LWN.net Weekly Edition for January 26, 2006
The Grumpy Editor plays with Rockbox
Last May, your editor lamented that, while his new digital audio player had a number of nice features, it also had a long list of glitches which, due to the proprietary nature of its firmware, could not be fixed. At that time, a Rockbox port for this device (an iRiver H340) was still a distant prospect. Since then, the situation has changed somewhat. In particular, on November 24, 2005, Rockbox hacker Linus Nielsen Feltzing announced his ability to play music on the H300 series. This nice little player had, at last, been cracked open and put to work running free software.Your editor took his time before giving Rockbox a try. There is something intimidating about rewriting the firmware of one's expensive electronic toy with untried new code covered in "this is experimental, only to be used by professionals and idiots" warnings. Maybe it has to do with the prospect of turning said toy into an inert paperweight and having to explain to the spouse that it will be necessary to buy yet another gadget, urgently, to replace it. But, eventually, after a suitable amount of loin girding, your editor launched into the process of generating a new firmware blob and loading it into the player. Happily, said player did not explode.
The Rockbox iRiver port works by applying a patch to the standard iRiver firmware. That patch adds a special bootloader, and a few other Rockbox-specific things. Unlike the native system, most of Rockbox lives outside of the firmware; it is, instead, loaded from the internal disk. Among other things, this organization makes it easy to upgrade the Rockbox code without going through the sweaty-palms firmware flashing experience every time.
The bootloader normally just grabs the Rockbox kernel from the disk and runs it. Quite a bit of effort has been put into making the bootloader robust, however. If the on-disk software cannot be found, it simply boots into the iRiver firmware. There is a power-on key sequence which can be used to get the iRiver code. The bootloader is also programmed to drop into the USB mode if the disk's filesystem is corrupted, giving the user a chance to fix things - though, since the H3xx bootloader's USB mode does not work properly yet, that feature is not as reassuring as one would hope.
One might well wonder: why bother changing operating software and risking turning the player into a brick when it worked reasonably nicely before? Here are a few of the things that Rockbox brings:
- Boot time. The iRiver firmware takes 26 seconds to boot on your
editor's player - and that is with the "database" feature, which
lengthens boot time, disabled. Rockbox is ready to play in ten
seconds. When one is, for example, trying to play some music before
driving, the difference is significant.
- Gapless playback. Your editor's music collection includes many works
which, to put it mildly, do not benefit from the one-second gap that
the iRiver software puts between every pair of tracks. Rockbox does
not have that problem.
- Bookmarks. Some audio files (like the interesting set of Long Now
seminars) can be over two hours long. Imagine listening to the
first hour of such a file, then picking up one's children to haul them
to the next in their long list of activities. Said children will, of
course, immediately grab the player and put on a Beatles song (one
must raise them on the classics, after all). With the iRiver
firmware, returning to the previous file involves painfully
fast-forwarding in until one finds a spot near where one left off.
Rockbox, instead, can automatically place a nice bookmark at the spot
where listening stopped, and jump right back on request.
- Codecs. The iRiver already played Ogg files (a big part of why your
editor chose it in the first place). Rockbox adds other formats,
including AAC, FLAC, Shorten, and more.
- Configurable screens. The iRiver firmware, when playing, wastes much
of its gorgeous color screen space with useless frobs. Rockbox allows
the "while playing" screen to be configured with great flexibility,
with the result that it offers a wide variety of information-dense
screens - in ugly monochrome. Color patches are in circulation,
happily, but they have not made it into the Rockbox mainline yet.
![[Brickmania]](https://static.lwn.net/images/ns/brickmania.jpg)
- Plugins. There is a long
list of plugins available for the Rockbox
software, many of which make nice use of the color display. Most of
them appear to be games (like "Brickmania," shown on the right). Yes,
you can now solve Suduko puzzles on the iRiver. But there is also a
calculator, a clock, a playlist searcher, a metronome, and more. A
color video player is in the works.
- Audio menus. Rockbox can, when loaded with a suitable voice file,
read out menus and track names as they are selected on the display.
The Rockbox mailing list has a steady stream of inquiries from blind
users who are not well served by commercially available audio
players.
- Languages. Rockbox can operate in Afrikaans, Bulgarian, Czech, Greek,
Hebrew, Swedish, and Wallisertitsch. Oh, yes, it works in English
too.
- Playlist generation. The iRiver software cannot generate playlists at all (they must be loaded from a computer), and, annoyingly, it can't do basic things like "treat this directory of files as a playlist and stop when you get to the end." It is easy to leave the device running by mistake, only to find (usually at the beginning of a long trip) that it has drained its battery trying to play one's entire music collection. Rockbox has a number of playlist generation options, and is generally better behaved in this regard.
The list could go on for a while, but one should not forget the nicest part of all: Rockbox is free software. Your editor did not feel particularly oppressed by the proprietary iRiver firmware, but switching to a free system still brought a sense of relief. So many things were clearly designed with the users in mind, and one knows that the rough edges (of which there are still many) can be fixed. With Rockbox, this gadget has become a living thing, rather than a set-in-stone consumer product. Rockbox would be worth running for its free nature alone, even if it weren't better in so many other regards.
There is some bad news: the iRiver H3xx players are no longer being made,
and iRiver's replacements are rather more closed devices. There is no
Rockbox port envisioned for current iRiver players, so people are now
wandering around on online auction sites in search of the few H3xx players
which are still available. The good news is that Rockbox is being ported
to a number of other platforms, notably the current set of iPod players.
The iPod port
page states: "Rockbox boots and appears to be stable on the iPod
Color/Photo, the Nano and the Video. Plugins and codecs work, but there is
no audio output yet.
" So, other than one little problem, everything
looks great.
As Rockbox becomes more portable, its user base is growing. Rockbox seems to have recently crossed one of those invisible lines where it becomes essentially unstoppable. There will likely come a time when some manufacturers of digital audio and video players - especially those who don't make iPods - will have to seriously consider shipping Rockbox on their gadgets. After all, why should they spend time and money creating their own software, when Rockbox is both free and better? Free software, it seems, has a good chance of taking over another category of systems.
[For those H3xx owners who find standard Rockbox to be insufficiently bleeding-edge: the Rockbox H300 Optimized release is a fork with improved color support, more plugins, remote control support, a lyrics viewer, and more.]
Suits and Patents: A Report from the GPLv3 Launch Conference
As you approached MIT room 10-250 on Monday, January 16th, you could see the rise in prominence of the GNU General Public License simply by the presence of the "suits". Oh, some had certainly "dressed down" with the black T-shirt/turtleneck and jacket motif instead of a tie, but they were very clearly of the corporate world and a quick glance at name tags proved that: Intel, IBM, HP, Novell were all there of course, but also companies such as Hasbro and many others.To be sure, the free and open source community was well represented: Bruce Perens, Andrew Tridgell, Chris DiBona, Seth Schoen, and many other free/open source stalwarts. But you would expect them to be here, while the corporate presence was definitely a sign of the times. Indeed, as I sat waiting for the presentation to start, two corporate folks were walking up the stairs behind me and one said to the other "Oh, yeah, we are all here to watch the ground shake."
The ground may not have shaken immediately, but the session began around 10am with Richard Stallman welcoming the crowd of 200+ attendees and providing a broad introduction to the GPLv3. He spoke on the overall goal of increasing the compatibility of the GPL with other appropriate licenses (such as the MIT X11 and BSD licenses) and then discussed the threats of digital restrictions management (DRM) and how it can never be compatible with the goals of free software. At the end, he introduced Eben Moglen, who proceeded to take the crowd through about an hour-and-a-half of line-by-line analysis of this first draft of GPLv3.
In all my years working with free and open source software, I'd actually never heard Eben Moglen speak and it turned out to be quite an enjoyable time. With occasional wit and humor, he guided us through the new clauses and the rationale behind the changes. As others have already provided some analysis and the FSF's GPLv3 rationale document gives their view on the changes, I'll not repeat much of that. His main thrust, though, was that the changes were about the increased compatibility of which RMS spoke, as well as clarifying a number of areas in which GLPv2 was unclear or vague. There was also a good amount of effort put into trying to make the GPL more "global" in the sense that it would better comply with copyright laws of more countries. One example is the new use of the term "propagate" in Section 0 as "distribute" turned out to have some formal connotations in some countries.
Moglen spent a good bit of time on the minimal "patent retaliation" clause now found in Section 2 and the reasons (explained in the rationale document) why the FSF did not go further. There was also an involved discussion of the ability to add additional permissions and requirements and how those flow on to recipients during the propagation/distribution process. Predictably, he spent a significant amount of time on Section 7, "License Compatibility", discussing what the different clauses mean with regard to the other free and open source licenses.
One of the discussions I found most interesting concerned the changes to section 8 ("Termination") specifically around the "60 day" clause. GPLv2 provided for the "automatic termination" of the license if you violated it and the license also essentially required someone in violation to contact all copyright holders to obtain forgiveness for having violated the license. As the FSF was very often the one acting to aggregate the claims and help entities come into compliance, they did see the pain this requirement caused when the process of contacting all copyright holders became long and protracted. In their view, this new arrangement provides a stronger incentive for entities in violation to come into compliance quickly as it gives them some assurance that if they do comply, they will not have the threat of GPL-infringement lawsuits looming over them once the first 60 days have gone by.
Another interesting addition was section 18 that speaks of the program not being tested for use in "safety critical systems". He said that at the time the GPL was first being applied, no one was thinking that free software might be used to run nuclear power plants or other systems that might have critical implications if there was a failure. This phrase was added to explicitly state that programs were not tested for these environments. However, he also said that he fully expects some companies to offer warranties (for a fee) to provide coverage for using such programs in those environments.
Throughout the talk he threw in entertaining quips such as "Most of us would see the copyright law of 1897 as being better than that of 2004", "Protecting freedom is hard work!" and "That's our legal theory and we're sticking to it." He also received a great deal of laughter when he relayed that the warranty sections (now 16 and 17) were not changed at all - except that he moved them from being all in uppercase. He said that he had yet to find a lawyer who could explain why they were all putting warranty provisions in all caps and that it seemed to be something people were just doing because everyone else was. So he decided for the sake of readability to make the change.
Moglen concluded his presentation with a moving comment on the "spirit" of the license and the overall need to preserve "the spirit of tinkering, of hacking, of making an unexpected invention out of the materials lying around". He spoke of this revision process as trying to keep the GPL safe, make it bigger and add more people to the discussion - and with that he invited people to become part of the process. He turned the floor back to RMS who said a very few final words and then opened it up for questions.
Predictably, the questions came quite quickly and were mostly about... patents. Two clauses received the most questions. The first was the "patent retaliation" clause in Section 2 and the second was the part of Section 11 which says that, if you distribute a work "knowingly relying on a patent license, you must act to shield downstream users against the possible patent infringement claims from which your license protects you." The response on this latter part from Eben Moglen was that they are not looking to require companies to search all their patents to ensure they are not infringing before distributing work, but more to prevent people from distributing work that they know requires a patent license which they may already have, but which the people who receive their work will not. He went on to say that this clause really only applies to a very small number of people and companies and that he looked forward to working with them to make sure this clause works well.
Beyond the patent questions, there were questions about the 60-day notice, the DRM provision and some general questions about the process of moving from GPLv2 to GPLv3. Overall it was a very useful, interesting and intense morning session.
My one critique of the FSF conference would be what happened next. As we broke for lunch, a subset of the participants (including many of the corporate folks and high-profile members of the free/open source community) apparently went off to separate "discussion groups" to which they were specifically invited. That left the rest of us (myself included) returning from lunch around 1:30pm to face a "Q&A session" with FSF Executive Director Peter Brown, FSF web/wiki coordinator John Sullivan and a young FSF staffer/volunteer who did not identify himself. After a brief statement around the process that would be starting how to comment online, the floor was opened for questions... many of which could simply not be answered.
I don't really fault the three of them. They tried as best they could to answer some of the questions, but they were definitely out of their element. The questioners wanted to ask specific points about the license and clearly needed RMS and Eben Moglen to be there. After a bit, Peter Brown tried to direct the questions away from the license draft and toward the process, asking for other questions to be held until Eben Moglen could return around 3 or 3:30pm. The frustration was visible in a number of the folks there.
I do understand that the FSF was trying to make use of the fact that it had all of these various folks in one physical location and certainly a room of 200 people is not a great way to get a large quantity of feedback. Small groups work far better for that type of thing. I also know that numerous media personnel were there and that RMS and Eben Moglen needed to spend some time with those folks. Still, given that the published agenda said that the afternoon session was for "Q&A" with no mention that RMS and Moglen would not be there, it was a bit frustrating to learn that it was not the type of Q&A that most attendees wanted.
Having said all that, there were some very good questions raised during this afternoon session. Patents were raised again several times, but a question was also asked about the definition of "Complete Corresponding Source Code" in Section 1 where it includes "any encryption or authorization codes necessary to install and/or execute the source code". The specific concern was about whether code could be encrypted with GnuPG for sending, but I failed to understand the issue as to my mind you would be encrypting it with the recipient's key, so they would already have it.
Far more of a concern for a few questioners, though, was the requirement in Section 6b that you will make available your source code on a "durable physical medium customarily used for software interchange." The concern was that solo developers might have to get into the business of stamping out CDs to distribute source code. It was pointed out by someone there that, per Section 6d, one easier way to comply was simply to offer a download. Still the concern persisted. Interestingly, Eben Moglen stated in his earlier presentation that this phrasing had been inserted primarily so that an entity could not "give you the source code" by giving you a printout, which he indicated was a possible way to comply in GPLv2. Now, you must be able to receive the source code in a fashion where you can use it electronically.
All in all, and even with my critique, it was well worth spending the day at MIT and I certainly think the FSF is to be commended for starting this revision process in such an open manner. While I was unable to attend the second day of the conference, I am sure that it was quite involved, as this is, for all of us, only the start of a conversation that will last most of a year. The GPL is incredibly important in this day and age and all of us should definitely monitor this first revision in 15 years, and get involved as much as we are able. The suits will be there - will you?
Ugly legislation in the U.S.
While the European software patent debate starts to warm up yet again, legislators on the other side of the Atlantic (where software patents are nothing new) are working at restricting freedom in different ways. In particular, this week saw the return of the broadcast flag, in the form of the digital content protection act of 2006 [PDF]. The purpose of this law is stated as:
Remember that, in the last episode in the broadcast flag epic, a federal court had concluded that the FCC, created to regulate access to the airwaves, had no authority to control the behavior of receivers. So the current proposal aims to "fix" that problem by making the FCC's authority explicit. Under this law, the FCC would be empowered to regulate digital TV receivers, and its previous broadcast flag rulemaking would be explicitly ratified. A separate section gives the FCC authority to regulate "digital audio receiving devices" as well.
Just in case the FCC might change its mind, the bill also contains language requiring that broadcast flags in particular be used "to protect digital audio content." This technology must also:
As others have pointed out, this is an interesting bit of language. Broadcast flag technology is not required to respect fair use or to protect any other rights "consumers" have under copyright law. Instead, it must protect "customary historic use." Given the fuss the entertainment industry has been raising for so many years, it is tempting to say that "customary historic use" includes widespread recording, copying, and redistribution of content. But that is not what the forces behind this bill have in mind, of course.
What they do have in mind is a world where nothing new can be done. If it's not "customary historic use," it can be prohibited. Not that long ago, recording television programs to watch them at a more convenient time was not customary - nobody had VCRs yet. It would not be surprising to see an argument that putting music on a digital audio player is not "customary historic use." Certainly putting one's music onto the hard drive of one's Linux system in order to create podcasts or other interesting derived works is not "customary historic use."
The broadcast flag already rules out the use of Linux systems to do anything with digital content; free software, being free, cannot meet the "robustness requirements" specified in the broadcast flag regulations. But, even if that hurdle could be overcome, the "customary historic use" provision will make it impossible to do anything new and interesting, on Linux or on any other system. It is an attempt to freeze time and give the industry a veto power over any new ideas that come along.
Also to be found in this bill is a requirement for "secure moving technology," defined as:
In other words, the FCC's new authority would go beyond receivers to any other device to which an receiver might be connected. The FCC will be authorized - and expected - to require DRM for any device which might touch digital content. And such DRM need only allow "customary historic use."
The EFF is encouraging letters to Congress in opposition to this bill.
An older proposal, meanwhile, is the "analog hole" bill [PDF]. This law would require video devices with analog outputs to incorporate the CGMS-A DRM and VEIL watermarking schemes. With the combination of the two technologies, the industry hopes to prevent "consumers" (that's us) from doing anything interesting with any analog signals we might be able to coax out of our shiny new, DRM-equipped entertainment boxes.
Ed Felten recently decided to look at VEIL to get a sense for what is truly being mandated. As it turns out, he was not able to. In order to have a look at the VEIL specifications, he would be required to sign a non-disclosure agreement, and pay $10,000 as well. And that only for the decoding side of the specification. So the "analog hole" law mandates the use of secret technology; there will be no opportunity to debate the merits (or lack thereof) of this technology during the lawmaking process. All this leads Mr. Felten to wonder: do the members of Congress behind this bill (or even their staff members) have any idea what they are legislating?
It is bad enough that this law would make it impossible, for example, to put together a MythTV box. But the imposition of secret technologies is undemocratic at best. In this case, too, members of Congress would benefit from well-written input from the people they are said to represent.
Security
Anonym.OS: providing internet anonymity
Internet anonymity has started to become a mainstream issue, even covered by the New York Times (registration required) and a newly released project is specifically geared towards providing users with a safer, more anonymous, internet experience. Anonym.OS is an OpenBSD-based live CD that attempts to provide the average user with the same levels of privacy that are available to more technically savvy users.Anonym.OS uses a variety of techniques to provide security and anonymity, starting with changing the TCP parameters to give the impression that it is running Windows XP in order to blend in. It provides very strong firewall protections, disallowing any inbound traffic and only allowing encrypted and/or anonymized traffic outbound.
Tor (aka The Onion Router) provides the underlying infrastructure for anonymity by routing TCP packets through random nodes in the Tor network, with separate encryption for each hop in the route. This routing makes it difficult to determine where a particular Tor client is connecting to (or from), though large adversaries who can monitor large sections of the net can still use statistical correlations of the packet timings to determine source and destination as described in the Tor FAQ.
Another component of Anonym.OS is Privoxy, which is a web proxy that provides a variety of privacy features such as cookie management, 'web bug' disabling, and bypassing various click-tracking scripts. Privoxy also provides DNS lookup anonymity to mask which domains a user is looking up.
After booting and configuring a root password, network parameters and the like, Anonym.OS presents a standard looking desktop with Firefox, Thunderbird and Gaim as icons. These applications will use Tor and have been configured to promote privacy, particularly in Firefox, by alerting about cookies and not saving passwords or form data.
The user experience is fairly slow, largely because of Tor, but loading programs from the CD also seems to take quite a while. Anonymity is not free nor particularly fast. Web pages take roughly 5-10 times as long to load and ssh sessions remind one of the glory days of 110 baud acoustic coupler modems. Tor is a work in progress and will likely get faster and find ways to make interactive (ssh) performance better but taking multiple hops through the network is always going to have a cost.
There are two Linux based projects with similar goals, and which also use Tor: Phantomix based on KNOPPIX, and ELE based on Damn Small Linux. Because of its vaunted "security by default", OpenBSD advocates would probably scoff at using Linux for a system of this sort, but the same software and techniques used by Anonym.OS are available for Linux.
Anonym.OS is clearly a boon for people with a strong need for anonymity on the internet and who either do not have the technical ability to set this up for themselves or who may use computers that are not under their control. Anonymous bloggers, folks who are worried that their government might get access to web logs from their favorite search engine, whistleblowers and others who might aggravate large, deep-pocketed organizations could certainly find a use for Anonym.OS. One does need a strong reason to do so, however, as using it can be very slow and painful.
New vulnerabilities
crawl: insecure program execution
| Package(s): | crawl | CVE #(s): | |||||
| Created: | January 23, 2006 | Updated: | January 25, 2006 | ||||
| Description: | Steve Kemp from the Debian Security Audit project discovered a security related problem in crawl, another console based dungeon exploration game in the vein of nethack and rogue. The program executes commands insecurely when saving or loading games which can allow local attackers to gain group games privileges. | ||||||
| Alerts: |
| ||||||
flyspray: missing input sanitizing
| Package(s): | flyspray | CVE #(s): | CVE-2005-3334 | ||||
| Created: | January 24, 2006 | Updated: | January 25, 2006 | ||||
| Description: | Several cross-site scripting vulnerabilities have been discovered in flyspray, a lightweight bug tracking system, which allows attackers to insert arbitrary script code into the index page. | ||||||
| Alerts: |
| ||||||
imagemagick: arbitrary command execution
| Package(s): | imagemagick | CVE #(s): | CVE-2005-4601 CVE-2006-0082 | ||||||||||||||||||||||||||||||||||||
| Created: | January 24, 2006 | Updated: | March 24, 2006 | ||||||||||||||||||||||||||||||||||||
| Description: | Florian Weimer discovered that the delegate code did not correctly handle file names which embed shell commands (CVE-2005-4601). Daniel Kobras found a format string vulnerability in the SetImageInfo() function (CVE-2006-0082). By tricking a user into processing an image file with a specially crafted file name, these two vulnerabilities could be exploited to execute arbitrary commands with the user's privileges. These vulnerability become particularly critical if malicious images are sent as email attachments and the email client uses imagemagick to convert/display the images (e. g. Thunderbird and Gnus). | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
kdelibs: heap overflow
| Package(s): | kdelibs | CVE #(s): | CVE-2006-0019 | ||||||||||||||||||||||||||||||||||||
| Created: | January 19, 2006 | Updated: | March 17, 2006 | ||||||||||||||||||||||||||||||||||||
| Description: | Konqueror's kjs JavaScript interpreter engine has a heap overflow vulnerability. Specially crafted JavaScript code could be placed on a web site, leading to arbitrary code execution. Other kde applications are also subject to this vulnerability. | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
kernel multiple vulnerabilities
| Package(s): | kernel | CVE #(s): | CVE-2005-3527 CVE-2005-3783 CVE-2005-3784 CVE-2005-3805 CVE-2005-3806 CVE-2005-3808 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | January 20, 2006 | Updated: | April 18, 2006 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | Here's another set of vulnerabilities in the Linux kernel:
| ||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
OpenSSH: double shell expansion
| Package(s): | openssh | CVE #(s): | CVE-2006-0225 | ||||||||||||||||||||||||||||||||||||||||
| Created: | January 23, 2006 | Updated: | July 20, 2006 | ||||||||||||||||||||||||||||||||||||||||
| Description: | OpenSSH has a double shell expansion vulnerability in local to local and remote to remote copy with scp. | ||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||
tetex: integer overflows
| Package(s): | tetex | CVE #(s): | CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628 | ||||||||||||||||
| Created: | January 19, 2006 | Updated: | May 23, 2006 | ||||||||||||||||
| Description: | The teTeX PDF parsing library has an integer overflow vulnerability. A carefully crafted PDF file can be used by an attacker to crash teTeX and possibly execute arbitrary code. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
trac: missing input sanitizing
| Package(s): | trac | CVE #(s): | CVE-2005-4065 CVE-2005-4644 | ||||||||
| Created: | January 23, 2006 | Updated: | January 30, 2006 | ||||||||
| Description: | Several vulnerabilities have been discovered in trac, an enhanced wiki and issue tracking system for software development projects. Due to missing input sanitizing it is possible to inject arbitrary SQL code into the SQL statements (CVE-2005-4065). A cross-site scripting vulnerability has been discovered that allows remote attackers to inject arbitrary web script or HTML (CVE-2005-4644). | ||||||||||
| Alerts: |
| ||||||||||
Resources
Getting Started with Multi-Category Security (MCS)
James Morris has put up a look at multi-category security from an administrator's point of view. "In a corporate environment, categories could be used to identify documents confidential to specific departments, or being covered under certain NDAs. So, when jose prepares a report on payroll statistics for the month, he can label it as 'Payroll', which will not be accessible by lara, who only has access to the 'Finance' category."
Privacy for People Who Don't Show Their Navels (NY Times)
The New York Times (registration required) has published an article about privacy technologies, with a special mention of Tor. "'I get the feeling it's going up,' said Roger Dingledine, Tor's project leader. 'But one of the features I've been adding recently,' he said, enhances anonymity protection by making it harder to count downloads of the software. Still, the number of servers forming layers in the Tor network has risen to 300 from 50 in the last year, Mr. Dingledine added."
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current 2.6 prepatch remains 2.6.16-rc1. A handful of fixes has appeared in the mainline git repository, including a few new features (see below).The current -mm release is 2.6.16-rc1-mm3. Recent changes to -mm include more semaphore-to-mutex conversions, two-column stack backtraces on i386 (to make oops traces fit on one screen), various memory management tweaks, the SMP alternatives patch, and lots of fixes.
Kernel development news
Quotes of the week
The 2.6.16 straggler list
The release of 2.6.16-rc1 was supposed to signal the closing of the window for new features. For the most part, things have happened that way. A few additional features did find their way in after 2.6.16-rc1 came out, though. Here is a quick list.
- The work of making the slab allocator smarter on NUMA machines
continues. In previous versions of the kernel, slab allocations
made during the bootstrap process would all end up on the boot node,
causing an imbalance across the NUMA system. It was also possible for
processes with non-default memory allocation policies to "contaminate"
allocations for other processes. The 2.6.16 slab allocator will make
more explicit decisions about just how allocations should be performed
to spread out boot-time allocations and to ensure that each process
gets the allocation policy it asked for.
- NUMA systems can also perform memory reclamation on individual memory
zones, on the theory that forcing out pages can be cheaper than
allocating non-local pages.
- A number of new system calls, including openat() and friends,
ppoll(), and pselect(), have been merged. These
calls were discussed here last December.
- Perhaps the biggest late addition is the EDAC ("error detection and
correction") subsystem. The purpose of the EDAC code is to watch for
errors in the operation of the system and to scream when they are
detected. EDAC, as merged, is oriented mainly toward memory errors.
It will poll the memory controllers (drivers for a few families of
controllers have been merged) on a regular basis for both correctable
and uncorrectable errors. Log messages can be generated for both
types of errors, and there is a sysfs interface as well. Optionally,
the EDAC code can be told to immediately panic the system on an
uncorrectable error; in this way, it is hoped, uncorrectable errors
will not lead to data corruption elsewhere in the system.
One assumes that uncorrectable errors will be rare, however. The real intent is to allow administrators to see when significant numbers of correctable errors are being detected. Since those errors will often degrade, over time, into uncorrectable problems, the presence of correctable errors is a strong indication that the affected memory bank should be replaced.
The EDAC code can also watch for parity errors on the system's PCI buses. Getting good information from the PCI subsystem can be harder, however, since, apparently, some vendors do not follow the specs when it comes to the generation of parity information.
For more information on EDAC, including details on the sysfs interface, see drivers/edac/edac.txt in the current mainline documentation directory.
At this point, the 2.6.16 merge window can truly be considered closed; the feature set for this release is probably complete.
Review: Understanding Linux Network Internals
The net/ directory tree in the Linux kernel source is an intimidating place. We all use the kernel's networking features, but even experienced kernel hackers often hesitate to wander into the code which implements those features. To many, the networking stack is a black box, maintained by a distinct set of developers who keep many of their secrets to themselves. There is little documentation on how Linux networking is implemented, adding to the challenge of understanding how it all works.
![[Cover]](https://static.lwn.net/images/ns/kernel/ulni_cover.jpg)
Your editor had been told that O'Reilly had a book on the networking stack
- a sort of companion to Understanding The Linux Kernel - in the
works. But it was still a nice surprise to see the end result - a book by Christian Benvenuti
entitled Understanding Linux Network Internals - show up on the
doorstep. A couple of weeks later, after having read much of the book,
your editor is ready to share some comments. The short version would be: this
book is a welcome addition to the (short) list of books about the kernel.
It is not as good a book as it could have been, however, and leaves some
significant gaps.
Let's get one pet peeve out of the way immediately: any kernel book should disclose, on the cover, which version of the kernel is covered. As LWN readers know well, things change quickly in the kernel. A book which covers one version will likely be obsolete in many places a few versions later. If a kernel book does not include version information, there is no way to know which reality it matches or whether it will be even remotely relevant to current kernels.
In the case of this book, there is no word anywhere regarding which version is covered. It is clearly a 2.6 book, but that is all we know. Your editor has come to the conclusion from his reading that the book was a long time in the writing (not surprising: the subject matter is complex, and the book is over 1,000 pages long), and that, if an effort was made to make it consistently current for a specific kernel version, that effort was incomplete. The section on interrupts, for example, presents the old prototype for interrupt handlers last seen in the 2.5.68 kernel. Other parts are much more current. The book is a bit of a patchwork in that regard.
And in other regards as well. Some parts of the book seem to want to be a programming manual - to the point that the slab cache functions (kmem_cache_create() and friends) are presented on page 4. Page 13 talks about the likely() and unlikely() constructs. Yet, in other areas, detail is much more scarce, and there is no complete discussion of how to write code for the kernel. And (another pet peeve of your editor's) the issues of concurrency and race conditions are passed over almost completely.
Similarly, the section on network device drivers offers a great deal of information on device registration, queueing discipline bits, notifiers, power management, ethtool, dealing with the PCI bus, module initialization, and more. There is even a section on how bottom halves worked in the 2.2 kernel. But there is almost no information on how to write transmit and receive functions. At one point the author writes "This chapter does not strive to be a guide on how to write NIC device drivers." No problem, there are (ahem) other books which cover that ground. But then why bother with things like PCI device registration?
This book does contain a great deal of information. It may pass over driver transmit and receive functions, but it does cover packet transmission and reception in the higher levels of the networking stack in some detail - and that is just what one would want. There is a long section on IPv4 and ICMP, and quite a bit of information on the complicated "neighbor" code (the ARP protocol and such). The last major section is on routing. Stuffed into the middle is a 110-page section on the bridging subsystem.
Networking is a large area, and a large part of the kernel, so it is hard to cover everything even in a 1000-page book. So some important things were left out of Understanding Linux Network Internals. These include TCP, IPv6, IPsec, netfilter, traffic control, and several other topics. And that leads to your editor's last, and perhaps biggest complaint. The inconsistent focus and somewhat irregular choice of topics seen at the lower levels is also present in the large scale. Your editor would have happily traded the four chapters on bridging for a solid overview of how the TCP protocol works in Linux, and your editor suspects that he is not alone. Netfilter and traffic control, perhaps, merit a book of their own, but maybe some of the other chapters could have been tightened up enough to make room for an introduction to IPv6 or IPsec.
So it is hard to recommend this book in an unreserved fashion. That said, there is a great deal of useful information to be found in Understanding Linux Network Internals, and your editor is glad to have it on his bookshelf. It has already come in useful a couple of times while trying to figure out how parts of networking-related patches work. So this book is a welcome addition to the body of kernel-related documentation, even if it is not everything one might wish it would be.
MD / DM
The Linux software RAID code (often called "MD" for "multi-device") is a longstanding feature of the kernel. RAID users appreciate its robustness, configurability, and the fact that it performs well; better performance than that achieved with hardware RAID controllers is not unheard of. In recent years, little has been heard about the MD code, however. Its feature set has changed slowly, and developments with the device mapper code have taken a higher profile. That, perhaps, is as it should be; a storage subsystem which attracts attention is rarely a good thing.That said, MD hacker Neil Brown has been busy. His latest patch set implements RAID5 reshaping: the ability to add devices to a RAID5 array without going through a backup and restore cycle - or even shutting the array down. This is a nontrivial task; adding a drive to a RAID5 array requires redistributing data and parity blocks across the entire array. With this version of the patch, Linux MD can not only perform this task, but it can do it while still handling normal I/O to the array. The new patch also checkpoints the process, so that it can be restarted if interrupted in the middle; this corrects a minor defect in the previous version, wherein interrupting the reshaping task would cause all data in the array to be lost.
Neil notes that things could still go wrong:
Neil has various other enhancements in mind, including the ability to upgrade a RAID5 array to RAID6 (which increases fault tolerance by adding another set of parity blocks). Quite a bit, clearly, is happening in the MD world.
All this activity drew queries from a couple of observers who had, it seems, assumed that the addition of the device mapper to the kernel meant that the MD code would eventually whither away. The device mapper can handle some of the lower RAID levels (mirroring and striping) now, and there is work in progress to add RAID5 support. Since the device mapper is a general framework for mixing and matching drives, it makes sense to some that the RAID functionality should move there too.
Unsurprisingly, Neil disagrees. His suggestion is that "anything with redundancy," including RAID5 and RAID6, is best handled in the MD code. The device mapper, instead, is good for fancier arrangements like multipath, encryption, volume management, snapshots, etc. Certainly, those who are placing trust in RAID for redundancy should be comforted by the rather longer track record built up by the MD code. MD is also said to be faster than the device mapper at this time.
As others have pointed out, however, there is a cost to carrying multiple RAID implementations in the kernel. Each must be maintained, and each will have its own unique bugs to contribute to the whole. So, as the device mapper develops higher-level RAID capabilities, it would be nice if some of the core code could be shared between MD and DM. Making that happen, however, will require developer effort - and it's not clear that any hackers are interested in doing that work at this time.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Memory management
Page editor: Jonathan Corbet
Distributions
News and Editorials
Slowing down Fedora Core
A discussion has been going on in the fedora-devel list, starting with this post from Gilboa Davara, requesting that Fedora Core 4 (FC4) remain supported, by the Fedora Project, until FC6 is released.Last week FC3 went into maintenance mode with the Fedora Legacy Project, just as FC5 Test2 was released, as has been the typical schedule so far. The final FC5 release is scheduled for mid-March, about two months away.
According to this proposal, beginning with FC4, the Fedora Project would be responsible for supporting two releases while finalizing a third release. This would delay a transfer to Fedora Legacy for a few months and a few more bug fixes. Most of all, this proposal is an expression of concern about the Fedora Legacy Project's ability to support old releases.
It is true that a Fedora release does not receive the same level of support once it is transferred to Fedora Legacy. When the Fedora Project supports a release, they provide security updates, bug fixes, and occasionally upgrades and enhancements for various packages. These package updates can be seen in each weekly Distribution page, in the Package updates section. The Fedora Legacy Project provides security updates only.
So the level of support from Fedora Legacy is a bit less than that from the Fedora Project, but if it is only for a few months how much does that really matter? As long as your stable system can remain secure until you are ready for an upgrade, a few bug fixes aren't going to matter much. The volunteers building security updates for Fedora Legacy are competent and first and foremost they are building updates for themselves. They have a vested interest in making sure these updates work. Others should be able to benefit from their work, but those who want more from Fedora Legacy are encouraged to participate. Fedora Legacy is a community project, so those who want more from the project should be prepared to help accomplish their own goals.
It is also true that Fedora Legacy had a hard time getting up to speed. Early releases came into the Legacy project with large numbers of outstanding security problems. Both Fedora and Fedora Legacy have had some severe growing pains, and they are not finished ironing out the process. This transition was smoother than the last; FC3 has very few outstanding security issues. We should expect that as FC4 moves into its Legacy status, the process will be even smoother, especially if more people get involved and help out.
Some users expressed distaste with the word "legacy". The dictionary definition:
2. Something handed down from an ancestor or a predecessor or from the past
seems to capture the meaning of Fedora Legacy quite well, but for those who have worked on "legacy systems" this distaste is understandable. Many suggestions were given for changing the name of Fedora Legacy to something more palatable. Some of the suggestions were not bad, but ultimately people should ask themselves if they would rather have Fedora Legacy volunteers keep busy by updating the documentation, website, mailing list, and so on, to reflect a name change; or would their time be better spent maintaining the project's five currently supported releases (Red Hat Linux 7.3, Red Hat Linux 9, FC1, FC2 and FC3)? I would chose the later.
A more serious concern is that the process of moving to Fedora Legacy is difficult, or at least less than obvious. To begin with, users need to be aware that the status of their system has changed and that is time for them to make a decision of some kind. Should they decide not to upgrade, the move to Fedora Legacy requires that they change some configuration files to look at different repositories. There is nothing automatic about the process. A conscious decision must be made to either upgrade to the next Fedora release, or get support from Fedora Legacy. Users who wait for the little update icon to appear may unintentionally leave their systems at risk.
The Fedora Legacy Project is not insensitive to these concerns. Jesse Keating has proposed some changes for Fedora Legacy that will make an easier transition for users who want to continue running older releases. Fedora Legacy has come a long way since FC2 came into its care. It can be, and should be, even better by the time FC6 test2 is released and FC4 moves into its purview.
Fedora Core was envisioned as a fast moving distribution. Already it has slowed down, from six months between releases to nine+ months between FC4 and FC5. For those who like a slower pace, there are plenty of slower paced distributions available and for diehard Fedora fans, there is the Fedora Legacy Project.
For those people who argue that they should be able to skip a release and go from a supported FC4 to a supported FC6, ask yourselves this: would you really switch to FC6 on the day it's released? More likely you'd be asking for another month, and then another month after that. Meanwhile many Fedora users are happy with the current pace and would prefer that Fedora engineers spend the time between FC6 test2 and FC6 polishing FC6, not squashing old FC4 bugs.
Warren Togami expressed it quite well:
Fedora is supposed to be a community project, and Legacy is where fate of an older distribution is put within the hands of the community. If there is sufficient interest in maintaining a distro, then Legacy will keep it alive. If a given distro falls into disrepair, then the decision will eventually be made to retire it in order to better allocate resources on distributions that the users care more about.
Fedora Core should remain fast-paced. When Fedora engineers are concentrating on finalizing a release they should not be burdened with maintaining two other releases. Fedora Legacy is working and it can and will get better, especially if more people volunteer their time to help. If Fedora is too fast paced for you, and you can't or won't help the Legacy project achieve your goals, find another distribution that moves at a slower pace. I have little list that might be helpful in that regard.
New Releases
SUSE Linux 10.1 Beta1 Released
The latest openSUSE release, SUSE Linux 10.1 beta 1 "Agama Lizard" is ready for testing. Click below for a list of known issues. "Created within the openSUSE project, SUSE Linux 10.1 is designed for individuals looking to work with latest open source technologies -- a stabilized Linux operating system, solutions for desktop productivity, application development, web hosting, security and more completely integrated to make the world's most usable Linux. SUSE Linux 10.1 supports the Intel and AMD x86 and x86-64 platforms as well as the PowerPC platform."
Edubuntu flight 3 CD
Edubuntu joins Ubuntu and Kubuntu with a Flight 3 CD. This is a milestone release in the Dapper development cycle, suitable for testing.
Distribution News
Mentors for the Ubuntu-Women team
The Ubuntu-Women team is looking for mentors. "As a mentor you will be the role model who will be interacting with the new entrant/s along technical lines like bug triaging, writing patches, coding or packaging and testing, depending on their area of interest and yours."
Upstream Version Freeze for Ubuntu
The Upstream Version Freeze for Ubuntu 6.04 (Dapper) is currently in effect. The first phase of this progressive freeze means that no new upstream versions of packages should be uploaded without prior approval, and automatic package syncs from Debian will be disabled.
New Distributions
NetBSD live CD
There is a new NetBSD based live CD available. NeWBIE stands for (Ne)tBSD (W)are (B)urned (I)n (E)conomy. This distribution caters to the desktop-user (i.e. with applications for web browsing, chat, multimedia, document editing, etc) but will also serve as a core for creating a NetBSD-based live CD for network security auditing.
Distribution Newsletters
Debian Weekly News
The Debian Weekly News for January 24, 2006 covers a call for help with bug triage from Debian GNOME users, installing Debian sarge on a logical volume (LV) that resides on a number of disks merged together with RAID, the Kaffe compiler transition, web forums for Debian?, the draft GPLv3, and several other topics.Fedora Weekly News Issue 30
The Fedora Weekly News for January 23, 2006 is out. This week's articles include Announcing Fedora Core 5 Test 2, Fedora Core 3 Transferred to Fedora Legacy, FUDCon Delhi 2006 in India, Meeting Minutes for Fedora Ambassadors, Review: Looking Forward: Fedora Core 5, and more.DistroWatch Weekly, Issue 135
The DistroWatch Weekly for January 23, 2006 is out. "The developers of Fedora, SUSE and Ubuntu have moved one step closer to reach their goals during the past week when new test builds were announced by the three projects. SUSE's development process will now accelerate dramatically, while Red Hat has hinted on returning to a 6-month release cycle after Fedora 5. Also in this issue: the parent company of Turbolinux under investigation, features of SecureAPT, PCLinuxOS unveils a new web site, and AGNULA loses funding. Finally, we interview Alan Baghumian, the developer of Parsix GNU/Linux and one of the most enthusiastic and energetic Linux supporters in the Middle East."
Package updates
Fedora updates
Fedora Core 4 updates: autofs (include the latest stable patches), cdicconf (added gtk+-devel to BuildRequires), hal (fix some unicode issues), flex (apply a bugfix-fixing patch), logwatch (bug fixes), umb-scheme (bug fixes), texinfo (rebuilt for FC4), hal (copy filenames with utf-8 chars to FAT formatted floppy disks), dhcp (bug fixes), system-config-soundcard (backported fixes from devel branch).Mandriva updates
Mandriva has updated hwdb-clients for versions 10.1, 10.2, Corporate 3.0. This webmin update fixes a MySQL init script issue in version 2006.0.Trustix update
Trustix Secure Linux has updated postgresql to a new upstream version for TSL versions 2.2 and 3.0.
Newsletters and articles of interest
Choosing a desktop Linux distro (DesktopLinux)
With so many Linux distributions out there, picking the one for you can be tough. DesktopLinux attempts to narrow the choices based on some common criteria. "I think the best Linux desktop is the one that's best for a particular person based on their needs and level of Linux expertise. So, the next time someone asks you that question, I suggest you reply with a couple of questions of your own. For example, you could ask, "Do you want to replace Windows? For home? For work? Are you interested in Linux because you want to get some new life out of an old system? Do you just want to mess around with Linux?""
Distribution reviews
Review: Atomix Linux 3.2 (Linux.com)
Linux.com has a review of Atomix Linux. "One of Atomix's strengths is its multimedia support. MPlayer (and a package of additional skins) is available for displaying content in DivX format, and Atomix includes Xine for playing DVDs. If you decided during installation to install the video players package, you will get libdvdcss, so you will be able to watch commercial DVDs by default."
Page editor: Rebecca Sobol
Development
The GNOME NetworkManager Applet
Every once in a while, your author stumbles across a really useful piece of software. It all started when I decided to do some experimentation with 802.11g wireless networking. I procured a Linksys WRT54G-v4 router, borrowed a Windows XP box to get the router going, connected it to my LAN and was "on the air". This router happens to allow uploading of open-source firmware, I plan on experimenting with that after I become comfortable with the technology in its native state.![[NetworkManager]](https://static.lwn.net/images/ns/networkmanager.png)
The other end of my limited wireless network involves a desktop PC with a D-Link Air Plus Xtreme G DWL-G520 wireless card and a Hawking Technology directional antenna with 7db of gain. The antenna is an optional accessory that is useful for extending the range of the wireless connection. The desktop machine also has a wired 100-T ethernet card. The remote machine is running the Ubuntu "Breezy Badger" (5.10) distribution and the GNOME desktop.
Ubuntu is fairly new to me, and I decided to see how far one could get with the GUI-based networking tools. I was able to simply plug in the D-Link card to the machine and boot, the card was auto-detected. In a similar experiment with a Fedora Core 4 system, the card was not detected.
The GNOME network configuration tool is fairly straightforward, just click on the desired wireless interface and tweak the properties. It is sufficient for connecting the machine to a single wireless network, but becomes painful when experimenting with connections to multiple networks. Switching to a different network involves several minutes of waiting, and the signal strength information is missing.
I want to be able to rotate my directional antenna in order to get the best signal on distant networks. The wireless-tools package contains the command line utility iwlist, which dumps out a bunch of information for each network that is in reception range. This can be useful for finding basic signal strengths, and seeing which channels are in use in your area. I configured my Linksys box to work on an unused channel.
Enter NetworkManager. The Ubuntu package description for NetworkManager says:
![[local nets]](https://static.lwn.net/images/ns/localnets.png)
In other words, NetworkManager provides a higher level system on top
of the existing network utilities. It also provides a useful
desktop applet for displaying connection information and switching
between networks.
To connect to a wireless network, just left-click the mouse on the network manager applet, and pick a network from the available list. Right clicking the applet brings up a list of configuration options. My neighborhood has an ever-changing number of wireless networks, most of them are configured with keys, a few of them are wide open. Keyed networks require you to enter the appropriate pass phrase.
After the network has been selected, the NetworkManager applet
lights up one, then two virtual LEDs to signal the steps in the
connection process. A progress bar and a fun spinning
comet are also displayed in the applet while connecting.
![[NetworkManager Connecting]](https://static.lwn.net/images/ns/netmgrconn.png){kind=small}
Networks with weak signal strengths will not connect, and both virtual
LEDs will not light up. Eventually, the connection attempt will time
out and the applet will display a not-connected icon.
Unlike the GNOME network configuration tool, NetworkManager allows
you to quickly abort a connection that is not succeeding, and switch
to another one.
Once you successfully connect to a network, the applet icon will change
into a set of four signal strength bars, these change up and down
with the signal strength. Placing the mouse over the applet also
displays a numerical signal strength value, I leave my mouse in
this position and slowly rotate the antenna for best results.
![[NetworkManager Meter]](https://static.lwn.net/images/ns/netmgrmeter.png){kind=small}
NetworkManager has the ability to detect and auto-switch to a wired ethernet. This makes it especially useful for laptop users who frequently move between home, work and the internet cafe.
Areas for improvement
While very useful, NetworkManager is also fairly experimental software. The documentation is currently very sparse. It took a significant amount of digging to figure out how to get the nm-applet to show up on the desktop. (Hint: System->Preferences->Sessions->Startup Programs->Add).The signal strength display can be used for optimizing the antenna direction, but it is just slow enough to make this process painful. The update time is in the order of several seconds. This may be a limitation of the hardware. It would be nice if the channel number was displayed in the list of networks. Playing with the GNOME network configuration tool while NetworkManager was running caused my machine to hang, this isn't too surprising considering the various processes that are contending for the same resources, but it is nonetheless a "bad behavior".
NetworkManager scores highly as a functional tool for automating the process of switching between wired and wireless networks, your editor plans on keeping this application around.
Addendum: RedHat Magazine published a very informative article in January of 2005 entitled Introducing NetworkManager.
System Applications
Database Software
moodss 21.0 released
Version 21.0 of moodss, a graphical monitoring application, has been announced, it adds new database monitoring capabilities. "By finding the best of powerful statistical models, using sophisticated methods such as ARIMA (AutoRegressive Integrated Moving Average) and artificial neural networks, *moodss* 21.0 can now predict the future behavior of data cells, from their history recorded in a SQL database. The new predictor tool, obviously ideal for capacity planning, will also allow, in upcoming releases, a system administrator to receive emails such as "on server foo.bar.com, the disk sdb is likely to become full in 3 weeks"."
PostgreSQL Weekly News
The January 22, 2006 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL database news and resources.
Interoperability
Samba 4.0.0TP1 Available for Download
Version 4.0.0TP1 of Samba has been announced. "Samba 4 is the ambitious next version of the Samba suite that is being developed in parallel to the stable 3.0 series. The main emphasis in this branch is support for the Active Directory logon protocols used by Windows 2000 and above. Samba 4 is currently not yet in a state where it is usable in production environments."
Security
nepenthes 0.1.6 released (SourceForge)
Version 0.1.6 of Nepenthes has been announced. "Nepenthes is a low interaction honeypot designed to catch and store worms. The new version 0.1.6 offers some *major* improvements in recognizing shellcodes and compiling the code on different plattforms and operating systems."
Web Site Development
Gallery 1.5.2 Release (SourceForge)
Version 1.5.2 of Gallery, a web-based photo gallery application, is available. "This release fixes a possible XSS security problem, fixes bugs (including those found in all of the preview releases), and introduces several cool new features: image maps and downloading albums as zip files."
Silva 1.5 beta 1 released
Version 1.5 beta 1 of Silva, a web content management system, has been released. "Silva 1.5 is the first Silva release that really starts using Zope 3 technology in the core, and is the first step in a longer evolution. It does not have a lot of externally visible feature changes, but focuses on making Silva work with Zope 2.8 and Five 1.2."
Desktop Applications
Data Visualization
Titus' PyX Tutorial for Gnuplot Users
Titus Winters has written a tutorial on the use of PyX, the Python graphics package. "At some point, it is bound to happen. Gnuplot is wonderful, but there comes a time where it just doesn't quite have the power that you need it to have. Perhaps you want to radically alter the way the axes are drawn. Perhaps you just want to do something simple like change the color of a plot line, but not the pattern. Maybe you really need some hefty math symbols displayed on the graph. At some point you'll hit the wall beyond which Gnuplot quickly stops being the right answer. What works better in these situations?"
Desktop Environments
Gnome 2.13.5 Released
Gnome 2.13.5 has been released. "This is the last release in the 2.13 development series and represents a release that is now API/ABI and feature frozen."
GARNOME 2.13.5 Released (GnomeDesktop)
Version 2.13.5 of GARNOME, the bleeding edge GNOME platform, has been announced. "This release includes all of GNOME 2.13.5 plus a whole bunch of updates that were released after the GNOME freeze date, plus a lot of tweaked build-magic. It is for anyone who wants to get his hands dirty on the development branch."
GNOME Software Announcements
The following new GNOME software has been announced this week:- Beagle 0.2.0 (new features and bug fixes)
- Evince 0.5.0 (new features, bug fixes and translation work)
- gcalctool v5.7.27 (bug fix)
- GDM2 2.13.0.6 (bug fixes, documentation and translation work)
- gedit 2.13.4 (new features, bug fixes and translation work)
- GLib 2.8.6 (bug fixes and translation work)
- GLib 2.9.4 (unstable development release)
- Glom 0.9.2 (new features and translation work)
- GnomePythonDesktop 2.13.3 (unstable development release)
- gnome-reset 0.1.2 (new features)
- GShowTV 0.9.1 (bug fixes)
- gtk-engines 2.7.3 (unstable development release)
- iswitchwin-0.9 (unspecified)
- Metacity 2.13.34 (bug fixes and translation work)
- swfdec 0.3.6 (bug fixes)
- Yelp 2.13.3 (new features, bug fixes and translation work)
KDE Software Announcements
The following new KDE software has been announced this week:- ClickSpotter 0.1.0 (unspecified)
- digiKam 0.8.1 (new features and bug fixes)
- iswitchwin 0.9 (unspecified)
- katapult 0.3.1 (unspecified)
- KDE DVD Authoring Wizard 1.04b (improvements for Ubuntu)
- KlamAV 0.35 (new features)
- KLingvoOnline 0.1 (unspecified)
- Knmap 2.0 (new features)
- KPowersave 0.5.3-3 (bug fixes)
- KsysInfo Preview Alpha 0.1 (initial release)
- KTorrent 1.2rc2 (bug fixes)
- Perl Audio Converter (PAC) 3.0 (new features and bug fixes)
- Piklab 0.3 (new features and bug fixes)
- Psi 0.10 (unspecified)
- QtiPlot 0.7.6 (new features and bug fixes)
- QTunapie 0.4 (unspecified)
- SpeedCrunch 0.7-beta1 (new features)
- sunbeam and moonshine 0.1-alpha (new features)
Desktop Publishing
Scribus 1.3.2 Announced (KDE.News)
KDE.News covers the release of version 1.3.2 of Scribus, an open source page layout program. "With this release we are excited to announce the first beta of Scribus on the Windows platform. With the gracious support of Trolltech AS, developer of the Qt C++ application framework, we are able to release Scribus on Windows with Qt 3. It also includes fixes for over 290 requests and bugs."
Electronics
New gnucap development snapshot
Version 0.34 of Gnucap, the Gnu Circuit Analysis Package, has been announced. "This one adds a first cut at the MOSFET level 8 and 49 model. It accepts all of the parameters. A few parts of it need work ..."
Kicad 2006-01-19 released
Version 2006-01-19 of Kicad, a printed circuit CAD application, is out with a bug fix.Qucs 0.0.8 announced
Version 0.0.8 of Qucs, a circuit simulator, has been announced. "The new release comes with a translation into Turkish, two new diagrams - truth table and timing diagram. Non-Qucs files can be added to a project, matching circuits can be created and there is a dialog for changing the properties of several components at once. The filter synthesis tool supports some more filter types, many new models have been added to the component libraries and the DC bias can be annotated in the schematic. Also digital gates, correlated noise sources, an ideal coupler and mutual inductors are now supported."
Financial Applications
The GNOME Invest Applet
Raphaël Slinckx has announced his new Invest Applet for GNOME. "Stock trading is fun.. well, when you make money of course. There are days when you wish you didnt buy that crappy stock, today its intel. They released apparently bad numbers yesterday and took the plunge: This leads me to the introduction of Invest, a replacement/companion for gtik, the stock ticker currently in gnome applets. It allows one to create a portfolio, and track its progress in terms of gain/losses. It also features a yahoo graph viewer, with the options found on their website, very nerdy !"
SQL-Ledger 2.6.6 released
Version 2.6.6 of SQL-Ledger, a double entry accounting system, is out with bug fixes and some new capabilities. See the What's New document for change information.
Games
Cyphesis 0.5.6 Released
Version 0.5.6 of Cyphesis has been announced by the WorldForge game project. "Cyphesis is a small to medium scale server for WorldForge games, with builtin AI. This version includes the demo game Mason which is currently in development."
Interoperability
Wine 0.9.6 released
Version 0.9.6 of Wine is available. Changes include: A bunch of OLE fixes and improvements, DirectSound improvements, including full duplex support, Fix for the Windows metafile vulnerability, Many static control improvements, Some fixes for copy protection support and Lots of bug fixes.
Music Applications
hexter DSSI plugin 0.5.9
Version 0.5.9 of the hexter DSSI plugin, a Yamaha DX7 synthesizer modeling DSSI plugin, is out with new MIDI control capabilities and bug fixes.WhySynth DSSI plugin 20060122 release
Release 20060122 of WhySynth DSSI plugin, a software music synthesizer, is out with a new oscillator mode, a new filter mode, a dual delay effect, and more.
Peer to Peer
phpMyBitTorrent 0.7.3 Unstable Released (SourceForge)
Unstable version 0.7.3 of phpMyBitTorrent, a BitTorrent tracker with enhanced features, is out. "This new version is "just" a CVS Checkout made today. It has some interesting new features, like an implementation of the Award Winning FCKeditor, Project of the Month December 2005 on SourceForge.net. It will allow you to write Torrent Description in full XHTML and change that default Welcome Message with everything you want, even a Flash Movie!"
RSS Software
lylina version 1.10 (SourceForge)
Version 1.10 of lylina, an rss/atom aggregator, has been announced. "Among the many changes, highlights include: advanced CSS skinning support including support for small screen devices via a mobile stylesheet, social networking integration, the re-introduction of the classic lilina-style sources box, and internationalization with German language support. To complement to new features, v1.10 also offers cures for a few major bugs, including the errors in HTTPClient.php."
Video Applications
First Beta Release of Ekiga 2.00 (GnomeDesktop)
GnomeDesktop looks at Ekiga 2.00, the successor to the GnomeMeeting video conferencing application. "After more than one year of active development, GnomeMeeting has reborn on the form of Ekiga. Ekiga is a SIP and H.323 application, supporting audio and video, and is the successor of GnomeMeeting." New features include better audio quality, echo cancellation, easier NAT transversal, an improved user interface, and better Video4Linux2 support.
Web Browsers
Minutes of the mozilla.org Staff Meeting (MozillaZine)
The minutes from the January 9, 2006 mozilla.org staff meeting have been announced. "Issues discussed include Firefox 1.5.0.1 release schedule, Thunderbird 1.5 release and Marketing."
Miscellaneous
Blender 2.41 released
Version 2.41 of the Blender animation package has been announced. "With less than one month of development time, this has been a short and sweet release cycle. The focus of this release is the Game Engine which has added a number of nice new features such as GLSL shaders, the capability of using multiple materials and uv maps; multiple viewports; as well as a number of important fixes such as the return of the armature system." (Thanks to Tom Musgrove.) We took a look at Blender 2.40 a few weeks ago.
Languages and Tools
Caml
Caml Weekly News
The January 17-24, 2006 edition of the Caml Weekly News is online with new Caml articles. Topics include: GODI news, Constraints in module types, C interface style question, C-Interface: CAMLreturn and failwith, toplevel with pre-installed printers, Again C-Interface: caml_alloc_custom, Camlmix 1.3: OCaml-stuffed templates and Announcing OMake 0.9.6.8.
Java
GNU Classpath 0.20 released
Version 0.20 of GNU Classpath, the essential libraries for Java, is out. Changes include: "New StAX pull parser and SAX-over-StAX driver. Full XMLEncoder implementation. The packages javax.sound.sampled, javax.print.attribute and javax.print.event have been implemented. Lots of new datatransfer, print, swing and swing.text work. Performance improvements in the painting/layout mechanism. Additional 1.5 support, including (separate) generic branch release. SecurityManager cleanups and start of review of all Permission checks. Buildable on cygwin. Fully buildable as "in-workspace" library-plus-vm inside (native) Eclipse. Real world Free Swing and CORBA example added."
Retrotranslator 0.9.7 released (SourceForge)
Version 0.9.7 of Retrotranslator has been released with new features. "Retrotranslator is a Java bytecode transformer that translates Java classes compiled with JDK 5.0 into classes that can be run on JVM 1.4."
Perl
Analyzing HTML with Perl (O'Reilly)
Kendrew Lau uses Perl for HTML analysis in an O'Reilly article. "Routine work is all around us every day, no matter if you like it or not. For a teacher on computing subjects, grading assignments can be such work. Certain computing assignments aim at practicing operating skills rather than creativity, especially in elementary courses. Grading this kind of assignment is time-consuming and repetitive, if not tedious."
Using More Perl in PostgreSQL (O'Reilly)
Andrew Dunstan continues his O'Reilly series on Using Perl in PostgreSQL with part two. "The first article in this series examined the use of PL/Perl to create triggers. The trigger inserted a row into a database table for audit purposes using a new PL/Perl method called spi_exec_query(). This article looks in more detail at uses of that function and its new cousin, as well as other features for handling bulk data and composite types."
PHP
Alfresco PHP Library 1.1 Available (SourceForge)
Version 1.1 of the Alfresco PHP Library has been announced. "We are proud to announce that V1.1 of the PHP Library to Alfresco is now available. This is a service-based interface to the Alfresco repository that allows PHP applications to access Alfresco content services."
Python
python-dev Summary
The December 16-31, 2005 edition of the python-dev Summary is online with coverage of the python-dev mailing list.Dr. Dobb's Python-URL!
The January 23, 2006 edition of Dr. Dobb's Python-URL! is out with a new collection of Python article links.
Ruby
Ruby Weekly News
The January 22nd, 2006 edition of the Ruby Weekly News looks at the latest discussions from the ruby-talk mailing list.
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Tarmle: The Bad Guys Win
Here's a speculative story describing our DRMed future. "You don't really own your home computer, or even the data you keep on it. Oh, you paid for it, just like you paid for the fibre-optic Internet connection that it can't function without, but now it squats under your TV using your electricity and does more work for the content industry than for you. The nightly security patches it downloads for itself don't secure your computer against attackers, they secure the system and software against you." (Seen on BoingBoing).
The Linux pod people pocket $1500 (PCWorld)
PCWorld has this report about an Australian couple who create podcasts. "Not often thought of as radio stars, Linux developers are now able to steal the limelight thanks to Dapto couple James and Karin Purser who produce the Linux Australia Update and the LUG Roundup podcasts from their lounge room. Linux Australia has this week donated $1500 to the Purser's to help them upgrade their equipment."
Companies
Covalent to support Apache Geronimo (ZDNet)
ZDNet reports that Covalent has added support for Apache Geronimo. "The company decided to extend support to Apache Geronimo because of signs of demand from its corporate customers, which number about 400, Covalent CEO Mark Brewer said. "Companies have been looking for ways to move off their closed-source application servers for some time. We've seen a huge number of people go off (BEA Systems') Weblogic or (IBM's) WebSphere and go to Tomcat," he said."
MS Offers to License Some Code for a Fee in Lieu of Documentation (Groklaw)
Here's Groklaw's take on Microsoft's offer to license some of its Windows source. "It will be interesting to see if the EU Commission accepts the offer. All I can think of is whether there will be SCO-like infringement lawsuits down the road against folks who looked at the code and then write code Microsoft might claim they copied from their licensed code. Please, someone else cover those lawsuits, if they happen."
Motorola Buys Maker of Linux-Based Set-Top Boxes (Linux Insider)
Linux Insider covers the acquisition of the Swedish IPTV company Kreatel by Motorola. "Motorola will purchase open-source technology vendor Kreatel Communications, which provides a combination of set-top boxes, software and professional services aimed at offering stable and future-proof solutions for television services, namely, IPTV. Terms of the deal have not been disclosed. Kreatel's Linux-based solution extends into the application and middleware Latest News about middleware layers, meaning the technology provides Motorola with flexibility to use it with a broad set of middleware solutions."
Motorola acquires Linux-based IPTV STB vendor (LinuxDevices)
LinuxDevices reports that Motorola has agreed to acquire Kreatel Communications, a Swedish provider of Linux-based IPTV STBs (Internet protocol TV set-top boxes). "Motorola says demand for IPTV STBs is growing, and calls Kreatel's flexible STB platform a "natural complement" to its digital video solution. Motorola sells CPE (customer premises equipment) and infrastructure products for cable, xDSL, and FTTP (fiber-to-the-premise) networking environments, it says."
Legal
Industry Readies For Round Two Of EU Patent Directive (IPW)
Intellectual Property Watch reports from a "Progress and Freedom Foundation" meeting where a renewed push for software patents in Europe was discussed. "'It's starting again,' said Guenther Schmalz, director of IP for Europe for software maker SAP. 'And I hope this time we will be better prepared.' Schmalz, who lobbied on the directive last year, said industry 'started very late' last time and will not let it happen again. He told Intellectual Property Watch that industry representatives developed informal networks last summer which are being revived." (Thanks to Florian Mueller).
Industry joins in for new fight about software patents (Heise Online)
Heise Online provides some background on the latest push for software patents in the EU. "Meir Pugatch from the University of Haifa now gave the industry lobbyists reason to hope that their new attempt to exceed patent application rules might have more chances to succeed. The activists of the opposition, who argue for limitations in intellectual property rights, would only live for a tangible campaign, their movement would come undone afterwards. Contrary, large companies had long-lasting strategies and would see temporarily failures only as a minor step backwards in a long fight." (Thanks to Dirk Hillbrecht)
Interviews
Jeremy Allison on Samba 4 (Linux Format)
Linux Format has an interview with the Samba project's Jeremy Allison. "LF: For how long has development on Samba 4 been going on now? JA: I think it started about a year ago, maybe longer. And it's big, it's biting off a lot of stuff. Right now the Kerberos Domain Controller and the LDAP server are less well developed than other areas, and that's where a lot of the work is going on with now..."
Interview: Dru Lavigne, BSD Certification Group (NewsForge)
NewsForge talks with Dru Lavigne about the BSD Certification Group. "The BSD Certification Group (BSDCG) is a non-profit organization established to create and maintain a global certification standard for system administration on BSD-based operating systems. After a year of work, the group behind the BSD Certification project plans to complete the process for the first certification (BSD Associate) in the first half of this year, with the first exam to be available by the second quarter."
Defender of the GPL (ZDNet)
ZDNet interviews FSF attorney Eben Moglen. "Q: For openers, could you describe for us the magnitude of the changes in the GPL version 3 draft. Is this a revolutionary overhaul of the license or is this a course correction? Moglen: I would say that it is an evolution of the license, not a course correction. I believe there is no fundamental change to the course the license is on. This is an evolution representing catching up to 15 years of history because GPL version 2 lasted so long. Those 15 years of history saw a transformation of technology, a transformation of the social uses and environment of free software, and a transformation of the legal environment."
Peter Quinn's First Interview (Groklaw)
Groklaw talks with Peter Quinn, former CIO of the Commonwealth of Massachusetts. "Quinn: I believe that the ODF decision will stand. I believe MS will continue to do anything and everything it can to stop it. And I know my seat wasn't even empty and they (MS) took another shot at the title, to no avail. This horse is out of the barn and I see no way for it to go back in. Remember, all we are asking for was and is for Microsoft to commit to open and the standards process; so everyone looks really bad if the plug gets pulled at this juncture."
Resources
An Introduction to DHCP (Linux Journal)
Linux Journal introduces DHCP in an article by Dean Wilson. "DHCP stands for dynamic host configuration protocol. What it does is dynamically assign network settings from a server. In other words, instead of having to configure the parameters related to how your computer communicates with a network, it happens automatically."
CLI Magic: OpenSSH + Bash (Linux.com)
This CLI Magic article looks at OpenSSH and bash. "As a system administrator, I have used OpenSSH's piping abilities more times than I can remember. The typical ssh call gets me access to systems for administration with a proven identity, but ssh is capable of so much more. In combination with bash's subshell invocation, OpenSSH can distribute the heavy work, reduce trace interference on a system under test, and make other "impossible" tasks possible."
Synchronizing your Palm PDA with Linux (Linux.com)
Linux.com explores several popular Linux applications that communicate with a PDA. "Ready to synchronize your Palm OS-based PDA with your Linux desktop? Here's a trio of GUI-based options and a command-line tool for you to try."
My sysadmin toolbox (Linux.com)
Javier de Miguel Rodríguez shares a list of his favorite tools, including netcat, IPTraf, mutt, ClamAV, nmap, LFTP, file, perl, subversion and tcpdump. "I work as a senior sysadmin for the University of Seville in Spain, where we use a myriad of operating systems. Here are the top 10 utilities I use in my daily basic admin activities."
Add an extra layer of security with systrace (Linux.com)
Linux.com covers the systrace utility. "You can use Systrace to restrict a daemon's access to the system by defining which files it can access and how (such as read-only), and which port it can bind to. Also, if a daemon doesn't support privilege separation, you can avoid running it as root the whole time and keeping setuid and setgid binaries on the system. It's obvious how this can enhance the security of an untrusted daemon, or at least minimize the damage on a system if someone manages to exploit it."
Reviews
Creating and managing filesystems with Expert Partitioner (NewsForge)
NewsForge looks at the application Expert Partitioner in a book excerpt article. "The first, and perhaps only, time you have to create a new file system on your Linux computer is when you first install the operating system. If you add a second hard drive, or have set up a series of mount points that you decide to adjust in one way or another, you can use SUSE's YaST Expert Partitioner tool to handle this task for you."
GStreamer framework eases development of media applications (NewsForge)
NewsForge looks at GStreamer. "The more than five-year-old gStreamer project is a library of plugins for a variety of audio and video formats, devices, and hardware. The library allows multimedia software developers to work on applications by creating "media pipelines" that connect files and resources to the hardware required to play them, said GStreamer developer Andy Wingo."
Synfig 2D vector animation program opens source (NewsForge)
NewsForge takes a look at Synfig, a 2D animation tool. "In addition to basic motion, Synfig integrates some video-processing tools useful to the animator, including filter and transformation layers. Filter layers allow effects like shading, focusing and blurring, and color correction, so that the animator can add camera effects to the finished animation without redrawing the scene elements. Transformation layers enable distortion effects for reflections, rippling water, and other events. Synfig uses OpenEXR to store all projects in high dynamic-range format, and it can output to any resolution."
Miscellaneous
Government agency dragging its heels on OpenSSL validation (NewsForge)
NewsForge covers an agency created by the US and Canadian governments to validate security software. The agency has spent about two years reviewing the OpenSSL project. "According to CMVP director Randy Easter, a typical testing cycle runs from several weeks to a few months, and the goal for NIST is to process reports generated by the labs after testing within six to nine weeks. Once processed, NIST either sends additional questions back to the testing lab or moves forward with granting validation. The process typically takes less than a year. Because testing on OpenSSL has now taken more than twice that long, some have begun questioning the review process and whether the open source toolkit is getting a fair shake by the agency."
OpenSSL receives FIPS certification (NewsForge)
NewsForge reports that OpenSSL has received certification. "According to Chris Brych, FIPS-140 program manager at DOMUS, the OpenSSL validation posed new challenges in checking it for conformance to requirements because the testing process was not as simple as running the software. Since the source code is freely available, the validation was a proof-of-concept in the event that users decide to compile the toolkit themselves rather than opting for a precompiled version."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
A new FUD angle: securities laws
Wasabi Systems has sent out a press release regarding the GPL and U.S. security laws. "Many companies using Linux for embedded applications may be unwittingly violating the Linux license and even breaking federal securities laws, according to a white paper released today by Wasabi Systems, a leading embedded operating systems provider. The white paper, When GPL Violations are Sarbanes-Oxley Violations, is the first in a series of legal studies analyzing the common misperceptions and risks associated with Linux and its license, the GNU General Public License (GPL)." (Thanks to Brock Frazier.)
SourceForge.net announces Subversion Support
SourceForge.net has added support for the Subversion Software Configuration Management system. ""Like every facet of SourceForge.net's evolution, the beta-launch of Subversion has been in response to the demands of our community," says Jay Seirmarco, SourceForge.net's General Manager. "SourceForge.net's deployment of the system validates its usability; our community knows that if SourceForge.net offers Subversion, it is scalable and stable.""
Commercial announcements
American Arium Announces Linux Shared Libraries Debug Feature
American Arium has announced the release of the latest version of its flagship debugger, SourcePoint 6.2.1 for ARM-architecture processors. SourcePoint 6.2.1 features Linux shared libraries debug support for ARM7, ARM9, ARM11, Intel XScale, and TI OMAP cores. The debugger interfaces with Arium's LC-500 JTAG debugger and SC-1000A, GT-1000, and GT-1000D trace port analyzers.Ampro announces 1U embedded computers
Ampro Computers, Inc. has announced the reintroduction of their ReadySystem(TM) family of embedded computers. "Featuring desktop-style Fedora Core 3 Linux pre-installed on the hard drive, the ReadySystem 1U uses an industry standard 1U height [180mm (w) x 44mm (h) x 203mm (d)]. The ReadySystem 1U features Ampro ReadyBoard(TM) SBCs with Intel(R) processors from 400 MHz Celeron(R) to 1.4 GHz Pentium(R) M, bringing high computing performance with low power consumption and all electronics in a compact housing for stand-alone applications."
MySQL AB fourth quarter results
MySQL AB has announced its 2005 fourth quarter financial results. "MySQL AB, developer of the world's most popular open source database, today announced its second straight quarter of financial profitability and another record year of enterprise sales wins and technical achievement. "Our fourth quarter shipment of MySQL 5.0 allowed us to close the strongest month, quarter and year in our ten-year history," said Marten Mickos, CEO of MySQL AB. "With 4 million downloads since it launched in October, MySQL 5.0 is proving its relevance to open source developers and corporate enterprises alike. In 2006, we look forward to another great year of growth for the MySQL ecosystem of community users, industry partners and commercial customers.""
rPath enables Linux software appliances for ISVs
rPath, provider of a platform for creating and maintaining Linux software appliances, has announced that the company has closed a $6.4 million round of venture financing. The Series A round was led by North Bridge Venture Partners and General Catalyst Partners out of Boston, Massachusetts.SWiK, the Online Community for Open Source Projects, Shows Significant Traffic Gains
SourceLabs has announced that SWiK continues to experience strong momentum. "SourceLabs provides SWiK as a service to promote the use and adoption of Open Source software. A unique attribute of SWiK is its wiki functionality, which allows anyone to edit or re-structure information or add comments. It also offers RSS syndication and tagging tools to create an intuitive and useful online community to help users find, discover and exchange information about Open Source projects."
New Books
Google Advertising Tools - O'Reilly's Latest Release
O'Reilly has published the book Google Advertising Tools by Harold Davis.Prentice Hall Publishes Linux Patch Management
Prentice Hall has published the book Linux Patch Management by Michael Jang.
Contests and Awards
PyWeek - Python Game Programming Challenge
The PyWeek challenge has been announced. The goal is to quickly develop Python-based games during the week of March 26 - April 2, 2006.Tridge wins the 2005 Free Software Award
The Free Software Foundation has announced that Andrew Tridgell is the winner of the 2005 Free Software Award. The announcement credits his work as the originator of the Samba project, the developer of rsync, and the guy who got BitKeeper withdrawn, paving the way for a free replacement.
Upcoming Events
CodeCon 2006 program announced
CodeCon 2006 will take place on February 10-12, 2006 in San Francisco, CA. "CodeCon is the premier showcase of innovative software projects. It is a workshop for developers of real-world applications with working code and active development projects. All presentations will given by one of the lead developers, and accompanied by a functional demo."
Debian Day, Mexico CFP
A call for papers has gone out for Debian Day at the 2006 Debian Developers Conference. Debian Day takes place on May 13, 2006 in Oaxtepec, Mexico, the conference runs from May 14-22. Papers are due by February 22.GNOME Women Bug Day! (GnomeDesktop)
GnomeDesktop has announced the next GNOME Bug Day event, sponsored by the GNOME Women group. The event takes place online on January 28.Upcoming GNOME Events
A series of GNOME events have been announced, including GNOME.conf.au in Dunedin, New Zealand (ongoing), FOSDEM in Brussels, Belgium, and LinuxWorldExpo in San Francisco, CA.European Common Lisp Meeting 2006
The European Common Lisp Meeting will take place in Hamburg, Germany on April 29-30, 2006.Penguin Day (LinuxMedNews)
LinuxMedNews has an announcement for the 2006 Penguin Day conference. The event will be held in Seattle, WA on March 25, 2006. "Penguin Day Seattle will bring together non-profit technology staff and open source software (OSS) developers for a day of learning and conversation. We'll demystify open source for nonprofits, frankly address the challenges of developing open source tools for non profits, and celebrate strengths and successes of open source in the nonprofit sector."
SambaXP 2006 call for papers
A call for papers has gone out for SambaXP 2006. The event takes place in Göttingen, Germany on April 24-26, 2006, papers are due by February 28.SCALE: Peter Quinn To Be Keynote Speaker (Groklaw)
Groklaw notes that Peter Quinn, former CIO of Massachusetts, will present the keynote at the Southern California Linux Expo. "The Southern California Linux Expo 2006 is holding a conference, with a lead-in workshop, on ODF and document accessibility standards in state and local government. February 11-12. The ODF workshop is on the 10th. The conference is on February 11-12. It has just been confirmed that Peter Quinn will be a keynote speaker for the ODF workshop." A SCALE press release has more information on the presentation.
Opening Keynote Speaker Announced for SELinux Symposium
The opening keynote speaker for the second Security-Enhanced Linux Symposium and Developer Summit has been announced. "Steve Walker, president of Steve Walker & Associates and managing partner of Walker Ventures, will be the opening keynote speaker for the second annual Security-Enhanced Linux (SELinux) Symposium scheduled for February 27-March 3, 2006 in Baltimore, Maryland."
UKUUG Spring Conference 2006
Registration is open for the UKUUG Spring Conference 2006. The event will be held in Durham, England on March 21-23, 2006.Events: January 26 - March 23, 2006
| Date | Event | Location |
|---|---|---|
| January 26 - 28, 2006 | linux.conf.au 2006 | Dunedin, New Zealand |
| January 26, 2006 | O'Reilly Emerging Telephony Conference | (San Francisco Airport Marriott)San Francisco, CA |
| February 6 - 7, 2006 | ICMCC Conference on EHR Standards and Interoperability | (World Forum Convention Center, The Hague)The Netherlands |
| February 7 - 9, 2006 | OSCMS Summit | Vancouver, BC, Canada |
| February 8 - 10, 2006 | X Developer's Conference(XDevConf) | (Sun Campus)Santa Clara, CA |
| February 8 - 10, 2006 | LinuxAsia Conference and Expo 2006 | (India Habitat Centre)New Delhi, India |
| February 10 - 12, 2006 | CodeCon 2006 | San Francisco, CA |
| February 10, 2006 | SCALE Workshop On Open Standards For Government Organizations | (Airport Radisson)Los Angeles, CA |
| February 10, 2006 | PHP Conference UK 2006 | (Keyworth Centre)London, England |
| February 11 - 12, 2006 | Southern California Linux Expo(SCALE 4x) | (Airport Radisson)Los Angeles, California |
| February 20 - 21, 2006 | EuSecWest/core06 conference | London, England |
| February 24 - 26, 2006 | PyCon 2006 | (Dallas/Addison Marriott Quorum hotel)Addison, TX |
| February 25 - 26, 2006 | FOSDEM 2006 | (ULB Campus)Brussels, Belgium |
| February 26 - 28, 2006 | OSDC::Israel::2006 | (Netanya Academic College)Netanya, Israel |
| February 27 - March 3, 2006 | SELinux Symposium and Developer Summit | (Wyndham Hotel)Baltimore, MD |
| February 28 - March 3, 2006 | Black Hat Europe Briefings and Training 2006 | (Grand Hotel Krasnapolsky)Amsterdam, the Netherlands |
| March 3 - 4, 2006 | LinuxForum 2006 | Copenhagen, Denmark |
| March 6 - 9, 2006 | O'Reilly Emerging Technology Conference(ETech) | (Manchester Grand Hyatt)San Diego, CA |
| March 17 - 19, 2006 | Libre Graphics Meeting 2006 | (Ecole d'Ingénieurs CPE)Lyon, France |
| March 19 - 24, 2006 | Novell BrainShare 2006 | (Salt Palace Convention Center)Salt Lake City, UT |
| March 21 - 23, 2006 | UKUUG Spring Conference 2006 | Durham, UK |
Page editor: Forrest Cook