LWN.net Weekly Edition for December 15, 2005
"Just works with Linux"
Various discussions on the problems associated with binary-only kernel modules have turned, sooner or later, to the same idea: the world needs a database of hardware which "just works" with Linux. With this database, consumers (that's us) could look up potential hardware purchases and know, immediately, whether it would function with our Linux systems or not. Vendors would eventually see the value of being listed in this database and, as a result, have a greater motivation to ensure that their hardware is supported.It's a nice idea, but not a particularly new one. Your editor has seen a fair number of these databases come and go over the last ten years. Starting a "just works" database is easy, but keeping it current and relevant is hard, for a number of reasons:
- The variety of hardware out there is huge. Simply testing and
creating entries for a meaningful subset of the available gadgets is a
major task.
- Vendors feel free to change the internal makeup of their gadgets
without telling anybody - or changing the model number. The changes
in the LinkSys WRT54G router are a recent example. This behavior
complicates the database (which must now have information on telling
working hardware from paperweights) - and its maintenance.
- Nobody can actually have all that hardware around, so information must
come from a wide community. Most of us only buy hardware
sporadically, so we tend to have little motivation to help with the
ongoing maintenance of a hardware database. Some of the information
which is contributed may also be of dubious reliability.
- Companies which might help with the maintenance of such a database
have their own incentives to deal with. Red Hat maintains a hardware
list, for example, but it (1) is small, and (2) talks
about RHEL, not about Linux in general. The company once known as
Linuxcare had the proper motivation to maintain a good list, but,
well, Linuxcare didn't weather the dotcom bust very well.
- Weird factors come into play. The BlueZ project used to have a very nice list of working hardware, but that list was pulled down as a result of objections from the "Bluetooth Qualification Administrator."
Any future attempt to build a Linux hardware compatibility database will have to find a way to overcome the problems listed above. The task is not impossible, but it may well beyond what a volunteer project can sustain. It looks, instead, like the kind of work which can be helped by the addition of a stream of money. Perhaps an industry group (OSDL, say) would like to serve the community by taking this task on.
Meanwhile, your editor notes with dismay an increase in the number of Linux-installed hardware vendors who are shipping systems with proprietary drivers. Once upon a time, the purchase of a system with Linux pre-installed was worth the extra cost just because the running Linux instance was a positive proof that the hardware was, indeed, supported. When these vendors ship non-free "Linux" systems, they violate that guarantee - and destroy much of the value of their product. Unfortunately, "buyer beware" remains necessary advice for those buying hardware to work with Linux.
GStreamer to support DRM
GStreamer is an extensive support library for the creation of multimedia applications. Audio and video applications can be constructed as a series of pipelines; there are graphical tools which can be used to help put all of the pieces together in the right order. GStreamer has been used as the back end for a number of common applications, including Totem, Amarok, Banshee, and many others. The project recently celebrated the release of GStreamer 0.10, which improves the system in a number of ways.According to GStreamer hacker Christian Schaller, future releases of GStreamer may contain a feature which is less welcome to many: digital restrictions management (DRM) support. There are, says Mr. Schaller, clear reasons why one might want to support DRM-enabled GStreamer modules:
It appears that any DRM features would be packaged into separate modules, making it easy to install a DRM-free GStreamer in the future. Distributions could put the DRM modules into a separate package - or leave them out entirely. So, it is claimed, the implementation of DRM in GStreamer would not place any restrictions on current or future uses of the system.
Some skepticism on this claim would appear to be warranted. Any DRM module which is to gain the trust of the entertainment industry (much less avoid DMCA suits) will have to prevent the user from capturing an unencrypted stream. To that end, GStreamer will have to be able to create "secure pipelines"; DRM modules will then refuse to connect to modules which cannot be "trusted" with protected content. If GStreamer is to retain its current power and flexibility, many of its standard modules - and certainly those concerned with the actual playing and display of media - will have to be reworked to participate in secure pipelines. Either that, or significant parts of the GStreamer will have to be duplicated in a "secure" mode. It is hard to see how the entire GStreamer pipeline could be made to be secure without affecting people who have no interest in DRM-enabled content.
There is also the obvious question of how DRM can be done securely in an environment where source is available. Mr. Schaller points at Sun's "Opera" project as a possible example of how things could be done, and notes:
Still, anybody who can hack on the source can obtain an unencrypted stream from a GStreamer DRM module. So it seems clear that such modules are expected to be shipped in a binary-only mode. Even then, though, one should remember that the Linux kernel is free software too. So even if the GStreamer pipeline is entirely secure and uncrackable, a quick kernel hack will still make the capturing of unrestricted streams easy. That suggests, in turn, that the people looking to put DRM code into GStreamer envision operating in environments where users cannot install their own kernels. The TPM chips being put into an increasing number of computers may make that kind of restriction possible, but the real target is probably elsewhere: embedded systems.
The use of GStreamer to make non-hackable, Linux-based media gadgets will be nothing new; various companies are creating such devices now. But the incorporation of DRM capabilities into our free system seems like a step in the wrong direction. Features like secure pipelines represent a loss of control over our own systems - the very control that drives many of use to use free software in the first place. So users and distributors may want to think long and hard before allowing DRM-enabled GStreamer near their systems.
GNOME v. KDE, December 2005 edition
Heated battles between supporters of the GNOME and KDE desktops are a longstanding tradition in the free software world. This tradition has somewhat fallen into neglect in recent years; the relicensing of the Qt libraries took away the most readily available flame fuel. Still, one needs to have a good desktop fight every now and then, if just for old times' sake. It's traditional, after all.The end of the year is approaching, and work is slowing down on a number of fronts. The 2.6.15 kernel is well into the stabilization phase, so there is relatively little work to be done on that front. As a result, it seems that Linus Torvalds had a bit of spare time to engage in a nostalgic flame exercise. In response to a question on printer configuration dialogs, Linus made his desktop preference clear:
This "users are idiots, and are confused by functionality" mentality of Gnome is a disease. If you think your users are idiots, only idiots will use it. I don't use Gnome, because in striving to be simple, it has long since reached the point where it simply doesn't do what I need it to do.
Those who are interested in the discussion that resulted can read the full thread. Some of it contains language which is not necessarily work- or family-safe.
GNOME developers often complain that their approach to user interface design is misunderstood. But the fact is that they have, indeed, left behind a certain subset of their user base which has grown tired of seeing features and options disappear in the name of usability. The low point for the de-featuring of GNOME applications was probably early in the 2.x series, but the fact remains: GNOME does not allow things which certain types of users want to do.
This gap is there explicitly by design; Jeff Waugh put it this way:
Havoc Pennington also compared the implementation of one often-requested feature (the ability to arbitrarily rebind mouse buttons in Metacity) to selling maternity clothes for men. One can only assume he is not implying that people who want to rebind buttons are, in fact, pot-bellied transvestites.
Havoc notes that he has never encountered anybody wanting to rebind mouse buttons who was not a "historical Unix user." Whether that is because these "historical Unix users" are, in addition to possessing questionable taste in clothing, just unusually fussy about mouse buttons, or whether the rest of the user base simply is not used to the idea that this sort of behavior can be changed is not clear. What is clear is that the GNOME project has chosen to target the subset of users who are content to have a number of user interface choices made for them as long as the result "just works."
Flaming the GNOME developers for this decision is a mistake. There is clearly a user base for the GNOME desktop, and who can say that it is wrong for the GNOME developers to create a system which works for those users? Over time, these developers may also figure out how to support both the "just works" crowd and the small minority of dress-wearing Unix relics; there is some evidence that this might be happening. In the mean time, the "just works" users may become hooked on the free software experience, and, eventually, discover the power of being able to optimize the desktop for their own needs and workload.
But, even if GNOME truly becomes the "desktop for idiots," there are other desktop alternatives out there, including (but not limited to) KDE. One might well ask why we should have multiple desktop projects if their end projects are indistinguishable. Let them, instead, choose their user bases and provide those users with the best desktop they can. If the desktops diverge from each other, the result will be more choice for users - and plenty of material to feed our GNOME/KDE flame war tradition well into the future.
Security
Community help as an attack vector
A recent IT-Director article discussed some of the reasons why small businesses (in the author's opinion) might not want to make the jump to free software. One of them was the following:
The article goes on to say that businesses respond to this problem by purchasing support from distributors. Paid support plans are a fine alternative in many situations, but people who have spent much time performing system administration have usually learned that, often, answers from the net can be quicker and more clueful than those from the paid providers. So the idea that community support could be used as a way to attack a system is disconcerting.
At first, it also seems rather unlikely. One wonders where this concern came from, given that there may not be a single case of a system having been compromised by way of "help" provided through a community forum. As a business sizes up the threats to its systems, malicious advice from the net should probably appear fairly low on the list.
That said, this possibility may be worth a little thought. The phishing problem shows that there is no shortage of people out there with an interest in social engineering attacks. Provision of bogus advice would not scale in the way mass phishing attacks do, but it might also fall on more fertile ground. A system administrator with a broken system, disgruntled users, and a pointy-haired boss breathing down his or her neck might be inclined to follow seemingly helpful advice from the net without thinking about it much first. In a world where software installation instructions begin with "turn off your antivirus software," any of a number of ill-advised suggestions might seem entirely reasonable.
So, sooner or later, some joker will probably attempt this sort of attack. For those who are especially concerned about this possibility, here's a few possible defenses:
- When asking for help on the net, consider using a non-work email
address. Requests from admin@big-defense-contractor.com may be more
likely to attract suspicious replies. It can only help to keep
potential attackers from knowing where the relevant systems are
located.
- Be highly suspicious of any replies which are not copied back to the
list where the question was originally asked. Hostile advice posted
to a public list will likely be spotted quickly, but there is no
public review of private mail.
- Make a point of understanding any suggested remedies before trying them.
The above is all entirely obvious stuff, but it should be sufficient to defend against most social engineering attacks disguised as responses to requests for help. As is the case in many areas of security, a bit of common sense goes a long way.
New vulnerabilities
apache: cross-site scripting
| Package(s): | apache | CVE #(s): | CVE-2005-3352 | ||||||||||||||||||||||||||||||||||||||||||||
| Created: | December 14, 2005 | Updated: | May 10, 2006 | ||||||||||||||||||||||||||||||||||||||||||||
| Description: | Versions 1 and 2 of the apache web server suffer from a cross-site scripting vulnerability in the mod_imap module; see this bugzilla entry for details. | ||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||
courier: unauthorized access
| Package(s): | courier | CVE #(s): | CVE-2005-3532 | ||||||||
| Created: | December 8, 2005 | Updated: | December 14, 2005 | ||||||||
| Description: | The Courier mail server's courier-authdaemon can grant access to deactivated accounts, allowing for unauthorized access to information. | ||||||||||
| Alerts: |
| ||||||||||
curl: buffer overflow
| Package(s): | curl | CVE #(s): | CVE-2005-4077 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | December 8, 2005 | Updated: | March 27, 2006 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | The curl file transfer utility has a buffer overflow vulnerability in the URL authentication code. If an overly long URL is used, a buffer overflow can result, allowing for local unauthorized access. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
ethereal: buffer overflow
| Package(s): | ethereal | CVE #(s): | CVE-2005-3651 | ||||||||||||||||
| Created: | December 13, 2005 | Updated: | January 4, 2006 | ||||||||||||||||
| Description: | A buffer overflow has been discovered in ethereal, a commonly used network traffic analyzer that causes a denial of service and may potentially allow the execution of arbitrary code. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
kernel: key rebinding
| Package(s): | kernel | CVE #(s): | CVE-2005-3257 | ||||||||
| Created: | December 14, 2005 | Updated: | January 4, 2006 | ||||||||
| Description: | Linux kernels through 2.6.14 allow any user to rebind console keys; this opening can be exploited to inject commands when other users are logged in. | ||||||||||
| Alerts: |
| ||||||||||
phpMyAdmin: multiple vulnerabilities
| Package(s): | phpmyadmin | CVE #(s): | CVE-2005-4079 CVE-2005-3665 | ||||||||||||||||
| Created: | December 12, 2005 | Updated: | November 20, 2006 | ||||||||||||||||
| Description: | Stefan Esser reported multiple vulnerabilities found in phpMyAdmin. The $GLOBALS variable allows modifying the global variable import_blacklist to open phpMyAdmin to local and remote file inclusion, depending on your PHP version (CVE-2005-4079, PMASA-2005-9). Furthermore, it is also possible to conduct an XSS attack via the $HTTP_HOST variable and a local and remote file inclusion because the contents of the variable are under total control of the attacker (CVE-2005-3665, PMASA-2005-8). | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
poppler: arbitrary code execution
| Package(s): | poppler | CVE #(s): | CVE-2005-3191 CAN-2005-3193 | ||||||||||||||||||||
| Created: | December 8, 2005 | Updated: | January 16, 2006 | ||||||||||||||||||||
| Description: | The poppler PDF rendering library has a heap overflow vulnerability that can be exploited by viewing specially crafted PDF files. An attacker can cause a crash or the execution of arbitrary code. This vulnerability is related to a similar vulnerability with xpdf. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current 2.6 prepatch remains 2.6.15-rc5; Linus, it seems, has been too busy stirring up desktop flamewars to get -rc6 out the door.A slow stream of patches continues to accumulate in the mainline git repository. These consist mostly of fixes, but there is also the removal of the "incomplete mapping" support discussed here last week (it was deemed unnecessary), a new rcu_barrier() primitive to wait until all queued RCU callbacks have run, and a build system change making the "optimize for size" option available for all configurations.
The current -mm tree is 2.6.15-rc5-mm2. Recent changes to -mm include a couple of new inotify flags controlling which files are to be watched, a Sony laptop ACPI driver, basic PCI domain support, a schedule_on_each_cpu() function to run code on every processor, a new high-resolution timers implementation, and a "batch" scheduling policy.
Kernel development news
Reworking the semaphore interface
The Linux kernel contains a full counting semaphore implementation. Given a semaphore, a call to down() will sleep until the semaphore contains a positive value, decrement that value, and return. Calling up() increments the semaphore's value and wakes up a process waiting for the semaphore, if one exists. If the initial value of the semaphore is ten, then ten different threads can call down() without blocking.Most users of semaphores do not use the counting feature, however. Instead, they initialize the semaphore to a value of one, allowing a single thread to hold the semaphore at any given time. This mode of use turns a semaphore into a "mutex," a mutual exclusion primitive which can be used to implement critical sections. Using a semaphore in this way is entirely valid.
There is one little issue, however: a simple binary mutex can often be implemented more cheaply than a full counting semaphore. If a semaphore is used in the mutex mode, the extra cost of the counting capability is simply wasted. Linux semaphores also suffer from highly architecture-dependent implementations, to the point that any changes to the semaphore API are very difficult to make. So cleaning up semaphores has been one of those items on the "do to" list for some time.
David Howells went ahead and did it. His patch adds a new, binary mutex type to the kernel. Since almost all of the semaphores currently in use are, in reality, mutexes, David changed the prototypes of most of the semaphore functions (down() and variants, up(), init_MUTEX(), DECLARE_MUTEX()) to take a mutex rather than a semaphore. To make things work again, most semaphore declarations have been changed to struct mutex, but, beyond the declaration change, code using mutexes need not be modified.
For code which truly needs a semaphore, a new set of functions has been provided:
void down_sem(struct semaphore *sem);
void up_sem(struct semaphore *sem);
int down_sem_trylock(struct semaphore *sem);
...
Kernel code which was actually using the counting capability of semaphores has been changed to use the new functions.
This patch makes fundamental changes to the kernel's mutual exclusion mechanisms, creates a flag day which breaks all out-of-tree code, and is generally quite large. But there is surprisingly little resistance to the patch in general. Some developers are concerned that some counting semaphores may have been converted to mutexes erroneously - it is hard to audit that much code and be absolutely sure of how every semaphore is used. It has also been noted that the posted mutex implementation may actually be slower than the semaphores it replaces, but that is something which, it is assumed, can be fixed. In general, however, almost nobody objects to making this sort of change.
There are some disagreements over just how the change should be done, however. Some developers do not want to see the old down() and up() functions switched to a different type which has no counter to bump "down" or "up." The alternative would be to create a completely new API for mutexes; Alan Cox has suggested names like sleep_lock() and sleep_unlock(). A completely new API would make it clear what is really going on; it would also make it possible to change over users gradually as they are audited.
Some developers would rather see a big flag day than a year-long series of patches slowly converting semaphore users over to mutexes. For them, the mutex changeover is a chance to get the API right, and they would rather see everything changed over at once. Gradual changeovers, it is argued, never seem to come to a conclusion; examples include the continued existence of the big kernel lock and the long-deprecated sleep_on() functions. Rather than live with a deprecated API for years, it may be better to just take the pain all at once and be done with it.
It has also been pointed out that there is another mutex patch in circulation: the real-time preemption tree has had mutexes for the last year. So far, there has been no real debate on whether the -rt implementation is better; Ingo Molnar does not seem to be pushing it, even though this might be a good opportunity to merge a significant chunk of the -rt tree into the mainline.
In the end, it looks like some sort of mutex patch is likely to be merged into a future mainline kernel - though it almost certainly will not be ready when the 2.6.16 window opens. The form of that patch could change significantly, however; stay tuned.
The end of gcc 2.95 support
For years, otherwise useful kernel patches have been rejected because they use language features which are not supported by version 2.95 of the gcc compiler. The developers have been reluctant to remove support for this ancient version of gcc (released in 1999) because some not-so-old distributions used it, and because a couple of architectures required it. More importantly, however: gcc 2.95 simply runs faster than later versions. For a kernel hacker waiting for a build to complete, compilation speed can be far more important than additional language features or more highly optimized code generation.In the middle of the mutex conversation, however, it was pointed out that some of the alternatives under consideration would not work with 2.95. In response, Andrew Morton, the biggest defender of 2.95 compatibility, threw in the towel. It seems that quite a few things in the kernel already fail to work with 2.95, and the situation is not getting better. So, says Andrew:
He followed up with a patch officially removing gcc 2.95 compatibility from the kernel. A suggestion to drop gcc 3.0 quickly followed; the 3.0 release was never widely used, and it lacks some features that the kernel developers would like to use. Moving directly to 3.1 as the oldest supported gcc would make life easier without a whole lot of additional pain.
Nothing has been merged into the mainline yet - and may not be until 2.6.16 opens. But the writing is clearly on the wall: anybody still trying to use these older compilers with current kernels will have to upgrade soon.
SMP alternatives
The i386 processor family poses a challenge for kernel builders. These processors have maintained instruction set compatibility for many years; code built for early Pentium processors will likely still run on current hardware. The problem is that code built for these older processors will fail to take advantage of features added later on. The "least common denominator" approach can thus lead to sub-optimal use of current CPUs.The kernel has a number of ways of dealing with this challenge. In some cases it can make decisions at run time, using processor features only if they are found to be present. Other features are only available by way of build-time configuration options; selecting these will result in a kernel which will not run on older systems. Yet another mechanism is the "alternatives" feature, which allows the kernel to optimize itself at boot time. Consider this example of alternatives use (from include/asm-i386/system.h):
#define mb() alternative("lock; addl $0,0(%%esp)", \
"mfence", \
X86_FEATURE_XMM2)
This macro places a memory barrier in the code, ensuring that all memory reads and writes initiated before the barrier complete before execution continues. The default implementation is essentially a bus-locked no-op; it will work anywhere. On newer systems, however, the more efficient mfence instruction is available, and it would be nice to use it.
The alternative() macro compiles in the default code, but also makes a note of its location (and alternative implementation) in a special ELF section. Early in the boot process, the kernel calls apply_alternatives(), which makes a pass through that special section. Every alternative instruction which is supported by the running processor is patched directly into the loaded kernel image; it will be filled with no-op instructions if need be. Once apply_alternatives() has finished its work, the kernel behaves as if it had been compiled for the processor it is actually running on. This mechanism allows distributors to ship generic kernels which can optimize themselves at boot time.
The 2.6 mainline uses alternatives sparingly: for barriers, prefetch hints, and saving the floating point unit state. Gerd Knorr, however, believes that the use of alternatives could be expanded to further reduce the range of kernels which distributors need to ship - and to improve runtime flexibility as well. In particular, he thinks that kernels can be optimized for single- or multiprocessor systems on the fly.
Gerd's SMP alternatives patch is an implementation of this concept. It creates an new macro (alternative_smp()) which can be used to specify optimal implementations of an operation on both uniprocessor and SMP systems; the proper version will then be selected at runtime. The main use of SMP alternatives in his patch is with spinlock operations; spinlocks can be patched in or edited out, as dictated by the configuration of the system at boot time.
There are a couple of interesting features in Gerd's patch. One is in the handling of the i386 architecture's lock prefix. This prefix, when applied to specific instructions, causes the instruction to run in a bus-locked, atomic manner. It is used for operations which must be seen coherently across a multiprocessor system; these include semaphore operations and the atomic_t implementation. Use of the lock prefix on uniprocessor systems imposes a runtime cost with no benefit; it would be nice to edit those out. The SMP alternatives patch takes a shortcut here; it simply remembers each location where a lock prefix appears. If the kernel boots on a uniprocessor system, all of those prefixes can be quickly overwritten with no-ops.
A more interesting - and more controversial - feature of this patch is that, when the kernel is converted between the SMP and uniprocessor mode, the overwritten instructions are remembered. At some point the the future, then, the alternatives code can reverse the change, switching the kernel back to the full SMP implementation. The code is then run whenever a CPU hotplug event happens, optimizing the kernel for the system's new configuration. A system can be initially booted with a single processor, and the alternatives code will edit out all of the SMP-related instructions. If another processor is added later on, the kernel will be automatically converted back into a fully SMP-capable mode. If processors are removed, the SMP code can be taken out too. All within a running system, with no need to reboot.
This feature may seem useful to a rather small minority of users - and it is. But that minority may be bigger than one thinks. Virtualization systems (and Xen in particular) are implementing the ability to configure the number of (virtual) CPUs in each running instance on the fly, in response to the load on each. So it may really be that a busy, virtualized server will have CPUs hot-plugged into it, and that those processors will go away when the load drops. Enabling the kernel to reconfigure itself on the fly when this happens will allow each Xen instance to run a kernel which is optimized for its current situation.
The CPU hotplug may be a hard sell - self-modifying code in a running kernel tends to make people nervous. The rest of the SMP alternatives patch seems likely to find a place in the mainline, eventually.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
Distributions in 2005
With the year 2005 coming to an end, let's take a brief look at some of the changes on the Linux distribution landscape over the past 12 months.Arguably the most exciting event of the year was the announcement by Novell to open up the development of SUSE Linux to public participation. Popular as SUSE has always been, the creation of the openSUSE project has clearly won many new users who have found the attraction of free ISO images, combined with SUSE's reputation for ease of use and excellent administration tools, irresistible. More importantly, many developers, beta testers and volunteer contributors have flocked to openSUSE and several SUSE-based subprojects were born on the project's Wiki-style web site. With reviews overwhelmingly positive, the new SUSE Linux 10.0 can safely be declared a winner in gathering most media attention, as well as attracting many new users in 2005.
Another distribution that has been marching from strength to strength is Ubuntu Linux. Although the project has only just celebrated its first birthday, the success of Ubuntu has demonstrated two interesting phenomena. Firstly, if done right, even a newly created distribution can become enormously popular - without the need to spend a single penny on advertising. Secondly, Linux users aren't particularly attached to a distribution and are quite willing to switch to a new product - if it fits their needs better. The credibility of Ubuntu was also boosted when its sponsor, Canonical Ltd, announced the creation of the $10 million Ubuntu Foundation; the upcoming version 6.04 will be enterprise ready in a sense that security updates will be provided for a minimum period of 5 years.
In contrast, Fedora and Mandriva, the two traditional power houses of the Linux distribution world, have had a relatively quiet year. Partly responsible for this is the fact that both distributions have extended their release cycles - from 6 months to 9 and 12 months, respectively. The September release of Mandriva Linux 2006 attracted mixed reviews in the media; perhaps a victim of its own success and its reputation for being one of the most user-friendly products on the market, the expectations are always high and even the slightest inconsistency or lack of attention to detail tends to result in harsh criticism by the reviewers. And although Mandriva remains a popular and much appreciated operating system, its long release cycle and the increasingly commercial nature of the product will undoubtedly result in some of its more advanced users drifting towards one of the non-commercial, community distributions.
Similarly, the Fedora project has also lost some ground this year, especially on the desktop. The lack of beta testing excitement that used to characterize the third quarter of each year and the relative calm on the project's mailing list (even after the recent release of the first beta of Fedora Core 5) are an indication that some Fedora users might have started looking elsewhere. The project's next stable release of is due in late February, which means that, unlike Ubuntu, which has essentially synchronized its releases with those of the GNOME desktop, it will just miss GNOME 2.14 (scheduled for release on March 15, 2006). That said, Fedora Core 5 will form the basis of the upcoming Red Hat Enterprise Linux 5, so it is expected to be one of the better tested releases, without too many experimental features.
The traditionally more server- and geek-oriented Debian GNU/Linux and Slackware Linux continued in their development work, even producing an odd stable release, which, in case of Debian, is a fairly rare achievement. By some accounts, Debian is the fastest-growing server distribution available today - perhaps a tribute to the project's legendary quality control and stability of the operating system. Both Debian and Slackware stayed with the tried and tested 2.4 kernel series (at least on the i386 platform), while Slackware remained the only major distribution shipping a vanilla kernel with its product. But despite its unusually conservative nature, Slackware continues to have surprisingly strong following, thus confirming that adding extra (and sometimes buggy) bells and whistles might not necessarily be the best way to increase the Linux user base.
Besides the above-mentioned main distributions, dozens of smaller projects continued fighting for the market share with the big boys. We keep getting very positive reports from users of PCLinuxOS and KANOTIX, two free, user-friendly distributions designed for the desktop. Those who wish to bring an older machine or a laptop back to life might consider trying Damn Small Linux or Puppy Linux, two small, incredibly fast and light-weight operating systems. And if you ever get tired of Linux, it's nice to know that several exciting alternatives were born during this past year, including Nexenta, a project that attempts to marry the OpenSolaris kernel with GNU and Debian utilities, and PC-BSD, which is building an easy-to-use installer and graphical administration utilities for FreeBSD.
What can we expect in 2006? While Fedora will be the first distribution with a new release in the new year, both SUSE and Ubuntu are already deep in the development of their next versions - expect two new releases from each during the course of the year. Among the commercial projects, Linspire 6.0 and Xandros Desktop 4 should feature in the headlines sometimes during the first half of 2006 as both companies continue in their quests to remove the last barriers of Linux acceptance among non-technical computer users. Mandriva's next new release is only expected in the third quarter of the year, while Debian's current plan is to complete the development of "etch" just before the end of the year. On the enterprise Linux front, both Red Hat and Novell are likely to announce major new releases. With the current trend in municipalities and government offices to migrate parts of their IT infrastructure to Free Software, both are well-positioned to take advantage of these new opportunities.
New Releases
64 Studio 0.6.0 released
64 Studio is a native x86_64 Linux distribution, based on Debian testing and designed specifically for creative desktop users. Version 0.6.0 alpha was released this week and is available for download.Ark Linux 2005.2 Released (DesktopLinux)
DesktopLinux covers the recent release of Ark Linux 2005.2. "A new version of Ark Linux, v2005.2 -- touted as an "easy-to-use distribution designed for non-technical users" -- was released Monday. It's based on Linux kernel 2.6.14rc2 and boasts the new KDE 3.5 desktop, OpenOffice.org 2.0, overall improvements to system size and speed, and better automatic handling of inserted CDs and DVDs, the project said."
New Openwall GNU/Linux ISO available
Openwall GNU/Linux has released an ISO snapshot of -current with a new installer that implements an ncurses/CDK-based user interface and many other patches and updates.New Quantian release 0.7.9.1 available
Quantian 0.7.9.1 has been released. This version is based on Knoppix 4.0.2 and adds hundreds of scientific / numeric packages, as well as the openMosix enabled 2.4.27 kernel.Ubuntu Flight CD 2
Ubuntu has a Flight CD 2 ready. This is the second in a series of milestone CD images that will be released throughout the Dapper development cycle, as images that are known to be reasonably free of showstopper CD-build or installer bugs. The Kubuntu Flight CD 2 is also available.Volkerding 2.0
Hidden away in the December 10 Slackware changelog (click below) is this news: "I know a lot of you have been wondering what's going on here, and the news is that my wife Andrea delivered our first child, a daughter Briah Cecilia (briah at slackware dot com :-) on 2005-11-22, and that event (and the weeks that led up to it) has had to take priority over the usual tasks of download/compile/test/package/upload." Congratulations, Patrick and family!
Distribution News
Intel notebooks for needy Debian developers
Intel has generously provided ten notebook computers for Debian Developers in developing countries.Fedora-netdev FC4: kernel-2.6.14-1.1644_FC4.netdev.5
The latest Fedora-netdev kernel (kernel-2.6.14-1.1644_FC4.netdev.5) is available for FC4.Ubuntu Server Project Unleashed!
The Ubuntu Server Team has been established to pursue short term, high impact goals for the Ubuntu 6.04 release, such as server hardware testing and kernel quality assurance. Watch for Dapper Drake Server Daily Builds to become available for testing.
New Distributions
QiLinux Docet: an Italian Educational Live Cd
QiLinux Docet is an Italian Educational Live Cd designed for Italian-speaking Schools. It is based on QiLinux and can be downloaded from the Download section of the QiLinux web site.
Distribution Newsletters
Debian Weekly News
The Debian Weekly News for December 13, 2005 covers a call for talks at FOSDEM, progress with C++ transitions, joining forces with Skolelinux, stabilizing the Linux Landscape with Debian, the release of DCC Common Core 3.0, new features on buildd.net, and several other topics.Fedora Weekly News Issue 25
The latest edition of the Fedora Weekly News looks at Fedora Logo Approval, Foss.in - Fedora report, Fedora Ambassadors FAQ, Fedora Core 5 Test 1 Review, Netcraft stats for web servers, Real Introduces Rhapsody.com, and more.Gentoo Weekly Newsletter
The Gentoo Weekly Newsletter for the week of December 12, 2005 covers Qt4 as it moves into Portage, an Alpha project status update, the release of a GWN guide, Gentoo Forums statistics visualized, and other topics.Mandriva Linux Community Newsletter #111
The Mandriva Linux Community Newsletter looks at the release of Mandriva Linux 2006 Free, Mandriva Linux 2006 Installation Party a success, a Mad Penguin review, and more.DistroWatch Weekly, Issue 130
The DistroWatch Weekly for December 12, 2005 is out. "This issue covers a variety of interesting topics, including a call to protest against introducing a DMCA-style law in France, Linux migration efforts by Berlin, Prague and Cape Town, and an insider's feedback to our last week's feature on backporting newly released applications to existing distributions. In the news section we'll introduce Security Enhanced SUSE, congratulate Patrick Volkerding, and draw your attention to a newly compiled list of FreeBSD projects for volunteer programmers. Finally, we'll take a brief look at the new Ark Linux 2005.2."
Package updates
Fedora updates
Fedora Core 4 updates: fetchmail (upstream maintenance release), mc (bug fixes), yum (bug fixes and additional caching), kbd (removes loadkeys), GFS-kernel (built against 2.6.14-1.1653_FC4 kernel), cman-kernel (built against 2.6.14-1.1653_FC4 kernel), dlm-kernel (built against 2.6.14-1.1653_FC4 kernel), gndb-kernel (built against 2.6.14-1.1653_FC4 kernel), dhcp (bug fixes), xterm (upgrade to upstream version 207).Fedora Core 3 updates: fetchmail (upstream maintenance release), mc (bug fixes).
Trustix updates
Trustix Secure Linux updates: amavisd-new, cpplus, mrtg, mysql and slocate & apache and postfix.
Newsletters and articles of interest
A Concise apt-get / dpkg Primer for New Debian Users (DebianPlanet)
BlogSpot has a Concise apt-get / dpkg primer for new Debian users. "Debian is one of the earliest Linux distribution around. It caught the public's fancy because of the ease of installing and uninstalling applications on it. When many other linux distributions were bogged down in dependency hell, Debian users were shielded from these problems owing to Debian's superior package handling capablities using apt-get." (Found on DebianPlanet)
Distribution reviews
SUSE Linux 10.0 (Globe and Mail)
The Globe and Mail reviews SUSE Linux 10.0. "I did have one heart-stopping moment when the just-installed system couldn't find its way to the Internet. I opened up various setup procedures to see if I could fix that, and was confronted by the kind of mind-crushing geekery that has hampered Linux's acceptance among the newbies for such a long time. I backed out of it without changing a thing. But by the time I had done that, SUSE reported that it had located the Internet all by itself, and I was off and surfing. The whole experience still baffles me."
Page editor: Rebecca Sobol
Development
Ruby On Rails
Version 1.0 of Ruby on Rails (also known as Rails), a web development framework that uses the Ruby language, was announced this week. Rails uses a database back-end. "Rails 1.0 is mostly about making all the work we've been doing solid. So it's not packed with new features over 0.14.x, but has spit, polish, and long nights applied to iron out kinks and ensure that it works mostly right, most of the time, for most of the people."
![[Rails]](https://static.lwn.net/images/ns/rails.png)
Rails is designed for achieving rapid productivity while maintaining programmer happiness, both of which are desirable goals. The project tutorials claim that it is possible to implement various high level web site features in just minutes.
Rails is a cross-platform project and it works with your choice of web servers, including Apache and lighttpd. Rails also offers a choice of databases, including MySQL, PostgreSQL, Firebird, as well as some proprietary choices.
There is a wide variety of Rails documentation available online, the API definition is a good place to go to view the inner workings of the project. The Rails screencasts section features a number of live tutorials examples on how to create useful web functionality in a short amount of time, and other conference presentations.
The Rails 1.0 announcement mentions the schedule for next release:
"Rails 1.1 is already pretty far along in
development and will see some of the biggest upgrades of any Rails
release. Hopefully some time in February.
"
For further reading, take a look at the Wikipedia entry on Ruby and the humorous why's (poignant) guide to Ruby, which sets a new standard for programming language manuals.
If you are looking for a good excuse to learn Ruby, Rails could be the perfect motivator.
System Applications
Audio Projects
JACK 0.100.7 Released
Version 0.100.7 of the JACK Audio Connection Kit has been released, it features several bug fixes.
Clusters and Grids
Linux-HA 1.2.4 Released
Version 1.2.4 of Linux-HA (Heartbeat) is out. "Barring unforeseen circumstances this is the final release of the 1.2 series, and contains several important bug fixes, and a minor security fix. It extends our tradition of high quality through excellent code, exhaustive automated testing, zero warnings in source."
Database Software
MySQL 4.1.16 has been released
Version 4.1.16 of MySQL is out. "This is a bugfix release for the recent production version."
PostgreSQL Weekly News
The December 11, 2005 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL database news and resources.
Embedded Systems
Xynth. A New Embedded Windowing System (GnomeDesktop)
GnomeDesktop has an announcement for the Xynth Windowing System. "New embedded and portable windowing system, client/server interface between display hardware (mouse, keyboard, video displays) and the desktop environment that works on many hardware, including embedded devices (handhelds, set-top boxes, etc.) has been released by Xynth. They say "The name Xynth comes from the coordinate system, which is the heart of the Xynth Windowing System design."
Filesystem Utilities
EVMS 2.5.4 Released (SourceForge)
Version 2.5.4 of EVMS, the Enterprise Volume Management System, has been released. "This is the fourth maintenance release in the EVMS 2.5.x series, and is primarily intended to fix some recent bug-reports, as well as to update to the most recent kernel and Device-Mapper releases."
Printing
JASmine: Open source accounting system for Cups
Version 0.0.2 of JASmine, an accounting system for the CUPS printing system, is available. See the release notes for more information.
Web Site Development
The Apache Software Foundation Announces Apache Beehive 1.0
Apache Software Foundation has announced the release of Apache Beehive 1.0, a J2EE web Framework. "Beehive uses JSR-175 annotations to simplify application development for developers and the creation of Java development tools by independent software vendors. Beehive is built around three projects, NetUI, Controls and Web Service Metadata (WSM), all of which can be used together or separately depending on the requirements of a specific application."
Apache Geronimo 1.0 released
The Apache Software Foundation has announced the release of version 1.0 of the Geronimo application server. "Apache Geronimo 1.0 introduces complete J2EE 1.4 certification, support for Java Business Integration (JBI), Jetty or Tomcat Web container deployment options, a complete Web-enabled management console based on Java Portlets, full integration with the Eclipse Web Tools Project, and integration of Apache Derby and the Apache Directory Server." The project page notes that the release went out a little early, so Geronimo 1.0 is not actually downloadable as of this writing.
Booh 0.8.4 released
Stable version 0.8.4 of Booh is available. "Booh is a static Web-Album generator. It's a program that takes one or several series of photos and videos, and automatically build static web pages to browse them, creating thumbnails etc." The download page has the change information.
PhpDig excels at small Web site indexing (Linux.com)
Linux.com looks at PhpDig. "PhpDig will index your site as frequently as you like via a cron job. Results are consistent and testable within minutes. PhpDig will crawl a single or multiple Web sites following links within the domain according to known rules and store the results in a MySQL database. Users can then use a search form provided by PhpDig to enter criteria and see immediately which pages appear to be relevant; and the results page is not subjected to commercial advertising."
UseBB 0.7 released (SourceForge)
Version 0.7 of UseBB, the light and Open Source PHP/MySQL bulletin board package, is available. "Version 0.7 is a major feature enhancements release."
Miscellaneous
Linux-Vserver releases second stable version: 2.01
Stable version 2.01 of Linux-Vserver, a virtualization technology, is out. "The Linux-VServer project is a soft partitioning concept based on kernel Contexts, providing isolation of process, network and filesystem, permitting the creation of many independent Virtual Private Servers (VPS) that run simultaneously on a single physical server at full speed, efficiently sharing hardware resources."
Desktop Applications
Audio Applications
gtkpod V0.99.0 Released (SourceForge)
Version 0.99.0 of gtkpod, a platform independent GUI for Apple's iPod using GTK2, has been announced. "The main new features are podcast, video and cover art support, type-ahead search functionality, better handling of compilation CDs. An 'Edit Details' dialog now allows easy editing of all track data including cover art."
MadJACK 0.1 Released
Version 0.1 of MadJACK has been announced. "MadJACK is a MPEG Audio Deck for the Jack Audio Connection Kit with an OSC based control interface. It was written as a backend for DJ music playback and is released under the GPL licence."
CAD
Sailcut CAD 1.2.0 (SourceForge)
Version 1.2.0 of Sailcut CAD, a CAD system for wind sail makers, has been announced. "The Sailcut CAD project is pleased to announce release 1.2.0 of its sail plotting package. Sailcut CAD's code has undergone a major overhaul for this release and has been ported to Qt 4. This release also features a number of improvements requested by users such as displaying the coordinates of the sail's corners in the Dimensions screen, better support for drawing kites and a new printout mode for users plotting sails by hand."
Desktop Environments
GARNOME 2.13.3-PRE Released (GnomeDesktop)
Version 2.13.3-PRE of GARNOME, the bleeding edge GNOME distribution, has been announced. "This is a *pre* release for smoketesting. The actual next unstable release is expected within the next 2 days."
Also, GARNOME 2.12.2.1 has been released, it features bug fixes and Firefox 1.5.
GNOME Software Announcements
The following new GNOME software has been announced this week:- Atomix 2.13.3 (translation work)
- control-center 2.13.3 (new features, bug fixes and translation work)
- Epiphany 1.9.3 (new features and bug fixes)
- Epiphany 1.9.3.1 (bug fixes and translation work)
- Eye of GNOME 2.13.3 (new features, bug fixes and translation work)
- gcalctool v5.7.15 (bug fixes and translation work)
- gedit 2.13.0 (unspecified)
- GLib 2.9.1 (unstable development release)
- gnome-games 2.13.3 (new features and bug fixes)
- GnomePythonExtras 2.13.0 (unstable development release)
- gnome-themes-extras 0.9.0 (Nuvola updates)
- Gnome-utils 2.13.3 (new features, bug fixes and translation work)
- Gnopernicus 1.0 (unspecified)
- Gotmail 0.8.7.1 (new features and bug fixes)
- GTK+ 2.8.9 (bug fixes)
- Gtk2-Perl 2.13.3 (new features and bug fixes)
- gucharmap 1.5.0 (bug fixes)
- libmms 0.2 (new features)
- libxklavier 2.1 (bug fixes)
- Pango 1.11.1 (new features, bug fixes and documentation work)
- PyORBit 2.13.1 (new features)
- Yelp 2.13.2 (new features, bug fixes and translation work)
- Zenity 2.13.3 (new features, documentation and translation work)
KDE Software Announcements
The following new KDE software has been announced this week:- amaroK 1.3.7 (new features and bug fixes)
- BitDefender FE 1.0 (new features)
- EmbedCover 0.7 (unspecified)
- KBibTeX 0.1.3 (new features and bug fixes)
- KDE DVD Authoring Wizard 1.02 (bug fixes)
- Mp3Fixer 0.9.1 (new features and bug fixes)
- Umbrello UML Modeller 1.5.0 (bug fixes)
Electronics
Logisim 2.0.3 released (SourceForge)
Version 2.0.3of Logisim, a graphical design and simulation tool for logic circuits, is available. "The new version introduces a module for logging simulation results into a file. Additionally, the new version introduces a Probe component into its base built-in library, and it repairs a few relatively minor bugs."
Signs 0.5.7 is available
Version 0.5.7 of Signs, a logic synthesis tool and gate level simulator for circuit descriptions in VHDL and other hardware description languages, has been announced. "This release featured lots of ATPG/Faultsim bugfixes and a much improved netlist viewer, which handles busses correctly. Performance of the handling of large netlists was improved."
XCircuit 3.5.2 released
Development version 3.5.2 of XCircuit, an electronic schematic drawing application, is out with bug fixes.
Financial Applications
TrustMaster 1.3 released (SourceForge)
Version 1.3 of TrustMaster is available. "TrustMaster is a financial application designed to manage trust deferrable expenses. TrustMaster is written in Java and deployed using the Java Web Start Framework. Data is stored in the embedded Apache Derby database. Release 1.3 utilizes TrustMaster's new reporting framework to provide Account List and Account Detail reports. Many more reports will be added in the near future. Also included in this release is the ability to delete erroneous entries the from Entries Dialog."
Graphics
GTK based 2D Animation software released under GPL (GnomeDesktop)
GnomeDesktop looks at the 2D animation software Synfig, which was recently released as open-source code.
GUI Packages
Learn KDE Programming with PyQt (KDE.News)
KDE.News mentions the availability of a new tutorial on PyQt. "Sebastian Kügler has written a new PyQt tutorial. Python is the perfect language to start learning programming with and this tutorial takes you through making a basic Qt based program. He also shows how pyuic from PyKDE Extensions makes it possible to use Qt Designer with Python."
Imaging Applications
Comix 2.2.1 released (SourceForge)
Version 2.2.1 of Comix, an image viewer designed to handle comic books, is available. "Version 2.2.1 contains a lot of bugfixes, mainly concerning the new thumbnail feature."
Interoperability
Wine 0.9.3 released
Version 0.9.3 of Wine (Wine is Not an Emulator) has been announced. It features OLE improvements, better audio driver management, browser improvements, new dbghelp APIs, wineserver directory objects, and bug fixes.Wine Weekly News Issue 301
Issue 301 of the Wine Weekly News is available. Topics include: News: Wine 0.9.3, Accelerating DirectDraw, Git Scripts, Finding Regressions, Feedback on aRTs, ESounD, and JACK Drivers, Fedora 64-bit x86, and Relay Segfaults.
Multimedia
GStreamer 0.10 is here
Version 0.10 of GStreamer, a streaming multimedia framework, is available. "One and a half year. A large number of developers contributing. High expectations and a lot of pressure. The wait is over, GStreamer 0.10 has arrived! GStreamer 0.10 is a huge step forward for GNU/Linux and Unix multimedia. Power, stability, functionality, deployment, industry support, GStreamer 0.10 has it all. Prepare yourself for the revolution!" See the release announcement for a long list of new features.
Miscellaneous
fluxus 0.8 released
Version 0.8 of fluxus, a scheme scripting environment for audio or osc driven 3D animation, is available for your viewing pleasure. Changes include mouse interactivity, native JACK support, JPEG screen dumps, and more.
Languages and Tools
C
GCC 3.4.5 has been released
Version 3.4.5 of GCC, the Gnu Compiler Collection, is available. "This version is a minor release, from the 3.4.x series, fixing regressions with respect to previous versions of GCC."
Caml
Caml Weekly News
The November 29 - December 13, 2005 edition of the Caml Weekly News is online with new Caml language articles.
Java
iText 1.3.6 released (SourceForge)
Version 1.3.6 of iText, a JAVA-PDF Library, is available. Here are the changes: "You can now define a repeating footer for a PdfPTable. Lists and combo fields can now be set in the AcroFields object. There was some serious debugging activity in the area of class Table (thank you Karsten Klein!). The toolbox looks a little bit different now. There's a new tool that allows you to inspect the internals of a PDF file."
Jameleon 3.0.4 Released (SourceForge)
Version 3.0.4 of Jameleon, an automated testing framework, is available. "Changes were made to the Jameleon Core, Jiffie Plug-in and HttpUnit Plug-in. All modules have been compiled against Java 1.4.2 and should work with both Java 5.0 and 1.4.2."
Pascal
Free Pascal 2.0.2 released
Version 2.0.2 of Free Pascal has been announced. "This is a bug fix release, so don't expect a big new feature list here. Most of the almost 700 changes made to 2.0.2 since 2.0.0 are fixes for some issues."
Perl
Testing Files and Test Modules (O'Reilly)
Phil Crow shows how to test Perl code on O'Reilly. "For the last several years, there has been more and more emphasis on automated testing. No self-respecting CPAN author can post a distribution without tests. Yet some things are hard to test. This article explains how writing Test::Files gave me a useful tool for validating one module's output and taught me a few things about the current state of Perl testing."
Python
Dr. Dobb's Python-URL!
The December 14, 2005 edition of Dr. Dobb's Python-URL! is online with the latest Python language articles and resources.
Ruby
Ruby Weekly News
The December 11th, 2005 edition of the Ruby Weekly News looks at the latest discussions from the ruby-talk mailing list.
Tcl/Tk
Dr. Dobb's Tcl-URL!
The December 8, 2005 edition of Dr. Dobb's Tcl-URL! is online with the latest Tcl/Tk articles and resources.Dr. Dobb's Tcl-URL!
The December 12, 2005 edition of Dr. Dobb's Tcl-URL! is available with the latest Tcl/Tk news and resources.
Build Tools
The Apache Software Foundation Announces Maven 2.0 and Continuum 1.0
The Apache Software Foundation has announced the release of Apache Maven 2.0 and Continuum 1.0. "Maven 2.0 is based on a unified Project Object Model (POM) architecture, which consists of metadata describing clear, consistent phases for building projects. Maven 2.0 offers a unique plug-in environment that provides an extensible development framework to support multiple languages for total re-usability across projects. It also features new software "DNA" mapping to track and manage transitive build dependencies across repositories. Continuum 1.0 enables continuous integration by both automating the testing and packaging phases of the software build, and providing reports on build status, including success, failure and unit test coverage."
Test Suites
STAF V3.1.1 and STAX V3.1.1 released (SourceForge)
Version 3.1.1 of STAF, the Software Testing Automation Framework the associated STAX package, are available with bug fixes.
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Linux Desktop Developers Find Common Ground (eWeek)
eWeek covers a recent OSDL meeting which included over two dozen representatives from various Linux desktop projects. "The most concrete result from the meeting, however, was the creation of the Portland Project. "Portland will provide a common set of Linux desktop interfaces that allows applications to easily integrate with the Linux desktop that the end user or his organization has chosen to work with," said Waldo Bastian, a KDE engineer and a FreeDesktop leader."
Report of the KDE Quality Assurance Meeting (KDE.News)
KDE.News reports on the recent KDE Quality Assurance Meeting. "After having some food, Ellen Reitmayr of OpenUsability.org fame was kind enough to educate the rest of us about usability. The fact that a whole bunch of factors which influence the usability of the user interface can easily be checked automatically came as a relieving surprise (so the idea wasn't all that crazy after all!). During her explanations, it became apparent that even though many things are terribly difficult to check automatically it would be a big achievement if we could have nightly checks for the low hanging fruits. Getting them out of the way (and there are a lot of them) would give the usability people more time to focus on the things which actually require human intervention."
Trade Shows and Conferences
LinuxWorld Boston mulls "invisible Linux" pavilion (LinuxDevices)
LinuxDevices reports that LinuxWorld Boston 2006 organizers are considering an embedded Linux pavilion. "According to Exhibits Coordinator Ellen Boland, the Invisible Linux pavilion concept is modeled after a similar, successful pavilion at a LinuxWorld Expo in Germany. Although currently still at the "concept stage," several companies have expressed interest, she says. "Obviously, mobile is the hot area. We're talking to embedded Linux users such as Nokia, Motorola, and PalmSource, as well as embedded Linux OS and service providers.""
LISA '05 Conference: Day 1 (NewsForge)
Joe 'Zonker' Brockmeier reports from the 19th Large Installation System Administration (LISA) Conference in San Diego. "LISA is a strong community show, and you'll hear a lot of references to the "hallway track," the between-sessions time where geeks get together between classes and socialize. I've already met a number of interesting folks from other companies, and have had a great time chatting with other geeks in attendance and finding out what kind of work they do, and what tools they use." Day 2 is also available.
Last day at LISA (NewsForge)
Joe 'Zonker' Brockmeier reports from the 19th Large Installation System Administration Conference (LISA). "At LISA, no matter how well you plan your schedule, the odds are good that you won't be able to attend all of the sessions that you're interested in. Case in point: On Friday morning I had to choose between a refereed papers session about management tools, an invited talk on wireless security, guru sessions on change management and security/cryptography, or Kevin Bankston's invited talk on "How Sysadmins Can Protect Free Speech and Privacy on the Electronic Frontier." In the end, I opted for Bankston's talk."
Companies
Mandriva Strives to Win Business, Desktop Users (eWeek)
eWeek looks at Mandriva's growing business. "Today, the company has approximately 130 employees with most of them in France and Brazil. With a market cap of about 35 million Euros and quarterly revenues of approximately 5.5 million Euros, Mandriva is now fiscally stable."
Red Hat Supports Creative Commons
Red Hat has announced a challenge grant for donations to the Creative Commons. "Red Hat supports Creative Commons in their mission. Creative Commons is in the midst of a year-end fund drive, and Red Hat has established a matching program to help them meet their goal. If you donate to Creative Commons, Red Hat will match your donation dollar for dollar, up to a maximum of $5000 total for all donations." The challenge will end on December 31. (Thanks to Benjamin Kosnik.)
Revitalised Turbolinux spreading its wings (NewsForge)
NewsForge looks at the latest developments from Turbolinux. "Turbolinux, recovered and prospering in its new incarnation as an Osaka Securities Exchange-listed company, is looking to achieve success in Asian markets beyond Japan and China. The company, now a subsidiary of booming Japanese portal operator Livedoor, has announced plans to double its percentage of income from exports to neighboring countries to 20% within the next couple of years. The latest venture for Turbolinux is into the relatively untapped Vietnamese market, where it has started to conduct market research under a contract with Japan's Ministry of Economy, Trade and Industry."
Linux Adoption
Linux in Italian Schools, Part 7: Teaching Free SW to Adults in Bari (Linux Journal)
The seventh edition of Linux in Italian Schools looks at how Free and Open Source Software is helping Italian schools with adult education and training programs. "The first module of the 2002 program, for example, ranged from teaching the definition of ICT and its influence on society and daily life to ergonomics and legal implications of computer security. The next module explained in detail how to create folders, what home directories and file permissions are and why, on Linux, disks have to be mounted. Immediately after this, students would learn what a graphical user interface is and how to choose one from GNOME, KDE and the others."
Open Source - Is it a Valid Direction for You? (IT-Director)
IT-Director tries to discourage business interest in open source, especially on the desktop. "Technical support will involve participating in internet forums, asking people of unknown capability for help with any problems and trusting that what comes back is a real fix, not some means of a malicious person gaining access to the user's system. This haphazard way of supporting IT is unattractive, especially for smaller businesses with limited in-house expertise."
Legal
CCIA Calls on ECMA to Reject MS's Proposal (Groklaw)
Groklaw looks at a letter from the CCIA regarding open office standards. "The Computer & Communications Industry Association (CCIA) has just sent Ecma International a letter calling upon the international standards group to reject "Microsoft's proposal for what it calls an open standard for office productivity applications." "Far from fostering competition," the letter, signed by Ed Black, President and CEO of CCIA said, "Microsoft's proposal seems destined to assure that only Microsoft will produce software that can interoperate fully with its products.""
Agenda for MA Meeting on Dec. 14 (Groklaw)
Groklaw shows the agenda for a meeting to discuss open formats. "The agenda for the December 14 meeting, "An Open Forum on the Future of Electronic Data Formats for the Commonwealth," the Hart public meeting, has now been distributed to interested parties. It's in .doc format, natch. Sigh. Some of the Massachusetts senators really do think the whole world uses Microsoft. Thanks to OpenOffice.org, I was able to read it anyway, even though I don't use Microsoft's Word. There is life without Microsoft."
Chancellor announces intellectual property review (HM Treasury)
The British government will hold a year-long review of the UK's intellectual property rights system. "The review will provide an analysis of the performance of the UK IP system, including: the way in which Government administers the awarding of IP and their support to consumers and business; how well businesses are able to negotiate the complexity and expense of the copyright and patent system, including copyright and patent licensing arrangements, litigation and enforcement; and whether the current technical and legal IP infringement framework reflects the digital environment, and whether provisions for fair use by citizens are reasonable." (Thanks to Nick Talbott.)
Interviews
The People Behind KDE: András Mantia András Mantia
The latest interview in The People Behind KDE series features András Mantia. "Q:In what ways do you make a contribution to KDE? A:In general my biggest contribution is C++ code and some documentation. Ideas and discussions might also be considered as a contribution. The main area where I work is the kdewebdev module in general and Quanta Plus especially. Together with Eric Laffoon we are the heart of Quanta and its current maintainers. Outside of kdewebdev, I contributed to some extends to the KDE libraries, to KDevelop, kdetv and some patches here and there which I don't count."
Busy Executive by Day and Linux Developer by Night (LXer)
LXer interviews Fabio Marzocca, author of the BUM Boot-Up Manager. "LXer: How did you get involved with Linux, and Ubuntu in particular? Fabio: I have a typical experimenting approach towards anything is new, and when Linux came out I was extremely curious. Then, about 4 years ago, I was tired about Windows capabilities because I felt it was choking any free experimenting activity, so I gave Linux a try.... and I fallen in love!"
Through Project Looking Glass with Hideya Kawahara (O'ReillyNet)
John Littler interviews Hideya Kawahara about Project Looking Glass. "3D has practically taken over video gaming. Lifelike, if not very pleasant, worlds exist aplenty--worlds that most users find easily navigable without any training whatsoever. Is the world of spreadsheets, word processors, and the like just unsuitable for 3D? Is it a case of "If it ain't broke, don't fix it"? Or is it that we've lacked imagination? John Littler recently talked to Hideya Kawahara about an open source 3D desktop project that he started and that Sun subsequently took under its wing."
Interview with Marten Mickos CEO of MySQL AB (LXer)
LXer has an interview with Marten Mickos, CEO of MySQL AB. "The top goal is always to produce something about which our users and customers can say, "It just works!". This means focusing on reliability, performance and ease of use. Yes, we also add new features, but new features are not our top priority. We try to make sure that we fit into the new IT architectures -- the LAMP stack, web applications, new types of enterprise applications, and so on."
China's Red Flag Sees Desktop as Linux Battlefield (eWeek)
eWeek has posted an interview with Red Flag VP Zhongyuan Zheng. "And from the end of last year, the central government asked the provincial governments and the city governments to buy legal software to replace all of the previously illegal software. These governments - city and provincial - compared the performance, capabilities and price of desktop Linux and Windows and they considered whether they could migrate all their applications from Windows to Linux. So finally about 30 percent of desktops in China now use Linux. Microsoft has about 60 percent."
Resources
Bug Trackers: Do They Really All Suck? (O'ReillyNet)
O'ReillyNet is looking for better bug tracking systems. "More than most tools, bug trackers serve lots of different groups of people. Developers want to know which bugs need to be fixed. Testers want to know which bugs have been fixed in each build. Managers want answers to very different questions: "What kinds of bugs are there?" "Who should work on this bug?" and, "Is the number of critical bugs increasing or decreasing?""
Security Expert Dan Geer's Letter to MA Senator Pacheco Re ODF (Groklaw)
Groklaw looks at security reasons to use OpenDocument format. "Here is a letter that security professional Dan Geer has just sent to Massachusetts Senator Marc Pacheco, and he tells me he sent similar letters to Secretary of the Commonwealth Francis Galvin and Senate President Robert Travaligni. He warns them that the Commonwealth needs to mitigate its risk by avoiding a computing monoculture. If a private company received such a letter, I assure you that their lawyers would take it very seriously, as it would put them on notice, actual notice. Dr. Geer strongly supports OpenDocument Format, as you will see, and his reasons include concern about security issues."
Reviews
OOo Off the Wall: Master Documents (Linux Journal)
The Linux Journal continues its look at OpenOffice.org features with this article on master documents. "Master documents aren't a feature of Writer that everyone needs. If you never write documents longer than 30 pages, you probably can ignore them entirely. However, if you ever write anything longer--especially a document that shares some parts with other documents--take the time to learn about them."
Miscellaneous
A certifiable path to Linux Jobs (Linux-Watch)
Linux-Watch looks at Linux certification programs. "[As] Linux increasingly is entering businesses' front doors rather than as a skunk-works project in the back-room, the people hiring Linux-workers are more likely to be in human resources than in IT. That, in turn, means you're more likely to be judged by your degrees and certifications than by your experience and skills."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
EFF: New Canadian Voice in Digital Rights Issues
The Electronic Frontier Foundation has sent out a media release regarding the new Online Rights Canada organization. "Online Rights Canada (ORC) launched in Canada Friday, giving Canadians a new voice in critical technology and information policy issues. The grassroots organization is jointly supported by the Canadian Internet Policy & Public Interest Clinic (CIPPIC) and the Electronic Frontier Foundation (EFF)."
EFF: North Carolina Sued for Illegally Certifying Voting Equipment
The Electronic Frontier Foundation has sent out a press release concerning their suit over the illegal certification of three electronic voting systems in North Carolina. "North Carolina law requires the Board of Elections to rigorously review all voting system code "prior to certification." Ignoring this requirement, the Board of Elections on December 1st certified voting systems offered by Diebold Election Systems, Sequoia Voting Systems, and Election Systems and Software without having first obtained let alone reviewed the system code. "This is about the rule of law," said EFF Staff Attorney Matt Zimmerman. "The Board of Elections has simply ignored its mandatory obligations under North Carolina election law."
EU adopts data retention
The FFII has sent out a dispatch (click below) on the adoption of the data retention directive by the European Parliament. It looks like a worst-case outcome: massive privacy invasion, few limits on how data can be used (the entertainment industry will be pleased), and more. "Among other harsh measures, the directive mandates recording of the source and destination of all emails you send and every call you make, and your location and movement during mobile phone calls. Additionally, the directive says nothing about who has to pay for all this logging, which will significantly distort the internal telecommunications market."
Preliminary GNOME Foundation election results
The preliminary results for this year's GNOME Foundation board election have been posted. The board going forward would appear to consist of Luis Villa, Jeff Waugh, Federico Mena-Quintero, Jonathan Blandford, David Neary, Anne Østergaard, and Vincent Untz. Click below for the full results.KDE India Founded (KDE.News)
KDE.News reports on the creation of KDE India. "A group of enthusiastic KDE users and developers met last week at the FOSS.IN conference in Bangalore, one of the largest Free and Open Source Software meetings in the world, to combine their efforts in various regions of the country under a common banner and build a central platform for all things KDE in India. Along with spreading KDE awareness in India, especially in colleges and with local businesses, KDE.in has a few more practical goals. KDE.in will provide Indian KDE developers and users with a community hub to coordinate with and support each other."
Commercial announcements
Alcatel Selects MySQL Cluster Database
Telecom provider Alcatel will be using the MySQL cluster database, according to this press release. "Under the agreement, Alcatel will use the high-availability MySQL Cluster database in its Multi-access Data Server (MDS) platform, to be used as part of several Alcatel network products, including the Home Location Register (HLR), IP Multimedia Home Subscriber Server (IM-HSS) and Unlicensed Mobile Access (UMA) systems."
MyEclipse 4.1 Ships new Web 2.0 Development Tools
Genuitec has announced the release of MyEclipse 4.1. "Backed by world-class support, MyEclipse is the comprehensive J2EE®- and Web-development tool suite designed for Enterprise developers and consultants looking for top value in a commercial-grade Integrated Development Environment (IDE). MyEclipse 4.1 is the first Eclipse-based platform to support AJAX development, offer an integrated image editor and include new Web 2.0 development capabilities."
Japan's Institute of Fluid Science to Install New SGI Supercomputer
SGI has announced the selection of an SGI 1280 processor supercomputer by Tohoku University's Institute of Fluid Science. "The new supercomputer, shipped this summer, is comprised of a scalable SGI(R) Altix(R) 3000 scalar parallel server based on the 64-bit Linux(R) OS, a vector parallel NEC computer, a scalable Silicon Graphics Prism(TM) visualization system, external secondary storage systems and data archive systems, all of which are interconnected via high-speed network, enabling sharing of large files with the SGI(R) InfiniteStorage CXFS(TM) shared filesystem and the NEC GFS global file system attached to the Storage Area Network (SAN)."
SugarCRM Introduces Sugar Suite 4.0
SugarCRM Inc. has announced the release of version 4.0 of their Sugar Suite customer relationship management (CRM) software. "Guided by customer and community input, Sugar Suite 4.0 introduces powerful new functionality such as advanced reporting and customizable dashboards, campaign management, workflow management and access control, email processing and enhanced lead sharing."
Switzerland to run SUSE
Novell has announced a deal with the Swiss federal government whereby much of the federal infrastructure will move over to SUSE Linux. All told, Novell expects that over 3000 servers will run SUSE.VMware Delivers VMware Player
VMware, Inc. has announced their new VMware Player. "VMware, Inc., the global leader in virtual infrastructure software for industry-standard systems, today announced the general availability of VMware Player, a free new product that enables anyone to easily run, evaluate and share software in a virtual machine on a Windows or Linux PC. In addition, VMware announced that it has partnered with the Mozilla Corporation to deliver the Browser Appliance, a virtual machine powered by Mozilla Firefox that allows users to securely browse the Internet."
New Books
Counter Hack Reloaded - Coming this month
The book Counter Hack Reloaded, Second Edition by Edward Skoudis and Tom Liston will be published by Prentice Hall, PTR on December 30.Designing Interfaces - O'Reilly's Latest Release
O'Reilly has published the book Designing Interfaces by Jenifer Tidwell.Head First HTML with CSS and XHTML - O'Reilly's Latest Release
O'Reilly has published the book Head First HTML with CSS & XHTML by Elisabeth Freeman and Eric Freeman.Linux Multimedia Hacks - O'Reilly's Latest Release
O'Reilly has published the book Linux Multimedia Hacks by Kyle Rankin.Run Your Own Linux and Apache Web Server - SitePoint's latest release
SitePoint has published the book Run Your Own Linux & Apache Web Server by Stuart Langridge and Tony Steidler-Dennison.Prentice Hall Announces Publication of: Point and Click OpenOffice.org
Prentice Hall has published the book Point & Click OpenOffice.org by Robin 'Roblimo' Miller.Wireless Networking Magic--O'Reilly's Latest Release
O'Reilly has published the book Wireless Networking Magic by Rob Flickenger and Roger Weeks.
Resources
FSF Europe Newsletter
The December 8, 2005 edition of the Free Software Foundation Europe Newsletter is online. Topics include: First Austrian Fellowship meeting, Tweakfest in Zurich, UN World Summit on Information Society, LinuxWorld Expo in Frankfurt/Main, Seminar in Dublin about preventing software patentability, Jornadas Regionales de Software Libre in Rosario (Argentinia), LinuxDay in Italy, Removal of Free Software from WSIS "Vienna Conclusions" and Welcoming the Free Software Foundation Latin America.
Surveys
GNOME's marketing slogan for 2006 should be.. (GnomeDesktop)
GnomeDesktop.org requests your input for the 2006 GNOME marketing slogan.
Upcoming Events
Novell is 'Open for Growth' at BrainShare Global 2006
Novell, Inc. has announced the dates for its BrainShare Conference, March 19 - 24, 2006. "Attendees will be able to select from over 200 sessions conducted by Novell employees, customers and partners, with topics ranging from enterprise data center management to implementing open source software and securing IT information assets."
Call for Papers: Use of OSS and ODF (LinuxMedNews)
LinuxMedNews has announced a call for papers for a special track on the use of OSS and ODF in Health and Medical Systems at the IEEE International Symposium on Computer-Based Medical Systems. The conference will take place in Salt Lake City, Utah on June 22 and 23, 2006.PyCon 2006 registration now open
Registration for PyCon 2006 is open. The event will take place in Addison, Texas on February 24-26, 2006.Modern Computer Music and DSP Programming Tools Workshop in Germany
The Modern Computer Music and DSP Programming Tools Workshop will be held in Mainz, Germany on December 20, 2005.Events: December 15, 2005 - February 9, 2006
| Date | Event | Location |
|---|---|---|
| December 15 - 20, 2005 | Umeet Virtual Meeting(UMEET 2005) | Online |
| December 15, 2005 | 24th Annual Minnesota Government IT Symposium | St. Paul, Minnesota |
| December 27 - 30, 2005 | 22nd Chaos Communication Congress | Berlin, Germany |
| January 13 - 15, 2006 | ShmooCon 2006 | (Wardman Park Marriott Hotel)Washington, D.C. |
| January 23 - 28, 2006 | linux.conf.au 2006 | Dunedin, New Zealand |
| January 23 - 25, 2006 | Black Hat Federal Briefings and Training 2006 | (Sheraton Crystal City)Washington, D.C. |
| January 24 - 26, 2006 | O'Reilly Emerging Telephony Conference | (San Francisco Airport Marriott)San Francisco, CA |
Web sites
Segetech Ltd Launches Open Source Software Integration and Configuration Portal
Segetech Ltd has announced the launch of their Segetech Open Source Rendezvous site. "Segetech, Ltd., provider of Open Source customization and integration services, today announced the launch of Segetech Open Source Rendezvous portal. The portal contains detailed guides to configure and integrate some of the most widely used Open Source components as seamless computing environments. The site is available immediately without registration or membership fee."
Page editor: Forrest Cook
Letters to the editor
Andrew Brown's article on OpenOffice
| From: | Alastair Stevens <alastair-AT-altrux.me.uk> | |
| To: | tech-AT-guardian.co.uk, letters-AT-lwn.net | |
| Subject: | Andrew Brown's article on OpenOffice | |
| Date: | Thu, 08 Dec 2005 22:51:35 +0000 |
Dear Sirs I have just read Andrew Brown's musings on OpenOffice* in this week's technology supplement, and I'm compelled to disagree with his conclusions. I'm been an OpenOffice user for some years myself, and I agree that it has its major flaws, and that its development pace is more glacial than many would like. However, it is well known that the open source model doesn't always work well for certain classes of software, this being one of them. That conclusion is nothing new. But to generalise it into a sweeping slur on the open source development model is completely wrong. Open source has more than proved itself in the arena of infrastructure software; after all, vast portions of the Internet's servers have run on it for years. There are countless examples of open source projects powered by a healthy and active community of participants, which produce rapidly-maturing, stable and remarkably bug-free products. OpenOffice is a unique project, with lofty challenges and daunting goals; but to paint its shortcomings onto the entire, vast open source movement is deeply misleading. Yours etc Alastair Stevens Cambridge, UK * http://technology.guardian.co.uk/weekly/story/0,16376,166... -- o Alastair Stevens : fruit of 1976 /-'_ LPI (Level 1) >> www.altrux.me.uk |\/(*) /\__ Linux Certified ________________________________ . .(*) _____/ \___________________ Still suffering with IE? Ignite a new web - www.GetFirefox.com
Page editor: Jonathan Corbet