the Gentoo-based Incognito and the Debian-based Privatix. Finally, we are pleased to announce that the recipient of the DistroWatch September 2008 donation is Miro, an Internet video player."

Comments (none posted)

Distribution reviews

Omega 10 Live CD Beta: Fedora With Added Multimedia (Red Devil's Blog)

Steve Lawson reviews Omega 10, the recently announced Fedora remix that includes multimedia. "Intrigued by this latest development, I decided to take Omega 10 for a spin. It proved to be an interesting experience - and changed my whole view of Fedora. Where previously I have always been impressed by its professional look and performance, I have always been put off using it on a more permanent basis by the amount of user intervention required to make it do what so many other, equally good, distributions do from the outset."

Comments (none posted)

Page editor: Rebecca Sobol

Development

Python 2.6 makes its debut

Version 2.6 of the Python language was announced on October 2, 2008. A.M. Kuchling's extensive What’s New in Python 2.6 document covers the main goal of this release: "The major theme of Python 2.6 is preparing the migration path to Python 3.0, a major redesign of the language. Whenever possible, Python 2.6 incorporates new features and syntax from 3.0 while remaining compatible with existing code by not removing older features or syntax. When it’s not possible to do that, Python 2.6 tries to do what it can, adding compatibility functions in a future_builtins module and a -3 switch to warn about usages that will become unsupported in 3.0."

Python 2.6 marks some changes in the language's development process: "While 2.6 was being developed, the Python development process underwent two significant changes: we switched from SourceForge’s issue tracker to a customized Roundup installation.."

Python 2.6 also included a switch to the reStructuredText documentation format via the Sphinx Python documentation generator. A.M. Kuchling explains the reason for the move: "The Python documentation was written using LaTeX since the project started around 1989. In the 1980s and early 1990s, most documentation was printed out for later study, not viewed online. LaTeX was widely used because it provided attractive printed output while remaining straightforward to write once the basic rules of the markup were learned. Today LaTeX is still used for writing publications destined for printing, but the landscape for programming tools has shifted. We no longer print out reams of documentation; instead, we browse through it online and HTML has become the most important format to support."

Numerous changes have been made to the Python language and its large collection of modules. Many of these changes came through the Python Enhancement Proposal (PEP) system including:

• PEP 343: the "with" statement.
• PEP 366: main module explicit relative imports.
• PEP 370: per-user site-packages directory.
• PEP 371: addition of the multiprocessing package to the standard library.
• PEP 3101: advanced string formatting.
• PEP 3105: make print a function.
• PEP 3110: catching exceptions in Python 3000.
• PEP 3112: byte literals in Python 3000.
• PEP 3116: new I/O library.
• PEP 3118: revising the buffer protocol.
• PEP 3119: introducing abstract base classes.
• PEP 3127: integer literal support and syntax.
• PEP 3129: class decorators.
• PEP 3141: a type hierarchy for numbers.

Many new modules were added and a lot of existing modules were extended in Python 2.6. The list includes: ast (abstract syntax tree), future_builtins, json (JavaScript object notation), plistlib (property list parser), ctypes, and ssl. A number of modules were deprecated in this release, including: audiodev, bgenlocations, buildtools, bundlebuilder, Canvas, compiler, dircache, dl, fpformat, gensuitemodule, ihooks, imageop, imgfile, linuxaudiodev, mhlib, mimetools, multifile, new, pure, statvfs, sunaudiodev, test.testall, and toaiff.

Finally, there were many minor module changes, C API changes, optimizations, interpreter changes and platform-specific changes to Python 2.6. Python continues to be a live and evolving language, this release represents a fairly large set of changes that will pave the way forward to Python 3.

Comments (none posted)

System Applications

Audio Projects

PulseAudio 0.9.13 released

Version 0.9.13 of the PulseAudio sound server has been announced. According to the changes document: "This is mostly a bugfix release. However, it contains some minor API additions and new Bluetooth support (experimental for now) contributed by Google Summer Student João Paulo Rechi Vita."

Comments (1 posted)

Database Software

PostgreSQL Weekly News

The October 5, 2008 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: 1)

Interoperability

Samba 3.3.0pre2 is available

Version 3.3.0pre2 of Samba has been announced. "This is a preview of the next upgrade production release version of Samba. It is intended for testing purposes only. Please test and report any bugs that you find. Our plan is to possibly have one more preview release and move to the release candidate stage in September. The final 3.3.0 release is planned for December 15."

Comments (none posted)

Mail Software

SoftlabsAV: 0.9.2 released (SourceForge)

Version 0.9.2 of SoftlabsAV has been announced. The software is: "A procmail based antivirus filter for incoming mail servers on Unix. It is efficient and tiny. Supports UUE, Zip and Rar attachments, Base64 and Quoted-Printable encodings. Identifies viruses, PUAs and phishings using the ClamAV clamscan virus scanner".

Comments (none posted)

Web Site Development

Midgard 8.09.0 released

Version 8.09.0 of the Midgard web development platform has been announced. "The version is targeted to ease transition from web services using the deprecated Midgard 1.x APIs to the new Midgard2 architecture. Because of this, the release provides both API versions. This means that the release can be used to run both Midgard 1 applications like the version 2.9 of the MidCOM component framework, and Midgard2 applications like MidCOM3."

Full Story (comments: none)

Desktop Applications

Data Visualization

rrdtool 1.3.4 released

Version 1.3.4 of rrdtool, a time series data plotting utility, has been announced. "I have released rrdtool 1.3.4 this is another update release with mainly bugfixes ..."

Comments (none posted)

Veusz 1.1 announced

Version 1.1 of Veusz has been announced, it includes new features and bug fixes. "Veusz is a scientific plotting package written in Python, using PyQt4 for display and user-interfaces, and numpy for handling the numeric data. Veusz is designed to produce publication-ready Postscript/PDF output. The user interface aims to be simple, consistent and powerful. Veusz provides a GUI, command line, embedding and scripting interface (based on Python) to its plotting facilities. It also allows for manipulation and editing of datasets."

Full Story (comments: none)

Desktop Environments

GNOME 2.25.x release schedule announced

The GNOME 2.25.x Development Series release schedule has been announced. "GNOME 2.25.x is an unstable development series intended for testing and hacking purposes. GNOME uses odd minor version numbers to indicate development status, so this unstable 2.25.x series will eventually become the official 2.26 stable release."

Comments (none posted)

GNOME Software Announcements

The following new GNOME software has been announced this week:

• Cairo Composite Manager 0.2.2 (bug fixes and code cleanup)
• Clutter 0.820 (new features and bug fixes)
• F-Spot 0.5.0.2 (bug fixes)
• gnoMint 0.5.4 (new features, bug fixes and translation work)
• Tomboy 0.12.1 (bug fixes)

You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE 4.1.2 Released

The KDE Community has announced the immediate availability of "Codename", (a.k.a KDE 4.1.2), another bugfix and maintenance update for KDE4. "Codename is a monthly update to KDE 4.1. It ships with a basic desktop and many other packages; like administration programs, network tools, educational applications, utilities, multimedia software, games, artwork, web development tools and more. KDE's award-winning tools and applications are available in more than 50 languages."

Full Story (comments: 18)

KDE Software Announcements

The following new KDE software has been announced this week:

• Amarok 2 Beta 2 released (unspecified)
• CSS-Miami 2.0(unspecified)
• digiKam 0.10.0-beta4 (new features and bug fixes)
• digiKam 0.10.0-beta3 (new features and bug fixes)
• Elltube 0.2 (new features and bug fixes)
• Elltube 0.2.1 (bug fixes)
• eric4 4.2.2a (bug fixes)
• Firewall Builder 3.0.1 (usability improvements and stability fixes)
• kdesvn 1.2.1 (kde4 port finished)
• kipi-plugins 0.2.0-beta2 (new features and bug fixes)
• KNDISWrapper 0.3.5 (new features)
• Kraft 0.30 (new features and bug fixes)
• KRename 3.9.2 (translation work)
• KSplasherX for KDE4 2.0 beta 2 (new features and bug fixes)
• LilyKDE 0.6.4 (new feature)
• LilyKDE 0.6.5 (new features and bug fix)
• netgo_ng 0.1.6 (new feature)
• netgo_ng 0.1.7 (new features)
• NoteFinder 0.1.8 (new features and bug fixes)
• Open Yakuake here 1.1 (unspecified)
• Qtractor 0.2.2 (new features and bug fixes)
• Qwit 0.6 (new features)
• XPasta Beta 1 (visual improvements)
• XPasta Beta 2 (bug fix)

You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

Xorg Software Announcements

The following new Xorg software has been announced this week:

• xf86-input-evdev 2.0.6 (bug fix)
• xf86-input-mutouch 1.2.1 (bug fixes and code cleanup)
• xtrans 1.2.2 (new features and code cleanup)

More information can be found on the X.Org Foundation wiki.

Comments (none posted)

Encryption Software

M2Crypto 0.19 announced

Version 0.19 of M2Crypto has been announced, it includes new functionality and bug fixes. "M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME messenger for Zope. M2Crypto can also be used to provide SSL for Twisted."

Full Story (comments: none)

Games

phpDiplomacy: 0.82 released (SourceForge)

Version 0.82 of phpDiplomacy has been announced. "Diplomacy is a popular strategy game in which you battle to control Europe, but this isn't a game of luck; to win you must be diplomatic and strategic, making and breaking alliances and bargains. phpDiplomacy takes the fight for Europe to the internet. This release is mostly oriented towards making it easier to handle large communities of players, and it also includes some bug fixes which finish off the remainder of the DATC compatibility issues."

Comments (none posted)

GUI Packages

Albow 2.0 announced

Version 2.0 of Albow, a library for creating GUIs using PyGame, has been announced. "This version incorporates substantial additions and improvements. New widgets include TabPanel, TableView, CheckBox, RadioButton and an enhanced set of TextField-based controls."

Full Story (comments: none)

Interoperability

Mono 2.0 released

Version 2.0 of Mono has been announced. "The Mono(R) project, an open source initiative sponsored by Novell, today announced the availability of Mono 2.0, an open source, cross-platform .NET development framework. Mono 2.0 provides all the necessary software to develop and run .NET client and server applications on Linux*, as well as other operating systems. The new Mono 2.0 release is now compatible with the desktop and server components of version 2.0 of the Microsoft* .NET framework and features the Mono Migration Analyzer (MoMA), an analytical tool for .NET-to-Linux migrations."

Full Story (comments: none)

Mail Clients

Claws Mail 3.6.0 unleashed

Version 3.6.0 of Claws Mail has been announced, it adds a number of new capabilities and has some bug fixes. "Claws Mail is a GTK+ based, user-friendly, lightweight, and fast email client."

Full Story (comments: none)

Multimedia

Elisa Media Center 0.5.13 released

Version 0.5.13 of Elisa Media Center has been announced. "A few new features have been implemented during this cycle when the team was focused on fixing more than 20 bugs. Here are the main highlights: - Generic support for favourites (with a first proof-of-concept implementation for the Yes.fm plugin) - Improved usability when browsing folders for additions to the collection - Play files launching Elisa from the command line, this will allow a better desktop integration by enabling Elisa as the default media player".

Full Story (comments: none)

Music Applications

MMA 1.4 is out

Version 1.4 of Musical MIDI Accompaniment (MMA) has been released, it includes new capabilities and bug fixes. "MMA is a accompaniment generator -- it creates midi tracks for a soloist to perform with. User supplied files contain pattern selections, chords, and MMA directives."

Full Story (comments: none)

Office Suites

OpenOffice.org Newsletter

The September, 2008 edition of the OpenOffice.org Newsletter is out with the latest OO.o office suite articles and events.

Full Story (comments: 1)

Video Applications

Theora 1.0 RC1 announced

Version 1.0 RC1 of Theora has been announced, testers are needed. "Fellow Theora users, For long you have waited for the stable release of the official implementation of everyone's favorite video format. Well, this is its Release Candidate, and you are hereby invited to play around with it as much as you want."

Full Story (comments: none)

Languages and Tools

Caml

Caml Weekly News

The October 7, 2008 edition of the Caml Weekly News is out with new articles about the Caml language.

Full Story (comments: none)

Java

OpenSwing: 1.7.7 released (SourceForge)

Version 1.7.7 of OpenSwing has been announced, it includes new features and bug fixes. "OpenSwing is a component library that provides a rich set of advanced graphics components and a framework for developing java applications based on Swing front-end. It can be applied both to rich client applications and Rich Internet Applications."

Comments (none posted)

TymeacSE: Release 6.1 (SourceForge)

Version 6.1 of TymeacSE has been announced. "TymeacSE is a full-feature, multi-threading, backend-process manager for Java (J2SE) development (RMI and internal server). TymeacSE provides a queuing facility, professional thread management and recursive processing that is easy to use. This release is a cosmetic upgrade to the server. More of a pretty-up for the com.tymeac.base classes."

Comments (none posted)

JSP

Pyjamas 0.3 released

Version 0.3 of Pyjamas, a Python-to-Javascript compiler and AJAX library, has been announced. "Pyjamas Applications are written in python, yet run in all major web browsers - as javascript. Specifically, the 0.3 release adds support for IE7. Pyjamas is a port of Google Web Toolkit to python. So, where GWT is a Java-to-Javscript compiler plus widget set, Pyjamas is a python-to-javascript compiler plus widget set."

Full Story (comments: none)

Perl

This Week on perl5-porters (use Perl)

The September 22-27, 2008 edition of This Week on perl5-porters is out with the latest Perl 5 news.

Comments (none posted)

Python

PyYAML-3.06: YAML parser and emitter for Python

Version 3.06 of PyYAML has been announced, it includes bug fixes. "YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages."

Full Story (comments: none)

Python-URL! - weekly Python news and links

The October 6, 2008 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Tcl/Tk

PS/Tk: version 1.0 released (SourceForge)

Version 1.0 of PS/Tk has been announced. "This is the initial SourceForge release of PS/Tk, a portable Scheme library that provides access to the Tk graphical user interface toolkit."

Comments (none posted)

Tcl-URL! - weekly Tcl news and links

The October 2, 2008 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Tcl-URL! - weekly Tcl news and links

The October 8, 2008 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

IDEs

PyDev 1.3.22 released

Version 1.3.22 of PyDev has been announced. "PyDev is a plugin that enables users to use Eclipse for Python and Jython development -- making Eclipse a first class Python IDE -- It comes with many goodies such as code completion, syntax highlighting, syntax analysis, refactor, debug and many others." Click below for change information.

Full Story (comments: none)

Version Control

cgit 0.8 is available

Version 0.8 of cgit, a web interface for git, has been announced. "Big thanks to everyone who submitted patches and feedback!"

Full Story (comments: none)

Miscellaneous

The Linux binutils 2.19.50.0.1 is released

Version 2.19.50.0.1 of Linux binutils has been announced. "This is the beta release of binutils 2.19.50.0.1 for Linux, which is based on binutils 2008 1007 in CVS on sourceware.org plus various changes. It is purely for Linux."

Full Story (comments: none)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

Stallman vs. Clouds (Linux Journal)

Over at Linux Journal, Doc Searls reflects on Richard Stallman's recent opinions of "cloud computing". "Still, I think that RMS is onto something. The core promise of computing, even on a vast network that connects us all, is autonomy and independence. It's being free (as in freedom) to operate on your own, and to share what's meant to be shared in ways that nobody else can control, and to improve useful goods in ways that work for everybody. There are, in those core values, imperatives that seem at odds with the dependencies that 'cloud computing' can sometimes involve."

Comments (35 posted)

The Microsoft-Stacked SC 34 Committee Makes a Move (Groklaw)

Groklaw looks into a move by the ISO/IEC SC 34 committee. "Guess what the SC 34 committee, the ISO/IEC committee responsible for OOXML, is up to now? I call it a takeover attempt of ODF, according to my reading of the published notes of the most recent meeting held yesterday, October 1st, and starring a document titled "Request to JTC 1 for alignment of OASIS and JTC 1 Maintenance Procedures." Uh oh. That sounds polite, but it is what it is. An attempted coup. They have already sent a "Liaison Statement" to OASIS."

Comments (2 posted)

Interviews

KpackageKit: future of package managers on your desktop (PolishLinux)

PolishLinux has an interview with the KPackageKit developers. "PackageKit is a system designed to make installing and updating software on your computer easier. The primary design goal is to unify all the software graphical tools used in different distributions. KPackageKit is the KDE interface for PackageKit. Today we talk with Packagekit-Qt and KpackageKit developers about new emerging possibilities in process of managing software on your desktop." (Found on KDE.News)

Comments (5 posted)

Reviews

Testers sought for Blackberry-Linux sync software (LinuxDevices)

LinuxDevices looks at a Linux-to-Blackberry sync solution, now in beta testing. "Initially, PocketMac for Blackberry, Linux Edition (let's call it "PBLE") is currently being tested only on the Xandros distribution. Currently, it is designed to sync with the KDE PIM suite. Other Linux distributions will be supported in the near future, says the IAA, which did not offer any additional information on Linux application support."

Comments (6 posted)

First look: latest Fedora and Ubuntu betas really shine (ars technica)

Ars technica has a quick look at the Fedora and Ubuntu beta releases. "These betas, which offer users an opportunity to get an early look at the functionality that will be included in the next major versions, are already highly polished and showcase the growing maturity of the desktop Linux software ecosystem."

Comments (22 posted)

Mono 2.0 lets .Net apps run on Linux (InfoWorld)

InfoWorld takes a look at Mono 2.0, which is being released today. Mono is a project sponsored by Novell to implement Microsoft's .NET framework for Linux and Mac OS X. "He estimated that 45 percent of applications will run on Mono 2.0 out of the box while 18 percent will require developers to spend a couple of weeks to make some changes due to operating system differences. About 20 percent will require significant work, taking about three to six months, if the application is tightly integrated with Windows, de Icaza said."

Comments (34 posted)

10 Handy Productivity Tools in Linux (Daily Artisan)

The Daily Artisan looks briefly at 11 interesting Linux-based tools (yes, eleven; a calculator is not one of them). "Conduit is an awesome syncing application for GNOME. It can help you synchronize your personal information like files, photos, notes, emails, contacts, calendar data among many other things. You can also use Conduit to synchronize that data with another computer, an online service, or even another electronic gadget. Conduit even manages the conversion of data into other formats."

Comments (12 posted)

Miscellaneous

How often do we need GNU/Linux releases? (iTWire)

Sam Varghese considers the ill effects of 6 month Linux distribution releases. "For years, Microsoft thrived on just such a strategy, adding features to Windows as though they were going out of style and not caring about anything apart from marketshare. From 1995 onwards, the name of the product reflected the fact that the company's expertise lay more in marketing than technology - Windows 3.1 in 1990 was followed by Windows 95. What has been the end result? Windows is a widespread but highly insecure and buggy operating system which everyone is forced to use simply because it has become some kind of de facto standard. I fear that GNU/Linux - or at least some distributions - is following in its wake."

Comments (49 posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

FSF reboots its High Priority list with a grant and call for input

The Free Software Foundation has announced an adjustment of its high priority list. "The Free Software Foundation (FSF) today announced a "reboot" of its High Priority Projects list with an accompanying $10,000 grant from Worldlabel.com Inc. The grant will seed a new fund to promote projects on the list, and the FSF is calling for a community conversation about the biggest challenges computer users face using free "as in freedom" software."

Full Story (comments: 3)

Untangle Joins The Linux Foundation

The Linux Foundation has announced that Untangle is the newest member of the Foundation. "Untangle, developers of the Open Source Network Gateway, is joining the Linux Foundation as a way to further contribute to the open source community. It plans to take advantage of the exclusive Linux Foundation events and to collaborate with the Foundation on outreach to Linux User Groups (LUGs) throughout the globe."

Full Story (comments: none)

2008Q4 Call for Grant Proposals (use Perl)

use Perl has announced the 2008Q4 Call for Grant Proposals. "The Perl Foundation is looking at giving some grants ranging from $500 to $3000 in November 2008. In the past, we've supported Adam Kennedy's PPI and Strawberry Perl, Nicholas Clark's work on Perl internals, Jouke Visser's pVoice, Chris Dolan on Perl::Critic and many others".

Comments (none posted)

Commercial announcements

The Brazilian GNU/Linux Insigne Momentum 5.0 Operating System Strengthens Brazilian Digital Inclusion Program

This press release looks at the Brazilian "Computador para Todos" (Computer for Everyone) program that was announced in November 2005. The open source Insigne OS has been key to the success of the program. ""It has been hard but pleasant work reaching 1.5 million families," says Joao Pereira da Silva Jr., Insigne's CEO. "Brand-new users considered the system very friendly, and the other systems' former users expressed admiration and a desire to migrate to Insigne. We are motivated to improve the Insigne OS to increase our market share.""

Comments (1 posted)

New MySQL Distribution: ExtSQL Provides Usage Accounting

Software Workshop has developed their own modifications to MySQL and called it ExtSQL. ExtSQL gives database administrators a simple way to monitor activity by individual users, database, or even connection. ExtSQL has new commands built into the server as an extension to the SQL language. ExtSQL is being released under the GPL.

Comments (5 posted)

SourceLabs announces Top Ten Open Source Software Support Issues

SourceLabs has announced its September, 2008 compilation of the Top Ten Open Source Software Support Issues. "SourceLabs, the company innovating support and search technology for open source software, today announced the top ten most prevalent support issues and search data for supporting Linux and Open Source Java for the month of September 2008. The report is compiled from monthly searches performed by users of SourceLabs' Self-Support Suite (http://webui.sourcelabs.com)."

Comments (none posted)

New Books

The Daemon, the Gnu, and the Penguin in printed book format

Reed Media Services has published the book The Daemon, the Gnu, and the Penguin by Peter H. Salus.

Full Story (comments: 1)

Learning OpenCV--New from O'Reilly

O'Reilly has published the book Learning OpenCV by Gary Rost Bradski and Adrian Kaehler.

Full Story (comments: none)

A Sane Approach to Database Design

G2W Press has published the book A Sane Approach to Database Design by Mark Johansen.

Full Story (comments: none)

Version Control with Subversion--New from O'Reilly

O'Reilly has published the book Version Control with Subversion by Ben Collins-Sussman, Brian W. Fitzpatrick, and C. Michael Pilato.

Full Story (comments: none)

Resources

Linux Gazette #155 is out

Issue number 155 of the Linux Gazette has been published. Topics include: Mailbag, Talkback, 2-Cent Tips, News Bytes by Deividson Luiz Okopnik and Howard Dyckoff, Away Mission: Google I/O and Better Software Practices by Howard Dyckoff, HugeTLB - Large Page Support in the Linux Kernel, by R. Krishnakumar, Book Review: Understanding Open Source and Free Software Licensing by Rick Moen, Joey's Notes: Using the Automounter by Joey Prestia, Our monthly column of basic Linux advice and education HelpDex by Shane Collinge, Ecol by Javier Malonda, XKCD by Randall Munroe and The Linux Launderette.

Full Story (comments: none)

Contests and Awards

OO.o Community Innovation Program Winners

The winners of the OpenOffice.org Community Innovation Program have been announced. "The Community Innovation Program Awards Committee is pleased to announce the winners of this year's contest. We were impressed by the quality of the submissions and by the work demonstrated, and on behalf of the OpenOffice.org Community, look forward to working with the Entrants. There were four award levels, Gold, Silver, Bronze, and Honourable Mention."

Full Story (comments: none)

Surveys

Announcing the Ubuntu Server Survey

A new Ubuntu Server Survey has been announced. "The Ubuntu Server Team wants to know how you use Ubuntu Server in day-to-day operations to help the team prioritize the support and development of future Ubuntu Server Editions. In an effort to better understand, support and further the Ubuntu Server Edition we would like to ask you to take this survey which should take between 10 to 20 minutes to complete. The information provided will help us determine where we can improve support, where to add additional resources and to generate a better understanding of the community which we work within."

Full Story (comments: none)

Calls for Presentations

linux.conf.au 2009 Open Mobile Miniconf cfp

A Call for Presentations has gone out for the Open Mobile Miniconf at linux.conf.au 2009. The conference takes place in Hobart, Tasmania on January 19-20, 2009.

Full Story (comments: none)

SCALE calls for non-profit exhibitors

The Southern California Linux Expo (SCALE) has announced a call for non-profit exhibitors. "Wide spread acceptance and encouragement from the user community has established SCALE as a premiere Open Source Software conference. Continuing our efforts to promote Open Source software, we invite you to share your work on Free and Open Source projects with the rest of the FOSS community. If you'd like a expo booth for your project at the 7th Annual So Cal Linux Expo, please submit your proposal."

Full Story (comments: none)

Upcoming Events

Linux.conf.au announces keynotes for 2009

The 2009 edition of linux.conf.au has announced three keynote speakers for the conference. It will be held January 19-24, 2009 in Hobart, Tasmania. "The speakers are: internationally recognised author, speaker and systems administrator, Tom Limoncelli; co-founder of Wikia and Chair of the Wikimedia Foundation Advisory Board, Angela Beesley; and Chief Open Source Officer at Sun Microsystems, Simon Phipps." Click below for more information.

Full Story (comments: none)

Harald Welte to keynote co-located NLUUG and Embedded Linux Conference Europe

Harald Welte will be giving a keynote speech—entitled "How chip makers should (not) support free software"—at the NLUUG autumn conference [Dutch] and co-located Embedded Linux Conference Europe. Both conferences have recently opened for registration. The conferences will be held in Ede, the Netherlands on November 6 and 7. A combined program [PDF in both Dutch and English] for the conferences is available. In addition to Welte's keynote, there are presentations on many different topics from members of the Linux community.

Comments (none posted)

LinuxWorld Expands To OpenSource World Conference & Expo

IDG World Expo has announced the launch of OpenSource World(TM) Conference & Expo. "OpenSource World will include the key features of LinuxWorld(R), but will offer a strong focus on supporting and enlarging not only the Linux market, but the overarching open source technology umbrella. OpenSource World is scheduled to take place August 10-13, 2009, at San Francisco's Moscone Center."

Comments (none posted)

Events: October 16, 2008 to December 15, 2008

The following event listing is taken from the LWN.net Calendar.

Date(s)	Event	Location
October 15 October 16	OpenSAF Developer Days	Munich, Germany
October 17 October 18	European PGDay 2008	Prato, Italy
October 18 October 19	Maker Faire Austin	Austin, TX, USA
October 19 October 24	Colorado Software Summit 2008	Keystone, CO, USA
October 20 October 24	15th Annual Tcl/Tk Conference	Manassas, VA, USA
October 21 October 23	Web 2.0 Expo Europe	Berlin, Germany
October 21 October 24	Systems	Munich, Germany
October 22 October 24	Hack.lu 2008	Parc Hotel Alvisse, Luxembourg
October 22 October 24	Encuentro Linux	Concepción, Chile
October 24 October 26	Free Society Conference and Nordic Summit	Gothenburg, Sweden
October 25 October 26	T-DOSE 2008	Eindhoven, the Netherlands
October 25	Ontario Linux Fest 2008	Toronto, Canada
October 26 October 31	IBM Information On Demand 2008	Mandalay Bay - Las Vegas, Nevada, USA
October 27 October 30	Embedded Systems Conference - Boston	Boston, USA
October 29 November 1	10th Real-Time Linux Workshop	Colotlán, Jalisco, Mexico
November 3 November 7	ApacheCon US 2008	New Orleans, LA, USA
November 5 November 7	OpenOffice.org Conference 2008	Beijing, China
November 6	NLUUG autumn conference: Mobile Applications	Ede, Netherlands
November 6 November 7	Embedded Linux Conference Europe 2008	Ede, Netherlands
November 7 November 8	TwinCity Perl Workshop 2008	Vienna, Austria
November 7 November 9	UKUUG linux conference	Manchester, UK
November 8 November 9	Hackers to Hackers Conference 05'	Sao Paulo, Brazil
November 8 November 9	FOSS.my	Kuala Lumpur, Malaysia
November 10 November 14	Python Bootcamp with Dave Beazley	Atlanta, GA, USA
November 11 November 14	DeepSec IDSC 2008	Vienna, Austria
November 12 November 14	php|works 2008	Atlanta, GA, USA
November 12 November 13	PacSec Applied Security Conference	Tokyo, Japan
November 13 November 14	International Hacking and Security Conference	Seoul, Korea
November 14 November 16	OpenSQL Camp 2008	Charlottesville, VA, USA
November 16 November 20	Middle East IT Security Conference	Dubai, UAE
November 19 November 20	Linux Foundation Japan Symposium	Tokyo, Japan
November 20 November 21	FreedomHEC Taipei 2008	Taipei, Taiwan
November 22	The phpnw08 conference	Manchester, UK
November 22	PGDay Rio de la Plata	Buenos Aires, Argentina
November 22	Mandriva 2009 Installfest	Everywhere, World
November 25 November 29	FOSS.IN 2008	Bangalore, India
November 25 November 30	make art 2008	Poitiers, France
November 28	Informazione geografica aperta e libera	Pontedera (PI), Italy
November 28 November 29	WhyFLOSS La Plata - Argentina	La Plata, Argentina
November 29	LinuxDay in Vorarlberg (Deutschland, Schweiz, Liechtenstein und Österreich)	Dornbirn, Austria
December 1	First Nuxeo Developer Day	Paris, France
December 1 December 2	Open World Forum	Paris, France
December 2 December 5	Open Source Developers' Conference 2008	Sydney, NSW, Australia
December 4 December 7	PIKSEL08 - code dreams	Bergen, Norway
December 5 December 6	FOSSCamp	Mountain View, CA, USA
December 5 December 13	International Joint Conferences on Computer, Information, and Systems Sciences, and Engineering	Online,
December 7 December 12	Computer Measurement Group Conference 2008	Las Vegas, NV, USA
December 8 December 12	Ubuntu Developer Summit	Mountain View, CA, USA
December 8	Forum PHP Paris 2008	Paris, France
December 10 December 11	First Workshop on I/O Virtualization	San Diego, CA, USA
December 13	NLLGG meeting/BSD Community Day	Utrecht, The Netherlands

If your event does not appear here, please tell us about it.

Audio and Video programs

Mastering IPTables, Part I (Linux Journal)

Linux Journal presents part one of a video tutorial on Mastering IPTables by Elliot Isaacson.

Comments (none posted)

Page editor: Forrest Cook