LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

Holidays are an exercise in tradition. One of the more charming holiday traditions around LWN is to look at the predictions made at the beginning of the year and measure them against reality. There is, after all, great value in things which make us laugh. This year's predictions were featured in the January 3, 2008 edition. As might be expected, some of them were better than others.

What was predicted

Your editor's first prediction was that support for Flash playback would mature in 2008. In some sense, that may be true. Your editor's desktop system, running the Rawhide build of Gnash, can now faithfully display a wide variety of Flash ads, web site "intros," and various other thoroughly useless bits of media. A Flash-based "interactive tour" offered by LWN's bank worked nicely. But support for many other Flash features, including audio and simple playback from online sites, still is not especially solid, and other interactive Flash applications do not work at all. This problem, it seems, is still not solved.

The prediction of the KDE 4.0 release required little in the way of foresight, as did the prediction that users would be unhappy. That stage was well set before the beginning of the year. A continued focus on power management was also an easy thing to foresee; there will be great value in making our systems more power-efficient into the indefinite future.

Flush from those two obvious successes, your editor went off and stated that the bulk of the realtime tree would be merged into the mainline kernel by the end of the year. Oh well. Your editor should know by now that expecting deterministic merge times for realtime patches is a sure path to disappointment; latencies in this area are always higher than one would like. In this case, the realtime developers got stuck in a high-priority interrupt (taking over the x86 architecture) with the result that realtime work got preempted and suffered from severe starvation.

As predicted, debate over Microsoft's OOXML format continued, and Microsoft succeeded in obtaining standard status for that format anyway. Things have since gotten quieter, though, perhaps because people see it as a done deal and no longer worth fighting about.

The GPL was the subject of two predictions this year. One was that more projects, perhaps even glibc, would move to GPLv3. There is a steady stream of analyst verbiage to the effect that GPLv3 is quickly growing in popularity (example), but the truth of the matter is that the number of conversions in projects which really matter appears to be low. Projects with significant numbers of developers and users continue to approach GPLv3 with caution.

The other prediction was that GPL enforcement actions would continue, and perhaps grow. The recent FSF lawsuit against Cisco makes it clear that the GPL enforcers are serious about what they are doing. Your editor cannot help but wonder, though, whether the increasingly litigious actions by the Software Freedom Law Center might not eventually lead to a serious backlash within the community. We are about freedom, not punitive damages. Enforcement of the GPL is necessary if we expect our licenses to be taken seriously, but overly zealous - or greedy - litigation could encourage those who say that use of free software exposes companies to an unacceptable level of risk.

Your editor included a rosy prediction about the One Laptop Per Child project and where it would go over the course of the year. In fact, OLPC has continued to work toward its goal of putting laptops into the hands of children around the world. But your editor completely missed the way internal divisions would rise to the surface and distract OLPC developers from what they are trying to do. OLPC seems to have moved beyond the worst of that, and much-needed development on the Sugar software continues. But the project seems far from its original goals, and the increasing popularity of ultra-mobile systems, while vindicating the original vision behind the OLPC hardware, threatens to render the XO hardware obsolete and irrelevant.

Ever the optimist, your editor said that the days of hardware hassles would be over. We are closer. Finding an off-the-shelf system - server, desktop, laptop, or palmtop - which is fully supported by Linux is now easily done. OK, maybe the modem is not supported, but few people will be inconvenienced by that omission anymore. That said, there will probably never be a shortage of uncooperative hardware manufacturers; if we value our free operating system, we must continue to support manufacturers who work with our community, and avoid those which do not.

The prediction that the intensity of competition between distributors would increase was reasonably well satisfied. One need only look at Novell's "migrate from Red Hat" offering or the continued attacks on Ubuntu, not all of which have to do with its community participation.

Finally, the three "community" predictions at the end of last January's article were all satisfied reasonably well. None of them were especially daring, so that should not be surprising.

What was not predicted

One commenter in January asked about the lack of predictions about SCO. In December, it is hard to say that SCO deserved a place there. The company still exists in some form, but it no longer has much to warrant the attention of the Linux community. Your editor predicts that there will be no SCO predictions in 2009 either.

So what else did your editor miss? Perhaps at the top of the list is the evolution of the Linux platform as it is used in mobile devices, and in cellular telephones in particular. Google's (unpredicted by your editor) Android platform has made a splash, regardless of what one might think of its openness. The first Android phone has been reasonably well received, and it would appear that more are on the way. The merger of the LiPS and LIMO consortia shows that some consolidation is happening in this area. The announced plans to open Symbian were also an interesting development. In the near future, the handset business seems likely to be firmly dominated by free software - though, alas, the bulk of those handsets will not be designed to pass the benefits of that freedom on to their owners.

Your editor has often predicted software patent troubles, though he did not do so in 2008. What was completely unforeseen, though, was Red Hat's resolution with Firestar Software. The company got itself out of a patent bind, and, in the process, removed the patent as a threat to the wider development and user community too. We may see this sort of solution repeated for patent problems in the future - if we are lucky.

Finally, unpredicted - and unpredictable - was the series of "infrastructure issues" which shut down much of the Fedora project for a good month. That episode showed us a number of things: how much some of us depend on our distributors' infrastructure, how vulnerable we can be to intrusions, and how the interests of the companies behind some distributions can interfere with the availability of useful information. Months after the fact, we still have no idea what happened with the Fedora project; it is not unreasonable to wonder if we will ever know.

Despite problems like that, and other small distractions (the total meltdown of the global financial system, for example), Linux has only grown stronger over the last year. Our community has grown, our software has gotten better, and the economy around free software has gotten stronger. Your editor predicted that, too, but not even he is so arrogant as to claim credit for having foreseen something nearly as obvious as the sunrise.

Comments (17 posted)

PDF-based presentations with 3-D effects

At first, the idea of adding 3-D transitions to command line presentation software may give you a kind of cognitive dissonance. Just as you would if someone had added a GPS tracking system to a one-horse cart plodding along at two kilometers an hour, you have to wonder why anyone would bother. But, the dissonance disappears as you start to explore the control and precision you have in command-line programs like PDFCube and Impressive (formerly KeyJNote). Both are small and efficient programs that allow you to add transitions and other special effects to PDF-based presentations, although the range of options varies considerably between the two programs.

Before using either PDFCube or Impressive, you need to have to have support for 3-D graphics installed. PDFCube works well with OpenGL, as well as with the drivers and video cards listed on its hardware compatibility page. By contrast, Impressive is somewhat more erratic under OpenGL, with some transitions displaying slowly, especially when you have less than two gigabytes of RAM available. However, by picking and choosing effects, you can still test drive Impressive without resorting to proprietary drivers.

Both applications are available as source code from their project sites. However, you will also need to install dependencies for PDF support, such as Poppler for PDFCube, and Xpdf Reader or Ghostscript for Impressive. Impressive also requires Perl and Python. For convenience, you may prefer to use the Debian packages for both programs, or, in the case of PDFCube, the packages available in the Fedora and Ubuntu repositories. Impressive is also available for OS X and Windows.

PDFCube

With version 0.0.3 just released, PDFCube is more a proof of concept than a finished application. In fact, it currently has only one transition effect — a spinning cube. However, a day after the latest release, maintainer Mirko Maischberger has already posted a brief announcement on the project home page that he has already started work on "an abstraction layer for 3D effects (cube, fading, cover flow) to be done in C++ and OpenGL)."

What you currently have in PDFCube is the basic engine. No options are available, so all you need to type to try PDFCube is pdfcube filename.pdf.

However, before trying PDFCube, take the time to read its man page to learn how to navigate within the program. Unlike full office applications like OpenOffice.org Impress or KPresenter, PDFCube is driven completely by keyboard commands, and — so far, at least — does not work with the mouse at all.

Fortunately, the basic commands are few. You press the 'c' or space key to move to the next page of a presentation using an effect, or the PageUp key to move to the next page without any effect or the PageDown key to move to the previous page without effect. You can also use the 'h','j','k', and 'l' keys to zero in on one of the corners of the current page, or the 'z' key to zoom in on the center. Pressing any of these keys zooms out again, while Esc stops the presentation. These are all the controls that you are likely to need.

As Maischberger suggests on the project home site, the spinning cube is easy to overdo, so you might want to limit its use to major transitions. You can impose this limit by adding the page numbers before the places you want the transition. For instance, if you entered pdfcube filename.pdf 0 3, you would have the spinning cube between pages 1 and 2 and pages 4 and 5 only. Other transitions would lack the effect.

Another point to be aware of with PDFCube is that is designed for landscape oriented pages. You can display PDF files with a portrait orientation, but the application currently gives you no way of scrolling up or down the page. But, this limit aside, PDFCube shows a simplicity and performance that you don't often see in its desktop equivalents.

Impressive

At version 0.10.2, Impressive is already much more complete than PDFCube. It not only runs slideshows from directories with BMP, JPEG, PNG, and TIFF graphics as well from PDFs, but also includes a complete set of controls for fine-tuning how its presentations run — to say nothing of several unique controls for running a presentation.

You can view a complete list of options with impressive --help, or from the project documentation page. They include options to set up an automatic slideshow, complete with a loop from the end back to the beginning, to set the size of the presentation window, and just about every other aspect of the running and appearance of a presentation that you can imagine. Two especially noteworthy options are -d, which allows you to set a time for the entire presentation, then pace yourself by an unobtrusive bar along the bottom of the screen, and -u, which polls original files periodically to see if they are updated.

If you want to use slide transitions, you will need to enter impressive --listtrans to see a list of over 20 possible transitions. All the transitions have names like SlideUp or WipeDownRight that are clear enough to be self-explanatory, although the help screen does include a slightly longer description. You can use a transition by adding its name with the -t option. However, unlike PDFCube, Impressive currently limits you to a single transition for the entire slide show — a limitation that might frustrate some users, but also prevents the aesthetic disaster of anyone using too many.

In addition, Impressive includes several handy controls. Pressing the Tab key opens a view of all the slides in the presentation, while pressing the Enter key enables a spotlight that follows the mouse and can be used as a built-in pointer.

Still another option is to draw an enclosed shape with the mouse, which results in the rest of the screen darkening and blurring, so that the audience's attention is focused on the area you defined. You can add multiple highlighted areas, each of which you can close with a right mouse-click. The screen returns to normal when you close the last highlighted area.

Impressive's view of all Slides is reminiscent of the slide view in many programs, or the Sun Presenter Console for OpenOffice.org, but its highlight boxes and spotlight are both features that I haven't seen in desktop-oriented programs. These features alone make Impressive worth a look, but more experienced users might also appreciate the wealth of available options — even if they don't often use many of them.

Conclusion

Both PDFCube and Impressive are works in progress, with some ways — and, at the current rate of development, perhaps some years — to go before their 1.0 releases. However, in the current versions, PDFCube has the superior basic engine, while Impressive allows users the greater control. Despite PDFCube's lack of options and Impressive's mediocre OpenGL support, both are worth keeping at least an occasional eye on.

In their separate ways, both demonstrate that, contrary to what many desktop users seem to assume, command line applications are not just archaic remnants. You need time to enter all the options in a command line application, but, if you take the trouble to familiarize yourself with the applications, you may find their controls easier to use than the cluttered editing windows of a desktop application like OpenOffice.org Impress. Far from being outdated, applications like PDFCube and impressive are practical demonstrations that command line applications can be both modern and innovative.

Comments (5 posted)

The 2008 Linux and free software timeline

Here is LWN's eleventh annual timeline of significant events in the Linux and free software world for the year.

As always, 2008 proved to be an interesting year, with great progress in useful software that made our systems better. Of course, there were some of the usual conflicts—patent woes, project politics, and arguments over freedom—but overall, the pace of free software progress stayed on its upwardly increasing trend. 2008 was a year that saw the end of SCO—or not—the rise of Linux-based "netbooks", multiple excellent distribution releases, more phones and embedded devices based on Linux, as well as major releases of software we will be using for years (X.org, Python, KDE, ...). We look forward to seeing what 2009—and beyond!—will bring.

This is version 0.85 of the 2008 timeline. There are certainly errors and omissions; if you find any, please send them to timeline@lwn.net rather than posting them as comments.

January: SCO delisted, Sun buys MySQL, KDE 4, 2.6.24, ... February: Mozilla Messaging, LSB 3.2, vmsplice(), ... March: OpenOffice, GCC, ... April: OOXML approved, 2.6.25, Ubuntu 8.04, ... May: Fedora 9, Sugar Labs, Debian OpenSSL bug, ... June: Wine 1.0, openSUSE 11.0, Firefox 3, ...

July: Kaminsky DNS flaw, 2.6.26, Stormy Peters, ... August: Fedora infrastructure, JMRI, Debian, ... September: Kernel Summit, Linux Plumbers Conference, Firefox EULA, ... October: GIMP 2.6, Python 2.6, 2.6.27, Ubuntu 8.10, ... November: Theora, iPhone Linux, Fedora 10, MySQL 5.1, ... December: Python 3.0, Debian woes, FSF vs. Cisco, Slackware 12.2, openSUSE 11.1, ...

For previous years' timelines, head over to our timeline index.

Comments (none posted)

No Weekly Edition on New Year's Day

A longstanding holiday tradition at LWN is to not publish our usual Weekly Edition during the last week of the year. It's a good time to catch up with friends and family, and there is usually not a whole lot of news to report during that time anyway. This year, that break lands on what would otherwise be the January 1 edition. We'll post occasional articles, but the next Edition is due on January 8. Thanks to all of LWN's readers for another great year, and best holiday wishes to all of you.

Comments (4 posted)

Page editor: Jake Edge

Security

SSL man-in-the-middle attacks

A while back, we looked at the new Firefox 3 warnings for self-signed and expired SSL certificates. As annoying as some found those to be, it certainly increased the visibility of "invalid" certificates. Those certificates could lead to man-in-the-middle attacks, which is what led Mozilla to issue such eye-opening warnings. More recently, Eddy Nigg of Startcom—issuer of free SSL certificates—found another way to do man-in-the-middle attacks without setting off any of the new warnings.

What Nigg found was that he could get a perfectly valid certificate for a domain he did not control: in this case mozilla.com. He could then masquerade as the secure Mozilla site with impunity; any browsers that landed there would verify the certificate as belonging to mozilla.com. He did it through a Comodo reseller with no questions asked: "Five minutes later I was in the possession of a legitimate certificate issued to mozilla.com – no questions asked – no verification checks done – no control validation – no subscriber agreement presented, nothing."

That is clearly a bug in the verification process, but it is completely out of the control of the browser. The browser must trust some set of key signing authorities (i.e. Certificate Authorities or CAs), but has no way to control how well or poorly they actually vet the keys they sign—or their downstream resellers sign. We saw the same potential problem in a slightly different guise with "Extended Validation" certificates back in 2006. It all comes down to trusting CAs.

Sometime after Nigg's story hit Slashdot, Comodo revoked the certificate, which did cause Firefox to put up an error and disallow the connection. One wonders how many bad certificates have been issued but not revoked because a phisher or other scammer received them. One would think those folks would be less likely to publicly announce what they had done.

Bringing attention to the problem will likely help, but there are just too many ways to create bad SSL certificates for those that really want them—bribing CA employees if nothing else. Another useful outcome is that Richard Bejtlich got interested in just how the revocation process works. He collected packet data from accessing Nigg's certificate after it had been revoked which gives look inside the Online Certificate Status Protocol (OCSP).

OCSP is designed to do just what it did, cause a bad certificate to fail when verified by the browser. Nigg's certificate listed an OCSP server that should be consulted. Because that information has been signed by the CA, it can't be tampered with. So long as the browser makes the OCSP check, certificates can be revoked in this manner—as long as the CA is aware that revocation is needed.

Public key cryptography—the basis of SSL and many other encryption schemes—is an amazing method for doing encryption, but it does suffer from a major shortcoming: key exchange. For relatively simple situations, where both parties know each other and have a way to securely exchange keys, it works well. When trying to handle other kinds of communications, either a "web of trust" (a la PGP and GPG) or some kind of trusted authority is required. When those break down, man-in-the-middle and other scams are possible.

Comments (22 posted)

Brief items

MBTA, MIT students discuss security improvements (EFF press release)

The three MIT students who were sued by the Massachusetts Bay Transportation Authority (MBTA) to stop their DEFCON presentation are now working with the agency to improve its security. The students studied MBTA's automated fare collection system, finding it lacking in several respects. "'We've always shared the goal of making the subway as safe and secure as can be,' said student Zack Anderson. 'I am glad that we can work with the MBTA to help the people of Boston, and we are proud to be a part of something that puts public interest first.'" Click below for the full press release.

Full Story (comments: none)

New vulnerabilities

ampache: insecure tmp file usage

Package(s):	ampache	CVE #(s):	CVE-2008-3929
Created:	December 24, 2008	Updated:	December 24, 2008
Description:	From the Gentoo advisory: Dmitry E. Oboukhov reported an insecure temporary file usage within the gather-messages.sh script. A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application.
Alerts:	Gentoo 200812-22 2008-12-23

Comments (none posted)

avahi: denial of service

Package(s):	avahi	CVE #(s):	CVE-2008-5081
Created:	December 19, 2008	Updated:	October 15, 2010
Description:	From the Ubuntu advisory: Hugo Dias discovered that Avahi did not properly verify it's input when processing mDNS packets. A remote attacker could send a crafted mDNS packet and cause a denial of service (assertion failure).
Alerts:	Mandriva MDVSA-2010:204 2010-10-14 Gentoo 200901-11 2009-01-14 Debian DSA-1690-1 2008-12-22 Ubuntu USN-696-1 2008-12-18 CentOS CESA-2009:0013 2009-01-14 Red Hat RHSA-2009:0013-01 2009-01-12 Fedora FEDORA-2008-11351 2008-12-17 SuSE SUSE-SR:2009:003 2009-02-02 Mandriva MDVSA-2009:031 2009-01-30

Comments (none posted)

courier-authlib: SQL injection

Package(s):	courier-authlib	CVE #(s):	CVE-2008-2380
Created:	December 22, 2008	Updated:	March 12, 2009
Description:	From the Debian advisory: The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used (CVE-2008-2380).
Alerts:	Gentoo 200903-25 2009-03-11 Debian DSA-1688-2 2008-12-22 Debian DSA-1688 2008-12-20 SuSE SUSE-SR:2009:001 2009-01-12

Comments (none posted)

drupal-views: SQL injection

Package(s):	drupal-views	CVE #(s):
Created:	December 22, 2008	Updated:	December 24, 2008
Description:	From the Drupal security alert: When using an exposed filter on CCK text fields with allowed values, Views does not filter the data correctly. This may allow malicious users to conduct SQL injection attacks against the site.
Alerts:	Fedora FEDORA-2008-11578 2008-12-21 Fedora FEDORA-2008-11519 2008-12-21

Comments (none posted)

flash-plugin: arbitrary code execution

Package(s):	flash-plugin	CVE #(s):	CVE-2008-5499
Created:	December 19, 2008	Updated:	December 24, 2008
Description:	From the Red Hat advisory: A security flaw was found in the way Flash Player displayed certain SWF (Shockwave Flash) content. This may have made it possible to execute arbitrary code on a victim's machine, if the victim opened a malicious Adobe Flash file.
Alerts:	SuSE SUSE-SA:2008:059 2008-12-20 Red Hat RHSA-2008:1047-01 2008-12-19

Comments (none posted)

git: privilege escalation

Package(s):	git	CVE #(s):
Created:	December 22, 2008	Updated:	December 24, 2008
Description:	From the Red Hat bugzilla: Current gitweb has a possible local privilege escalation bug that allows a malicious repository owner to run a command of his choice by specifying diff.external configuration variable in his repository and running a crafted gitweb query. Recent (post 1.4.3) gitweb itself never generates a link that would result in such a query, and the safest and cleanest fix to this issue is to simply drop the support for it.
Alerts:	Fedora FEDORA-2008-11678 2008-12-21 Fedora FEDORA-2008-11650 2008-12-21 Fedora FEDORA-2008-11653 2008-12-21

Comments (none posted)

kvm: denial of service

Package(s):	kvm	CVE #(s):	CVE-2008-2382
Created:	December 24, 2008	Updated:	May 13, 2009
Description:	From the Red Hat bugzilla: A denial of service flaw was discovered in the Qemu processor emulator and Kernel-based Virtual Machine (KVM) due to improper sanitization of the length of the message sent to the host VNC server. A remote attacker could use this flaw to cause an infinite loop via specially-crafted VNC message sent to the particular virtual domain.
Alerts:	Ubuntu USN-776-2 2009-05-13 Ubuntu USN-776-1 2009-05-12 Fedora FEDORA-2008-11727 2008-12-24 Fedora FEDORA-2008-11705 2008-12-24 Mandriva MDVSA-2009:009 2009-01-14 Mandriva MDVSA-2009:008 2009-01-14 SuSE SUSE-SR:2009:002 2009-01-19 Ubuntu USN-703-1 2009-01-06

Comments (none posted)

libvirt: privilege escalation

Package(s):	libvirt	CVE #(s):	CVE-2008-5086
Created:	December 18, 2008	Updated:	March 19, 2009
Description:	libvirt has a privilege escalation vulnerability. From the Ubuntu alert: It was discovered that libvirt did not mark certain operations as read-only. A local attacker may be able to perform privileged actions such as migrating virtual machines, adjusting autostart flags, or accessing privileged data in the virtual machine memory and disks.
Alerts:	Red Hat RHSA-2009:0382-01 2009-03-19 SuSE SUSE-SR:2009:004 2009-02-17 Fedora FEDORA-2008-11443 2008-12-21 Fedora FEDORA-2008-11433 2008-12-21 Ubuntu USN-694-1 2008-12-18

Comments (none posted)

mediawiki: multiple vulnerabilities

Package(s):	mediawiki	CVE #(s):	CVE-2008-5249 CVE-2008-5250 CVE-2008-5252 CVE-2008-5687 CVE-2008-5688
Created:	December 24, 2008	Updated:	October 5, 2009
Description:	From the Red Hat bugzilla: * An XSS vulnerability affecting all MediaWiki installations between 1.13.0 and 1.13.2. [CVE-2008-5249] * A local script injection vulnerability affecting Internet Explorer clients for all MediaWiki installations with uploads enabled. [CVE-2008-5250] * A local script injection vulnerability affecting clients with SVG scripting capability (such as Firefox 1.5+), for all MediaWiki installations with SVG uploads enabled. [CVE-2008-5250] * A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki installations since the feature was introduced in 1.3.0. [CVE-2008-5252] CVE-2008-5687: MediaWiki 1.11 through 1.13.3 does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/. CVE-2008-5688: MediaWiki 1.8.1 through 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception.
Alerts:	Debian DSA-1901-1 2009-10-05 SuSE SUSE-SR:2009:004 2009-02-17 Fedora FEDORA-2008-11802 2008-12-24 Fedora FEDORA-2008-11743 2008-12-24 Fedora FEDORA-2008-11688 2008-12-24

Comments (none posted)

moodle: cross-site scripting

Package(s):	moodle	CVE #(s):	CVE-2008-5432
Created:	December 22, 2008	Updated:	June 25, 2009
Description:	From the CVE entry: Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).
Alerts:	Ubuntu USN-791-1 2009-06-24 Debian DSA-1691-1 2008-12-22 SuSE SUSE-SR:2009:003 2009-02-02

Comments (none posted)

nagios3: cross-site request forgery

Package(s):	nagios3	CVE #(s):	CVE-2008-5028
Created:	December 22, 2008	Updated:	July 20, 2009
Description:	From the Ubuntu advisory: It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. (CVE-2008-5028)
Alerts:	Gentoo 200907-15 2009-07-19 Ubuntu USN-698-3 2008-12-23 Ubuntu USN-698-2 2008-12-22

Comments (none posted)

openvpn: arbitrary code execution

Package(s):	openvpn	CVE #(s):
Created:	December 22, 2008	Updated:	December 24, 2008
Description:	From the Red Hat bugzilla: An OpenVPN client connecting to a malicious or compromised server could potentially receive an "lladdr" or "iproute" configuration directive from the server which could cause arbitrary code execution on the client. A successful attack requires that (a) the client has agreed to allow the server to push configuration directives to it by including "pull" or the macro "client" in its configuration file, (b) the client succesfully authenticates the server, (c) the server is malicious or has been compromised and is under the control of the attacker, and (d) the client is running a non-Windows OS. Credit: David Wagner.
Alerts:	Fedora FEDORA-2008-10691 2008-12-22 Fedora FEDORA-2008-10499 2008-12-22

Comments (none posted)

pdns: denial of service

Package(s):	pdns	CVE #(s):	CVE-2008-5277
Created:	December 22, 2008	Updated:	December 24, 2008
Description:	From the Gentoo advisory: Daniel Drown reported an error when receiving a HINFO CH query (CVE-2008-5277). A remote attacker could send specially crafted queries to cause a Denial of Service.
Alerts:	Gentoo 200812-19 2008-12-19

Comments (none posted)

phpCollab: multiple vulnerabilities

Package(s):	phpCollab	CVE #(s):	CVE-2006-1495 CVE-2008-4303 CVE-2008-4304 CVE-2008-4305
Created:	December 24, 2008	Updated:	December 24, 2008
Description:	From the Gentoo advisory: * rgod reported that data sent to general/sendpassword.php via the loginForm parameter is not properly sanitized before being used in an SQL statement (CVE-2006-1495). * Christian Hoffmann of Gentoo Security discovered multiple vulnerabilites where input is insufficiently sanitized before being used in an SQL statement, for instance in general/login.php via the loginForm parameter. (CVE-2008-4303). * Christian Hoffmann also found out that the variable $SSL_CLIENT_CERT in general/login.php is not properly sanitized before being used in a shell command. (CVE-2008-4304). * User-supplied data to installation/setup.php is not checked before being written to include/settings.php which is executed later. This issue was reported by Christian Hoffmann as well (CVE-2008-4305). These vulnerabilities enable remote attackers to execute arbitrary SQL statements and PHP code. NOTE: Some of the SQL injection vulnerabilities require the php.ini option "magic_quotes_gpc" to be disabled. Furthermore, an attacker might be able to execute arbitrary shell commands if "register_globals" is enabled, "magic_quotes_gpc" is disabled, the PHP OpenSSL extension is not installed or loaded and the file "installation/setup.php" has not been deleted after installation.
Alerts:	Gentoo 200812-20 2008-12-21

Comments (none posted)

phpPgAdmin: directory traversal

Package(s):	phpPgAdmin	CVE #(s):	CVE-2008-5587
Created:	December 22, 2008	Updated:	February 17, 2009
Description:	From the Red Hat bugzilla: Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
Alerts:	SuSE SUSE-SR:2009:004 2009-02-17 Debian DSA-1693-1 2008-12-27 Fedora FEDORA-2008-11564 2008-12-21 Fedora FEDORA-2008-11602 2008-12-21 Fedora FEDORA-2008-11576 2008-12-21 Debian DSA-1693-2 2009-01-21 openSUSE openSUSE-SU-2012:0493-1 2012-04-12

Comments (none posted)

proftpd: cross-site request forgery

Package(s):	proftpd	CVE #(s):	CVE-2008-4242
Created:	December 23, 2008	Updated:	March 2, 2009
Description:	From the Debian advisory: Maksymilian Arciemowicz of securityreason.com reported that ProFTPD is vulnerable to cross-site request forgery (CSRF) attacks and executes arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
Alerts:	Mandriva MDVSA-2009:061 2009-02-27 Debian DSA-1689-1 2008-12-21 Fedora FEDORA-2009-0064 2009-01-07 Fedora FEDORA-2009-0195 2009-01-07 Fedora FEDORA-2009-0089 2009-01-07

Comments (none posted)

roundcubemail: denial of service

Package(s):	roundcubemail	CVE #(s):	CVE-2008-5620
Created:	December 22, 2008	Updated:	December 24, 2008
Description:	From the Red Hat bugzilla: RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.
Alerts:	Fedora FEDORA-2008-11456 2008-12-21 Fedora FEDORA-2008-11535 2008-12-21 Fedora FEDORA-2008-11581 2008-12-21

Comments (none posted)

rsyslog: multiple vulnerabilities

Package(s):	rsyslog	CVE #(s):	CVE-2008-5617 CVE-2008-5618
Created:	December 22, 2008	Updated:	January 12, 2009
Description:	From the rsyslog advisory: CVE-2008-5617: Due to a coding error in the modularization effort, the $AllowedSender directive is no longer honored but silently accepted. As such, rsyslog-based access control via $AllowedSender is not working and messages from every sender will be accepted by rsyslog. Most importantly, this could lead to misleading log entries or a remote DoS, by a malicious sender simply flooding the system logs with messages until the system runs out of disk space. From the CVE entry: CVE-2008-5618: imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages.
Alerts:	Fedora FEDORA-2008-11476 2008-12-21 Fedora FEDORA-2008-11538 2008-12-21 SuSE SUSE-SR:2009:001 2009-01-12

Comments (none posted)

shadow: root privilege escalation

Package(s):	shadow	CVE #(s):
Created:	December 18, 2008	Updated:	December 24, 2008
Description:	shadow has a root privilege escalation vulnerability. From the Ubuntu alert: Paul Szabo discovered a race condition in login. While setting up tty permissions, login did not correctly handle symlinks. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root privilege escalation.
Alerts:	Ubuntu USN-695-1 2008-12-18

Comments (none posted)

vlc: multiple vulnerabilities

Package(s):	vlc	CVE #(s):	CVE-2008-5032 CVE-2008-5036 CVE-2008-5276
Created:	December 24, 2008	Updated:	June 18, 2009
Description:	From the Gentoo advisory: Tobias Klein reported the following vulnerabilities: * A stack-based buffer overflow when processing CUE image files in modules/access/vcd/cdrom.c (CVE-2008-5032). * A stack-based buffer overflow when processing RealText (.rt) subtitle files in the ParseRealText() function in modules/demux/subtitle.c (CVE-2008-5036). * An integer overflow when processing RealMedia (.rm) files in the ReadRealIndex() function in real.c in the Real demuxer plugin, leading to a heap-based buffer overflow (CVE-2008-5276). A remote attacker could entice a user to open a specially crafted CUE image file, RealMedia file or RealText subtitle file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application.
Alerts:	Debian DSA-1819-1 2009-06-18 Gentoo 200812-24 2008-12-24

Comments (none posted)

Page editor: Jake Edge

Kernel development

Brief items

Kernel release status

The 2.6.28 kernel is out released on December 24. Some of the highlights of this kernel are the addition of the GEM GPU memory manager, the ext4 filesystem is no longer "experimental", scalability improvements in memory management via the reworked vmap() and pageout scalability patches, moving the -staging drivers into the mainline, and much more. See the excellent KernelNewbies summary for lots more details about 2.6.28.

The current 2.6 stable kernel is 2.6.27.10 released on December 18 as well. It contains nearly two dozen fixes of some fairly serious problems in 2.6.27.

Comments (3 posted)

Kernel development news

Quotes of the week

-- Alan Cox

On the subject of the longstanding "treason uncloaked!" kernel message:

-- Matt Mackall

-- Andrew Morton on FS-Cache

Comments (2 posted)

Justifying FS-Cache

In what must seem like a never-ending effort, David Howells is once again trying to get a generic mechanism to do local caching for network filesystems into the kernel. The latest version, number 41, of his FS-Cache patches was posted back in November, so now he is asking for it to be added to linux-next. That would mean that the feature was on-track for the mainline in 2.6.29, but it would appear that 2.6.30—if ever—is more likely.

The idea behind FS-Cache is to create a way for "slow" filesystems to cache their data on the local disk, so that repeated accesses do not require accessing the underlying slow storage. Howells has been working on getting it into the kernel for a number of years; our first article about it appeared in 2004. The canonical example of where it might be useful is a network filesystem on a heavily-used or low bandwidth link—the cost of re-reading data from the network may be much higher than retrieving it from a local disk. In addition, the cache can be persistent across reboots, allowing some files to live locally for a very long time.

But, Howells already has a fairly large, intrusive patch that is headed for 2.6.29: credentials. That patch touches a lot of code in the kernel, in particular the VFS layer. Christoph Hellwig is concerned about both credentials and FS-Cache going in at the same time :

While that would delay the addition of FS-Cache, Andrew Morton has a larger concern:

Morton is worried about adding additional maintenance headaches with no—or limited—benefits. Using a local disk to cache data from a remote disk is only useful in some scenarios; it can certainly make things worse in others. As Howells puts it: "It's a compromise: a trade-off between the loading and latencies of your network vs the loading and latencies of your disk; you sacrifice disk space to make up for the deficiencies of your network." What Morton is looking for is a push from users, be that end users or distributions that are shipping the feature. He would also like to see some benchmarks that show what gain there is when using FS-Cache.

Howells has patiently answered these concerns, pointing at some benchmarks he had posted in November that showed some significant savings. The benchmarks used NFS over a deliberately slow link (to simulate a heavily used network) and showed a huge decrease in the time required to read a large file, but was essentially break-even when operating on a kernel tree. In the kernel tree benchmark, though, the reduction in network traffic was significant.

More importantly, perhaps, is the fact that Red Hat has shipped FS-Cache in RHEL 5 and there are customers using it, as well as customers interested in using it as Howells pointed out:

While shipping out-of-tree code is no guarantee that the feature will get merged—AppArmor is an excellent counterexample—actual users whose needs are being met by a particular feature are a fairly persuasive argument. Howells outlines some customer use cases for FS-Cache, for example:

In all, it would seem that Morton's concerns were addressed. Whether that means the path is clear for 2.6.30 or these or other concerns will come to the fore is a question that will likely have to wait another three months or so.

Comments (13 posted)

Development statistics for 2.6.28

As of this writing, the 2.6.28 kernel is getting quite close to its final release. The flow of patches into the mainline repository has slowed to a trickle. So it become appropriate to look at what was done in this development cycle, and where all that code came from.

In these articles, your editor routinely forgets to thank Greg Kroah-Hartman, who continues to do a lot of work to ensure that these statistics are at least moderately accurate. So we'll get that taken care of at the outset: thanks, Greg!

The 2.6.28 development cycle has seen the incorporation of just under 9,000 changesets; that makes it a bit smaller in this regard than 2.6.27 (10,600) or 2.6.26 (10,100). The development base broadened, though; 1,262 developers have contributed to 2.6.28, more than has been seen with its predecessors. Those developers added 769,000 lines of code while removing 285,000, for a net growth of 484,000 lines - a relatively large amount. Much of that growth came by way of a single developer, as we will see below.

In recent development cycles, some 25% of the patches merged were accepted after the close of the merge window. Linus Torvalds has been making sounds about tightening the criteria for patches during the stabilization period, to the point that they would have to address known regressions to be accepted. A look at 2.6.28, though, shows that 1835 patches (so far) have gone in since 2.6.28-rc1. At 20% of the total, the patch flow rate during the stabilization period has fallen - but not by much.

So where did these patches come from? Here's the top twenty contributors to 2.6.28:

Most active 2.6.28 developers

By changesets David S. Miller 239 2.7% Yinghai Lu 200 2.2% Al Viro 154 1.7% Bartlomiej Zolnierkiewicz 150 1.7% Alexey Dobriyan 121 1.3% Paul Mundt 117 1.3% Ingo Molnar 109 1.2% Gerrit Renker 109 1.2% Russell King 91 1.0% Johannes Berg 91 1.0% Steven Rostedt 85 0.9% Alan Cox 84 0.9% Takashi Iwai 83 0.9% Tejun Heo 75 0.8% Harvey Harrison 75 0.8% Mark Brown 75 0.8% Suresh Siddha 73 0.8% Joerg Roedel 72 0.8% Hans Verkuil 71 0.8% Eric Miao 70 0.8%

By changed lines Greg Kroah-Hartman 127848 14.9% Inaky Perez-Gonzalez 24084 2.8% Mark Brown 17714 2.1% Joseph Chan 15749 1.8% Pavel Machek 15529 1.8% David S. Miller 15368 1.8% Herbert Xu 13309 1.5% Yinghai Lu 12861 1.5% Paul Mundt 10088 1.2% Magnus Damm 10077 1.2% James Smart 8103 0.9% Gerrit Renker 7536 0.9% Johannes Berg 7196 0.8% Bartlomiej Zolnierkiewicz 7182 0.8% Eric Miao 7130 0.8% Ron Mercer 7093 0.8% Michael Buesch 6475 0.8% Nick Kossifidis 6380 0.7% David Vrabel 6357 0.7% Adrian Bunk 6289 0.7%

On the changesets side, David Miller contributes a lot of work to the network stack, but the bulk of his changes this time around are to the SPARC architecture code. Yinghai Lu is a constant source of x86 architecture patches. Al Viro returns to the list with a lot of cleanup work in the VFS code, user-mode Linux, and beyond. Bartlomiej Zolnierkiewicz continues to clean up the legacy IDE code, despite the fact that its user base is shrinking. And Alexey Dobriyan contributed work in a number of areas, with the bulk of it being in the netfilter subsystem and /proc.

When looking at changed lines, one gets the sense that Greg Kroah-Hartman has been rather busy this time around. As it happens, Greg did not actually write most of that code; the bulk of it came in with the addition of the -staging tree. It seems that Greg, the self-named "maintainer of crap," has acquired substantial amounts of it. Inaky Perez-Gonzalez was the source of the patches adding support for ultrawideband radio and wireless USB. Expect to see him show up again soon; he is now working to get the WIMAX subsystem into the kernel. Mark Brown added drivers for a number of Wolfson Micro devices. Joseph Chan contributed the VIA framebuffer driver, and Pavel Machek added a handful of miscellaneous drivers.

So who paid for this work to be done? The 2.6.28 employer table looks like this:

Most active 2.6.28 employers

By changesets (None) 1683 18.8% Red Hat 1101 12.3% (Unknown) 790 8.8% Intel 654 7.3% IBM 526 5.9% Novell 460 5.1% (Consultant) 227 2.5% Oracle 206 2.3% Sun 203 2.3% Renesas Technology 169 1.9% AMD 158 1.8% Parallels 152 1.7% Marvell 134 1.5% (Academia) 131 1.5% Analog Devices 122 1.4% HP 120 1.3% University of Aberdeen 109 1.2% Fujitsu 106 1.2% Nokia 97 1.1% Freescale 87 1.0%

By lines changed Novell 159527 18.6% (None) 119373 13.9% (Unknown) 78785 9.2% Red Hat 67972 7.9% Intel 64108 7.5% IBM 31289 3.6% Renesas Technology 24900 2.9% Sun 19926 2.3% (Consultant) 19605 2.3% Wolfson Micro 17697 2.1% VIA 17210 2.0% Marvell 14108 1.6% Freescale 12693 1.5% Oracle 12101 1.4% Analog Devices 10170 1.2% University of Aberdeen 9969 1.2% Emulex 8112 0.9% Nokia 7744 0.9% QLogic 7676 0.9% Atmel 6885 0.8%

In general, the employer tables tend not to change too much from one development cycle to the next. Greg's staging tree work did put Novell at the top of the lines-changed column, despite the fact that this work did not originate at Novell. As always, one needs to bear in mind that these numbers are approximate.

One welcome change is the first-time appearance of VIA. It appears that this company is truly getting serious about supporting Linux, and that can only be a good thing.

Writing all this code is important, but so is reviewing, testing, and reporting bugs. Continuing with a relatively new tradition, we'll look at who shows up in patch tags indicating this kind of participation, starting with the reviewers:

Developers with the most reviews (total 83)
James Morris	12	14.5%
Rene Herman	12	14.5%
Matthew Wilcox	6	7.2%
KOSAKI Motohiro	5	6.0%
Richard Genoud	4	4.8%
Tomas Winkler	3	3.6%
Paul E. McKenney	3	3.6%
Mingming Cao	2	2.4%
Michael Krufky	2	2.4%
KAMEZAWA Hiroyuki	2	2.4%
Pekka Enberg	2	2.4%
Daisuke Nishimura	2	2.4%
Christoph Lameter	2	2.4%
Balbir Singh	2	2.4%
Julius Volz	2	2.4%

At this point, we are seeing about one Reviewed-by tag for every 100 changes going into the mainline repository. Fortunately, the review situation is not quite that bad; most reviewers simply do not provide these tags for the patches they look at.

The numbers for bug reporting and patch testing look like this:

Most credited 2.6.28 testers

Reported-by credits Adrian Bunk 5 2.6% Randy Dunlap 4 2.1% Arjan van de Ven 3 1.5% Ingo Molnar 3 1.5% Stephen Rothwell 3 1.5% Robert P. J. Day 3 1.5% Stephane Eranian 3 1.5% Daniel Marjamäki 3 1.5% Rafael J. Wysocki 2 1.0% Yinghai Lu 2 1.0% Venki Pallipadi 2 1.0% Eric Dumazet 2 1.0% Carlos R. Mafra 2 1.0% Wu Fengguang 2 1.0% Zoltan Borbely 2 1.0% Andy Wettstein 2 1.0% Steven Noonan 2 1.0% Alexander Beregalov 2 1.0% Andrew Morton 2 1.0% Alexey Dobriyan 2 1.0% Heiko Carstens 2 1.0% Jiri Slaby 2 1.0% Sergei Shtylyov 2 1.0% Johannes Weiner 2 1.0% Mike Galbraith 2 1.0% Hideo Saito 2 1.0% Zvonimir Rakamaric 2 1.0% Rik Theys 2 1.0% Andreas Steffen 2 1.0% Vegard Nossum 2 1.0%

Tested-by: credits Ingo Molnar 5 2.9% Dirk Teurlings 5 2.9% Peter van Valderen 5 2.9% Nicolas Pitre 4 2.3% Matt Helsley 4 2.3% Christian Borntraeger 3 1.7% Rafael J. Wysocki 3 1.7% Riku Voipio 3 1.7% Byron Bradley 3 1.7% Tim Ellis 3 1.7% Kamalesh Babulal 3 1.7% Alan Jenkins 3 1.7% Robert Jarzmik 3 1.7% Martyn Welch 3 1.7% Takashi Iwai 2 1.2% Badari Pulavarty 2 1.2% Jeff Moyer 2 1.2% Eric Dumazet 2 1.2% Jesper Dangaard Brouer 2 1.2% Ramon Casellas 2 1.2% Markus Trippelsdorf 2 1.2% Sitsofe Wheeler 2 1.2% Andrey Borzenkov 2 1.2%

In each case, everybody with at least two credits was listed. The good news is that, while there's certainly some familiar names on that list, we are also seeing appearances by people who are not known as kernel developers. There really is a testing community out there which includes more than just developers. Your editor suspects that we still are not doing a very good job of crediting them for their work, but this convention is relatively new and we can still hope for progress in this direction. To that end, the developers who are crediting reporters and testers are:

Developers giving credits in 2.6.28

Reported-by credits Jiri Kosina 9 4.6% Ingo Molnar 8 4.1% Adrian Bunk 7 3.6% Bartlomiej Zolnierkiewicz 6 3.1% Linus Torvalds 6 3.1% Peter Zijlstra 6 3.1% Markus Metzger 6 3.1% Randy Dunlap 5 2.6% Andrew Morton 5 2.6% Yinghai Lu 4 2.1% Venki Pallipadi 4 2.1% Jiri Slaby 4 2.1% Suresh Siddha 4 2.1% Roland Dreier 4 2.1% Patrick McHardy 4 2.1% Mark Brown 4 2.1% Takashi Iwai 3 1.5% Steven Rostedt 3 1.5% Stefan Richter 3 1.5% Paul Mundt 3 1.5% Thomas Gleixner 3 1.5% Dmitry Torokhov 3 1.5%

Tested-by: credits Lennert Buytenhek 22 12.8% Takashi Iwai 6 3.5% Rafael J. Wysocki 5 2.9% Linus Torvalds 5 2.9% Alan Stern 5 2.9% Alexey Starikovskiy 5 2.9% Henrik Rydberg 5 2.9% Matt Helsley 4 2.3% KAMEZAWA Hiroyuki 4 2.3% Russell King 4 2.3% Patrick McHardy 4 2.3% Paul Mundt 3 1.7% Jens Axboe 3 1.7% Theodore Tso 3 1.7% Bartlomiej Zolnierkiewicz 3 1.7% Jean Delvare 3 1.7% Thomas Gleixner 3 1.7% David Brownell 3 1.7% FUJITA Tomonori 3 1.7%

A quick grep shows that the number of Reported-by and Tested-by tags in patches was almost exactly the same over the 2.6.27 and 2.6.28 development cycles. Given the smaller number of patches in 2.6.28, this indicates that a slightly higher percentages of patches are now carrying those tags. Emphasis on "slightly" is in order, though; we are, for the most part, still not crediting a great many people who have helped to get 2.6.28 into shape.

Comments (1 posted)

Unifying filesystems with union mounts

Unification of filesystems is the concept of mounting several filesystems on a single mount point, with the resulting mount showing the logical combination of all the filesystems. Traditionally, when a filesystem is mounted on a directory, the existing contents of the directory are masked, and the content of the latest mounted filesystem is shown. These masked files are available only after the mounted filesystem is unmounted. Even though these files exist, they are inaccessible to the user. Union mount overcomes this by providing access to all directories and files present in the directory, even after a mount.

In the kernel, the filesystems are stacked in order of their mount sequence, the first mounted filesystem is at the bottom of the mount stack, and the latest mount is at the top of the stack. Only the files and directories of the top of the mount stack are visible. With union mounts, directory entries from the lower filesystems are merged with the directory entries of upper filesystem, thus making a logical combination of all mounted filesystems. Files with the same name in a lower filesystem are masked, as the upper one takes precedence.

Union mounts could be used to update packages of a distribution on a DVD. A writable filesystem could be mounted over the read-only filesystem on the DVD. All new and updated package files would be written to the writable, topmost filesystem, while hiding the duplicate files of the read-only media, or even deleting files (this is done through white-outs discussed later). This allows the user to change any of the files on the system, with the new file stored transparently in the image. Such a setup could be used to roll-up an updated DVD, or maintain a package repository with the latest packages for network installs.

As compared to other implementations, such as unionFS, union mounts try to do all directory entry unification handling in the VFS layer, instead of creating a new filesystem type. Some of the advantages of this approach are:

• Simple and Lightweight Design: Since all merges happen inside VFS, there is no need for an additional filesystem layer to maintain and merge metadata.
• No need to re-iterate the mount stack by the user while mounting: the user is not required to list the directories participating in the union as a part of the mount command. Only the mount point is enough.
• Bind mount works without any problems: this is a VFS feature to remount part of the filesystem hierarchy at additional mount points.

Union mount, developed by Jan Blunck, Bharta B Rao, and Miklos Szeredi, is the first step in unifying mounts in the VFS. The patch implementation is similar to that of the Plan 9/Inferno operating system. Currently, it only does namespace unification at the root directory level and not in the subdirectories.

To mount directories through union mount, the mount command must be modified to recognize and set the union mount options. The util-linux patches that update the mount command can be found at ftp://ftp.suse.com/pub/people/jblunck/union-mount/

As an example, consider the following directory structure of two filesystems:

Issuing the following commands will perform a union mount:

    # mount /dev/sdb /mnt
    # ls /mnt
    dir1 file1 link1

    # mount --union /dev/sdc /mnt
    # ls /mnt
    dir1 dir4 file1 link1

After the union, the directory structure looks like:

Unmounting the /mnt directory unwinds the filesystem mount stack:

    # umount /mnt
    # ls /mnt
    dir1 file1 link1

The filesystems are stacked in the mount order in the kernel. The MNT_UNION flag in vfsmnt is set while mounting union mounts. This helps to identify that the directory entries of the stacked filesystems are supposed to be merged. While performing the lookup sequence, if the MNT_UNION flag is set, all root directory entries of all filesystems are scanned. Scanning happens from top of the filesystem stack to bottom, and the first matching entry is returned. This way any duplicate entries in underlying filesystems are automatically ignored.

Similarly, for the readdir() call, the directory entries are read from the topmost union mount directory to the lowest, and collected in the cache. The cache is responsible for collecting and keeping the directory entries across the stacked filesystem, with different callbacks for each filesystem. Like regular files, directories are seekable and the position of the following read is marked by the file position filp->f_pos. When reading from directories across filesystems, it is possible that the file position exceeds the inode size of the directory where it is merged. In such a situation, the file position is rearranged to select the correct directory in the union stack. This is done by subtracting the inode size if the file position exceeds it and selecting the next member of the union.

This works for filesystems such as ext2 that use flat file directories. The directory entry offsets are arranged linearly and are always smaller than the inode size of the directory. However, some filesystems return special cookies as directory entry offsets which are unrelated to the position in the directory or the inode size. Updating file->f_pos to accommodate more directories does not not work for such filesystems.

There can be multiple calls to readdir()/getdents() routines for reading the entries of a single directory. Currently, the union directory cache is not maintained across these calls. Instead, for every call the previously read entries are re-read into the cache and newly read entries are compared against these for duplicates before being returned to user space. The developers are working on making this efficient by maintaining the cache across readdir()/getdents() calls.

Future Plans: Writable Unions

Currently, the namespace unification is limited to the root filesystem directory entries. Future plans, known as writable unions, would come close to the implementations of unionfs namespace unification. Directory entry merging would not be limited to the root filesystem, but would be done for subdirectories as well. Though these patches have been developed, they still require some time and clean up for the mainline.

Using the example above, a writable union mount of the two filesystems would contain:

Note that dir1 directory now contains both file_b1 and file_c1.

All writes are directed to the topmost mounted filesystem if it is mounted read-write. Mounting a new filesystem upon the current union mount makes all filesystems lower in the stack read-only, though the unified namespace would appear read-write to the user. Any modifications in the files of lower filesystems is handled through copy-on-write. If a file belonging to the lower layers of the stack is opened, the entire file is copied on the topmost filesystem on the stack. This is also known as copy-up, where the file is copied to the topmost layer if it has to record a change. While performing a copy-up, the directory path of the file is also recreated on the topmost filesystem, so that the next time it is mounted as a union, it appears in the same location. The older file gets masked during the directory merge the next time the filesystems are union-mounted in the same order.

Rename on union mounts is handled through -EXDEV. -EXDEV is returned in a rename() operation if the source and destination file paths are on different mounted filesystems. In such a case, the application, such as mv, resorts to a copy operation, and unlinks the file from which the filesystem moved. On union mounts, since any writes are performed in the topmost layer, a move operation to directories in the lower layers returns -EXDEV, which means the application must copy the file to the new directory. If both the source and destination of the rename() operation are in the topmost later, the traditional rename method is used.

Deletion of files is handled by a special file type called white-outs. The white-out file type is similar to negative dentries: they describe a filename which isn't there. This is used to mark a file in the lower read-only filesystem as deleted, since only the topmost layer can be modified. However, white-outs would require support from all the filesystems, to store and recognize such a special file type. Currently, there is a special type, DT_WHT defined in include/linux/fs.h which defines a white-out, but is not in use.

Directory namespace unification is a tough task. FreeBSD implementations gave up after calling it "messy code", while unionfs entered the -mm tree for a brief period, it did not make it to mainline. Since the unification is a pathname-based it is best handled in the VFS instead of using a separate stacked filesystem. The union mount offers a cleaner and more lightweight approach for merging directories, however getting it to adhere to POSIX compliant directory calls such as telldir() or seekdir() is still a challenge and is currently being worked on.

The git repository to track union mounts is located at:

    git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs.git

under the union-dir branch. The union mounts developers intend to release the patches in a phased manner, starting with the current patch of root directory level merging. Further developments would see patches related to merging at the subdirectory level as well.

Comments (13 posted)

Patches and updates

Kernel trees

• Linus Torvalds: Linux 2.6.28-rc9. (December 19, 2008)

• Greg KH: Linux 2.6.27.10. (December 18, 2008)

• linoox lee: Linux Unified Kernel 0.2.2-1. (December 18, 2008)

Build system

• Sam Ravnborg: kbuild-next content. (December 20, 2008)

Core kernel code

• Vaidyanathan Srinivasan: Tunable sched_mc_power_savings=n. (December 19, 2008)

• paulmck@linux.vnet.ibm.com: Change default from CLASSIC_RCU to TREE_RCU (testing only). (December 24, 2008)

Development tools

• Catalin Marinas: Kernel memory leak detector. (December 20, 2008)

• Akinobu Mita: failslab for SLUB. (December 24, 2008)

• Ingo Molnar: Performance Counters for Linux, v5. (December 24, 2008)

Device drivers

• Balaji Rao: PCF50633 support. (December 19, 2008)

• Guennadi Liakhovetski: i.MX31: dmaengine and framebuffer drivers. (December 19, 2008)

• Fabio Belavenuto: Add TEA5764 radio driver. (December 19, 2008)

• hvaibhav@ti.com: OMAP3 ISP-Camera: Added BT656 support. (December 19, 2008)

• Kuninori Morimoto: Add tw9910 driver. (December 20, 2008)

• David Daney: Add driver for OCTEON MGMT ethernet device.. (December 20, 2008)

Filesystems and block I/O

• David Howells: Pull request for FS-Cache, including NFS patches. (December 19, 2008)

• Nick Piggin: mnt_want_write speedup 1. (December 19, 2008)

• Mark Fasheh: Ocfs2 patches for merge window, batch 1/3. (December 20, 2008)

• Mark Fasheh: Ocfs2 patches for merge window, batch 2/3. (December 24, 2008)

• John Ogness: [PATCH 0/5] VFS: DazukoFS, stackable-fs, file access control. (December 24, 2008)

Memory management

• Nick Piggin: unlock_page speedup. (December 19, 2008)

Architecture-specific

• Mike Travis: x86 cpumask: update more code to use new cpumask API. (December 19, 2008)

• Ingo Molnar: powerpc: change u64/s64 to a long long integer type. (December 24, 2008)

Virtualization and containers

• Jeremy Fitzhardinge: [PATCH UPDATED] xen: add xenfs to allow usermode <-> Xen interaction. (December 19, 2008)

• Serge E. Hallyn: posix mqueue namespace (v13). (December 19, 2008)

• Sukadev Bhattiprolu: Container-init signal semantics. (December 24, 2008)

Benchmarks and bugs

• Rafael J. Wysocki: 2.6.28-rc9-git1: Reported regressions from 2.6.27. (December 24, 2008)

• Rafael J. Wysocki: 2.6.28-rc9-git1: Reported regressions 2.6.26 -> 2.6.27. (December 24, 2008)

Page editor: Jake Edge

Distributions

News and Editorials

openSUSE 11.1 is out

openSUSE 11.1 was released this week. This point release contains new features and bug fixes. A series of sneak peeks looks at KDE 4.1.3, The Latest GNOME Desktop, Improved Installation, Easier Administration and more, with plenty of eye candy.

There is a look at the download numbers as of December 24, 2008 and lots of coverage. DistroWatch summed up a lengthy review with:

This version of openSUSE comes with a new OpenSUSE License with no EULA.

DaniWeb interviewed community manager Joe "Zonker" Brockmeier.

We asked openSUSE developers to share a little about their views of the best new features or what they are most excited about? We will conclude this article with their responses.

Greg Kroah-Hartman:

Aaron Bockover:

Michael Meeks:

Hans Petter Jansson:

Joe 'Zonker' Brockmeier:

Comments (none posted)

New Releases

Mandriva Linux 2009 Spring Alpha 1 released

The first pre-release of Mandriva Linux 2009 Spring is now available. "This alpha concentrates on updating to the major desktop components of the distribution, including KDE 4.2 Beta 2, GNOME 2.25.2, Xfce 4.6 Beta 2, X.org server 1.5, and kernel 2.6.28 rc8. It is also the first distribution to introduce the major new Tcl/Tk release, 8.6."

Full Story (comments: none)

Nexenta Core Platform 2 Beta1 Released

NexentaCore is a Debian/OpenSolaris distribution Version 2.0 beta has been announced. "The packages are relatively stable, and we've thus moved NCP to beta, and aim for a stable release early next year."

Comments (none posted)

openSUSE 11.1 released

The openSUSE 11.1 release is out. "The openSUSE 11.1 release includes more than 230 new features, improvements to YaST, major updates to GNOME, KDE, OpenOffice.org, and more freedom with a brand new license, Liberation fonts, and openJDK. This is also the first release built entirely in the openSUSE Build Service." See the announcement (click below) for details.

Full Story (comments: 3)

openSUSE-Education 1.0 for SLE10 and 11.1

openSUSE-Education 1.0 is available for SLE1 with a release candidate for 11.1. "The first version of the openSUSE-Education Add-on is drawing to a close. By releasing the final version for SUSE Linux Enterprise 10 and the first Release Candidate for 11.1, we hopefully have the first community Add-On media which is available for each (open)SUSE Release, soon!"

Comments (none posted)

Jaunty Alpha 2 released

Ubuntu's Jaunty Jackalope Alpha-2 has been released. Jaunty will become Ubuntu 9.04 by next April. "Alpha 2 includes a number of software updates that are ready for large-scale testing. Please refer to http://www.ubuntu.com/testing/jaunty/alpha2 for information on changes in Ubuntu."

Full Story (comments: none)

Distribution News

Debian GNU/Linux

Debian dependency maps

Some folks at gnowledge.org have put together a tool to generate graphical dependency maps for packages in the Debian distribution. At the right is a (much condensed) map for emacs. For some real amusement, go to the map generator and get a map for a package like amarok.

Comments (8 posted)

Bits from the Debian Installer team

The Debian Installer team has a report on the status of the installer to be used with Debian "Lenny" aka 5.0. "The next release candidate version is aimed at being the version used in the Lenny official release. This version will fix a few bugs discovered in Release Candidate 1 (RC1) and a few more which were listed in RC1 errata. It will also be based on the 2.6.26-12 kernel packages. We intend to begin the final release process of Debian Installer RC2 in the very early days of January 2009."

Full Story (comments: 1)

Manoj Srivastava resigns as Debian secretary

Manoj Srivastava has sent out a posting resigning his position as the secretary of the Debian Project; this is, of course, a result of the current general resolution mess. "Mistakes happen. Mistakes can be recovered from. What can not, however, is relationships, and trust, and this works both ways. It has been made clear to me that the project no longer trusts me, and many consider that I have been the epitome of sleaze over the years, manipulating votes for my own ends. That hurts."

Full Story (comments: 34)

Seeking volunteers for the post of Debian Project Secretary

Debian project leader Steve McIntyre has sent out a request for people interested in becoming the Debian project secretary. Manoj Srivastava has resigned from the position, so McIntyre is giving folks until January 12th to indicate their interest. "A couple of people have been in touch already to volunteer, but rather than just take one of the first few I explicitly want to see if anybody else is interested. If you'd like to take the job on, you will need to be a Debian Developer. You will also need to have a good understanding of our constitution and how the Condorcet voting system works." Click below for his full message.

Full Story (comments: none)

Second call for votes for the Lenny release GR

Acting secretary of the Debian project, Bdale Garbee has sent out the second call for votes on the Lenny release general resolution. He considered stopping the current vote and starting over, but could not find a constitutional basis to do so. The voting will end on December 28th and Garbee is strongly encouraging Debian developers to vote. "If you choose *not* to vote, then you are in effect saying that *any* of the options presented would be ok with you. A vote for Further Discussion tells the world that you think we should start over and try again with a better set of choices. That is a completely ok result for the project. It wouldn't "solve" anything, but it would do no harm." Click below for his full message and the text of the various options. Update: Please see this notice for the correct voting period.

Full Story (comments: none)

NM Front Desk staff changes

Debian's New Maintainer Front Desk has had some staff changes. Bernd Zeimetz joins the Desk and Marc Brockschmidt leaves the Desk. "Additional kudos go to Lucas Nussbaum who has been helping us over the last weeks to clean up some of the more dusty queues in the NM process."

Full Story (comments: none)

Fedora

Fedora election results

Three separate elections for various Fedora committees have completed. The Fedora board election results in Bill Nottingham and Matt Domsch being elected for a two-release term. For the Fedora Engineering Steering Committee (FESCo), four of five nominated were voted in, resulting in Josh Boyer, Dan Horák, Jarod Wilson, and Jon Stanley being elected for a two-release term. For the Fedora Ambassador Steering Committee (FAmSCo), 7 of 10 nominated were elected to two-release terms: Max Spevack, Joerg Simon, Francesco Ugolini, Thomas Canniot, Rodrigo Padula, David Nalley, Susmit Shannigrahi. The turnout was 227 for the board, 169 for FESCo, and 126 for FAmSCo.

Comments (none posted)

FAmSCo 2008 Activities and Events Report

The 2008 FAmSCo (Fedora Ambassadors Steering Committee) has released the Activities and Events report PDF. "I hope it could help new FAmSCo members to figure out what the past FAmSCo has done with some suggestion to improve the future experience. This report is for all Ambassadors too: I hope you'll find a brief, simple scheme of what was done, thank, primarily, to the marvelous job you have done and, I'm sure, you'll continue to do."

Full Story (comments: none)

Fedora User Guide

The Fedora Users Guide has a new URL and has been updated for Fedora 8. Hopefully F9 and F10 will be coming soon.

Full Story (comments: none)

FINAL REMINDER: Fedora 8 EOL

Fedora 8 reaches its end-of-life on January 7, 2009. After that there will be no security updates, new builds will not be allowed, and all open bugs will be marked CLOSED WONTFIX.

Full Story (comments: none)

Mandriva Linux

Letter to Mandriva Community

Mandriva will launch the Mandriva Community Steering Committee in January of 2009. The committee will "unify and leverage the Mandriva Community and Ecosystem, thus aligning joint efforts towards clear goals..."

Comments (none posted)

Red Hat Enterprise Linux

Alan Cox is moving on from Red Hat

Alan Cox has announced that he is leaving Red Hat. "I've been at Red Hat for ten years as contractor and employee and now have an opportunity to get even closer to the low level stuff that interests me most. Barring last minute glitches I shall be relocating to Intel (logically at least, physically I'm not going anywhere) and still be working on Linux and free software stuff."

Full Story (comments: 22)

SUSE Linux and openSUSE

openSUSE Weekly News - call for contributors

The openSUSE Weekly Newsletter Team is looking for volunteer translators. "Thanks to your awesome help, the openSUSE Weekly Newsletter Team currently provides the Weekly News in 9 languages (including English) to the openSUSE community. To be able to further enhance the quality of our current offering, the openSUSE Weekly Newsletter Team always welcomes contributors."

Full Story (comments: none)

openSUSE-GNOME Bug Day Proposal

The openSUSE-GNOME team is proposing a Bug Day on January 9, 2009. "Feel free to drop into #openSUSE-GNOME on Freenode..."

Full Story (comments: none)

Ubuntu family

Notifications, indicators and alerts (here be dragons)

Mark Shuttleworth takes a look at the proposals Canonical's user experience design and desktop experience engineering teams have made for Ubuntu 9.04. "Some of these ideas are unproven, they boil down to matters of opinion, but since our commitment to them is based on a desire to learn more I think of them as constructive experiments. Experiments are just that - experiments. They may succeed and they may fail. We should judge them carefully, after we have data. We are putting new ideas into the free desktop without ego. We know those ideas could be better or worse than similar work being done in other communities, and we want to gather real user feedback to help find the best mix for everyone. The best ideas, and the best code, will ultimately form part of the digital free software commons and be shared by GNOME, KDE and every distribution."

Comments (none posted)

Distribution Newsletters

Debian miscellaneous developer news (#12)

This issue of Misc developer news covers: Bdale Garbee as Acting Secretary, New proposal to track maintenance status of all packages, Packages-arch-specific maintenance changes, Githubredir available and Babelbox updated for Lenny.

Full Story (comments: none)

DistroWatch Weekly, Issue 283

The DistroWatch Weekly for December 22, 2008 is out. "This week we take a first look at Novell's openSUSE 11.1, the latest release from the ever popular distribution. In the news, the release of openSUSE 11.1 heralds the adoption of a freer license, Debian calls a vote on whether or not to include firmware in the upcoming Lenny release while Debian secretary quits over backlash from firmware vote, Gentoo begins releasing weekly snapshots of stage tarballs, the Asianux Consortium incorporates its fifth member and expands into Thailand, Mandriva sets up a Community Steering Committee and increases their number of channel partners, a new distro, Hackable: 1, aims to create a GNOME-based software stack for hackable devices while the Openmoko project releases an update to their software stack. Finally, included in their respective new sections are two interviews - one with Joe "Zonker" Brockmeier of openSUSE and the other with Johannes (Hanno) Böck of Gentoo Linux. Happy reading!"

Comments (none posted)

Fedora Weekly News #157

The Fedora Weekly News for December 21, 2008 is out. "In our last issue of 2008, Announcements reminds you of FWN's holiday schedule and presents the gift of the Omega distro, Planet is chock full of tasty tidbits from the Fedora blogosphere, Developments invites you to warm your hands over a "Nautilus Spatial-mode Flamewar", Documentation invites you to a "Holiday Hackfest", Translations reports on the re-organization of "Sponsors for cvsl10n", Artwork unwraps some shiny "Creation Highlights", SecurityAdvisories lists some ways to avoid a lump of coal from Santa, and the usual sleigh-load of Virtualization goodies includes instructions on "Building oVirt from Rawhide." We would like to thank our readers for their interest and attention and all our contributors for producing the goods week after week. May you all have a happy and relaxing holiday and we look forward to seeing you again in January 2009."

Full Story (comments: none)

openSUSE Weekly News, Issue 51

The openSUSE Weekly News looks at openSUSE 11.1 out, Lee Matheson: NEWBIES - Suse-11.1 Pre-installation, Joe Brockmeier: Leaping lizards! Lots going on in the openSUSE community, Petr Mladek: OpenOffice_org 3.0 beta1 available, Comments on Phoronix Benchmarking openSUSE 11.1, and more. Click below for links to several translations.

Full Story (comments: none)

Ubuntu Weekly Newsletter #122

The Ubuntu Weekly Newsletter for December 20, 2008 covers: Holiday Schedule for the UWN, Announcing the next "Global Ubuntu BugJam, Ubuntu on Amazon EC2 Beta released, Main frozen for Alpha 2, New Ubuntu Developer Week set for January, New MOTU's, Ubuntu on national Danish TV again, Launchpad interviews: Jonathan Lange & Adam Olsen, Launchpad 2.1.12 released, Preparing for signed PPA's, Launchpod episode #14: Drupal Modules, Linux is a way of life, not a clone of Windows, Ubuntu Podcast #15, and much more.

Full Story (comments: none)

Page editor: Rebecca Sobol

Development

Refining the Process of Digitizing Vinyl Records

In October, your author discussed the process of digitizing vinyl records for the creation of a digital audio library. Since that time, the process has been performed on around 40 disks and a number of refinements have been made. This article discusses what has been learned in that time.

One part of the digitizing process that has proven to work well involved treating one side of the original media as a single chunk of data. Many of the processing steps can be performed on these large data chunks before splitting up the individual tracks.

After making numerous recordings, it was discovered that a single record level, 93 on the inputs of the M-Audio Delta 44, consistently produced recordings with a useful volume range on the majority of the records that were copied. An interesting phenomenon was observed with some recordings that were recorded with too much gain. On loud passages, as the waveform reached the upper or lower limit (rails in electronic-speak), instead of just flattening out, a complete inversion of the wave would occur, resulting in harsh sounding rail-to-rail glitches. The source of the problem is open to speculation. If this should occur, it is best to make a new recording of the album side with a lower input level.

Having two machines handy has helped to optimize the audio processing work. One machine is dedicated to making the initial album side recordings. The sides are minimized in size by removing data before and after the recorded audio starts, and fade-ins and fade-outs are added to whole album side. The album sides are copied to another machine with a faster processor for further processing. The original copy is kept around as a backup until the side has been fully processed. After copying the recorded album side to the secondary machine, a new recording can be started on the recording machine.

The process of removing clicks and scratches from an album side has seen the most changes since the original article. This is a bit of a learned art. The first step now involves visually inspecting the waveform of the album side with Audacity. Often a few huge spikes will be visible on the recording. They can be removed by repeatedly selecting an area and zooming in until the zoom resolution shows individual samples as dots. The repair operation should be performed on all of the large clicks. Smaller clicks can often be found and removed by zooming into the quiet passages, an almost infinite amount of of hunting, zooming and repairing can be done.

Another good way to find clicks is to listen, pause, remove and move on. Most tracks can be cleaned up to a reasonable level without too much effort. Some albums can contain an incredible number of clicks while others can be nearly click-free. After the manual deglitching is done, the automated click removal step can be performed. This is now optional, but it can find additional clicks that are buried in busy waveforms.

After whatever amount of declicking seems reasonable, the audio is exported from Audacity as a .wav file. Before exiting Audacity, the Stereonorm script (available here) is run on the .wav file to bring the left and right channel levels up to 100% volume. If the normalization results look reasonable compared to the Audacity visual representation of the recording, Audacity is exited and restarted with the normalized recording. If the normalization numbers seem right compared to the visual wave representation, it is often possible to remove more offending large clicks, export again and rerun the normalization step. Although it may make audiophiles cringe, it may be beneficial to use the repair function to shave the level off on the peaks of loud percussive waveforms. Done sparingly, this can be used to fix balance problems encountered during the normaliztion step.

The version of Audacity that your author has been using, 1.3.4-beta on Ubuntu 8.04, has a few bugs that can cause crashes and the loss of time-consuming work. Occasionally after doing a lot of repairs, attempting to export a file as .wav produces a long stream of zero-length write errors. It is usually possible to recover from this by writing out the data in the Audacity native .aup format, exiting and restarting Audacity with the .aup file, and trying the .wav export again. On numerous occasions, adding a label track followed by doing more click repairs has caused Audacity to crash. It is advisable to perform the labeling step on a new instantiation of Audacity. Hopefully these bugs to disappear when the system gets updated to a newer version of Audacity.

After investing many hours into the creation of a large audio library (now up to around 200GB), it becomes critical to back up the data. Fortunately, the price of IDE disks has dropped as fast as the capacity has risen and hard drives can be treated as high capacity data cartridges. Backups can easily be done by adding a temporary SATA or USB drive to a system and running an efficient rsync operation to copy any new or changed data to the offline archive.

Comments (18 posted)

System Applications

Backup Software

ORION-Backup: 1.0 Beta is available (SourceForge)

Version 1.0 beta of ORION-Backup has been announced. "ORION-Backup uses a web-2.0 interface to quickly navigate back in time through your archived backups. ORION-Backup is based on rdiff-backup, and is provided as a .deb package for Ubuntu and as a source-code archive. Thanks to everyone for waiting offline... Version 1.0-beta is here, fully rewritten as a real OO application."

Comments (none posted)

Database Software

Firebird 2.0.5 Release Candidate 2 is Ready to Test

Version 2.0.5 Release Candidate 2 of Firebird, a light weight DBMS, has been announced. "The Firebird Team is pleased to offer the second round of Linux, Win32 and MacOSX release candidate kits for Firebird 2.0.5. Please refer to the Bug Fixes chapter of the release notes, test it well and report your experiences (good or bad) to the firebird-devel list."

Comments (none posted)

MySQL Community Server 5.0.75 has been released in source

Version 5.0.75 of MySQL Community Server has been announced. "This is a bugfix release for the current production release family. It replaces MySQL 5.0.67."

Full Story (comments: none)

MySQL Cluster 6.3.20 has been released

Version 6.3.20 of MySQL Cluster has been announced. "This is a bugfix release which replaces MySQL Cluster 6.3.17."

Full Story (comments: none)

PostgreSQL Weekly News

The December 21, 2008 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

SQLite release 3.6.7 is out

Version 3.6.7 of SQLite, a light weight DBMS, has been announced. "Changes associated with this release include the following: * Reorganize the Unix interface in os_unix.c * Added support for "Proxy Locking" on MacOSX. * Changed the prototype of the sqlite3_auto_extension() interface in a way that is backwards compatible but which might cause warnings in new builds of applications that use that interface..."

Comments (none posted)

Device Drivers

v4l-test: 0.1 released (SourceForge)

Version 0.1 of v4l-test has been announced. ""v4l-test" is a test environment for Video for Linux. Two device drivers running under Linux. Is my video driver for webcam or tuner stable? Is it conform to the V4L2 specification? The goal of this project to answer these questions. This first release has only a few test cases, but it can already tell something about your driver you might use."

Comments (none posted)

Embedded Systems

Serving cross-compiled OpenJDK with IcedTea

Robert Schuster describes his work to get Java support for embedded devices on his blog. He has cross-compiled OpenJDK/IcedTea for the ARM processor which means that Java is available on a wide range of embedded Linux boards and gadgets. "Those who do not know OpenEmbedded may wonder what is so special about the work I have done in the last weeks. Well, the special thing is that we are cross-compiling the OpenJDK. That means the machine on which the JDK is built is of a different kind than the one on which we want to run it later on. The difficulty stems from the fact that the OpenJDK build system is not designed for this ...". (thanks to Mark Wielaard).

Comments (15 posted)

Filesystem Utilities

Linux::DataDVD: v03.03 Released (SourceForge)

Version 03.03 of Linux::DataDVD has been announced. "Linux::DataDVD is a perl module that is a wrapper for dvd+rw+tool, growisofs, mkisofs, mount and umount commands. Targeted at the management of file based data rather than multimedia. This version fixes a few minor bugs and adds the ability to define a UI object for user interaction. This should allow the module to be used with GUI or custom interfaces."

Comments (none posted)

Networking Tools

conntrack-tools 0.9.9 released

Version 0.9.9 of conntrack-tools has been announced. "The netfilter project proudly presents another development release of the conntrack-tools. This release includes important updates, fixes and improvements."

Full Story (comments: none)

Web Site Development

ikaaro 0.50.0 released

Version 0.50.0 of ikaaro has been announced. "This is a Content Management System built on Python & itools, among other features ikaaro provides: - content and document management (index&search, metadata, etc.) - multilingual user interfaces and content - high level modules: wiki, forum, tracker, etc. This release has seen the major changes in the user interface for a long time. Most notably the backoffice is now integrated into the frontoffice. When the user logs in the application, the backoffice interfaces appear."

Full Story (comments: none)

Midgard 8.09.3RC2 released

Version 8.09.3RC2 of the Midgard content management system has been announced. "The Midgard Project has released a second release candidate for the third maintenance release of Midgard 8.09 Ragnaroek LTS. Ragnaroek LTS is a Long Term Support version of the free software content management framework. The 8.09.3 release focuses on API and architecture cleanups in order to ease transition from Midgard 1.x series API to Midgard 2.x APIs."

Full Story (comments: none)

Desktop Applications

Audio Applications

HOgg release 0.4.1 announced

Version 0.4.1 of HOgg has been announced, it adds support for Hackage, the Haskell source packaging system. "The HOgg package provides a commandline tool for manipulating Ogg files, and a corresponding Haskell library."

Full Story (comments: none)

Business Applications

ADempiere: 353a released (SourceForge)

Version 353a of ADempiere has been announced. "ADempiere Business Suite ERP/CRM/MFG/SCM/POS done the Bazaar way in an open and unabated fashion. Focus is on the Community that includes Subject Matter Specialists, Implementors and End-Users. We are a community fork of Compiere. Few hours earlier we released our best to-date stable version 3.4.2 as the top ranked ERP Project in SourceForge. Just now we released our Libero Manufacturing 3.5.3a beta version. This is a double record for this 2 year old community fork of Compiere."

Comments (none posted)

Data Visualization

matplotlib 0.98.4 released

Version 0.98.4 of matplotlib, a scientific plotting package, has been announced. "It’s been four months since the last matplotlib release, and there are a lot of new features and bug-fixes." New capabilities include legend enhancements, fancy annotations and arrows, a native OS X backend, psd amplitude scaling, fill between and more.

Comments (none posted)

Desktop Environments

GNOME 2.25.3 released

Version 2.25.3 of the GNOME desktop environment has been announced. " Wow we are so late this time -- probably some Debian blood is still flowing through my veins -- but this is really worth it, 2.25.3 is here and there is goodness overflowing. This is the third development release towards our 2.26 release that will happen in March 2009. By now, development is well under way, and we've already made good progress on some of the goals that we've set ourselves for 2.26 (http://live.gnome.org/GnomeGoals)."

Full Story (comments: none)

GNOME Software Announcements

The following new GNOME software has been announced this week:

• cairomm 1.7.2 (API changes and bug fixes)
• gbrainy 1.01 (bug fixes and translation work)
• gnome-applets 2.25.2 (new features, bug fixes and translation work)
• GNOME Utilities 2.25.0 (bug fixes and translation work)
• gnoMint 0.9.1 (bug fix)
• GSQL 0.2.1 (new features and bug fixes)
• gstreamermm 0.9.8 (new features)
• sawfish 1.3.5 (new features, bug fixes and documentation work)
• Sawfish 1.3.5.1 (bug fix)
• seahorse-plugins release 2.25.3 (bug fixes and code cleanup)
• Swfdec 0.8.4 (new features and bug fixes)
• Tomboy 0.12.2 (bug fix)
• Tomboy 0.13.2 (bug fixes and translation work)

You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE 4.2 Beta 2 Released

Version 4.2 Beta 2 of KDE has been announced. "The KDE Community today announced the immediate availability of "Canaria", (a.k.a KDE 4.2 Beta 2), the second testing release of the new KDE 4.2 desktop. Canaria is aimed at testers and reviewers. It should provide a solid ground to report bugs that need to be tackled before KDE 4.2.0 is released. Reviewers can use this beta to get a first look at the upcoming KDE 4.2 desktop which provides significant improvements all over the desktop and applications."

KDE.News has more information on this release.

Full Story (comments: none)

KDE Software Announcements

The following new KDE software has been announced this week:

• cb2Bib 1.1.0 (new feature)
• digiKam 0.10.0-beta7 (new features and bug fixes)
• Dikt for KDE4 (initial release)
• German Radio Streams Service 0.6 (new stations)
• Greek Radio Stations 0.1 (initial release)
• kAnyRemote 5.5 (new features and bug fixes)
• KDbg 2.1.1 (bug fix and translation work)
• Kvkbd - KDE3 0.5 (new features)
• kvpnc 0.9.1 (bug fixes)
• Kwave 0.8.1 (new features and bug fixes)
• luckyBackup 0.1.2 and 0.2.pre1 (new features and bug fixes)
• mtvcgui 0.2 (unspecified)
• nmapsi4 0.1.1 (new features and bug fixes)
• QSvn 0.8.0 (new features and bug fixes)
• sMovieDB beta0.50 (new feature and bug fixes)
• Zhu3D 4.1.8 (new features, bug fixes and translation work)

You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

samurai-x2 0.1 released

Version 0.1 of samurai-x2 has been announced. "samurai-x2 is a window manager written in pure python using ctypes, xcb and cairo. samurai-x2 is a rewrite of samurai-x which used xlib, the new version uses xcb instead which makes the code simpler and faster. Using xcb makes samurai-x one of the first window managers to use xcb and using nothing but python and ctypes makes samurai-x one of the first 'pure python' window managers available."

Full Story (comments: none)

Xorg Software Announcements

The following new Xorg software has been announced this week:

• libdrm-2.4.3 (new feature)
• libXfont 1.3.4 (bug fixes and code cleanup)
• libXrandr 1.2.99.4 (bug fixes)
• mkfontscale 1.0.6 (new features and documentation work)
• xextproto 7.0.4 (new feature, bug fix and documentation work)
• xf86-input-vmmouse 12.6.3 (bug fixes)
• xf86-video-apm 1.2.1 (bug fixes and code cleanup)
• xf86-video-ark 0.7.1 (bug fixes and code cleanup)
• xf86-video-ast 0.87.0 (new features, bug fixes and code cleanup)
• xf86-video-chips 1.2.1 (bug fixes and code cleanup)
• xf86-video-glint 1.2.2 (bug fixes and code cleanup)
• xf86-video-neomagic 1.2.2 (code cleanup)
• xf86-video-s3 0.6.1 (bug fixes and code cleanup)
• xf86-video-s3virge 1.10.2 (bug fixes)
• xf86-video-sis 0.10.1 (bug fixes and code cleanup)
• xf86-video-tdfx 1.4.1 (bug fixes)
• xf86-video-trident 1.3.1 (bug fixes and code cleanup)
• xf86-video-tseng 1.2.1 (code cleanup)
• xf86-video-vesa 2.1.0 (bug fixes and code cleanup)

More information can be found on the X.Org Foundation wiki.

Comments (none posted)

Desktop Publishing

TaxPub: Initial Release (SourceForge)

The initial release of TaxPub has been announced. "TaxPub is a module of the NLM/NCBI Journal Archiving DTD for markup of taxonomic treatments. The initial release of the taxpub module for the NLM Journal Publishing DTD has been posted to the project download page."

Comments (none posted)

Electronics

gEDA/gaf stable version 1.4.2-20081220 released

Version 1.4.2-20081220 (stable) of gEDA/gaf, a collection of electronic design tools, has been announced. "I have released a stable release of gEDA/gaf today (1.4.2-20081220). Many thanks to all the people who fixed bugs for this stable release and for PeterB and PeterC for doing the cherry picking and pushing of the fixes into the main repository."

Comments (none posted)

gEDA/gaf unstable snapshot 1.5.1-20081221 released

Version 1.5.1-20081221 (unstable) of gEDA/gaf, a collection of electronic design tools, has been announced. "I have released an unstable snapshot of gEDA/gaf today (1.5.1-20081221). This snapshot includes a staggering amount of commits (456 to be precise). Many thanks to everybody who worked on this release. The number of commits, changes, and improvements are truely impressive."

Comments (none posted)

Games

SuperTuxKart: 0.6 RC1 released (SourceForge)

Version 0.6 RC1 of SuperTuxKart has been announced. "SuperTuxKart is a a kart racing game featuring Tux and friends. It is a fun-racer game, focusing on fun and ease of play. Finally, just days before Christmas, we managed to bring a first release candidate for 0.6 online. The new version has (among a lot of new tracks and other improvements) improved physics with skidding, nitro, a better AI, and improved sound effects. Feedback is welcome!"

Comments (none posted)

GUI Packages

Qt 4.5 and Qt Creator reach beta status (KDE.News)

Beta versions 4.5 of Qt and Qt Creator have been announced. "The greater news concerns Qt Creator this time: the complete source code is publicly available under the GPL from now on. Everybody interested in the development of the latest addition to Qt's tool family should head over to the repository and take a look. Qt Creator is intended to make cross-platform development with Qt as easy as possible - especially to those who are new to developing Qt applications."

Comments (none posted)

Interoperability

Wine 1.1.11 announced

Version 1.1.11 of Wine has been announced. "What's new in this release (see below for details): - Numerous fixes for IE7 support. - Support for 64-bit cross-compile using Mingw64. - User interface support for crypto certificates. - Better support for MSI installation patches. - Various Direct3D optimizations. - Various bug fixes."

Comments (none posted)

Mail Clients

Claws Mail 3.7.0 unleashed

Version 3.7.0 of Claws Mail has been announced, many new features and bug fixes have been added. "Claws Mail is a GTK+ based, user-friendly, lightweight, and fast email client."

Full Story (comments: none)

Sylpheed 2.6.0 announced

Version 2.6.0 of the Sylpheed mail client has been announced. "2.6.0 includes several new features and feature improvements, reliability improvement, and bugfixes."

Comments (none posted)

Medical Applications

GNUmed 0.3.8 released

Version 0.3.8 of GNUmed has been announced, it adds a bug fix for the EMR plugin. "GNUmed is an open source Electronic Medical Record. It is developed by a handful of medical doctors and programmers from all over the world. It can be useful to anyone documenting the health of patients, including but not limited to doctors, physical therapists, occupational therapists, ..."

Full Story (comments: none)

Music Applications

horgand-dssi 1.14.2 released

Version 1.14.2 of horgand-dssi has been announced. "This is the synthesizer engine of horgand released as dssi plugin, including 28 banks of 32 sounds each one. Sound edtion is not allowed, is only for use as sound font in your favorite sequencer. Anyway you can create new sounds with the standalone horgand."

Full Story (comments: none)

Digital Photography

UFRaw 0.15 released

Version 0.15 of UFRaw, a digital camera reader application, is out. "UFRaw-0.15 was just released. Not much time has passed since the last release, yet a few new popular cameras got supported, and there was no excuse not to make a release. The most interesting change in this release is paralelization of the image generation process using OpenMP. This means that UFRaw can make use of your multi-core system."

Full Story (comments: 1)

Science

PyTables 2.1 (final) released

Version 2.1 of PyTables has been announced. "PyTables is a library for managing hierarchical datasets and designed to efficiently cope with extremely large amounts of data with support for full 64-bit file addressing. PyTables runs on top of the HDF5 library and NumPy package for achieving maximum throughput and convenient use. PyTables 2.1 introduces important improvements, like much faster node opening, creation or navigation, a file-based way to fine-tune the different PyTables parameters (fully documented now in a new appendix of the manual) and support for multidimensional atoms in EArray/CArray objects."

Full Story (comments: none)

ViTables 2.0 released

Version 2.0 of ViTables has been announced. "I'm happy to announce a new release of ViTables, the GUI for PyTables and PyTablesPro. This new version is a major rewrite of the previous one. Lots of things have been improved under the hood. A big effort has been made in order to improve not only look and feel (finally it works with PyQt4) but also stability and portability."

Full Story (comments: none)

Speech Software

eSpeak 1.40 released

Version 1.40 of eSpeak, a text to speech converter, has been announced. Click below for the Change Log details.

Full Story (comments: none)

Web Browsers

Firefox 2.0.0.20 now available for download

Version 2.0.0.20 of the Firefox web browser has been announced. "As part of the Mozilla Corporation's ongoing stability and security process, we've just shipped Firefox 2.0.0.20, which fixes a non- critical issue in the Windows version of Firefox 2.0.0.19. Firefox 2.0.0.20 is now available for download on Windows, Mac, and Linux from our website".

Full Story (comments: none)

Miscellaneous

Indic Onscreen Keyboard: iok-1.0.9 (SourceForge)

Version 1.0.9 of iok has been announced. "iok is Indic Onscreen Keyboard. This application shows Inscript keymaps for following Indian languages and allows you to type characters shown in GUI. Assamese, Bengali, Gujarati, Hindi, Kannada, Marathi, Malayalam, Punjabi, Oriya, Tamil, Telugu. This release contains some bug fixes and enhancements to GUI. Enhanced Open and Save keymap UI and now keymaps are listed as per their language names."

Comments (none posted)

JMRI/DecoderPro: Production release 2.4 (SourceForge)

Version 2.4 of JMRI/DecoderPro has been announced. "Java interfaces and sample implementations for controlling a model railroad layout from a personal computer. JMRI is intended as a jumping-off point for hobbyists to build their own layout controls. Includes the DecoderPro and PanelPro applications. We are very pleased to announce that the 2.3 series of JMRI test releases has resulted in a version that's good enough to be recommended for general use, including by new users. We're therefore making that version, "Production release 2.4" available for download today. There have been more than a hundred updates, new features and bug fixes since version 2.2 came out roughly five months ago."

Comments (none posted)

lfm 2.1 announced

Version 2.1 of lfm has been announced. "Last File Manager is a simple but powerful file manager for the UNIX console. It's written in Python, using curses module. Licensed under GNU Public License version 3."

Full Story (comments: none)

Languages and Tools

Perl

Perl 5 now uses Git for version control (use Perl)

Perl 5 is now using Git for its version control system. "acme writes "The Perl Foundation has migrated Perl 5 to the Git version control system, making it easier than ever for Perl's development team to continue to improve the language that powers many websites.""

Comments (none posted)

Python

Python 2.4.6 and 2.5.3 (final) announced

Versions 2.4.6 and 2.5.3 of Python have been announced. "2.5.3 is the last bug fix release of Python 2.5. Future 2.5.x releases will only include security fixes. According to the release notes, about 80 bugs and patches have been addressed since Python 2.5.2, many of them improving the stability of the interpreter, and improving its portability. Since the release candidate, the only change was an update to the Macintosh packaging procedure. 2.4.6 includes only a small number of security fixes. Python 2.6 is the latest version of Python, we're making this release for people who are still running Python 2.4."

Full Story (comments: none)

Python 2.5.4 (final)

Version 2.5.4 of Python has been announced. "Python 2.5.3 unfortunately contained an incorrect patch that could cause interpreter crashes; the only change in Python 2.5.4 relative to 2.5.4 is the reversal of this patch. 2.5.4 is the last bug fix release of Python 2.5. Future 2.5.x releases will only include security fixes. According to the release notes, about 80 bugs and patches have been addressed since Python 2.5.2, many of them improving the stability of the interpreter, and improving its portability."

Full Story (comments: none)

Python-URL! - weekly Python news and links

The December 24, 2008 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Tcl/Tk

John Ousterhout retires from the Tcl Core Team

The Tcl Core Team has announced the retirement of John Ousterhout. "...it is impossible to give an adequate account of Dr. Ousterhout's accomplishments as the true "father of Tcl/Tk:" from overseeing its initial construction in the laboratories at Berkeley, through overseeing its publicity and recruiting community development, through its period of commercial development at Sun, Scriptics, and Ajuba, into the community-maintained system that it is today..." (Thanks to Phillip Dietz).

Comments (1 posted)

Tcl-URL! - weekly Tcl news and links

The December 22, 2008 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Version Control

GIT 1.6.0.6 released

Version 1.6.0.6 of the GIT distributed version control system has been announced. "Among miscellaneous fixes, this contains a local gitweb security fix. Maintenance releases for older versions (v1.5.4.7, v1.5.5.6 and v1.5.6.6) are also available at the same place."

Full Story (comments: none)

Mercurial 1.1.1 released

Version 1.1.1 of Mercurial, a lightweight Source Control Management system, has been announced. This is mainly a bug fix release, see the Whats New document for details.

Comments (none posted)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

in this post, i rant about licensing

Tom "Spot" Callaway shares his thoughts on licensing. "I tend to giggle a little bit to myself whenever I hear about a "100% Free GNU/Linux distribution". I'm sure it is possible, theoretically to make one, but it quickly delves into semantics. First, who defines what "Free" means? Debian has a meaning, as does the Free Software Foundation. Their meanings are similar, but not compatible. Debian determines "Free" by committee. The FSF somewhat does as well, but ultimately, the tricky decisions go to Richard Stallman (rms)." (Thanks to Scott Dowdle)

Comments (35 posted)

Linux Steps Into the Operating System Ad Battle (Wired)

The Linux Foundation (LF) is sponsoring a contest to answer the recent Apple and Microsoft advertising campaigns as reported by Wired. It is soliciting videos that are supposed to demonstrate the "I'm Linux" theme to counter the "I'm a Mac" and "I'm a PC" ad wars. The winning entry will be shown at the LF Collaboration Summit in San Francisco in April. "But unlike Microsoft's campaign that paid Jerry Seinfeld $3 million for two commercials and acquired user videos for free, the Linux Foundation plans to compensate the winner of its contest with a free trip to Tokyo to participate in the Linux Foundation Japan Linux Symposium next October."

Comments (15 posted)

Companies

Adobe AIR 1.5 now available for Linux

Adobe has announced the release of Adobe AIR 1.5 for Linux. "A month ago, at our MAX conference in San Francisco, Adobe announced the immediate availability of the Adobe AIR 1.5 runtime and SDK for Mac and Windows. However, since the beginning of the AIR project when the AIR runtime was originally known by its code name Apollo, it has been our intention to bring the runtime and SDK to the Linux community as well. Earlier this year we posted a public beta on Adobe Labs and collected feedback from thousands of users on forums, blogs, Twitter posts, and our team's feedback form."

Comments (none posted)

VMware's year end acquisition of Tungsten Graphics (InfoWorld)

InfoWorld reports on the acquisition of Tungsten Graphics by VMware. "Fast forward a month later and in November, the virtualization giant was at it again. This time, VMware grabbed up a company involved with the development of a very popular series of graphics technology for Linux. The company is called Tungsten Graphics..."

Comments (none posted)

Business

Linux in 2009: Recession vs. GNU (Datamation)

Over at Datamation, Bruce Byfield asks for some opinions on free and open source software (FOSS) adoption and outlook for 2009. Overall, most of those he talked to seemed to think next year would be good for FOSS, regardless of the economy. "But FOSS has many more advantages than simply being a cheaper way of building infrastructure. Jim Zemlin, executive director of the Linux Foundation, points out that not only is FOSS in general and Linux in particular well-supported, with billions of dollars of investment from top tier companies, but that, unlike Windows, it is 'massively hedged,' by which he means that it is available in every form from cheap notebooks through embedded systems to super computers."

Comments (4 posted)

Linux at Work

The Flying Penguin: Linux In-Flight Entertainment Systems (LinuxInsider)

LinuxInsider reports on the use of Linux for in-flight entertainment systems. "If you've used an in-flight entertainment system, known in the airline industry as an "IFE," to watch movies, listen to music, or order food lately, chances are it used Linux Linux as an operating system. You might not know that Linux is the operating system behind what you see on your screen, but it probably is. United, Delta, Qantas, Emirates, Virgin America, Aeromexico, Air New Zealand and many other airlines all use versions of Linux-based IFE software."

Comments (13 posted)

Interviews

Linux's '09 Outlook: Everywhere, Even On Windows Machines (InformationWeek)

InformationWeek talks to Jim Zemlin of the Linux Foundation. ""The New York Times recently did a piece on big-name companies like Dell and Hewlett-Packard all diving in the [Linux-powered] netbook space," he told me, "and on top of that there's QuickBoot, where you power on your machine and a couple of seconds later, you've booted into a Linux-powered mini-environment with network access, e-mail, and so on. The thing is, when people use this, Microsoft loses that much more customer experience. You're not booting into Windows, so Windows becomes further from the consumer in terms of what they're using day to day. And as you get less dependent on Windows, other things rise to the fore."

Comments (none posted)

Resources

An OpenVZ Experiment - How many containers? (Montana Linux)

Scott Dowdle experiments with OpenVZ containers. "I was wondering just how many OpenVZ containers I could create on a beefy machine and how many processes the Linux kernel would be happy running so I decided to do an experiment. I have two OpenVZ hosts... one is the primary and the other is a backup machine. Both of them are HP Proliant DL380 Gen5 machines with dual, quad-core Xeon processors, 32GB of RAM, 32GB of swap, and a 600GB /vz partition. I decided to use the backup OpenVZ machine for the experiment."

Comments (none posted)

Python 3 primer, Part 1: What's new (developerWorks)

developerWorks begins a series looking at Python 3. "This article - the first in a series on Python 3 - covers the new print() function, input(), changes to input/output (I/O), the new bytes data type, changes to strings and string formatting, and finally, changes to the built-in dict type. This article is meant for programmers who are already familiar with Python and are curious about the changes but don't want to wade through the long list of Python Enhancement Proposals (PEPs)."

Comments (4 posted)

Miscellaneous

Call For Articles - Cool Projects (Linux Journal)

Linux Journal is looking for cool projects to write articles about. "We're the first to admit that Linux is cool. Just using it is cool, but if you're doing something extra cool with Linux this is your chance to share it with the community. Our Cool Projects issue is coming up quick and we're looking for a few more project articles. We're partial to Cool projects that have a hardware slant, but if you have a Cool software project let us know about that too."

Comments (2 posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

Linux Foundation appoints Ted Ts’o as CTO

The Linux Foundation has announced the appointment of Ted Ts’o as Chief Technology Officer. "Ts’o is currently a Linux Foundation fellow, a position he has been in since December 2007. He is one of the most highly regarded members of the Linux and open source community and is known as the first North American kernel developer. Other current and past LF fellows include Steve Hemminger, Andrew Morton, Linus Torvalds and Andrew Tridgell. Ts’o will be replacing Markus Rex as CTO of the Linux Foundation."

Comments (none posted)

Commercial announcements

Red Hat Reports Third Quarter Results

Red Hat, Inc. has announced financial results for its fiscal year 2009 third quarter ended November 30, 2008. "Total revenue for the quarter was $165.3 million, an increase of 22% from the year ago quarter and 1% from the prior quarter. Subscription revenue for the quarter was $135.5 million, up 17% year-over-year and flat sequentially." News&Observer takes a look. (Thanks to Rahul Sundaram)

Comments (4 posted)

Surveys

December 2008 Web Server Survey

Netcraft has published the December 2008 Web Server Survey, Apache usage is up again. "nginx shows the 3rd largest growth this month, climbing by more than 10% to reach 3.35 million sites. This server now has nearly 1.8% of the worldwide market share — an impressive feat, given that it is the work of just one man, Igor Sysoev."

Comments (1 posted)

Education and Certification

Take the Linux certification exam 102 with confidence (IBM developerWorks)

IBM developerWorks presents an LPI exam 102 prep. "Welcome to the next step in studying for the Linux certification exam 102. This tutorial series serves as a comprehensive self-study guide so you can take the exams with confidence. And even if you're not preparing for Linux certification at this time, this series helps you build fundamental skills on Linux systems administration."

Comments (none posted)

Calls for Presentations

CONFidence 2009 CFP

A call for papers has gone out for CONFIDENCE 2008. "Calling all practitioners in the field of IT security! The 5th edition of the best Polish IT security conference, CONFIDENCE 2008, is taking place in May 15/16, 2008. We invite all to send the proposed topic and abstracts of presentation till the end of January."

Full Story (comments: none)

Upcoming Events

MySQL Conference and Expo Speakers Announced and Registration Open

Registration is open for the 2009 MySQL Conference & Expo. "Sun Microsystems and O'Reilly Media have now opened registration and unveiled the program for the seventh annual MySQL Conference & Expo, April 20-23, at the Santa Clara Convention Center in Santa Clara, CA. The world's largest open source database event unites over 2,000 MySQL enthusiasts to harness the power of MySQL and celebrate the huge MySQL community."

Full Story (comments: none)

SCALE is shaping up nicely

A SCALE status report has gone out. "The 7th Annual So Cal Linux Expo is shaping up nicely. In spite of adding an additional track to the weekend conference, all four tracks have been filled. The Expo received 148 submittals, all of which were excellent, for 45 speaker slots. The speaker selections have been completed and the speakers are being notified. Keynote speaker selection is in progress. While the Call For Papers for the main conference is closed, the Calls for both WIOS and OSSIE are open until December 31st, and there are still a few speaker slots available for those specialty conferences."

Full Story (comments: none)

Web 2.0 Expo San Francisco registration opens

Registration is open for the Web 2.0 Expo. "O'Reilly Media, Inc. and TechWeb, producers of Web 2.0 Expo and Web 2.0 Summit, today announced the return of Web 2.0 Expo San Francisco, the annual event for developers, designers, marketers, and business professionals building the next generation Web. This year, Web 2.0 Expo centers on the idea of "the Power of Less," exploring how the principles of Web 2.0 can turn constraints into opportunities. Web 2.0 Expo San Francisco is March 31 - April 3, 2009 at Moscone West."

Full Story (comments: none)

Events: January 1, 2009 to March 2, 2009

The following event listing is taken from the LWN.net Calendar.

Date(s)	Event	Location
January 8 January 11	Consumer Electronics Show	Las Vegas, NV, USA
January 9 January 11	Fedora User and Developer Conference	Boston, USA
January 15 January 16	Foundations of Open Media Software 2009	Hobart, Tasmania, Australia
January 17 January 23	Camp KDE 2009	Negril, Jamaica
January 19 January 24	linux.conf.au - penguins march south	Hobart, Australia
January 25 January 29	Ruby on Rails Bootcamp with Charles B. Quinn	Atlanta, GA, USA
January 25 January 28	GCC Research Opportunities	Paphos, Cyprus
January 31	Greater London Linux Users Group meeting	London, UK
January 31 February 3	Black Hat Briefings DC	Arlington, VA, USA
February 4 February 5	DC BSDCon 2009	Washington, D.C., USA
February 4 February 6	Money:Tech 2009	New York, NY, USA
February 5 February 9	German Perl Workshop	Frankfurt, Germany
February 7	Frozen Perl 2009	Minneapolis, MN., USA
February 7 February 8	FOSDEM 2009	Brussels, Belgium
February 9 February 11	O'Reilly Tools of Change for Publishing	New York, NY, USA
February 15	Free Software Awards 2009 Deadline	Soissons, France
February 16 February 18	Open Source Singapore Pacific-Asia Conference	Singapore, Singapore
February 16 February 19	Black Hat DC Briefings 2009	Washington, D.C., USA
February 20	Demonstrating Open-Source Health Care Solutions	Los Angeles, CA, USA
February 20 February 22	Southern California Linux Expo	Los Angeles, CA, USA
February 24 February 26	VMworld Europe 2009	Cannes, France
February 25 February 27	German Perl Workshop	Frankfurt Main, Germany
February 27	PHP UK Conference	London, UK
February 28	Belgian Perl Workshop	Leuven, Belgium
February 28	uCon Security Conference	Recife, Brazil
March 1 March 4	Global Ignite week	Online,

If your event does not appear here, please tell us about it.

Page editor: Forrest Cook