The Grumpy Editor's Obviously Incorrect 2006 Predictions

Your editor doesn't really know any more about what will happen this year than anybody else. But he has never been one to let such a difficulty stop him from embarrassing himself by posting predictions in front of thousands of people. So, without further ado, here's a set of highly unlikely prognostications for the coming year. As usual, no warranty applies.

Legal issues

The GPLv3 process will dominate the news for the first half of the year. The FSF seems fully aware of the stakes involved in a new version of the GPL, and Eben Moglen is the ideal person to push this effort forward. But there is no way that changes to such a fundamental document could be anything but controversial. How the FSF handles the feedback it gets will determine whether the resulting license is widely respected - and used.

The non-free kernel module issue will come to a head this year. Patience with these modules has been fading for years, while concern over the lack of free drivers for certain types of hardware is on the increase. This year, some developer or other is likely to force the issue and mount a more direct challenge to the legality of proprietary kernel modules. Others, meanwhile, will continue to make them harder to write and maintain. Either way, we may reach a point where the maintenance of, for example, proprietary drivers for video cards is no longer feasible. Whether the end result is the release of free drivers or the complete withdrawal of support remains to be seen.

The broadcast flag will be back, and European software patents too. The interests behind this sort of legislation never give up, so we'll never be able to stop fighting. But if we keep up the battle, we stand a respectable chance of winning much of the time.

Development

2006 will be the year of Linux on the desktop. Just like the last ten years. Don't expect any amazing advances, just slow, steady progress. The applications will get better, and people will slowly see more reasons to run Linux. Governmental mandates for open document formats - likely to proceed despite the tactics used in Massachusetts - will help in this regard.

The world will begin to discover alternatives to OpenOffice.org. OpenOffice is great stuff, and it lets Office workers move over to free software without overly disrupting their world. But there is a great deal of interesting work being done on platforms like AbiWord, KOffice, Gnumeric, etc. Once people get past "looks like Office" and start to concern themselves with issues like memory footprint or innovative new features, they will become more open to alternatives. Luckily for us, the free software community is strong enough to be able to provide those alternatives.

De-bloating will gain on new features as a development priority in many projects. This work will be driven partly by a general unease with the size of our systems, and partly by the increase in the number of developing-country hackers who are particularly motivated to make things run well on older, less capable hardware.

Perl 6 will not be released; it may not even be completely specified by the end of the year. We will, however, start seeing Perl 5 releases with more backported Perl 6 features.

The Fedora project will have to make changes to preserve developer and user interest in 2006. Fedora is still hard to contribute to, its decision process is relatively opaque, the promised Fedora Foundation is missing, the short support period keeps users on an upgrade treadmill, Fedora Legacy is not staffed at a level where it can be relied upon, and, crucially, other free, leading-edge distributions (OpenSUSE, Ubuntu) are increasingly competing for the same users. Fedora remains a top-quality distribution, but it risks losing some of the user and developer energy which makes it an important distribution.

Debian 'etch' will be released in December, on schedule -- or, at least, very close to it. The Debian developers are tired of their reputation for unreliable release schedules and see an opportunity to improve the situation.

Emacs 22 will be released. This prediction may seem like more of a stretch than even the Debian release, but the time is coming for the emacs hackers to show the world that they have not been idle all these years.

The pace of kernel development will not slow. The increased emphasis placed on avoiding regressions and user-space breakage will continue, however, and the quality of kernel releases will continue to go up. The kernel available one year from now will be substantially different from the current 2.6.15 release - but it will be good stuff.

Commerce

There will be an increasing number of Linux-based gadgets available. Embedded Linux is finally reaching the potential it has shown for many years, and it will show up in no end of interesting new toys. Unfortunately, most of those toys will be locked down and not hackable.

Novell will get its act together and become a truly successful Linux-based company. This result will be a combination of long experience in selling to large businesses, clueful people on staff, and a strong desire among customers to have more than one vendor to choose from.

Ubuntu/Canonical will start to make some real money. At some point the company has to bring in some revenue if it is to be sustainable over the long term. But, more to the point, the Ubuntu folks seem to be doing many things right: generating interest in the user and developer communities while pursuing goals (such as application certification) which make large customers happy.

Miscellaneous

iPod users will begin to notice two free operating systems for their toys, being iPodLinux and, toward the end of the year, Rockbox. The latter should be especially interesting to blind users, thanks to its voice menu feature. The advantages of free software for gadgets will become clear to more people - but so will the conflict with DRM schemes.

A Firefox vulnerability will be used to compromise systems. Firefox is too big and complex to be without vulnerabilities, and it is becoming too popular to ignore.

The SCO case will drag on, perhaps severely reduced by renewed motions from IBM and Novell. But few people will care anymore.

The safest prediction of all, of course, is that Linux and free software will continue to improve. The development momentum behind the free software community is truly amazing, and it shows no signs of slowing down. Whatever else happens over the next year, our systems will be stronger and more fun to work with. Your editor is looking forward to it.

Comments (51 posted)

GStreamer's MP3 for Linux

The MP3 audio format is a pain. It is patent-encumbered, making it hard for Linux distributors to package (or Linux users to use) legally in various parts of the world. It doesn't even sound all that good, compared to some of the alternatives. Yet MP3 is hard to avoid; digital audio players often prefer it, and much of the interesting audio content to be found on the net is encoded as MP3. So Linux users who do any amount of audio listening with their systems generally end up with MP3 software on their systems even if their distributor refuses to include it.

The hassles of tracking down unofficial repositories, configuring a system to use those repositories, and installing MP3-capable software are something that many Linux users take in stride. Using Linux has often required some of that kind of work, after all; you newcomers should just be happy that you don't have to come up with your own XFree86 modelines anymore. But the lack of native MP3 capability is an impediment for potential users who want things like audio to simply work without a bunch of fiddling around. Such people tend to be uninterested in discussions of the evil of software patents and the superiority of Vorbis audio. None of that helps them listen to their favorite Norwegian reggae Internet radio station.

The folks at Fluendo - the main force behind GStreamer - have made an attempt to improve this situation. Fluendo has bought a patent license for the MP3 technology, and has used it to make a couple of different items available:

• A GStreamer plugin for MP3 released under the BSD license; it is downloadable from the Fluendo site.

• A binary-only version of the plugin which has been made freely downloadable via the Fluendo web shop. The binary plugin is generated from the BSD-licensed source.

There are other freely-licensed MP3 decoders available, but the Fluendo release is still worthy of note due to its use of the BSD license. Most MP3 codecs are licensed under the GNU GPL, which includes this language:

This language makes it hard to distribute patent-encumbered, GPL-licensed code, so the redistribution of any application containing a GPL-licensed MP3 codec is legally dubious. The use of the BSD license is an attempt to avoid this particular clause of the GPL. One should not forget, however, that the result of linking BSD- and GPL-licensed code is normally a derivative work which must retain the GPL license. So it is not clear that any GPL-licensed GStreamer application can be shipped with the new decoder.

The binary-only plugin has a different intent. This plugin is fully licensed, so any Linux user (on a supported version of a supported distribution on a supported architecture) should be able to install it and play MP3 files without patent worries. Distributors can also sign a contract [PDF] with Fluendo which allows the binary plugin to be included with a distribution. There are plenty of restrictions in the contract, including an end-user license which prohibits further redistribution. So, while a distributor can gain the right to legally distribute the binary-only MP3 decoder, any derivative distributions must sign their own agreement with Fluendo to obtain the same right. The contract also prohibits "embedded" use, so projects like iPodLinux seem unlikely to be able to ship this plugin.

So Linux distributors can now ship MP3-capable distributions, as long as they don't mind the little fact that any such distribution is not 100% free. Which distributors will accept this deal remains to be seen; in a few cases, some guesses can be made based on the discussion (or lack thereof) on the relevant mailing lists:

• Fedora looks like it will sit for months waiting for Red Hat's lawyers to issue a pronouncement. One Red Hat staff member has said, however: "I expect there will be future developments in the media formats area of Fedora, but for now it seems unlikely that we will do more than link to the packages you have kindly made available."

• Mandriva already includes MP3 support in its distribution. Assuming that Mandriva feels safe in shipping MP3 codecs now, it probably sees little to gain by adding a binary-only version.

• Ubuntu seems to be considering including the plugin in its "restricted" area. There is some discussion of whether it would still be legal to include rhythmbox, which is GPL-licensed with no plugin exception, in such a work.

Most other major distributions do not currently appear to have a public discussion going.

In an ideal world, our systems would include free codecs for all of the widely-used audio and video formats. The world we actually live in, unfortunately, requires that we set our expectations a little lower. While many of us can do nicely with formats like Ogg much of the time, the simple fact is that missing MP3 support makes Linux less useful for many people. And this is not a problem that can be solved by coding. The contributions from Fluendo do not qualify as a solution, but they could well help make Linux work for people who were not able to do what they wanted previously. That's a step in the right direction, even if it is not ideal.

Comments (34 posted)

A proposed SonyBMG settlement

Just before the end of 2005, word got out that SonyBMG had put together a proposed settlement in of of the class-action suits spawned by its ill-advised copy protection measures. The EFF promptly signed on to the settlement as well. The full text is available in PDF format; the following is a summary.

The ostensible plaintiffs in this action - SonyBMG customers who installed the DRM software found on SonyBMG discs - don't get a whole lot directly. The settlement allows for XCP victims to get a non-DRM version of their discs, to download MP3 copies of the songs on the discs, the right to download one album "from a list of more than 200 titles," and the option of (1) three more album downloads or (2) a check for $7.50. People who bought MediaMax-protected discs only get one album download.

That is not a whole lot of compensation for somebody whose computer has been compromised by SonyBMG's malware. It rather differs from the hard line taken by the recording studios against those deemed to be "pirates." This result is not particularly surprising, however; class-action suits are rarely about the interests of the people named as plaintiffs. Nonetheless, there are provisions of this settlement which will benefit those plaintiffs - and many others as well. They include:

• SonyBMG agrees to immediately recall all CDs containing the XCP software. In theory, this recall has already happened, but there have been numerous reports of XCP discs remaining on store shelves.

• The company will also stop manufacturing CDs with the MediaMax DRM software - for at least two years. MediaMax is not quite as bad as XCP, but it still has "phone home" capabilities and can open up a system to security problems.

• SonyBMG will provide uninstallers for XCP and MediaMax, and a security update for MediaMax as well.

• Numerous behavioral changes are called for; SonyBMG agrees not to install software without a positive agreement, to make uninstallers available, to describe the functionality of software to the user "in plain English," to, refrain from collecting data on users, to issue patches for security problems, and to "obtain comments" on its EULAs and potential security vulnerabilities in its future DRM software. These constraints only apply through 2007, however.

Together, these terms comprise a set of rules that music distributors might be expected to play by in the future. On the good side, they call for explicit information on what DRM software does, limitations on phoning home, the availability of uninstallers, and some attention to security issues. That's a start, and more than was available before.

On the other hand, this settlement fails to address fundamental questions, such as whether it is right to force people to install software to listen to music they have purchased. Limitations on fair use, including making backup copies or putting music on a portable player, are not addressed. This settlement makes it clear that DRM software does not have complete freedom on the user's computer, but it in no way questions the correctness of that software in the first place. The entertainment industry remains free to make its DRM regime is restrictive as it likes, as long as it does not step on users' toes in other ways.

In other words, SonyBMG's original purpose for XCP - keeping its customers from putting music onto their iPods - has not been addressed. The company is free to attempt to impose the same restrictions in the future. The people behind the suit can claim a win, and the lawyers will certainly get their (currently unspecified) cut. The court will likely approve the settlement, but SonyBMG is not out of the woods yet. Various other lawsuits are still outstanding, including one in Texas which alleges spyware violations.

Why the EFF signed on to this agreement is not entirely clear; perhaps declaring victory was more important trying to fight the larger battle. It would have been nice if this case could have been used to attack the assumptions and goals behind DRM in general, rather than being satisfied with the creation of a basic DRM code of conduct. That is a battle which will have to be fought another day.

Comments (5 posted)

Novell's XGL code posted

The December 22 LWN Weekly Edition contains an article on how a significant amount of XGL (X over OpenGL) work has been done behind closed doors at Novell. XGL hacker David Reveman has now posted Novell's code with a request that it be added to the freedesktop.org CVS repository. Large amounts of work have been done; see David's mail for the summary. Now all that work has to be somehow merged with what the rest of the XGL developers have been doing in the open; this may turn out to be a long process.

Comments (2 posted)

The WMF vulnerability

Image file formats continue to be fertile ground for anybody seeking security vulnerabilities. It seems that there is a tiny hole in the "Windows metafile" (WMF) implementation on just about every version of Windows. Exploits exist and are widespread; all it takes to be compromised is an attempt to view a malicious WMF file. Using Internet Explorer to view web page which includes the WMF file is sufficient; depending on who you believe, it may also be possible to deliver malicious files in email.

Quite a few sites hosting exploits have been found; by some estimates, hundreds of thousands of machines have already been compromised. Happily, Windows users can rely on Microsoft's recent commitment to security for a patch.

Unhappily, it seems that Microsoft, which has known about the vulnerability since sometime in December, will not have a fix available until January 10. Meanwhile, users are told to be careful out there and "avoid reading email from strangers." So Windows users will be left vulnerable to a severe vulnerability - with numerous exploits already happening - for a minimum of two weeks. It is tempting to insert a long, Microsoft-bashing rant here, but there is little point.

Instead, we'll point out a couple of things which might be worth knowing if you're concerned with security issues involving Windows in any way:

• Firefox (on Windows) users are vulnerable too. Being compromised via Firefox is harder than with Internet Explorer; current versions of the browser require an explicit user action before a WMF file will be displayed. But requiring an extra click is a thin line of defense, at best.

• There is an unofficial fix available for people who do not want to wait for Microsoft to get around to putting up a patch. By all accounts, the fix does exactly what it says it does, but, since it is a binary patch, it is hard to verify independently.

It is hard to imagine a vulnerability of this severity staying open for so long in the free software world. If distributors were slow in releasing a patch, the community would fill in quickly - with verifiable, source-available fixes. There is little doubt that, sooner or later, a serious vulnerability will threaten free software users; that is, unfortunately, the nature of software. But the nature of free software should keep that vulnerability from being left open for anywhere near so long.

(See also: the CERT advisory for the WMF vulnerability and this FAQ).

Comments (9 posted)

cpio: arbitrary code execution

Package(s):	cpio	CVE #(s):	CVE-2005-4268
Created:	January 2, 2006	Updated:	March 17, 2010
Description:	Richard Harms discovered that cpio did not sufficiently validate file properties when creating archives. Files with e. g. a very large size caused a buffer overflow. By tricking a user or an automatic backup system into putting a specially crafted file into a cpio archive, a local attacker could probably exploit this to execute arbitrary code with the privileges of the target user (which is likely root in an automatic backup system).
Alerts:	CentOS CESA-2010:0145 cpio 2010-03-17 Red Hat RHSA-2010:0145-01 cpio 2010-03-15 rPath rPSA-2007-0094-1 cpio 2007-05-07 Red Hat RHSA-2007:0245-02 cpio 2007-05-01 Ubuntu USN-234-1 cpio 2006-01-02

Comments (none posted)

dhis-tools-dns: insecure temporary file

Package(s):	dhis-tools-dns	CVE #(s):	CVE-2005-3341
Created:	December 27, 2005	Updated:	January 4, 2006
Description:	Javier Fernández-Sanguino Peña from the Debian Security Audit project discovered that two scripts in the dhis-tools-dns package, DNS configuration utilities for a dynamic host information System, which are usually executed by root, create temporary files in an insecure fashion.
Alerts:	Debian DSA-928-1 dhis-tools-dns 2005-12-27

Comments (none posted)

ketm: arbitrary code execution

Package(s):	ketm	CVE #(s):	CVE-2005-3535
Created:	December 23, 2005	Updated:	January 4, 2006
Description:	Steve Kemp from the Debian Security Audit Project discovered a buffer overflow in ketm, an old school 2D-scrolling shooter game, that can be exploited to execute arbitrary code with group games privileges.
Alerts:	Debian DSA-926-2 ketm 2005-12-23 Debian DSA-926-1 ketm 2005-12-23

Comments (none posted)

nbd: arbitrary code execution

Package(s):	nbd	CVE #(s):	CVE-2005-3534
Created:	December 22, 2005	Updated:	January 4, 2006
Description:	The network block device server has a vulnerability that can potentially be used to execute arbitrary code.
Alerts:	Gentoo 200512-14 nbd 2005-12-23 Debian DSA-924-1 nbd 2005-12-21

Comments (none posted)

openmotif: buffer overflows

Package(s):	openmotif	CVE #(s):	CVE-2005-3964
Created:	December 29, 2005	Updated:	July 27, 2006
Description:	The libUil component of the OpenMotif toolkit has a pair of buffer overflow vulnerabilities that can possibly be used for the execution of arbitrary code.
Alerts:	Fedora FEDORA-2006-854 openmotif 2006-07-26 Red Hat RHSA-2006:0272-01 openmotif 2006-04-04 Gentoo 200512-16 openmotif 2005-12-28

Comments (none posted)

php: CRLF injection vulnerability

Package(s):	php	CVE #(s):	CVE-2005-3883
Created:	December 27, 2005	Updated:	January 4, 2006
Description:	A CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument, when using sendmail as the MTA (mail transfer agent).
Alerts:	Mandriva MDKSA-2005:238 php 2005-12-27

Comments (none posted)

phpbb2: multiple vulnerabilities

Package(s):	phpbb2	CVE #(s):	CVE-2005-3310 CVE-2005-3415 CVE-2005-3416 CVE-2005-3417 CVE-2005-3418 CVE-2005-3419 CVE-2005-3420 CVE-2005-3536 CVE-2005-3537
Created:	December 22, 2005	Updated:	February 11, 2008
Description:	The phpbb2 web forum has a number of vulnerabilities including: a web script injection problem, a protection mechanism bypass, a security check bypass, a remote global variable bypass, cross site scripting vulnerabilities, an SQL injection vulnerability, a remote regular expression modification problem, missing input sanitizing, and a missing request validation problem.
Alerts:	Debian DSA-925-1 phpbb2 2005-12-22

Comments (none posted)

pinentry: local privilege escalation

Package(s):	pinentry	CVE #(s):
Created:	January 3, 2006	Updated:	January 4, 2006
Description:	Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered that the pinentry ebuild incorrectly sets the permissions of the pinentry binaries upon installation, so that the sgid bit is set making them execute with the privileges of group ID 0.
Alerts:	Gentoo 200601-01 pinentry 2006-01-03

Comments (none posted)

printer-filters-utils: privilege escalation

Package(s):	printer-filters-utils	CVE #(s):
Created:	January 2, 2006	Updated:	January 4, 2006
Description:	A local root vulnerability has been discovered in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable, allowing the possibility for a local user to gain root privileges.
Alerts:	Mandriva MDKSA-2005:239 printer-filters-utils 2005-12-30

Comments (none posted)

rssh: privilege escalation

Package(s):	rssh	CVE #(s):	CVE-2005-3345
Created:	December 27, 2005	Updated:	January 4, 2006
Description:	Max Vozeler discovered that the rssh_chroot_helper command allows local users to chroot into arbitrary directories. A local attacker could exploit this vulnerability to gain root privileges by chrooting into arbitrary directories.
Alerts:	Gentoo 200512-15 rssh 2005-12-27

Comments (none posted)

scponly: privilege escalation

Package(s):	scponly	CVE #(s):	CVE-2005-4532
Created:	December 29, 2005	Updated:	February 13, 2006
Description:	The scponly restricted shell has a privilege escalation vulnerability. Local users can chroot into arbitrary directories, and can gain root privileges if a directory contains hard links to setuid programs. Also, scponly does not properly validate command line parameters to the scp and rsync commands.
Alerts:	Debian DSA-969-1 scponly 2006-02-13 Gentoo 200512-17 scponly 2005-12-29

Comments (none posted)

tkdiff: insecure temporary file

Package(s):	tkdiff	CVE #(s):	CVE-2005-3343
Created:	December 27, 2005	Updated:	January 4, 2006
Description:	Javier Fernández-Sanguino Peña from the Debian Security Audit project discovered that tkdiff, a graphical side by side "diff" utility, creates temporary files in an insecure fashion.
Alerts:	Mandriva MDKSA-2006:001 tkcvs 2006-01-03 Debian DSA-927-2 tkdiff 2005-12-29 Debian DSA-927-1 tkdiff 2005-12-27

Comments (none posted)

xnview: privilege escalation

Package(s):	xnview	CVE #(s):
Created:	December 30, 2005	Updated:	January 4, 2006
Description:	Krzysiek Pawlik of Gentoo Linux discovered that the XnView package for IA32 used the DT_RPATH field insecurely, causing the dynamic loader to search for shared libraries in potentially untrusted directories.
Alerts:	Gentoo 200512-18 xnview 2005-12-30

Comments (none posted)

Kernel release status

The current stable 2.6 kernel is 2.6.14.5, released on December 26. It contains the usual set of fixes, mostly in the networking and SCSI subsystems.

The current 2.6 kernel is 2.6.15, announced by Linus on January 2. The changelog entry for the release says "Hey, it's fifteen years today since I bought the machine that got Linux started. January 2nd is a good date." This release contains a fair number of fixes since -rc7, but no big changes. The 2.6.15 series as a whole has added a big set of 802.11 improvements, hotplug memory support, much-improved NTFS support, much-improved CIFS support, the open-iSCSI initiator, shared subtrees, a new, IPv6-capable netfilter connection tracking implementation, and much more. The long-format changelog has the details. See also LWN's Kernel Page coverage of features as they were added (here and here) and the KernelNewbies Linux Changes Wiki.

The floodgates have not yet opened for the 2.6.16 development cycle, so there is no pile of pending patches in the mainline git repository as of this writing. There have also been no -mm kernel releases since December 14.

The current 2.4 prepatch is 2.4.33-pre1; Marcelo launched the 2.4.33 cycle on December 29. This prepatch includes some security fixes, some networking work, and, it is said, the last ever big SATA update for 2.4.

Comments (3 posted)

Quote of the week

-- Andrew Morton

-- Linus Torvalds

Comments (none posted)

A summary of 2.6.15 API changes

The 2.6.15 kernel is out. The following is a summary of changes to the internal kernel API found in this release, with an emphasis on changes visible to driver writers. This information will be folded into the LWN 2.6 API changes page shortly.

• The nested class device patch was merged, allowing class_device structures to have other class_devices as parents. This patch is a hack to make the input subsystem work with sysfs. This code will change again in the future; see Greg Kroah-Hartman's article for more information on what is planned.

• The prototypes for the driver model class "interface" methods add() and remove() have changed; there is now a new parameter pointing to the relevant interface structure.

• A new platform_driver structure has been added to describe drivers for devices built into the core "platform."

• The prototypes for the suspend() and resume() methods in struct device_driver have changed. They are also only called once per event, rather than three times as in previous kernels.

• Two new fields have been added to the device_pm_info which control how drivers should act on hardware-created wakeup events; see this article for details.

• There is a notification mechanism which lets interested modules know when a USB device is added to (or removed from) the system. This system is used by some core code; drivers do not normally need to hook in to it.

• The gfp_t type is now used throughout the kernel. If you have a function which takes memory allocation flags, it should probably be using this type.

• Code using reader/writer semaphores can now use rwsem_is_locked() to test the (read) state of the semaphore without blocking.

• The new vmalloc_node() function allocates memory on a specific NUMA node.

• The "reserved" bit for memory pages has, for all practical purposes, been removed.

• vm_insert_page() has been added to make it easier for drivers to remap RAM into user space VMAs.

• There is a new kthread_stop_sem() function which can be used to stop a kernel thread which might be currently blocked on a specific semaphore.

• RapidIO bus support has been merged into the mainline.

• The netlink connector mechanism makes netlink code easier to write. Independently, a type-safe netlink interface has been added and is used in parts of the networking subsystem.

• These kernel symbols have been unexported and are no longer available to modules: clear_page_dirty_for_io, console_unblank, cpu_core_id hugetlb_total_pages, idle_cpu, nr_swap_pages, phys_proc_id, reprogram_timer, swapper_space, sysctl_overcommit_memory, sysctl_overcommit_ratio, sysctl_max_map_count, total_swap_pages, user_get_super, uts_sem, vm_acct_memory, and vm_committed_space.

• Version 1 of the Video4Linux API is now officially scheduled for removal in July, 2006.

• The owner field has been removed from the pci_driver structure.

• A number of SCSI subsystem typedefs (Scsi_Device, Scsi_Pointer, and Scsi_Host_Template) have been removed.

• The DMA32 memory zone has been added to the x86-64 architecture; its purpose is to make it easy to allocate memory below the 4GB barrier (with the new GFP_DMA32 flag).

• A call to rcu_barrier() will block the calling process until all current RCU callbacks have completed.

As can be seen from this list, the kernel API continues to evolve. The claims of certain well-known maintainers notwithstanding, it doesn't look like things will slow down much anytime soon.

Comments (2 posted)

Drawing the line on inline

Kernel programmers tend to like inline functions. They resemble C macros, in that they result in code inserted directly into the calling function, with no added function call overhead. But, unlike macros, they offer type checking and the ability to include multiple lines of code without adding a pile of backslashes. In cases where a function is optimized out entirely, an inline function turns into no code at all - a level of efficiency which is hard to beat. And, in some cases, inlining is required; consider, for example, functions which embody special assembly instructions needed by the kernel.

Inline functions also have their costs, however. Their code is duplicated for every call, so inline functions which are called from more than one place make the kernel larger. Increasingly, developers are becoming aware that this size increase carries a performance penalty. As the gap between CPU and memory speeds grows, cache behavior increasingly determines how fast a program runs. So the performance benefits of inline functions are often, at best, illusory, and sometimes negative; a larger kernel will be a slower kernel.

Ingo Molnar recently raised this issue with a set of patches changing how the kernel is built. By turning on unit-at-a-time compilation (which causes gcc to consider an entire file in its optimization decisions) and by turning off forced inlining, he was able to achieve a 5.3% size reduction. Taking things to an extreme, and applying these patches to an "allyesconfig" kernel (one with all configuration options turned on) results in a nearly 25% smaller kernel. That is, to say the least, a significant size reduction to be achieved by such a small patch. Anybody interested in de-bloating the kernel should be paying attention.

These patches have not been accepted by everybody, however. In particular, the turning off of forced inlining is controversial. When gcc is not forced to honor the inline keyword, it makes its own decisions, based on the size of the function and how many times it is called. When told to optimize for size, in particular, gcc will have a strong bias against inline functions. This approach yields a significant size reduction, but there is a problem: Linus doesn't trust the gcc maintainers to code consistent and correct inline heuristics, and Andrew Morton doesn't either. Rather than turning off forced inlining and letting gcc figure things out, they would rather go through the code and remove unnecessary inline declarations one by one.

It is true that the kernel has been burned by changes to how gcc handles inline in the past. Since then, gcc seems to have gotten smarter, and one can argue that its maintainers have become more aware of the issues. There is also the little fact that cleaning up the existing inline declarations is not a small job; Ingo says:

Arjan van de Ven adds:

How all of this will turn out is unclear. Certainly one can expect a higher level of resistance to patches adding inline functions in the future. There is likely to be a long flurry of de-inlining patches as well. The ability to turn off forced inlining might be added to the build system as an experimental option; some distributors may even decide to use this option for the kernels they ship. But enough developers seem uncomfortable with the idea of turning off forced inlining wholesale that this option may not get beyond the "experimental" stage for some time.

Comments (10 posted)

Goodbye semaphores?

In the previous episode, Ingo Molnar had posted his own version of the mutex patch, adding a new synchronization primitive to the kernel. Ingo has continued to refine this patch set, with frequent releases; the current version is V10 V11 V12 V13 V14. This patch set has faced ongoing resistance from Andrew Morton, who didn't see the reasons for adding a new mutual exclusion mechanism to the kernel. Andrew, instead, wished that the developers would concentrate on fixing the problems with the current semaphore code.

Perhaps the most significant development since then has been a private conversation between Andrew and Ingo. There is, it seems, a plan in place which would replace the current semaphore implementation entirely. Almost all current semaphore users are implementing simple mutual exclusion areas, so they would be converted over to the new mutex type directly. An estimated 90% of current semaphore users fall into this category. Of the remaining users, about 90% employ semaphores to indicate event completion. The task of converting those users to the completion type has been ongoing for some time; replacing semaphores would require finishing this job. Finally, an estimated 1% of the semaphores in the kernel are used for their counting feature; they can be converted over to a (not yet posted) architecture-independent counter type.

Once all that work is done, semaphores could be removed from the kernel altogether. Says Andrew: "It's a lot of churn, but we'll end up with a better end result and a somewhat-net-simpler kernel, so I'm happy." Linus, meanwhile, has offered some suggestions for improvements (already incorporated by Ingo) and stated: "At that point I'd like to switch to mutexes just because the code is cleaner!"

Since then, most of the discussion has been concerned with the details of the mutex implementation rather than whether it is fundamentally a good idea or not. The main objections would appear to have been overcome. So, unless something new comes up, it looks like this change is going to happen; the only question is "when." The next couple of weeks will determine whether the mutex code will be part of 2.6.16 or not. Then all that's left is the long task of converting all semaphore users over and, finally, removing the old semaphore code.

Comments (11 posted)

First Look at Turbolinux 11 "Fuji"

There aren't many Linux companies that were established in 1992 and are still going strongly today. With the exception of Slackware, Turbolinux is probably the only one, its beginnings dating back to that year when it was established in Tokyo under the name of Pacific HiTech. The company later moved its headquarters to the United States, but returned to Japan shortly after the dot-com bust where it changed hands several times. Currently concentrating on markets in Japan and China, it recently recorded a profit for the first time and, according to an analyst firm, it consistently beats all other Linux suppliers, including Red Flag, in terms of new server shipments in China.

In November, a new version of Turbolinux was released. Version 11, better known as "Fuji", was the company's first major product in over two years and, similar to its previous version, it is primarily intended as a desktop operating environment designed to simplify migration from Windows to Linux. Besides the standard base system with Linux kernel 2.6.13, X.Org 6.8.2, KDE 3.4.2 and GNOME 2.10, the product bundles a large number of third-party applications, which makes Turbolinux a heavily customized proprietary Linux distribution. It is currently available in Japan only where it retails for a hefty $143, although a low-end edition without some of the proprietary components is available for about $49. An international edition is planned for release in early 2006. All products are supported with security updates for 5 years.

Turbolinux was kind enough to send me a review copy of the product and I installed it on my test system - a 1.4GHz Pentium 4 machine with an ASUS P4T mainboard, 384 MB of RAM, Matrox Millennium G450 graphics card, and Realtek 8139too network card. The Turbolinux installer, called "Mongoose", provides little to write about other than to say that it is a nicely-designed and intuitive graphical installer with support for English (en_US), Japanese (EUC) and Chinese (GB18030 and Big5). After copying the base system from the first two CDs, the installer gives an option to install the proprietary applications (both commercial and some gratis ones, such as Flash Player) from the third CD. I chose to install all that was available - partly to see what Turbolinux ships with and partly to evaluate the usefulness of these applications, especially in the light of the high price tag.

After the trouble-free installation of the system and spotless hardware auto-configuration, I rebooted and was pleased to see that the Turbolinux GRUB menu listed not only Turbolinux, but also all other Linux distributions on the two hard disks. By default, the system boots straight into a good-looking KDE desktop, automatically logging in the first user created during system install. The boot process was remarkably fast and KDE was ready for use in as little as 45 seconds after boot (for comparison, SUSE Linux 10.0 takes 117 seconds to boot into KDE on the same system). The company's way of preventing illegal copying of its products is to supply a serial number which the user needs to transmit to Turbolinux to obtain a license file. Without it, some of the included custom utilities, such as "TurboPlus" for product updates, will not work.

Now it was time to investigate the proprietary components of the distribution. After all, Turbolinux's marketing strategy clearly revolves along the lines of providing enough added value to justify the product's high price. The first utility that hit my eyes after browsing through the KDE menu was TurboPlus. Designed to provide a convenient way to keep the product up-to-date with security and bug fixes, this custom application is pre-configured to connect to the Turbolinux server (once a day by default) to check for package updates and optionally update the system. Roughly one month after the release, TurboPlus listed 6 packages that needed security updates and 42 packages were lined up to receive bug fixes. Besides software updates, the application also serves to install and uninstall software and plugins, and to create desktop and menu shortcuts.

The next on test was "DAVID". Spotting its icon in the system tray and not being able to make out the purpose of the application from its name, I clicked on the icon to launch what looked like a file manager, with the right pane containing unusual icons labeled as "a:", "c:", "d:", "f:", "z:". Upon some investigation it turned out that DAVID Explorer, as is the application's full name, is indeed a file manager - but with a difference. Here, "c:" represents a Windows directory as created by the WINE emulator and pre-configured with many common file extensions, while "f:" is the user's home directory and "z:" is the root directory. Very unusual if you are a seasoned Linux user, but perhaps a more familiar directory layout for those just moving over from Windows. The application's interface is in Japanese only.

Another unique piece of software shipping with Fuji is "Turbo Media Player". This time there was no need to guess what the application was for, although a closer examination after its launch revealed that it is nothing more than a revamped Kaffeine 0.7.1. Turbolinux previously released a multimedia edition which featured a licensed DVD player (a Linux edition of PowerDVD) to play encrypted videos on Linux, but I was disappointed to see that Fuji does not include it. The only difference between standard Kaffeine and Turbo Media Player is the latter's ability to play Windows Media files out of the box (Turbolinux has licensed the codecs from Microsoft). But it certainly doesn't play encrypted DVDs and there is no easy way to install the required plugin.

One of the most important value-added applications in Fuji is a Linux edition of ATOK, a proprietary input method for the Japanese language, together with 5 Japanese TrueType fonts. Unfortunately, I couldn't find a way to change the language and, being unfamiliar with ATOK, I couldn't figure out whether it was possible to use it while the language was set to English. At that point I decided to re-install the system, choosing Japanese this time. After this, ATOK was available by default - by the way of a floating toolbar in the bottom right corner of the screen. Trying to type Japanese, ATOK indeed turned out to be a much more intelligent and intuitive input method than any of the free ones, offering choice in case of ambiguous input and automatically inserting correct characters wherever possible.

Fuji also comes with the new StarOffice 8 (or StarSuite, as it is called in Japan), RealPlayer, Java, Acrobat Reader, and Flash plugin. There is TurboSearch, a desktop search engine, similar to Beagle or Kat and nicely integrated into the KDE panel. I was unable to check the GNOME implementation of Turbolinux because the KDE's "End Session" button would simply re-start KDE without taking a breather at the login screen - this was one of the few bugs I noticed during the day of examining the distribution.

So how does Turbolinux's new product rate in the grand scheme of things? As proprietary distributions go by, Fuji certainly offers a fair share of extra bells and whistles, all pre-configured and ready to use. The company has obviously gone to great length to make the product acceptable to new converts from Windows and to minimize the stress associated with learning a new operating system. Users already familiar with Linux might prefer to save their money by choosing a free distribution, then do a bit of work to install plugins, OpenOffice.org, and one of the freely available software for Japanese input. But it is easy to see how Turbolinux can be a viable choice for medium-size companies which might prefer a pre-configured product with long-term support. Given the company's good financial results in recent years, it seems that many of their customers in Japan do indeed see good value in the product - despite its relatively high price tag and other negatives of a proprietary operating system, such as vendor lock-in.

Comments (2 posted)

NetBSD 3.0

The NetBSD Project has announced the release of NetBSD 3.0. "NetBSD is widely known as the most portable operating system in the world. It currently supports fifty seven different system architectures, all from a single source tree, and is always being ported to more. NetBSD 3.0 continues our long tradition with major improvements in stability, performance, networking, security, also includes support for two new platforms (iyonix and hp700), and many new peripherals."

Comments (12 posted)

KANOTIX 2005-04

KANOTIX has released version 2005-4 in a Lite-Version with Koffice 1.4.2, a Full-Version with OpenOffice 2.0.0-5, and a new AMD64-Version.

Comments (none posted)

New releases from Linux Netwosix

Linux Netwosix has announced the release of stable version 1.3 with many updates and enhancements. Development version 2.0-rc1 has also been announced. "This is the first release of the 2.x branch and include a new improved setup tool based on Crux-Linux. Among the many program updates and distribution enhancements you will find a stable, complete and cleaned GNU/Linux box for your network-security related jobs. Linux Netwosix 2.0-rc1 uses the latest 2.6.14.5 stable kernel bringing you advanced and reliable performances." A new forum for the Linux Netwosix community is also available.

Comments (none posted)

New Trinity Rescue Kit available

Version 3.0 of Trinity Rescue Kit (TRK) has been announced (click below). TRK is a live CD for rescuing dead systems, Linux or Windows. "Aside from the features already in TRK 1.1, many rescue and management features have been added and existing seriously improved and debugged."

Full Story (comments: none)

YDL 4.1 beta ISOs Available from YDL.net

Yellow Dog Linux v4.1 is in beta testing. This version features Linux kernel version 2.6.15-rc5, X.org 6.8.2, USB device auto-mount under both KDE & GNOME, and more.

Full Story (comments: none)

Novell: OpenSUSE doing great

Novell has sent out a press release on how well OpenSUSE is doing. "SUSE Linux is installed more than 7,000 times every day, an average of one installation every 12 seconds. The openSUSE project features easy access to builds and releases, and will soon offer new resources and programs for open access to the development process used to create SUSE Linux..."

Comments (1 posted)

Debian release team update

The Debian 'etch' release team has sent out an update; the plan is still to have a new major Debian release in December (of this year!). The first freeze is still almost seven months away, but the release managers say the time has come to start paying more attention to fixing release-critical bugs. Click below for the full posting.

Full Story (comments: none)

Release candidate architecture requalification results

This December post from the Debian Release Team notes that four architectures have not met the release criteria for 'etch', so far. These are arm, m68k, s390 and sparc. "And to the porters of the other eight architectures (alpha, amd64, hppa, i386, ia64, mips, mipsel, and powerpc): let me caution you that this is not the final word on the subject. :-) You can all take a deep breath now if you like, but please don't treat this requalification as a reason to ignore the port's health from now until release. The issues identified as release criteria are genuinely important, and we are counting on porters to help us keep up the pace for etch."

Full Story (comments: 3)

Results for Declassification of debian-private list archives

For those following the declassification of debian-private, the votes are in. The results show option 2 to be the winner. A declassification procedure will be established for future posts. Anthony Towns, author of the original proposal, has this analysis of the results. (Found on DebianPlanet)

Comments (none posted)

Mark Shuttleworth's Perspective on the DCC (DebianPlanet)

The folks at DebianPlanet have been checking the Ubuntu-Sounder list and found this post from Mark Shuttleworth on the DCC Alliance. "The Premise. The vision behind DCC, which is indeed compelling, is that it would provide a common platform for certification, and that the distros that make up the DCC would all ship exactly that same core. But it strikes me that this approach has never worked in the past. In fact, every distro ALWAYS modifies elements of the core, and with good reason. And while we would love that not to be the case, the truth is that the reasons to specialise outweigh the benefits of homogeneity."

Comments (11 posted)

SELinux kills multiboot

Here's a report that FC5test1 with SELinux can be hazardous to older ext3 root filesystems, they can become unbootable. "These compatibility problems seem to be even worse than the ones that resulted from the xattr-on-symlink bugfix to ext3 more than a year ago, when Fedora Core 2 zapped RedHat 9 and earlier ext3..."

Full Story (comments: 28)

DebConf6: Final call for sponsorship requests

DebConf6 will be held in Mexico next May. This announcement (click below) is the final call for sponsorships. If you would like to go, but need help with financing you have until the 15th of this month to apply.

Full Story (comments: none)

IBLS (Itty Bitty Linux Server)

IBLS is a compact, easy to use webserver that you can run from a live CD, even on older hardware. It will run on a P133 with 32MB RAM, or possibly less. IBLS got its start in the UK, using Damn Small Linux as a base. It has since been rebuilt from scratch by an international community of developers. IBLS is modular and uses its own package management system, designed to run from the CD or from a hard drive. Although designed to be a server, there are plenty of packages available to build any type of system.

Comments (none posted)

FoX Desktop

FoX Desktop is based on Fedora Core and designed for the desktop. It offers a single CD install with a KDE desktop and lots of other desktop software, optimized for i686. FoX joined our list with FoXDesktop 1 released December 25, 2005.

Comments (none posted)

Nepali version of Linux launched in Kathmandu (People's Daily)

The People's Daily Online covers a Nepali version of Linux, NepaLinux. "The main features of the NepaLinux are NepaLinux dictionary, Lexicon and Spell Checker and Grammar Checker, the statement noted, adding, "NepaLinux is a Free/Open Source Software in which the source code is open and the users have the freedom to use, study, modify according to one's needs and redistribute it," the statement noted."

Comments (none posted)

KDE 3.5 Based Pardus 1.0 Released (KDE.News)

KDE.News introduces the Turkish distribution Pardus. "Turkish distribution Pardus, one of the first GNU/Linux distributions to feature KDE 3.5 as its desktop, has announced its first stable release. All Pardus specific desktop applications, including the installer and package manager are developed using the powerful KDE and Qt libraries."

Comments (1 posted)

Debian Weekly News 2006/01

The Debian Weekly News for January 3, 2006 takes a look at Mohammed Adnène Trojette's 2005 Debian timeline, new CD images for Debian GNU/Hurd, the debian-private list is only private for three years now that the General Resolution has passed, efforts to reduce the archive size, apt-torrent, a report from FOSS.IN, vim as the default vi, and more.

Full Story (comments: none)

Debian Weekly News 2005/52

The Debian Weekly News for December 27, 2005 covers an essay on the cost of Free Software in connection to the freedom people gain by using Free Software, package backports for Sarge, the status of Debian unstable, a common power management framework, the kernel package hooks transition, architectures in the next release, XULRunner for Mozilla and friends, Debian in Munich, and several other topics.

Full Story (comments: none)

Fedora Weekly News Issue 27

This week the Fedora Weekly News covers the Red Hat Magazine for December 2005, Fedora Core 5 Test 2 slipping until January 16, Fedora Logo Usage Update, Fedora Ambassadors Meeting Minutes, Open source in Africa, Fedora users and contributors - Unite, Fedora Reloaded Podcast #3, Current Gotchas in OpenOffice.org, and several other topics.

Comments (none posted)

DistroWatch Weekly, Issue 132

The DistroWatch Weekly for January 2, 2006 is out. "An unusually high number of interesting releases have kept us busy during the Christmas break. We'll take a quick look at FoX Desktop Linux 1, a nice-looking distribution designed in the style of Mac OS X. We'll also discuss the increased acceptance of non-free software packages in Mandriva, point you to a resource about updating a SUSE 10.0 installation, and reveal the processor architectures that will likely see full support in Debian "etch". A quick tip to make it easier to switch between open applications on KDE and some end-of-year statistics complement the issue. Finally, our December 2005 donation goes to the Cacti project."

Comments (none posted)

Fedora updates

Fedora Core 4 has updated kdelibs (bug fixes), k3b (bug fixes), sane-backends (version 1.0.17 with gphoto2 backend).

Comments (none posted)

Mandriva updates

Mandriva Linux 2006.0 updates: msec (bug fixes), digikamimageplugins (update to 0.8.0), libgphoto (hotplug usermap restored), nss_ldap (bug fix), mdkonline (bug fix).

Comments (none posted)

Linux Netwosix Creator Discusses 2.0 Vision, Future (Sys-Con Italia)

The folks at the LinuxWorld News Desk talked with Vincenzo Ciaglia about Linux Netwosix. "LW: What's the vision behind Linux Netwosix? Why are you creating this software? Ciaglia: We think that its light structure could make Linux Netwosix suited for all network security work. For a good network plan, the sysadmin needs a light system that is highly configurable. Every sysadmin wants to configure networks, and work with them, with the possibility of doing everything alone."

Comments (none posted)

Using a liveCD as your Linux Desktop (DesktopLinux)

DesktopLinux looks at live CD distributions that make good desktops. "[M]any liveCD distros can be used as a day to day desktop without ever installing them to your hard drive. Huh? Wait a minute, everyone installs the OS to a hard disk! Well yes, that's the way it has always been done, but I am not sure why we should continue in that direction... "ah, but I was so much older then, I'm younger than that now" (Robert Allen Zimmerman)."

Comments (none posted)

Linux Netwosix Author Responds to Questions (LinuxWorld)

Vincenzo Ciaglia writes about Linux Netwosix. "With the new 2.x release, among the many program updates and distribution enhancements, you will find a stable, complete and cleaned GNU/Linux box for your network-security related jobs. Linux Netwosix 2.0-rc1 uses the latest 2.6.14.5 stable kernel, bringing you advanced and reliable performances. From the 2.0 new branch to the next one, Linux Netwosix will try to offer the first real valid alternative to historically secure systems like the *BSD ones, providing core operating system to deliver stability, performance, and support for mission-critical application deployments. Using Linux Netwosix the user could benefit from outstanding robustness, scalabilty, and reliability."

Comments (none posted)

My desktop OS: SimplyMEPIS (NewsForge)

NewsForge has an article from a SimplyMEPIS fan. "I've been using SimplyMEPIS happily for six months. I've never had big problems with it. Sometimes applications crash, but it's very rare and it has never ruined my files. I guess SimplyMEPIS just suits my-not-so-adventurous self. I'm not really that fond of configuring stuff, but at the same time I like to do geeky stuff. For me, this OS is a perfect fit."

Comments (none posted)

The Schrödinger Project

The Schrödinger Project, named after Austrian physicist Erwin Schrödinger, is a joint effort between Fluendo and BBC Research & Development with the aim of developing a set of ANSI C libraries that implement the encoding and decoding functions of the Dirac video codec project. "Dirac is a video codec that provides general-purpose video compression and decompression tools comparable with state-of-the-art systems. Dirac is available for distribution under the MPL version 1.1 software license."

The Dirac introduction outlines that project's early history: "In January 2003, BBC R&D produced a prototype video coding algorithm, based on wavelet technology, which is different from that used in the main proprietary or standard video compression systems. Our algorithm seems to give a two-fold reduction in bit rate over MPEG-2 for high definition video (e.g. 1920x1080 pixels), its original target application. It has been further developed to optimise it for internet streaming resolutions and seems broadly competitive with state of the art video codecs. At the moment the codec, called Dirac, is in the early stages of development. It has been developed as a research tool, not a product, as a basis for further developments. An experimental version of the code, written in C++, was released under an Open Source licence agreement on 11th March 2004."

The Schrödinger Project is the next step forward. The Dirac codec is a C++ project, while the Schrödinger libraries will be written in ANSI C. The Schrödinger Project's initial announcement states: "The goal of this new implementation is to focus on speed and maintainability."

The announcement mentions the planned support for Ogg containers:

A more formal announcement is forthcoming. This looks like fertile ground for the development of some interesting new video applications. New developers are welcome to join the project.

Comments (7 posted)

Latest Firebird Relational Database Released (Pre Final)

The last release candidate for the Firebird 1.5.3 final database is available. "This sub-release introduces a number of retrospective fixes (backports) to bugs that became apparent and were fixed in the Firebird 2 tree during the alpha and beta phases of the Firebird 2.0 development. This release candidate (RC3) will become the final stable version in about a few days."

Full Story (comments: 1)

MySQL 5.0.18 has been released

Version 5.0.18 of the MySQL database has been released. "This is a bugfix version for the current production release family."

Full Story (comments: none)

PostgreSQL Weekly News

The December 25, 2005 edition of the PostgreSQL Weekly News is out with new PostgreSQL database articles and resources.

Full Story (comments: none)

PostgreSQL Weekly News

The January 1, 2006 edition of the PostgreSQL Weekly News is out with new PostgreSQL database articles and resources.

Full Story (comments: none)

Samba 3.0.21a Available for Download

Version 3.0.21a of Samba has been announced. "This is the latest stable release of Samba. This is the version that production Samba servers should be running for all current bug-fixes. The major reason for this release is a fix for bugzilla defect #3349 (client hangs due to oplock error)."

Full Story (comments: none)

Mailman 2.1.7 is available

Version 2.1.7 of Mailman, a mailing list manager, is out. "This release enhances the fixes for CAN-2005-0202 and CVE-2005-3573 which were fixed in mailman release 2.1.6, and reduces the chance of list admin privilege abuse. Because of these and other fixes, it is highly recommended that all sites update to 2.1.7."

Full Story (comments: none)

SIPp 1.1rc4 with RTP play available (SourceForge)

Version 1.1rc4 of SIPp has been announced. "SIPp 1.1rc4 brings RTP play capabilities. SIPp is a free Open Source test tool / traffic generator for the SIP protocol. The project is very active and is largely used in the SIP community. The new pcap play feature (contributed by Guillaume Teissier) allows to send RTP streams and RFC2833 DTMFs along with the SIP traffic. This greatly widen the scope of SIPp and allows SIP compatible equipment provider to test their implementation better than ever." SIP is the Session Initiation Protocol, a telecom standard. See the Wikipedia definition for details.

Comments (none posted)

phpBB 2.0.19 released (SourceForge)

Version 2.0.19 of phpBB, an open-source bulletin board package, has been announced. "This release addresses several bugfixes and some security issues only affecting Internet Explorer. Additionally we introduced a new feature to limit the number of logins. The admin is able to configure this feature on two ways, defining the number of maximum allowed logins and setting a time period after the user is allowed to login again. With this feature we hope to address the recent dictionary attacks happening on some forums to crack user passwords."

Comments (none posted)

JackMiniMix 0.1 Released

Version 0.1 of JackMiniMix has been announced. "JackMiniMix is a simple console based JACK client that mixes a number of stereo inputs into a single stereo output. The gains of each of the input channels can be queried and controlled by sending it OSC messages."

Full Story (comments: none)

MuSE 0.9.2 released

Version 0.9.2 of MuSE is out with stability and usability improvements. "MuSE is an application for mixing, encoding, and network streaming of sound: it can transmit an audio signal by mixing together sound taken from files or also network, recursively remixing more MuSE streams."

Full Story (comments: none)

Eventum 1.7.0 Released

Version 1.7.0 of Eventum, an issue tracking system, is available with a long list of bug fixes and new features. "Eventum is a user-friendly and flexible issue tracking system that can be used by a support department to track incoming technical support requests, or by a software development team to quickly organize tasks and bugs. Eventum is used by the MySQL AB Technical Support team, and has allowed us to dramatically improve our response times."

Full Story (comments: none)

GtkDatabox 0.4.0.2 Released

Version 0.4.0.2 of GtkDatabox, a GTK+ data display widget, is out with bug fixes. "GtkDatabox is a widget for the Gtk+-library designed to display large amounts of numerical data fast and easy. One or more data sets of thousands of data points (X and Y coordinate) may be displayed and updated in split seconds. The widget is therfore used in many scientific and private projects that need to show quickly changing data "live". GtkDatabox offers the ability to zoom into and out of the data and to navigate through your data by scrolling."

Comments (none posted)

PyChart 1.39 released

Version 1.39 of PyChart has been announced, this release adds limited Unicode capabilities. "PyChart is a Python library for creating high-quality Postscript, PDF, or PNG scientific charts ready for publishing. It supports line charts, bar charts, range-fill charts, and pie charts."

Comments (none posted)

GNOME 2.13.3 Released

Version 2.13.3 of the GNOME desktop has been announced, numerous bug fixes are included.

Full Story (comments: none)

GNOME Software Announcements

The following new GNOME software has been announced this week:

• Baobab 2.3.0 (new features)
• bonfire 0.2 (new features)
• Celestia 1.4.0 (new features and bug fixes)
• control-center 2.13.4 (new features, bug fixes and translation work)
• Epiphany 1.9.4 (new features and bug fixes)
• Evolution 2.5.4 (new features, bug fixes and translation work)
• gcalctool v5.7.18 (bug fixes)
• GDM2 2.13.0.4 (new features, bug fixes and translation work)
• gedit 2.13.1 (new features and bug fixes)
• GLib 2.8.5 (new features, bug fixes and translation work)
• gnome-games 2.13.4 (new games, new features)
• Gnome-schedule 1.0.0 (new features and bug fixes)
• Gnome-Utils 2.13.4 (new features, bug fixes and translation work)
• Gtk2-Perl 2.13.4 (new features)
• GtkSourceView 1.5.3 (new features, bug fixes and translation work)
• kiwi 1.9.3 (new features and documentation work)
• Metacity 2.13.8 (bug fixes and translation work)
• Nautilus-Sendto 0.5 (new features, bug fixes and translation work)

You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week:

• AviUtils 1.0 (unspecified)
• BasKet 0.5.0 + 0.6.0-Alpha1 (new features)
• FTP Monitor 0.8 (new features and bug fixes)
• Kannibale 0.1.2 (new features and bug fixes)
• KBarcode 1.9.9 (new features)
• KDE DVD Authoring Wizard 1.04 (Ubuntu Font Fix)
• Keep 0.1.2 (unspecified)
• klicker 1.02 (new feature)
• kmidplay 0.2.0 (unspecified)
• KMyMoney 0.8.2 (new features, bug fixes and translation work)
• Knmap 2.0 Beta-1 (new features)
• KPDFTool 0.1 (new application)
• KSquirrel 0.6.1 (new features and bug fixes)
• KTorrent 1.2rc1 (new features and bug fixes)
• kvpnc 0.8.2 (new features and bug fixes)
• KWallBuilder 0.1 (unspecified)
• Linux MultiMedia Studio 0.1.2 (new features)
• 'Q' DVD-Author Beta 0.1.0 (first beta release)
• Qalculate! 0.9.2 (new features and bug fixes)
• QtiPlot 0.7.5 (new features and bug fixes)
• RecordRadio 0.2 (new features)
• ScoreBoard 0.1 Beta (new application)
• SMSender 0.2 (new features and bug fixes)
• TreeLine 0.14.0 (new features and bug fixes)
• Twinkle 0.5 (new features and bug fixes)

You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

More information on the X11R7.0/X11R6.9 release

More details are available from the X.Org Foundation on the X11R7.0/X11R6.9 release that was recently announced. "The first major version release of the X Window System in more than a decade, X11R7.0 is the first release of the complete modularized and autotooled source code base for the X Window System. X11R6.9, its companion release, contains identical features, and uses the exact same source code as X11R7.0, but with the traditional imake build system. These changes in source code management, giving openness and transparency to the source code base and employing current technology, invite a new generation of developers to contribute, building on the long tradition of the X Window System. The new modular format offers focused development, and rapid and independent updates and distribution of tested modular components as they are ready, freed from the biennial maintenance release timetable." Thanks to Jay R. Ashworth.

Full Story (comments: 46)

Kicad 03-Jan-2006 released

A new version of Kicad, an electronic CAD suite, was released on January 3, 2006. Changes include support for more distributions, Unicode mode compilation, bug fixes, and more. See the news file for details.

Comments (none posted)

Retro Gaming Hacks, Part 2: Add Paddles to Pong (O'ReillyNet)

O'Reilly is running part two in a series on hacking Pong. "In part one of this three-part series on hacking Pong, Josh Glover detailed how you can write your own Pong clone, using SDL. So what's next? Adding the paddles. Today Josh walks through how, with the help of sprites, you can create and animate player-controlled paddles for your Pong clone. Tune in the first week of '06 for Josh's conclusion--you'll need to add the ball and scoring next, right?"

Comments (none posted)

Atari800 2.0.0 released (SourceForge)

Version 2.0.0 of Atari800, a cross-platform Atari game emulator, is out. "Atari800 is an emulator of Atari 400/600XL/800/800XL/130XE/5200 with various extensions (320kB RAM, stereo sound and more) running on just about every operating system (Unix/Linux, Windows, DOS, TOS, MacOS, OS/2, Workbench, WinCE...)"

Comments (none posted)

Latest Gaim Beta Arrives (GnomeDesktop)

GnomeDesktop.org covers the latest release of the Gaim instant messaging client. "This new beta, Gaim 2.0beta1, now includes support for several IM (instant messaging) protocols, such as the SIP/SIMPLE protocols, Apple Inc.'s Bonjour, the older Zephyr protocol, Novell Inc.'s GroupWise Novell protocol and several more obscure protocols such as the Polish Gadu-Gadu."

Comments (none posted)

KDE 3.5 VMware Image Available (KDE.News)

An image of KDE for the VMware virtualization solution has been announced. "Stephan Binner has released a VMware Player image of KDE 3.5 with KOffice running on SUSE Linux 10. The image is fully functional and can be upgraded and tweaked as needed. The version of VMware necessary to run it can be downloaded for free."

Comments (none posted)

Wine 0.9.4 released

Version 0.9.4 of Wine is available. Changes include: Improvements to the IDL compiler, Some infrastructure work for loadable driver support, The usual assortment of Direct3D improvements, IME support in the edit control, Better support for AVI animations, Debugging support improvements, Relay traces now work on NX platforms and Lots of bug fixes.

Comments (3 posted)

Mozilla Thunderbird 1.5 Release Candidate 2 Available (MozillaZine)

Release candidate 2 of Mozilla Thunderbird 1.5 has been announced. "Scott MacGregor writes: "The second release candidate of Mozilla Thunderbird 1.5 is now available for download. Mozilla Thunderbird 1.5 RC2 is intended to allow testers to ensure that there are no last-minute problems with the Thunderbird 1.5 code. " "RC2 contains several key bug fixes that were identified during the RC1 testing cycle. There are no new features or enchancements from RC1. Users of Thunderbird 1.5 RC1 will be offered RC 2 through the software update system.""

Comments (none posted)

gmidimonitor version 2.0 is out

Version 2.0 of gmidimonitor is out with lash support and bug fixes. "gmidimonitor is GTK application that shows MIDI events. Currently MIDI events can be received at an ALSA sequencer port only. Support for other sources like ALSA RawMIDI port may be added in future." Version 2.1 was released a few days later: "This release adds dumping of sysex data and somewhat limited MMC decoding."

Full Story (comments: none)

Beta 0.19 of MMA - Musical MIDI Accompaniment

Version 0.19 beta of MMA, the Musical MIDI Accompaniment, has been announced. Changes include: "Many bug fixes, major rewrite of volume code, REPEAT count enhancements, Lyric autochord transposition, GOTO recognizes line numbers, MALLET works in all tracks, and lots more!"

Full Story (comments: none)

OpenOffice.org Newsletter

The December, 2005 edition of the OpenOffice.org Newsletter is online with the latest OpenOffice.org news and resources.

Full Story (comments: none)

Slideshow Creator 0.4.0 released

Version 0.4.0 of Slideshow Creator is available. "With Slideshow Creator you can edit jpeg slideshows in a visual and fast way so you can reach a much higher productivity with dvd-slideshow. The final result is a high quality dvd slideshow out of your jpegs!" See the CHANGELOG file for a list of new features.

Comments (none posted)

A new year and a new media for Mozilla Links

The producers of Mozilla Links have sent out a status update: "As you must have noticed there hasn't been a Mozilla Links release in a long while now due to basically lack of time to setup a whole issue release. So, we are moving to a new delivery media: a blog (web log). We expect this to be a much more agile way to reach you and an opportunity to bring more contributors with more content on board. You may expect the same great content including news, tips, power tips, interviews with Mozilla personalities, polls and product reviews."

Full Story (comments: none)

Gecko 1.9 Trunk and 1.8 Branch Management Plan Posted (MozillaZine)

A new draft plan for Gecko has been announced. "Brendan Eich has posted a draft plan for Gecko 1.9 Trunk and 1.8 Branch Management, including a FAQ at the mozilla wiki. Comments should be directed as followups to the newsgroup post."

Comments (none posted)

Command-line AbiWord

For those of you who thought that AbiWord was just a graphical application: AbiWord hacker Martin Sevior has posted a guide to AbiWord's server mode, which includes a command interface. Its main use appears to be scripted document format conversion, but various edition operations are possible as well.

Comments (6 posted)

FileZilla 3 Preview (GnomeDesktop)

GnomeDesktop mentions the new FileZilla FTP client. "FileZilla is currently being ported over to Linux from Windows (using wxWidgets) and will arrive in the form of FileZilla 3. At present it is in alpha stage but nightly builds are available to download from the FileZilla development site."

Comments (none posted)

Caml Weekly News

The December 27, 2005 edition of the Caml Weekly News is out with the latest Caml language articles.

Full Story (comments: none)

Caml Weekly News

The January 3, 2006 edition of the Caml Weekly News is available.

Full Story (comments: none)

Joda-Time 1.2 released (SourceForge)

Version 1.2 of Joda-Time has been announced. "Joda-Time provides a Java library for date and time handling including the ISO8601 standard. It completely replaces the JDK Date and Calendar classes, while still providing good integration. It is open-source software under the ASF2 license. Version 1.2 has just been released. This release fixes a nnumber of minor bugs in v1.1. There are also some new features".

Comments (none posted)

ONJava: 2005 Year in Review (O'ReillyNet)

O'Reilly presents a year in review article on Java developments in 2005. "2005 may not have seen a new version of Java, but it was a year of tremendous activity that saw Java assert its popularity, even while some wondered how well-suited Java is for its second decade. In this article, ONJava editor Chris Adamson wraps up the year in Java by looking back at some of the year's most popular articles."

Comments (none posted)

SBCL 0.9.8 released

Version 0.9.8 of SBCL (Steel Bank Common Lisp) is available. "This is mostly a bug fix release with some performance optimizations."

Full Story (comments: none)

Dr. Dobb's Python-URL!

The December 27, 2005 edition of Dr. Dobb's Python-URL! is online with new Python language article links.

Full Story (comments: none)

Dr. Dobb's Python-URL!

The January 3, 2006 edition of Dr. Dobb's Python-URL! is online with new Python language article links.

Full Story (comments: none)

python-dev Summary

The November 16-30, 2005 edition of the python-dev Summary is out with a summary of python-dev mailing list activity.

Full Story (comments: none)

Ruby Weekly News

The December 25th, 2005 edition of the Ruby Weekly News looks at the latest discussions from the ruby-talk mailing list.

Comments (none posted)

Ruby Weekly News

The January 1st, 2006 edition of the Ruby Weekly News looks at the latest discussions from the ruby-talk mailing list.

Comments (none posted)

Dr. Dobb's Tcl-URL!

The December 28, 2005 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk article links.

Full Story (comments: none)

Dr. Dobb's Tcl-URL!

The January 2, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk article links.

Full Story (comments: none)

monotone 0.25 released

Version 0.25 of monotone, a free distributed version control system, is out. "This is _not_ the roster-enabled release; this is a maintainence release of the old code, containing mostly small bug-fixes since 0.24. Highlights include IPv6 support, 'read' fixed to handle 0.23-and-earlier privkey packets, and the ticker display being fixed on win32."

Full Story (comments: none)

A Watershed for Open Source (Business Week)

Business Week looks back at 2005. "It was a year when CIOs signed off on open-source projects, a big change from previous years when that happened only after low-level engineers started such projects on their own initiative. It was a year when venture capitalists woke up to the new business opportunities of open source. It was a year when open source was the word on the lips of not just early adopters but of an early majority. According to a new study by consulting firm Optaros, 87% of organizations are now using open-source software, somewhere."

Comments (none posted)

Provisioning for the Next Year (Linux Journal)

Doc Searls reflects on the past, present and future. "In the old days--the mid-late 1990s--"world domination" was an article of faith. Now it's a fact of life. There are still struggles, of course. But the ones that matter most are not at the operating system level. Linux is solid infrastructure now. For many--perhaps most--computing purposes, it's a default first choice. That choice will only get easier to make as Linux evolves."

Comments (5 posted)

An Evening with Jeff Waugh (Linux Journal)

The Linux Journal has a lengthy report from a talk by GNOME and Ubuntu hacker Jeff Waugh. "Apparently Mark [Shuttleworth] originally wanted, given that Ubuntu is Linux for human beings, the first release of Ubuntu to carry a tasteful, artistic picture of a naked woman. This caused everyone in the company and community to offer some version of 'this is a very bad idea'. So, the community got Mark to step away from that in stages. In the end Mark backed down. The upshot of all of this has been that the pictures used for release versions of Ubuntu depict at least one man, at least one woman, at least two races--and everyone is fully clothed."

Comments (22 posted)

Seminar leads to ongoing forum for UK FOSS interests (NewsForge)

NewsForge covers a seminar for parliamentary staff members and representatives of local government in the UK. "When Dr. Mohammad Al-Ubaydli agreed to deliver a seminar on "Open Source in Government" to parliamentary staff members and representatives of local government in the United Kingdom earlier this month, he planned to introduce his audience to some basic concepts. However, when he got there, he found that most of the audience was already familiar with the concepts. As a result, instead of educating people in public life, he may have done more than he hoped -- he may have helped to create an ongoing forum in which the free and open source software (FOSS) communities, political lobbyists, and members of the governing Labour Party and the opposition Conservative Party can work together to promote the use of FOSS in the governments of the United Kingdom."

Comments (none posted)

SCO's 4Q and Fiscal 2005 Results: Down, down, down they go... (Groklaw)

Groklaw summarizes SCO's press release on its fourth quarter financial results. One thing you can say about SCO, they know how to spin a press release. SCO stock was up today.

Comments (24 posted)

SCO Asks to Amend Complaint in Novell Litigation (Groklaw)

Groklaw reports that the SCO Group is now trying to expand its complaint against Novell; the new version includes a number of new claims, including copyright infringement in SUSE Linux. There is a new list of stuff that SCO claims to own; in addition to the usuals (RCU, ELF, ...) it includes "the kmalloc data structure," IRQs, reference counters, semaphores, and more.

Comments (12 posted)

Financial Institutions To Adopt Linux In Korea (EFY Times)

EFY Times covers the increasing use of Linux by the South Korean government. "The state-owned Korea Post and the National Agricultural Cooperative Federation (NACF) have both said their systems will be up and running for Linux users before the end of this month as a part of the open source software fostering projects of the Ministry of Information and Communication."

Comments (none posted)

Dear MA, Please Note: EU Commission Threatens MS With $2.4 Million Daily Fines (Groklaw)

Groklaw examines the threat of a lawsuit against Microsoft by the EU, regarding the availability of standards information. "Dear Massachusetts (Governor Romney, Secretary Galvin, Senator Hart, et al):Are you watching this? Microsoft, as you may have heard, has been under pressure in Europe to make their APIs available to its competition for interoperability purposes. Now, so far, that has meant only that they have to do so for non-Linux competitors, as they were able to achieve a carve-out that leaves Linux and all FOSS out in the cold during the appeal. For all their other competitors in the server space, they were ordered to "to disclose complete and accurate interface documentation which would allow non-Microsoft work group servers to achieve full interoperability with Windows PCs and servers"."

Comments (1 posted)

David Coursey's Massachusetts FUD (Groklaw)

Groklaw looks at the resignation of Peter Quinn, the man who spearheaded the adoption of Open Document Format in Massachusetts. "[E]verything I am hearing is that Massachusetts is firm in its decision to go with OpenDocument Format. If Microsoft can meet the Commonwealth's definition of openness, ha ha, they can qualify too, but that has always been the case. It was only Microsoft's intransigence that had them out in the cold, their refusal to support ODF, for reasons that make no sense to anyone, that shut them out. Now they're trying a workaround, and we'll see how that works out for them, but the ODF decision is firm."

Comments (none posted)

Legal fallout from Sony's CD woes (BBC)

Here's a BBC article by Michael Geist on the proposed Sony rootkit settlement. "The disclosure requirements provide a model for treating TPMs [technical protection measures] much like cigarettes and alcohol, with appropriate warnings on their potential negative consequences. The security measures may be the first step toward a comprehensive TPM approval and licensing system that places the security needs of the general public ahead of private commercial interests."

Comments (none posted)

Inside NetBSD's CGD (O'ReillyNet)

O'Reilly has published an interview with Roland Dowdeswell. "Security-minded laptop users live in fear of theft, not only of their computer but also of their precious secret data. NetBSD's CGD project is a cryptographic virtual disk that can protect sensitive data while acting like a normal filesystem. Federico Biancuzzi recently interviewed its author, Roland Dowdeswell, on the goals and implementation of the system."

Comments (none posted)

Interview with kde-redhat Project Leader Rex Dieter (KDE.News)

KDE.News has an interview with Rex Dieter. "Rex Dieter has been making the unofficial KDE Red Hat packages for some years now. Since this is a service depended upon by thousands of Red Hat users to get their required latest build of KDE, KDE Dot News interviewed Rex to find out how he got started, why the need for the project exists and how he makes the packages."

Comments (none posted)

Q&A with embedded Linux hacker Marty Fouts

David Beers talks with Linux kernel hacker Marty Fouts about PalmOS on Linux and general embedded topics. "DB: What in your view are the areas of the biggest challenges for engineers who are trying to turn Linux into a mobile device platform? MF: The biggest one is as much social as it is technical. Linux, especially in areas like power management that are important to embedded development, is a very quickly moving target." (Thanks to Atul Chitnis)

Comments (none posted)

Sebastian Trüg (People Behind KDE)

The People Behind KDE has an interview with Sebastian Trüg, author and maintainer of K3b. "What do you think is still badly missing in KDE? I think KOffice should get way more attention and developers. It is promising but far from being a full replacement (Hopefully Qt 4 will fix the font and printing problems)." (Found on KDE.News)

Comments (none posted)

Creating accessible applications with Eclipse: An introduction (developerWorks)

IBM developerWorks looks at the use of Eclipse and Assistive Technologies (ATs) to create accessible applications. "An accessible solution combines an enabled product and one or more ATs targeted for a user with an impairment. You create an accessible solution by enabling your product for accessibility during product design and development. This is analogous to enabling software for internationalization; that is, you build the infrastructure to facilitate the addition of functions later on. Then, when you deploy an accessible product in a work setting for people with disabilities, you can readily pair it with a complementary AT to create a complete solution. The AT interprets the enabled software and allows users to interface with hardware via a variety of alternative access methods."

Comments (none posted)

Bandwidth monitoring with iptables (Linux.com)

Linux.com covers bandwidth monitoring using iptables. "Most of the time we use iptables to set up a firewall on a machine, but iptables also provides packet and byte counters. Every time an iptables rule is matched by incoming or outgoing data streams, the software tracks the number of packets and the amount of data that passes through the rules."

Comments (4 posted)

Optical character recognition is an uphill battle for open source (NewsForge)

NewsForge looks at optical character recognition (OCR) software. " If you use Linux, or another free operating system, and need optical character recognition (OCR) software, be prepared for a challenge. OCR is a tricky problem on any computing platform -- both because it is conceptually hard, and because the task does not lend itself to simple, easy-to-use interfaces. OCR is the use of visual pattern matching to extract text from an image -- usually a scanned paper document, but it could be a digital photo, a frame of video, or a screenshot just as easily."

Comments (none posted)

Embedding Python in Your C Programs (Linux Journal)

Linux Journal has this article on embedding Python code into C programs. "Including the Python interpreter in your program is extremely simple. Python provides a single header file for including all of the definitions you need when embedding the interpreter into your application, aptly named Python.h. This contains a lot of stuff, including several of the standard headers. For compiling efficiency, it might be nice if you could include only those parts of the interface that you actually intend to use, but unfortunately Python doesn't really give you that option. If you take a look at the Python.h file, you'll see that it defines several important macros and includes a number of common headers that are required by the individual components included later in the file."

Comments (22 posted)

My sysadmin toolbox (Linux.com)

Linux.com covers one sysadmin's favorite tools, including OpenSSH, ps, netstat, lsof, vmstat, iostat, Pine, ping, traceroute and tcpdump. "There are, of course, many more tools that I need. As was mentioned in the original My Sysadmin Toolbox article, vim is a must have. Also dmesg, uptime, netcat, nmap, and even the who and last commands are all deserving of a spot in the toolbox."

Comments (10 posted)

Latest Gaim Beta Arrives (eWeek)

eWeek takes a look at Gaim 2.0beta1. "After several months of delay, the first beta of the popular open-source IM client Gaim is now available. This new beta, Gaim 2.0beta1, now includes support for several IM (instant messaging) protocols, such as the SIP/SIMPLE protocols, Apple Inc.'s Bonjour, the older Zephyr protocol, Novell Inc.'s GroupWise Novell protocol and several more obscure protocols such as the Polish Gadu-Gadu."

Comments (9 posted)

Linux-based Handheld Gaming Device: Gamepark GP2X (RealTechNews)

RealTechNews looks at a new Linux-based game platform that sells for under $200. "The machine comes with dual cpu cores, 64mb ram, 64mb NAND flash memory, SD card compatible slot, USB 2.0 connection, 3.5" TFT LCD screen and TV-out. Also, the devices supports playback of most codecs such as MPEG, MPEG4, DivX 3.11, 4x, 5x, XVID, WMV, MP3, OGG, WMA, JPG, BMP, PCX, GIF and others."

Comments (1 posted)

KDE 4 Set to Make Device Interaction Solid (KDE.News)

KDE.News introduces the Solid project, which aims to make hardware - especially mobile, wireless, and hot-pluggable hardware - "just work" with KDE. It will be part of KDE4. "After a lot of hacking behind the scenes, a new initiative to improve KDE's interaction with network and hardware devices has been launched. Solid will provide a robust basis for the dynamic modern desktop in KDE, which needs to be aware of available hardware and networks, paving the way for innovative functionality." The Solid web site has more information.

Comments (11 posted)

Presentations with Pylize (Linux.com)

Linux.com covers Pylize, a Python-based command-line tool for creating presentations. "In addition to a standard Python installation, Pylize depends on HTMLgen, a Python package used to generate HTML; Empy, one of the templating packages available for Python; and, optionally, the Python Imaging Library. The Python Imaging Library and HTMLgen have been packaged for a number of distributions (for example, there are Ubuntu and Fedora packages available). Empy comes with a standard setup.py which you can use to install the package with the python setup.py install command. To install Pylize itself, run the install.py Python script that comes with the distribution (after you've installed the prerequisites)."

Comments (19 posted)

Great Gadget Smack-Down Round 4 (LinuxDevices)

LinuxDevices has published part four of its Great Gadget Smack-Down series. "Welcome to Round Four of the ultimate showdown between Linux and Windows in the arena of embedded and device computing! After three heated but inconclusive rounds, our combatants are pulling no punches in their all-out quest to dominate the hottest consumer electronics and industrial computing markets. Our smack-down aims to set aside the marketing hype and pit Linux versus Windows where it really counts -- devices on the street today."

Comments (1 posted)

US Government Grants Site not Linux Friendly

The Grants.gov site, which offers information on applying for US Government grants, promotes the PureEdge Viewer software. Unfortunately, PureEdge only works for users running Windows, or a Windows emulator on an Apple platform. The PureEdge Support for Non-Windows Users document spells out the usage requirements. In this case Non-Windows really means Apple-Only. "Grants.gov recognizes that support to users of Non-Windows operating systems and the PureEdge Viewer is often required across a distinct segment of the grant applicant community. Although at this time, the PureEdge Viewer is only available for Windows based installs, Grants.gov offers support for Non-Windows platforms. Grants.gov is working with PureEdge in the development of a Non-Windows compatible viewer. PureEdge has committed to providing a platform independent viewer by November 2006." (Thanks to Eric Firing.)

Comments (14 posted)

Do LUGs still matter? (NewsForge)

Joe Barr wonders if LUGs still serve a purpose. "There is no question that LUGs -- Linux User Groups -- have been important to the rapid growth and adoption of Linux. In the early years, a typical LUG brought together early adopters from every walk of life who had a missionary zeal for Linux. Today, most members are IT professionals. Given that, I wonder, do LUGs matter any longer?"

Comments (12 posted)

The Free Standards Group Accessibility Workgroup

The Free Standards Group is requesting comments on accessibility standards specifications for the Keyboard Access Functional Specification and the Generic Assertions for Manual Testing. "The Freestandards Group Accessibility (FSGA) workgroup's keyboard team is requesting comments on two candidate FSG standards specification documents. These specifications are expected to become FSGA standards in 2006." Comments should be submitted by December 31.

Comments (none posted)

Mozilla Newsgroups Migration Scheduled (MozillaZine)

MozillaZine reports on the move of the Mozilla newsgroups. "As announced earlier, the new newsgroups will be hosted by Giganews. Access to the news server news.mozilla.org will remain free. The new groups will only be propogated to news.mozilla.org, Giganews Servers and Google Groups in an effort to combat news spam."

Comments (none posted)

After EFF Litigation, Diebold Pulls Out of North Carolina

The Electronic Frontier Foundation has released an announcement regarding Diebold voting machines. "Raleigh, North Carolina - After a series of lawsuits led by the Electronic Frontier Foundation (EFF) to defend North Carolina's election integrity laws, controversial electronic voting machine manufacturer Diebold Election Systems finally withdrew from the state's voting machine procurement process on Thursday."

Full Story (comments: 2)

Fluendo announces cost free GStreamer mp3 plugin

Fluendo has announced a cost free mp3 plugin for the GStreamer multimedia framework. "With this plugins end-users and distributions everywhere can get hold of a cost free MP3 playback solution. This plugin is for the 0.10 version of the GStreamer framework."

Full Story (comments: none)

Interact-TV Hits New Sales Record in November 2005

Interact-TV has announced a new sales record for November. "Interact-TV (OTC: ITVI), a leading developer of Linux-based Home Entertainment Servers has announced a record month in November, 2005 with an increase of over 480% from the same month a year ago. Telly Home Entertainment Servers allow consumers to easily store, share, manage and enjoy digital media throughout their home."

Comments (none posted)

Linspire and Mirus Launch a new Line of Linux PCs

Linspire, Inc. and Mirus Innovations have announced a new line of Linux-based desktop computers, starting with the $299 entry. "At $299, the Essential Koobox is just right for basic computing -- a perfect student machine or second home computer. The machine comes complete with CDRW drive, 5 USB ports, including a convenient front-side port, Internet keyboard and optical mouse, and 2W speakers. Inside, the machine rounds out with an AMD Sempron processor, 256 MB RAM, 40 GB hard drive, and onboard video and sound networks."

Comments (none posted)

Open-Xchange Offers Free Live-CD for Open-Xchange Server

Open-Xchange, Inc. has announced the availability of a free, fully functional Live-CD of Open-Xchange Server 5 that gives users a cost-free, risk-free way to test all the attributes of the world’s leading open source alternative to Microsoft Exchange.

Full Story (comments: none)

Red Hat CEO to Adopt Stock Trading Plan In January

Red Hat, Inc. has announced that its Chief Executive Officer, Matthew Szulik, plans to enter into a Rule 10b5-1 stock trading plan with respect to the Company's common stock and also to engage in transactions in the Company's common stock outside of the stock trading plan, in January 2006.

Comments (none posted)

Sun Microsystems Introduces NetBeans Profiler Milestone 11

Sun Microsystems, Inc. has announced a new release of the NetBeans Profiler. "Sun Microsystems Inc. (Nasdaq: SUNW), the creator and leading advocate of Java(TM) technology, today announced NetBeans Profiler Milestone 11, the latest release of its high-performance Java application profiler, and an add-on to the upcoming open source NetBeans(TM) IDE release 5."

Comments (none posted)

Terra Soft Ships Bioinformatics Package for Power, x86 Linux

Terra Soft Solutions has announced the shipment of Y-Bio, its first solution for the life sciences market, originally launched at SC2005.

Full Story (comments: none)

Migrating From Windows to Linux Simplified With New Versora Software

Versora and Linspire, Inc. have announced the release of Versora's Progression Desktop for Linspire. "This easy-to-use migration tool allows users to transfer e-mail, files and settings from their Windows machine to a Linux machine, moving critical data, application settings, e-mail, calendar entries, contact lists, desktop settings and directory structures via a "Click-Next-Next-Finished" interface."

Comments (none posted)

Video Without Boundaries announces new MediaREADY

Video Without Boundaries, Inc. has announced demonstrations of a new release of its MediaREADY Digital Media Center product line. "To be demonstrated live at the International Consumer Electronics Show in Las Vegas on the Linux-based line of products will be a series of popular online services and applications including iTunes, Yahoo! Music, Google Video, AOL Optimized 9.0, voice calling as well as transfer of video and audio to the Apple iPod."

Comments (none posted)

Astaro Unified Threat Management appliances honored

Astaro has announced the receipt of rewards from Computer Reseller News and SC Magazine for its network security solutions. "Astaro products were featured in the Multifunction Appliances and Firewalls/VPNs categories in the Best of 2005 SC Magazine issue. In the October issue of the same publication, the Astaro Security Gateway 220 received a Best Buy and five-out-of-five star rating."

Full Story (comments: none)

KOffice 2 User Interface Design Competition (KDE.News)

KDE.News covers KOffice GUI and Functionality Design competition. There's a cash prize for the winner, and the new design will be used in KOffice 2.x which is due for release around the same time as KDE 4.0.

Comments (none posted)

Black Hat Federal and Europe Early Registration

Early registration is open for the Black Hat Europe security conference. The Black Hat USA 2006 call for papers will open at the end of January.

Full Story (comments: none)

GNU Classpath and friends meeting during Fosdem 2006

The GNU Classpath and friends meeting will be held on February 25 during the Fosdem 2006 conference in Brussels, Belgium.

Full Story (comments: none)

linux.conf.au 2006 reminder

A reminder has gone out for the 2006 linux.conf.au event. "With just over a month to go before the start of linux.conf.au 2006, we feel it's time to let those that have not heard, hear, and give those that have a reminder that time to register is running short. linux.conf.au 2006 will be held at the University of Otago in the remarkable city of Dunedin, New Zealand from the 23rd - 28th of January 2006."

Full Story (comments: none)

Registration Opens for 2006 MySQL Users Conference

Registration for the 2006 MySQL Users Conference has been announced. The event takes place in Santa Clara, California on April 24-27.

Comments (none posted)

OSCON 2006 Call for Proposals

A Call for Proposals has gone out for the O'Reilly OSCON 2006 conference. The event will take place on July 24-28, 2006 in Portland, Oregon. Proposals are due by February 13.

Full Story (comments: none)

PyCon schedule available

The schedule for the 2006 PyCon has been posted. The conference takes place on February 24-26, 2006 in Addison, Texas.

Full Story (comments: none)

SCALE Announces Workshop On Open Standards For Government Organizations

The SCALE Workshop On Open Standards For Government will be held on February 10, 2006 in Los Angeles, CA. "In partnership with The Open Document Fellowship, the Southern California Linux Expo (SCALE) has announced plans to host a workshop on open standards in government at their upcoming conference, SCALE 4x. The focus of this workshop will be on the use of OASIS OpenDocument Format for Office Applications (ODF) and document accessibility standards in state and local government. The goal of this event is to foster a discussion about choice in software and open standards at all levels of California government."

Full Story (comments: none)

X.org Developer's Conference

Here's an event announcement that we somehow failed to get up earlier: the X.Org Developer's Conference will be held February 8 to 10 in Santa Clara, California. Coming on the heels of the X11R7.0 release, this conference should offer some interesting insights into where X development goes next. Scheduled talks include a session by Jim Gettys on graphics in the One Laptop Per Child project and an intriguing talk on "NVIDIA driver internals."

Comments (7 posted)

Events: January 5 - March 2, 2006

Date	Event	Location
January 13 - 15, 2006	ShmooCon 2006	(Wardman Park Marriott Hotel)Washington, D.C.
January 23 - 28, 2006	linux.conf.au 2006	Dunedin, New Zealand
January 23 - 25, 2006	Black Hat Federal Briefings and Training 2006	(Sheraton Crystal City)Washington, D.C.
January 24 - 26, 2006	O'Reilly Emerging Telephony Conference	(San Francisco Airport Marriott)San Francisco, CA
February 6 - 7, 2006	ICMCC Conference on EHR Standards and Interoperability	(World Forum Convention Center, The Hague)The Netherlands
February 8 - 10, 2006	X Developer's Conference(XDevConf)	(Sun Campus)Santa Clara, CA
February 8 - 10, 2006	LinuxAsia Conference and Expo 2006	(India Habitat Centre)New Delhi, India
February 10 - 12, 2006	CodeCon 2006	San Francisco, CA
February 10, 2006	SCALE Workshop On Open Standards For Government Organizations	(Airport Radisson)Los Angeles, CA
February 11 - 12, 2006	Southern California Linux Expo(SCALE 4x)	(Los Angeles Airport Westin)Los Angeles, California
February 20 - 21, 2006	EuSecWest/core06 conference	London, England
February 24 - 26, 2006	PyCon 2006	(Dallas/Addison Marriott Quorum hotel)Addison, TX
February 25 - 26, 2006	FOSDEM 2006	(ULB Campus)Brussels, Belgium
February 27 - March 3, 2006	SELinux Symposium and Developer Summit	(Wyndham Hotel)Baltimore, MD
February 28 - March 3, 2006	Black Hat Europe Briefings and Training 2006	(Grand Hotel Krasnapolsky)Amsterdam, the Netherlands

Comments (none posted)

Community help as an attack vector

From:		James Dixon <jdixon-AT-pobox.com>
To:		letters-AT-lwn.net
Subject:		Community help as an attack vector
Date:		Sun, 25 Dec 2005 21:09:08 EST

 
I'm afraid the potential may be more real than we would like.
 
I used to respond to questions on the free linux support site before it
died. On at least three occasions, I was asked if I would be willing
to remotely access the machine in question as root and work on it. The
only contact these people had with me was my posts on the forum and my
name given at the end of the posts. In each case, I declined and
pointed out that offering root access to an almost complete stranger
was ot really a good idea. Instead I usually gave the person the
contact addresses for their nearest LUG's and suggested they contact
them to see if they could arrange for onsite support from a qualified
support person.
 
It would be reassuring to think my experience was unique, but I doubt
that's the case.
 
Oh, this is emailed, as I'm not a subscriber. I read you free edition
weekly, but I can't really justify your subscription rates. I'd love
to be able to do so, but barring winning the lottery, I don't see that
it's likely. This is not intended as a criticism of your rates, as I
know that you keep them as low as possible, and that even the current
rates don't really meet your needs.
 
You're welcome to publish this in your letters section, or copy it to
the comments section o fthe appropriate story, as you see fit. You may
edit it as required.
 
James Dixon
jdixon@pobox.com
   

Comments (5 posted)

"Just works with Linux"

From:		"Ian Bruntlett" <ianbruntlett-AT-hotmail.com>
To:		letters-AT-lwn.net
Subject:		"Just works with Linux"
Date:		Thu, 22 Dec 2005 11:26:44 +0000

Hi,

Take a look at "http://kerneltrap.org/node/5743", an article about the Open 
Graphics Project which sets out to have open documentation about its 
hardware (registers etc) so that the FOSS can maintain graphics drivers.

I'm looking forward to supporting this project.


Ian

Comments (3 posted)