LWN.net Weekly Edition for July 21, 2005
Debconf5: Structural Evolution
Debconf5, the sixth annual
Debian Conference, recently descended upon the Helsinki University of
Technology (HUT) in Espoo, Finland. LWN reporter Rebecca Sobol was
privileged to attend this year's event.
Hundreds of Debian developers, maintainers, translators, users and fans joined together for an overflowing week's worth of talks, BOFs, hacking and partying. Debian GNU/Linux is the largest distribution project in many ways; lots of developers (around 200 Debian Developers plus scores of package maintainers, documentation authors and translators), support for more architectures, lots of packages (nearly 15,000 binary packages are available), more derived distributions using it as a base, and soon even a choice between Linux and Hurd kernels. The Debian community is massive and scattered around the globe.
During the year these people keep in touch through a variety of mailing lists and IRC
channels, but the annual Debconf provides people with a chance to meet face
to face to talk about their favorite operating system. Each year Debconf
meets in a different part of the world to make it more accessible to some
portion of its global community. This year's conference in Finland
brought out over ninety Finns, followed by a full gross of people from
Germany, the United Kingdom, the United States, Sweden, Spain and Norway.
It was also accessible to a handful of people from the Russian Federation
and other parts of Eastern Europe. A few traveled greater distances to
come from South America, New Zealand and Fiji. All told, there were people
from over thirty countries at this year's event.
Debian is large, and it is all volunteer. A few people have found or created jobs for themselves where they can be paid to work on Debian, at least part of the time, but they are in the minority. The organization is guided by a social contract and maintains a strong commitment to software freedom.
Bdale Garbee, long time Debian developer and former Debian Project Leader gave a talk on Debian's Structural Evolution, subtitled Musings on Debian, Today and Tomorrow. He has serious concerns that Debian has grown too large for its infrastructure. For example, each year Debian developers elect a Project Leader. For nine weeks each year a few prominent Debian developers cease working as a team to compete for a job that has grown too complex for a single person. Only Debian developers are allowed to vote, leaving hundreds, or more likely thousands of Debian volunteers and users with no say whatsoever.
Some of Debian's infrastructure is ably provided by Software in the Public Interest (SPI). However too few Debian developers are involved in SPI, which oversees many other projects. Also it not in SPI's mandate to provide technical guidance, that is the role of the Technical Committee. Bdale finds the committee, as currently defined, is not particularly satisfying. The committee could use a periodic review and refresh, which is currently not happening.
The current DPL, Branden Robinson started Project SCUD as an attempt to address some of these issues while working within the constraints of the Debian constitution. However Bdale (a member of SCUD) finds that the relationship between the DPL and the project is not clear. The team is self-selected and does not include a representative sampling of Debian project participants.
Perhaps it is time to replace the DPL and Technical Committee with an elected leadership board. Candidates would be motivated to campaign on their teamwork skills and more people would be willing to be involved in Debian's leadership. Perhaps a way could be found to allow the greater Debian community a voice in this process. Perhaps this would make Debian even stronger.
Delays in security updates
There are a number of reasons that users choose Linux, but security is one of the most often-cited reasons. While Linux distributions certainly see their fair share of security issues, updates are usually issued in a timely fashion.However, there are times when the process gets bogged down. Security updates for Debian, for example, were not going out in a timely fashion for some time. As reported in Branden Robinson's Debian Project Leader Report for July, security updates were interrupted for some time. This has also been reported in the mainstream press, though members of the Debian team take issue with the actual reporting.
Looking at the security advisories for 2005, one thing that is clear is that no security updates were issued through most of June. There are no updates from June 4 through June 29. Updates resumed on June 30, and there have been a steady stream of updates since then. We e-mailed Martin Schulze about the Debian security delays, and he confirmed the time period.
That is quite a delay for some of the updates. For example, the sudo vulnerability, for example, was addressed in Debian on July 1 for Woody and Sarge. The Fedora Core team released an update for this vulnerability for Fedora Core 3 and Fedora Core 4 on June 21, and Ubuntu released an update on June 21st for Hoary (5.04) and Warty (4.10). Updates for Gaim's recent vulnerabilities were issued on June 16 for FC3 and FC4, and June 10 and June 15 by the Ubuntu team, respectively -- but not for Debian until July 5.
In an e-mail, Schulze said that he didn't know all of the details of the problems that delayed updates, but explained way the process is supposed to work:
This change needs to be done on the ftp-master, on the security host and on the wanna-build database (the database behind the buildd network).
In addition to that, on all buildd hosts that are supposed to build packages for "oldstable" as well (not all buildds do), the old "stable" build chroot needs to be renamed to "oldstable" and "oldstable" needs to be enabled in the configuration.
Additionally, on all buildd hosts the "stable" build chroot needs to be updated to the current "stable," or the old "testing" chroot renamed. These are used by the security builds as well.
All this should be done synchronously, but wasn't. On July 7th I wrote in my logbook that the buildd network seems to be finally fixed. Actually it was fixed two days before that article. Before that, one part or another was missing or not fixed totally.
In the Project Leader Report, Robinson points out that there was a failure in infrastructure and communication:
I have asked Andreas Barth to look into this situation and establish as clear a factual record as he can. Using this report, we should be able to attack the areas of weakness. One thing I'd like to see is better documentation of the internal workings of the security update process, perhaps in the Debian Developers' Reference. With a broader understanding of security workflow, I'm hopeful that people will be less likely to draw erroneous inferences about what the causes of problems are, and more likely to make offers of assistance that prove fruitful.
Robinson has also proposed making the security team DPL delegates, and points out that now would be a good time to add new members to the security team roster. Whether that has happened or not, however, remains up in the air. Schulze said that adding new members would be "discussed inside the security team
". Robinson has not replied to e-mails asking about the security delays.
Schulze also said that the backlog of security updates that built up through June should be cleared out by now.
Around the same time, the Fedora Legacy project's security updates also seem to have been bottled up. The Fedora Legacy project has a gap for updates between June 5 and July 9, for all Red Hat and Fedora distributions supported by the Fedora Legacy project, Red Hat 7.3 and 9.0, and Fedora Core 1 and Fedora Core 2.
Some of the updates that were released in July by Fedora Legacy were rather tardy indeed. For example the GNU Mailman advisory (CAN-2005-0202), was fixed by other distributions back in February. The PHP advisory on July 10 from Fedora Legacy was addressed back in April by Gentoo, Mandriva and others. (Debian's fix for this bug came out in May.) This post on the Fedora Legacy mailing list from Jesse Keating acknowledges that the legacy project has longer lead times on security updates.
It would seem that Debian's infrastructure problems have been solved, at least for now. However, the gap in updates is somewhat alarming. As a rule, Debian has often been one of the first distributions to issue security updates and advisories, and has developed a well-deserved reputation for being quick to respond to security issues. We hope that the delay in updates while the project was transitioning from Woody to Sarge is a one-time issue, and that the transition from Sarge to Etch, whenever that happens, will happen more smoothly.
The importance of speedy security releases can't be emphasized enough. Aside from the obvious PR problems when a distribution is behind in updates, Linux users need to be able to depend on updates as soon as they can be made available so that they are not subject to exploits any longer than is absolutely necessary.
Security
Brief items
Debconf5: Securing the Testing Distribution
This part of our Debconf5 coverage was inspired by a talk titled Securing the Testing Distribution given by Joey Hess.
Debian has several branches, including two currently supported stable branches, Woody and Sarge and the unstable branch, also known as sid. Though usually fairly stable, sid is in constant flux and provides a faster paced target for those who like run the latest and greatest software. The testing branch, on the other hand, provides a look at the next stable version still in development, in this case etch. Testing was first used when woody was in development. Once Woody was released as Debian 3.0 testing became synonymous with sarge. So now that Sarge has been released as Debian 3.1, testing has become etch which will someday to be the next stable version.
The supported stable version(s) (support for Woody will end before we will see an etch release) have a security team providing security updates. Often security fixes are backported to the stable packages. Packages in sid are usually upgraded to a new version of the package in which the problem has been fixed. Up to now there has been no mechanism to provide security updates for testing.
Some of the security issues in stable will have already been fixed in testing's newer packages, but for the most part security fixes have lagged behind stable and unstable. Packages fixed in unstable can automatically migrate to testing, if certain criteria are met, but that comes with a built-in delay. Unrelated release critical bugs in unstable packages could block the security updates from reaching testing. Ironically, those very users most interested in the shape of the next stable version are also those likely to be put off by the lack of security updates.
Those days have come to end. Now there is a security team for testing, with five to six team members and twice that on the mailing list. Some team members are Debian Developers (DDs), but that's not required. The team now proactively looks for holes, checking Debian testing packages against CVE entrys, bugs in the Bug Tracking System (BTS), and watching other security lists.
DDs and package maintainers were asked to document all security issues, including the CVE number in open bug reports. Change log entries and closed bugs should include a CVE number and indicate when security issues are fixed. Tracking and fixing security bugs in etch will make it far more appealing to potential testers, and may even help Debian achieve a more predictable release cycle.
New vulnerabilities
affix: two remote vulnerabilities
| Package(s): | affix | CVE #(s): | CAN-2005-2250 CAN-2005-2277 | ||||
| Created: | July 19, 2005 | Updated: | September 2, 2005 | ||||
| Description: | A buffer overflow in the Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share. Also remote attackers may execute arbitrary commands via shell metacharacters in the filename argument of a PUT command. | ||||||
| Alerts: |
| ||||||
bugzilla: information disclosure
| Package(s): | bugzilla | CVE #(s): | CAN-2005-2173 CAN-2005-2174 | ||||
| Created: | July 14, 2005 | Updated: | July 19, 2005 | ||||
| Description: | Bugzilla has a vulnerability that may allow a remote attacker to modify flags of arbitrary bugs, triggering a return email to the attacker as well as a race condition. | ||||||
| Alerts: |
| ||||||
ekg: multiple vulnerabilities
| Package(s): | ekg | CVE #(s): | CAN-2005-1850 CAN-2005-1851 CAN-2005-1916 | ||||||||
| Created: | July 18, 2005 | Updated: | August 8, 2005 | ||||||||
| Description: | Several vulnerabilities have been discovered in the ekg contributed scripts. These include an insecure temporary file creation problem, a potential shell command injection problem, and an arbitrary command execution problem. | ||||||||||
| Alerts: |
| ||||||||||
heartbeat: insecure temporary files
| Package(s): | heartbeat | CVE #(s): | CAN-2005-2231 | ||||||||||||||||||||
| Created: | July 19, 2005 | Updated: | August 15, 2005 | ||||||||||||||||||||
| Description: | Eric Romang discovered several insecure temporary file creations in the High Availability Linux Project Heartbeat 1.2.3. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite | CVE #(s): | CAN-2005-1920 | ||||||||||||||||||||||||||||
| Created: | July 19, 2005 | Updated: | September 21, 2010 | ||||||||||||||||||||||||||||
| Description: | Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
mediawiki: JavaScript code injection
| Package(s): | mediawiki | CVE #(s): | |||||
| Created: | July 20, 2005 | Updated: | July 20, 2005 | ||||
| Description: | MediaWiki has a vulnerability caused by failing to correctly escape a parameter in the page move template. Remote attackers can use this to inject and execute JavaScript code with the permission of the user's browser session. | ||||||
| Alerts: |
| ||||||
mozilla-firefox: multiple vulnerabilities
| Package(s): | mozilla-firefox | CVE #(s): | |||||||||
| Created: | July 14, 2005 | Updated: | July 22, 2005 | ||||||||
| Description: | A dozen security vulnerabilities that have been fixed in Firefox 1.0.5 and Mozilla 1.7.9 have been back-ported to older versions. | ||||||||||
| Alerts: |
| ||||||||||
mysql: low-impact security fix
| Package(s): | mysql | CVE #(s): | CAN-2005-1636 | ||||||||||||||||
| Created: | July 20, 2005 | Updated: | February 22, 2006 | ||||||||||||||||
| Description: | An update to MySQL version 4.1.12 fixes a low-impact security problem (bz#158689). | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
pam_ldap: plain text authentication leak
| Package(s): | pam_ldap | CVE #(s): | CAN-2005-2069 | ||||||||||||||||||||||||
| Created: | July 14, 2005 | Updated: | October 17, 2005 | ||||||||||||||||||||||||
| Description: | pam_ldap and nss_ldap ignore the "ssl start_tls" ldap.conf setting, allowing an attacker to sniff unencrypted passwords and other information. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
phppgadmin: directory traversal vulnerability
| Package(s): | phppgadmin | CVE #(s): | CAN-2005-2256 | ||||
| Created: | July 18, 2005 | Updated: | July 19, 2005 | ||||
| Description: | A missing input sanitization vulnerability has been discovered in the phppgadmin PHP scripts, sensitive information may be disclosed. | ||||||
| Alerts: |
| ||||||
thunderbird mozilla firefox: multiple vulnerabilities
| Package(s): | thunderbird firefox mozilla | CVE #(s): | CAN-2005-0989 CAN-2005-1159 CAN-2005-1160 CAN-2005-1532 CAN-2005-2261 CAN-2005-2265 CAN-2005-2266 CAN-2005-2269 CAN-2005-2270 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | July 20, 2005 | Updated: | September 1, 2005 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | Multiple vulnerabilities have been found in the Mozilla Thunderbird email client, as well as the Mozilla Suite and Firefox and Mozilla based other browsers. Bugs include an anonymous function handling bug, a JavaScript validation problem, privileged UI code handling DOM nodes, a JavaScript privilege escalation, a problem with Javascript in XBL controls, improper handling of child frames, a DOM name code execution vulnerability, and a base object clone problem. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Updated vulnerabilities
CUPS: multiple vulnerabilities
| Package(s): | CUPS | CVE #(s): | CAN-2004-2154 | ||||||||||||||||
| Created: | July 14, 2005 | Updated: | September 20, 2005 | ||||||||||||||||
| Description: | The CUPS printing system has a problem with queue name case-sensitivity matching that can cause a security policy override. An unauthorized user can use this to gain print to a protected queue. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
cvs: multiple vulnerabilities
| Package(s): | cvs | CVE #(s): | CAN-2004-1342 CAN-2004-1343 | ||||
| Created: | July 19, 2005 | Updated: | July 19, 2005 | ||||
| Description: | The cvs pserver access method in connection with the Debian repouid can allow an attacker to bypass the password authentication and gain unauthorized access to the repository. Also, a problem with the cvs-repouids file can allow a remote user to crash the cvs server and cause a denial of service. | ||||||
| Alerts: |
| ||||||
Page editor: Rebecca Sobol
Kernel development
Brief items
Kernel release status
The current stable 2.6 kernel is 2.6.12.3, which was announced on July 15.The current 2.6 prepatch remains 2.6.13-rc3; a small number of fixes have accumulated in Linus's git repository since -rc3 came out. Since Linus and many key developers are in Ottawa for the kernel summit (see below) and the Ottawa Linux Symposium, activity has been relatively subdued.
The current -mm kernel is 2.6.13-rc3-mm1. Recent changes
to -mm include the addition of the class-based kernel resource management (CKRM)
patches, a number of fixes, and a set of patches marked "Futz with
header files, waste much time
".
Since your editor is in Ottawa as well, the Kernel Page will be relatively small this week. It will return to normal next week. Meanwhile, the slides from the "2.6 Kernel Roadmap" OLS talk have been posted for the curious.
Kernel development news
Quote of the week
The 2005 Linux Kernel Developers' Summit
The 2005 version of the invitation-only Linux Kernel Developers' Summit was held on July 18 and 19 in Ottawa. The following are LWN editor Jonathan Corbet's notes from the discussion.July 18 sessions:
- The processor panel, being a
discussion between the kernel developers and processor architects from
AMD, IBM, and Intel.
- I/O Buses, and I/O memory management
units in particular.
- Virtual memory topics, including
fragmentation, response to memory pressure, and scalability.
- ExecShield; Red Hat's security patches
which have only partially been merged into the mainline.
- Virtualization, and how the kernel can
better support it.
- The virtual filesystem, and various topics related to the VFS.
July 19 (Tuesday) sessions:
![[Linus Torvalds]](https://static.lwn.net/images/conf/ols+ks2005/linus-fun-sm.jpg)
- The hardware vendors' panel, on the
impedance mismatch between the kernel development community and
manufacturers.
- Report from the networking summit
which was held before the kernel event.
- The convergence of storage and network
paths; how do you ensure safe operation when distinction between
the networking and block subsystems blurs?
- Clustering: a brief report from the
clustering summit held two weeks before in Germany.
- RAS tools, being mostly a discussion
of the recently merged kexec and kdump capabilities.
- Realtime capabilities, a look at the
various proposals for implementing realtime response with Linux.
- The kernel and the Linux desktop; a
report from the Desktop Developers' Conference.
- A report from the power management
summit, contributed by Pat Mochel. Pat also led the session at
the Kernel Summit on power management. The one thing that session
added which is not in Pat's report: Linus took the power management
developers to task for focusing on suspend-to-disk capabilities, when,
he says, what everybody wants is suspend-to-RAM. The latter is
complicated, however, by the usual video adapter difficulties.
- The kernel development process, with an emphasis on how the community could produce kernels with fewer bugs.
![[Kernel summit group]](https://static.lwn.net/images/conf/ols+ks2005/kernel-group-512.jpg)
The group photo is available in medium resolution (1024 pixels) and full resolution (3072 pixels) formats.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Networking
Security-related
Benchmarks and bugs
Miscellaneous
Page editor: Forrest Cook
Distributions
News and Editorials
An early look at FreeBSD 6
FreeBSD 6 is on its way. The announcement went out on Friday for FreeBSD 6 Beta1. The FreeBSD announcement indicates that FreeBSD 6 will be "a much less dramatic step from the FreeBSD 5 branch than the FreeBSD 5 branch was from FreeBSD 4." Still, there are a number of improvements and new features in FreeBSD 6 that are worth looking into.
One thing that hasn't changed greatly is the FreeBSD installation process. It's still the same no-frills menu-based installer that FreeBSD has used for some time. (Slackware Linux users will find it quite familiar.) We downloaded the FreeBSD 6 ISOs (though it turned out we only needed disc 1 for the install) and installed FreeBSD in about 20 minutes on a 1.6 GHz Celeron laptop with 512 MB of RAM. For the most part, there's not a great deal of difference from the user's perspective with this release.
Most of the packages included with FreeBSD 6 Beta1, or its Ports tree, are the same versions as what you'd find in FreeBSD 5.4. DistroWatch has a table listing the versions of the most popular open source packages found in FreeBSD 6 and earlier versions. A quick glance shows that the FreeBSD 6 Beta1 doesn't vary a great deal from FreeBSD Stable or the FreeBSD 5.4 release.
There have been a fair number of changes behind the scenes, however. As the release announcement points out, there are improvements to the UFS/VFS filesystem layer, improvements to ACPI power management and other goodies. The ACPI features may still need a little improvement, however. We noted that using acpiconf on the test Toshiba laptop resulted in a power-down of the system rather than just putting it to sleep. Of course, the issue may lie with Toshiba's ACPI implementation rather any problem with the FreeBSD code.
Wireless users may be happy to know that there are a number of changes to the wlan framework, which includes support for Wi-Fi Protected Access (WPA). There is also increased support for wireless chipsets in FreeBSD 6.
The cross-pollination between BSDs continues in this release. This release includes OpenBSD's dhclient. Brooks Davis announced the switch in June, and noted that this provides privilege separation and support for WPA.
One feature that isn't in FreeBSD 6, at least not yet, is UFS Journaling. It is, however one of the Summer of Code projects sponsored by Google. FreeBSD developer Scott Long says that it should be ready for FreeBSD 7, and possibly available as a patch for later 6.x releases. If FreeBSD 7 sounds too distant, it's worth noting that the FreeBSD project is already working on FreeBSD 7.
The open issues page lists a few show stoppers and other open issues that must be corrected for FreeBSD 6.0. The release schedule calls for 6.0-RELEASE sometime in mid-August.
For those using FreeBSD 5.x, there is still development there as well. Scott Long writes that there will be a 5.5 release in the fall and quite possibly a 5.6 release after that. According to Long, the 5.x series will continue to be supported until at least late 2007, so there's still plenty of life left in the 5.x series. Long also says that users should feel comfortable deploying FreeBSD 5.x and FreeBSD 6.x side-by-side.
Users who are thinking about upgrading to FreeBSD 6.0 directly from a FreeBSD 5.4 install, might find this post by Dru Lavigne useful. From our limited testing of FreeBSD 6.0 Beta1, it looks to be fairly stable and nearly ready for production use.
FreeBSD 6.0 Beta1 is available for x86, AMD64, Alpha, and IA64. Users who want the PowerPC version, however, may need to wait as there are some issues with the release on PowerPC.
There are, of course, far too many changes to cover here. Interested users should read through the release notes to see all of the changes in this release. Overall, it looks like FreeBSD 6 is shaping up to be a very solid OS.
Distribution News
The Fedora BugZappers Triage Team launched
The Fedora Project has launched the Fedora BugZappers Triage Team. "The BugZappers are the official triage team of the Fedora Project. The main goal of the team is to triage, or do a first pass, of bugs in Bugzilla and ensure that a number of parameters are satisfactorily met. Basically what that means is that the BugZappers will go through bugs as they come in and try and make sure the bugs are valid (i.e. not a duplicate), sane and contain enough information to be escalated to developers."
Debian GNU/Linux news
The release team is seeking new release assistants. "the development cycle for etch just started off. We would like to bring new people into the loop for etch now to better distribute the workload, and look out for new release assistants."
Bits from the Debian GNU/Hurd porters
provides a status update for the Debian GNU/Hurd port. "While the
port was limping along for a couple of years, it has picked up speed again.
The current state is still far from being on par with Debian's established
Linux ports, but it is mostly up to date and reasonably usable.
"
Version tracking has been added to bug tracking
system. "A frequently requested feature for the bug tracking
system in recent years has been the ability to track which bugs apply to
which distributions, so that, eg, maintainers and others can tell which
bugs that have been fixed in unstable still apply to packages in testing or
stable. This has now been implemented.
"
Joachim Breitner has announced the formation of the Utnubu team and a a newly formatted repository of Ubuntu patches.
The Quality Assurance group is holding a Debian-QA-MiniConf at the Technical University of Darmstadt, Germany, from September 9 - 11, 2005.
Here are some reminders on the procedure for
updating a lib package for a C++ ABI change. "Also, for those
who aren't aware, the new xorg packages now in unstable are also implicated
in the C++ transition, because libGLU is implemented in C++. Particularly
if you have packages that are involved in other transitions that are
happening right now, it may not necessarily be a good idea to rebuild
against xorg just yet unless you're already part of the C++
transition.
"
Distribution Newsletters
Fedora Weekly News
The fifth issue of the Fedora Weekly News has articles such as 'Join Fedora at LinuxWorld in San Francisco', 'Regarding Recent Kernel Update on FC4', 'ATrpms for FC4/i386 and FC4/x86_64', 'Creating a Fedora Core 4 LiveCD', 'Thomas Guide: RealPlayer', 'Review: Fedora Core 4', 'Firefox 1.0.5 Released', 'FUDCon in London?' and more.Gentoo Weekly Newsletter
The Gentoo Weekly Newsletter for the week of July 18, 2005 is out. This issue covers the possibility that the Gentoo kernel maintainers will discontinue the gentoo-sources-2.4 kernel series, new hardware donations, an IA64 LiveCD is planned to be released with Gentoo 2005.1, a bugzilla upgrade, developer of the week Sven Wegener, and several other topics.
Package updates
Fedora Core updates
Fedora Core 4 updates: openssh-4.1p1-3.1 (upgrade to 4.1p1 for bug fixes), pam-0.79-9.1 (fix a regression in XAUTHORITY handling), logwatch-6.1.2-1.fc4 (upgrade to 6.1.2 for bug fixes), kernel-2.6.12-1.1398_FC4 (include a number of patches likely to show up in 2.6.12.3), system-config-bind-4.0.0-18_FC4 (bug fixes), selinux-policy-targeted-1.25.2-4 (bug fixes and isakmp port added), system-config-bind-4.0.0-19_FC4 (no info), java-1.4.2-gcj-compat-1.4.2.0-40jpp_31rh.FC4.1 (cope with impending libgcj and eclipse-ecj updates), diskdumputils-1.1.7-4 (update source package to 1.1.7), radvd-0.8-1.FC4 (upgrade to upstream version 0.8), bind-9.3.1-8.FC4 (fix named.init script bugs), radvd-0.8-2.FC4 (no info), freeradius-1.0.4-1.FC4.1 (fix missing ldap plugin).Fedora Core 3 updates: octave-2.1.57-7.fc3 (fix several bugs and dependencies), kernel-2.6.12-1.1372_FC3 (include some patches likely to show up in 2.6.12.3), system-config-bind-4.0.0-18 (bug fixes), system-config-bind-4.0.0-19 (no info), diskdumputils-1.1.7-3 (update source package to 1.1.7), radvd-0.8-1.FC3 (upgrade to upstream version 0.8), bind-9.2.5-3 (fix named.init script bugs), radvd-0.8-2.FC3 (no info).
Slackware updates
Slackware has new GCC 3.4.4 packages in testing, along with some Linux 2.6.12.2 kernel packages, and more. See the slackware-current changelog for complete details.Trustix TSL-2005-0035 - multi
Trustix Secure Linux has a bug fix advisory for cyrus-imapd, glibc, samba, sqlgrey, squid and tcpdump.
Distribution reviews
Review: Fedora Core 4 (NewsForge)
Here's a review of Fedora Core 4, on NewsForge. "Fedora Core 4 gets low marks for multimedia. I encountered an overwhelming number of bugs in this area. There is no support for proprietary formats such as Windows Media, DVD, and MP3, though having used past Red Hat/Fedora releases, I would expect nothing more. Previously, enabling these multimedia types was not a hard task, but this time, it's daunting."
Reviewer heaps praise on SuSE Linux 9.3 Pro (Desktop Linux)
Desktop Linux has a review of SuSE Linux 9.3 Pro. "[This] is a distribution for someone who wants to push the limits of what you can do with a Linux desktop today. In short, if you're a developer, a power user's power user, or someone who needs to see what 2006's corporate Linux desktop is going to look like, this is the distribution for you."
Run GNU/Linux from a USB pen drive (NewsForge)
NewsForge reviews the Slax distribution, which can be installed on a USB pen drive. "Slax is a powerful and complete bootable distro based on Slackware, equipped with kernel 2.6, ALSA sound drivers, Wi-Fi card support, X11-6.8.2 with support for many GFX cards and wheel mice, and KDE 3.4. Slax uses the Unification File System (also known as unionfs), which enables you to write whatever you want into the pen drive. Bundled software includes KDE, the KOffice office suite, GAIM for chat, the Thunderbird email client, and the Firefox Web browser."
Page editor: Rebecca Sobol
Development
Visualize Chemistry with GAMGI
GAMGI, the General Atomistic Modelling Graphic Interface, is a tool for visualizing atomic structures. The project is supported by the Instituto Superior Técnico in Lisbon, Portugal, and is being developed by José Carlos Pereira and others. The software has been released under the GPL, BSD, and GFDL licenses.![[GAMGI]](https://static.lwn.net/images/ns/gamgi1.png)
The project's scientific goals state:
![[GAMGI]](https://static.lwn.net/images/ns/gamgi2.png)
GAMGI can plot the following list of objects:
"Text, Orbital, Bond, Atom, Direction, Plane, Group, Molecule, Cluster, Cell, Arrow, Shape, Graph, Assembly, Light, Layer and Window.
"
The GAMGI screen shots give a view of the user interface as well as a wide variety of chemical plots performed by GAMGI.
The
technical mission discusses the GAMGI design philosophy and covers some
of the system requirements and dependencies:
"A really useful package must be easy to obtain, to compile, to use and to change, giving users and developers as much control as possible.
"
Version 0.11.2 of GAMGI was released this week, changes include:
"Crystallographic planes can now be represented by polygons, for all volumes, with minor restrictions. The Cell orientation in a Spherical volume is now the same as for Conventional, Primitive, Wigner-Seitz cell volumes.
"
The change log file has more details and previews some upcoming features.
The GAMGI source code and packages for Debian and SUSE are available here.
System Applications
Libraries
libannodex 0.7.1 Release
Version 0.7.1 of libannodex, a library which provides an interface for reading and writing Annodex media, is available. Changes include a new anx_importer_find() API call and more.libfishsound 0.7.0 Released
Version 0.7.0 of libfishsound, a library with utilities for decoding and encoding the Vorbis and Speex audio formats, is out. Changes include several backported features from the development trunk.
Web Site Development
FCKeditor 2.0 released (SourceForge)
Version 2.0 of FCKeditor, an online DHTML text editor, has been announced. "It's XHTML compliant and works with Firefox, Mozilla, Netscape and IE. After a long and delicate development path, this is the final release of version 2.0. Now the editor is even more stable. Lots of key bugs have been fixed and a few and exiting new features has been added like native Flash support."
Five 1.1b released
Version 1.1b of Five, a Zope 2 product that allows you to integrate Zope 3 technologies into Zope 2, has been announced. Changes include Zope 3-style i18n, Zope 3 to Zope 2 interface bridging, and more standard ZCML directives.MediaWiki 1.4.7 released (SourceForge)
Version 1.4.7 of MediaWiki, the collaborative editing software that runs the Wikipedia online encyclopedia, is available with bug fixes.Midgard 1.7rc2 released
Version 1.7 rc 2 of Midgard, a web content management system, is out with several new features.Wicket 1.0.1 released (SourceForge)
Version 1.0.1 of Wicket is out with bug fixes and other improvements. "Wicket is a Java web application framework that takes simplicity, separation of concerns and ease of development to a whole new level. Wicket pages can be mocked up, previewed and later revised using standard WYSIWYG HTML design tools. Dynamic content processing and form handling is all handled in Java code using a first-class component model backed by POJO data beans that can easily be persisted using your favourite technology."
Desktop Applications
Audio Applications
gtkpod V0.94.0 Released (SourceForge)
Version 0.94.0 of gtkpod, a graphical front-end for the iPod that uses GTK2, is available. "New features include the stable sorting of displayed tracks (click several headers in order and have the view sorted accordingly) and the sort-ignore-lists (ignore the 'the' at the start of albums...). If you speak Hebrew, you will probably welcome the new Hebrew translation catalog. More important for some users may be the support for iTunes 4.9 and firmware 3.1 released by Apple at the end of last month. Podcasts are still not supported, however."
iPodder 2.0 for linux released (SourceForge)
Version 2.0 of iPodder has been announced. "iPodder is a media aggregator which automatically downloads files to your computer or portable device, leaving you 'one-click-away' from latest media feeds. Based on the iPodder idea of Adam Curry. Thanks to much effort by Scott Grayban, the iPodder "Lemon Edition" team is pleased to announce the release of iPodder 2.0 for Linux." See the release notes for change information.
QjackCtl 0.2.18 released
Version 0.2.18 of QjackCtl, a GUI control interface to the Jack Audio Connection Kit (JACK) is out with bug fixes.
CAD
BRL-CAD 7.4.0 released (SourceForge)
Version 7.4.0 of BRL-CAD, a constructive geometry solid modeling system, has been announced. "This release of BRL-CAD includes, among many new and improved features, the following enhancements since the last announcement (7.4.0 and 7.2.6 enhancements): the addition of an impressive high-performance triangle path-tracer, a completely rewritten rtarea tool for computing exposed and presented surface areas, benchmark suite enhancements, installation of a benchmark tool, and the inclusion of example geometry in the installation."
Data Visualization
PyX 0.8 released
Version 0.8 of the Python graphics package PyX is available. "PyX now supports PDF output and also the generation of multi-page PS/PDF documents. The internals of the path system have been cleaned up and the external interface has been streamlined. The axis data handling of the graph component has undergone a major revision. Many other improvements and bug fixes are included in this release."
Desktop Environments
GNOME 2.11.5 Development Release
Development Release 2.11.5 of the GNOME desktop is available for testing. "This is the first actual 2.11 release, (and it's late. The release team apologizes), though garnome and ubuntu breezy (without GTK+ 2.7) have been shipping previous versions. So it's even more important now that people test this as much as possible."
GNOME Software Announcements
The following new GNOME software has been announced this week:- duty-roaster 0.0.79.94 (new features and bug fixes)
- Epiphany 1.7.2 (new features and bug fixes)
- Evolution 2.3.5 (new features and bug fixes)
- GARNOME Weekly Build 20050714.1730 (bug fixes and other improvements)
- GARNOME Weekly Build 20050715.1850 (bug fixes)
- GARNOME 2.11.5 (new features)
- gcalctool v5.6.24 (bug fixes and translation work)
- GLib 2.7.3 (unstable development release)
- gnome-games 2.10.2 (bug fixes and translation work)
- gnome-games 2.11.2 (feature-freeze release)
- GnomePython 2.11.3 (bug fixes)
- gnome-utils 2.11.2 (bug fixes and translation work)
- GTK+ 2.7.3 (unstable development release)
- libgda/libgnomedb 1.3.4 (bug fixes and translation work)
- Marlin 0.8 (new features and bug fixes)
- Marlin 0.9 (build fixes)
- Mergeant 0.61 (dependency changes)
- OnTV 1.2 (new features and translation work)
- Zenity 2.11.1 (code cleanup and translation work)
KDE Software Announcements
The following new KDE software has been announced this week:- KDbg 2.0.0 (stable release, new features)
This Month in SVN (KDE.News)
KDE.News has announced the July 2005 edition of This Month in SVN. "New features include recursive functions in KTurtle, asthetic enhancements in Kalzium, the eye-candy that is SuperKaramba and Konqueror's improved search box."
Desktop Publishing
LyX 1.3.6 is released
Version 1.3.6 of LyX, a GUI front-end for the TeX typesetting application, is out with bug fixes and newly added native support for Windows.Scribus 1.3.0 released
Scribus 1.3.0 has been released. This version is called a "technology preview," but is said to be "stable and usable." Enhancements include a new undo system, table-of-contents generation, a "pre-flight verifier" for printing and PDF exports, facing page support, ports to your favorite proprietary platform, and more; click below for the full announcement.
Electronics
Signs version 0.5.0 released
Version 0.5.0 of Signs is available. "Signs is a logic synthesis tool and gate level simulator for circuit descriptions in VHDL and other hardware description languages. Besides that, Signs contains modern fault simulators and automatic test pattern generators for computer aided testing of integrated circuits."
XCircuit 3.3.25 released
Version 3.3.25 of XCircuit, an electronic schematic drawing package, is out. This release adds patches from the SourceForge repository.
Financial Applications
SQL_Ledger version 2.4.14 is out
Version 2.4.14 of SQL_Ledger, a web-based accounting system is out. Changes include new keyboard access keys for POS, new focus capabilities, bug fixes, and more.
Games
Auctioneer 3.0.10 has been released (SourceForge)
Version 3.0.10 of the game Auctioneer has been announced, it features bug fixes and performance improvements. "Auctioneer is an interface addon to the World of Warcraft (TM) game. Auctioneer enhances the WoW interface by adding additional information to the tooltips in the game that allow you to see additional information on the value of items in the game."
Pioneers 0.9 released (SourceForge)
Version 0.9 of Pioneers is available. "Pioneers is a clone of the board game The Settlers of Catan. The new version includes a map editor, a stronger computer player and new maps."
The return of PyGame
The PyGame (Python Game) project has re-emerged. There are several new games available, a PyWeek Game Programming Challenge, and more.
Mail Clients
Mozilla Thunderbird 1.0.5 Released (MozillaZine)
Version 1.0.5 of the Mozilla Thunderbird email client has been announced. "This latest release is a minor update to the standalone mail and news program that fixes some security issues and improves stability. It is recommended for all 1.0.x users as an essential upgrade and can be downloaded from the Thunderbird product page or the 1.0.5 directory on ftp.mozilla.org."
Mozilla Thunderbird 1.0.6 Released (MozillaZine)
Version 1.0.6 of the Mozilla Thunderbird email client has been announced. "This latest version should resolve the extension problems that were accidentally introduced in Thunderbird 1.0.5. In particular, the popular Enigmail PGP add-on should now work correctly."
Mozilla Thunderbird 1.1 Alpha 2 Released (MozillaZine)
The Alpha 2 release of Mozilla Thunderbird, an email client, is available for testing. "Alpha 2 contains many bug fixes and improvements to the new features which were introduced in the first alpha including the ability to create message filter actions for forwarding and replying (with a template), exporting RSS feeds, handling .eml files, and a new software update system (currently disabled)."
Music Applications
E-Radium V0.61b
Version 0.61b of E-Radium, a midi music editor that runs under the E-Uae Amiga emulator, is out. "This version of E-Uae is a hacked version of 0.28cvs, which runs with realtime priority to get accurate timing and supports alsa-seq to access midi. It does not hog the cpu as much as e-uae does either so it can be used together with various sound synthesis software running simultaniously in linux."
NoteEdit 2.8.0 Final released
Version 2.8.0 Final of NoteEdit, a music score editor, is available. "The NoteEdit team is glad to announce the first major-version since its new beginning!" A long list of changes is included.
Office Suites
OpenOffice.org 1.1.5 Release Candidate Is Here
The first release candidate of OpenOffice.org 1.1.5 is available for testing. "What's important about 1.1.5rc? It includes numerous bug fixes but just as important includes a filter for OpenDocument files, which is the type that OpenOffice.org 2.0 and the 1.9.x releases create."
OpenOffice.org build 1.9.116 is out
Build 1.9.116 of OpenOffice.org has been released. Numerous changes are included, click below for the details.
Web Browsers
Firefox 1.0.6 Candidate Builds Available (MozillaZine)
MozillaZine has announced the availability of Firefox 1.0.6 candidate builds. "Marcia Knous writes: "The Mozilla Quality Assurance team is requesting help from the community to test the 1.0.6 builds. Please visit the post in the QA blog to get more information regarding the testing.""
Mozilla Firefox 1.0.6 Released (MozillaZine)
MozillaZine has an announcement for the release of Mozilla Firefox 1.0.6. "As we reported previously, API changes in last week's Firefox 1.0.5 broke some extensions. This version should resolve the problems."
Mozilla 1.7.9 Release Candidates Available (MozillaZine)
MozillaZine has announced the availability of Mozilla 1.7.9 release candidates. "Mozilla 1.7.9 is a minor update to the Mozilla Application Suite with fixes for some security issues."
Minutes of the mozilla.org Staff Meeting (MozillaZine)
The minutes from the July 11, 2005 Mozilla.org staff meeting have been announced. "Issues discussed include Mozilla Firefox 1.0.5, Deer Park Alpha 2, the new application update system, 1.1 Beta 1 planning, server transitions, international domain names (IDN), hiring new employees and the news server."
Languages and Tools
C
GCC 4.1 stage 2 has been closed
Stage 2 of the Gnu Compiler Collection version 4.1 has been closed. "The following projects were contributed during stage 1 and stage 2: New C Parser, LibAda GNATTools Branch, Code Sinking, Improved phi-opt, Structure Aliasing, Autovectorization Enhancements, Hot and Cold Partitioning, SMS Improvements, Integrated Immediate Uses, Tree Optimizer Cleanups, Variable-argument Optimization, Redesigned VEC API, IPA Infrastructure, Altivec Rewrite Warning Message Control, New SSA Operand Cache Implementation, Safe Builtins, Reimplementation of IBM Pro Police Stack Detector, New DECL hierarchy."
Caml
Caml Weekly News
The July 19, 2005 edition of the Caml Weekly News is online with new Caml language articles. Topics include: pftdbns 0.2.6, AS/Xcaml status, Pattern Matching Papers, OMake 0.9.6 and Idea for another type safe PostgreSQL interface.
Java
GNU Classpath 0.17 released
Developer snapshot version 0.17 of GNU Classpath, a set of free essential libraries for java, is out. "This is mainly a bug fix release for issues found with eclipse 3.1 and Free Swing applications just after our 0.16 release. But it also includes some exciting new features."
Taking JUnit Out of the Box (O'ReillyNet)
Amir Shevat looks at JUnit in an O'Reilly article. "There are many tools designed to help up test, analyze, and debug programs. One of the most well-known tools is JUnit, a framework that helps software and QA engineers test units of code. Almost everyone that encounters JUnit has a strong feeling about it: either they like it or they don't. One of the main complaints about JUnit is that it lacks the ability to test complex scenarios."
Perl
This Week in Perl 6 (O'Reilly)
The July 14, 2005 edition of This Week in Perl 6 is out with the latest Perl 6 language news.
PHP
PHP 5.1 Beta 3 Available
Version 5.1 Beta 3 of PHP has been announced. New features include the addition of PHP Data Objects, better language performance, version 5.0 of the PCRE extension, bug fixes, and more.PHP Weekly Summary for July 11, 2005
The PHP Weekly Summary for July 11, 2005 is out. Topics include: Reference counting bug in libxml2; namespace proposal; date/timezone classes; signal blocking proposal; gone to Siberia; column length in PDO_MYSQL; a mad week in CVS; and safemode permissions patch.PHP Weekly Summary for July 18, 2005
The PHP Weekly Summary for July 18, 2005 is out. Topics include: Date/timezone classes (continued); PHP 4.4.0 released; PHP 4.0 escaped; struct ordering?; PHP-GTK 1.0.2 released; politics and the BC break in PHP 4.4; PHP 5.1.0 beta 3 released; dropping support for Win 98/NT/ME?; Ilia's week; and another safemode patch.
Python
Dr. Dobb's Python-URL!
The July 13, 2005 edition of Dr. Dobb's Python-URL! is online with lots of new articles about the Python language.Dr. Dobb's Python-URL!
The July 20, 2005 edition of Dr. Dobb's Python-URL! is online with the latest Python language articles.
XML
DocBook XSL 1.69.0 released (SourceForge)
Version 1.69.0 of DocBook XSL has been released. "The release includes major feature changes, particularly in the manpages stylesheets, as well as a large number of bug fixes. This project is the home for the DocBook XSLT stylesheets and DSSSL stylesheets and more."
Version Control
monotone 0.21 released
Version 0.21 of monotone, a version control system, is available. Changes include several new command line options, new capabilities and bug fixes.
Miscellaneous
Algol 68 Genie Mark 8 released
The Mark 8 release of the Algol 68 Genie interpreter is available. Changes include new networking procedures, a number of new keywords, and more.
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Firefox marketing site hacked (News.com)
News.com reports that the SpreadFirefox.com site was compromised. "The exploited flaw was a vulnerability in PHP, the language in which Drupal, the content management system that Spread Firefox uses, is written."
Linux in Government: Outside the US, People Get It (Linux Journal)
Linux Journal looks at the spread of Linux around the world. "Interestingly, the US government appears to favor a company it deemed a monopoly over Linux and open-source software. While technically educated Linux and open-source work forces have grown in Germany, China, Brazil, India and Hungary since 2001, the US government has done nothing to keep pace with the rest of the world. Only a decade ago, the US held a technological edge over Europe and Asia in all areas of IT. Today, the once burgeoning IT industry in the US has given way to its competitors, especially China and India."
Trade Shows and Conferences
O'Reilly Where 2.0 Conference Wrap-Up
O'Reilly has released a Where 2.0 Conference Wrap-Up. "Where 2.0, a new O'Reilly conference that took place June 29-30 in San Francisco, honed in on the new tech sector coalescing around these location-related technologies that promise to transform and personalize the way we all engage the Web and the world around us."
The SCO Problem
The Michael Davidson Email - SCO v. IBM (Groklaw)
Here's a fun one: Groklaw has a message from Michael Davidson, thanks to the unsealing of various exhibits in SCO v. IBM. This message, from 2002 (i.e. before the suit was filed), summarizes his attempt to find copyright infringements in Linux; it was sent to Reg Broughton, and thence to Darl McBride. "The hope was that we would find a 'smoking gun' somwhere in code that was being used by Red Hat and/or the other Linux companies that would give us some leverage.... At the end, we had found absolutely *nothing*. ie no evidence of any copyright infringement whatsoever." SCO decided to sue anyway.
The Davidson Email, Red Hat, and the Lanham Act (Groklaw)
Groklaw takes a look at Red Hat and the Lanham Act. "Let's go back and take a look at what Red Hat is claiming in its lawsuit against The SCO Group. I think it will help you to understand why SCO is trying to spin, spin, spin so hard and what they are probably really afraid of. At least, I'd be scared, if I were them."
Sandeep Gupta's Redacted Declaration of July 2004 (Groklaw)
Groklaw examines the recently unsealed Redacted Declaration in Support of SCO's Opposition to IBM's Cross-Motion for Partial Summary Judgment by Sandeep Gupta. "It's quite a perfomance by Mr. Gupta. So much is redacted, it's hard for us to know what he said in detail, but Dr. Brian Kernighan, IBM's expert, did get to read it all, and he answers Mr. Gupta point-by-point in scathing terms in the recently unsealed Declaration of Brian W. Kernighan. In fact, unless I have misunderstood, he as much as says that Mr. Gupta improperly (may I even conclude he implies dishonestly or is it just incompetence being alleged?) cobbled bits and pieces of code from all over the place to make it look like a block of similar code".
Companies
HP to announce restructuring Tuesday (News.com)
News.com reports that HP has announced restructuring and job cuts. "[CEO Mark] Hurd is expected to announce sweeping cuts to HP's workforce as part of a plan to bring the company's costs more in line with its competitors. About 15,000 employees could lose their jobs, with HP's IT, sales and service divisions among the areas particularly hard hit, according to a source close to the company."
Intel to cut Linux out of the content market (Inquirer)
Over the years, your editor has seen several "platform X will lock Linux out of the market" stories. Here's the latest installment: a lengthy Inquirer article on how Intel is handing the digital video market to Microsoft. "The vehicle to do this is called East Fork, the upcoming and regrettable Intel digital media 'platform'. The funny part is that the scheme is already a failure, but it will hurt you as it thrashes before it dies. Be afraid, be very afraid."
Sun to open-source single sign-on code (News.com)
News.com looks at Sun's plans to release parts of its Java Access Manager single sign-on product as open-source code. "Web single sign-on makes it easier for users to log into multiple Web applications with one set of credentials and simplifies password management for organizations. The code Sun is releasing is meant to enable single sign-on only inside a single organization; it does not support federation across organizations."
Linux Adoption
Schools ink deal for open source (Stuff)
A New Zealand publication called Stuff looks at the use of Novell/SUSE Linux by the New Zealand Education Ministry. "The Education Ministry has signed an 18-month software licensing deal with Novell New Zealand, the ministry's first deal to provide open source software to schools. It includes Novell's SUSE distribution of the Linux desktop operating system. The Novell deals lets schools buy software for the same cost as Microsoft products, about $99 per product per server for a year-long licence. The ministry's senior ICT consultant, Douglas Harre, says it is meant to equalise prices of Microsoft and Novell products."
Linux at Work
Linux trounces Windows Mobile in smartphone shipments (Linux Devices)
Linux Devices looks into the rise of Linux in the mobile phone market. "Embedded Linux powered 14 percent of smartphones shipped worldwide in Q1 of 2005, up 412 percent from 3.4 percent in Q1-04, according to Gartner. Windows Mobile Smartphone shipments also grew, rising 50 percent from a 2.9 share in 1Q-04 to 4.5 percent in 1Q-05, Gartner says."
Legal
Grokking Grokster (O'ReillyNet)
Quinn Norton analyzes the MGM v. Grokster case on O'Reilly. "Fred Von Lohmann of the EFF, who represented Grokster in district and circuit court, pointed out that Sony also openly advertised dubious uses of its Betamax, some of which were ruled a fair use, like time shifting. But "Librarying [building up a library of aired works for repeat viewing] was never ruled a fair use." So, what makes Sony OK and Grokster not?"
Interviews
Interview: Greg Wallace on the future of embedded Linux (NewsForge)
NewsForge talks to Emu Software's Greg Wallace about the C3 Expo panel on embedded Linux. "I think that this market is really exploding in complexity, size, and in innovation. Embedded Linux intelligence is making its way into devices as diverse as network equipment to digital cameras. I think the entrepreneurs, developers and investors that gain an understanding of what is driving this market will be extremely well positioned to gain from its growth."
Mozilla: From obscurity to opportunity (ZDNet UK)
ZDNet UK has published a set of articles and interviews about the Mozilla foundation. "The non-profit Mozilla foundation has gone from zero to hero over the last two years thanks to the increasing popularity of the Firefox browser ZDNet UK visited the company's HQ in Mountain View, California, to find out how a small band of open source enthusiasts have started to challenge Microsoft's hold on the browser market." (Found on MozillaZine.)
Resources
What New Users Need to Know About OpenOffice.org (Linux Journal)
Linux Journal's Bruce Byfield looks at some pitfalls that new users of OpenOffice.org are likely to encounter. "The question is worth asking. Any large piece of software has its own ways of doing things, and OpenOffice.org is no exception. In fact, because of its history and its design assumption that users are at least as interested in designing documents as in writing them, OpenOffice.org needs more orientation than most. OOo is not difficult to learn, but if you approach it expecting it to behave exactly like another office suite, especially MS Office, you are setting yourself up for frustration."
At the Sounding Edge: FreeWheeling (Linux Journal)
Dave Phillips plays with audio looping software for the Linux Journal. "I'm often asked whether Linux audio software includes anything similar to Acid. I freely confess that Linux audio development has yet to come up with an Acid competitor, although Ardour might be warped into service. However, Linux-based musicians do have access to some impressive loop-based music software, and so we come at last to FreeWheeling."
Linux Audio Musings
Dave Phillips has updated his Linux audio musings column for July/August 2005. Take a look to see what's new in the world of audio software.Creating a community Linux event (NewsForge)
Matthew Revell discusses the process of organizing a community Linux event in a NewsForge article. "My fellow LugRadio presenters and I decided that we'd try to fill the gap for a U.K. community-oriented Linux event. Last month, roughly 250 open source fans attended LugRadio Live, a mix of talks, exhibition, LAN gaming, paintball, beer, and curry. Central to our event was the idea that everyone is a member of the same community and so everyone should be able to come."
Reviews
Device Profile: Aeronix Zipit instant messenger appliance (Linux Devices)
Linux Devices reviews the Aeronix Zipit, an inexpensive instant messenger appliance that runs an embedded Linux operating system. "The Zipit is marketed under brandnames that include ZipitWireless and K-Byte, and is currently available at Target and TigerDirect, priced at $99, in colors that include white, silver, blue, red, and pink. It includes an 802.11b WiFi radio, 16-color greyscale LCD with QVGA (320x240) resolution, and a thumb keyboard with rubber buttons. Also included is a stereo DAC (digital audio converter) connected to a speaker and headphone jack."
Miscellaneous
OSDL's Linux Initiatives (O'ReillyNet)
There is a rather uncritical article on O'ReillyNet describing OSDL's specification efforts. "The intent of the group is to create a list of the capabilities that a desktop system must have to successfully address each of the usage models. Once the group understands and clearly documents the required capabilities, it then becomes possible to identify key inhibitors that are preventing successful adoption, as well as specific technologies that either are not present or have some deficiencies when applied to enterprise environments. Working with Linux distributors and existing open source development communities, and, if necessary, creating new development communities by way of OSDL SIGs, the group hopes to accelerate Linux development in the specific areas that will facilitate its adoption on the enterprise desktop."
Coding misstep forces new Firefox release (News.com)
News.com follows the story behind recent and upcoming releases of Mozilla Firefox and Thunderbird. "The open-source Firefox browser and Thunderbird e-mail client will be updated for the second time in a week because of code changes that have unintentionally stopped some third-party extensions from functioning correctly. The updates will take Firefox and Thunderbird to version 1.0.6, while the Mozilla Suite will be updated to version 1.7.10 ..."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
Bluescreen welcomes Jettisoned / Old / Unused PCs
Tuomas Santakallio represents a company called Bluescreen, a student project that aims to create solutions on Debian for educational and SME environments. "In practice, we export refurbished PCs installed with Debian or Ubuntu into Kenya, where the PCs will be used in schools, churches, healthcare centres, libraries, internet cafés, etc. Some computers are bought for private use."
The Gimp needs more friends
An effort is underway to increase the public awareness of the Gimp, a full-featured image manipulation application. "There is a simple solution to end the deep unawareness of the Gimp. The Gimp needs more advertising to gain more users, developers and professional friends. The Gimp needs something like "spread firefox" or "get firefox", but in the more intelligent way."
IDABC unveils draft software licence
IDABC has announced the unveiling of a new draft software licence. "At the annual LinuxTag fair and conference, IDABC presented a draft version of a software license that it hopes will encourage public administrations to release software applications developed by them. The proposal, which has been given the working title EU public licence (EUPL), was written on behalf of IDABC by the University of Namur following an in-depth study on existing licenses."
Rafael Ebron New Head of Mozilla Update (MozillaZine)
MozillaZine has announced the new head of the Mozilla Update project, Rafael Ebron. "Rafael's appointment comes after concerns from long-time Mozilla Update contributor Alan J Star that development of Mozilla Update is progressing too slowly and that there's not enough detailed planning for Mozilla Update 2.0, a complete rewrite of the site."
RWJ Foundation: Information Links Grants (LinuxMedNews)
LinuxMedNews looks into a grant program from the Robert Wood Johnson Foundation for: Connecting Public Health with Health Information Exchanges.
Commercial announcements
ActiveGrid Closes $10 Million in Series B Financing
ActiveGrid, Inc. has announced that it has closed a $10 million Series B round in financing, led by Worldview Technology Partners. "ActiveGrid plans to use the funds to accelerate and extend the development of its Enterprise LAMP product offering to leverage the growing popularity of the LAMP (Linux, Apache, MySQL, PHP/Python/Perl) software stack. Irwin Gross, general partner of Worldview Technology Partners, will join the company's board of directors."
Mandriva settles Hearst litigation
Mandriva (formerly Mandrakesoft) has settled the litigation it had with Hearst Publications and Kingfisher Syndicate. This litigation concerned the "Mandrake The Magician" character and had being going on since 2000.Mandriva Certifies BitDefender Linux Security Solutions
BitDefender Linux Security Solutions has announced its certification by the Mandriva Linux distribution. "Mandriva Linux distribution developers issued BitDefender security vendors with certificates stating full compatibility between BitDefender for Samba Linux File Servers, BitDefender Mail Protection for Small Business and Mandriva Linux Corporate Server 3.0."
Open-Xchange Inc. Bundles Novell's SUSE LINUX Enterprise Server
Open-Xchange Inc. has announced an agreement with Novell to bundle SUSE Linux Enterprise Server with its Open-Xchange (OX) Server. "Open-Xchange also enters Novell's Technology Partner Program and will receive selling, marketing and development support."
Open-Xchange Announces Agreement With Red Hat
Open-Xchange Inc. has announced a software partner agreement with Red Hat. "According to the agreement, Open-Xchange Server is now certified for the Red Hat Enterprise Server and Red Hat Application Server platform. Red Hat will provide Open-Xchange Inc. with open source technology and services as part of the Software Partner Agreement for distribution with Open-Xchange products. Open-Xchange Inc. will offer bundles for new customers and upgrade bundles for customers who want to migrate from SUSE LINUX Openexchange Server to the Red Hat platform."
Rackspace Taps Novell to Manage Multiple Linux Operating Systems in Enterprise Hosting Environment
Novell, Inc. has announced that Rackspace Managed Hosting has selected Novell(R) ZENworks(R) Linux Management software to administer its new enterprise Linux* hosting solution. "Additionally, with the launch of Rackspace Red Label*, the company now offers its enterprise hosting solution on SUSE LINUX Enterprise Server, among other Linux distributions."
Bill Joy Joins SpikeSource Board of Directors
SpikeSource has announced the appointment of Bill Joy to its board of directors. "Bill Joy has joined the company's board of directors and that it has hired two new executives to oversee core business areas. Joaquin Ruiz has joined as vice president of product marketing and Anders Tjernlund as vice president of support services."
New Books
Perl Best Practices - O'Reilly's Latest Release
O'Reilly has published the book Perl Best Practices by Damian Conway.Prentice Hall publishes "A Pratical Guide to Linux Commands, Editors, and Shell Programming"
Prentice Hall has published A Pratical Guide to Linux Commands, Editors, and Shell Programming by Mark Sobell.
Resources
July 14 EDRI-gram newsletter
The EDRI-gram newsletter for July 14 is out, with the usual collection of news items on digital rights issues in Europe. The second piece - on a new European Commission proposal which would turn many "intellectual property rights" violations in to criminal offenses with a four-year prison term - is especially worth a look. "As with the 2004 IPR directive, the definition of 'commercial scale' is highly ambivalent. It doesn't require financial benefit, profit, or motive.... Free/Open source software development could be seriously jeopardised as well as generic drug production, by strong-armed legal hassle in stead of civil proceedings."
Realtimepublishers Releases 'The Developer Shortcut Guide to SUSE LINUX'
Realtimepublishers has published the online book The Developer Shortcut Guide to SUSE LINUX by John Featherly. "Written for experienced developers who are looking to get a quick start on writing open source-based enterprise applications, this guide offers the most up-to-date information on the capabilities of SUSE LINUX as a development environment for enterprise .NET and Java applications."
Education and Certification
New POSIX Certification Addresses Predictability for Realtime
The Open Group and IEEE have announced a new POSIX certification program. "The certification is based on the criteria for bounded response times in Application Profile PSE54, which is part of the IEEE 1003.13(TM)-2003 standard, and complements the existing certification program for the base POSIX 1003.1(TM) standard."
Upcoming Events
Australian Open Source Developers' Conference
The 2nd Australian Open Source Developers' Conference will be held in Melbourne Australia on December 5-7, 2005. "OSDC is a great opportunity for open source devotees to attend an affordable conference where the main focus is software development. Companies and other organisations will find the conference an ideal avenue for providing professional development for staff, identifying trends and partners and promoting their services."
CFP: Open Source Developers Conference - Melbourne
The 2005 Open Source Developers Conference will be held in Melbourne, Australia on December 5-7. A call for papers has been issued.CFP: 1st European Conference on Computer Network Defence
The 1st European Conference on Computer Network Defence (EC2ND) will be held at the University of Glamorgan in Pontypridd, UK on December 15 and 16, 2005. A call for papers has been issued, materials are due by September 30.Registration Opens for the First O'Reilly EuroOSCON
Registration is open for the O'Reilly EuroOSCON, the event will take place in Amsterdam, The Netherlands on October 17-20, 2005.14th USENIX Security Symposium Announced
The USENIX Association has announced the 14th Annual USENIX Security Symposium. The event will take place in Baltimore, Maryland on July 31-August 5, 2005.Events: July 21 - September 15, 2005
| Date | Event | Location |
|---|---|---|
| July 21 - 23, 2005 | Ottawa Linux Symposium(OLS 2005) | Ottawa, Canada |
| July 21 - 22, 2005 | ApacheCon Europe 2005 | Stuttgart, Germany |
| July 21 - 22, 2005 | North American Plone Symposium | (The Astro Crowne Plaza)New Orleans, Louisiana |
| July 21 - 22, 2005 | PostgreSQL Bootcamp | (Big Nerd Ranch)Atlanta, GA |
| July 26, 2005 | 2nd European LISP and Scheme Workshop | Glasgow, Scotland |
| July 27 - 28, 2005 | Black Hat Briefings USA 2005 | Las Vegas, NV |
| July 29 - 31, 2005 | DefCon 13 | (Alexis Park)Las Vegas, Nevada |
| July 31 - August 4, 2005 | 2005 SIGGRAPH Computer Animation Festival | Los Angeles, CA |
| July 31 - August 5, 2005 | USENIX Security Symposium | Baltimore, MD |
| August 1 - 5, 2005 | O'Reilly Open Source Convention | (Oregon Convention Center)Portland, Oregon |
| August 1 - 5, 2005 | CIFS 2005 Conference and Plugfest | (Doubletree Hotel)San Jose, CA |
| August 4, 2005 | Penguincon 2005 | Israel |
| August 4 - 7, 2005 | Linux 2005 | (University of Wales)Swansea, UK |
| August 8 - 11, 2005 | LinuxWorld Conference and Expo | (Moscone Center)San Francisco, CA |
| August 20, 2005 | Free Audio and Video Event(FAVE) | (Trinity Community and Arts Centre)Bristol, UK |
| August 27 - September 4, 2005 | aKademy 2005 | (University of Málaga)Málaga Spain |
| August 31 - September 2, 2005 | YAPC::EU::2005 | (University of Minho)Braga, Portugal |
| September 1 - 2, 2005 | Symposium on Security for Asia Network(SyScAN'05) | (The Dusit Thani Hotel)Bangkok, Thailand |
| September 5 - 9, 2005 | International Computer Music Conference(ICMC 2005) | Barcelona, Spain |
| September 14 - 16, 2005 | php|works | (Holiday Inn Yorkdale)Toronto, Canada |
Mailing Lists
Ubuntu artwork
Ubuntu has set up a new Artwork Team to to handle all the pretty pictures in the Ubuntu project. This will include things like icons, splash screens, wallpapers, the calendar and much more. If you're interested in getting involved, the best way to start is to join the new artwork mailing list.
Audio and Video programs
New episode of LUGRadio out (GnomeDesktop)
GnomeDesktop mentions the availability of a new audio program from LUGRadio. "The incredible crew at LUGRadio have put out another entertaining show featuring some discussion about GStreamer and Jono Bacon's newfound intimate relationship with it. Also being interviewed is Edward Hervey, maintainer of PiTiVi the GStreamer based non-linear video editor. Also interviewed is Sarah Ewen from Sony, talking about Linux on current and future Playstation's and Sony's plan for World Domination."
Page editor: Forrest Cook