|
|
Subscribe / Log in / New account

LWN.net Weekly Edition for December 8, 2005

FOSS.IN: A report

FOSS.IN 2005 has run its course. Your editor, having returned (sans luggage and with a seriously confused body clock) to a Colorado cold snap, will now set out to summarize this impressive event. This article is a companion to the first-day report already published.

[FOSS.IN venue] FOSS.IN attracted something over 2700 attendees to a set of steel-and-canvas temporary buildings set up on the grounds of the Bangalore Palace. Speakers - mostly from India, but also coming from Australia, Brazil, Germany, Malaysia, the US, and beyond - led sessions on a wide variety of topics. The audience was interested and engaged in a way not often seen at other events. FOSS.IN was a fun place to be.

This report will not attempt to summarize the individual sessions. Those who are interested in further information should have a look at the numerous reports being posted on planet.foss.in. There are also quite a few photos available.

On the last day of the conference, your editor delivered a brutally technical kernel programming talk to a crowd which nearly filled the 750-seat "Intel Hall." That is several times the number of people which normally turn up for that sort of session. These people were not just filling the seats; they asked no end of detailed questions during the session and after as well. Alan Cox's technical device driver talk drew an even larger crowd. An immediate conclusion which might be drawn is that Bangalore contains hundreds of programmers who are interested in - and capable of - hacking on the kernel.

Even if only 10% of those attendees were truly active in kernel development, one would expect to see a significant amount of code from Bangalore working its way into the mainline kernel. And there are some Bangalore-based kernel hackers who are active on the mailing lists and who are contributing code. But their numbers are far smaller than one would expect after seeing how many people are interested and knowledgeable in this area. India is, as one developer put it, "the world's biggest consumer of free software," but it is not a huge contributor. Trying to reconcile this difference became one of your editor's primary objectives at FOSS.IN.

It is not possible to claim that this objective was realized in any complete way. It has become clear, however, that a few forces are at play here. One of them become evident early on: of the numerous questions asked privately by attendees, quite a few had to do with binary-only kernel modules. It seems that the challenges involved in maintaining proprietary modules - the changing kernel API, GPL-only exports, etc. - are proving frustrating to deal with. But more to the point: it seems that a significant percentage of these kernel developers are engaged in the writing of proprietary code. Your editor was far from the only speaker to sermonize about the problems inherent in proprietary code and the importance of contributing back to the community, but, if Indian companies are demanding the creation of proprietary code, that's what their employees will write.

[Neeti] Another important factor was revealed in a talk given by Neetibodh Agarwal, and in various discussions which followed. Neeti was called upon to set up a development team for Novell in Bangalore, and he was struck by just how difficult that was to do. There are, it seems, a number of reasons why Indian developers have a difficult time engaging with the free software development community.

By several accounts, the problem starts with the university system. The Indian universities are strongly oriented toward the creation of employable graduates in large numbers; a number of FOSS.IN attendees described them as "assembly line" operations. There is a strong emphasis on passing tests and getting through the system on schedule, and, it seems, little interest in encouraging creativity and curiosity in the students. The universities were described as a conformist environment with little love of those who have their own ideas of how things should be done. The end result, as expressed to your editor, is that most students have had any love of hacking beaten out of them by the time they graduate.

The fact that the universities are, for the most part, hostile to Linux and free software does not help either.

Neeti's talk described Indian developers as needing to have their jobs laid out to them in great detail. They want to know where their boundaries are, and are uncomfortable if left to determine their own priorities and approaches. Your editor's initial reaction was that this claim sounded like classic talk from a pointy-haired boss who does not trust his employees to make decisions. Subsequent discussions backed up Neeti's claims, however. A few Indians told me that Indian employees require a high degree of supervision; perhaps that is why the pizza stand at the site required two-levels of necktie-wearing bosses who apparently did little to actually get pizza into the hands of conference attendees. It is not that Indians lack the intelligence to function without a boss breathing down their neck - that is clearly not the case - but all of their training tells them to work in that way.

So if one were to construct a stereotypical picture of an Indian software developer, it would depict a person who sees programming very much as a job, and not as an activity which can be interesting or rewarding in its own right. This developer is most interested in getting - and keeping - a stable job in a country where an engineering career can be a ticket to a relatively comfortable middle-class existence. Keeping that job requires keeping management - and coworkers - happy, and not rocking the boat.

For such a developer, the free software community is not a particularly attractive or welcoming place. A developer who contributes to a free software project may earn a strong reputation in the community, but that reputation is not appreciated by that developer's employer or co-workers, and is not helpful for his or her career. Criticism from the community - even routine criticism of a patch by people who appreciate the developer's contributions in general - can be hurtful to a career in a culture where open criticism is not the normal way of doing things. Developers who expect to have their job parameters laid out to them in detail may feel lost in a project where they are expected to find something useful to do, and push it forward themselves. And these developers, while being possibly quite skilled in what they do, often have no real passion for programming, and leave it all behind when they leave the office each day.

It also does not help that, at this point, would-be contributors have few role models in India.

In the long term, many of these problems may go away. For now, however, getting Indian programmers into the community will require some extra care. Often, it will be necessary to engage (respectfully) with their supervisors: in most cases, if an Indian is working with the community, it is because his or her boss is making it happen. Being careful with criticism and avoiding creating trouble for Indian developers in their work hierarchies can only help.

And, obviously, an important step will be the creation of a vibrant free software community in India. This community can provide inspiration, mentoring, and support for [Gentoo booth] aspiring contributors; it could also provide a pool of free software programmers from which employers could hire. The seeds of this community were clearly visible at FOSS.IN - in fact, many FOSS.IN attendees are poorly described by (and probably somewhat offended by) the caricature presented above (please accept your editor's apologies). Dozens of Indian free software hackers got up on stage and presented their work at this event. Interestingly, the distribution most in evidence at FOSS.IN was Gentoo, rather than one of the products of the commercial distributors who are steadily employing more developers in Bangalore. The Ruby hackers - unlikely to be working at the behest of their employer at this stage - essentially had their own one-day track at the event. Harald Welte's session on hacking the Linux-based Motorola a780 phone attracted a very high level of interest. There is, clearly, a lot going on in India even now; it will be most interesting to watch the level of activity explode as the local community develops.

Events like FOSS.IN are crucial for the development of this community. So it is unfortunate that this event is currently dealing with some serious financial problems. A sponsorship shortfall led to a reduction in the conference program, and it leaves the organizers with a financial gap that they are struggling to close. Given this situation, it is worth noting that the list of conference sponsors (which includes Intel, Google, Sun, and HP) is missing the names of a few companies which work with free software, and which have a presence in Bangalore. In particular, IBM, Novell, and Red Hat all declined to sponsor FOSS.IN this year, even though many of their employees were using their vacation time to attend. Local companies, such as Wipro and InfoSys, were represented in the audience and among the speakers, but did not sponsor the event. If these companies see any benefit in having a thriving community to support their developers, sponsoring an event like FOSS.IN should look like an inexpensive way to help bring that community about.

Your editor thanks FOSS.IN (and its sponsors) for making it possible for him to be there. It was a fun and informative event in an interesting and changing part of the world.

Comments (26 posted)

A look at the Patent Commons Project and OIN

December 7, 2005

By Pamela Jones, Editor of Groklaw

Now that we have both OSDL's Patent Commons Project and the Open Invention Network off and running, the questions that come to mind are: what is the difference, if any, between them, and are either of them -- or both of them together -- enough to protect Linux and FOSS development from a US patent system that appears to have gone bonkers? More specifically, can they protect Linux from Microsoft, or SCO-like surrogate trolls, should it decide to press forward in implementing its many hints of bringing patent infringement claims against Linux?

An obvious first question might be: what are the differences between these two initiatives? While they are both designed for protection against patent infringement litigation, there are differences in approach. A patent commons provides both a safety zone and a way to barter. Corporations cross-license their patents all the time. GNU/Linux developers have been shut out of that club, but, with some patents and patent pledges in a patent commons, they would have something to barter with. Consequently, OSDL encourages individuals, companies, Open Source projects, and universities to obtain patents and then contribute them to the commons:

The Project also provides a meaningful way for those who oppose software patents to use the current patent system for the benefit of the open source community and industry. Patenting ideas reduces the likelihood that detractors of open source software and open standards will obtain a patent on that same invention and use it against the community and industry, or extract royalties for its use. More importantly, patenting ideas and then pledging the patents in support of The Commons expands and reinforces the protective environment of The Commons.

OSDL's project is also designed to help developers keep track of all the patents and the patent pledges, and it is focused on all of Open Source:

Today's software patent environment is growing increasingly complex for developers and users of both proprietary and open source software. This is an intricate problem with many facets, and most everyone understands the need for a comprehensive, long-term solution.

It has as a goal to simplify the administrative process of licensing patents, so the industry finds it easy and pleasant to work with Open Source and can make their patents available without a lot of rigmarole. From the Patent Commons website:

With increasing frequency, institutions, companies, and inventors wish to signal formally to open source developers, distributors, sellers and users that software patents they hold are not a threat or inhibitor to the development, distribution or use of open source software and open standards. The traditional means of giving permission to use patented inventions (such as licenses) can be expensive, time consuming, and logistically difficult to provide. Commitments simplify the process by which access to patented inventions can be granted.

The Patent Commons is set up to facilitate that process. The idea is to provide developers with a safer haven, and reassurance via understanding which patents will not be used against them. Also, enforcing the patents in the commons is administered by OSDL, which is an important benefit for patent donors.

"Over the last 12 months, OSDL has been happy to see companies signal to the community their promises not to enforce patents against open source developers. We have wanted to ensure these pledges would be accessible to those who they are intended to support. The OSDL Project and website does just that," said Diane Peters, general counsel, OSDL. "For the first time, the pledges are being compiled and then cataloged in a neutral location where developers can view and analyze each pledge. So, regardless of where one stands on the value of one patent pledge over another, developers and IT managers can review the merits of each pledge and determine for themselves the value they can provide for them or their peers."

As Eben Moglen stated, there is strength in numbers, and so even though he opposes patents, he encourages developers to contribute to the project. As Linus Torvalds put it, it's "one way to try to help developers deal with the threat" of patent litigation. It's not the complete solution, of course, because the patent system is dysfunctional in the US. Peters: "We do realize that the Patent Commons Project and website is one step of many that will need to take place to address the flawed patent system and we applaud other efforts that are taking place and encourage further discussion and actions to chip away at the current system."

The Open Invention Network approaches the same threat, but in a different way. First, it's a company that has a patent portfolio, but it isn't using its patents for profit generation; instead it plans to use them to create a healthy environment for Linux to develop in safely, to promote safe innovation and drive advancement of applications for, and components of, Linux. It's primarily designed to protect Linux but it covers also other Open Source software.

OIN has the 39 web services patents that Novell, through a subsidiary, bought from bankrupt CommerceOne in December for $15.5 million, and it will seek to acquire more patents, and then offer them royalty-free to any company, institution or individual that agrees not to assert its patents against the Linux operating system or certain Linux-related applications. IBM, Novell, Philips, Red Hat, and Sony currently fund OIN. OIN isn't just about collecting patents and offering them to others on mutually pleasant terms. A Red Hat SEC filing adds this:

The LLC may also take appropriate, good faith counter-measures within the scope of its mandate, such as declaratory judgment actions, reexamination actions, interferences or similar legal or administrative actions initiated anywhere in the world.

In short, they are "armed and dangerous". I'm kidding, but only a little. These are some of the largest tech vendors in the world drawing a line in the sand and saying, if you cross this line and attack Linux, we will respond, and we have something to respond with effectively. One savvy editor, Richard Hoffman of Network Computing put it like this:

This is the first systematic attempt by a group of large vendors to ensure that Linux and its users are protected from the threat of legal action. OIN can't hope to acquire even a small fraction of all applicable patents, but that's not how patent battles work. All OIN must do is maintain an adequate stable of "defensive" patents, which can be offered under a cross-licensing arrangement any time Microsoft or others threaten legal action. In other words: You don't sue us, we won't sue you.

But do these organizations provide any sort of meaningful protection? When you consider that Eben Moglen, OSDL, Linus Torvalds, Richard Stallman, and the lawyers at IBM, Novell, Red Hat, Sony, and Philips all think so, a better question would be, why would one doubt it? As you may have observed in the current Blackberry patent anguish, or the Microsoft-Eolas battle, even one patent can be dangerous, so having hundreds in your arsenal is bound to make any aggressor stop and think twice before taking you on.

But are the patents any good, some may ask? Do you remember, before the auction of the CommerceOne patents, how anxious everyone was feeling, particularly Google, Oracle and Sun Microsystems? What if the patents fell into the wrong hands? Efforts to pool resources were reported in the press, including by a nonprofit group, the CommerceNet Consortium. Here is how the patents were described by CommerceNet:

CommerceNet asserted that the patents "cover basic technology for facilitating network transactions by identifying a transaction in terms of input and output documents. If obtained by an intellectual property licensing organization, it is expected that the patents would likely be broadly asserted against companies completing transactions using web service interface descriptions (WSDL), service registries (UDDI), and documents composed from XML building blocks."

At the time observers thought the patents were valuable and dangerous:

"There's a concern that these patents could be used aggressively by a buyer to shake down the whole Web services industry," said Jason Schultz, an attorney at technology activist organization the Electronic Frontier Foundation.

Thanks to Novell, those patents are now available to the community, having been donated to OIN, and not only do they not endanger Linux, they protect it. They have the same power today that they had then. Even Microsoft is impacted by the patents, which is exactly what you want, if you wish to deter an attack, is it not? If OIN had nothing but these patents, it would have something useful in defending Linux. Here's what Gartner said about the value of OIN:

Software patents pose the single largest threat to the open-source software model. Though they protect their owners' IP, they can also create legal barriers to many open-source efforts. For example, as Linux and Windows edge onto one another’s turf, the Linux community will have few defenses against the power of Microsoft, if the software giant should seek to claim royalties from the use of allegedly misappropriated IP.

A company like OIN that can uphold a strong patent portfolio will create a counter-offensive against potential patent infringement claims. OIN expects to accumulate patents by purchase, auction or donation. It will contractually offer royalty-free usage of its patents to technology suppliers for use in their own products (as long as the patent user makes no future patent infringement claim against Linux and associated software). We believe this collaborative environment is likely to free up the flow of technology somewhat, by reducing fears of lawsuits from patent claims.

It frees up the flow by holding evildoers at bay, pure and simple. Is it the complete solution? No. As far as I'm concerned, software and patents need to get a divorce on the grounds of incompatibility. Some feel that is the only goal worth striving for. But can you do it by next week? If you can, please do and we won't need either the OSDL Patent Commons Project or OIN. But if you can't, what do you suggest we do to hold patent attacks at bay? SCO didn't have any patents. Imagine if they did. How do you plan to protect GNU/Linux from such a patent infringement claim? If you don't have a plan, then are you thinking deeply enough?

Something new, innovative, and powerful is now standing guard over Linux. The lawyers have been busy and very creative. and yes, it's real. It has deterrent value in the legal context. And if litigation comes along anyway, it has both defensive and offensive potential. A year ago, Linux had nothing but threats hanging over its head, threats of patent litigation heading its way. Now, there is some protection against that threat, protection which will continue to be strengthened, I'm sure. No matter what your position on software patents, how can that be anything but good?

Comments (22 posted)

Obnoxious legislation in Europe

Much fuss has been made over the "DADVSI" law currently under consideration in France. By some accounts, the French government is trying to ban free software outright. Getting the real story of what is happening in France is difficult, especially for one who reads French as slowly as your editor does. But the truth which is emerging suggests that, while DADVSI is obnoxious, it isn't quite as bad as some have made it out to be.

DADVSI is the French implementation of the EUCD directive from the European Union. It can be thought of as the French version of the DMCA; it has the usual prohibitions on the circumvention of digital restriction mechanisms and such. An amendment to this bill would appear to ban all software which does not contain DRM and watermarking capabilities; this provision has led the EUCD.info site to conclude that it would affect tools like web servers, ssh, and FTP.

Such a ban looks impractical at best. What the amendment really appears to cover is any software which is capable of removing DRM and watermarks from content. This provision clearly covers some free code, with DeCSS being at the top of the list. No free software will ever be able to access restricted content under this law; since the source is available, any restrictions could be removed by the user. So the amended DADVSI law does effectively ban free software from certain areas, but it does not affect free software in general.

This law, like all of its variants worldwide, is certainly worth opposing. An online petition has been posted for people to express their opposition to this law, which is expected to be considered immediately before Christmas. Signing the petition makes sense, especially for French citizens. Directly contacting members of the National Assembly is also a very good idea.

Meanwhile, the European Union appears poised to adopt a new data retention directive. This law would require communications providers (telephone companies, ISPs) to record information on telephone calls, Internet use, email traffic, etc., and to retain it for 6-24 months. It is already impossible in some parts of Europe to sit down at an Internet cafe without showing identity papers; the data retention directive would force Internet providers across Europe to record identities and activities. Access to this data would be relatively unrestricted; the entertainment industry is lobbying to be able to use it for tracking down file sharers.

While not directly related to free software, this directive is clearly hostile to the rights and privacy of all Europeans. Unfortunately, its passage in the European Parliament on December 12 appears to be an almost foregone conclusion. More information can be found in this EDRI-gram newsletter.

Comments (6 posted)

Page editor: Jonathan Corbet

Security

The SANS top-20 list

SANS has posted a new version of its 20 most critical Internet security vulnerabilities list. As always, this list is a good starting point for those looking for potential security problems on their networks. Here are some highlights from the current version:

  • Five of the twenty items concern Windows and other Microsoft software.

  • There are ten vulnerabilities in "cross-platform applications" listed. Some of these (commercial DNS servers, for example) do not apply to most Linux systems. But others do, including anti-virus software (ClamAV in particular), PHP-based applications (several vulnerabilities), database managers, file-sharing applications, media players, and Mozilla-based browsers.

  • There are only two Unix-specific vulnerabilities, and one of those is a general item on Mac OS X. The other vulnerability is "configuration weaknesses," with an emphasis on SSH attacks.

Once upon a time, this list was evenly divided between Windows and Unix vulnerabilities. A casual reading of the current list suggests that things have shifted in favor of Unix-based systems. While it may be true that Unix-based systems are easier to keep secure on the net, there is still no reason to be overly complacent. A system compromised by way of a Firefox or PHP vulnerability is still compromised.

Comments (3 posted)

New vulnerabilities

apache2: memory leak

Package(s):apache2 CVE #(s):CVE-2005-2970
Created:December 6, 2005 Updated:December 19, 2005
Description: A memory leak was found in the Apache 2 'worker' module in the handling of aborted TCP connections. By repeatedly triggering this situation, a remote attacker could drain all available memory, which eventually led to a Denial of Service.
Alerts:
Mandriva MDKSA-2005:233 apache2 2005-12-19
Ubuntu USN-225-1 apache2 2005-12-06

Comments (none posted)

ktools: buffer overflow

Package(s):centericq CVE #(s):CVE-2005-3863
Created:December 7, 2005 Updated:August 29, 2006
Description: From the Debian-Testing alert: Mehdi Oudad "deepfear" and Kevin Fernandez "Siegfried" from the Zone-H Research Team discovered a buffer overflow in kkstrtext.h of the ktools library, which is included in (at least) centericq and motor.
Alerts:
Gentoo 200608-27 motor 2006-08-29
Debian DSA-1088-1 centericq 2006-06-03
Debian DSA-1083-1 motor 2006-05-31
Gentoo 200512-11 centericq 2005-12-20
Debian-Testing DTSA-23-1 centericq 2005-12-05

Comments (none posted)

helix-player: integer overflow

Package(s):helix-player CVE #(s):CVE-2005-2629
Created:December 2, 2005 Updated:December 7, 2005
Description: An integer overflow has been discovered in helix-player, the helix audio and video player. This flaw could allow a remote attacker to run arbitrary code on a victims computer by supplying a specially crafted network resource.
Alerts:
Debian DSA-915-1 helix-player 2005-12-02

Comments (none posted)

inkscape: insecure temp files

Package(s):inkscape CVE #(s):CVE-2005-3885
Created:December 5, 2005 Updated:December 7, 2005
Description: Javier Fernández-Sanguino Peña discovered that Inkscape's ps2epsi.sh script, which converts PostScript files to Encapsulated PostScript format, creates a temporary file in an insecure way. A local attacker could exploit this with a symlink attack to create or overwrite arbitrary files with the privileges of the user running Inkscape.
Alerts:
Ubuntu USN-223-1 inkscape 2005-12-05

Comments (1 posted)

ipsec-tools: denial of service

Package(s):ipsec-tools CVE #(s):CVE-2005-3732
Created:December 1, 2005 Updated:June 8, 2006
Description: ipsec-tools has a remote denial of service vulnerability in the racoon daemon. If racoon is running in aggressive mode, it fails to check all peer payloads during When the daemon the IKE negotiation phase, allowing a malicious peer to crash the daemon. One should always be careful around aggressive racoons.
Alerts:
Fedora-Legacy FLSA:190941 ipsec-tools 2006-06-06
Red Hat RHSA-2006:0267-01 ipsec-tools 2006-04-25
Debian DSA-965-1 ipsec-tools 2006-02-06
Mandriva MDKSA-2006:020 ipsec-tools 2006-01-25
SuSE SUSE-SA:2005:070 ipsec-tools,freeswan,openswan 2005-12-20
Gentoo 200512-04 openswan 2005-12-12
Ubuntu USN-221-1 ipsec-tools 2005-12-01

Comments (none posted)

mailman: denial of service

Package(s):mailman CVE #(s):CVE-2005-3573
Created:December 2, 2005 Updated:March 8, 2006
Description: Scrubber.py in Mailman 2.1.4 - 2.1.6 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service.
Alerts:
Red Hat RHSA-2006:0204-01 mailman 2006-03-07
Debian DSA-955-1 mailman 2006-01-25
Ubuntu USN-242-1 mailman 2006-01-16
Mandriva MDKSA-2005:222 mailman 2005-12-02

Comments (none posted)

perl: integer overflow

Package(s):perl CVE #(s):CVE-2005-3962 CVE-2005-3912
Created:December 1, 2005 Updated:February 27, 2006
Description: Perl has an sprintf integer overflow vulnerability that may be used for a denial of service, remote code execution and information leakage.
Alerts:
Fedora-Legacy FLSA:176731 perl 2006-02-25
Debian DSA-943-1 perl 2006-01-16
Red Hat RHSA-2005:881-01 Perl 2005-12-20
Red Hat RHSA-2005:880-01 Perl 2005-12-20
SuSE SUSE-SA:2005:071 perl 2005-12-20
Fedora FEDORA-2005-1145 perl 2005-12-14
Fedora FEDORA-2005-1144 perl 2005-12-14
Ubuntu USN-222-2 perl 2005-12-12
Trustix TSLSA-2005-0070 multi 2005-12-09
Mandriva MDKSA-2005:225 perl 2005-12-08
Gentoo 200512-02 webmin 2005-12-07
Gentoo 200512-01 perl 2005-12-07
OpenPKG OpenPKG-SA-2005.025 perl 2005-12-03
Mandriva MDKSA-2005:223 webmin 2005-12-02
Ubuntu USN-222-1 perl 2005-12-02
Fedora FEDORA-2005-1116 perl 2005-12-01
Fedora FEDORA-2005-1113 perl 2005-12-01

Comments (none posted)

trackballs: symlink vulnerability

Package(s):trackballs CVE #(s):
Created:December 7, 2005 Updated:December 7, 2005
Description: Trackballs follows symbolic links, possibly allowing unprivileged users to access and modify files accessible by the games group.
Alerts:
Debian-Testing DTSA-26-1 trackballs 2005-12-05

Comments (none posted)

xpdf: arbitrary code execution

Package(s):xpdf CVE #(s):CVE-2005-3193
Created:December 6, 2005 Updated:January 11, 2006
Description: Several flaws were discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened.
Alerts:
Fedora FEDORA-2005-027 xpdf 2006-01-11
Gentoo 200601-02 kdegraphics 2006-01-04
Red Hat RHSA-2005:840-02 xpdf 2005-12-20
Red Hat RHSA-2005:867-01 gpdf 2005-12-20
Fedora FEDORA-2005-1170 xpdf 2005-12-17
Fedora FEDORA-2005-1169 xpdf 2005-12-17
Gentoo 200512-08 xpdf 2005-12-16
Fedora FEDORA-2005-1146 gpdf 2005-12-14
Fedora FEDORA-2005-1142 cups 2005-12-14
Fedora FEDORA-2005-1141 cups 2005-12-14
Ubuntu USN-227-1 xpdf/cupsys/tetex-bin/kdegraphics/koffice 2005-12-12
Fedora FEDORA-2005-1126 tetex 2005-12-07
Fedora FEDORA-2005-1127 tetex 2005-12-07
Fedora FEDORA-2005-1125 gpdf 2005-12-07
Fedora FEDORA-2005-1122 xpdf 2005-12-06
Fedora FEDORA-2005-1121 xpdf 2005-12-06
Red Hat RHSA-2005:840-01 xpdf 2005-12-06

Comments (none posted)

Page editor: Jonathan Corbet

Kernel development

Brief items

Kernel release status

The current 2.6 prepatch is 2.6.15-rc5, released by Linus on December 3. It consists mostly of fixes, but also includes some changes for drivers which map memory into user space (see below). The long-format changelog has the details.

2.6.15-rc4 was released on November 30; details in the long-format changelog.

The current -mm tree is 2.6.15-rc5-mm1. Recent changes to -mm include some memory management tweaks, a special test which taints the kernel when ndiswrapper or driverloader is loaded, a new set of ktimer patches, and various architecture updates.

Comments (none posted)

Kernel development news

Linux in a binary world... a doomsday scenario

Arjan van de Ven has contributed to the debate on proprietary kernel modules by putting together a scenario based on one crucial event: "On December 6th, 2005 the kernel developers en mass decide that binary modules are legally fine and also essential for the progress of linux, and are as such a desirable thing." Click below to see how the story plays out.

Full Story (comments: 63)

Xen 3.0 released

Version 3.0 of the Xen hypervisor - a virtualization system - has been released. Xen 3.0 includes support for Intel's hardware virtualization mechanism, SMP guest systems (with hot-pluggable virtual CPUs), large memory support, trusted platform module support, ports to the ia-64 and (soon) PowerPC architectures, and more.

Comments (10 posted)

The first stable OpenVZ release

The OpenVZ project has announced its existence and its first stable release. OpenVZ is yet another virtualization approach for Linux, based on SWsoft's "Virtuozzo" product. The OpenVZ approach differs from others, however, in that it creates its virtualized environments within a single kernel; the result, it is claimed, is better performance. Unfortunately, the released patch is for the ancient 2.6.8 kernel.

Comments (34 posted)

The evolution of driver page remapping

Two weeks ago, this page looked at the new VM_UNPAGED flag, introduced in 2.6.15-rc2 to mark virtual memory areas (VMAs) which are not made up of "normal" pages. These areas are usually created by device drivers which map special memory areas (which may or may not be device I/O memory) into user space. Your editor now humbly suggests that readers ignore that article; things have changed significantly since then.

As it turns out, Linus didn't like the VM_UNPAGED idea, so he rewrote the code for 2.6.15-rc4. The VM_UNPAGED VMA flag is gone, replaced by VM_PFNMAP. The new flag has a very similar meaning: it marks the VMA as containing special page table entries which should not be touched by the VM subsystem. In particular, it states that there is no page structure associated with any page in that VMA, so the VM subsystem should not go looking for one. Even in cases where that structure does exist (such as remappings of real memory), the VM code will pretend that it does not.

The advantage of the reworked code is that it takes out a number of special cases; the VM_PFNMAP VMAs can be treated just like normal VMAs in more places. Things quickly got a bit more complicated, however. The initial VM_PFNMAP code assumed that a linear range of addresses was being mapped into user space. In fact, some drivers piece together memory in more complicated ways.

So a subsequent patch added explicit support for "incomplete" VMAs, marked with yet another flag: VM_INCOMPLETE. When the kernel detects that a driver is creating something other than a straightforward, linear mapping, it sets that flag and emits a warning. It also requires, in this case, that the pages being remapped carry the PG_reserved flag - even though this flag is being phased out. Remapping RAM in this way always required that flag in the past, so this requirement is not a change as far as drivers are concerned.

The patch adding VM_INCOMPLETE notes that "In the long run we almost certainly want to export a totally different interface for that, though." In this case, "in the long run" meant about one day, when yet another patch was merged adding a new function:

    int vm_insert_page(struct vm_area_struct *vma, 
                       unsigned long address,
                       struct page *page);

This function inserts the given page into vma, mapped at the given address. It does not put out warnings, and does not require that PG_reserved be set. What it does require is that the page be an order-zero allocation obtained for this purpose; it is not possible to remap arbitrary RAM pages with vm_insert_page(). Since a page structure is required, the new function is also unsuitable for remapping I/O memory. But it is useful for drivers which wish to map a set of pages into a user-space address range.

Just which driver might want to do something like that became clear when another patch was merged for 2.6.15-rc5. It removed the GPL-only export for vm_insert_page() and included this commit message:

Make vm_insert_page() available to NVidia module. It used to use remap_pfn_range(), which wasn't GPL-only either, and the new interface is actually simpler and does more checking, so we shouldn't unnecessarily discourage people from switching over.

Some developers objected to this change, seeing it as an explicit endorsement of the proprietary NVidia drivers. Others, however, saw it as a simple attempt to avoid breaking drivers without a good reason. The kernel developers may well be working toward taking a stronger stand against proprietary modules, but this particular interface will not be the place where that battle is fought.

Comments (2 posted)

bcm43xx and the 802.11 stack

The Broadcom 43xx family is yet another wireless network chipset without free driver support. There is, however, a proprietary Linux driver available; for example, the LinkSys WRT54G router has a Broadcom module. A reverse engineering team has been busily looking at that driver with the idea of writing a document describing how this chipset works; the resulting free bcm43xx specification is in a reasonably complete state.

Independently, the bcm43xx driver team has been writing a driver from this specification. The authors have never worked with the original, proprietary driver, so they should be unable to infringe any copyrights which cover that driver. This project has been moving along quietly for a while, but the quiet period is over: the free bcm43xx driver is now working. It is not for the faint of heart at this point, but it is able to transmit and receive packets. Adventurous souls with suitable hardware are encouraged to start testing the new driver.

While almost everybody is happy to see a free driver for this hardware, there have been some complaints about it. In particular, some developers are unhappy about the "softmac" layer used by the bcm43xx driver. This layer handles many media access tasks - scanning, management frames, etc. - for the driver. This functionality is not currently a part of the Linux 802.11 stack because the chipset for which that stack was initially developed - Intel's ipw chips - performs those tasks in hardware. Most other chipsets rely on the host for this functionality, so some sort of "software MAC" must be provided.

The problem is not that there is no softmac implementation for Linux; instead, there are too many of them. The softmac layer used by the bcm43xx driver, which is meant to integrate with the current kernel 802.11 stack, is one. The MadWifi project includes its own 802.11 stack, including a software MAC implementation. There is also a complete 802.11 stack from Devicescape available. Both the MadWifi and Devicescape stacks are said - by their supporters - to be more capable than the in-kernel stack, with or without the softmac layer. So why, they ask, should yet another software MAC be written using the in-tree 802.11 stack when better alternatives exist?

Your editor will not attempt to draw any conclusions about which implementation is the best. The simple fact, however, is that the in-tree 802.11 code is what developers have to work with now. Efforts to work with and improve that code will be better received by the networking maintainers than pointing at out-of-tree parallel implementations. So the softmac code used by the bcm53xx driver would appear to have an advantage going forward: it builds on the existing, in-tree code, and makes new capabilities available for all drivers.

Meanwhile, those who are interested in playing with the bcm43xx driver may want to avail themselves of the daily snapshots posted by the project.

Comments (1 posted)

Memory copies in hardware

Upcoming versions of Intel processors will include a feature called an "asynchronous DMA engine." Essentially, it is a hardware peripheral which can be used to quickly copy data from one memory location to another. The "I/OAT" ("I/O acceleration technology") is expected to improve performance by offloading copy operations, enabling quick in-memory scatter/gather operations, and keeping copy operations from pushing useful data out of the processor's cache.

Hardware with an I/OAT is not yet available, but a patch for I/OAT support has recently been posted. It lacks the hardware-level interface, but does demonstrate the API that the folks at Intel have come up with for this sort of device.

Code which wishes to make use of the I/OAT must first register itself as a "DMA client." The registration interface looks like:

    #include <linux/dmaengine.h>
    typedef void (*dma_event_callback)(struct dma_client *client, 
                                       struct dma_chan *chan, 
				       enum dma_event_t event); 

    struct dma_client *dma_async_client_register(dma_event_callback event_callback);
    void dma_async_client_unregister(struct dma_client *client);

The client must provide a callback function which will be invoked when DMA channels come and go. If all goes well, registration results in a dma_client structure which can be used with subsequent operations.

Before anything can be done, the client must request one or more "channels." Every channel on the I/OAT can be used for one copy operation at a time; all channels can be operating simultaneously. The function to request channels is:

    dma_async_client_chan_request(struct dma_client *client, 
                                  unsigned int number);

The client's callback function will be called once for each allocated channel. The number of channels actually allocated may be less than what has been requested. There is no real guidance on the optimal number of channels to ask for; the example patch for the networking subsystem requests one channel for each processor on the system. The number of channels can be changed later on if need be.

There are three functions for actually starting a copy operation:

    dma_cookie_t dma_async_memcpy_buf_to_buf(struct dma_chan *chan,
                                             void *dest, void *src,
                                             size_t len);
    dma_cookie_t dma_async_memcpy_buf_to_pg(struct dma_chan *chan,
                                            struct page *page,
                                            unsigned int offset,
                                            void *kdata, size_t len);
    dma_cookie_t dma_async_memcpy_pg_to_pg(struct dma_chan *chan,
                                           struct page *dest_pg,
                                           unsigned int dest_off,
                                           struct page *src_pg,
                                           unsigned int src_off,
                                           size_t len);

All three functions do the same thing: they request an asynchronous copy operation from one memory location to another. The only difference is whether kernel addresses or page structures are used to specify the locations. For some reason, it appears to be necessary to issue a call to:

    void dma_async_memcpy_issue_pending(struct dma_chan *chan);

before the operation will actually happen.

Since copy operations are asynchronous, they may not have completed when the request functions return, so the caller should not mess with the affected buffers in the mean time. There are two functions for querying and waiting for completion:

    dma_async_memcpy_complete(struct dma_chan *chan, dma_cookie_t cookie,
                              dma_cookie_t *last, dma_cookie_t *used);
    dma_async_wait_for_completion(struct dma_chan *chan, 
                                  dma_cookie_t cookie);

dma_async_memory_complete() will return one of DMA_SUCCESS, DMA_IN_PROGRESS, or DMA_ERROR, depending on the status of the copy operation indicated by cookie (the last and used arguments can be passed as NULL; their purpose is not entirely clear to your slow editor). A call to dma_async_wait_for_completion() will wait until the given operation finishes. In the current implementation, that wait is accomplished via a busy loop calling schedule(). There is no function for canceling an outstanding operation.

The initial reaction to the patch was cautiously positive. There is some concern that invoking an external device to perform copies may be sufficiently expensive that it will only be worthwhile for very large operations. There were also some requests to extend the interface to include a transformation to be performed on the data as it is copied. The current hardware does not look like it will support anything beyond a direct copy (though, since the hardware is not yet available, it is hard to be sure), but it would be nice to be able to make use of any such capabilities as they arrive. Transformations could be simple (simply zeroing a buffer, say), or complex (cryptographic operations). But they will only be available if the interface supports them.

The hardware is due in "early 2006," so more information will become available then. Until that time, there probably will not be any serious discussion of merging the I/OAT interface.

Comments (6 posted)

Patches and updates

Kernel trees

Andrew Morton 2.6.15-rc5-mm1 ?
Alexey Dobriyan 2.6.15-rc5-kj1 ?
Linus Torvalds Linux 2.6.15-rc4 ?

Architecture-specific

Core kernel code

Development tools

Junio C Hamano GIT 0.99.9l aka 1.0rc4 ?
Marty Ridgeway December Release of LTP ?

Device drivers

Documentation

Filesystems and block I/O

Memory management

Networking

John Heffner TCP MTU probing ?

Security-related

Miscellaneous

Page editor: Jonathan Corbet

Distributions

News and Editorials

How private is debian-private?

There is a general resolution currently under discussion by Debian Developers (DDs) on whether or not to declassify the archives of the Debian Private Mailing List. "In accordance with principles of openness and transparency, Debian will seek to declassify and publish posts of historical or ongoing significance made to the Debian Private Mailing List."

The debian-private mailing list is for "Private discussions among developers: only for issues that may not be discussed on public lists." So why open the archives?

Discussion on the debian-vote mailing list begins with this post from Anthony Towns.

One of the issues Debian often stands for is transparency and openness -- indeed, the openness of our bug tracking system is codified in the Social Contract's statement "We will not hide problems". However, one particular area of significance within the project is not open at all: the debian-private mailing list.

This list has hosted a number of significant discussions over the years, including most of the discussion inspiring the original statement of Debian's Social Contract and the Debian Free Software Guidelines, the reinvention of the new-maintainer process, debate on the qmail to exim/postfix transition for Debian mail servers and more. This trend continues today, with the six months just past have averaged around 190 posts per month.

Manoj Srivastava quickly pointed out that posters to debian-private have an expectation of privacy which should not be violated. Nonetheless the proposal received a number of seconds and a variety of amendments that would allow for part of the archive to be opened.

Some of the amendments favor opening up posts if author consent can be obtained. This may or may not extend to all authors in cases of quoted text within a post. Also if the author(s) don't respond, is that implicit permission, or not? Others favor the idea that only future content be opened, posts made after a vote changes the nature of debian-private. There were a few more labor intensive suggestions on the creation of a declassification team which could determine which posts should remain private and which should be made public. Perhaps everything more than five years old should be declassified, since much of the truly personal information should be obsolete by then.

The discussion continues. No time has been set for a vote. The latest is a counter proposal from Daniel Ruoso that attempts to bridge the gap between the need for openness and the private nature of debian-private.

Comments (5 posted)

New Releases

DCC 3.0 released

The DCC Alliance has announced the availability of DCC 3.0, a Debian-based distribution core which offers LSB 3.0 compliance. There is also a simple reference installation distribution, based on DCC 3.0, which can be installed by people interested in working with DCC.

Comments (6 posted)

Zenwalk Linux 2.0.1 released (TechNews)

TechNews takes a quick look at the recently released Zenwalk 2.0.1. "Zenwalk Linux 2.0.1 also introduces new startup scripts that launch most services in parallel, making boot process faster."

Comments (none posted)

Distribution News

Fedora-netdev kernels available for FC4

John W. Linville has made netdev kernels available for Fedora Core 4. Click below for a list of patches applied to the kernel-2.6.14-1.1644_FC4.netdev.3 package, or see John's netdev site for additional information. The next version kernel-2.6.14-1.1644_FC4.netdev.4 has also been released.

Full Story (comments: none)

Ubuntu Masters of the Universe

A new #ubuntu-motu-school channel has been created to discuss the basics of packaging, merging and fixing packages for the Ubuntu Universe.

The tenth issue of the MOTU report is out, with a looks at what's happening in the Universe.

Comments (none posted)

Macedonia Deploys 5,000 GNOME Desktops in Public Schools (GNOME Journal)

GNOME Journal reports that the Republic of Macedonia has decided to deploy Ubuntu (and GNOME) in 468 schools and 182 computer labs nationwide.

Comments (none posted)

StrongARM tactics

Vincent Sanders looks at the status of Debian's ARM port, which is alive and well. "However, we are in need of assistance! Recently ARM was "separated" from testing as it is believed it was not keeping up. In fact, the ARM buildds are generally keeping up well - the problem now is a large pile of 131 "maybe-failed" packages. To get back into testing, we need some developer help to debug and fix these problems." Simtec is offering discounted CATS boards to Debian Developers to help get the ARM port ready for etch.

Full Story (comments: none)

DebConf5 Final Report released

The DebConf5 Final Report has been released. It's available as a PDF file.

Full Story (comments: none)

International Debian work meetings in Extremadura, Spain, during 2006

The Region of Extremadura Spain currently deploys around 80,000 Debian desktops. They are generously offering to sponsor several meetings of Debian developers.

Full Story (comments: none)

Distribution Newsletters

Debian Weekly News

The Debian Weekly News for December 6, 2005 looks at a host for the LDAP gateway to the BTS, the general resolution on opening the debian-private archives, the final Debconf5 report, using per-user temporary directories, a status update on the C++ transition, new features in the latest kernel package, and other topics.

Full Story (comments: none)

Fedora Weekly News Issue 24

The Fedora Weekly News covers Red Hat Magazine - November 2005, FC5 Test 1 Announcement and Reviews, Fedora Core 3 Status Update, Announcing Fedora Directory Server 1.0, Unofficial FAQ Update: 2005-11-29, Fedora Logo Update, Newsworthy changes in Rawhide, Expanding Linux Partitions with LVM, and several other topics.

Comments (7 posted)

Gentoo Weekly Newsletter

The Gentoo Weekly Newsletter for the week of December 5, 2005 looks at gcc 3.4.4 (stable on x86), Power.org offers developer memberships for free, 100,000 registered Gentoo Forums users, a call for GWN contributors, FOSS.IN Bangalore, Linuxtage Essen, and more.

Comments (none posted)

DistroWatch Weekly

The DistroWatch Weekly for December 5, 2005 is out. "New major releases of KDE, Firefox and Apache have prompted us to take a closer look at the major distribution's handling of package updates, the availability of backports and other related issues. Does your distribution provide backports for popular new software? Or do you have to wait for the next version bump to enjoy recently released packages? Also in this issue: an introduction to a GNOME-based Windows XP clone from Russia and a quick look at the excellent Archie Live CD. Finally, our November 2005 donation goes to the often-nominated KANOTIX project."

Comments (none posted)

Package updates

Fedora updates

Fedora Core 4 updates: openoffice.org (bug fix), alsa-lib (bug fix), attr (cleanup), acl (cleanup and bug fix), selinux-policy-targeted (load the correct policy), selinux-policy-strict (load the correct policy), alsa-utils (new upstream version).

Fedora Core 3 updates: openldap (upgrade to new upstream version), perl (fixes breakage caused by Security Update 1116), logwatch (report yum service logs).

Comments (none posted)

Mandriva update

Mandriva has updated eagle-usb for Mandriva Linux 2006.0. "This update loads the firmware each time an eagle-usb modem is plugged in, not just when the eagle-usb module is loaded."

Full Story (comments: none)

Newsletters and articles of interest

Son of Libranet founder hopes to keep distro, tools alive (NewsForge)

The Libranet distribution may not be dead yet, according to this NewsForge article. "While it may appear that the death knell for Libranet has been sounded, there may be a little life left in the distribution yet. Tal Danzig, the owner and technical leader of Libranet, said in an email interview yesterday he would not let the distribution, and tools that have endeared it to users, simply fade from existence. Danzig, who has been involved with Libranet since his father Jon Danzig built the distro and founded the project surrounding it in 1999, said he is looking for somebody to take over Libranet's business operations and turn it into a "major player" in the GNU/Linux market. For the time being, however, the distribution is in a sort of limbo."

Comments (none posted)

A very long chat with Debian's Branden Robinson (TuxJournal)

Vincenzo Ciaglia talks with Branden Robinson, the current Debian Project Leader. "Debian GNU/Linux, like all GNU/Linux distributions, is the product of a massive cooperative effort. In my view, the essential mission of the Debian Project is to produce the best Free Software operating system that we can. We not only want to produce a high-quality system; we also consider it necessary to preserve, for ourselves and for our users alike, the freedoms that enabled us to achieve that quality in the first place, and which will permit us to improve the system even further."

Comments (none posted)

The Perfect Setup - Mandriva 2006 Free Edition (HowtoForge)

HowtoForge sets up Mandriva 2006 Free as a web server. "This is a detailed description about the steps to be taken to setup a Mandriva 2006 Free Edition based server that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/IMAP, Quota, Firewall, etc.)."

Comments (none posted)

Distribution reviews

First look: BeleniX live CD (NewsForge)

NewsForge reviews the BeleniX live CD which is based on the OpenSolaris kernel. "Named after Belenos, the sun god in Celtic mythology, BeleniX is being developed at Sun Microsystem's India Engineering Center in Bangalore. The ISO is available in a 230MB bzip compressed file, which you can download through HTTP or BitTorrent."

Comments (none posted)

Damn, I like Damn Small Linux (Linux-Watch)

Linux-Watch takes a look at Damn Small Linux. "DSL, for those of you who don't know it, is one of several "mini-Linux" distributions. Of the set, it's probably the most well thought of since it actually manages to pick a GUI into its goodness and, having turned version 2.0 recently, it's the most mature of the mini-Linuxes."

Comments (none posted)

Page editor: Rebecca Sobol

Development

The Boost C++ Libraries

December 6, 2005

This article was contributed by Matthew Vogt

Whatever type of software you develop, there probably exists an open-source C++ library that can help you avoid re-inventing the wheel. However, C++ offers no analog of Perl's CPAN or Java's extensive environment, so it can be difficult to find code of sufficiently high quality which can be easily integrated with code from other sources. In recent years, the Boost C++ Libraries have become the place where a C++ developer should look first when seeking quality open-source C++ components.

[Boost] Boost is the product of an informal group of C++ programmers developing free open-source libraries that are high-quality, portable and widely useful.

The Boost C++ Libraries provide components that can be employed in just about every development project. Boost libraries are among the most powerful and portable components in the world of C++ development. Whereas the quality of open-source code is often an unknown quantity, the standard of code distributed in the Boost distribution is remarkably high, owing to the extensive peer review process required to accept libraries into the distribution. Each library in the Boost distribution has been reviewed by the Boost developers and accepted through an open voting process, ensuring a consistently high level of quality, and an adherence to principles of the C++ community. Boost libraries are designed to work well with the C++ Standard Library, and other libraries designed around the principles embodied in the Standard Library. Boost libraries are loosely-coupled, and designed so that you can use only what you need, without trying to provide an all-encompassing environment.

Boost libraries are all released under the Boost Software License, an extremely permissive license which is designed to make the libraries equally useful to commercial and non-commercial developers. The Boost Software License is very similar to the MIT License, with the major difference that object code derived from Boost-licensed source code can be redistributed without the reproduction of copyright messages. This is required to permit all developers to use Boost libraries in all of their code, without concern over eventual distribution requirements.

The current version of the Boost Libraries is Version 1.33.1, released on December 5, 2005. It contains 63 libraries to assist C++ developers. Many of these libraries are useful in a broad range of application development, such as the threads library, the regular expression library, the portable filesystem library and the smart-pointer library. Other Boost libraries help to make C++ a more expressive and productive language in which to develop. These libraries include the generalized function and bind facilities, the signals library and support for named (rather than positional) function arguments. Finally, Boost also contains libraries that are designed to help C++ developers improve their own libraries; examples include the concept-checking library, the unit testing library, the library for developing iterators and that for accessing type traits.

Perhaps the best reason to use Boost, however, is because of its contribution to the C++ Standard Library: using the Boost libraries today is a foretaste of the next C++ Standard Library revision. The C++ standards committee favor the standardization of proposals that have proven their worth in real-world use. Boost is an ideal proving ground for such proposals, and this has been demonstrated in the Proposed Draft Technical Report on C++ Library extensions (PDF), known as 'TR1', the first specification of likely additions to the next C++ standard. Ten of the fourteen included proposals were implemented first as Boost libraries, and proven mature and robust in the Boost distribution. Other Boost libraries have been proposed for acceptance into the next Technical Report ('TR2'), open until October 1, 2006.

Boost development is ongoing, you can participate by joining the mailing list for development, or the boost-users mailing list to discuss using the Boost libraries in your development work.

Comments (30 posted)

System Applications

Database Software

LiteSQL 0.3.1 Released (SourceForge)

Version 0.3.1 of LiteSQL is available with bug fixes and other improvements. "LiteSQL is a C++ library that integrates C++ objects tightly to relational database and thus provides an object persistence layer. LiteSQL supports SQLite3, PostgreSQL and MySQL as backends. LiteSQL creates tables, indexes and sequences to database and upgrades schema when needed."

Comments (none posted)

PostgreSQL Weekly News

The December 5, 2005 edition of the PostgreSQL Weekly News is online. Take a look for new PostgreSQL database articles and resources.

Full Story (comments: none)

Interoperability

Samba 3.0.21rc2 Available

Release Candidate 2 of Samba 3.0.21 has been announced. "This is a release candidate of the 3.0.21 code base and is provided for testing purposes only. While this snapshot is *not* intended for production servers, we do believe that this will become the 3.0.21 final release. Your testing and feedback is greatly appreciated."

Full Story (comments: none)

LDAP Software

Announcing Fedora Directory Server 1.0

Red Hat has released version 1.0 of FDS, the Fedora Directory Server. FDS consists of an LDAP server and associated utilities. "This release marks a significant milestone for the open source community, who now have access to the code for the console and administration engine as well as the previously open sourced LDAP engine. This release uses the Apache httpd engine as its administration server, and includes mod_nss - a rewrite of mod_ssl which uses the Mozilla NSS crypto engine."

Full Story (comments: 6)

LAT 0.8 released

Version 0.8 of LAT, the LDAP Administration Tool, is out with a number of new capabilities.

Full Story (comments: none)

Libraries

Python OpenID library 1.0 announced

Version 1.0 of the Python OpenID library has been announced. "This library contains packages to support both OpenID consumers (relying parties) and servers. For back-end storage, it supports a variety of methods, including flat file, SQL, and MemCached. In our own work on making applications OpenID enabled, we've been reminded that every web framework is different. For that reason we've strived to make this library general enough to fit in to any Python web application."

Full Story (comments: none)

Mail Software

Bogofilter 1.0.0 Released

Version 1.0.0 of Bogofilter, a Bayesian email spam filter, is out. "This release is the culmination of 3 years of work that began after Paul Graham's article "A Plan for Spam". Bogofilter has now reached a sufficient level of capability, maturity, and stability that it is worthy of the "1.0.0" label."

Full Story (comments: none)

Fetchmail 6.3.0 released

Fetchmail 6.3.0 is out. This is the first major release of fetchmail since the Community Fetchmail Team took over maintenance of the program from Eric Raymond, the original author. "More than two years after the previous formal 6.2.5 release, this collects several dozen bug fixes, documentation, portability and IPv6 improvements and marks the beginning of a new 'stable' 6.3.X branch that will not change, except for bug fixes and documentation updates."

Full Story (comments: none)

Networking Tools

Nagios 2.0b6 has been released

Version 2.0b6 of Nagios, a host service and network monitoring program, is available. "Nagios 2.0b6 has been released to fix a few bugs present in the beta 5. You can download it here. The changelog can be found here. At the current rate, version 2.0 should see a stable release before the year's end."

Comments (none posted)

Printing

alternate pstops 1.93k released

Version 1.93k of the alternate pstops print filter for CUPS has been released. See the change log file for details.

Comments (none posted)

Security

Nepenthes 0.1.4 released (SourceForge)

Version 0.1.4 of Nepenthes is available with several bug fixes. "Nepenthes is a versatile tool to collect malware. It acts passively by emulating known vulnerabilities and downloading malware trying to exploit these vulnerabilities."

Comments (none posted)

Web Site Development

Apache HTTP Server 2.2.0 Released

Version 2.2.0 of the Apache web server has been announced. "Apache 2.2 offers numerous enhancements, improvements, and performance boosts over the 2.0 codebase. For an overview of new features introduced since 2.0 please see: http://httpd.apache.org/docs/2.2/new_features_2_2.html."

Full Story (comments: none)

Araneida 0.90 released

Version 0.90 of Araneida is out. "The new maintainer Alan Shields has merged to the official branch several changes he had previously maintained separately. Araneida is a small and extensible HTTP server written in Common Lisp. It is designed to sit behind a caching proxy, dynamically generates all content by calling user-defined handlers, provides advanced HTML generation facilities, and more."

Full Story (comments: none)

KnowledgeTree 3.0 Beta 2 released (SourceForge)

Version 3.0 Beta 2 of KnowledgeTree, a web-based cross-platform Document Management System, is available with a number of bug fixes.

Comments (none posted)

Two new Zope releases

Two new versions of the Zope web development platform have been released. Zope 3.2.0 beta 1 features a switch from ZServer to the Twisted server, among other changes, and Zope 2.9.0 beta 1 includes new versions of ZODB, Five, and more.

Comments (1 posted)

Analyzing Web Logs with AWStats (O'Reilly)

Sean Carlos uses AWStats for web log analysis on O'Reilly. "A crucial, if often overlooked, aspect of running a successful web site is the study of activity occurring within the site. The information gleaned provides valuable input to continuous improvement initiatives, ranging from site architecture and content enhancements to traffic generation. This is the first of a two-part series exploring how to use the open source tool AWStats to perform web server log file analysis. This first part shows how to prepare a sample web log file, perform a basic installation of AWStats, generate reports, and review web analytics terminology; the second part will focus on report interpretation."

Comments (none posted)

What's New in ModSecurity (O'Reilly)

Ivan Ristic introduces ModSecurity 1.9 on O'Reilly. "Two years ago, almost to the day, O'Reilly Network published my first article, Introducing ModSecurity. ModSecurity was stable and useful before the article went out, but it was not widely known. The publication of the article marked a new phase in the life of ModSecurity, introducing it to a much wider audience. As I write the second article, I can't help but feel another phase is about to start. I feel we are entering the phase of maturity."

Comments (none posted)

Desktop Applications

Audio Applications

Rivendell v0.9.62 released

Version 0.9.62 of the Rivendell radio automation system is out, it features bug fixes.

Full Story (comments: none)

Speex 1.1.11.1 Released

Version 1.1.11.1 of Speex, an open-source audio CODEC, is out. "This is a brown-paper-bag release fixing a pretty bad bug that affected the fixed-point port in 1.1.11. Architectures that use float were not affected at all. Architectures that use fixed-point had a big drop in audio quality. Only version 1.1.11 is affected. Sorry about the inconvenience."

Comments (1 posted)

CAD

Twenty-seventh release of PythonCAD now available

Release 27 of PythonCAD is out. "The twenty-seventh release contains primarily bug fixes and internal code enhancements. A long-standing interface problem where the display of selected entities was not clear has been fixed. When you select an entity it is redrawn in a highlighting color, making it clear which entities are selected at any one time. Also, the ability to deselect a selected entity has been added to the interface. The bug fixes included in this release address a few problems introduced in the previous release as well as various older issues."

Full Story (comments: none)

Desktop Environments

GNOME 2.12.2 is out

Version 2.12.2 of the GNOME Desktop and developer platform has been announced. "This is the second point release of the stable 2.12 series of GNOME and a lot of hard work has gone into making it more enjoyable for ur users and developers."

Full Story (comments: none)

GARNOME 2.12.2

Release 2.12.2 of GARNOME, the bleeding-edge GNOME platform is out. "Incorporating the GNOME 2.12.2 Desktop and Developer Platform, together with a host of third-party GNOME packages, Bindings and the Mono(tm) Platform -- this release irons out yet-more bugs, hopefully adds yet-more stability and ships with the latest and greatest stable releases."

Full Story (comments: none)

GNOME Software Announcements

The following new GNOME software has been announced this week: You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

Bag of Software (GnomeDesktop)

GnomeDesktop covers three application updates in its Bag of Software series: "A new release of the Scribes text editor, introducing Super Slide Me an app for creating slide shows and tutorial for adding animation to a gtk-engine theme."

Comments (none posted)

The GNOME Journal, December Edition (GnomeDesktop)

GnomeDesktop has announced the availability of the latest issue of Gnome Journal. This issue features a story on the Macedonian deployment of over 5,000 GNOME desktops in its public schools.

Comments (1 posted)

KDE Software Announcements

KDE Software Announcements The following new KDE software has been announced this week: You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

X11R6.9/X11R7 Release Candidate 3 ready for testing

Release Candidate 3 of X11R6.9/X11R7 is available for testing. "We are pleased to announce the availability of the third full Release Candidate (RC3) for the upcoming X.Org Foundation release of X11R6.9 and X11R7. RC3 includes many bug fixes and updates. We have tagged both the monolithic and modular trees and have prepared tarballs for you to test."

Full Story (comments: 1)

Electronics

XCircuit 3.5.1 released

Development version 3.5.1 of XCircuit, an electronic schematic drawing package, is out. The project now has stable (distribution) and development branches, a number of new features are included in this release.

Comments (none posted)

Financial Applications

Advanced Stock Tracking System 0.1.5 released

Version 0.1.5 of AST, the Advanced Stock Tracking System, is available. "Advanced Stock Tracking System (AST) is a web-based application for keeping track of stocks. It features a portfolio with dividend tracking, worksheet to keep track of prospects, a stock comparison utility, a search engine for the stock market and an alert engine to email you about key events in your securities."

Comments (none posted)

GUI Packages

Flightdeck-UI Library re-released under the LGPL

The Flightdeck-UI Tkinter library is now available under the Lesser General Public License (LGPL). "The goal of the Flightdeck-UI project is to apply ideas from aircraft instrumentation design to general purpose user interfaces."

Full Story (comments: none)

Interoperability

Wine Weekly Newsletter

Issue #300 of the Wine Weekly Newsletter is out with the latest Wine project news. Topics include: News: Nothing To See Here.. Move Along, wine.git, Direct3D & WGL, Linking libGL.so, Debugging Critical Section Lockups, Installing the Mozilla ActiveX Control, MSVCRT Clashes With LibC, and Quake 2 Evolved & Winelib.

Comments (none posted)

Music Applications

Amuc version 1.2 released

Version 1.2 of Amuc, the Amsterdam Music Composer, is out. "New in this version are the mono-synthesizers." A new demo song is also available.

Full Story (comments: none)

Office Applications

Diction 1.09 Released

Stable version 1.09 of Diction, an English and German language tool, is available. "This program includes both 'diction' and 'style'. 'Diction' identifies wordy and commonly misused phrases; 'style' analyzes surface characteristics of a document, including sentence length and other readability measures."

Comments (none posted)

Office Suites

OpenOffice.org Newsletter

The November, 2005 edition of the OpenOffice.org Newsletter has been published. Take a look for the latest OpenOffice.org news, announcements and more .

Full Story (comments: none)

Miscellaneous

Improvements in Nautilus search

GNOME hacker Alexander Larsson has posted a look at search-enabled Nautilus, complete with a large set of screenshots. Quite a few new capabilities ("smart folders" and such) have been added. This may be a useful development for people (or distributors) who do not want to work with Beagle. (Seen on FootNotes).

Comments (2 posted)

Nomad PIM preview build p20051130a released (SourceForge)

Preview build p20051130a of Nomad PIM is out with bug fixes and new capabilities. "Nomad PIM is a personal information manager. It allows you to keep track of your notes, schedule, contacts and money and to write a diary. In many places, only text input is supported by now, but it is planned to add more structure step by step in the future."

Comments (none posted)

OmegaT 1.6.RC4 released (SourceForge)

the Fourth Candidate Release of OmegaT 1.6, a Java-based translation memory application, has been announced. "RC4 is RC3 + a few bugfixes, the most important being two fixes in handling HTML files. Now OmegaT does not skip initial formatting tags (like, e.g., in "bold here") and respects the structure of HTML in output."

Comments (none posted)

Languages and Tools

BASIC

FreeBASIC v0.15b released (SourceForge)

Version 0.15b of FreeBASIC has been released. "FreeBASIC is an open-source, free, 32-bit compiler, with the syntax the most compatible possible with MS-QuickBASIC (including the GFX statements), but that adds new features such as pointers, unsigned data types, inline-assembly, a pre-processor and many others. New in this release: Unicode strings, OPEN for devices, complete Windows API headers, besides many bug fixes. Read the changelog for more details."

Comments (none posted)

Java

PMD v3.4 released (SourceForge)

Version 3.4 of PMD, a Java source code analyzer, is out. "It features thirteen new rules, an entirely new "migrating" ruleset for helping to migrate from one JDK version to another, new facilities for suppressing warnings with annotations, and lots of bug fixes and performance improvements."

Comments (none posted)

JSP

Tuning AJAX (O'Reilly)

Dave Johnson discusses AJAX performance tuning on O'Reilly. "Unless you live under a rock, you've heard about and likely even used AJAX. Asynchronous JavaScript and XML is becoming an increasingly pervasive deployment methodology, which necessitates that people start to both understand how it works and actually consider it more seriously as an enterprise-level development tool. To that end, I will try to illustrate one method of benchmarking your AJAX applications as well as point out some of the major performance pitfalls I have encountered while developing AJAX components and applications."

Comments (none posted)

Lisp

CMUCL 19c released

Release 19c of CMUCL (CMU Common Lisp) is out. "This version adds the possibility of saving cross reference information to fasl files, adds annotation support to the pretty printer, improves ANSI compliance, provides an improved build procedure, and more."

Full Story (comments: none)

GNU CLISP 2.36 released

Version 2.36 of GNU CLISP, a Common Lisp implementation, is available. "This version includes new configuration options, adds some functions and macros, improves FFI support and documentation lookup, adds the new charset BASE64, provides improved command line management, implements more CLX functionality, has better ANSI compliance, and more."

Full Story (comments: none)

ML

MLton 20051202 Released

Version 20051202 of MLton, an optimizing compiler for the Standard ML language, is out. "MLton is now under the BSD license, not the GPL. There is substantially improved documentation, based on the MLton wiki. We have added new platforms: x86/MinGW and HPPA/Linux. There are improvements to the FFI, ML Basis annotations, and new libraries: the ckit and SML/NJ library."

Full Story (comments: none)

Python

Dr. Dobb's Python-URL!

The December 2, 2005 edition of Dr. Dobb's Python-URL! is online with the latest Python article links.

Full Story (comments: none)

Dr. Dobb's Python-URL!

The December 7, 2005 edition of Dr. Dobb's Python-URL! is online with a new collection of Python articles.

Full Story (comments: none)

Ruby

Ruby Weekly News

The December 4th, 2005 edition of the Ruby Weekly News looks at the latest discussions from the ruby-talk mailing list.

Comments (none posted)

Tcl/Tk

Dr. Dobb's Tcl-URL!

The November 30, 2005 edition of Dr. Dobb's Tcl-URL! is online. Take a look for new Tcl/Tk articles and resources.

Full Story (comments: none)

Editors

TinyMCE 2.0 Final released (SourceForge)

Version 2.0 final of TinyMCE, a platform independent web based Javascript HTML WYSIWYG editor, is available. "TinyMCE 2.0 is now released as stable this means that we havn't found any more critical bugs and issues so we recommend that you replace your existing 1.xx versions with 2.0 version."

Comments (none posted)

Version Control

GIT 0.99.9l aka 1.0rc4 Released

Version 0.99.91/1.0 rc 4 of Git is out. "This is mostly fixes, with some improvements. As I said on the git list earlier, no more major feature/semantics changes after this is expected until 1.0."

Full Story (comments: none)

Miscellaneous

Signals as a Linux debugging tool (IBM developerWorks)

Madhavan Srinivasan uses signals for debugging purposes. "By focusing on the analysis of data captured using signal handlers, you can speed up the most time-consuming part of debugging: finding the bug. This article gives a background on Linux® signals with examples specifically tested on PPC Linux, then goes on to show how to design your handlers to output information that lets you quickly home in on failed portions of code."

Comments (none posted)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

LinkSys courts Linux hackers with WRT54GL (LinuxDevices)

LinuxDevices.com reports that LinkSys has released a new version of its WRT54G router intended specifically to be hacked on. "LinkSys last month switched the standard model of its ubiquitous WRT54G wireless router from Linux to VxWorks, starting with the 'series 5' version. Now, LinkSys is shipping a Linux-based WRT54GL model that it says it created specially for Linux hobbyists, hackers, and aficianados. The L version is identical to the 'series 4' WRT54G units that Linux hobbyists have long enjoyed hacking, according to the company."

Comments (45 posted)

Venezuela Open Source (O'Reilly)

The O'Reilly Radar site has a report from the Worldwide Free Knowledge Forum, just held in Venezuela. "The stuff that is happening with 'Software Libre' in Venezuela is really mind-boggling. In January the Venezuelan open source law goes into effect, mandating a two year transition to open source in all public agencies. This massive undertaking will involve the training of hundreds of thousands of government employees and migrating of the software that runs not only their public agencies, but also their oil industry (which accounts for 70% of the country's economy and is one of the largest business enterprise in Latin America). They are talking about a huge country-wide move to open source that dwarfs anything I've heard about anywhere else."

Comments (29 posted)

Strong Growth for Debian (Netcraft)

Netcraft has published a report on web server operating systems which shows that Debian is growing faster than the others. But it doesn't stop there: "The most successful newcomer is CentOS, which repackages the same software as commercial rivals, while offering free community-based support... In fact the non-commercial distributions are growing faster than the commercial Linux distributions across the board at present. Fedora is growing almost as fast as Debian. Gentoo continues to grow strongly, passing 100,000 active sites in November, while SuSE and Mandriva are making relatively small gains."

Comments (10 posted)

Trade Shows and Conferences

Notes from the AMIA Symposium (LinuxMedNews)

LinuxMedNews mentions a recently published event report from the AMIA 2005 Fall conference. "During the conference, the federal Commission on System Interoperability released a report, Ending the Document Game. We were fortunate to hear details of the report directly from those on the Commission on the day it was made public. The report contains the Commission's strategy for the adoption and implementation of electronic health records (EHR). It outlines fourteen steps to achieving interoperable health records, divided into three categories of adoption, interoperability and connectivity."

Comments (none posted)

OSDL Desktop Architect meeting, Dec '05

Dan Kegel has been taking notes at OSDL's Desktop Architect meeting. "[Novell Linux Desktop] was a quick test. Turned out to be wildly successful. Next version will be more serious. Gap-filling needed to hit basic office user. We do usability testing during development (betterdesktop.org). We even send usability testers out to different countries to avoid country bias. Test ten tasks per week. Actually have developers for those bits on hand. Evening after the tests, developers try to address the issues. Sometimes this lets us improve rapidly during the week. Other times it's too hard, hopefully the videos on the web site will let others do the improvements later."

Comments (9 posted)

OSDL-sponsored conference targets Linux desktop development (NewsForge)

Joe 'Zonker' Brockmeier covers the Desktop Architects meeting hosted by the Open Source Development Labs' Desktop Linux (DTL) working group. "According to developers at the meeting, the number one priority should be to make it easier for independent software vendors (ISV) to develop applications for the Linux desktop. The second priority chosen by developers was hardware support on the Linux desktop -- drivers and the "plug and play" experience for desktop users. Finally, the developers pointed to relations between projects as another area where improvements could be made to benefit desktop development and adoption."

Comments (none posted)

Companies

Philips shares Linux patents, royalty-free (People's Daily Online)

The Chinese publication People's Daily Online notes that Philips Electronics China Group is joining the Open Invention Network. "Philips Electronics China Group announced Wednesday that the company, together with Sony, IBM, Red Hat and Novell, has decided to join funds to create a joint venture-- the Open Invention Network (OIN), to purchase core patents of Linux operation system and offer them, free of charge, to any institutions or individuals. The effort is meant to aid the advancement of Linux and break the global dominance of Windows by Microsoft."

Comments (none posted)

SCO Raises $10 Million in Private Placement (Groklaw)

Groklaw reports that SCO has just sold $10 million worth of stock. "See what happens when I go out shopping? SCO announces it has closed a $10 million private placement of 2,852,449 shares of common stock to "existing SCO institutional shareholders" and a member of the board, true believers to their dying day. What, nobody new wants to buy this stock, or what? You didn't really think they'd be allowed to go bankrupt, did you? I checked to see if they'd filed anything with the SEC, to try to fill in some blanks, but I find nothing yet. There is only the S-1 Recission Offer filed earlier this month."

Comments (3 posted)

Linux Adoption

Linux in Italian Schools, Part 6: GPL e-learning in Turin (Linux Journal)

Linux Journal has published part six in a series on Linux in Italian schools. "What makes Peano different from the other schools I featured in this series are its regular contacts with local Linux Users Groups (LUG) and, above all, its e-learning portal. Nowadays, the school board knows that LUG members have the experience and technical skills needed to provide advanced technical support for the school's IT projects. In addition to the technical reasons, the partnership also is an excellent opportunity for the department to be exposed to fresh ideas and to absorb some of the passion and enthusiasm that usually emanate from LUGs."

Comments (none posted)

Irish Eyes Are Smiling on Open Source

eWeek covers initiatives to create an Open Source Center of Excellence across Ireland. "Momentum NI, a trade association representing some 170 of Northern Ireland's ICT (Information Communications and Technology) companies, is spearheading the initiative and wants the center to span Northern Ireland and the Republic of Ireland. "We are also planning to hold 'the great open-source debate' next year, which will look at how free and open-source technology, as a disruptive technology, has changed the way the software industry does business and the new opportunities it has spawned," Ian Graham, Momentum NI's chief executive, told eWEEK here Monday."

Comments (6 posted)

Legal

The Complete Story of the Vienna Declaration ~by Georg C. F. Greve (Groklaw)

Groklaw has this article by Georg C. F. Greve, the Free Software Foundation Europe (FSFE) representative at the WSIS conference. "During the World Summit on the Information Society (WSIS) in Tunis, one of my trips brought me to the Austrian booth in order to pick up some copies of the Vienna Conclusions to spread and advertise. When flipping through the text, I was quite shocked to find references to Free Software removed and a pro-DRM statement inserted in the findings of the "Digital Rights/Creative Commons" workshop ("To ensure ongoing innovation, Digital Rights Management (DRM) development and deployment must remain voluntary and market-driven."). Also, references to the cultural and social significance of software as "digital cultural technique" were watered down."

Comments (1 posted)

Open Source Forges Ahead in the Enterprise - User Experiences (Groklaw)

Groklaw reports on a meeting of the Massachusetts Technology Leadership Council's Open Source Software Special Interest Group. "The Fidelity people talk about why they use Open Source, why they like it sometimes more than similar products that are proprietary (it's not because of the lower up-front cost), and how they determine what to let in, how they do training, etc. This presentation will be of interest to anyone using or considering using Open Source in their company. There were lots of questions from the attendees, many of whom are lawyers and consultants."

Comments (none posted)

EULAs, indemnification, and user protection (Linux.com)

Linux.com covers the changing nature of End User License Agreements. "Until recently, EULAs in GNU/Linux have been short and to the point. As far as legally possible, they offer no warranty, and liability is never mentioned. Many non-commercial distributions and projects, such as the Debian Project, continue to be released under such licences. The idea of adding language about indemnification, says Branden Robinson, the Debian Project Leader, simply "hasn't been prominent on Debian's radar screen." He suggests that such language is probably unnecessary for non-commercial distributions, because they don't provide commercial service contracts. He adds, "Debian couldn't substantively back up an indemnification offer anyway.""

Comments (none posted)

Interviews

I'm amazed at how far Python has come (PythonThreads.com)

PythonThreads.com interviews Mark Lutz. "Mark Lutz, one of the most well known names in Python, tells us why he feels Python is now a major programming language. He speaks about the things he likes about Python and the various areas where Python is being used today. He also elaborates on why Python seems like the right answer to some major issues in software development."

Comments (none posted)

Resources

User-Mode Linux: A Book Excerpt (Linux Journal)

The Linux Journal has reprinted an introductory chapter on user-mode Linux from Steve Best's book Linux Debugging and Performance Tuning. "Each UML instance is a complete virtual machine that's all but indistinguishable from a real computer. All of them run as a normal user on the host. They give you root-level access, the ability to start daemons, the ability to run text and graphical applications, full networking, and almost all of the other capabilities of a Linux system."

Comments (none posted)

Reviews

Media Coverage of Firefox 1.5 Release (MozillaZine)

MozillaZine has published a lengthy list of new articles about the recently released Mozilla Firefox 1.5 browser. "The article at CNET News.com talks about a better security update System, drag and drop tab reordering and support for new programming standards such as AJAX . eWeek mentions performance gains, usability enhancements and support for new web graphics standards. San Jose Mercury News ran a print article (also viewable online), contrasting Mitchell Baker with Bill Gates. Reviewing the new release, Newsforge likes faster browsing, new preferences, SVG support, Tab reordering and Update system."

Comments (5 posted)

Mozilla Bloggers on Firefox 1.5 Release (MozillaZine)

MozillaZine looks at the Blogger chatter relating to the release of Mozilla Firefox 1.5. "Mitchell Baker talks about a new search relationship with Yahoo in Japan, China, Taiwan and Korea. Firefox Lead Engineer, Ben Goodger talks about notable improvements in Mozilla Firefox 1.5, including SVG, CSS columns, ability to reorder tabs, easier extension development and improvements to update system. Chris Beard informs us that more than two million people downloaded Mozilla Firefox 1.5 on the first day, exceeding the number of downloads of Mozilla Firefox 1.0 on the day of its launch."

Comments (none posted)

Review of Nokia's Linux Based 770 Internet Tablet (MobileBurn)

MobileBurn reviews the Nokia 770 internet tablet. "Nokia's 770 is a bit of an anomaly when it comes to the company's device line-up. The 770 simply is not a phone (though it can connect to one). And while it offers a lot of PDA-like functionality, it isn't a PDA (though you could install the needed apps). Nor does it run a Series XX user interface on top of the Symbian OS, which Nokia owns a large portion of, instead relying on the new open-source Maemo platform, which itself uses Debian Linux for its operating system needs. So if it isn't a phone, and it isn't a PDA, what exactly is it? It is what Nokia hopes to establish as a new category of home electronics device: the Internet Tablet." Thanks to Joergen Ramskov.

Comments (2 posted)

Secure All Around: Mini Book Reviews (Linux Journal)

Linux Journal reviews three security books. "I recently picked up three security-related titles that I thought were worth reviewing: Linux Server Security, 2nd Edition, by Michael D. Bauer; Hardening Linux, by James Turnball; and Hardening Apache, by Tony Mobily. O'Reilly and Apress books feel different from each other. I like both publishers' products, but it's worth trying different flavors to see which appeals to you more than the other on any given topic."

Comments (none posted)

Opening Solaris opens door to community, derivative distros (NewsForge)

NewsForge covers OpenSolaris derivatives. "Since the OpenSolaris community was launched in June, at least three derivative distributions -- SchilliX, BeleniX, and Nexenta -- have been created and released. Parts of OpenSolaris are also making their way into other operating systems. A port of DTrace is in the works for FreeBSD."

Comments (5 posted)

My sysadmin toolbox: second helping (Linux.com)

Linux.com looks at netcat, tcpdump, Ethereal, nmap, and other useful system administration tools. "Most admins are already familiar with using tail -f logfile to watch system, application, and error logs when they're troubleshooting. However, the tail utility only follows one file at a time. If you need to watch two or more logfiles at the same time, which is fairly common, the MultiTail utility by Folkert van Heusden is an excellent tool to have handy."

Comments (3 posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

EFF Bows Out of Broken Process

The Electronic Frontier Foundation has sent out a press release concerning its withdrawal from the DMCA rule making process. "The Electronic Frontier Foundation (EFF) today released a report entitled "DMCA Triennial Rulemaking: Failing the Digital Consumer," describing why the third triennial DMCA rulemaking, currently underway before the U.S. Copyright Office, does not effectively address the concerns of American digital media consumers. In light of the shortcomings of the DMCA rulemaking procedure, EFF will not propose any DMCA exemptions for the 2006-2009 triennial rulemaking period."

Full Story (comments: none)

Fellow Me: No more Vienna Manipulations!

The Free Software Foundation Europe (FSFE) has sent out a press release urging everyone to join the fellowship and just say NO to Vienna Manipulations. "Help to make others aware of what happened to this prestigious United Nations document! Express your feelings about the way the Vienna Conclusions were turned into the "Vienna Manipulations," let everyone know this is NOT the way you want politics to be done, and help make sure to prevent this kind of manipulation in the future by joining the Fellowship of FSFE and encouraging others to do the same."

Full Story (comments: 27)

Commercial announcements

Astaro Security Gateway Firewall in evaluation for CC

Astaro Corporation has announced that its Security Gateway Firewall has entered phase two of the Common Criteria certification process. "Common Criteria for IT Security Evaluation (CC), also known as ISO standard 15408, was developed by the national security organizations of the United States, Canada, the United Kingdom, France, Germany and The Netherlands. It provides a broad range of evaluation criteria for many types of IT security products. Other countries around the globe also accept the standard."

Full Story (comments: none)

Autodesk Introduces Toxik Visual Effects Software for Linux

Autodesk, Inc. has announced a Linux version of its Autodesk Toxik visual effects software. "Toxik software enables teams of digital artists to collaboratively realize feature film visual effects ideas, and is already available on the Windows operating system. With the introduction of Toxik software running on Linux, film studios and post-production facilities have more options for the back-end infrastructure and administration of their digital film pipelines."

Comments (none posted)

Intalio Acquires FiveSight to Drive Open Source BPM Strategy

Intalio has announced the acquisition of FiveSight. "FiveSight is the company that brought to market the first open source implementation of the BPEL 2.0 specification, developed to address the growing need for Business Process Management (BPM) as a core competency for companies large and small."

Full Story (comments: none)

Novell Reports Financial Results

Novell, Inc. has announced its financial report for the fourth quarter of 2005, as well as the entire year. Here's the abbreviated summary: "Net Revenue Grows Seven Percent to $320 Million, Linux Subscriptions More Than Triple to 65,000, and Identity Solutions Grow 35 Percent Year Over Year".

Comments (3 posted)

Novell's SUSE Linux Enterprise Server Earns Top Honors at LinuxWorld Frankfurt

Novell, Inc. has announced that SUSE Linux Enterprise Server was named Best Enterprise Server Distribution at the LinuxWorld Conference & Expo in Frankfurt, Germany, in November.

Comments (none posted)

Siemens Joins OSDL

Siemens has announced that it is joining OSDL. Siemens will be actively involved at OSDL with participation in the Labs' new Mobile Linux Initiative, the Carrier Grade Linux working group and the Data Center Linux working group.

Full Story (comments: none)

Sun to give away Java Enterprise System

Sun Microsystems, Inc. has announced the free availability of its Java Enterprise System, it plans to release the code as open-source software in the near future. "Sun is making the Java(TM) Enterprise System, Sun N1(TM) Management software and Sun developer tools available at no cost for both development and deployment and further, is reaffirming its commitment to open source this software. Second, Sun is announcing that it is integrating all of this software along with the Solaris OS into the Solaris Enterprise System, the only comprehensive and open infrastructure software platform available today."

Comments (9 posted)

Sun Microsystems Launches OpenSPARC Project

Sun Microsystems, Inc. has announced the OpenSPARC project. "Sun also announced plans to publish specifications for the UltraSPARC-based chip, including the source of the design expressed in Verilog, a verification suite and simulation models, instruction set architecture specification (UltraSPARC Architecture 2005) and a Solaris OS port."

Comments (12 posted)

New Books

Applied Software Project Management - O'Reilly's Latest Release

O'Reilly has published the book Applied Software Project Management by Andrew Stellman and Jennifer Greene.

Full Story (comments: none)

Makers: Amazing People/Amazing Inventions--O'Reilly's Latest Release

O'Reilly has published the book Makers: Amazing People/Amazing Inventions by Bob Parks.

Full Story (comments: none)

Skype Me! - latest from Syngress

Syngress Publishing, Inc. has published the book Skype Me! by Michael Gough.

Full Story (comments: none)

Time Management for System Administrators - O'Reilly's Latest Release

O'Reilly has published the book Time Management for System Administrators by Thomas A. Limoncelli.

Full Story (comments: 1)

Resources

The InterBase and Firebird Developer Magazine, Issue #3

Issue #3 of the InterBase and Firebird Developer Magazine is available for free download. "We have done a lot of work with this issue and I hope you will enjoy new design and quality of our magazine (especially “luxury” print version)."

Comments (none posted)

Linux Gazette #121

The December 2005 edition of Linux Gazette is out. This issue features articles on Firewall logging to MySQL, Using the GNU Compiler Collection (Part2), A New Scanner with XSANE and Kooka, The Basics of DNS, DNS definitions, and more.

Comments (none posted)

OSV Launches Open Source Software Catalog for Education Sector

Open Source Victoria has published an 80-page catalog highlighting some of the best open source software available for schools, teachers and students. ""The catalog, available online, consists of education-oriented applications, or applications which are potentially useful within an educational context," explained OSV convenor Con Zymaris. "The catalog is segmented into broad categories, such as Office Productivity Applications, Scientific, Mathematical, Graphics, Multimedia, Computer Programming, Primary School and more."

Full Story (comments: 1)

Contests and Awards

Realm announces $50,000 BlackDog Skills Contest

Realm Systems has announced the Realm BlackDog Skills Contest. "Linux developers from around the country are working hard in the hopes of winning the $50,000 Grand Prize in the Realm BlackDog Skills Contest. The prize will be awarded for the best application created and ported to run on BlackDog. The Grand Prize winner will be selected from first prize winners in each of five categories: security, communications and networking, entertainment, productivity, and miscellaneous. The remaining four first prize winners will each receive a cash prize of $5,000." The winners will be announced at the Open Source Business Conference in San Francisco, CA next February.

Comments (none posted)

Upcoming Events

ETech 2006 to Focus on "Attention Economy"

O'Reilly has announced the 2006 O'Reilly Emerging Technology Conference. The event will be held in San Diego, California on March 6-9. "Today's technical challenges are no longer about generating digital data--we have more than enough already--but rather, finding innovative ways to visualize, filter, remix, and access it. The 2006 edition of ETech, the O'Reilly Emerging Technology Conference, will grapple with these issues by highlighting the cutting-edge techniques and technologies highly prolific geeks employ and invent to make sense of the immense amount of data now pouring into everyday life."

Full Story (comments: none)

php|tek 2006 - Call for Papers

A Call for Papers has gone out for the php|tek 2006 conference. The event takes place in Orlando, Florida on April 26-28, 2006, proposals are due by December 21.

Comments (none posted)

Events: December 8, 2005 - February 2, 2006

Date Event Location
December 8 - 9, 2005Large Installation System Administration Conf.(LISA)San Diego, CA
December 9 - 20, 2005Umeet Virtual Meeting(UMEET 2005)Online
December 10 - 14, 2005ApacheCon 2005(Sheraton San Diego Hotel and Marina)San Diego, CA
December 13 - 15, 200524th Annual Minnesota Government IT SymposiumSt. Paul, Minnesota
December 27 - 30, 200522nd Chaos Communication CongressBerlin, Germany
January 13 - 15, 2006ShmooCon 2006(Wardman Park Marriott Hotel)Washington, D.C.
January 23 - 28, 2006linux.conf.au 2006Dunedin, New Zealand
January 23 - 25, 2006Black Hat Federal Briefings and Training 2006(Sheraton Crystal City)Washington, D.C.
January 24 - 26, 2006O'Reilly Emerging Telephony Conference(San Francisco Airport Marriott)San Francisco, CA

Comments (none posted)

Web sites

New website promoting OpenOffice.org format usage

Alvaro Ruiz has announced the new IUseOpenOffice.net site. "I have recently published a non-profit website that tries to promote the use of openoffice formats by placing a banner on websites and/or registering on the website for listing and linking the logo. This is inspired only because I know quite a lot of people using Openoffice but using MsOffice formats for general compatibility reasons even though you may be sometimes sharing documents with people with access to computers with Openoffice."

Full Story (comments: 2)

Audio and Video programs

Security, DRM, and Sony (O'ReillyNet)

This week's O'Reilly's audio magazine features a discussion of the Sony DRM case in addition to other topics. "When you install software, you understand some of the risks involved. The Sony DRM case feels different. If you want to listen to a music CD, should you be expected to know that this could result in security holes on your system? This week, O'Reilly's audio magazine program Distributing the Future looks at DRM, security, and the Sony case."

Comments (none posted)

Page editor: Forrest Cook


Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds