LWN.net Weekly Edition for August 4, 2005
Wiring DRM into the system
An interesting bit of corporate research was recently performed by the EFF's Seth Schoen, who attended the Microsoft Windows Hardware Engineering Conference and wrote up a four-part report on what he learned (part 1, part 2, part 3, and part 4). The resulting picture suggests that Microsoft is going out of its way to appease the entertainment industry with its future products. Upcoming Windows releases will be able to ensure that no "unauthorized" hardware or software exists on the system. Load an application which the "protected media path" code does not like, and much of the system's multimedia capability could be shut down. A Microsoft-controlled "revocation list" will allow drivers to be disabled by Microsoft in the future should those drivers be determined to not properly implement the DRM specifications. Overall, it is a vision of a world where "our" computers are, increasingly, not under our control and not operating in our interests.The comments on the original LWN posting pointing to Seth's reports suggest that many readers believe that this sort of intrusive DRM technology will provoke a massive consumer backlash and, as a result, fail in the market. There are some signs that this hope could be realized; there is currently a fair amount of grumbling in the U.S. over the HDCP copy-protection mechanism, which can prevent the delivery of high-resolution video to large numbers of high-definition TV monitors which do not implement HDCP. As others have often said: Americans will put up with all sorts of misbehavior from both governments and corporations, but they will not tolerate anybody who messes with their TV.
All of this may be wishful thinking, however. It may well be that the industry will get its DRM technology working to the point that it no longer interferes greatly with the life of the average couch potato. If things "just work" for most people, they will be accepted by those people. Few of us have the time or knowledge to worry about the larger issues of fair use, control over our own systems, or long-term sustainability of the cultural commons. After all, there's a game on in a few minutes.
Consider also the reports that Apple is planning to make use of the trusted platform module (TPM) chip in its future kernels. The primary purpose here, most likely, is to keep people from running Mac OS on non-approved x86 systems. But it is hard to believe that Apple would not also use the TPM, for example, to help ensure that audio files do not escape from the one system where they are authorized to be.
Then consider that the latest Linux kernel includes basic TPM support, and work is underway to increase that support. As was discussed at the Ottawa Linux Symposium, the TPM can do a number of good things for Linux users. It can also, however, be used to deprive a Linux user of control over the system and implement all of the same DRM stuff which is being added elsewhere. A Linux-based set-top box could be just as user-hostile as one based on Windows. Availability of source would not be helpful in such a situation; the TPM can be used to ensure that the system will boot only kernels which have been signed with a specific key. Linus Torvalds has stated in the past that this sort of usage is fine with him.
Now, Linus is not the only copyright holder for the kernel, and others may yet decide that the GPL requires that the keys used to sign the kernel be distributed with the source. The GPL's source distribution requirements do include "the scripts used to control compilation and installation of the executable," after all. It may even be that a court will buy that argument. But any such finding will be at the far end of a long process of litigation; it is an uncertain and distant prospect. In the mean time, it is safe to assume that we will see more systems which, while running Linux, allow no more user control than their equivalents based on proprietary software.
At OLS, Jim Gettys compared the DRM situation to the American experiment with crypto export regulations. We'll win in the end, but there may be a decade or two of pain in the middle. Sadly, it appears that we are just beginning to enter the "pain" phase of this battle. This is a fight we can win; we will likely be helped by the fact that the entertainment industry will have a hard time stopping short of the point that makes consumers rebel. But there may indeed be some unpleasant times between here and there.
Cisco v. full disclosure
The story has been sufficiently widely reported that we do not need to go into the details here; see Bruce Schneier's summary if you have some catching up to do. In short: Cisco is going after ex-ISS employee Michael Lynn after he made a presentation in Las Vegas on security vulnerabilities in Cisco's IOS. There is now an FBI investigation in the works, and Mr. Lynn faces the possibility of lawsuits from Cisco or ISS (or both). Meanwhile, copies of his presentation are circulating on the net, closely followed by lawyers with takedown notices. BoingBoing has posted a list of mirrors for those of you who have not yet gotten your copy.Cisco's argument is that Mr. Lynn's presentation discloses Cisco's trade secrets. By this reasoning, Cisco's customers are not entitled to know about vulnerabilities in the boxes they have used to put their networks together. In fact, it appears that Cisco has known about this vulnerability since April, but did not see fit to tell its customers - or anybody else - about it until after Mr. Lynn's presentation. Cisco's concern for its public image has clearly outweighed its concern for its customers' security. The company has turned against disclosure of security problems, and also seems to have forgotten what the net has taught us over the last twenty years or so: attempting to suppress information which has escaped onto the net is not only futile, but it increases the distribution of that information.
There is another aspect of this situation which is worth looking at, however. It has often been said that users of embedded systems do not care about which operating system is running inside. The system is invisible, and all that matters is that it does its job. Security problems clearly increase the visibility of an embedded system. But so do trade secrets, and in an unpleasant way. If Cisco's routers ran Linux, there would be no question of the company using trade secrets to shut down disclosure of vulnerabilities in the core system. There cannot be trade secrets embedded within GPL-licensed code - at least, any such secrets will not remain secret for long. So an attempt to use trade secrets to block disclosure of a security problem is almost certain to fail.
This is a good thing, and a nice added benefit from the use of free software. People may not care about the code running inside their router, phone, music player, automobile, or Furby, but they may yet learn to care about having vulnerabilities in those devices hidden from them. Among the many promises carried by free software is this one: it does not contain secrets which may be used to censor those who would tell you about a problem with your gadget. That is a worthwhile freedom.
Our bloat problem
Andy Oram's report from the Ottawa Linux Symposium notes that OpenOffice.org took some grief there:
As one of those speakers, your editor will plead guilty to taking a cheap shot for an easy laugh (and people did laugh). But the remark had nothing to do with the value of OpenOffice.org as an application. It was about bloat.
In a private conversation at the same conference, an engineer working with a services company in a developing country mentioned a valuable line of business for his employer. It seems that there are customers with large numbers of older desktop computers running legacy operating systems; they would like to extend the life of those computers by putting Linux onto them. But Linux does not run as well on these systems as anybody would like; it is simply too big. OpenOffice.org is especially problematic on smaller systems, but the problem does not stop there.
Not that long ago, Linux was a relatively small and fast system which could run well on a wide variety of older hardware. That may still be true in some specific cases - Linux-based firewall/routers, for example - but, as a general-purpose operating system, Linux has become just as bloated as its proprietary competition. Your editor just looked at his desktop system, with two days of uptime, to see where the memory went. A few examples:
Program Resident set (MB) cupsd 6 gnome-settings-daemon 9 gconfd 9 gnome-session 10 metacity 14 gnome-panel 15 gnome-terminal 21 clock-applet 10 emacs 37 firefox 90
It is a sad world when 10MB of memory is required to display a clock, and 21MB to run a terminal emulator.
Developers who have taken a class in data structures have probably heard all about time-space tradeoffs. Programs can often be made faster at the expense of higher memory usage. The truth of the matter, however, is that these tradeoffs are often illusory. Big code is slow code. From inferior processor cache usage through to virtual memory thrashing, large code slows things down across the entire system. On contemporary systems, the way to faster code is often by using less space, not more.
There are signs that more developers are beginning to understand the costs of bloat. There is a GNOME memory reduction project underway, for example, though it does not appear to be progressing rapidly. But a more serious effort will be required if the Linux desktop is going to lose some significant weight.
And it should lose that weight. Some growth is to be expected from the development of the software itself - Linux systems can do much more than they could a few years ago. But it seems clear that much of our development has been aimed at the addition of new features, and relatively little attention has been paid to memory usage. At this point, Linux need not feel insecure about the features it offers; maybe the time has come to put some more effort into implementing those features with fewer resources. Otherwise, Linux is inflating itself out of a number of possible applications and losing the leanness which used to be one of its best attributes.
Security
A look at NuFW
In many environments, it's sufficient to set up a firewall to filter traffic based on IP address. However, in some situations, an administrator may wish to set up a firewall that can actually filter packets based on the user, rather than the IP address that packets are coming from. A typical firewall using Netfilter is capable of filtering traffic and setting QoS rules only by the originating IP address, and doesn't recognize the concept of users at all.Now User Filtering Works (NuFW) is a package that promises the ability to do a lot more. NuFW is a package that runs on top of Netfilter and allows packet filtering and quality of service (QoS) rules to be assigned by user or application, rather than by the machine or IP address that packets originate from. This makes it possible to apply finer-grained permissions than are possible with Netfilter alone.
There are two daemons that run to provide NuFW's services. The nuauth daemon - the authentication server for NuFW - and the nufw daemon, which runs on the firewall and works in conjunction with Netfilter to actually filter traffic. It is not necessary for the nuauth and nufw daemons to run on the same server, so an administrator can set up nufw on the firewall, and nuauth on any other machine that the firewall can communicate with.
We contacted the NuFW developers, Eric Leblond and Vincent Deffontaines about the project, and asked about the performance impact of NuFW. According to the developers, NuFW uses Netfilter's connection tracking features, and only authenticates the SYN packet of each TCP connection. This means NuFW has no impact on bandwidth, since it is removed from the equation once a connection is open.
Leblond and Deffontaines said that NuFW's impact on performance is minimal:
There remains, of course, a measurable impact on the time it takes to open TCP connections. We performed a small, basic bench, to measure this. We built a very basic process that opens a TCP connection to a host, then closes it, in loop for 1000 times. Running that process behind a NuFW firewall took 34 seconds. Running that process behind a "conventional" Netfilter firewall (same hardware) took 20 seconds. So, we're pretty happy with NuFW's behaviour on DoS conditions, and quite confident about the performance matter.
In addition to the nufw and nuauth daemons, each client system must be
running the NuFW client -- Nutcpc for Linux, and NuWINc for
Windows. Note that the Windows application is governed by a proprietary
license, whereas NuFW is available under the GPL. Leblond and Deffontaines
said that it should be easy to port the Linux client to Mac OS X and BSD
OSes -- and it may run as-is. "What we mostly lack on this is
testing. We are, of course, very open to contributions.
"
When clients send packets through the firewall or gateway, the nufw daemon checks with the nuauth daemon to authenticate the user and verify whether a particular user has the appropriate permissions to send traffic through the firewall.
NuFW distinguishes protocols as well, so users could be allowed (for example) to send HTTP traffic, but not SSH or POP3. Nuauth supports several authentication methods, including LDAP, system authentication with PAM, dbm or a plain text file with user credentials.
NuFW uses an Access Control List (ACL) to determine which services users and groups can access. In the event that two groups have conflicting permissions -- for example, if a user belongs to a group that can access SSH and a group that cannot -- NuFW can be configured to either allow access or deny it.
NuFW also offers detailed logging of activity, so that it's possible to track which users are sending traffic through the server and what traffic has been rejected or accepted. NuFW can log to syslog, or a MySQL or PostgreSQL database.
There is also a Web interface which works with NuFW called Nuface, and a firewall log analysis application called Nulog, which provides a friendly interface for viewing NuFW's logs in detail.
One limitation of NuFW is that it only filters TCP. The developers said that they want to implement UDP, ICMP and other protocols. There are a few other features that they're looking at for the long term as well:
We also asked Leblond and Deffontaines if there was any chance of NuFW
being ported to any of the BSD OSes. They said that they have looked at
this, but that none of the BSD IP filter packages have a feature like
Netfilter's QUEUE target, which is used by NuFW. "When/if there is
one, we'll be happy to port the nufw daemon to BSD. Right now, the nuauth
daemon should run on BSDs, as it is POSIX C.
"
While NuFW provides a rich set of features, it also adds quite a bit of complexity to the setup. In addition to installing and maintaining an additional set of packages, administrators will need to set up the appropriate groups and define permissions for those groups to determine which users can utilize which services.
Admins will also need to install the NuFW client on all machines that need to authenticate with NuFW, and this means that (for the moment) NuFW is an option only for organizations that restrict their systems to Windows and Linux. It is possible to set up NuFW to ignore one or more subnets on your network, but this does defeat the purpose of using NuFW to some extent.
As Leblond and Deffontaines point out, most of the complexity "comes
not from internals, but rather from the fact that NuFW is a glue between
systems that don't know about each other: the firewall in the center of the
network, and the user directory in the center of organisation.
" They
are working on a "appliance" solution with NuFW that will make it easier to
deploy. It's also worth noting that NuFW is now available in Debian sid and the
developers say that other distributions are looking at packaging NuFW as
well. This could go a long way towards making NuFW much easier to deploy.
New vulnerabilities
apt-cacher: remote command execution
| Package(s): | apt-cacher | CVE #(s): | CAN-2005-1854 | ||||
| Created: | August 3, 2005 | Updated: | August 3, 2005 | ||||
| Description: | The Debian apt-cacher utility has a vulnerability which can allow a remote attacker to run arbitrary code on the host system. | ||||||
| Alerts: |
| ||||||
epiphany: Mozilla regression vulnerability
| Package(s): | epiphany | CVE #(s): | |||||
| Created: | July 28, 2005 | Updated: | August 29, 2005 | ||||
| Description: | The epiphany web browser had a vulnerability regression that was caused by fixes to the Mozilla suite. This is specific to Ubuntu Linux, the Mozilla fix was: USN-155-1. | ||||||
| Alerts: |
| ||||||
ethereal: dissector vulnerabilities
| Package(s): | ethereal | CVE #(s): | CAN-2005-2365 CAN-2005-2367 CAN-2005-2360 CAN-2005-2361 CAN-2005-2362 CAN-2005-2363 CAN-2005-2364 CAN-2005-2366 | ||||||||||||||||||||||||
| Created: | July 28, 2005 | Updated: | October 10, 2005 | ||||||||||||||||||||||||
| Description: | The ethereal network traffic analyzer has several vulnerabilities, involving traffic dissectors. Dissectors have buffer overflows, format string overflows, and crashing/denial of service issues. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
libgadu: memory alignment bug
| Package(s): | libgadu | CVE #(s): | CAN-2005-2370 | ||||||||||||
| Created: | July 29, 2005 | Updated: | June 25, 2007 | ||||||||||||
| Description: | Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment error in libgadu (from ekg, console Gadu Gadu client, an instant messaging program) which is included in gaim, a multi-protocol instant messaging client, as well. This can not be exploited on the x86 architecture but on others, e.g. on Sparc and lead to a bus error, in other words a denial of service. | ||||||||||||||
| Alerts: |
| ||||||||||||||
gopher: insecure tmpfile creation
| Package(s): | gopher | CVE #(s): | CAN-2005-1853 | ||||
| Created: | July 29, 2005 | Updated: | August 3, 2005 | ||||
| Description: | John Goerzen discovered that gopher, a client for the Gopher Distributed Hypertext protocol, creates temporary files in an insecure fashion. | ||||||
| Alerts: |
| ||||||
gzip: arbitrary command execution
| Package(s): | gzip | CVE #(s): | CAN-2005-0758 | ||||||||||||||||||||||||||||
| Created: | August 1, 2005 | Updated: | January 10, 2007 | ||||||||||||||||||||||||||||
| Description: | zgrep in gzip before 1.3.5 does not handle shell metacharacters like '|' and '&' properly when they occurred in input file names. This could be exploited to execute arbitrary commands with user privileges if zgrep is run in an untrusted directory with specially crafted file names. | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
libtiff: insufficient validation
| Package(s): | libtiff | CVE #(s): | |||||||||||||||||
| Created: | July 29, 2005 | Updated: | August 18, 2005 | ||||||||||||||||
| Description: | Wouter Hanegraaff discovered that the TIFF library did not sufficiently validate the "YCbCr subsampling" value in TIFF image headers. Decoding a malicious image with a zero value resulted in an arithmetic exception, which caused the program that uses the TIFF library to crash. This leads to a Denial of Service in server applications that use libtiff (like the CUPS printing system) and can cause data loss in, for example, the Evolution email client. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
nbSMTP: format string vulnerability
| Package(s): | nbsmtp | CVE #(s): | |||||
| Created: | August 2, 2005 | Updated: | August 3, 2005 | ||||
| Description: | A format string vulnerability in nbSMTP may allow an attacker to execute arbitrary code with the permissions of the user running nbSMTP. | ||||||
| Alerts: |
| ||||||
NetworkManager: format string bug in nm_info_handler
| Package(s): | networkmanager | CVE #(s): | |||||
| Created: | August 1, 2005 | Updated: | August 3, 2005 | ||||
| Description: | Network Manager passes logging messages straight to syslog as the format string. This causes it to crash when connecting to access points that contain format string characters. This was reported initially by Ian Jackson. | ||||||
| Alerts: |
| ||||||
PowerDNS: denial of service
| Package(s): | pdns | CVE #(s): | CAN-2005-2301 CAN-2005-2302 | ||||
| Created: | August 1, 2005 | Updated: | August 3, 2005 | ||||
| Description: | PowerDNS before 2.9.18 has several vulnerabilities. The LDAP backend does not properly escape all queries, allowing it to fail and not answer queries anymore. Queries from clients without recursion permission can temporarily blank out domains to clients with recursion permitted. This enables outside users to blank out a domain temporarily to normal users. | ||||||
| Alerts: |
| ||||||
ProFTPD: format string vulnerabilities
| Package(s): | proftpd | CVE #(s): | CAN-2005-2390 | ||||||||||||||||||||||||
| Created: | August 1, 2005 | Updated: | September 6, 2005 | ||||||||||||||||||||||||
| Description: | Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via certain inputs to the shutdown message from ftpshut, or the SQLShowInfo mod_sql directive. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
pstotext: remote execution of arbitrary code
| Package(s): | pstotext netpbm | CVE #(s): | CAN-2005-2471 | ||||||||||||||||||||||||||||||||||||
| Created: | August 1, 2005 | Updated: | March 28, 2006 | ||||||||||||||||||||||||||||||||||||
| Description: | Max Vozeler reported that pstotext calls the GhostScript interpreter on untrusted PostScript files without specifying the -dSAFER option. An attacker could craft a malicious PostScript file and entice a user to run pstotext on it, resulting in the execution of arbitrary commands with the permissions of the user running pstotext. See this Secunia advisory for more information. | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
Resources
Phrack #63 is out
Phrack #63 - said to be the last issue - has been published. A wide variety of subjects is covered, including rootkit hiding, hacking Grub, process hiding on Linux, and more. The whole issue is downloadable as a compressed tarball.
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current 2.6 prepatch is 2.6.13-rc5, which was released by Linus on August 1. This prepatch contains a great many fixes and the reversion of a couple of troublesome patches (see below). The long-format changelog has the details.2.6.13-rc4 was announced on July 28. This prepatch is large, containing a vast number of fixes. There's also a SCSI update, an ALSA update, an NTFS update, a reworking of the shutdown/reboot code, and more. See the long-format changelog for the details.
Linus's git repository contains a very small number of fixes added since -rc5.
The current -mm tree is 2.6.13-rc4-mm1. Recent changes to -mm include some cleanups to the i386 code (in particular moving inline assembly code into wrapper functions), some scheduler tweaks, the page fault scalability patches, and the dropping of the CKRM patches.
Kernel development news
A PCMCIA subsystem change
Russell King recently sent out a heads-up regarding a PCMCIA subsystem change which will affect some users. In 2.6.13, if a PCMCIA driver is linked directly into the kernel, its devices will be recognized and bound at boot time. That means that no hotplug events will be generated for those devices. Since many systems use the hotplug subsystem to do things like configuring network interfaces, this change could lead to broken systems.There are also concerns about the naming of disk devices; the presence or absence of a PCMCIA device could cause the names of other disks on the system to change from one boot to the next. Dominik Brodowski has posted a patch which causes PCMCIA IDE devices to be initialized late in the boot process in an attempt to minimize this problem; he also notes that udev is the right way to deal with device naming issues.
Meanwhile, most users will not be affected because most distributors build their PCMCIA drivers as modules. Devices managed by those drivers will be configured after the system is bootstrapped, and will generate hotplug events as usual.
How fast should HZ be?
There has been a debate slowly simmering on linux-kernel over an issue which, to most Linux users, will be invisible. Still, it points at the sorts of tradeoffs which must be made when configuring a system, and thus merits a look.One of the features which will be included in the 2.6.13 kernel is the ability to configure the frequency of the timer interrupt at kernel build time - at least, on the i386 architecture. This capability, by itself, is not controversial, but the new default value for HZ (250) is. Some developers think it is too low, while others (fewer) think it is too high. It does not appear that there is a single "right" value for this variable.
HZ is the frequency with which the system's timer hardware is programmed to interrupt the kernel. Much of the kernel's internal housekeeping, including process accounting, scheduler time slice accounting, and internal time management, is done in the timer interrupt handler. Thus, the frequency of the timer interrupt affects a number of things; in particular, it puts an upper bound on the resolution of timers used with the kernel. If HZ is 1000 (the i386 default for 2.6 kernels through 2.6.12), then timers will have a best-case resolution of 1ms. If, instead, HZ is 100 (the 2.4 and prior default), that resolution is 10ms.
The 250Hz default in 2.6.13 gives a maximum timer resolution of 4ms, which is said to be insufficient for many multimedia-oriented applications (and others which need higher-resolution timers). Such applications, in that environment, will be forced to use busy-waiting to achieve delays which are below the best resolution offered by the system, with the usual effect on CPU utilization. It is not the way the developers of these applications want to go.
The arguments in favor of reducing HZ center around efficiency. A slower timer interrupt is said to require less power, since the processor (if relatively idle) will wake up less often. Thus, a lower value of HZ is supposed to be better for laptop users. The timer interrupt handler also requires CPU time (and a context switch, and cache space) every time it runs; running that handler less often will clearly reduce its overhead.
Part of the problem, however, is that nobody has quantified the savings which can be expected from a slower timer interrupt. That changed, however, when Marc Ballarin posted some results from tests he had run. His initial test, involving an idle system, showed that power consumption varied from 7.59 watts with a 100Hz timer frequency to 8.15W at 1000Hz. A subsequent test with KDE running showed a smaller savings, especially when artsd was running.
These results have given ammunition to both sides. Advocates of a low HZ value see the potential for a half-watt savings as worthwhile. Those who want HZ to be high see, instead, a change which makes the system less effective for them while yielding minimal advantages in real-world use.
If there is a consensus on this issue, it would appear to be that the real solution is the dynamic tick patch. By causing timer interrupts to happen only when there is actually something to be done, the kernel can simultaneously support higher-resolution timers and reduce the actual incidence of timer interrupts. No commitments have been made, but there seems to be a widely-held opinion that the dynamic tick patch will be merged once it has been sufficiently cleaned up; some architectures (e.g. ARM) already have it. To that end, Con Kolivas has posted a reworked version of that patch for review.
If this patch is to be merged soon, it has been asked, why make a change to HZ in the mean time? No answers to that question have been posted. It is true that the lower value of HZ has been in the mainline for some time (and in -mm for even longer) and the number of real complaints has been small. In the absence of problems noted by a wider group of testers, the default value of 250 for HZ seems likely to persist into the final 2.6.13 release. It remains to be seen, however, what value the distributors will pick for the kernels they ship.
A new path to the refrigerator
One of the trickier parts of the software suspend subsystem is the "refrigerator," the code which puts all processes on hold so that the system can be suspended in a quiet state. Last week, this page looked at some issues which come up in choosing which processes to freeze and when to freeze them. Another area of work, however, is the mechanism by which the freezing actually happens.The in-kernel software suspend code puts processes on hold with the following steps:
- The process flags (stored in the flags field of the
task_struct structure) gets the PF_FREEZE bit set.
- A signal is delivered to the process, causing it to execute briefly.
- Eventually the process notices the PF_FREEZE flag and calls refrigerator(). That call replaces PF_FREEZE with PF_FROZEN and puts the process into an unrunnable state (TASK_UNINTERRUPTIBLE).
This mechanism does work, but it has a couple of problems. The PF_* flags require some support in the scheduler, which would be nice to avoid. The real issue, though, is that accessing another process's flags requires locking to avoid race conditions. Adding that sort of locking to the software suspend code, however, is hard to do without risking deadlocks. So the suspend code simply sets the PF_FREEZE flag without locking and hopes for the best; this is one of the reasons why software suspend has never really been supported on SMP systems.
Christoph Lameter has posted a set of patches aimed at fixing these issues. With his patch, the PF_FREEZE and PF_FROZEN flags go away. Instead, struct task_struct gets a new field called todo. This field is a notifier_block pointer; whenever any part of the kernel wants a particular process to run a function in its own context, the kernel can put a notifier request onto todo. At various places in the kernel, the todo list is checked, and any notifier requests which have been put there are executed.
With this mechanism, there is no need for any special process flags. The suspend code simply adds a todo item for each process asking it to freeze itself. It is still necessary to deliver a signal to each process to force it to run in the kernel; otherwise, processes waiting on I/O (or which never call out of user space) would not execute the notifier. The actual "frozen" state is implemented with a completion in Christoph's patch, meaning that unfreezing everybody is a simple matter of a call to complete_all().
Christoph thinks that the todo mechanism may be useful beyond software suspend. A number of places in the kernel have to make changes which are best run in the context of a specific process; the code to make those changes happen can, at times, be a little ugly. The todo list is a straightforward way of running code directly in the context of interest, potentially simplifying the kernel in a few places. The patch has not made it into -mm as of this writing, but there does not appear to be any great obstacle to its inclusion there.
ACPI, device interrupts, and suspend states
The 2.6.13-rc5 prepatch brought with it the reversal of a couple of ACPI-related patches. A look at what happened is rewarding in that it shows how hard it can be to get some things right, and how the kernel development model tries to address these issues.Earlier 2.6.13 prepatches included a change to the core ACPI system. Whenever the system (or a part of it) is being suspended, the modified ACPI code would break the link which routed device interrupts into the processor. This change is part of a new set of rules which expects every device to release its interrupt line on suspend, and to reacquire it on resume. There are a few reasons for wanting to do things this way:
- In theory, at least, a device could be resumed to find that its
interrupt number has changed. People who reconfigure their hardware
while the system is suspended (as opposed to being truly shut down)
might be seen as actively looking for trouble, but it still might be
nice to make things work for them when possible.
- The interrupt handler for a suspended device should not normally be
called, but that can happen in the case of shared interrupts. Any
interrupt handler which tries to access a suspended device is likely
to run into problems; having every suspend() method release
the device's interrupt line can help to avoid this situation.
- On resume, interrupts for a device whose driver has not yet been resumed may be seen as spurious and shut down. If that interrupt line is shared, however, other devices could be affected. This problem can be avoided by having ACPI shut down the interrupt altogether until individual drivers restore it, but that depends on drivers explicitly reallocating their interrupt lines.
The problem with the ACPI change is that it breaks a large number of drivers, and, as a result, it breaks suspend on systems where it used to work. The power management hackers seem to see this situation as an unfortunate, but necessary step toward getting suspend working reliably on a much broader range of hardware. Having individual drivers release and reacquire their interrupts is also seen as necessary to support runtime power management - suspending of individual devices in a running system to save power. The ACPI change, it is said, fixes more systems than it breaks, and is thus worthwhile.
Linus disagreed and reverted the patch, saying:
So I believe that if we fix two machines and break one machine, we've actually regressed. It doesn't matter that we fixed more than we broke: we _still_ regressed. Because it means that people can't trust the progress we make!
The right solution, according to Linus, is to go ahead and add the free_irq() and request_irq() calls to individual drivers when it makes sense to do so, and when it does not break things for individual users. Meanwhile, however, the ACPI subsystem should still restore the interrupt state on resume so that unmodified drivers do not break. There are some remaining issues with how that is done: it may involve running the ACPI AML interpreter with interrupts disabled, which leads to a number of interesting situations. Benjamin Herrenschmidt also pointed out that it could lead to situations where drivers may not be able to receive interrupts during the resume process.
Eventually, one assumes, these details will be worked out. In the mean time, it will be interesting to see if the "revert any patch that breaks somebody's machine" policy holds. If it leads to a more stable experience for Linux users, it seems like it would be a good thing.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
About Source Mage
In a Nutshell
Source Mage is a source-based distribution intended for power users, system administrators, and hobbyists, who would like an easy way to custom-configure every application and to have each application maintain its configuration through upgrades. All distributed code consists of a package manager called "Sorcery" and a collection of packages, called "Spells". Sorcery and Spells together are known as the "Grimoire". Spells are kept as close to the upstream authors' code as possible and are designed for maximum choice in configuring a system. System commands such as "cast" and "dispel" are consistent with the "sorcerous theme".
All Source-Mage-maintained code is written in BASH and GNU-based POSIX utilities, designed to be as minimalistic as possible. For example, GCC doesn't need to build with G++ (the C++ compiler) unlike Gentoo, which requires it for Python. GNU Sed and Awk are used liberally, however Perl is not. This makes Source Mage suitable for small installs and the use of shell script is highly advantageous to a new user.
Of Modest Beginnings
In 2001, Kyle Sallee created a source-based linux distribution called Sorcerer GNU/Linux and released it under the GPL. In late 2001 due to differences with Kyle on how to run the project, a fork was created called Lunar Penguin, now known as Lunar Linux. As a result of confrontations with the Lunar developers, Kyle took Sorcerer off the web one night and nobody could update.
Many of the developers tried to talk Kyle back into continuing the project, but failed. Ryan Abrams and Eric Schabell took over the GPL'd sources and put up a temporary website. At the request of Kyle, the name was changed, and after a vote, Source Mage GNU/Linux was born. On April 4, 2002, sourcemage.org was registered and website content was put up.
A short while later Kyle rewrote much of his code and released it under a non-GPL license that prevents forking. These three distributions have continued since, however the rest of this article concerns Source Mage.
System Layout and Organizational Structure as of June 2005
Project Leader: Eric Sandall: Source Mage has adopted a social structure similar to Debian GNU/Linux, with a Social Contract and a developocratic system that allows developers to vote for team leaders. Team leaders, in turn, vote and appoint developers.
Project Divisions
Sorcery Lead: Andrew Stitt: Sorcery is the package manager. Similar to Gentoo's Portage, although developed concurrently to Gentoo and vastly different in approaches and philosophies. Sorcery is intended to be light-weight, well-designed, and a solid core upon which spells and grimoire libraries can function. Sorcery is mature and feature-competitive with Gentoo's Portage or a BSD-style ports collection. Very little of Kyle's original code remains, and it's often in vestigial sections.
Grimoire Lead: Arwed von Merkatz: The Grimoire is the collection of spells that are called by sorcery (via the "cast" command). Section maintainers called "gurus", keep the Grimoire up-to-date, typically with a version bump and in many cases an md5 of the source (or the upstream author's PGP signature). The main Grimoire is kept in devel, test, stable-rc, and stable versions. There are also auxiliary Games, Z-rejected, and Hardened grimoires for games, binary spells and those that don't meet FSF license approval (note: not the same as Debian's DFSG), and security-hardened spells.
Cauldron Lead: David Kowis: The Cauldron is the code that creates and involves the installer. The Cauldron is undergoing rapid development at this stage, as the original installer inherited from Sorcerer has undergone some bit-rot. The new version of the installer is on track for stable release concurrent with our overall 1.0 release.
Additional General Structures
Security Lead: Thomas Houssin: The Security Team manages the Hardened grimoire and is responsible for handling security updates, especially to spells in the Grimoire.
Quality Assurance Lead: Seth Woolley: The QA Team is responsible for vetting the quality of the various sub-projects before release and is directly responsible for Stable Grimoire releases. Quantitative and qualitative processes are followed to ensure stability.
Web Team Lead: Adam Clark: The Web Team is responsible for providing a public face for the project and keeping it up-to-date.
Public Relations Lead: Alex Smith: Alex is the reason you're reading this article and is responsible for other aspects of our relations with the public. As our developers are dark, dank, and don't clean up well in public, we chose Alex to represent us.
Developer and Codebase Maturity
Since we are relatively unheard of, it will help for potential new users to understand how much work has gone into Source Mage already and that we aren't the next fad distro with a short burst of resources and then a fading away after fifteen minutes of fame.
Major Contributors (more than a dozen patches)
- 18 major contributors to Sorcery
- 92 major contributors to Grimoire
- 37 current part-time developers
Approximate Project Size
- 10,000 enhancements, features, and bugs handled in Bugzilla
- 60,000 code commits with a 95MB repository averaging 50 commits per day
- 4,000 spells in 295,000 source lines and 85,000 patch lines in the Grimoires (14MB)
- 36,000 source lines in Sorcery (1.2MB)
- 90% of the source code is new since taking over from Sorcerer
Where We Are and What to Expect
We are nearing a 1.0 ISO release. The install and initial setup, which involves compiling and configuring the correct drivers, is probably the most difficult part of using Source Mage GNU/Linux. However, if you are an experienced Linux user, or even somebody without experience who wishes to gain it, you should expect friendly IRC chat rooms and mailing lists that can help you get setup in very little time. Any Gentoo user should be familiar enough with the fundamentals to get Source Mage installed easily.
Where the Future Lies
We're mainly focused on ISO development and stability-proofing the existing code. The Second-System effect is mostly through and we're looking forward to many new users that haven't heard of us because we were busy rewriting everything.
About the Author
Seth Woolley is the current Source Mage GNU/Linux Quality Assurance Lead and has been a developer since September 2002 and a user since the project's inception.
Distribution News
Slackware freezes for 10.2
The August 2 Slackware ChangeLog notice notes that the distribution has been frozen in preparation for a 10.2 release. Time for interested Slackware users to test things out and find the remaining glitches.Security Support AMD64 Sarge
Debian's AMD64 port is still not officially in Sarge (it's there unofficially), but it will be getting security support. "Joey Schulze from the Security Team offered to do an accumulative security announce, covering all the amd64 packages which now get added for all the past advisories[1], so expect one big DSA in the near future. (ETA is Monday at the moment). All new DSAs from now on will simply include amd64."
Debian Bug Squashing Party -- August, 5th - 7th
Due to numerous transitions, many new upstream versions and rapid development of native packages there has been a large jump in RC bugs in etch. So there will be a bug squashing party this weekend, August 5 - 7, 2005, to try to squash as many as possible.
Distribution Newsletters
Debian Weekly News
The Debian Weekly News for August 2, 2005 is out. In this edition: Debian turns twelve, the Debian swirl found in a proprietary commercial drawing program, a call for improving package descriptions, successful machine migrations, the popularity contest, Debian Accessibility project issues a call for help, the next generation of init scripts, spam reporting in mail archives, and more.Fedora Weekly News
Fedora Weekly News, #7 covers the Fedora Bug Day Event, Fedora Extras Build System, the Unofficial FAQ updated for Fedora Core 4, the Unofficial Guide for Fedora Core 4, Boot Fedora Linux Faster, and several other topics.Gentoo Weekly Newsletter
The Gentoo Weekly Newsletter for the week of August 1, 2005 looks at the Gentoo Developer conference in San Francisco, German translators needed, Bugday 2nd anniversary, a user interview with George K. Thiruvathukal, and more.Ubuntu MOTU report - issue 6
Here's the latest report from the Ubuntu Masters Of The Universe with a look at new members of the MOTU team and more.DistroWatch Weekly, Issue 111
The DistroWatch Weekly for August 1, 2005 is available. "SUSE LINUX has always been developed behind closed doors - some believe that it's time to open up and let the community get involved. Are you curious about the current status of the Enlightenment window manager, version 17? If so, we'll show you how to set it up on the recently released VectorLinux 5.1. Also in this issue: "Freedom Toasters" that dispense distribution CDs across South Africa, and an interview with Jonathan Riddell, the lead developer of Kubuntu."
Minor distribution updates
Lunar ISO 1.5.1 i686 (rc1)
Lunar-Linux has announced the first release candidate of Lunar-1.5.1 (Gallium Arsenide). "This version fixes a few bugs with missing files in /etc/, and adds support for displaying normal device names (/dev/sda, /dev/hda3 etc) in the entire installer. Also, there are now proper default choices in the language, font, charmap etc. menus to guide you. The network now starts by default after installation."
Package updates
kde-redhat supports Fedora Core 4 (SourceForge)
The KDE for RedHat project has announced the release of KDE packages built for Fedora Core 4.Fedora updates
Fedora Core 4 updates KDE to 3.4.2: kdeaddons, kdesdk, kdepim, kdemultimedia, kdelibs, kdewebdev, kdebase, kdevelop, kdeutils, kdenetwork, kde-il8n, kdegraphics, kdegames, kdeedu, kdebindings, kdeartwork, kdeadmin, kdeaccessibility, arts.More FC4 updates: selinux-policy-targeted-1.25.3-6 (fix bugs and bump for FC4), gamin-0.1.1-3.FC4 (bug fix), pam-0.79-9.4 (bug fixes), netpbm-10.28-1.FC4.1 (update to 10.28), libraw1394-1.2.0-1.fc4 (update to 1.2.0), selinux-policy-targeted-1.25.3-9 (fix bugs and bump for FC4), ckermit-8.0.211-2.FC4 (use openpty library), kdegames-3.4.2-0.fc4.2 (don't setgid as default), gphoto2-2.1.6-1.1 (update to 2.1.6 - rebuilt for FC4), coreutils-5.2.1-48.1 (fixes "who -r" and "who -b"), iiimf-12.2-4.fc4.2 (backported patches), gimp-2.2.8-0.fc4.2 (fix gimptool manpage symlink).
Fedora Core 3 updates: im-sdk-12.1-10.FC3.1 (added a series of iiimxcf patches), gamin-0.1.1-3.FC3 (bug fix), netpbm-10.28-1.FC3.1 (update to 10.28), mkinitrd-4.1.18.1-1 (fixes boot problems), yum-2.2.2-0.fc3 (fix a few minor problems), gimp-2.2.8-0.fc3.2 (fix gimptool manpage symlink).
Mandriva bug fix advisory MDKA-2005:036
Mandriva has updated hal packages that fix USB drive mounting on ML 10.2.Trustix bug fix advisory TSL-2005-0037
Trustix Secure Linux has fixed bugs in several packages including bind, clamav, courier-authlib, courier-imap, dhcp, initscripts, iptables, kernel, nscd, postfix and samba.
Distribution reviews
Mono Live Rulez! (O'ReillyNet)
O'ReillyNet has a review of Mono Live, an Ubuntu-based live CD featuring Mono. "For me, the stability and tight integration and implementation in Mono Live is superb. For one who has struggled with configuring Mono in the past, using the CD was a huge relief. With just a simple boot from CD, I had a rich Mono platform to explore and use. For that reason, I believe that Mono Live accomplishes what Joseph set out to provide. It especially excels in demonstrating the capabilities of the Mono platform."
Review: Ubuntu 5.04 (PCBurn)
PCBurn reviews Ubuntu's Hoary Hedgehog. "Ubuntu has created an extremely pleasing desktop environment. Once the install is finished (only an issue for an unexperienced user) the system itself performs very well. Default applications and preferences have been thought out to make the user instantly productive. People looking for a Debian based system or new Linux users wanting to "get into" it will find this an excellent desktop OS."
Linspire Five-O Desktop Linux Reviewed (xyz computing)
xyz computing reviews Linspire Five-O. "Linspire seems to understand some of the things which are keeping consumers off Linux desktop operating systems. In this version they have endeavored to make their OS more complete and easier to use than ever before. This does not only mean throwing in more programs, but also improving Windows file support, easier networking, and minimizing installation problems. The trade-off for making everything easier to work with is that very advanced users may be turned off, but that is a comprise that Linspire is willing to make."
Assess System Security Using a Linux LiveCD (developerWorks)
developerWorks takes a look at four live Linux CDs; Auditor, Whoppix (now WHAX), Knoppix-STD and Phlak; that can be used to assess security vulnerabilities. "While everyone agrees that making a security assessment of a system or network is of critical concern and that a thorough assessment is a time-consuming effort that should probably be performed in concert with other testing (such as performance, for example), being able to rapidly check a system for vulnerabilities is also a useful tool, one made possible by these four security-assessment packages in LiveCD format."
Page editor: Rebecca Sobol
Development
Linux-HA reaches the 2.0 milestone
The High-Availability Linux Project (Heartbeat) is aimed at the management of Linux clusters:
![[Linux-HA]](https://static.lwn.net/images/ns/linux-ha.png)
LWN.net
looked at
Heartbeat 1.0.1 in March, 2003; the project has grown considerably
since then. It currently runs on a wide variety of Linux distributions,
and supports the ia32, ia64, amd64, PPC, zSeries mainframe, and
OpenPower platforms.
Version 2.0.0 of Linux-HA
was announced this week.
"This release extends the capabilities of Linux-HA far beyond anything
available in the past, and provides basic capabilities comparable to
any commercial HA package.
This release provides support for monitoring of resources (services) and
support for larger clusters - we have tested up to 16-node clusters.
In Release 2, simple clusters are simple to create, and more complex
clusters can take advantage of our rule-based resource placement methods
to ensure that the cluster does exactly what is desired when failures occur.
"
New features in the 2.0.0 release include:
- Improvements to the messaging and logging systems.
- Support for multi-node clusters up to and beyond 16 nodes.
- Five new components including an information base, resource managers, and a policy engine.
- Support for Shoot The Other Node In The Head (STONITH).
- Support for OCF and LSB resource agents.
- Support for cluster grouping and cloning.
- Resource location and ordering constraint support.
- A choice of failback, failure and "No Quorum" behaviors.
- Cluster state and configuration monitoring tools.
Congratulations go to the Linux-HA developers for making this big step forward. The code is available for download in source and RPM formats here.
System Applications
Audio Projects
JACK 0.100.0 announced
Version 0.100.0 of JACK, the JACK Audio Connection Kit, is available. "In brief, more functions for getting latency statistics, better thread handling, and a more verbose way of connecting to the jackd server."
Database Software
JabRef 1.8 released (SourceForge)
Version 1.8 of JabRef, a graphical application for managing bibliographical databases, has been announced. "JabRef runs on all platforms and requires Java 1.4 or newer. The new stable release of JabRef provides lots of improvements, new features and bugfixes since version 1.7.1."
Interoperability
Samba 3.0.20rc1 Available for Download
Version 3.0.20rc1 of Samba has been announced, it features bug fixes. "This is a release candidate of the 3.0.20 code base and is provided for testing purposes only. While close to the final stable release, this snapshot is *not* intended for production servers."
Networking Tools
iptables 1.3.3 released
Version 1.3.3 of the iptables network packet filtering system is out. "The final 1.3.3 version contains accumulated bugfixes to the last 1.3.2 version. It also adds support for the upcoming (kernel 2.6.14) NFQUEUE target."
Nagios Plugins 1.4.1 released (SourceForge)
Version 1.4.1 of Nagios Plugins, a network host and service monitoring application, is available with bug fixes. "Nagios monitors hosts and services on your network. Actual host and service checks are performed by separate plugins which return the host or service status to Nagios."
Xprobe2 v0.3 released
Version 0.3 of Xprobe2, a remote active operating system fingerprinting tool, is out with bug fixes and other improvements.
Web Site Development
CentraView CBM v 2.0.6 released (SourceForge)
Version 2.0.6 of CentraView CBM is available. "CentraView is a browser-based Enterprise Java (J2EE) Contact Management, Groupware, Collaboration, CRM, SFA, Project Management software. Run locally or as a hosted service. Built on Apache Tomcat, JBoss, MySQL, Linux (Fedora, RedHat and others) & Windows. Most of the work for this release was done to make the install easier and to get it to work with modern versions of the supporting software."
Campsite 2.3 released
Version 2.3 of Campsite, a multilingual web publishing tool for news sites, is available. "'Campsite 2.3 is the most advanced open-source system for news publishing on the web,' said CAMP Managing Director Sava Tatiæ. 'Our development team has worked for the last three months to implement feature requests from the international community of Campsite users, and 2.3 really addresses those requests.'"
Zope 3.1.0c1 released
Version 3.1.0c1 of the Zope web content management system is available. "It is in our opinion that Zope 3.1 is more than ready for production use, which is why we decided to drop the 'X' for experimental from the name. We will also continue to work on making the transition between Zope 2 and Zope 3 as smooth as possible."
Web Services Messaging with Apache Axis2: Concepts and Techniques (O'ReillyNet)
Srinath Perera and Ajith Ranabahu discuss web services messaging on O'Reilly. "The messaging strategies needed for web services vary, and Apache Axis2 has addressed this problem by creating basic building blocks from which many messaging schemes can be built. Srinath Perera and Ajith Ranabahu show how it works."
Analyzing the Web (O'Reilly)
John E. Simpson discusses web site analysis on O'Reilly's XML.com. "Sites are measured along a host of dimensions: hits, visits and return visits, page views, referrers, visit duration and depth, authenticated users, etc. Most professional Web-hosting providers include with their hosting plans a logging feature which captures all these details and saves them for later analysis."
Miscellaneous
ttyrpld 2.03 released (SourceForge)
Version 2.03 of ttyrpld, a multi-os kernel-level tty logger, is out. "Version 2.03 updates locale translations and adds patches for Linux 2.6.13-rcX, OpenBSD 3.7, FreeBSD 5.4 and 6.0-beta1."
WURFL 2.0 is out (SourceForge)
Version 2.0 of WURFL is available. "WURFL 2.0 is eventually ready for download. The WURFL file contains information regarding wireless devices' configurations, capabilities and features. The main scope of this file is to collect as many information as we can about all the existing wireless devices that access WAP pages. It took MONTHS to be ready, but now it's here, ready for download. There are seriously TOO many updates to list here, download the XML and see it for yourself."
Desktop Applications
Business Applications
OpenWFE 1.5.4 released (SourceForge)
Version 1.5.4 of OpenWFE, a java workflow engine and Business Process Management suite, has been released. "OpenWFE 1.5.4 brings many improvements : a new and enhanced library for storing flows and workitems in a database, new boolean functions, an improved embeddable set of POJOs (engine + worklist), a system for submitting forms per email, a way of storing java beans into workitems, a simplified 'if' syntax and lots of bug fixes."
Desktop Environments
GNOME 2.12 Beta 1 Development Release (GnomeDesktop)
The first pre-release of GNOME 2.12 Beta 1 has been announced. "This release is a feature frozen snapshot primarily intended for wide public scrutiny before the final GNOME 2.12 release in September. GNOME uses odd minor version numbers to indicate development status."
A GNOME 2.12 preview
A screenshot-heavy GNOME 2.12 preview has been posted. This GNOME release, due on September 7, appears to have a great many improvements, but not much in the way of revolutionary new features.GARNOME 2.11.90 released
Version 2.11.90 of GARNOME, the GNOME testing release, is out. "This release incorporates all of the GNOME 2.11.90 (aka. Beta 1) Desktop and Developer Platform, including glib/gtk+ 2.7.x and cairo. This release has also had a little more polish to ensure that the build system builds and links against things in your GARNOME directory, and not your system one, hopefully cutting down on errors relating to pesky '.la files' that some distributions insist on shipping in their -devel packages."
GNOME Software Announcements
The following new GNOME software has been announced this week:- cairo snapshot 0.6.0 (new features and bug fixes)
- CeeMedia 0.5.2 (stable release)
- duty-roaster-0.0.79.95 (new features and bug fixes)
- Epiphany 1.7.3 (bug fixes)
- GLib 2.6.6 (bug fixes)
- GLib 2.7.5 (release candidate for v2.8.0)
- Glom 0.9.0 (new features and translation work)
- GNOME-schedule 0.9.0 (new features and bug fixes)
- gtk 2.8 (for GNOME 2.12)
- GTK+ 2.6.9 (bug fixes)
- GTK+ 2.7.5 (new features, bug fixes, translation and documentation work)
- gtk-engines 2.6.4 (bug fixes)
- intltool 0.34.1 (bug fixes)
- miscellaneous new modules (for GNOME 2.12)
- Nautilus-Sendto 0.4 (new features, bug fixes and translation work)
- PyGTK 2.7.2 (bug fixes)
- Ruby-GNOME2 0.13.0 (new features and bug fixes)
- Seahorse 0.7.9 (new features, bug fixes, and documentation work)
- Teatime 2.4.3 (translation work)
KDE 3.4.2 released
KDE 3.4.2 is out. This is a maintenance release, but it also includes improved translations. There is a live CD ("Klax") available for those who want to try it out without actually installing it on their systems.KDE Commit Digest for July 29, 2005 (KDE.News)
The July 29, 2005 edition of the KDE Commit-Digest has been announced, here's the content summary: "DigiKam adds an image editor plugin to remove Hot Pixels' on photographs. Krita adds an OpenEXR import filter and adds support for working with high dynamic range images such as 32-bit floating point RGBA colourspace. KSpread gets a new function manager and repository (a Google SoC project). Allow setting the wallpaper via DnD, even when icons on desktop are disabled. Media kioslave implements the autostart of application after mount. KMail now has Online/Offline status. amaroK adds podcast support within the playlist browser."
KDE Software Announcements
The following new KDE software has been announced this week:- amaroK 1.3-beta2 (new features and bug fixes)
- Kalva 0.7.0 (new features and bug fixes)
- kdesvn 0.3 (new features and bug fixes)
- Krecipes 0.8.1 (performance improvements and bug fixes)
Financial Applications
KMyMoney 0.7.5 released (SourceForge)
Version 0.7.5 of KMyMoney, a personal Finance Manager for KDE, has been released. "The development team has released KMyMoney 0.7.5, an updated version of the current development branch. Please expect updated installation packages for various distributions soon."
GUI Packages
FOX Toolkit 1.4.17 (stable) released
Stable version 1.4.17 of the FOX Toolkit, a cross-platform C++ GUI toolkit, is out with bug fixes. "FOX is a C++ based Toolkit for developing Graphical User Interfaces easily and effectively. It offers a wide, and growing, collection of Controls, and provides state of the art facilities such as drag and drop, selection, as well as OpenGL widgets for 3D graphical manipulation. FOX also implements icons, images, and user-convenience features such as status line help, and tooltips."
Music Applications
E-Radium V0.61d announced
Version 0.61d of E-Radium, a midi music editor that runs under the E-Uae Amiga emulator, is out with miscellaneous improvements and bug fixes.
Office Applications
Arsenal 1.5 released (SourceForge)
Version 1.5 of Arsenal has been announced. "Arsenal 1.5 client and server version 1.5 with new User Interface was released July 24 2005. This release is cross-platform but the SIP phone feature is only supported on the Windows XP version. Arsenal is a Real-Time Collaboration (RTC) and conferencing project. Written 100% in Java".
Office Suites
OpenOffice.org Newsletter
The July, 2005 edition of the OpenOffice.org Newsletter is online with the latest OpenOffice.org news.
Video Applications
DIVA: A New Home Video Editor (GnomeDesktop)
GnomeDesktop looks at Diva, a video editor. "One of the weaknesses of the Unix application-base is a good, stable and easy to use *home* video editor. Many applications have tried to fill up the void, like Kino and Cinelerra, but with mediocre results for the kind of functionality and ease of use a normal household would expect. This is where DIVA comes in."
Web Browsers
Greasemonkey 0.5 beta available
Greasemonkey 0.5 beta is now available. The announcement says "install at your own risk," but, seeing as this version fixes an unpleasant security problem (discussed in last week's LWN Security Page), not installing it could be an even bigger risk. This version includes a new features and a defense against sites which attempt to block Greasemonkey outright.Mozilla 1.7.11 Released (MozillaZine)
Version 1.7.11 of Mozilla has been announced. "The Mozilla Foundation has released Mozilla 1.7.11, a minor update to the Mozilla Application Suite. This latest version fixes two regressions introduced in Mozilla 1.7.10. Both issues affected the Mail & Newsgroups component, with one causing the thread pane (list of messages) to not always be updated when a new folder is selected (bug 300749) and the other sometimes preventing the cursor keys from working in the message composition window (bug 301917)."
Yahoo! Toolbar 1.0 for Mozilla Firefox Released (MozillaZine)
Version 1.0 of the Yahoo! Toolbar for Mozilla Firefox has been announced. "Yahoo! Toolbar Product Manager Jon Granrose writes in with news that version 1.0 of the Yahoo! Toolbar for Mozilla Firefox is now available: "We just released the first non-beta Yahoo! Toolbar for Firefox. All the usual good stuff such as portable bookmarks, plus a resizable search box, right-mouse-click and open in tab for toolbar buttons, and support for trunk builds, among other things.""
Miscellaneous
Gourmet 0.8.5.8 released (SourceForge)
Version 0.8.5.8 of Gourmet Recipe Manager has been released. "Version 0.8.5.8 brings a number of major bugfixes. 0.8.5.8 also adds some more keyboard shortcuts."
Languages and Tools
Caml
Caml Weekly News
The Caml Weekly News for July 26 through August 2, 2005 is online. Topics include: OCaml NAE release cf-0.7 and iom-0.2, Games, Netclient 0.91, OCamlDuce, OCaml meets lego bricks, and CodeWiki.net Announcement.
Haskell
Haskell Weekly News - debut issue
The August 2, 2005 edition of the Haskell Weekly News is online with the latest Haskell language articles. "HWN is an experiment inspired by Debian Weekly News and Linux Weekly News. Each Tuesday, new editions will be posted (as text) to the Haskell mailing list and (as HTML) to The Haskell Sequence."
Java
Annotations vs. configuration files
Dennis Sosnoski explores annotations and configuration files on IBM developerWorks. "Annotations let you specify metadata as part of your source code. With this feature, you can embed tool instructions in your code rather than creating separate configuration files that you then need to maintain in parallel to the source code. But, as Java consultant Dennis Sosnoski explains, configuration files still have their uses, especially for aspect-like functions that cut across the source code structure of an application."
Lisp
SBCL 0.9.3 released
Version 0.9.3 of Steel Bank Common Lisp is available. "This version adds experimental support for bivalent streams, support for the koi8-r external format, and fixes a number of bugs."
SLIME and UnCommon Web tutorial videos
New tutorial videos for SLIME (Superior Lisp Interaction Mode for Emacs) and Uncommon Web are available. "Marco Baringer has prepared tutorial videos on the SLIME development environment for Lisp and the UnCommon Web continuation-based framework. The former shows how to use SLIME, from installation and setup to some advanced features. The latter demonstrates using UnCommon Web and SLIME to create a simple web application."
Perl
This Week in Perl 6 (O'Reilly)
The July 20-26, 2005 edition of This Week in Perl 6 is out with the latest Perl 6 development news.Porting Test::Builder to Perl 6 (O'Reilly)
chromatic discusses the migration of a project from Perl 5 to Perl 6 on O'Reilly. "Perl 6 development now proceeds in two directions. The first is from the bottom up, with the creation and evolution of Parrot and underlying code, including the Parrot Grammar Engine. The goal there is to build the structure Perl 6 will need. The second direction is from the top down, with the Pugs project implementing Perl 6 initially separate from Parrot, though recent additions allow an embedded Parrot to run the parsed code and to emit valid Parrot PIR code."
PHP
SimpleTest 1.0.1 alpha released (SourceForge)
Version 1.0.1 alpha of SimpleTest, a PHP unit testing suite, is available. "It's been a while since the last update. This is mainly a maintanence release, but does add some additional features to the web tester. In particular, HTML labels can be used to identify clickable elements and file uploads are now supported."
Python
Dr. Dobb's Python-URL!
The July 29, 2005 edition of Dr. Dobb's Python-URL! is online with the latest new Python articles.python-dev summary
The July 1-15, 2005 edition of the python-dev summary covers the traffic on the python-dev mailing list.
Tcl/Tk
Jacl and Tcl Blend 1.3.2 released
Version 1.3.2 of Jacl and Tcl Blend, the Tcl/Java integration software, is available. "The 1.3.2 version is a "production" ready release, it is considered stable enough to be used on an everyday basis. The code in this release is already being used by customers in production environments on a daily basis."
Dr. Dobb's Tcl-URL!
The August 3, 2005 edition of Dr. Dobb's Tcl-URL! is online with the latest Tcl/Tk news and resources.
Profilers
Valgrind 2.4.1 is available
Version 2.4.1 of Valgrind, a suite of simulation based debugging and profiling tools, is available. "2.4.1 is a maintenance release that contains various bug fixes which have accumulated since 2.4.0 was released about four months ago. 2.4.1 still only supports x86-linux. For amd64-linux support, please wait for 3.0, which will ship shortly."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
The Commons Doesn't Have a Business Plan (O'ReillyNet)
Andy Oram looks at the concept of the commons, as it applies to open source and free software. "This article explores how this concept fits in with free software, also known as open source software. I will also touch on some ways that business imperatives, imprudently pursued, can weaken the commons, that fertile field from which the most promising future businesses will emerge."
At the Forge - Getting Started with Ruby (Linux Journal)
The Linux Journal offers an introduction to Ruby. "Ruby was designed to be an 'object-oriented scripting language', and it indeed feels like a cross between Perl and Smalltalk. It assumes that you understand object-oriented programming and probably is not a good first language for someone to learn. But if you are familiar with both objects and Perl, then you quickly can learn to do many things with Ruby."
The Virtual Internship: Taking Control of Your Future by Becoming an Open Source Developer (O'ReillyNet)
This O'ReillyNet article advises young job seekers to work on open source projects. "When you contribute to an open source project, you may start off doing some of the same kind of menial chores that you would do in an internship. These may include reviewing documentation, comments, and source code, and submitting small patches to fix the inevitable typos and small mistakes that you'll find. This housekeeping not only familiarizes you with the project's policies and code, but helps you to gain the trust of the project's committers."
The SCO Problem
Novell Files Answer and Counterclaims (Groklaw)
For those of you joining us in morbidly watching the long, drawn-out end of the SCO saga: Groklaw has Novell's counterclaims in the "slander of title" suit. "Novell tells the court that SCO contacted Novell after Darl McBride took the helm, and they asked Novell to go in with them in a 'Linux licensing program'. Novell refused to participate, calling it a 'scheme'. It was in that context that SCO asked Novell to give them the Unix copyrights. They repeatedly made such requests, asking Novell to amend the Novell-Santa Cruz agreement to give SCO the copyrights. Novell repeatedly said no." Novell is also asserting a claim to all of the "licensing" money SCO received from Sun and Microsoft.
Companies
Microsoft Talks Tough on Linux (eWeek)
eWeek reports that Microsoft devoted a 40-minute session at its annual financial day to the competitive threat posed to its business by open source software and Linux. "Asked if he is concerned about the gains that Linux has made, especially in the enterprise, Ballmer said Linux has not gained much share in the enterprise other than for Web hosting and HPC. "They certainly haven't gained at our expense. I am not worrying; I'm focusing," he said."
Novell seeks outside help with Linux (News.com)
News.com reports that Novell plans to start opening up the development of SUSE Linux. "The first stage of Novell's effort will begin next week with the first public beta test release, [Linux marketing director Greg] Mancusi-Ungaro said. Next, Novell will accept bug fixes and suggestions from outsiders, and, eventually, more active development. By the spring of 2006, Novell will make the product's underlying source code available and will provide publicly accessible servers that can be used to build the software, he said."
Linux Adoption
Kenosha Finds Big Savings in Linux (TopTechNews)
TopTechNews looks at the successful deployment of Red Hat Linux on Penguin Computing hardware in Kenosha, Wisconsin. "Ruth Schall remembers when vendors and fellow I.T. directors would look at her network and scratch their heads. "I would get calls and people would think we were freaks. They'd say, 'What are you doing?'" recalls Schall, director of MIS for the city of Kenosha, Wis. "But people don't consider us quite so strange anymore." Now, instead of expressing surprise at the broad use of Linux, Kenosha's peers are calling for advice."
Legal
Software Patents Don't Compute (Spectrum)
IEEE's Spectrum has an article on software patents which tries to draw a reasonable line between inventions which are patentable and those which are not. "But while demolishing the distinction between software and math, Turing and Church's work offers a natural division between patentable machinery and unpatentable mathematics--exactly what we have been looking for. Let the devices that implement state machines--physical objects such as computers--be patentable, and the states to which they are set--information such as programs and data--remain unpatentable. The distinction meets the goal of ensuring that pure mathematics is not patentable while letting those who design faster and better computing devices patent their inventions."
Cisco Files Suit to Gag Researcher, Security Conference (eWeek)
eWeek covers a recent lawsuit by Cisco and ISS against Michael Lynn. "Cisco Systems and Internet Security Systems have asked a U.S. District Court to issue a restraining order against a former ISS researcher and Black Hat over the leak of information about security holes in Cisco's Internetwork Operating System. The two companies jointly filed an injunction and temporary restraining order Wednesday against researcher Michael Lynn and the Black Hat Briefings Conference, demanding that Lynn and Black Hat Inc. stop disseminating information on security holes in IOS (Internetwork Operating System) that Cisco Systems Inc. alleges was illegally obtained."
New EU Law Proposed - Criminal Sanctions for IP Infringement (Groklaw)
Groklaw takes a look at an EU law proposal. "They probably mean well. They are thinking about criminal gangs and counterfeit goods that may, in some cases, actually harm or kill people, as well as the revenue lost. So EU lawmakers have come up with a proposed law that ensures that "all intentional infringements of an intellectual property right on a commercial scale, and attempting, aiding or abetting and inciting such infringements, are treated as criminal offences.""
Interviews
Jonathan Riddell Interviewed about Kubuntu (DistroWatch)
DistroWatch has an interview with Jonathan Riddell on the Kubuntu Project. "The Kubuntu distribution is a partner project of Ubuntu Linux. Designed for those who prefer KDE over GNOME, Kubuntu maintains the usual high development standards of its parent project, while providing users with the latest KDE packages throughout the distribution's release cycle. We caught up with Jonathan Riddell, the initiator and lead developer of Kubuntu." (Found on KDE.News)
LQ Radio Interview #3 - Asa Dotzler
LQ Radio has interviewed Asa Dotzler of the Mozilla Foundation. In the interview, Asa covers how he got turned on to Open Source and Firefox, why the FF 1.1 release morphed into 1.5, where Firefox and the Mozilla Foundation are headed and more. Total running time is 1:21. A BitTorrent is available. You can also download the show directly (in mp3 and ogg format) or as a Podcast.
Resources
The Daemon, the GNU and the Penguin - Ch. 16 (Groklaw)
Groklaw presents chapter 16 of the online book The Daemon, the GNU and the Penguin by Dr. Peter Salus. This chapter covers The Hurd and BSDI.Sharing files between OpenOffice.org and Microsoft Office (NewsForge)
NewsForge shows how to share files between OpenOffice.org and Microsoft Office. "Even if you're the most dedicated OpenOffice.org (OOo) user in the world, sooner or later you'll be asked to share files with someone using Microsoft Office. Some free software advocates refuse outright, or suggest outputting to HTML, PDF, or RTF formats, but these aren't always options -- especially if your boss is the one doing the asking. However, with a few preparations and a sense of what works and what doesn't, you can usually share files with Microsoft Office users with a minimum of headaches on both sides."
Reviews
The Arrival of NX, Part 1 (Linux Journal)
FreeNX Development Team member Kurt Pfeifle begins a series of articles on FreeNX, on Linux Journal. "NX is a new technology that allows one to run remote X11 sessions across slow or low-bandwidth network connections. User experience with NX is one of excellent responsiveness. Users with previous remote X11 session experience are stunned by NX's speed and its snappy application interaction. Moreover, NX also can connect to remote RDP and VNC sessions and offer big performance wins over TightVNC and rdesktop remote access."
A PBX for everyone with Asterisk@Home (NewsForge)
NewsForge reviews Asterisk@Home. "Asterisk, the open source private branch exchange (PBX) from Digium, has the power to change the telecommunications industry in much the same way that Linux is changing the operating systems market, but it needed work to simplify installation and configuration. The recent release of Asterisk@Home, a Linux distribution dedicated to making Asterisk easy to install and configure, is a big help."
Miscellaneous
VoIP security prototype gets an airing (News.com)
News.com covers Phil Zimmermann's efforts to provide a secure way to make phone calls over the Internet. "The prototype, called "zfone," should be available online at the end of August, along with accompanying documentation, Zimmermann said. The VoIP client is based on the open-source Shtoom VoIP phone client, with added cryptography."
'Free' Danish beer makes a splash (BBC News)
Here's some free beer for Friday afternoon. "Most important, the students released the recipe under what is called a Creative Commons licence. "You're free to change it," says Mr Nielsen. "But if you use our recipe as the basis for your beer, you have to be open with your recipe as well. That's the legal framework that follows the beer." You can even sell your own version, as long as you credit Our Beer for the recipe." (Thanks to Paul Sladen)
Firefox Builds on Its Success (eWeek)
eWeek looks at Firefox and changes at the Mozilla Foundation. "Concerns about developer burnout and a lack of overall management had led to Mozilla naming Mike Schroepfer its new director of engineering. According to Mozilla President Mitchell Baker, Schroepfer will initially focus on product planning and delivery for Mozilla's upcoming new releases, such as Thunderbird 1.5, Firefox 1.5 and Gecko 1.9. Once that's in hand, he'll work on managing Mozilla's development employees."
Rating system to evaluate open-source software (News.com)
News.com has this report (from the NY Times) on a rating system for open source software. "The initiative, Business Readiness Ratings, is to be announced Monday at the O'Reilly Open Source Convention in Portland, Ore. The rating system, the sponsors say, will employ an open-source model with scores determined by those who use certain programs and contribute their judgments. The idea can be seen as a software version of the Zagat survey of restaurants--rankings determined by customers."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
FFII.org domain hoster scared away by Nutzwerk
The ffii.org domain was shut down recently by its hosting provider. NoSoftwarePatents.com has more information on how ffii.org's hosting provider reacted to a threatening letter from Nutzwerk's lawyers. The ffii.org domain is still there and can be accessed by setting your nameserver to 212.72.72.97 and efforts are underway to transfer the domain, so it should be back in a few days. (Thanks to jrigg)The Freedom Toaster
One of the newest projects announced by the Shuttleworth Foundation is the Freedom Toaster. "This project began as a means of overcoming the difficulty in obtaining Linux and open source software due to the restrictive telecommunications environment in South Africa, where the easy downloading of large pieces of software is just not possible. The project essentially consists of a conveniently located `Bring 'n Burn' facility, where users bring their own blank discs and make copies of the open source software they require."
International Petition Against Data Retention
European Digital Rights and XS4ALL Internet have sent out an international petition against data retention. "Internet users from all European countries are urged to sign the protest. The petition is aimed at the European Commission and the members of the European Parliament. The data retention proposal orders telephone companies and internet providers to retain the phone and e-mail records of their customers. The proposal to retain traffic data will reveal who has been calling and e-mailing whom, what websites people have visited and even where they were with their mobile phones."
MozillaZine Enters Top 100 Folding@Home Teams (MozillaZine)
The MozillaZine team has achieved a Top 100 rating at the Folding@Home site. "Folding@Home is a project based on the distributed computing model, and aims to find a cure for diseases related to protein folding. Last year, MozillaZine forum members joined the project as a team. As reported earlier, the team had entered Top 200, back in April. We're pleased to announce that our team has now entered the ranks of Top 100 teams, and are mentioned on the Official Team Stats page."
An Open Letter to the Community from MySQL Founders
MySQL Founders David Axmark and Michael "Monty" Widenius have sent an open letter to the open-source community. "This year, we are celebrating ten years of MySQL: the database, the company and the community. It's been hard (and interesting!) work for us -- but looking back, we should celebrate how far we've come. We created the best software we could for you, and you turned it into the most popular database of its kind. We want to thank you for this."
OSDL Appoints Chief Financial Officer
The Open Source Development Labs (OSDL), has announced the appointment of Mike Temple to the position of Chief Financial Officer (CFO). "Temple brings more than 25 years experience in finance and operations to the OSDL executive team, including 15 years in CFO and general management roles and 10 years in public accounting practice."
RISKS turns 20
RISKS 23.96 includes a note from Peter G. Neumann that this newsletter - still one of the best on the net - is now 20 years old. RISKS 1.01 was posted on August 1, 1985. It includes some familiar topics (computers and elections, for example), along with the resignation of David Parnas from the "strategic defense initiative" advisory panel. Congratulations to PGN for 20 years of excellence; he says he is not likely to stick with it for another 20, but it would be OK with us if he did.SeaMonkey Project Looking for Logo and Artwork (MozillaZine)
The SeaMonkey Project needs help from digital artists. "Robert Kaiser writes in with news that the SeaMonkey project is looking for a new logo and artwork for the community-driven continuation of the Mozilla Application Suite".
Commercial announcements
Open Source Announcements
OSCON 2005 is in full swing, in Portland, Oregon. It seems to have inspired open source and Linux announcements from several companies.- Novell, Inc. has announced comprehensive technical support for the JBoss Enterprise Middleware System (JEMS).
- Novell and HP are offering HP BladeSystem and Proliant servers with SUSE Linux.
- Palamida has announced alliances with the Eclipse Foundation and SourceForge.net.
- SourceLabs has announced SourceLabs SASH Stack for Java, a new open source stack undergoing certification, and comprehensive support and maintenace services by subscription.
Arcom offers Fedora on single board computer
Arcom has announced the availability of Fedora Linux on their APOLLO single board computer. "To accelerate your Linux development cycle, Arcom has introduced a ready-to-run Development Kit for the APOLLO a Pentium M based single board computer designed for applications demanding long term product availability and high performance fanless operation. The APOLLO is built on power efficient Intel Centrino technology and is an industry standard EBX platform (8 x 5.75)."
Astaro Corporation Expands into Asia-Pacific
Astaro has announced its expansion into the Asian market. "The opening of this office in Hong Kong and the hiring of Schneersohn mark the next step for Astaro in its commitment to the region. The company expects to open additional local offices throughout the region as it makes available new Asian language products in the coming quarters."
Coverity: Linux kernel quality improving
Coverity, the company formed out of the Stanford Checker work, has sent out a press release on the results of running its static analysis code on the 2.6.12 kernel. "Approximately 6 million lines of software were analyzed in the study. Defect density decreased slightly by 2.2 percent from 0.17 defects thousand lines of code in December of 2004 to 0.16 defects in July of 2005."
Funk Software Announces Steel-belted Radius for Linux
Funk Software has announced the new Steel-Belted Radius, a RADIUS server. ""More and more customers want to move their network security applications to Linux," said Joe Ryan, vice president of Funk Software. "By making Steel-Belted Radius * a critical component of an enterprise's security strategy * available on Linux, we are giving customers the most flexibility in architecting and enforcing network access security across their entire enterprise.""
Kaspersky Lab Launches Linux Security Initiative for U.S. Market
Kaspersky Lab has announced the release of three new versions of Kaspersky(R) Anti-Virus designed specifically to protect Linux and Unix email and file servers and workstations, running on the Linux, FreeBSD and Open BSD operating systems.Mozilla creates a for-profit corporation
The Mozilla Foundation has announced the creation of the Mozilla Corporation, a for-profit company which will take over the development of Firefox and Thunderbird. Most Foundation employees will move over to the corporation. "As the Mozilla Foundation focuses on the project's governance, infrastructure and source code, the Mozilla Corporation will focus on developing and delivering end-user products, including marketing, sponsorships and a range of distribution-related activities. These activities are also expected to generate revenue, but the Mozilla Corporation only intends to pursue those that fit with the Mozilla project's focus on end-user experience and are consistent with the public benefit goals of the parent Mozilla Foundation."
Openstream Contributes Speech Components to IBM-Apache Framework
Openstream, Inc. has announced the contribution of speech components for stock market applications to the Apache Foundation. "The RDC initiative, led by IBM and its partners, drives the speech and voice application business from its proprietary, vertical roots into the horizontal world of standards-based development. Speech components, called RDCs or Reusable Dialog Components, handle basic functions such as recognizing and responding to company names in brokerage and trading applications, dates or currencies, for example."
Progeny and NCS Technologies partner on Linux appliance platforms
NCS Technologies and Progeny have announced a partnership for producing Linux-based appliance platforms. "NCS will be a source of high-quality, custom hardware platforms and manufacturing services for Progeny's server appliance customers. Independent software vendors (ISVs) working with NCS will be able to bundle their applications with a custom Linux operating system built and maintained by Progeny."
SGI Announces Product and Customer Highlights for Fourth Quarter
SGI has announced the financial results for its recently completed the fourth quarter of fiscal year 2005. "SGI extended its family of Silicon Graphics Prism(TM) visualization systems with a new deskside model-starting under $8,500, thus answering the growing demand for more visualization capability in the hands of scientists and engineers using Linux to solve problems personal computers (PCs) can't handle. In addition, at National Association of Broadcasters (NAB) conference in April, Silicon Graphics Prism was named one of the Top 10 products of NAB by Digital Cinema Report."
Graphics Industry Demonstrates Widespread Adoption of OpenGL 2.0 API
Silicon Graphics and the OpenGL Architecture Review Board have announced industry adoption of the OpenGL(R) 2.0 API and the OpenGL Shading Language. "3Dlabs, ATI and NVIDIA, the top manufacturers of real-time 3D graphics cards, have all released products supporting the OpenGL 2.0 specification and the OpenGL Shading Language, ensuring its widespread availability."
SpikeSource Introduces Fully Configured Made-to-Order Open Source Stacks
SpikeSource has announced the packaging of open-source components in its SpikeSource Core stack. "Developers will now be able to select from pre-built stacks for specific uses or define their own stack. Available at http://www.spikesource.com, the SpikeSource Core stack offers over 50 different components that can be combined to create fully configured and validated stacks, saving days or weeks otherwise spent integrating and configuring individual components and testing for overall interoperability."
SugarCRM Releases Version 3.5 Beta of Sugar Suite
SugarCRM Inc. has announced the release of version 3.5 Beta of Sugar Suite, an open-source Customer Relationship Management (CRM) application. "Enhancements in Version 3.5 include a new plug-and-play installation utility for third-party add-on modules, cross-module reporting, HTML email support, simplified upgrade of customizations, improved Microsoft Outlook integration, and new user interface skins."
New Books
Using Moodle - O'Reilly's Latest Release
O'Reilly has published the book Using Moodle by Jason Cole.
Resources
IDS Load Balancing HOWTO
Jeremy M. Guthrie has published an IDS Load Balancing HOWTO. "I have created a new Howto for creating a multi-gigabit-per second IDS load balancer/distributor. Technically the limits are on buses and CPUS, so if you have enough bus speed and CPU... then you could use 10gbps cards. I am in the process of trying to get this posted to the Linux documentation project for the official online copy."
Linux Gazette #117
Linux Gazette #117 is available. Topics this month include creating audio books from text, an introduction to CUPS, Python templating, Snort, and several others.
Contests and Awards
FSF announces call for 2005 award nominations
The Free Software Foundation (FSF) and the GNU project have announced that nominations are open for 2005 FSF Award for the Advancement of Free Software. "This award is presented to a person who has made a great contribution to the progress and development of free software, through activities that accord with the spirit of software freedom (as defined in the Free Software Definition."
Python Game Programming Challenge Registration opens
Registration for the Python Game Programming Challenge is open. "Registration is now open for the first Python Game Programming Challenge (also known as PyWeek). The challenge runs from Sunday August 28th to Sunday September 4th. That means there's only (checks website) 29 days to go before the challenge starts!"
Upcoming Events
Big Nerd Ranch Announces PostgreSQL Bootcamp
Big Nerd Ranch will hold a PostgreSQL Bootcamp on September 26-30, 2005 near Atlanta, Georgia. "The PostgreSQL Bootcamp, led by instructor Chris Campbell, is an intensive, five-day, hands-on class designed to take students through the rigors of PostgreSQL, from the basics of installing and configuring PostgreSQL on a server to the more advanced aspects of performance and security."
Free Linux Certification Offered at LinuxWorld San Francisco
IDG World Expo has announced that The Linux Professional Institute (LPI) will offer free Linux certification testing at LinuxWorld Conference & Expo in San Francisco, taking place in August.KDE at San Francisco LinuxWorld Expo (KDE.News)
KDE will be present at the upcoming LinuxWorld Expo. "The K Desktop Environment project will again be present with a booth at the LinuxWorld Expo being held in San Francisco August 9 through 11. We'll be at booth #2038, upstairs, in the new Moscone building! We'll be demonstrating not only KDE 3.4, but also the upcoming KDE 3.5 and even maybe bits and pieces of what will become the revolutionary turning of the Gear KDE 4.0."
Mozilla at OSCON 2005 and LinuxWorld Expo (MozillaZine)
MozillaZine has announced participation by the Mozilla Foundation at the O'Reilly Open Source Convention and the LinuxWorld Conference & Expo. "At OSCON 2005, where the Mozilla Foundation will be exhibiting at booth 818, several leading Mozilla contributors will be giving talks or participating in sessions. Mozilla Foundation President Mitchell Baker will answer questions in a keynote interview and also appear on the Women in Open Source panel."
Wind River to Host Seminar Series on Linux Migration in Device Software
Wind River Systems, Inc. has announced a seminar series on migrating from legacy Real Time Operating System (RTOS) platforms to Linux. The seminars will take place on August 2, 2005 in Sunnyvale, CA, on August 16 in Alameda, CA, and on August 23 in Bellevue, WA.Open Source Desktop Workshops: San Diego (KDE.News)
KDE.News has an announcement for the first Open Source Desktop Workshop. The event will be held in San Diego, CA on October 13 and 14, 2005. "Open Source Desktop Workshops are affordable educational events that bring top-flight Open Source desktop developers together with those who are looking to gain the skills necessary to join them. With presenters from around North America speaking on a variety of practical topics this will be an exciting and worthwhile event." See this press release for more information.
Events: August 4 - September 29, 2005
| Date | Event | Location |
|---|---|---|
| August 4 - 5, 2005 | O'Reilly Open Source Convention | (Oregon Convention Center)Portland, Oregon |
| August 4, 2005 | Penguincon 2005 | Israel |
| August 4 - 7, 2005 | Linux 2005 | (University of Wales)Swansea, UK |
| August 4 - 5, 2005 | CIFS 2005 Conference and Plugfest | (Doubletree Hotel)San Jose, CA |
| August 4, 2005 | 2005 SIGGRAPH Computer Animation Festival | Los Angeles, CA |
| August 4 - 5, 2005 | USENIX Security Symposium | Baltimore, MD |
| August 4 - 8, 2005 | Wikimania 2005 | Frankfurt am Main, Germany |
| August 8 - 11, 2005 | LinuxWorld Conference and Expo | (Moscone Center)San Francisco, CA |
| August 20, 2005 | Free Audio and Video Event(FAVE) | (Trinity Community and Arts Centre)Bristol, UK |
| August 27 - September 4, 2005 | aKademy 2005 | (University of Málaga)Málaga Spain |
| August 31 - September 2, 2005 | YAPC::EU::2005 | (University of Minho)Braga, Portugal |
| September 1 - 2, 2005 | Symposium on Security for Asia Network(SyScAN'05) | (The Dusit Thani Hotel)Bangkok, Thailand |
| September 1 - 4, 2005 | GOTO10 ASP digital sound workshop | Rotterdam, the Netherlands |
| September 5 - 9, 2005 | International Computer Music Conference(ICMC 2005) | Barcelona, Spain |
| September 14 - 16, 2005 | php|works | (Holiday Inn Yorkdale)Toronto, Canada |
| September 16 - 18, 2005 | ToorCon 7 | (San Diego Convention Center)San Diego, CA |
| September 19 - 21, 2005 | Plone Conference 2005 | (Semper Depot, Lehargasse)Vienna, Austria |
| September 20 - 23, 2005 | New Security Paradigms Workshop(NSPW) | (UCLA Conference Center)Lake Arrowhead, California |
| September 23 - 24, 2005 | Sixth Symposium on Trends in Functional Programming(TFP 2005) | Tallinn, Estonia |
| September 26 - 29, 2005 | Hack in the Box Security Conference(HITBSecConf2005) | Kuala Lumpur, Malaysia |
| September 28 - 30, 2005 | OpenOffice.org Conference 2005(OO.oCon) | Koper (Capodistria), Slovenia |
Web sites
Business Readiness Rating site online
The Business Readiness Ratings project is an initiative sponsored by Carnegie Mellon West, O'Reilly CodeZoo, SpikeSource, and Intel; its purpose is to collaboratively rate open source software projects to make it easier for businesses to choose between them. The project now has a site online at openbrr.org. There you'll find a white paper [PDF] describing the project and several example rating forms (in Excel format - one assumes that the open source spreadsheets have not been rated well).Finnish Mozilla.fi Community Site Opens (MozillaZine)
MozillaZine has announced the opening of the Mozilla.fi (Finnish language) site. "Mozilla.fi is a community site done by the Finnish Mozilla localisation project, which is one of the many official Mozilla localisation projects. The site gathers Finnish Mozilla resources, which have until now been scattered around the webscape, into one comprehensive site."
Audio and Video programs
LUGRadio episode out with Cairo interview (GnomeDesktop)
GnomeDesktop.org mentions the latest LUGradio episode. "One of the highlights of this weeks show is an interview with Carl Worth, maintainer of the Cairo project. Cairo is very important for GNOME as it allows us to greatly improve the look and feel of GNOME further to stay competitive with MacOSX and future Windows releases."
Page editor: Forrest Cook
Letters to the editor
Microsoft works on fix as Firefox is updated
| From: | Leon Brooks <leon-AT-cyberknights.com.au> | |
| To: | editorial-AT-computerweekly.com | |
| Subject: | Microsoft works on fix as Firefox is updated | |
| Date: | Mon, 1 Aug 2005 07:49:56 +0800 | |
| Cc: | letters-AT-lwn.net |
http://www.computerweekly.com/Articles/2005/07/26/211088/...
> There have now been more flaws in the Firefox browser this year than
> in Microsoft's Internet Explorer.
I think this needs considerable qualifying:
* The Firefox team have fixed more things than the MSIE team this year;
* MSIE has over six times as many outstanding (unfixed) bugs as Firefox;
* MSIE's many outstanding flaws are rated "Highly critical", FF's few
are rated "Less critical";
* Working wild exploits for FF: zero; for MSIE: hundreds;
* Because MSIE is closed-source, only a very few people can audit it, but
anybody can audit FF;
* This cannot be written off to popularity, since MSIE's exposure far
outweighs the popularity ratio.
For some interesting if somewhat unnerving statistics, see here:
http://nanobox.chipx86.com/ie_is_dangerous.php
For the record, I use the Konqueror web browser.
Cheers; Leon
--
http://cyberknights.com.au/ Modern tools; traditional dedication
http://plug.linux.org.au/ Member, Perth Linux User Group
http://slpwa.asn.au/ Member, Linux Professionals WA
http://osia.net.au/ Member, Open Source Industry Australia
http://linux.org.au/ Member, Linux Australia
Page editor: Jonathan Corbet