Your editor is, at times, a creature of habit. Many, many years ago, back
when Tcl and Tk were new and exciting, he discovered a simple calendar
called "ical" and he has been using it ever since. ical may be old and
![[ical]](/images/ns/calss/ical-sm.png)
unmaintained, but it
works. It provides a basic calendar,
appointment book, and task list without taking up too much screen space or
system resources. Its interface is quick and does not require lots of
clicking and form filling. It does exactly what it needs to do.
Creatures of habit, perhaps, should not run Debian unstable on their
desktops. Your editor has learned to scrutinize every dist-upgrade
carefully before turning it loose, but he missed the one that deleted ical
from his system. Some investigation turned up that, in fact, ical has not
been part of Debian for some time; it had been removed as being obsolete,
unmaintained, and superseded by better alternatives. ical was able to
continue to exist for years, however, until some recent change in unstable
forced its removal.
After scrambling to copy his calendar file to another system, your editor
decided it was time to investigate some of these newer, better
alternatives. The results, it must be said, were somewhat disappointing.
The new crop of desktop calendars may be impressive to look at, but few of
them have achieved the straightforward ease of use and unobtrusiveness that
ical had almost fifteen years ago. Fortunately, the news is not all bad.
The first stop in such a search almost has to be Evolution.
Ximian's high-profile groupware system is, doubtless, highly useful for
busy people who must juggle meetings and share their schedules with
others. One of the big advantages of working for a small operation like
LWN, however, is that scheduling a meeting is a simple matter of finding a
table at a local brewpub, and Evolution can't help with that. For one
whose goal is a simple calendar manager, and who has no desire to switch to
a new email client, Evolution brings a great deal of heavyweight baggage
for little gain. The calendar interface is difficult to navigate around
in; your editor never did succeed in reproducing the calendar view found on
the Evolution
screen shots page. Evolution 1.4 also crashed several times while
being tested. Evolution may be an impressive piece of software, but it is
not appropriate to consider as a replacement for ical.
The word is that Evolution 2.0 will feature a much-improved calendar
manager, and the underlying infrastructure will make it easier to create
independent, standalone calendar applications.
The next logical place to look is KOrganizer, the KDE calendar
application. KOrganizer it must be said, is a nice calendar manager. The
default layout wastes a lot of space, but a bit of edge dragging fixes
that. KOrganizer allows for relatively painless entry of events, and it
understands the concept of events which are attached to a day, but which
have no particular time (e.g. "wedding anniversary: have a present or sleep
on the couch"). Alarms are nicely configurable, though your editor noted
that the alarm windows had a tendency to pop up underneath the KOrganizer
window on his (non-KDE) desktop.
There is one nice ical feature that KOrganizer lacks: the ability to add
events without dealing with dialog windows. With ical, it's simply a
matter of dragging an entry over the relevant time period and typing in the
info. With KOrganizer (and a number of other calendar managers), you have
to set the times in special dialog fields. KOrganizer 3.2 has improved
things somewhat by allowing the time range to be set with the mouse, but it
requires an explicit configuration option and still puts up a dialog for
the event description. In the modern, graphical,
direct manipulation world, the dialog window should be unnecessary if the
more complex features (custom alarms, recurrence) are not being used.
Another possibility is a package called plan, which is a calendar manager
based on Motif. Plan has the basic necessary features; it can handle
appointments (but appears to lack a task list). It requires a separate
daemon to handle
alarms, and complains if that daemon is not running when it starts up. It
has two basic views, being full-month and one week; there is no way to get
the "this month calendar and today's events" view that many other calendar
managers offer. Event entry is relatively unfriendly, requiring dates and
times to be typed into form blanks. Plan works as a basic calendar, but
fails to inspire enthusiasm.
A simple, but cute entry is gDeskCal. This
calendar is meant to sit on (and blend into) the desktop; it uses alpha
blending to make itself inconspicuous, and comes with several different
"skins" which can be used to change its appearance. gDeskCal has a simple
appointment manager, and it can read Evolution appointments as well.
Hovering the mouse over a given day will yield a transient window listing
that day's appointments. There is no alarm capability, however.
Your editor was also pointed at "xcal", which is available as a Debian
package but which appears to lack a web page. Anybody who wonders what
life was like when the Athena Widget Set was new should give xcal a try.
Anybody wanting a modern calendar application should look elsewhere,
however.
The final stop on this tour is GNOME-PIM.
This calendar manager, like KOrganizer, handles all of the basic tasks and
provides a number of useful views. Unlike KOrganizer, GNOME-PIM allows
entry and management of calendar entries directly in the main window,
without dialogs. Also unlike KOrganizer, it lacks "no specific time"
events. Unlike ical, GNOME-PIM does not have a flag on events saying
whether that event should cause the day to be highlighted on the one-month
calendar view. There are certain types of events ("it's trash day") that
are nice to get
reminders for, but which don't really qualify as special events. GNOME-PIM
has a lot of potential, but it suffers from a big problem: development
activity appears to have come to a stop, and there has not been a GNOME-PIM
release since the end of 2002. The last thing a grumpy editor needs is to
commit himself to another unmaintained calendar application.
The winner is fairly clear: the only application which is competitive
as an ical replacement appears to be KOrganizer. The KDE developers have
done a top-quality job of creating a focused, highly-configurable calendar
manager which brings in a (relative) minimum of unneeded baggage. Your
editor will miss the quickness and simplicity of ical, but KOrganizer will
get the job done. Let us hope, however, that the developers of graphical
applications will not forget the users who are not interested in massive,
do-everything applications. It should always be possible to find, say, a
reasonably functional calendar without dragging in email clients, web
servers, and other unrelated stuff. The old Unix guideline - a tool should
do one job, and do it well - is best not forgotten.
Comments (70 posted)
Progeny is proposing a
different way
to look at Linux distributions.
According to
Progeny's Ian Murdock, the traditional Linux distribution follows a
"top-down" "one-size-fits-all" model that doesn't meet the needs of many
Linux users.
For those who view Linux not as a product but as a platform on which to
build their own products, the monolithic nature of the typical distribution
is a particularly bad fit. The typical Linux-as-product distribution
optimizes for breadth--because it is "one-size-fits-all", it needs to
include a huge assortment of features and technologies to satisfy the
widest possible audience, only a few of which may be important to any given
project (and the few that are important will always vary). Ideally, for
Linux-as-platform users, a distribution should optimize for depth, i.e., to
excel in those few features and technologies important to the project at
hand.
The new approach, then, is to "componentize" Linux by allowing the user to
choose only the bits that they need. We spoke with Murdock about Progeny's
plans for componentized Linux to see where the company is headed. Is
componentized Linux yet another Linux distribution?
Emphatically not, according to Murdock:
One thing that's very important to point out, it's not a distribution per
se -- it's more of a template above an existing distribution like Red Hat
or Debian...someone can come in and say 'this is what I want' and then it
becomes a question of 'which distribution foundation do I want under that?'
... It's a much smaller job to come in and say 'I want an LSB 2.0-compliant
runtime and Active Directory integration module' instead of having to go in
to Debian to figure out what packages you need.
Besides, Progeny has already been there and done that with regards to the
distribution business. The company started with Progeny Linux, a
"commercialized" version of Debian, and eventually moved on to a business
model of helping other companies customize Linux to fit their
needs. Customization, according to Murdock, often involved a lot of time
removing components from "monolithic" distributions that their customers
had started with -- which in turn led to the concept of componentized
Linux.
For users who are interested in seeing componentized Linux in action,
Progeny has released "Componentized Linux Core" ISOs based on Debian
Sarge. There are two ISO images available, only the first is necessary to
perform an install -- the second contains the remainder of source code for
the distribution that didn't fit on the first ISO. They provide an early
glimpse of the concept, though the release is a bit short on actual
components. The Componentized Linux Core uses Progeny's Anaconda for Debian
installer and allows the user to install a short list of components:
XFree86 4.2, GNOME 2.4, a 2.4 or 2.6 kernel, and an LSB runtime and devel
component.
Why is Progeny making Componentized Linux public now? For one thing, the
company is looking to highlight Progeny's approach to customizing
Linux. Murdock also said that he's noticed a number of people developing
custom distributions, and that they'd like to give something back to the
community -- and to prevent others in the community from having to re-do
the same work that Progeny has already done. He also said that he hopes
that Progeny will be able to build a community around Componentized Linux
that will help the project evolve to everyone's benefit. Murdock noted that
the response thus far has been positive:
I think it's a concept that resonates with people, because Linux is a
fundamentally different OS. The leading commercial distributions are
looking more and more like the proprietary OSes that they are
replacing...people are looking at this and saying 'it's a good fit, and
it'll save me a lot of time.'
Though Progeny's first release is based on Debian, Murdock said that the
company also hopes to have a Fedora-based Componentized Linux and
"possibly more than that."
It will be interesting to see if the à la Carte approach gains
widespread appeal. No doubt, part of the distribution proliferation problem
stems from the difficulty of customizing "major" distributions to specific
tasks. Instead of seeing hundreds of different Linux distributions -- each
with their own installer, administration tools and assorted quirks --
perhaps we could look forward to a day when most distributions utilize a
single common core and distinguish themselves through package
repositories. For users who have had to master multiple distributions,
package formats and admin tools, it's an attractive prospect indeed.
Comments (7 posted)
Mark Barrenechea, a senior vice president in charge of product
development at CA, said the SCO licenses weren't bought but were
"thrown in" as part of a settlement CA reached last August with
Canopy.
--Dow Jones
The word from CA would appear to be clear: the company did not go out
looking for "Linux licenses" from the SCO Group. Instead, the Canopy
Group, SCO's largest stockholder, decided to toss the licenses in as part
of an apparently unrelated settlement some months ago. It must have seemed
like a good idea at the time; it was an easy way to claim that a large
company had obtained licenses from SCO.
Given the subsequent revelations, one would expect the press to be looking
into false statements of "Linux license" sales. There is also the
interesting question of just why the Canopy Group felt the need to push
Linux licenses in this way. Canopy claims to not be a part of SCO's
crusade, but events like this suggest otherwise. Instead, however, we got
headlines like:
For quite some time now, the SCO Group has been very well treated by the
media. Many of its claims have gone unchallenged, and even the company's
goofiest statements get wide coverage. Thus we hear that Darl
McBride's enemies are out to kill him, but important little details,
like the fact that SCO dropped the trade secret claims that were at the
core of its initial suit against IBM, somehow don't get covered. One can
only guess that SCO v. IBM as a "David v. Goliath" story makes for better
headlines.
Even so, the world beyond the free software community is clearly beginning
to figure things out. Consider the latest from
the Motley Fool:
With dwindling cash and the entire industry ready to fight, the
company looks like it's treading thin ice during spring melt. Given
the ham-fisted efforts of its law team, and its haphazard legal
strategy, I wouldn't bet that any amount of litigation will keep
SCO above water.
The questions asked by reporters at the March 3
conference call are also telling: they aren't buying it anymore. To
really see how the SCO PR battle is going, however, one should take a look
at the company's stock price.
Anybody who was paying attention during the dotcom bubble knows better than
to attribute too much rationality to stock prices. That notwithstanding,
a stock market is an efficient machine for integrating the opinions of a
large number of unrelated people. SCO's stock price peaked briefly at
$22.29 in October, when the BayStar deal was announced. At that time, the
company's market capitalization was a little over $300 million. Given
that SCO has no business left other than its Linux-related litigation, its
stock can be seen as a sort of call option on SCO's lawsuits. Even at its
peak, SCO's stock price represented a perceived chance of collection of
less than 10%. If the company were truly set to collect billions, it would
not be valued in the millions.
As this article was being written, SCO's stock has fallen below $10/share
for the first time since July. The value of the call option is clearly
declining.
Since stock prices are interesting as an indicator of public perception, we
have prepared an annotated chart correlating
the company's stock price against various events from the last year. It
shows how the public view of SCO has gone up and down and the correlation
with the actions of SCO and others. SCO may yet manage to engineer another
increase in its stock price, but it seems unlikely to get anywhere near the
highs of last October. If SCO's actions are truly part of a stock scam, it
would appear to have failed.
Most readers will be familiar with the Halloween X
memo leaked to Eric Raymond. The memo is for real, but SCO claims that
its author, outside consultant Mike Anderer, misunderstood the situation.
It has, regardless, caused the wider world to look again at Microsoft's
relationship to SCO, and may have played a part in the recent stock
decline.
Meanwhile, SCO has filed its memo
in opposition of Novell's motion to dismiss the "slander of title"
suit. SCO maintains that the asset purchase agreement was sufficient to
transfer the Unix copyrights, and that it has, indeed, suffered damages
from Novell's actions. SCO is also trying to get the case moved back to
Utah state court after Novell moved it to the Federal court. The Federal
court is the same one which is hearing the IBM case; perhaps SCO has
decided it no longer wishes to try its luck there.
Comments (4 posted)
On March 9 the European Parliament passed, without amendment, the "Intellectual
Property Rights Enforcement" directive under fast-track procedures. This
directive, which worries free software advocates and others (see
this FFII page for
the details), is expected to be passed by the European Commission shortly.
At that point, the battle shifts to the individual EU member states, each
of which must pass its own implementation legislation. Concerned Europeans
will certainly want to pay attention to what is happening in their
countries as this process goes forward.
Comments (none posted)
Page editor: Jonathan Corbet
Security
Brief items
Reading legal filings has never been your editor's idea of a good time, and
many of the filings which have gone his way over the last year have been
less fun than usual. So it has been a bit of a relief to read complaints
with titles like "Microsoft Corporation v. John Does 1-50 d/b/a Super
Viagra Group." The big ISPs are figuring out that spam is costing them
money; as a result, Microsoft, AOL, Earthlink, and Yahoo have filed a set
of lawsuits aimed at those who, they say, have sent spam into their
systems.
These suits have been trumpeted as the first application of the
much-maligned U.S. "CAN-SPAM" act. The complaints (most of which can be
found on
FindLaw) do, indeed, cite this act, but they also bring many other
counts and could easily have been filed before that act was passed.
Microsoft's complaint, for example, alleges "trespass to chattels,"
"conversion," violation of the Washington electronic mail act, violation of
the federal computer fraud and abuse act, Lanham act violations, and more.
AOL's complaint brings in violations of the Virginia computer crimes act,
dealing in falsified bulk email software (Virginia law, again), conspiracy
to commit trespass of chattels, and more. The CAN-SPAM act, clearly, is
only part of the picture.
The filings are good for publicity and as a way to look like something is
being done, but it remains to be seen whether they will accomplish anything
against spam. The fact that the complaints are filed against over 100
"John Does" makes one problem clear: these ISPs still do not have a clear
idea of who they are fighting. They claim that, armed with subpoenas, they
can follow the money trails starting with the manufacturers of the products
being pitched and track down the spammers from there. Perhaps, but it
would be a mistake to assume that the people involved will be easily found,
or that it will be easy to prove that they, in particular, sent the
messages in question.
That said, legal action is likely to be an important part of the fight
against spam in the future. With luck, a squad of expensive corporate
lawyers can help to push spammers further underground and make it harder to
actually earn money by sending junk email. There are reasons to worry too,
however; anti-spam laws are, to a great extent, being used to squelch a
certain type of unpleasant speech. It is not that hard to imagine those
laws being used to shut down other types of speech which powerful groups
find distasteful, much like domain name laws and procedures have been used
to pull the plug on consumer and satire sites. Making spammers
uncomfortable is a good thing; let's just hope this effort stops there.
Comments (2 posted)
New vulnerabilities
gdk-pixbuf: buffer overflow
| Package(s): | gdk-pixbuf |
CVE #(s): | CAN-2004-0111
|
| Created: | March 10, 2004 |
Updated: | March 16, 2004 |
| Description: |
Versions of gdk-pixbuf prior to 0.20 contain a vulnerability which can be exploited, via a malicious BMP file, to crash Evolution. |
| Alerts: |
|
Comments (none posted)
kdelibs: cookie disclosure
| Package(s): | kdelibs |
CVE #(s): | CAN-2003-0592
|
| Created: | March 10, 2004 |
Updated: | August 24, 2004 |
| Description: |
kdelibs (and, thus, Konqueror) has a vulnerability where a hostile server can force the disclosure of cookies that should not be presented to it. KDE versions 3.1.3 and later contain a fix. |
| Alerts: |
|
Comments (none posted)
mozilla: multiple vulnerabilties
| Package(s): | mozilla |
CVE #(s): | CAN-2003-0594
CAN-2003-0564
|
| Created: | March 10, 2004 |
Updated: | August 19, 2004 |
| Description: |
Mozilla 1.4 contains a few vulnerabilities, including disclosure of cookies to the wrong server, a scripting vulnerability which can allow an attacker to run arbitrary code, and an S/MIME vulnerability which can lead to remote denial of service or code execution attacks. |
| Alerts: |
|
Comments (none posted)
python: buffer overflow
| Package(s): | python |
CVE #(s): | CAN-2004-0150
|
| Created: | March 10, 2004 |
Updated: | October 11, 2004 |
| Description: |
Python (versions 2.2 and 2.2.1 only) has a buffer overflow in the getaddrinfo() function which can be exploited by a malformed IPv6 address. |
| Alerts: |
|
Comments (none posted)
sysstat: temporary file vulnerability
| Package(s): | sysstat |
CVE #(s): | CAN-2004-0107
CAN-2004-0108
|
| Created: | March 10, 2004 |
Updated: | October 4, 2004 |
| Description: |
The sysstat utility has a temporary file vulnerability which can be exploited by a local attacker to overwrite system files. |
| Alerts: |
|
Comments (none posted)
wu-ftpd: two vulnerabilities
| Package(s): | wu-ftpd |
CVE #(s): | CAN-2004-0148
CAN-2004-0185
|
| Created: | March 9, 2004 |
Updated: | March 10, 2004 |
| Description: |
CAN-2004-0148 - Glenn Stewart discovered that users could bypass the
directory access restrictions imposed by the restricted-gid option by
changing the permissions on their home directory. On a subsequent login,
when access to the user's home directory was denied, wu-ftpd would fall
back to the root directory.
CAN-2004-0185 - A buffer overflow existed in wu-ftpd's code which deals
with S/key authentication. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
apache2: Denial of Service vulnerability
| Package(s): | apache2 |
CVE #(s): | |
| Created: | September 29, 2003 |
Updated: | March 25, 2004 |
| Description: |
A problem was discovered in Apache2 where CGI scripts that write more than
4k to the standard error stream will hang the script's execution. This problem can lead to a
denial of service situation. See this bug
report for additional details. |
| Alerts: |
|
Comments (none posted)
CUPS: denial of service
| Package(s): | CUPS |
CVE #(s): | CAN-2003-0788
|
| Created: | November 3, 2003 |
Updated: | March 4, 2004 |
| Description: |
Paul Mitcheson reported a situation where the CUPS Internet Printing
Protocol (IPP) implementation in CUPS versions prior to 1.1.19 would get
into a busy loop. This could result in a denial of service. In order to
exploit this bug an attacker would need to have the ability to make a TCP
connection to the IPP port (by default 631).
|
| Alerts: |
|
Comments (none posted)
Filename disclosure vulnerability in fam
| Package(s): | fam |
CVE #(s): | CAN-2002-0875
|
| Created: | August 19, 2002 |
Updated: | January 5, 2005 |
| Description: |
"fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible. |
| Alerts: |
|
Comments (none posted)
fetchmail may crash on specially crafted message
| Package(s): | fetchmail |
CVE #(s): | CAN-2003-0792
|
| Created: | October 17, 2003 |
Updated: | April 8, 2004 |
| Description: |
A bug was discovered in fetchmail 6.2.4 where a specially crafted email
message can cause fetchmail to crash.
|
| Alerts: |
|
Comments (none posted)
GnuPG: ElGamal signing keys compromised
| Package(s): | gnupg |
CVE #(s): | CAN-2003-0971
|
| Created: | November 28, 2003 |
Updated: | March 3, 2004 |
| Description: |
A severe vulnerability was discovered in GnuPG by Phong Nguyen relating to
ElGamal sign+encrypt keys. This
email message from Werner Koch contains more information. "Phong
Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal
keys for signing. This is a significant security failure which can lead to
a compromise of almost all ElGamal keys used for signing. Note that this
is a real world vulnerability which will reveal your private key within a
few seconds." |
| Alerts: |
|
Comments (3 posted)
gtkhtml: malformed messages cause crash
| Package(s): | gtkhtml |
CVE #(s): | CAN-2003-0133
CAN-2003-0541
|
| Created: | April 14, 2003 |
Updated: | April 18, 2005 |
| Description: |
GtkHTML is the HTML rendering widget used by the Evolution mail reader.
GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug
when handling HTML messages. Alan Cox discovered that certain malformed
messages could cause the Evolution mail component to crash. |
| Alerts: |
|
Comments (none posted)
iproute: local denial of service
| Package(s): | iproute net-tools |
CVE #(s): | CAN-2003-0856
|
| Created: | November 25, 2003 |
Updated: | December 14, 2004 |
| Description: |
The iproute utility is susceptible to spoofed netlink messages sent by local users, with the result that denial of service attacks are possible. |
| Alerts: |
|
Comments (none posted)
kdepim: VCF file information reader vulnerability
| Package(s): | kdepim |
CVE #(s): | CAN-2003-0988
|
| Created: | January 15, 2004 |
Updated: | May 26, 2004 |
| Description: |
KDE has issued a security advisory for all
versions of kdepim as distributed with KDE versions 3.1.0 through 3.1.4
inclusive. A carefully crafted .VCF file potentially enables local
attackers to compromise the privacy of a victim's data or execute arbitrary
commands with the victim's privileges. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0988 to
this issue. |
| Alerts: |
|
Comments (none posted)
kernel: local root exploit
Comments (none posted)
kernel: local root exploit in 2.4.22
| Package(s): | kernel |
CVE #(s): | CAN-2003-0961
|
| Created: | December 1, 2003 |
Updated: | April 5, 2004 |
| Description: |
A vulnerability was discovered in the Linux kernel versions 2.4.22 and
previous. A flaw in bounds checking in the do_brk() function can allow a
local attacker to gain root privileges. This vulnerability is known to be
exploitable.
The 2.4.23 kernel contains the fix. For more details on how this vulnerability works, see this LWN article. |
| Alerts: |
|
Comments (1 posted)
kernel-utils: setuid vulnerability
| Package(s): | kernel-utils |
CVE #(s): | CAN-2003-0019
|
| Created: | February 7, 2003 |
Updated: | January 21, 2005 |
| Description: |
The kernel-utils package contains several utilities that can be used to
control the kernel or machine hardware. In Red Hat Linux 8.0 this package
contains user mode linux (UML) utilities.
The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was
incorrectly shipped setuid root. This could allow local users to control
certain network interfaces, add and remove arp entries and routes, and put
interfaces in and out of promiscuous mode.
All users of the kernel-utils package should update to these packages that
contain a version of uml_net that is not setuid root.
Alternatively, as a work-around to this vulnerability issue the following
command as root:
chmod -s /usr/bin/uml_net |
| Alerts: |
|
Comments (none posted)
libpng, libpng3: buffer overflow
| Package(s): | libpng, libpng3 |
CVE #(s): | CAN-2002-1363
|
| Created: | December 19, 2002 |
Updated: | July 14, 2004 |
| Description: |
Glenn Randers-Pehrson discovered a problem in connection with 16-bit
samples from libpng, an interface for reading and writing PNG
(Portable Network Graphics) format files. The starting offsets for
the loops are calculated incorrectly which causes a buffer overrun
beyond the beginning of the row buffer. |
| Alerts: |
|
Comments (none posted)
libtool - Insecure handling of temporary files
| Package(s): | libtool |
CVE #(s): | |
| Created: | February 5, 2004 |
Updated: | March 8, 2004 |
| Description: |
GNU libtool consists of a set of shell scripts used to build shared
libraries.
Joseph S. Myers
and Stefan
Nordhausen independently found a vulnerability in the way
the ltmain.sh script (which is part of the libtool package) creates
temporary directories for its use.
A local attacker could exploit this vulnerability to change/delete
arbitrary files in the system on behalf of the user who is calling the
script. The vulnerability has been fixed in the 1.5.2 version of libtool. |
| Alerts: |
|
Comments (none posted)
libxml2 - arbitrary code execution
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0110
|
| Created: | February 26, 2004 |
Updated: | August 19, 2009 |
| Description: |
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
mailman: cross-site scripting vulnerabilities
| Package(s): | mailman |
CVE #(s): | CAN-2003-0965
CAN-2003-0992
|
| Created: | February 6, 2004 |
Updated: | March 5, 2004 |
| Description: |
Dirk Mueller discovered a cross-site scripting bug in the admin interface
in versions of Mailman 2.1 before 2.1.4. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0965 to
this issue.
A cross-site scripting bug in the 'create' CGI script affects versions of
Mailman 2.1 before 2.1.3. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0992 to this issue. |
| Alerts: |
|
Comments (none posted)
mailman denial of service
| Package(s): | mailman |
CVE #(s): | CAN-2003-0991
|
| Created: | February 9, 2004 |
Updated: | May 25, 2004 |
| Description: |
Matthew Galgoci of Red Hat discovered a Denial of Service (DoS)
vulnerability in versions of Mailman prior to 2.1. An attacker could send
a carefully-crafted message causing mailman to crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0991 to this issue. |
| Alerts: |
|
Comments (1 posted)
mc: arbitrary code execution
| Package(s): | mc |
CVE #(s): | CAN-2003-1023
|
| Created: | January 16, 2004 |
Updated: | April 5, 2004 |
| Description: |
A vulnerability was discovered in Midnight Commander, a file manager,
whereby a malicious archive (such as a .tar file) could cause arbitrary
code to be executed if opened by Midnight Commander. |
| Alerts: |
|
Comments (none posted)
metamail: integer and buffer overflows
| Package(s): | metamail |
CVE #(s): | CAN-2004-0104
CAN-2004-0105
|
| Created: | February 18, 2004 |
Updated: | May 21, 2004 |
| Description: |
Versions of metamail through 2.7 contain a set of integer and buffer overflows which are remotely exploitable via a properly crafted message. |
| Alerts: |
|
Comments (none posted)
mikmod: buffer overflow
| Package(s): | mikmod |
CVE #(s): | CAN-2003-0427
|
| Created: | June 16, 2003 |
Updated: | June 16, 2005 |
| Description: |
Ingo Saitz discovered a bug in mikmod whereby a long filename inside
an archive file can overflow a buffer when the archive is being read
by mikmod. |
| Alerts: |
|
Comments (none posted)
mod_python: denial of service vulnerability
| Package(s): | mod_python |
CVE #(s): | CAN-2003-0973
|
| Created: | January 27, 2004 |
Updated: | October 4, 2004 |
| Description: |
Apache's mod_python module could crash the httpd process if a specific,
malformed query string was sent.
The Apache Foundation has reported that mod_python may be prone to
Denial of Service attacks when handling a malformed query. Mod_python
2.7.9 was released to fix the vulnerability, however, because the
vulnerability has not been fully fixed, version 2.7.10 has been released.
Users of mod_python 3.0.4 are not affected by this vulnerability. |
| Alerts: |
|
Comments (none posted)
mpg321: format string vulnerability
| Package(s): | mpg321 |
CVE #(s): | CAN-2003-0969
|
| Created: | January 6, 2004 |
Updated: | March 28, 2005 |
| Description: |
A vulnerability was discovered in mpg321, a command-line mp3 player,
whereby user-supplied strings were passed to printf(3) unsafely. This
vulnerability could be exploited by a remote attacker to overwrite
memory, and possibly execute arbitrary code. In order for this
vulnerability to be exploited, mpg321 would need to play a malicious
mp3 file (including via HTTP streaming). |
| Alerts: |
|
Comments (none posted)
mplayer: remotely exploitable buffer overflow vulnerability
| Package(s): | mplayer |
CVE #(s): | CAN-2003-0835
|
| Created: | September 29, 2003 |
Updated: | April 6, 2004 |
| Description: |
A remotely exploitable buffer overflow vulnerability was found in
MPlayer. A malicious host can craft a harmful ASX header, and trick MPlayer
into executing arbitrary code upon parsing that header. Read the full advisory
for details. |
| Alerts: |
|
Comments (none posted)
mutt: buffer overflow
| Package(s): | mutt |
CVE #(s): | CAN-2004-0078
|
| Created: | February 12, 2004 |
Updated: | March 26, 2004 |
| Description: |
mutt suffers from a buffer overflow in its "index menu" code. This overflow can be exploited via a hostile message to crash mutt and, perhaps, execute arbitrary code. Version 1.4.2 fixes the problem; see this advisory for details. |
| Alerts: |
|
Comments (none posted)
Nessus NASL scripting engine security issues
| Package(s): | nessus |
CVE #(s): | |
| Created: | May 27, 2003 |
Updated: | August 12, 2004 |
| Description: |
Some some vulnerabilities exsist in the Nessus NASL scripting engine. To
exploit these flaws, an attacker would need to have a valid Nessus account
as well as the ability to upload arbitrary Nessus plugins in the Nessus
server (this option is disabled by default) or he/she would need to trick a
user somehow into running a specially crafted nasl script. Read the full
advisory for additional information. |
| Alerts: |
|
Comments (none posted)
netpbm: insecure temporary files
| Package(s): | netpbm |
CVE #(s): | CAN-2003-0924
|
| Created: | January 19, 2004 |
Updated: | December 29, 2004 |
| Description: |
netpbm is graphics conversion toolkit made up of a large number of
single-purpose programs. Many of these programs were found to create
temporary files in an insecure manner, which could allow a local
attacker to overwrite files with the privileges of the user invoking a
vulnerable netpbm tool. |
| Alerts: |
|
Comments (1 posted)
nfs-utils xlog() off-by-one bug
| Package(s): | nfs-utils |
CVE #(s): | CAN-2003-0252
|
| Created: | July 14, 2003 |
Updated: | March 8, 2004 |
| Description: |
Linux NFS utils package contains remotely exploitable off-by-one bug.
A local or remote attacker could exploit this vulnerability by sending
specially crafted request to rpc.mountd daemon. See this BugTraq post for more details. |
| Alerts: |
|
Comments (none posted)
openssh: timing attack leads to information disclosure
| Package(s): | openssh |
CVE #(s): | CAN-2003-0190
|
| Created: | May 2, 2003 |
Updated: | November 30, 2004 |
| Description: |
From the advisory:
"During a pen-test we stumbled across a nasty bug in OpenSSH-portable
with PAM support enabled (via the --with-pam configure script switch). This
bug allows a remote attacker to identify valid users on vulnerable systems,
through a simple timing attack. The vulnerability is easy to exploit and
may have high severity, if combined with poor password policies and other
security problems that allow local privilege escalation." |
| Alerts: |
|
Comments (1 posted)
perl information leak
| Package(s): | perl |
CVE #(s): | CAN-2003-0618
|
| Created: | February 2, 2004 |
Updated: | April 21, 2004 |
| Description: |
Paul Szabo discovered a number of bugs in suidperl, a helper
program to run perl scripts with setuid privileges. By exploiting
these bugs, an attacker could abuse suidperl to discover information
about files (such as testing for their existence and some of their
permissions) that should not be accessible to unprivileged users. |
| Alerts: |
|
Comments (none posted)
postfix: denial of service vulnerabilities
| Package(s): | postfix |
CVE #(s): | CAN-2003-0468
CAN-2003-0540
|
| Created: | August 5, 2003 |
Updated: | May 27, 2004 |
| Description: |
The postfix MTA, versions through 1.1.12 (but not 2.0) is subject to two remotely exploitable denial of service vulnerabilities; see this advisory from Michal Zalewski for details. |
| Alerts: |
|
Comments (none posted)
PWLib: possible Denial of Service
| Package(s): | PWLib |
CVE #(s): | CAN-2004-0097
|
| Created: | February 13, 2004 |
Updated: | April 9, 2004 |
| Description: |
PWLib is a cross-platform class library designed to support the OpenH323
project. OpenH323 provides an implementation of the ITU H.323
teleconferencing protocol, used by packages such as Gnome Meeting.
A test suite for the H.225 protocol (part of the H.323 family) provided by
the NISCC uncovered bugs in PWLib prior to version 1.6.0. An attacker
could trigger these bugs by sending carefully crafted messages to an
application. The effects of such an attack can vary depending on the
application, but would usually result in a Denial of Service. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0097 to this issue. |
| Alerts: |
|
Comments (none posted)
rsync - remotely exploitable heap overflow
| Package(s): | rsync |
CVE #(s): | CAN-2003-0962
|
| Created: | December 4, 2003 |
Updated: | March 3, 2004 |
| Description: |
An advisory has gone out warning of a
remotely exploitable heap overflow vulnerability in rsync versions 2.5.6
and prior. If you are running an rsync server, you will want to apply a
distributor patch or upgrade to 2.5.7 in the near future. |
| Alerts: |
|
Comments (none posted)
screen: privilege escalation
| Package(s): | screen |
CVE #(s): | CAN-2003-0972
|
| Created: | November 28, 2003 |
Updated: | March 3, 2004 |
| Description: |
According to
this advisory a buffer overflow in GNU screen allows privilege
escalation for local users. Usually screen is installed either setgid-utmp
or setuid-root.
It also has some potential for remote attacks or getting control of another
user's screen. The problem is that you have to transfer around 2-3 gigabytes
of data to user's screen to exploit this vulnerability. 4.0.1, 3.9.15 and
older versions are vulnerable. |
| Alerts: |
|
Comments (none posted)
File overwrite vulnerability in tar and unzip
| Package(s): | tar unzip |
CVE #(s): | CAN-2001-1267
CAN-2001-1268
CAN-2001-1269
CAN-2002-0399
|
| Created: | October 1, 2002 |
Updated: | April 10, 2006 |
| Description: |
The tar utility does not properly filter file names containing
"../", meaning that a hostile archive can, if unpacked by an
unsuspecting user, overwrite any file that is writable by that user. GNU
tar versions 1.13.19 and earlier are vulnerable; unzip through version 5.42
has the same vulnerability. |
| Alerts: |
|
Comments (1 posted)
tcpdump: flaws in the ISAKMP decoding routines
| Package(s): | tcpdump |
CVE #(s): | CAN-2003-0989
CAN-2004-0057
CAN-2004-0055
|
| Created: | January 15, 2004 |
Updated: | April 6, 2004 |
| Description: |
George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump
versions prior to 3.8.1. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0989 to this issue.
Jonathan Heusser discovered two additional flaws in the ISAKMP decoding
routines of tcpdump versions up to and including 3.8.1. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0057 to this issue.
Jonathan Heusser discovered a flaw in the print_attr_string function in the
RADIUS decoding routines for tcpdump 3.8.1 and earlier. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0055 to this issue.
Remote attackers could potentially exploit these issues by sending
carefully-crafted packets to a victim. If the victim uses tcpdump, these
packets could result in a denial of service, or possibly execute arbitrary
code as the 'pcap' user. |
| Alerts: |
|
Comments (none posted)
Multiple vendor telnetd vulnerability
| Package(s): | telnet Telnet netkit-telnet-ssl kerberos telnetd netkit-telnet nkitb/nkitserv/telnetd krb5 |
CVE #(s): | |
| Created: | May 21, 2002 |
Updated: | October 5, 2004 |
| Description: |
This vulnerability,
originally thought to be confined to BSD-derived systems, was first covered
in the July 26th Security
Summary. It is now known that Linux telnet daemons are vulnerable as
well.
|
| Alerts: |
|
Comments (none posted)
util-linux: information leak in the login program
| Package(s): | util-linux |
CVE #(s): | CAN-2004-0080
|
| Created: | February 3, 2004 |
Updated: | April 8, 2004 |
| Description: |
The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function.
In some situations, the login program could use a pointer that had been
freed and reallocated. This could cause unintentional data leakage. |
| Alerts: |
|
Comments (1 posted)
xboing - buffer overflows
| Package(s): | xboing |
CVE #(s): | CAN-2004-0149
|
| Created: | February 28, 2004 |
Updated: | March 3, 2004 |
| Description: |
Steve Kemp discovered a number of buffer overflow vulnerabilities in
xboing, a game, which could be exploited by a local attacker to gain
gid "games". |
| Alerts: |
|
Comments (2 posted)
Events
The Black Hat Briefings will be held July 26 and 27 in Las Vegas. The call for papers has gone out, with a June 1 due date.
Full Story (comments: none)
Page editor: Jonathan Corbet
Kernel development
Brief items
The current 2.6 prepatch is 2.6.4-rc3, which was
announced by Linus on March 9.
Changes this time include more cleanups from Al Viro, an
R128 DRI driver security fix, an ARC4 crypto module, an ACPI update, some
preparatory work for the hotplug CPU patch (but not that patch itself), an
IrDA update, and various other fixes. See
the
long-format changelog for the details.
2.6.4-rc2 was announced on March 3.
It included a number of parallel port
fixes, various architecture updates, the reversion of a patch which had
removed threads from /proc (and broke gdb), an XFS update, a FireWire
update (including one which notes that IEEE1394 support is no longer
experimental), and numerous fixes. See the
long-format changelog for the details.
Linus's BitKeeper tree contains just a handful of fixes as of this writing.
The current prepatch from Andrew Morton is 2.6.4-rc1-mm1, released on March 7.
Recent additions to the -mm tree include DMA for IDE CDROM ripping,
per-page access permissions with remap_file_pages(), more
scheduler tweaks, and various other fixes. The next -mm release is likely
to be most interesting; see the rest of this week's Kernel Page for
details.
The current 2.4 kernel is 2.4.25; Marcelo released 2.4.26-pre2 on March 6.
This prepatch contains an ACPI update, an XFS update, and a number of
networking patches.
Comments (3 posted)
Kernel development news
This article serves mostly as background to help understand why the kernel
developers are considering making fundamental virtual memory changes at
this point in the development cycle. It can probably be skipped by readers
who understand how high and low memory work on 32-bit systems.
A 32-bit processor can address a maximum of 4GB of memory. One could, in
theory, extend the instruction set to allow for larger pointers, but, in
practice, nobody does that; the effects on performance and compatibility
would be too strong. So the limitation remains: no process on a 32-bit
system can have an address space larger than 4GB, and the kernel cannot
directly address more than 4GB.
In fact, the limitations are more severe than that. Linux kernels split
the 4GB address space between user processes and the kernel; under the most common
configuration, the first 3GB of the 32-bit range are given over to user
space, and the kernel gets the final 1GB starting at 0xc0000000.
Sharing the address space gives a number of performance benefits; in
particular, the hardware's address translation buffer can be shared between
the kernel and user space.
If the kernel wishes to be able to access the system's physical memory
directly, however, it must set up page tables which map that memory into
the kernel's part of the address space. With the default 3GB/1GB mapping,
the amount of physical memory which can be addressed in this way is
somewhat less than 1GB - part of the kernel's space must be set aside for
the kernel itself, for memory allocated with vmalloc(), and
various other purposes. That is why, until a few years ago, Linux could
not even fully handle 1GB of memory on 32-bit systems. In fact, back in
1999, Linus decreed
that 32-bit Linux would never, ever support more than 2GB of memory.
"This is not negotiable."
Linus's views notwithstanding, the rest of the world continued on with the
strange notion that 32-bit
systems should be able to support massive amounts of memory. The processor
vendors added paging modes which could use physical addresses which exceed
32 bits in length, thus ending the 4GB limit for physical memory. The
internal addressing limitations in the Linux kernel remained, however.
Happily for users of large systems, Linus can acknowledge an error and
change his mind; he did eventually allow large memory support into the 2.3
kernel. That support came with its own costs and limitations, however.
On 32-bit systems, memory is now divided into "high" and "low" memory. Low
memory continues to be mapped directly into the kernel's address space, and
is thus always reachable via a kernel-space pointer. High memory, instead,
has no direct kernel mapping. When the kernel needs to work with a page in
high memory, it must explicitly set up a special page table to map it into
the kernel's address space first. This operation can be expensive, and
there are limits on the number of high-memory pages which can be mapped at
any particular time.
For the most part, the kernel's own data structures must live in low
memory. Memory which is not permanently mapped cannot appear in linked
lists (because its virtual address is transient and variable), and the
performance costs of mapping and unmapping kernel memory are too high.
High memory is useful for process pages and some kernel tasks (I/O buffers,
for example), but the core of the kernel stays in low memory.
Some 32-bit processors can now address 64GB of physical memory, but the
Linux kernel is still not able to deal effectively with that much; the
current limit is around 8GB to 16GB, depending on the load. The problem
now is that larger systems simply run out of low memory. As the system
gets larger, it requires more kernel data structures to manage, and
eventually room for those structures can run out. On a very large system,
the system memory map (an array of struct page structures which
represents physical memory) alone can occupy half of the available low
memory.
There are users out there wanting to scale 32-bit Linux systems up to 32GB
or more of main memory, so the enterprise-oriented Linux distributors have
been scrambling to make that possible. One approach is the 4G/4G patch written by Ingo
Molnar. This patch separates the kernel and user address spaces, allowing
user processes to have 4GB of virtual memory while simultaneously expanding
the kernel's low memory to 4GB. There is a cost, however: the translation
buffer is no longer shared and must be flushed for every transition between
kernel and user space. Estimates of the magnitude of the performance hit
vary greatly, but numbers as high as 30% have been thrown around. This
option makes some systems work, however, so Red Hat ships a 4G/4G kernel
with its enterprise offerings.
The 4G/4G patch extends the capabilities of the Linux kernel, but it
remains unpopular. It is widely seen as an ugly solution, and nobody likes
the performance cost. So there are efforts afoot to extend the scalability
of the Linux kernel via other means. Some of these efforts will likely go
forward - in 2.6, even - but the kernel developers seem increasingly unwilling to distort
the kernel's memory management systems to meet the needs of a small number
of users who are trying to stretch 32-bit systems far beyond where they
should go. There will come a time where they will all answer as Linus did
back in 1999: go get a 64-bit system.
Comments (12 posted)
Andrea Arcangeli not only wants to make the Linux kernel scale to and
beyond 32GB of memory on 32-bit processors; he seems to be in a real
hurry. There are, it would seem, customers waiting for a 2.6-based
distribution which can run in such environments.
For Andrea, the real culprit in the exhaustion of low memory is clear: it's
the reverse-mapping virtual memory ("rmap") code. The rmap code was first
described on this page in
January, 2002; its purpose is to make it easier for the kernel to free
memory when swapping is required. To that end, rmap maintains, for each
physical page in the system, a chain of reverse pointers; each pointer
indicates a page table which has a reference for that page. By following
the rmap chains, the kernel can quickly find all mappings for a given page,
unmap them, and swap the page out.
The rmap code solved some real performance problems in the kernel's virtual
memory subsystem, but it, too has a cost. Every one of those reverse
mapping entries consumes memory - low memory in particular. Much effort has gone into
reducing the memory cost of the rmap chains, but the simple fact remains:
as the amount of memory (and the number of processes using that memory)
goes up, the rmap chains will consume larger amounts of low memory.
Eliminating the rmap overhead would go a long way toward allowing the
kernel to scale to larger systems. Of course, one wants to eliminate this
overhead while not losing the benefits that rmap brings.
Andrea's approach is to bring back and extend the object-based reverse
mapping patches. The initial object-based patch was created by Dave
McCracken; LWN covered this
patch a year ago. Essentially, this patch eliminates the rmap chains
for memory which maps a file by following pointers "the long way around"
and searching candidate virtual memory areas (VMAs). Andrea has updated this patch and fixed some bugs, but the
core of the patch remains the same; see last year's description for the
details.
Last week, we raised the possibility that
the virtual memory subsystem could see fundamental changes in the course of
the 2.6 "stable" series. This week, Linus confirmed that possibility in response to
Andrea's object-based reverse mapping patch:
I certainly prefer this to the 4:4 horrors. So it sounds worth it
to put it into -mm if everybody else is ok with it.
Assuming this work goes forward, it has the usual implications for the
stable kernel. Even assuming that it stays in the -mm tree for some time,
its inclusion into 2.6 is likely to destabilize things for a few releases
until all of the obscure bugs are shaken out.
Dave McCracken's original patch, in any case, only solves part of the
problem. It gets rid of the rmap chains for file-backed memory, but it
does nothing for anonymous memory (basic process data - stacks, memory
obtained with malloc(), etc.), which has no "object" behind it.
File-backed memory is a large portion of the total, especially on systems
which are running large Oracle servers and use big, shared file mappings.
But anonymous memory is also a large part of the mix; it would be nice to
take care of the rmap overhead for that as well.
To that end, Andrea has posted another patch
(in preliminary form) which provides object-based reverse mapping for
anonymous memory as well. It works, essentially, by replacing the rmap
chain with a pointer to a chain of virtual memory area (VMA) structures.
Anonymous pages are always created in response to a request for memory from
a single process; as a result, they are never shared at creation time.
Given that, there is no need for a new anonymous page to have a chain of
reverse mappings; we know that there can be only a single mapping. Andrea's
patch adds a union to struct page which includes the existing
mapping pointer (for non-anonymous memory) and adds a couple of
new ones. One of those is simply called vma, and it points to the
(single) VMA structure pointing to the page. So if a process has several
non-shared,
anonymous pages in the same virtual memory area, the structure looks
somewhat like
this:
With this structure, the kernel can find the page table which maps a given
page by following the pointers through the VMA structure.
Life gets a bit more complicated when the process forks, however. Once
that happens, there will be multiple page tables pointing to the same anonymous
pages and a single VMA pointer will no longer be adequate. To deal with this
case, Andrea has created a new "anon_vma" structure which
implements a linked list of VMAs. The third member of the new struct
page union is a pointer to this structure which, in turn, points to
all VMAs which might contain the page. The structure now looks like:
If the kernel needs to unmap a page in this scenario, it must follow the
linked list and examine every VMA it finds. Once the page is unmapped from
every page table found, it can be freed.
There are some memory costs to this scheme: the VMA structure requires a
new list_head structure, and the anon_vma structure must
be allocated whenever a chain must be formed. One VMA can refer to
thousands of pages, however, so a per-VMA cost will be far less than the
per-page costs incurred by the existing rmap code.
This approach does incur a greater computational cost. Freeing a page
requires scanning multiple VMAs which may or may not contain references to
the page under consideration. This cost will increase with the number of
processes sharing a memory region. Ingo Molnar, who is fond of O(1)
solutions, is nervous about object-based
schemes for this reason. According to Ingo, losing the possibility of
creating an O(1) page unmapping scheme is a heavy cost to pay for the prize
of making large amounts of memory work on obsolete hardware.
The solution that Ingo would like to see, instead, is to reduce the
per-page memory overhead by reducing the number of pages. The means to
that end is page clustering - grouping
adjacent hardware pages into larger virtual pages. Page clustering would
reduce rmap overhead, and reduce the size of the main kernel memory map as
well. The available page clustering patch is even more intrusive than
object-based reverse mapping, however; it seems seriously unlikely to be
considered for 2.6.
Comments (6 posted)
The block layer supports the notion of "plugging" a request queue for a
block device. A plugged queue passes no requests to the underlying device;
it allows them to accumulate, instead, so that the I/O scheduler has a
chance to reorder them and optimize performance. There comes a time,
however, when the plug has to be pulled and the device restarted. Often,
code within the filesystem or virtual memory layers decides that, for
whatever reason, it's time to get block I/O moving again. In the current
2.6 kernel, there is a function (
blk_run_queues()) which performs
this task.
The problem is that blk_run_queues() has turned out to be a bit of
a performance and scalability problem. It has a single, global lock which
keeps multiple processors from trying to restart the queues at the same
time; this lock has become a bit of a contention point on some systems. A
call to blk_run_queues() also restarts all block devices on the
system, even though there is typically only one queue that truly needs to
be unplugged.
To address these problems, Jens Axboe has posted a patch which does away with
blk_run_queues() altogether. This change is a result of a
fundamental realization: there is always one specific queue which needs to
be kickstarted. So blk_run_queues() has been replaced with
blk_run_queue() (which takes the specific queue to start as a
parameter) and blk_run_address_space() (which takes a pointer to a
address_space structure). With these functions, higher-level code
can fire up the request queue which belongs to a specific device or which
ultimately underlies a particular non-anonymous mapping.
This patch is going straight into the -mm tree; Andrew Morton commented "This is such an improvement over
what we have now it isn't funny." He also noted that "...the next -mm is
starting to look like linux-3.1.0..." The 2.6 kernel looks to be
interesting for a while.
Comments (1 posted)
Patches and updates
Kernel trees
Core kernel code
Device drivers
Filesystems and block I/O
Kernel building
Memory management
Networking
Security-related
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
A "Community" edition of Mandrakelinux* 10.0 was
released
late last week, first to members of the MandrakeClub and later also to public
FTP servers and mirrors. Some critics will argue that, according to the
recently announced
development
model, the "Community" edition is nothing but an extension of the
distribution's beta program on the road to Mandrake Linux "Official", to be
released some 2 - 3 months later. Nevertheless, the differences between the
"Community" and the "Official" editions are limited to bug fixes and security
updates, rather than new features or major software upgrades. As such, it is
worth taking a look at the new Mandrake release, especially since it is the
first major Linux distribution shipping with kernel 2.6 and KDE 3.2.
Perhaps the most noticeable new feature of Mandrakelinux 10.0 is speed:
"The speed of the KDE 3.2 and the new kernel is awesome, compared with
my Mandrake 9.2, you can feel it everywhere. Konqueror is cleaner and faster
than ever. All the interface interaction is more satisfying using the same
hardware," writes Luis Alves
in one of the first reviews of Mandrakelinux 10.0. Indeed, the responsiveness
of the KDE desktop is impressive, achieved not only by including the latest
kernel and KDE, but also a pre-release version of glibc 2.3.3 with Native
POSIX Threads Library (NPTL) for optimum threading performance. Compared to
Mandrake 9.2, or indeed to any other current distribution, this is one of the
most pleasant surprises found in Mandrakelinux 10.0.
There is a lot to like about KDE 3.2 in general, and Mandrake's own
customizations compliment the excellent desktop. The main menu, consistent
across all desktop environments, has been simplified with only 5 entries:
"Office", "Internet", "Multimedia", "System", as well as a "More
Applications" entry with further sub-menus. One of the new packages in the
latest KDE is KDE Wallet Manager, a system tray utility that stores and
manages user names and passwords throughout all KDE applications. Both KDE
and GNOME, the two main desktop environments, share a unified theme called
"Mandrakegalaxy II". The desktop experience is further enhanced by
"MagicDev", a new tool seamlessly combining automount with application
launcher based on the content of the inserted CD or DVD. For IBM ThinkPad
users, Mandrake provides several packages that make use of the special keys
found on the ThinkPad notebooks. All these enhancements make for a very
pleasant desktop experience.
The Mandrake Control Center has been redesigned. The changes won't please
everybody - the interface has changed from what used to resemble KDE Control
Center with a navigation pane on the left, to a browser-like interface with
previous/next buttons as the only way to navigate around the application. New
tools include the "DrakConnect" wizard for managing all types of Internet
connections in one central location, and "Mandrakeonline", a security
advisory and update notification service, similar to Fedora's up2date
(requires online registration).
While Mandrakelinux is often perceived as a distribution with a desktop focus,
it can function as a server just as well. Thanks to the inclusion of the new
kernel, the system is now a lot more scalable with support for over 4 billion
(!) unique users and groups (will anybody ever need to create user accounts
for two thirds of the world's population?), with up to 1 billion concurrent
processes. Those wishing to deploy Mandrakelinux 10.0 into mixed networks
should benefit from features in the new Samba 3.0 as well as read/write
support for NTFS file systems. The usual exhaustive range of server
applications is all there, including a mechanism for a smooth upgrade from
Apache 1.3 to Apache 2.0.
A distribution shipping on 4 - 5 CDs cannot possibly be without bugs and
Mandrakelinux 10.0 is no exception. Some users reported problems with the
detection and module loading of USB mice and keyboards, while others have
complained about instability of certain applications, notably KDevelop,
Quanta Plus, and XMMS. Although power management reportedly works, there are
still unresolved issues, possibly related to the use of the hotplug kernel
module. Several users reported complete system freezes while running the
2.6.3 kernel, and also during the package installation stage of the initial
system install. A possible workaround for those experiencing hardware-related
problems is to boot the 2.4.25 kernel, which is provided as a second choice.
Despite the above mentioned problems, the overall experience of users, as
expressed on public forums and mailing list, seems to be of delight over the
speed improvements and the general look and feel of Mandrakelinux 10.0. Those
with "unlucky" hardware combinations resulting in system crashes, will have
to wait and see if the problems get fixed in Mandrakelinux 10.0 Official
coming out in May, or look elsewhere - possibly wait for the new SUSE LINUX
9.1 (expected in April) or Fedora Core 2 (scheduled for release in early
May). But for the majority of users, Mandrakelinux 10.0 is a superb
distribution, with dramatic performance enhancements, well-designed, highly
usable desktops and convenient configuration tools and wizards. A solid 8 on
a scale from 1 to 10.
-----------------------
* Note. The official press
release, as well as the features page refer
to the product as "Mandrakelinux", rather than "Mandrake Linux", as was the
case with previous releases. Although MandrakeSoft has yet to make any
official announcements about the product's name change, this has presumably
something to do with the recent trademark
dispute over the use of the word "Mandrake". Therefore, in this article
we shall refer to the MandrakeSoft's latest release as "Mandrakelinux".
Comments (2 posted)
Distribution News
Mandrakesoft has announced that its new flagship operating system
'Mandrakelinux 10.0 Community' has been released. 10.0 Community includes a
2.6 kernel, the Native POSIX Threads Library (NPTL), KDE 3.2 and GNOME 2.4,
and more.
Full Story (comments: none)
The
Debian Weekly News for March 9, 2004 is
now available. This week: Debian Ham; new home for alioth services; a
collection of Open Source advocacy papers; questions for DPL candidates;
and more.
Wichert Akkerman reports on the status of
alioth, arch, and svn. "My apologies for the extended downtime and
especially the lack of commit access for arch and svn.debian.org. There is
a silver lining though: things should be a lot more stable than they ever
were from now on due to better hardware and a better configuration."
Voting on a General Resolution to decide on
future handling of the non-free section is under way. All Debian
developers are encouraged to vote.
The DebConf4 call for papers is out. The
deadline for submissions is April, 1st.
Comments (1 posted)
The
Fedora News
Updates #7 has been released. This issue covers Fedora Core 2 test2;
the Jargon Buster; a next-generation input method; Fedora on lower-end
machines; something from Fedora-Legacy; and other topics.
Red Hat, Inc. and the Fedora Project have announced the availability of a port of Fedora
Core 1 to AMD64 - the first 64-bit port of a Fedora Project core release.
A new mailing
list is now available, for SELinux
discussion.
This less update fixes segfaults on certain
types of files.
Comments (none posted)
The Gentoo Weekly Newsletter for the week of March 1, 2004 is out; with a
look at the Gentoo booth at Chemnitzer Linuxtag, and more.
Full Story (comments: none)
Trustix Secure Linux 2.1 is now available. This is billed mainly as a
maintenance release, but that didn't stop the Trustix folks from throwing
in a few things like Samba 3, XFS, and a few other new packages.
Full Story (comments: 4)
IBM and Red Flag have announced that IBM's WebSphere will provide product
support for Red Flag Linux.
Full Story (comments: none)
LynuxWorks has
announced LynuxWorks BlueCat Linux 5.0 BSP, a board support package
(BSP) based on the Linux 2.6 kernel for the Apple PowerPC G5, a 64-bit
desktop processor.
Comments (none posted)
The
DistroWatch
Weekly for March 8, 2004 is out with a look at Progeny Componentized
Linux and other topics.
Comments (none posted)
FreeSBIE is a live CD version of
FreeBSD. The project is developed by the main Italian FreeBSD User Group:
GUFI. (Thanks to Per Jotun, who found
the link in
this digi.no
Nerdvana article [in Norwegian].)
Comments (none posted)
NewsForge
talks with
Luke Mewburn, of the NetBSD Core Group about the release of 1.6.2 and
beyond. "
Is there any timeline for the release of 2.0?
We had
planned to branch 2.0 early this year. I would conservatively say that
we'll have the release shipped by the middle of the year, although I would
hope that it occurs before then.
What goodies will 2.0 bring us?
SMP
on more platforms, including i386, macppc, sparc, alpha, and vax. Kernel
assisted threads ("schedular activations"). Fully dynamically linked
userland."
Comments (none posted)
FootNotes
reports that a
new package building
server for FreeBSD GNOME
packages is online. Also the GNOME 2.6 Beta 1 desktop is now available for
FreeBSD.
Comments (none posted)
Updated SANE packages are available, fixing a problem with shared libraries.
Full Story (comments: none)
Minor distribution updates
Astaro Security Linux has released
beta v4.737 with major bugfixes. "
Changes: This release
includes high availability fixes, a fix for the Synratelimiter, various
IPsec fixes, a lot of other small fixes and improvements, and speedup by
removing some debug code."
Comments (none posted)
Fli4l (Floppy ISDN/DSL) has released
development v2.1.6 with minor bugfixes. "
Changes: This release
should work with inode (DSL in Austria). lpdsrv should now work with USB
printers. Support for SFTP was added. There are several bugfixes and minor
enhancements. New software includes busybox 1.0pre8, mini_httpd 1.19, new
dhcpd and dhcp-relay (relaying now works), kernel PCMCIA, and dropbear
(SSH2 server) 0.41."
Comments (none posted)
INSERT has
released
v1.2.4 with minor feature enhancements. "
Changes: The cdrecord,
chkrootkit, clamav, e2fsprogs, jfstools, mdadm, mkisofs,and xfsprogs
packages were updated, and the dvd+rw-tools package was added. The clamav
virus database was also updated. catchFirebird was replaced by huntFirefox,
and linuxrc and the autoconfiguration script were updated. The missing man
pages for reiserfsprogs was included, and a few dead links were
removed. Auto-ejecting of the CD at halt time now works."
Comments (none posted)
KNOPPIX has
released
v3.3-20040216
with minor bugfixes. "
Changes: /etc/X11/Xsession was updated to fix
X-Login on the installed version. pcitable was updated for nforce ethernet
chipsets. A timezone fix was made. DefaultColorDepth is not set in
XF86Config-4 if using the fbdev module. The empty /etc/network/interfaces
broadcast line was fixed in netcardconfig."
Comments (1 posted)
Local Area Security Linux
has released
v0.5 with major feature enhancements. "
Changes: The kernel has
been recompiled to insure NTFS r/w and monitor mode for wireless. All
packages have been upgraded. There are cosmetic and usability
improvements."
Comments (none posted)
Rock Linux has
announced the released of ROCK Linux 2.0 (Codename: Rafaella).
"
Instead of .tar.bz2 the newly invented .gem package format is used -
so now ROCK Linux features dependency resolution during the installation as
well as additional meta-data for the end-user."
Comments (15 posted)
Source Mage GNU/Linux has released
v0.9.2
with minor feature enhancements. "
Changes: A choice of either a
2.4.25 or 2.6.3 kernel is available. The actual installed system will be
almost identical except for the kernel difference and the addition of a
sysfs entry to /etc/fstab. The installer itself has had many features added
and some bugs fixed."
Comments (none posted)
System-Down::Rescue has released
v1.0pre6
with minor feature enhancements. "
Changes: This version includes a
lot of bugfixes and a few new features. The kernel has been updated to
2.4.23, and most of the libraries have been updated. New setup scripts were
added to improve hardware detection and to speed up the start up
operations. DHCP is used for automatic network configuration."
Comments (none posted)
wrt54g-linux has
released
v0.4a with minor feature enhancements. "
Changes: This version
supports current Linksys firmwares that have the "Ping Bug" fixed."
Comments (none posted)
Distribution reviews
FCW.com
compares several desktop distributions. Libranet 2.8.1 Flagship
Edition, LindowsOS 4.5, Lycoris' Desktop/LX, Mandrake Linux 9.2 and Xandros
Desktop OS Version 2-Deluxe Edition are reviewed. "
Our Linux
desktops were installed and tested in a network configuration that mirrors
what many agencies and corporations are using today. Our Linux desktops
interacted successfully with Windows systems, Macintosh machines and
server-based resources, including FreeBSD, Sun Microsystems Inc.'s Solaris,
and IBM Corp.'s iSeries and AIX."
Comments (1 posted)
The Seattle Times
looks
at XandrosOS and LindowsOS. "
Lindows has a slicker interface and
emulates Windows so well that it repeats several of my pet Windows
peeves. Xandros' user-interface has more obvious Linux legacy to it but
shouldn't stymie the first-timer." (Thanks to Phillip Warner)
Comments (none posted)
eWeek
takes
Fedora Core 2 (test) for a spin. "
We also found that Fedora's
implementation of the KDE Project's KDE 3.2 and the GNOME Project's GNOME
2.5.3 desktop environments were much improved compared with the versions of
those interfaces that shipped with Fedora Core 1."
Comments (none posted)
Page editor: Rebecca Sobol
Development
BitTorrent
is a cross-platform peer-to-peer file distribution system.
It is designed to provide better download speed if you are willing
to dedicate more bandwidth to uploading.
The project description on the
GNU directory page says:
BitTorrent is a tool for copying files from one machine to another. FTP punishes sites for being popular. Since all uploading is done from one place, a popular site needs big iron and big bandwidth. With BitTorrent, clients automatically mirror files they download, making the publisher's burden almost nothing.
The software is written in Python2 and C. BitTorrent runs on a variety
of platforms, including Linux, Mac OS-X, and Windows. BitTorrent is
distributed under the MIT License.
The BitTorrent
introduction document and the
BitTorrent FAQ
have more information about the project.
The
BitTorrent Protocol Specification explains how the system
works. As with other peer-to-peer systems, BitTorrent needs
to have its incoming port enabled on your local firewall.
The value of such a system is mostly dependent on the availability
of files, Smiler's BitTorrent site has a lengthy list of
BitTorrent links.
One interesting site that is using BitTorrent is
bt.etree.org.
"This site is provided by the etree.org community for sharing the live concert recordings of trade friendly artists. Please tell your friends and family about new bands that catch your ear, and support these artists by going to see them live and buying their CDs!"
Stable version 3.4 of BitTorrent,
"with lots of bug fixes and tracker bandwidth savings",
was released this week. This version was not quite ready
for prime-time, the download page notes:
"The 3.4 release turns out to be buggy. We'll push out another release very soon, in the meantime this page has been set to point to the 3.3 release."
Comments (6 posted)
System Applications
Audio Projects
Version 1.0.3a of alsa-lib is available on the
ALSA
sound driver site. The notice says:
"
it fixes again the dmix/dshare/dsnoop poll() problems".
Comments (none posted)
The
latest changes from the
Planet CCRMA audio utility packaging project include
the addition of two new mirror sites, and new CDROM images containing
all of the recent audio application additions.
Comments (none posted)
Database Software
Version 0.6.3-test3 of Knoda, a database front end for KDE,
is out.
"
Besides a lot of bugfixes knoda now supports local sql statements in forms and reports."
Full Story (comments: none)
Version 7.3.6 of the PostgreSQL
has been announced.
"
After several fixes were backpatched to the 7_3_STABLE branch, we have now released a 7.3.6."
Comments (none posted)
This week the PostgreSQL Weekly News looks at the new features going into
the 7.5 tree, packaging problems in 7.3.6, and the upcoming release of 7.4.2.
Full Story (comments: none)
Mail Software
Several new mail filters are available on
milter.org.
Milter-greylist, milter-regex, and milter-sender/0.51 have been announced.
Comments (none posted)
O'Reilly has published
part two in a book excerpt series from the
sendmail Cookbook.
"
This week, we offer two more configuration recipes from the book: the first on configuring sendmail to offer STARTTLS service, and the second on limiting the SMTP command set."
Comments (none posted)
Networking Tools
Ibrahim Haddad
discusses IPv6 and Linux on O'Reilly.
"
IPv6 is coming. In fact, you can encourage its adoption by using it right
now. Ibrahim Haddad demonstrates how to connect your local network to the
IPv6 Internet by configuring Freenet6's TSP on a Linux router."
Comments (none posted)
Telecom
Version 0.5.4 of Siproxd
is available.
"
Siproxd is a proxy/masquerading daemon for the SIP protocol. It allows SIP
clients (like kphone, linphone) to work behind an IP masquerading firewall or
router. This release includes bugfixes in the area of proxy authorization,
registration and SUBSCRIBE handling. Also minor documentation and FAQ
updates have been made."
Comments (none posted)
Web Site Development
Version 1.32 of Animal Shelter Manager
has been announced.
"
The installers
have been rewritten to work better in a *nix environment (and under
Kaffe/GIJ). Many new features added, including better embedded diary support,
membership expiry, declawed flag and new shortcut bar on find animal screen."
Comments (none posted)
Version 1.0 RC4 of eGroupWare, a web-based groupware suite,
is available.
"
eGroupWare 1.0 RC4 released with a lot of bugfixes. When you update from RC3
you must make a database update."
Comments (none posted)
Version 0.2.0 of UnCommon Web, a lisp-based web application framework,
is out.
"
This version adds a protocol for defining how the phases of the
request-response loop work, initial support for i18n, session
expiration/transactions, and a much more capable and faster CPS
transformer. The component library features a new tabbed pane, and
improved inspector and range views. Lisp expressions in TAL attributes
are supported, and TAL files are now XML."
Full Story (comments: none)
The February 27 - March 3, 2004 edition of
ZopeMag Weekly News is out with articles on Zope and related topics.
Comments (none posted)
Miscellaneous
Version 1.3dev4 of TightVNC, a free virtual network console package,
is available.
"
Version 1.3dev4 is a development version introducing support for
RFB 3.7 protocol with or without TightVNC protocol extensions. Also, it has a
number of bugfixes and minor feature enhancements."
Comments (none posted)
Desktop Applications
Audio Applications
Version 0.2.4 of Timemachine, A JACK application that lets you save
audio that was recently played, is out with several new features.
Full Story (comments: none)
Data Visualization
Version 0.5.2 of JGraphT
has been announced.
"
The new version delivers a
cumulative update of new developments, bug fixes, and improvements. JGraphT
is a free Java class library that provides mathematical graph-theory objects
and algorithms."
Comments (none posted)
Desktop Environments
The KDE project has
announced
the release of KDE 3.2.1. This is a maintenance release with lots of bug
fixes.
Comments (none posted)
The beta 1 release of GNOME 2.6
has been announced. Many of the underlying GNOME components
have evolved, see the
change log for details.
GnomeDesktop.org also
links to
a fairly in-depth review of GNOME 2.6.
Comments (none posted)
Version 2.5.6 Beta 1 of the GNOME Platform Bindings
are out.
"
Please note that the GNOME Platform Bindings are now in API freeze, so only very important API changes will be allowed before the fully-frozen GNOME Platform Bindings 2.6.0 release, 2 weeks after GNOME 2.6.0."
Comments (none posted)
This week's GNOME summary has news about Robert Love's presentation at
FOSDEM, a preview of GIMP 2.0, Evolution UI updates, a look at CVSGnome,
and more.
Full Story (comments: none)
The
KDE-CVS-Digest
for March 5, 2004 is online. Here's the content summary:
"
Ruby bindings now have DCOP support. Reaktivate, a konqueror module for embedding ActiveX controls, is improved. RealRekord, an application to record Realplayer streams, is imported. Kconfedit adds a property editor."
Comments (none posted)
KDE.News has a
Quickies article that
lists a bunch of new software including the Google Search Bar, a new
icon guide, KolourPaint, and Digikam. Also, the
KDE developer websites are being redesigned.
Comments (none posted)
KDE.News
reports on
a bunch of activity in the Qt world.
"
Trolltech has released Qt 3.3.1 with many bugfixes. A Qt Developer Conference for Northeast USA has been announced to be held in Boston on May 10th with Trolltech in attendance."
Comments (none posted)
Financial Applications
Version 2.2.5 of SQL-Ledger, a web-based accounting system, is out.
New features include a new AR/AP aging summary report, and an
updated Estonian translation.
Comments (none posted)
Graphics
Robert Bernier
shows how to make a movie from an X window system display on O'Reilly.
"
Ideally, we can make a movie with tools that don't take long to learn and use. The technique demonstrated in this article shows how to capture screen shots in rapid succession. These screen shots are then converted into a single file that can be read by nothing more complicated than a browser."
Comments (2 posted)
GUI Packages
GTK+ 2.3.6
is out.
"
Version 2.3.6 of the GTK+ widget toolkit and associated libraries (GLib, Pango) is now available. This is likely to be the last release before 2.4.0 is released."
Comments (none posted)
Justin Karneges
mentions a new
article
that he wrote on Qt signal handling.
"
After many years of writing Qt code, most of which has been non-GUI-based, I've gained a great deal of experience with signals and slots. One tricky issue about signals is that they are generally emitted when the QObject is not in a safe state to be deleted. This can often bite the user of such an object unexpectedly, especially when performing resets or invoking QMessageBox. The simple solution is to write all QObject classes in such a way that they are deletable as the result of any signal they emit."
Comments (none posted)
New software for
FLTK includes
version 2.1 of SPTK, the Simply Powerful ToolKit, and
version 0.44 of vtkFLTK,
"
a small C++ class library easing development of FLTK event-driven interfaces for use with VTK."
Comments (none posted)
Imaging Applications
Version 2.0pre4 of the Gimp
has been announced.
"
More than 40 bugs have been fixed since the last pre-release!"
Comments (none posted)
Music Applications
Version 0.6.1 of BEAST/BSE, the BEdevilled Audio SysTem
and the Bedevilled Sound Engine, is out.
"
This new development series of BEAST comes with a lot of
the internals redone, many new GUI features and a sound
generation back-end separated from all GUI activities."
Full Story (comments: none)
Clockloop is a new
primitive GPL'd command line loop player
for audio data with MIDI control.
Full Story (comments: 1)
Version 0.3.0 beta 5 of galan, a modular synthesizer, is out.
"
One of the new features include cloning. you can now select a bunch of
components and clone them. (This will be changed to a full blown
copy/paste mechanism soon) And the polyphony option will be added soon."
Full Story (comments: none)
Office Suites
For those of you who love testing early releases, version 1.1.1rc of
OpenOffice.org is out.
"
This build is a release candidate and so far in English only; it is meant
for all contributors to test it and find (and file) issues. It is not
intended for the casual user wanting to update his or her version of
OpenOffice.org."
Full Story (comments: 3)
Science
Version 1.0 of
GenChemLab
is out.
"
GenChemLab is an OpenGL-based application intended to simulate several common general chemistry exercises. It is meant to be used to help students prepare for actual lab experience. It could also be used in cases where laboratory facilites are not accessible, for instance in K-12 schools or home schooling.
At present, supported experiments include titration, calorimetry, freezing point depression, vapor pressure, and spectrophotometry."
Comments (none posted)
Web Browsers
Epiphany version 1.1.12
has been announced. This version features several bug features and
improved translations.
Comments (none posted)
Version 1.3a of Mozilla Backup, a utility for backing up browser
profiles,
has been announced. Apparently, work is underway for a Linux
version.
Comments (none posted)
MozillaZine
reports on the addition of support for internationalised domain names
to Mozilla.
"
A week ago, the German registry for .de names started accepting applications
for internationalised domain names (IDNs), which can feature characters such
as umlauted letters. Germany's DENIC follows in the footsteps of registries
such as the Japan Registry Service, which has been operating IDNs since last
July."
Comments (none posted)
The Mozilla Firefox browser now has the ability to
migrate profiles from other browsers.
"
Similarly on Linux we can only import from Seamonkey/Netscape 4/Opera... eventually we will also import from Konqueror, Galeon, Epiphany."
Comments (none posted)
Word Processors
Version 2.0.4 of the AbiWord word processor
has been announced.
"
This is a mostly a bugfix release, and fixes some
important issues reported by our users."
Comments (none posted)
AbiWord 2.0.6
was also released this week.
"
This is a 100% bugfix
release, which fixes some issues recently discovered by our developers and
users. Furthermore, the packaging issues that were plaguing the 2.0.4 release
have been resolved."
Comments (none posted)
Issue #180 of the
AbiWord Weekly News is out.
"
AbiWord 2.0.3 released and also successfully ported to Irix, pre-
built binaries for Mandrake users now available, lots of users
assisting and considering development, Martin begins work on Table of
Contents, and now you can meet our own Tomas Frydrych at the LinuxUser
and Developer Expo in the UK!"
Full Story (comments: none)
Miscellaneous
Version 0.95 of BloGTK, a web log client,
is out.
"
This version adds substantial new posting
options including extended entries, excerpts, and better support for
MovableType posting options. The post retrieval system has been written to be
more usable, and several other bug and UI fixes have been included."
Comments (none posted)
Two new versions of
DOSEMU, the
DOS emulator, are out. Stable version 1.2.1 and development version
1.3.0 were released, along with the dosemu-freedos beta9 rc4
operating system.
Change information is in the source code.
Comments (none posted)
Languages and Tools
Caml
The March 2-9, 2004 edition of the Caml Weekly News is available
with the latest Caml language articles.
Full Story (comments: none)
Java
The
Gnu Compiler for Java (GCJ)
now supports java.util.regex.
"
Thanks to Wes Biggs and the other GNU Regexp authors, Mark Wielaard (for merging into Classpath) and Anthony Green (for merging into libgcj), we now have support for java.util.regex. This arrives a little too late for gcc 3.4, but it will appear in the next release."
Comments (none posted)
Version 2.6.0 of STAF, the Software Testing Automation Framework,
and version 1.5.1 of STAX
have been announced.
"
One of the features added to STAF 2.6.0, and the primary reason for providing new versions of most of the STAF Java services, is to provide diagnostics data to help current STAF 2.x customers prepare for migrating to STAF 3.0, the next major release of STAF."
STAF is described as such:
"The Software Testing Automation Framework (STAF) is a framework designed to improve the level of reuse and automation in test cases and test environments. The goal of STAF is to provide a complete end-to-end automation solution for testers."
Comments (none posted)
Vladimir Silva
develops cross-platform GUI code on IBM's developerWorks.
"
Can you write Java code that compiles across several platforms but still performs as fast as native code? This is a problem that has vexed Java developers, particularly when it comes to applications with complex UIs. In this article, developer Vladimir Silva proposes an interesting solution to this problem. You'll learn how to use JNI to access SLIK, a cross-platform C API that offers native performance on both Windows and UNIX."
Comments (none posted)
JSP
O'Reilly has published
part two of their excerpt from the
Java Servlet & JSP Cookbook.
"
In this second and final batch of recipes excerpted from Java Servlet & JSP
Cookbook, author Bruce Perry shows you how to access an EJB from a servlet on
WebLogic, and how to connect to Amazon Web Services (AWS) with a servlet or
JSP."
Comments (none posted)
Jayson Falkner
explores client-side caching on O'Reilly.
"
In this article, we will code a filter that can modify HTTP response headers with the intention of using it to modify the client's web browser's cache. Client-side caching isn't as obvious as server-side caching, but it can be incredibly helpful, and it's near-trivial to implement."
Comments (none posted)
Perl
The March 1-7, 2004 edition of
This Week on perl5-porters is available.
"
This week was one of those weeks where the bug reports outnumbered the bug fixes. Hopefully in the future the perl 5 porters will be able to keep perl 5 on the right track, as they continue to do, week after week."
Comments (none posted)
The February 29, 2004 edition of
This week on Perl 6 is available.
"
As Leapday had been chosen as the release date for Parrot 0.1.0, the week was mostly spent getting things ready for release. A case in point was the PLATFORMS file which lists those platforms on which Parrot is known to compile and run, which (at the beginning of the week) was short several platforms and generally out of date. So everyone manned the pumps and sent in reports of success and failure."
Comments (none posted)
The PERL archive search code
is now available.
"
As part of an update of our site for searching CPAN at
http://cpan.uwinnipeg.ca/htdocs/cpan-search.html,
I've repackaged things so that it should be installable on other machines. The (alpha) source code is available from the CPAN-Search-Lite project on SourceForge."
Comments (none posted)
PHP
The
PHP Weekly Summary for March 9, 2004 is out. Topics include:
PHP 5 RC 1 (again :) and 4.3.5, Adding Debug functions to PHP 4, New Perl extension in PECL.
Comments (none posted)
Keith Edmunds has written a tutorial called
Using Smarty Templates With PEAR HTML_QuickForm.
"
This page is a simple introduction to using Smarty templates with the PEAR HTML_QuickForm classes. It is by no means exhaustive; in fact, it covers a very small fraction of the total functionality of Smarty templates. It is also not definitive: that role is taken by the source code itself, which is of course always right. However, for the newcomer to Smarty templates, the following should be a useful foundation to build upon."
Comments (none posted)
Ruby
Version 0.9.0 of Ruby-GNOME2, a set of Ruby language bindings for
the GNOME 2.x development environment,
has been announced.
"
This release features a binding for the ATK library, support for custom Libglade widgets, auto-conversion to (and from) Ruby types for Libgda, a better support for Ruby 1.8.1, a GStreamer tutorial, and many more enhancements in other libraries."
Comments (none posted)
Tcl/Tk
Version 8.4.6 of Tcl/Tk
has been announced.
Change information is in the source code.
Comments (none posted)
The March 9, 2004 edition of Dr. Dobb's Tcl-URL! is out with
lots of new Tcl/Tk article links.
Full Story (comments: none)
XML
Rick Jelliffe
shows how
to convert Wiki data into XML on O'Reilly.
"
Wikis are nice for typing. XML is nice for processing. SGML is a standard compiler compiler language for specifying conversions from one to the other."
Comments (none posted)
Uche Ogbuji
explains when to use XML elements and when to use attributes
on IBM's developerWorks.
"
The oldest question asked by adopters of XML is when to use elements and when to use attributes in XML design. As with most design issues, this question rarely has absolute answers, but developers have also experienced a lack of very clear guidelines to help them make this decision. In this article, Uche Ogbuji offers a set of guiding principles for what to put in elements and what to put in attributes."
Comments (none posted)
Test Suites
The beta 2 release of the Linux Standards Base VSX test suite has
been announced.
"
The key changes over the first beta are introduction
of an alternate test strategy for handling the large NGROUPS_MAX value
returned by 2.6 kernels."
Full Story (comments: none)
Version Control
David A. Wheeler has sent us a pointer to
an article
he wrote on version control systems.
"
With the release of Subversion 1.0, lots of people are discussing the pros and cons of various software configuration management (SCM) / version control systems available as open source software / Free Software (OSS/FS). Indeed, the problem is now an embarassment of reasonable choices: there are several OSS/FS SCM systems available today. Here's some information about SCM systems that I've learned that you may find helpful; I'll discuss three popular choices (CVS, Subversion, and GNU arch), the differences between centralized and decentralized SCM, using arch to support centralized development, and a few links to other reviews."
Comments (6 posted)
Chia-liang Kao
explains the use of svk, a version control tool.
"
I started to use Subversion one year ago and liked the elegant file-system design a lot. Soon it became impossible for me to go back to CVS. This means that I felt uncomfortable whenever I was working on projects using CVS, and I wanted to see a tool to keep my Subversion repository in sync with a CVS repository."
Comments (none posted)
Miscellaneous
Version 1.6 of
bfr,
a Pipe Buffer, is out. The description of bfr says:
"
This speeds up certain procedures, such as creating a tar file, gzipping it, and putting it through a program such as "netcat". It boosts performance by allowing a certain level of detachment between the two... allowing tar and (especially) gzip to do its work at the same time the network is doing its work, so you're not sending one packet and THEN seeing gzip kick in to create the next."
Comments (none posted)
Two new versions of the Bugzilla bug-tracking system
have been released.
"
The Bugzilla team released yesterday two new versions:
the 2.17.7 developer snapshot, based on the CVS trunk, and the 2.16.5 stable
version, based on the stable branch. Those releases cover 4 months of
development since the previous versions and are available for download from
the Bugzilla website.
"Bugzilla also released a new status update, which contains details about the
releases and the upcoming features."
Comments (none posted)
Version 0.1 of MonoDevelop, a project to port SharpDevelop to Gtk#,
has been announced.
Comments (none posted)
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Netcraft
looks
at ten years of spam. "
Ten years ago today, spam as we know it
was born. On 5 March 1994, a message was posted to some Usenet newsgroups
by a law firm called Canter and Siegel, advertising their services for the
U.S. Green Card lottery. It sounds mild enough today, but at the time that
move and its follow-ups provoked increasing outrage across the Net. Many
were appalled that "netiquette" - the unspoken rules that hitherto had
maintained order in cyberspace - had been breached, sensing perhaps that
things would never be the same again."
Comments (11 posted)
Chris DiBona
begins a Linux Journal column series with a discussion of why he went over to challenge/response spam filtering.
"
Initially, I was taken aback by the finality of such a system, but over the past few months, I determined that Kirk is right--I simply don't have the time to mess around anymore. If I know you, don't worry, your e-mail goes through; if I don't, ASK requires one step that you need to take only once. I don't think this is a lot to ask of people who e-mail me out of the blue."
Comments (14 posted)
TheFeature is running
an article that looks into cell phone programming issues.
"
With any luck, Nokia's new ports of scripting languages, like Python, for cell phones will engage a new generation of fledgling programmers. It'll have to be somewhere other than the United States, of course, unless Verizon really is brought down by the AT&T/Cingular merger."
Comments (none posted)
The SCO Problem
Groklaw has
a nice summary of the veracity of the SCO memo posted by Eric Raymond, SCO's spin on the whole thing, and the interesting metadata found in the DaimlerChrysler complaint. "
If you want your eyes to bug out, take a look at what Microsoft's loathesome metadata has revealed -- up until February, SCO was planning a DMCA action against the Bank of America, and they planned to ask the judge to impound all Linux software in the BofA's possession during the trial."
Comments (10 posted)
According to
this
ComputerWorld article, some of the companies named by SCO as having
bought "Linux licenses" see things differently. "
SCO Chief Financial
Officer Bob Bench on Wednesday confirmed that Computer Associates was one of four publicly
named companies to sign up for SCO's Intellectual Property (IP) License for
Linux -- a US$699 license that SCO says that Linux users must purchase in
order to avoid violating SCO's copyrights. On Thursday, however, a CA
executive said that his company had purchased no such license, but had
instead acquired a large number of licenses for SCO's UnixWare operating
system as part of a US$40 million breach of contract lawsuit settlement in
August 2003 with SCO investor The Canopy Group Inc."
Comments (6 posted)
TechWeb
calls on Microsoft to explain its dealings with SCO.
"
The mystery behind Microsoft's arrangement with SCO could be cleared up, and maybe some of the speculation put to rest, if Microsoft would disclose more details about how it plans to use SCO's technology. But it won't. I've asked for that information four times in the past 12 months, but Microsoft will only discuss its plans in the broadest terms, and even then unconvincingly."
Comments (8 posted)
Bruce Perens has posted
a new editorial on the
SCO case. "
SCO has run its campaign against Linux for over a year
now, kiting their stock from fifty cents to over twenty dollars on many
statements that, it is turning out, weren't true. When a company makes
unfounded assertions for a month or two, it can be dismissed as a mistake
or wishful thinking. When the distortions go on for a full year, it becomes
difficult to explain their behavior as anything but a deliberate fraud
meant to hurt Linux for Microsoft, their financial backer, while bringing
SCO Millions in stock windfalls."
Comments (3 posted)
For those of you who missed the delightful SCO earnings conference call last week - or who wish to relive the experience - Groklaw has posted
a transcript of the event.
Comments (2 posted)
Companies
Here's a sign of where things are going:
this TechWeb article about a new Windows XP service pack is mostly devoted to Microsoft's response to Linux.
"
Microsoft is also clearly mapping out its future product strategy and road
map, which is unavailable from the Linux community, [Microsoft manager Kevin Wueste] said. 'You have to go
to 80,000 community Web sites to figure out what all the (Linux) architects
are doing and then maybe put a strategy together,' he said. It is impractical
for customers and partners to bet on such a model, said Wueste."
Perhaps Mr. Wueste should read LWN instead :).
Comments (19 posted)
Linux Adoption
BBC News is running
a strange
article about the "war" between free and proprietary code.
"
So now would be a good time to start thinking about how we persuade
governments that market in software may eventually need to be regulated,
just as the market in electricity, water and food is, and that that
regulation may well include a statutory duty to disclose source code and
allow it to be used elsewhere." (Thanks to Paul Sladen).
Comments (12 posted)
KDE-France.org
looks at the use of KDE in the French alps.
"
Our reporter was amazed to discover that the users of the cyberbase, most of them without any knowledge of the OS they were running, were using KDE with proficiency. The main problem for foreigners seemed to be the peculiarities of the French keyboard but there were some Qwerty keyboards available."
(Found on KDE.News)
Comments (none posted)
USA Today
looks
at the growing acceptance of Linux and reviews five desktop-oriented
distributions. "
In terms of end-user training requirements, Lindows,
Lycoris and Xandros present the least costly options for switching to a
Linux desktop interface. Libranet and Mandrake may require more training
but are still worth considering."
Comments (12 posted)
Legal
Here is
CNN's
coverage of today's EU IPR directive vote. "
Using fast-track
procedures, the European Union assembly, meeting in Strasbourg, France,
voted 330 to 151 with 39 abstentions to pass the measure. EU ministers
were expected to sign off on the new rules against counterfeiting by the
end of the week."
Comments (3 posted)
Interviews
NewsForge
talks with
Tim Bogart, of the Northern Virginia Linux Users Group (NoVaLUG), about
the LUG's participation in FOSE, the Federal Office Systems Exposition.
"
How did the first FOSE appearance come about? Did you ask FOSE or
did FOSE ask you? Tim: Actually I annoyed them until they agreed to open a
dialog. I pestered them for about three months. Then Red Hat had their IPO
... more phone calls ... then VA Linux ... then I got to talk to them. It
was nothing but bulldog tenacity that got us in there. "
Comments (none posted)
Independent French magazine Presence-PC has translated two recent
interviews into English. This
interview with
Richard Stallman looks at the GNU project and the state of the Hurd.
Then
Denis Oliver
Kropp talks about DirectFB. "
Denis Oliver Kropp: I'm a 22 year
old developer from Berlin and the main developer of DirectFB. My company
"convergence GmbH" is developing an MHP (Multimedia Home Platform)
implementation on top of a GNU/Linux/DirectFB system."
Comments (none posted)
KDE.News
interviews Zack Rusin in
its People Behind KDE series.
"
The guy I'm
interviewing this week is remembered among his friends for trying to enforce
a passionate relationship on a Ximian person, sleeps with his laptop and is
one of KDE's most outgoing developers. The man who cut his famous dreadlocks
and emerged with a clean crew cut, it's Zack Rusin!"
Comments (none posted)
TechDigest.org
talks
with Eric Laffoon, Quanta/kdewebdev project leader. "
The one
thing I would like to say is that I have become a very strong supporter of
open source software. I very much want to empower people around the world
to have a better life and I believe there is a battle in the world around
us over control of power and money. There always is, only now it's focusing
on the most substantial invention since the printing press, the
internet. Five hundred years ago our world changed with the ability to
easily share knowledge. I believe that amazing developments or oppressive
freedom turn on what happens in the next 5-10 years on the internet and I
take it seriously." (Found at
KDE.News)
Comments (none posted)
New Mobile Computing has
an interview with Doug
Turner and Chris Hofmann of the Minimo project. "
Minimo, is
really two parts -- it is an effort which aims at providing a small
embeddable browser for small devices. We think we have done a good job at
this. The second aim is to provide a best-of-bred application for small
devices. We have just started to work on the second aim. You should expect
to see some very good UI for Minimo in the next few months."
Comments (1 posted)
Reviews
developerWorks
examines
some of the improvements in the 2.6 kernel. "
The 2.6 Linux
kernel employs a number of techniques to improve the use of large amounts
of memory, making Linux more enterprise-ready than ever before. This
article outlines a few of the more important changes, including reverse
mapping, the use of larger memory pages, storage of page-table entries in
high memory, and greater stability of the memory manager."
Comments (none posted)
IBM developerWorks
looks
at networking improvements in the 2.6 kernel. "
The new Linux 2.6
kernel offers many improvements over the 2.4 version. One area of technical
advancement is in the kernel networking options. Although there are
enhancements in most of the files associated with the networking options,
this article focuses on major feature improvements and additions that
affect entire sections rather than on specific files."
Comments (none posted)
Miscellaneous
Linux Journal
looks at the
evolution of the Linux Documentation Project. "
Linux
environments tend to change at a rather high speed, so do the docs. Sooner
rather than later, submissions about new protocols and applications reach
TLDP, outdating older documents. The main problem here is TLDP maintainers
usually are rather soft-hearted, so partly out of melancholy, partly out of
respect and sometimes partly because of the lack of volunteers for
upgrading a document, they tend to archive everything."
Comments (2 posted)
Robert Kaye
writes about the evolution of peer to peer networks on O'Reilly.
"
Combining file sharing applications with social networks enables people to create a trusted network of their friends to keep out the bad guys. The definition of bad guys is up to the user to determine -- in a lot of cases, the bad guys would be the lovely folks slinging lawsuits. But these networks can easily be used for legitimate non-infringing uses, such as sharing personal information with a network of friends while keeping it out of reach of marketers and identity thieves."
Comments (none posted)
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
A charitable event will be held in Northern California with the goal
of collecting computer books for Iraq.
"
BookCrossing.com and the Freedom
Technology Center are teaming up to help jump-start
Iraq's recovery with computer book donations.
Linux and open-source software enthusiasts will meet
at Mountain View's Freedom Technology Center all
day Friday, March 26 to pack and ship badly-needed
computer books to the new Linux Users Group (LUG)
of Iraq."
Full Story (comments: none)
IP Telecom has
joined the OSDL bandwagon. This company sells a Japanese-language distribution called
Nature's Linux.
Comments (none posted)
Commercial announcements
The Desktop Linux Summit has
announced
that Novell and other major tech companies have tripled the number of
sponsors for the April 2004 conference. Some of the smaller sponsors named
in this press release include Debian, KDE, and LWN.net.
Comments (1 posted)
Four new members have been selected for the Eclipse Board of Directors.
"
Four new members of the Eclipse Board of
Directors, representing the organization's Open Source project community and
commercial supporters, were announced today. Newly elected, Todd Williams
(Genuitec, LLC), John Wiegand (Eclipse Project Lead, IBM); Rich Main (SAS),
and Bjorn Freeman-Benson (University of Washington) join the board".
Full Story (comments: none)
IBM's devloperWorks has
a lengthy list of free live presentations that will be held around
the world in 2004.
"
The IBM developerWorks Live! Technical Briefings, which were
a great success worldwide
in 2003, have been expanded for 2004. The following five types of
technical briefings, which include presentations and extensive
demonstrations, will be held in cities around the world in 2004 (at no
cost to you): e-business on demand, IBM Software Development Platform,
Speed-start Linux applications, Speed-start Web services, Globalizing your
applications."
Comments (none posted)
MandrakeSoft has
announced
the filing of a plan for its exit from bankruptcy. It calls for the
company to repay €4.1 million in debts over the next nine years.
The plan must still be approved by the court; this should happen in the
next few weeks. Meanwhile, the company's
stock will resume trading on the Euronext Marché Libre on
March 8.
Comments (none posted)
Opera Sofware has completed its IPO and is now listed on the
Oslo Stock Exchange under the ticker symbol OPERA.
Full Story (comments: none)
New Books
O'Reilly has published the
Linux Pocket Guide by
Daniel Barrett.
Full Story (comments: none)
O'Reilly has published
Squid: The Definitive Guide
by Duane Wessels.
Full Story (comments: none)
The book
WebLogic: The Definitive Guide by Jon Mountjoy and Avinash Chugh is available from O'Reilly.
Full Story (comments: none)
Resources
A developer snapshot of the GIMP 2.0 user manual
is available.
"
This developer snapshot is basically for soliciting new contributors, who will assist us in writing and correcting errors."
Comments (none posted)
The March 3, 2004 edition of the Linux Documentation Project Weekly News
has been published. Take a look for documents on configuring a
UPS, controlling a telescope, building an ultimate Linux box, and more.
Full Story (comments: none)
The Linux Documentation Project Weekly News for March 10, 2004 is
available with the latest new documentation. Included is a new
SquashFS HOWTO, a Beowulf Cluster HOWTO, a Partition HOWTO, and more.
Full Story (comments: none)
The February, 2004 edition of the Linux Professional Institute's
LPI Newsletter is out.
Full Story (comments: none)
MozillaZine
mentions the availability of some Japanese Mozilla documents.
"
Yamaguchi wrote in to tell us about the various help resources available to Japanese-speaking Mozilla users. Read the full article for Yamaguchi's complete lowdown."
Comments (none posted)
An online Python book and tutorial called
A Byte of Python
is available.
"
A Byte of Python is a book on programming using the Python language. It serves as a tutorial or guide to the Python language for anyone. If all you know is how to save text files, then you can learn Python using this book. If you are an expert programmer who loves C, Perl, Java or C#, you can also learn Python using this book."
Full Story (comments: none)
The free online Python book
Dive Into Python
has been expanded. The announcement on the
Daily Python-URL says:
"
Version 4.5 of 'Dive into Python' adds more material on regular expressions, adds various examples, reorganises a number of chapters, and makes a number of corrections."
Comments (none posted)
An online presentation of
PyX, a Python graphics package
that is used for creating encapsulated PostScript, is available.
"
PyX was presented at the annual meeting of the German TeX User Group DANTE e.V. (March 2nd to 6th, Darmstadt). The presentation is available in German and English."
Comments (none posted)
Contests and Awards
MySQL AB is accepting nominations for its
Partner of the Year and
Application of the Year awards. Winners will be announced
in April at the
MySQL Users Conference & Expo 2004.
Comments (none posted)
Event Reports
The folks who put on the GNU/Linux Summit have put out a
press release that details the success of the event.
Full Story (comments: none)
Upcoming Events
The Linux Users' Group of Davis will be holding a Linux installfest
and a Hands-on Linux Demo on March 20, 2004 in Davis, CA.
Full Story (comments: none)
Big Nerd Ranch, Inc. will be holding an Apache Bootcamp on May 17-21, 2004.
The event will take place outside of Atlanta, GA.
Full Story (comments: none)
Penguicon 2.0, a combination Linux expo and science fiction convention,
will be held in Novi, Michigan on April 16-18, 2004.
Full Story (comments: none)
A call for papers has gone out for the 1st European Lisp and Scheme Workshop.
The event will take place on June 13, 2004 in Oslo, Norway.
Full Story (comments: none)
Submissions of papers, demos, and posters are open for the
International Computer Music Conference (ICMC) 2004.
The event will be held in Miami, Florida on November 1-6, 2004.
Full Story (comments: none)
TheServerSide Java Symposium
has been announced. The event will take place on
May 6-8, 2004 in Las Vegas, NV.
"
This year TheServerSide Java Symposium features keynote and technical break out sessions from an all-star line up of enterprise Java luminaries and will provide access to J2EE specification leads and expert group members, key book authors, open source project founders as well as engineers and influencers."
Comments (none posted)
Here's a
press release for the ClusterWorld Conference & Expo, coming to the
San Jose Convention Center April 5 - 8, 2004.
Comments (none posted)
Novell has
announced
that this year's BrainShare conference will focus on its new Linux
offerings.
Comments (none posted)
| Date | Event | Location |
| March 15 - 17, 2004 | Open Source in Government Conference | (George Washington University)Washington, DC |
| March 16 - 17, 2004 | Open Source Business Conference 2004 | (The Westin St. Francis)San Francisco, CA |
| March 18 - 24, 2004 | CeBIT | (Hannover Exhibition Center)Hannover, Germany |
| March 21 - 26, 2004 | Novell BrainShare 2004 | Salt Lake City, Utah |
| March 24 - 26, 2004 | PyCon DC 2004 | Washington, D.C. |
| March 25 - 26, 2004 | Open Source Forum 2004 | (The Sydney Marriott Hotel)Sydney, Australia |
| March 27 - 28, 2004 | Nordic Perl Workshop 2004 | (Symbion Science Park)Copenhagen, Denmark |
| March 27 - 28, 2004 | YAPC::Taipei::2004 | Taipei, Taiwan |
| April 5 - 7, 2004 | Samba eXPerience 2004 | (Hotel Freizeit In)Göttingen, Germany |
| April 5 - 8, 2004 | ClusterWorld Conference & Expo | (San Jose Convention Center)San Jose, California |
| April 13 - 15, 2004 | Real World Linux 2004 Conference & Expo | (Metro Toronto Convention Centre)Toronto, Ontario, Canada |
| April 14 - 16, 2004 | MySQL Users Conference and Expo 2004 | (Peabody Hotel Orlando)Orlando, FL |
| April 14 - 17, 2004 | ACCU Spring Conference 2004 | (Randolph Hotel)Oxford, England |
| April 16 - 18, 2004 | Penguicon 2.0 | (Detroit Sheraton Novi Hotel)Novi, MI |
| April 20 - 21, 2004 | LinuxUser & Developer Expo | (Olympia)London, England |
| April 22 - 23, 2004 | 2004 Desktop Linux Summit | (Del Mar Fairgrounds)San Diego, California |
| April 26 - 27, 2004 | Digital Media Project Traditional Rights and Usages Workshop | Los Angeles, CA |
| April 29 - May 2, 2004 | 2nd Linux Audio Developers Conference | (Institute for Music and Acoustics)Karlsruhe, Germany |
| May 3 - 5, 2004 | International PHP Conference 2004 Spring Edition | Amsterdam, Netherlands |
| May 6 - 8, 2004 | TheServerSide Java Symposium | (The Venetian)Las Vegas, NV |
Comments (none posted)
Web sites
A call for papers has gone out for the
IEEE Security & Privacy site. Upcoming themes include
Attacking Systems and Security and Usability.
Full Story (comments: none)
Software announcements
Here are the software announcements, courtesy of
Freshmeat.net. They are available in
two formats:
Comments (none posted)
Miscellaneous
GnomeDesktop.org
looks at
the history of the ongoing GNOME bug day events.
"
Bug day is a day we get together on IRC, find bugs, and clean bugzilla. We do all of this so that developers can get more work done by focusing on bugs that matter instead of duplicates, unconfirmable bugs, and things that they've already closed."
Comments (none posted)
Page editor: Forrest Cook