The Grumpy Editor's guide to RSS aggregators

This article is part of the LWN Grumpy Editor series.

Your editor reads a lot of web sites. Quite a lot of web sites. This reading has generally been a process of stepping through the bookmark list, checking to see what is new on each of many interesting sites. Actually going to sites to check for new news has been an obsolete mode of operation for some time, but your editor can be a little slow to come around, sometimes. Nonetheless, the nagging feeling that there had to be a better way eventually got strong enough to inspire an inquiry into the state of the art in RSS aggregators.

Most sites with news-oriented content export one or more files with information about the most recently-posted articles; LWN's is over here. An RSS aggregator will grab the headline files from sites of interest and present them, in some unified format, to the reader. The result is a single interface to new postings from a multitude of sites, and an end to the tedious business of plowing through a long list of bookmarks.

There is a huge variety of RSS aggregators out there. To narrow things down, your editor concentrated on standalone utilities with graphical interfaces. There are some console-based aggregators available, and quite a few web-based sites and systems. Your editor, believing (hoping) that an interface designed specifically for the aggregation task will work best, has chosen to pass over the other approaches for now.

When looking at RSS aggregators, there are a few issues to think about:

• How hard is it to get sites into the tool? Most, but not all, aggregators can have an RSS feed URL dropped into them, making the task easy. Just about every aggregator can import a feed list in the OPML format, which makes switching between them easy.

• Which feed formats are supported? All aggregators can handle most varieties of RSS; the newer Atom format is not yet as widely supported.

• How does the tool help with organizing feeds? As the list of feeds grows long, it is natural to want to organize them into categories. After all, it does not do to mix those serious, work-oriented sites with the more frivolous fare (LWN, say).

• Does the tool make it easy to keep up with a large number of feeds? A tool which makes it easy to pass through a mixed presentation of all new articles (perhaps limited to a specific category) will be faster than one which required each site to be explicitly "opened."

• How does the tool handle updates? LWN's RSS feed accounts for a huge part of our total traffic, and the situation is probably the same for other sites. If your aggregator is pulling the feed every ten minutes, you are helping to create a great deal of wasted traffic. The defaults for polling intervals should be conservative, and, when available, the aggregator should use the update time suggestions found in the feed itself. There is no point in polling the "cute puppy of the day" site several times each hour.

Various other factors come into play as well, as will be seen in the discussions of the individual tools, below.

Akregator

Akregator is a KDE-based tool with a reasonably long history. It is able to handle both RSS and Atom feeds.

Akregator provides a file manager-like navigation pane on the left, allowing the user to file feeds in a hierarchical system of folders. Each entry includes the number of unread articles for that feed - a nice feature that is not provided by all aggregators. Clicking on a folder will display a mixture of articles from all feeds in that folder. A prominent button allows the user to mark all articles as being read. It is also possible to mark articles as being "important." The display can be filtered (by way of a pulldown menu) so that only important, new, or unread articles are shown. A search bar at the top can be used to further limit the results to those matching a given string. Of the tools reviewed, Akregator is probably the most flexible in how it can be told to select articles for display.

While most aggregators hand off the task of displaying web pages to a browser, akregator will, by default, display selected pages internally, using a tabbed interface. This behavior can be changed, of course, and a middle-click sends the URL to an external browser in any case.

For some reason, it is not possible to drag a feed URL from firefox and drop it into an akregator window. So firefox users have to copy-and-paste the URL into the "new feed" dialog. Dropping a URL from konqueror does work, however. Feeds can be configured with their own archiving and update interval preferences; akregator does not appear to use update intervals supplied with the feeds themselves. If desired, akregator can generate notifications when new articles are found.

Overall, akregator feels like a quick, flexible, and solid tool; definitely one of the better aggregators out there.

Blam

Blam is a GNOME-based, C#/Mono application; it would appear to lack a web site of its own. It is one of the simpler applications, lacking features found in some of the other aggregators.

The blam left pane is a simple, alphabetical list of feeds; there is no ability to rearrange or group them. A total count of unread articles is given, but there is no user-visible per-feed count. (Actually, there is - but the default width of the left pane hides it). There is no ability to mix articles from multiple feeds into a single stream. Marking a feed as read requires accessing a pulldown menu. Unlike almost every other aggregator, blam sorts articles (by default) from the oldest to the newest.

Formatting of RSS items is done with gecko, with visually pleasing results. Clicking on a URL displays the page in firefox; there does not appear to be an option to make blam work with other browsers.

Blam does not automatically poll feeds by default; an explicit user action is required. If automatic polling is turned on, the default interval is fifteen minutes, which is rather short. Blam can handle Atom feeds, but appears unable to work with feeds requiring authentication. Blam does not appear to be able to perform notifications, though it does put an icon into the GNOME notification area.

Overall, your editor's opinion is that blam has some potential and a solid base for the creation of a powerful tool. But the current version, despite its 1.8.2 number, is not ready for widespread use.

Liferea

Liferea (the "Linux feed reader") is a GNOME-based tool with a number of capabilities. It can handle Atom feeds, and can also handle feeds with enclosures (the sort normally used with podcasts). Update intervals provided with feeds are respected (though they can be overridden by the user). Liferea can do notifications if so desired.

Despite its GNOME origins, Liferea has a large number of configuration options; only akregator compares on that score. It can be set up to automatically download enclosures into a user-specified directory, so those who follow podcasts can find new files waiting for them without having to explicitly grab them. Liferea can be quickly configured to work with a large variety of external browsers. Unfortunately, the switch controlling whether already-read articles are displayed is hidden inside the configuration dialogs; that adds up to a fair amount of clicking if the user wants to change the display mode often.

Liferea has a plugin mechanism which can be used to load filters for feeds of interest. There is a respectable list of filters, many of which generate specialized RSS feeds from web sites.

In general, Liferea is a pleasant and powerful tool - arguably the most advanced of the GNOME-based aggregators.

RSSOwl

RSSOwl is a feed reader written on Java. Your editor, it must be admitted, felt some trepidation when yum wanted to download over 120MB of packages to install this thing, but the investigative spirit cannot balk at such obstacles. So down it came, along with its vast Java life support system. It's not every RSS aggregator which requires eclipse just to install.

A quote on the RSSOwl site reads "Simply the best RSS reader. Fast, lightweight and cross platform". Your editor begs to differ on the "fast, lightweight" portion of that claim. Not only was RSSOwl not fast, but, while it was running, nothing on the system was fast. It may be that, on a different Java platform, things might be different. But, on your editor's 1GB-memory system, RSSOwl managed to put everything into full-scale thrash mode.

When first started, RSSOwl maximizes its window, a behavior which your editor finds to be flat-out rude. Once it gets itself established (and has been politely told how much screen space it may use), it is a reasonably capable aggregator. It comes with a long list of built-in feeds, and it has a search capability for finding more. Your editor, however, needed his system back and was not able to allow a search to run to completion.

RSSOwl does not, by default, render HTML in article descriptions. This behavior can be changed; in the process dragging the gecko engine into the mix. Feeds are grouped hierarchically in the left pane, but it is not possible to mix articles from multiple feeds. Opening a feed requires a double-click - RSSOwl is the only aggregator reviewed which requires extra clicks in this way. Each feed opens in its own tab. The search feature is more capable than most, with the ability to work with boolean expressions.

For whatever reason, RSSOwl is able to export an RSS feed to a PDF file. That must be useful to somebody, somewhere.

RSSOwl handles Atom feeds, and it can deal with feeds requiring authentication. There is also an interface to AmphetaRate, which can be used to generate recommendations for other sites of interest.

RSSOwl is certainly a capable tool, and it has some unique features. At its current level of performance, however, it is not particularly usable - at least on the Fedora platform.

Straw

Straw is a GNOME-based aggregator written in Python. Its 0.26 version number suggests a young project, but the first Straw release happened back in 2002. Straw is a reasonably capable feed reader, but it has a couple of quirks.

One of those is that there is no hierarchical ordering of RSS feeds. Instead, each feed may be assigned one or more keywords, and the view of feeds can be restricted to a specific keyword. For added fun, the set of legal keywords must be managed in a separate dialog; until a keyword has been officially created in this manner, Straw will not acknowledge its existence. Once the keywords have been established, the left-pane view can be restricted to any one keyword.

Browsing through feeds is reasonably quick, once one gets the hang of Straw's keyboard bindings, which use a lot of upper-case characters. If one types lower-case keystrokes at the Straw window, the reward is an unlabeled text entry field which materializes toward the bottom of the screen; experimentation shows that this field can be used to move directly to a feed by typing its name. There is no way to mix articles from multiple feeds.

Straw does allow the configuration of per-feed update intervals, though it does not appear to use feed-supplied intervals. There is a reasonable search capability, but the resulting window behaves a bit strangely. Articles from multiple feeds will appear there, but the normal keyboard commands will not step through them - it is necessary to use the mouse.

Despite its relatively long history, Straw feels unfinished to your editor. There are enough questionable user interface decisions to make Straw relatively difficult to use - though somebody, clearly, likes it that way.

Sage

There are a few RSS aggregators which have been implemented as Firefox extensions, but the most advanced of those appears to be Sage. This aggregator is well integrated into the browser, which does present certain advantages.

The Sage screen has three panes. The left column contains a hierarchical list of subscribed feeds above a window containing a list of headlines from the currently-selected feed. The bulk of the window, however, contains a "newspaper style" rendering of the feed text in a somewhat strange two-column layout with a fair amount of empty space. Clicking on a title will pull up the full page. Sage allows the organization of this window to be changed by way of style sheets; predictably, a fair number of customized style sheets are available.

Sage's feed discovery feature is nice: bring up a site of interest and click on the little magnifying glass icon. The Sage code will dig through the page and present any feeds it finds, allowing the user to subscribe to any or all of them. No more time spent looking for that little "XML" icon.

There does not appear to be any option allowing the configuration of update intervals. Sage is not able to display a mixture of feeds on a single screen. There is also no ability to search for strings in feed text (though the normal Firefox search mechanism can be used in the article display screen).

Sage is a slick and well-developed product, and there is real value in integrating the aggregator into the browser. If nothing else, there's one less window hanging around and cluttering up the screen. Still, the task of displaying a page is somewhat different from that of finding pages to look at in the first place. A tool which maintains its focus on the latter task should be able to provide a better interface than the Swiss army knife approach of cramming all of the tools into a single package.

Conclusion

On that note, one might well ask: how well do the current tools work at enabling us to find the articles of interest to us, quickly? The current readers have some nice features, and your editor favors akregator and liferea as the ones which are the most productive at this time. If your purpose is to keep up with the latest from a variety of news sites, either of those applications will do the job nicely.

Your editor can't help but feel that much of the RSS and aggregation technology we are seeing now is just a stage in a longer transition, however. The net is not just about dispatches from news sites. People are using web logs, RSS feeds, "planet" sites and aggregator software in an attempt to organize, follow, and participate in conversations. When evaluated for that purpose, current RSS aggregators have quite a bit of ground to cover. Don Marti has written some worthwhile comments on this topic.

So there is some ground to be covered, yet. And that, in turn, suggests that having a number of active development projects in this area is a good thing. If the developers behind these applications can go beyond mere aggregation, they stand a good chance of creating a new and powerful interface to the net and the discussions taking place there. Your editor, while pleased with the state of these tools as they exist now, is looking forward to where they will go from here.

Comments (51 posted)

Gutenberg 2.0: the birth of open content

A previous LWN.net feature examined the parallels between open source and open access, which strives for the free online availability of the academic knowledge distilled into research papers. Although it has some particular characteristics of its own, open access can be considered part of a wider move to gain free online access to general digital content.

The roots of this open content movement, as it came to be called, go back to before the Internet existed, and when even computers were relatively rare beasts. In 1971, the year Richard Stallman joined the MIT AI Lab, Michael Hart was given an operator's account on a Xerox Sigma V mainframe at the University of Illinois. Since he estimated this computer time had a nominal worth of $100 million, he felt he had an obligation to repay this generosity by using it to create something of comparable and lasting value.

His solution was to type in the US Declaration of Independence, roughly 5K of ASCII, and to attempt to send it to everyone on ARPANET (fortunately, this trailblazing attempt at spam failed). His insight was that once turned from analogue to digital form, a book could be reproduced endlessly for almost zero additional cost – what Hart termed "Replicator Technology". By converting printed texts into etexts, he was able to create something whose potential aggregate value far exceeded even the heady figure he put on the computing time he used to generate it.

Hart chose the name "Project Gutenberg" for this body of etexts, making a bold claim that they represented the start of something as epoch-making as the original Gutenberg revolution. Indeed, he goes further: he sees the original Gutenberg as the well-spring of the Industrial Revolution, and his own project as the precursor of the next Industrial Revolution, where Replicator Technology will be applied not just to digital entities – as with Project Gutenberg – but to analogue ones too.

The Replicator idea is similar to one of the key defining characteristics of free software: that it can be copied endlessly, at almost no marginal cost. Hart's motivation for this move – the creation of a huge permanent store of human knowledge – is very different from Stallman's reason for starting the GNU project, which is powered by his commitment to spreading freedom. But on the Project Gutenberg site, there is a discussion about the ambiguity of the word "free" that could come straight from Stallman: "The word free in the English language does not distinguish between free of charge and freedom. .... Fortunately almost all Project Gutenberg ebooks are free of charge and free as in freedom."

There are other interesting parallels between the two men. After they had their respective epiphanies, both labored almost entirely alone to begin with – Hart entering page after page of books into a computer, and Stallman coding the first few programs of the GNU project. Even 20 years after Project Gutenberg had begun, Hart had only created 10 ebooks (today, the figure is 17,000). Given the dedication required, it is no surprise that both are driven men, sustained by their sense of moral duty and of the unparalleled possibilities for changing the world that the digital realm offers.

Both, too, were aided enormously as the Internet grew and spread, since it allowed the two projects to adopt a distributed approach for their work. In the case of Project Gutenberg, this was formalized with the foundation of the Distributed Proofreaders team in October 2000; since then - and thanks in part to a Slashdotting in November 2002 - hundreds of books are being turned into ebooks every month.

Moreover, just as free software paid back the debt by creating programs that pushed Internet adoption to even higher levels, so Project Gutenberg returned the compliment by making key early titles like "Zen and the Art of the Internet" (June 1992) and "The Hitchhikers Guide to the Internet" (September 1992) available to help new Internet users find their way around.

The Internet was also the perfect low-cost distribution medium for the digital creations of Hart and Stallman. After starting out at the University of Illinois, Project Gutenberg was mirrored at the University of North Carolina, under the auspices of Paul Jones, one of the pioneers in facilitating free access to all kinds of digital files. In 1992, SunSITE was launched there, designed as "a central repository for a collection of public-domain software, shareware and other electronic material such as research articles and electronic images" according to the press release of the time. SunSITE became iBiblio.org in 2000 (after briefly turning into MetaLab in 1998), and received a $4 million grant from the Center for the Public Domain, set up by Red Hat co-founders Bob Young and Marc Ewing. Over time, iBiblio became Project Gutenberg's official host and primary distribution site.

To the collection of open content at SunSITE was soon added an early GNU/Linux archive, managed successively by Jonathan Magid, Erik Troan, and Eric Raymond. Given this close association between SunSITE and GNU/Linux, it was only natural that it became the host for the Linux Documentation Project (LDP) when it was founded in 1992 by Matt Welsh, and this soon grew into another important early collection of free content. The LDP began with the Linux FAQ, and expanded to include a kernel hackers guide and system administrator guide when Michael K. Johnson and Lars Wirzenius joined the project. These texts were originally created in LaTeX, but documentation later appeared in the then-new HTML. Around the same time, in April 1993, there were discussions between people like Tim Berners-Lee, Guido van Rossum and Nathan Torkington about the idea of working with Project Gutenberg to distribute HTML versions of its etexts, in part, presumably, to use the well-established Project Gutenberg to help promote the fledgling Web format.

An early concern about the LDP materials was that they might be published commercially without permission. To avoid this, a fairly restrictive license was employed, which allowed reproduction in electronic or printed form, but only non-commercially, and without modifications. This was later relaxed, and the current license allows derivative works. This issue of whether to allow changes has been a vexed one from the earliest days of online content: what were probably the first digital documents available on a network, the RFCs (which first appeared in 1969, even before ARPANET), had also forbidden modifications.

Since Project Gutenberg's materials are almost exclusively drawn from the public domain (a few copyrighted works have been included with the author's permission), it might be expected that the license would allow any kind of use, including modifications. However, it imposes a number of conditions on those who wish to use the name Project Gutenberg in the ebooks they distribute; in this case, only verbatim copies are permitted, and commercial distributors must pay royalties. If all references to the Project are stripped out, leaving the bare text, the latter can be used in any way.

One other condition for etexts distributed under the Project Gutenberg name is worth noting. The license stipulates:

Just as the GPL does for software, the Project Gutenberg license insists that the "source code" of etexts distributed in non-ASCII formats be freely available.

In fact, an explicit connection between Project Gutenberg and free software is to be found at the top of every page on the Project Gutenberg Web site, which offers thanks to those who wrote the programs which the site employs – GNU/Linux, Apache, PostgreSQL, PHP, Perl and Python – and a link to the Free Software Foundation.

Licensing proved to be the crucial issue for freely-available materials, and it was only when it was fully resolved that open content really began to take off. The next feature in this series will look at how that happened, and what some of the immediate consequences were.

Glyn Moody writes about open source and open content at opendotdotdot.

Comments (2 posted)

SQL injection attacks

One of the more devastating attacks on a web application is also one of the most common: SQL injection. This technique allows an attacker to gain access to the database that underlies many web sites and read and potentially modify data that is not meant to be available to users of that site. This article provides an overview of how SQL injection works and what can be done to avoid it.

A classic example of SQL injection starts with a query that looks something like:

    SELECT id FROM users WHERE name='$name' AND pass='$pass';

This query might be used to authenticate users when they log in to a web site. If it returns a row, the user id returned is considered to be authenticated and the application proceeds to serve the correct page for that user. In this case, the $name and $pass variables would come from a login form that might look something like:

    <form method="post" action="login.php">
        <input type="text" name="name">
        <input type="password" name="pass">
        <input type="submit" value="login">
    </form>

If the login.php program in this example blindly sets the variables to the values that come from the user, a malicious user can bypass the authentication. Consider the following inputs:

    $user = "' OR 1=1 ";
    $pass = "' OR 1=1 LIMIT 1";

This results in a query that is completely different from what the web programmer expected:

    SELECT id FROM users WHERE name='' OR 1=1 AND pass='' OR 1=1 LIMIT 1;

This query will always return one row (unless the table is empty) and it is likely to be the first entry in the table. For many applications, that entry is the administrative login; the one with the most privileges.

This simple example barely scratches the surface of the kinds of attacks that can be made using SQL injection. Depending on the DBMS, it may be possible to do multiple queries via an injection by separating each with a semicolon:

    SELECT id FROM users WHERE name='' AND pass=''; DROP TABLE users;

which is, of course, a rather destructive injection. MySQL does not allow multiple queries in a statement, but PostgreSQL is susceptible to this technique.

Web site and/or database search functions are particularly dangerous because they display their output; if a malicious user can inject any query they choose, they can capture the entire contents of the database. The UNION keyword can turn a query such as:

    SELECT city, state FROM users WHERE name LIKE '%$search%';

into:

    SELECT city, state FROM users 
           WHERE name LIKE '%%' UNION 
                 SELECT name, pass FROM users 
			WHERE name LIKE '%%';

And instead of just printing the city and state of users that match the input string, we are also printing the username and password of every user in the system.

A certain amount of guessing column names and types is required if an attacker does not have access to the database schema, but they are often not very hard to guess given some understanding of the application. Some database systems, notably Microsoft SQL Server, seem to deliberately shoot themselves in the foot by providing the schema for all tables in a generally accessible database, thereby removing all the guesswork.

Injection also requires a certain amount of imagination to visualize the kinds of queries that might be going on behind the input boxes of a web form. It requires quite a bit of trial and error unless one has access to the source; this is why the majority of reported SQL injections are in free software or open source web applications.

Note that it is not only web forms using the POST method that are vulnerable, many web applications that use the GET method are vulnerable to injections via the URL:

    http://vulnerablewebapp.com/login.php?\
           name=%27%20OR%201%3D1%20&pass=%27%20OR%201%3D1%20LIMIT%201

Like many other web vulnerabilities, SQL injection stems from insufficient filtering of user input. Unfortunately, it is sometimes difficult to determine what kinds of input should be accepted (for example the password "' OR 1=1" would not necessarily seem illegal) and using various filtering functions provided by the language may not actually prevent injections. The PHP addslashes() function is often used to sanitize user input because it will put a backslash in front of single quotes which will stop the kinds of injections described above. Unfortunately, there are techniques to circumvent this particular 'fix' as well.

Probably the simplest way to protect queries from SQL injection is by using prepared statements with placeholders. Any reasonable database interface will provide a way to use this functionality and in many cases, it is fairly portable between languages and DBM systems.

Instead of directly interpolating string values into query strings, a query is prepared using '?' as a placeholder for the variables as shown in the following pseudocode:

    $sth = prepare("SELECT id FROM users WHERE name=? AND pass=?");
    execute($sth, $name, $pass);

This has a number of advantages: the DBMS library is responsible for properly quoting the values and because of the way the variables are bound to the query, they can never be treated as anything other than data for the particular place they have in the prepared statement. This effectively turns the injection attempt above into a query like:

    SELECT id FROM users WHERE name='\' OR 1=1 ' AND pass='\' OR 1=1 LIMIT 1';

which is unlikely to authenticate.

Another way to defend against injections is by ensuring that all user input is passed through a database specific quoting function before being used in a query:

    $name = db_quote($name);
    $pass = db_quote($pass);
    SELECT id FROM users WHERE name=$name AND pass=$pass;

Depending on the language and database API, this method may also be fairly portable.

The final recommended technique is also the most complicated; but it can provide an additional level of security if stored procedures are available for the DBMS. Stored procedures are queries (and more complicated functions) that are created by the database administrator and stored with the database. These procedures are then called by the application code to do any queries that they require. The equivalent of the prepare functionality is done on the procedures at the time they are stored and with proper coding, this will prevent injections. One of the main advantages is that these procedures run with the privileges of the user that stored them, instead of the user invoking them and this allows the application to have a much more limited set of privileges than it would normally require. The upshot is that it can protect the database from reading or writing even if the application is subverted in some way.

SQL injections are clearly a serious security problem, but one that can be thwarted relatively easily once one understands the problem and the ways to program around it.

Comments (23 posted)

firebird2: buffer overflow

Package(s):	firebird2	CVE #(s):	CVE-2004-2043
Created:	March 23, 2006	Updated:	March 24, 2006
Description:	The firebird2 database has a buffer overflow vulnerability that can be exploited by remote users to crash the application.
Alerts:	Debian DSA-1014-1 firebird2 2006-03-23

Comments (none posted)

freeradius: authentication bypass

Package(s):	freeradius	CVE #(s):	CVE-2006-1354
Created:	March 24, 2006	Updated:	June 5, 2006
Description:	An unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.
Alerts:	Debian DSA-1089-1 freeradius 2006-06-03 Mandriva MDKSA-2006:066 freeradius 2006-04-05 Gentoo 200604-03 freeradius 2006-04-04 Red Hat RHSA-2006:0271-01 freeradius 2006-04-04 SuSE SUSE-SA:2006:019 freeradius 2006-03-28 Mandriva MDKSA-2006:060 freeradius 2006-03-23

Comments (none posted)

nethack: privilege escalation

Package(s):	nethack	CVE #(s):
Created:	March 24, 2006	Updated:	March 24, 2006
Description:	The rogue-like games NetHack, Slash'EM and Falcon's Eye are vulnerable to local privilege escalation vulnerabilities that could potentially allow the execution of arbitrary code as other users.
Alerts:	Gentoo 200603-23 NetHack Slash'EM Falcon's Eye 2006-03-23

Comments (none posted)

RealPlayer: buffer overflow

Package(s):	RealPlayer	CVE #(s):	CVE-2006-0323
Created:	March 23, 2006	Updated:	March 27, 2006
Description:	RealPlayer has a buffer overflow vulnerability in the Flash Media .swf file processing code. If a user is tricked into playing a maliciously formed Flash Media file, arbitrary code may be executed with the privileges of the user.
Alerts:	Gentoo 200603-24 realplayer 2006-03-26 SuSE SUSE-SA:2006:018 RealPlayer 2006-03-23 Red Hat RHSA-2006:0257-01 RealPlayer 2006-03-22

Comments (none posted)

Kernel release status

The current stable 2.6 kernel is 2.6.16.1, released on March 27. 2.6.15.7 was released at the same time. Both patches contain a fair number of important fixes, some of which are security-related.

There has been no 2.6 development prepatch released over the last week. Patches are flowing into the mainline git repository at a high rate, however; see below for a list.

The current -mm tree is 2.6.16-mm2. Recent changes to -mm include the ability to call poll() on sysfs files (LWN coverage), support for 64-bit I/O and memory resources, priority-inheriting futex support, and a new set of central time management patches.

Comments (none posted)

What's going into 2.6.17, part 2

The flood of patches heading into the mainline continues at full rate - though the merge window should be closing soon. The following is the highlights from code merged since last week's summary, starting with the user-visible changes:

• The lightweight robust futexes patch.

• The software RAID (MD) layer can now handle on-the-fly resizing of RAID5 arrays.

• Support for devfs has been removed from the SCSI subsystem, though it remains in many other parts of the kernel.

• The user-space software suspend patch.

• A big XFS update

• An 802.11 software MAC implementation for wireless networking stacks. Version 20 of the wireless extensions API was also merged.

• The reverse-engineered Broadcom 43xx driver has been merged. As a result, the list of wireless network cards supported by Linux has just grown considerably.

• A "memory spreading" mechanism which can be used to spread page cache and filesystem buffer allocations across all nodes of a NUMA system.

• Two new fadvise() operations for controlling asynchronous file writeout behavior.

• Support for reordering functions in the linked kernel image. The idea here is to put the highly-used bits of kernel code together so that the highly-trafficked part of the kernel fits within a single TLB entry. Currently, only x86-64 has the infrastructure for reordering.

• Multiple-block allocation and mapping has been added to the ext3 filesystem, improving performance for sequential file access patterns.

• A new scheduling domain has been added to represent multi-core systems.

• A new RTC subsystem has been added, providing support for a variety of real-time hardware clocks.

Internal kernel API changes merged include:

• A new utility function has been added:

       int execute_in_process_context(void (*fn)(void *data),
                                      void *data, 
  				    struct execute_work *work);
  

  This function will arrange for fn() to be called in process context (where it can sleep). Depending on when execute_in_process_context() is called, fn() could be invoked immediately or delayed by way of a work queue.

• The SMP alternatives patch.

• A rework of the relayfs API - but the sysfs interface has been left out for now.

• A tracing mechanism for developers debugging block subsystem code.

• There is a new internal flag (FMODE_EXEC) used to indicate that a file has been opened for execution.

• The obsolete MODULE_PARM() macro is gone forevermore.

• A new function, flush_anon_page(), can be used in conjunction with get_user_pages() to safely perform DMA to anonymous pages in user space.

• Zero-filled memory can now be allocated from slab caches with kmem_cache_zalloc(). There is also a new slab debugging option to produce a /proc/slab_allocators file with detailed allocation information.

• There are four new ways of creating mempools:

       mempool_t *mempool_create_page_pool(int min_nr, int order);
       mempool_t *mempool_create_kmalloc_pool(int min_nr, size_t size);
       mempool_t *mempool_create_kzalloc_pool(int min_nr, size_t size);
       mempool_t *mempool_create_slab_pool(int min_nr, 
                                           struct kmem_cache *cache);
  

  The first creates a pool which allocates whole pages (the number of which is determined by order), while the second and third create a pool backed by kmalloc() and kzalloc(), respectively. The fourth is a shorthand form of creating slab-backed pools.

• The prototype for hrtimer_forward() has changed:

       unsigned long hrtimer_forward(struct hrtimer *timer,
                                     ktime_t now, ktime_t interval);
  

  The new now argument is expected to be the current time. This change allows some calls to be optimized. The data field has also been removed from the hrtimer structure.

• A whole set of generic bit operations (find first set, count set bits, etc.) has been added, helping to unify this code across architectures and subsystems.

• The inode f_ops pointer - which refers to the file_operations structure for the open file - has been marked const. Quite a bit of code, which used to change that structure, has been changed to compensate. Similar changes have been made in many filesystems. "The goal is both to increase correctness (harder to accidentally write to shared datastructures) and reducing the false sharing of cachelines with things that get dirty in .data (while .rodata is nicely read only and thus cache clean)."

If the usual pattern holds, the merging of new features will stop sometime around the end of the month, with 2.6.17-rc1 being released shortly thereafter.

Comments (6 posted)

A framework for page replacement policies

"Holy cow."

That was Andrew Morton's reaction to a 34-part patch, posted by Peter Zijlstra, which creates an abstract API for page replacement policies. The page replacement code is at the core of the virtual memory system; it is, essentially, a set of heuristics which must decide which pages should be evicted from main memory and made available for other uses. Page replacement is a bit of a black art; it is easy to see when a system is managing memory poorly, but path to improvements is often far from clear. Memory management in Linux was a sore point for many years, but it seems to work well for most loads now. Given that all this tricky code has finally been beaten into reasonably good shape, why would anybody want to mess with it now?

The answer is that there is quite a bit of research work going into alternative page replacement mechanisms, and Linux might just be able to benefit from some of that work. After all, few people would say that Linux virtual memory works so well that there is no room for improvement.

This massive patch set creates an API for page replacement algorithms, allowing them to be changed at will. Or, at least, changed at reboot; there is currently no provision for loading replacement algorithms as modules or swapping them out on the fly. But, by selecting a page replacement scheme at kernel configuration time, system administrators can choose one which best suits their workload. Virtual memory hackers and others can play with different algorithms to see how they work out. And there is no need to pick one in particular as the page replacement algorithm for the Linux kernel.

To work with this API, a page replacement algorithm must define a set of specific functions. Thus, for example, there is a pair of initialization functions:

    void page_replace_init(void);
    void page_replace_init_zone(struct zone *zone);

These functions, called at boot time, prepare the page replacement code to work with the system it finds itself running on.

When the core kernel knows something about the use of specific pages, it can tell the replacement algorithm with these calls:

    void page_replace_hint_active(struct page *page);
    void page_replace_hint_use_once(struct page *page);

The first is called when the kernel notes that the page is in active use, while the second indicates that the page is unlikely to be used again in the near future.

There are various other functions for helping with the housekeeping, but the core of the API is this function here:

    void page_replace_candidates(struct zone *zone, int count,
                                 struct list_head *list);

This function must select up to count pages from the given zone as candidates for eviction. This is where the page replacement code will gaze into its crystal ball to figure out which pages will not be used again anytime soon; those are the ones which will be singled out and passed back to the core kernel.

Quite a few other functions exist. They deal with issues like page migration, tracking of non-resident pages, printing out information from the page replacement code, and more. See the documentation file for a full list and brief explanation of those other functions.

The patch set also contains four different page replacement mechanisms. One is the modified least-recently-used (LRU) code found in current kernels, reworked to use the new API. Another is the CLOCK-PRO algorithm, covered here last August. There is an implementation of the CART technique, discussed in this paper [PDF]. Then there is a simple random replacement scheme, seemingly just for the fun of it. Actually, the random replacement patch is, due to its simplicity, a good place to start for somebody interested in seeing what a modularized page replacement algorithm looks like.

This patch looks somewhat similar to the pluggable CPU schedulers patch, which allows the scheduling algorithm to be changed. That patch continues to be maintained, but, since its initial posting in 2004, it has never been seriously considered for inclusion into the mainline kernel. There is a strong preference toward figuring out what's wrong - if anything - with the current code and fixing it, rather than creating a mechanism for playing with entirely different implementations. Thus, Andrew Morton followed his initial response with:

Linus has a similar opinion, and, additionally, is not convinced that page replacement is really an issue needing a great deal of attention. "It smells like university research to me."

The proponents of this patch respond that there are, indeed, situations where the current code falls apart. Given that, the next logical step would seem to be gathering information on the cases where Linux memory management fails. Then the developers can start to think about what needs to be done to address those failures. Even if the page replacement framework patches are never merged, it looks like they may help to drive forward the next phase of work in Linux memory management algorithms. That should be a good thing regardless.

Comments (none posted)

The new pselect() system call

Applications like network servers that need to monitor multiple file descriptors using select(), poll(), or (on Linux) epoll_wait() sometimes face a problem: how to wait until either one of the file descriptors becomes ready, or a signal (say, SIGINT) is delivered. These system calls, as it turns out, do not interact entirely well with signals.

A seemingly obvious solution would be to write an empty handler for the signal, so that the signal delivery interrupts the select() call:

    static void handler(int sig) { /* do nothing */  }
    
    int main(int argc, char *argv[])
    {
        fd_set readfds;
        struct sigaction sa;
        int nfds, ready;
    
        sa.sa_handler = handler;     /* Establish signal handler */
        sigemptyset(&sa.sa_mask);
        sa.sa_flags = 0;
        sigaction(SIGINT, &sa, NULL);
	/* ... */    
        ready = select(nfds, &readfds, NULL, NULL, NULL);
	/* ... */

After select() returns we can determine what happened by looking at the function result and errno. If errno comes back as EINTR, we know that the select() call was interrupted by a signal, and can act accordingly. But this solution suffers from a race condition: if the SIGINT signal is delivered after the call to sigaction(), but before the call to select(), it will fail to interrupt that select() call and will thus be lost.

We can try playing various games like setting a global flag within the signal handler and monitoring that flag in the main program, and using sigprocmask() to block the signal until just before the select() call. However, none of these techniques can entirely eliminate the race condition: there is always some interval, no matter how brief, where the signal could be handled before the select() call is started.

The traditional solution to this problem is the so-called self-pipe trick, often credited to D J Bernstein. Using this technique, a program establishes a signal handler that writes a byte to a specially created pipe whose read end is also monitored by the select(). The self-pipe trick cleverly solves the problem of safely waiting either for a file descriptor to become ready or a signal to be delivered. However, it requires a relatively large amount of code to implement a requirement that is essentially simple. (For example, a robust solution requires marking both the read and write ends of the pipe non-blocking.)

For this reason, the POSIX.1g committee devised an enhanced version of select(), called pselect(). The major difference between select() and pselect() is that the latter call has a signal mask (sigset_t) as an additional argument:

    int pselect(int n, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, 
                const struct timespec *timeout, const sigset_t *sigmask);

The sigmask argument specifies a set of signals that should be blocked during the pselect() call; it overrides the current signal mask for the duration of that call. So, when we make the following call:

    ready = pselect(nfds, &readfds, &writefds, &exceptfds, 
                    timeout, &sigmask);

the kernel performs a sequence of steps that is equivalent to atomically performing the following system calls:

    sigset_t sigsaved;

    sigprocmask(SIG_SETMASK, &sigmask, &sigsaved);
    ready = select(nfds, &readfds, &writefds, &exceptfds, timeout);
    sigprocmask(SIG_SETMASK, &sigsaved, NULL);

For some time now, glibc has provided a library implementation of pselect() that actually uses the above sequence of system calls. The problem is that this implementation remains vulnerable to the very race condition that pselect() was designed to avoid, because the separate system calls are not executed as an atomic unit.

Using pselect(), we can safely wait for either a signal to be delivered or a file descriptor to become ready, by replacing the first part of our example program with the following code:

        sigset_t emptyset, blockset;

        sigemptyset(&blockset);         /* Block SIGINT */
        sigaddset(&blockset, SIGINT);
        sigprocmask(SIG_BLOCK, &blockset, NULL);

        sa.sa_handler = handler;        /* Establish signal handler */
        sa.sa_flags = 0;
	sigemptyset(&sa.sa_mask);
        sigaction(SIGINT, &sa, NULL);
    
        /* Initialize nfds and readfds, and perhaps do other work here */
        /* Unblock signal, then wait for signal or ready file descriptor */

        sigemptyset(&emptyset);
        ready = pselect(nfds, &readfds, NULL, NULL, NULL, &emptyset);
        ... 

This code works because the SIGINT signal is only unblocked once control has passed to the kernel. As a result, there is no point where the signal can be delivered before pselect() executes. If the signal is generated while pselect() is blocked, then, as with select(), the system call is interrupted, and the signal is delivered before the system call returns.

Although pselect() was conceived several years ago, and was already publicized in 1998 by W. Richard Stevens in his Unix Network Programming, vol. 1, 2nd ed., actual implementations have been slow to appear. Their eventual appearance in recent releases of various Unix implementations has been driven in part by the fact that the 2001 revision of the POSIX.1 standard requires a conforming system to support pselect(). With the 2.6.16 kernel release, and the required wrapper function that appears in the recently released glibc 2.4, pselect() also becomes available on Linux.

Linux 2.6.16 also includes a new (but nonstandard) ppoll() system call, which adds a signal mask argument to the traditional poll() interface:

   int ppoll(struct pollfd *fds, nfds_t nfds, const struct timespec *timeout, 
             const sigset_t *sigmask);

This system call adds the same functionality to poll() that pselect() adds to select(). Not to be left in the cold, the epoll maintainer has patches in the pipeline to add similar functionality in the form of a new epoll_pwait() system call.

There are a few other, minor differences between pselect() and ppoll() and their traditional counterparts. For example the type of the timeout is:

    struct timespec {
        long tv_sec;        /* Seconds */
        long tv_nsec;       /* Nanoseconds */
    };

This allows the timeout interval to be specified with greater precision than is available with the older system calls.

The glibc wrappers for pselect() and ppoll() also hide a couple of details of the underlying system calls.

First, the system calls actually expect the signal mask argument to be described by two arguments, one of which is a pointer to a sigset_t structure, while the other is an integer that indicates the size of that structure in bytes. This allows for the possibility of a larger sigset_t type in the future.

The underlying system calls also modify their timeout argument so that on an early return (because a file descriptor became ready, or a signal was delivered), the caller knows how much of the timeout remained. However, the respective wrapper functions hide this detail by making a local copy of the timeout argument and passing that copy to the underlying system calls. (The Linux select() system call also modifies its timeout argument, and this behavior is visible to applications. However, many other select() implementations don't modify this argument. POSIX.1 permits either behavior in a select() implementation.)

Further details of pselect() and ppoll() can be found in the latest versions of the select(2) and poll(2) man pages, which can be found here.

Comments (20 posted)

Distribution List update

It is time for a look at the LWN Distributions List. The last update ran in the April 15, 2005 edition of this page. At that time there were 405 active distributions, but no mention of how many historical distributions. Now we have a whopping total of 504 distributions; 455 active plus 49 in the historical section. Compared to some years, not very many projects have been removed in the last year. Several that seemed to be dead managed to come back to life, proving that it's hard to keep a good distribution down. One example is Impi Linux. It was removed late last year when its link resolved to Ubuntu Linux. The new Impi is the official representative of Ubuntu and the official Ubuntu support provider in Africa, and a provider of customized desktop systems.

Once upon a time dead distributions had a tendency to turn into porn sites. That doesn't happen anymore. Instead they lead to domains for sale, collections of Linux links and more general shopping sites. Good-Day GNU/Linux HA Server, once a Japanese distribution, has been pointing to a Debian Apache placeholder page for at least the last six months. Others that have disappeared include ARSIG, Bluewall GNU/Linux, COSIX, Dettu[Xx], Eshida Instant Embedded Linux, Evelin, LBA-Linux, Linux/Epia, Madeinlinux, SquiggleOS and White Dwarf Linux.

Black Lab Linux was Terra Soft Solutions' Linux for HPC Clusters. That functionality was rolled into Yellow Dog Linux.

Simply GNUstep packages can still be found at SourceForge, but somewhere it stopped being a unique distribution and turned into packages for Debian Sarge desktops. Those haven't been updated since January 2004.

Conectiva and Lycoris were acquired by Mandriva last year. At that time several Conectiva employees and Lycoris founder Joseph Cheek were hired by Mandriva. Immunix was bought by Novell.

Linux-SIS was the Thai School Internet Server project. There is still a School Net web site, but it doesn't look like a Linux distribution anymore.

Finally, WHAX and Auditor joined forces to become BackTrack. So while Backtrack is on the list, the entries for WHAX and Auditor have been removed.

As usual, the list gets updated once or twice a week. If you find anything missing or out of date let us know.

Comments (none posted)

BLAG30003 Released

BLAG 30003 is the third update of this single-CD distribution, based on Fedora Core 3 with updates from Fedora Legacy and additional applications from Dag, Freshrpms, NewRPMS, and custom packages.

Full Story (comments: none)

FreeRTOS.org Version 4 is Now Available

FreeRTOS.org has announced the release of FreeRTOS v4 with ports supporting Luminary Micro's Stellaris(TM) family of microcontrollers, featuring the ARM Cortex-M3 microcontroller core. "FreeRTOS.org is a portable, open source miniature Real Time Kernel for use in embedded applications. FreeRTOS.org is free to download and royalty free for use even in commercial applications, subject to the license."

Comments (none posted)

New MEPIS Linux Test Version Uses Ubuntu Base

MEPIS founder Warren Woodford has announced a test release of SimplyMEPIS 6.0, incorporating software from the Ubuntu Dapper package pools. This is the first version of SimplyMEPIS with an Ubuntu base. "Mark Shuttleworth, founder of Canonical, said "Collaboration with MEPIS will help Ubuntu offer even higher quality desktop packages for KDE users, and expands the number of people who can benefit from our work on system integration, desktop polish and Linux kernel reliability. The MEPIS community is vibrant and energetic and it will be exciting to be able to work more closely with them, while still respecting the ways in which Ubuntu and MEPIS are distinct.""

Comments (none posted)

rPath Linux 1.0.1 available for x86 and x86_64

rPath has updated rPath Linux 1. "Refreshed ISO images, release 1.0.1, have been made available for new installations of rPath Linux 1. These images include all updates through and including updates released on 23 March 2006. If you have already installed rPath Linux 1, you should update your current system rather than reinstall using the new images."

Full Story (comments: none)

SUSE 10 kernel released

The OpenVZ project has released prebuilt kernel packages for SUSE 10 distributions. "Kernel has the same functionality and feature set as base SUSE development kernel (2.6.16-rc5-git9), combined with the power of OpenVZ virtualization technology, equivalent to the latest OpenVZ development kernel (026test005.1)."

Comments (none posted)

Building the whole Debian archive with GCC 4.1: a summary

Over the last two weeks, Debian developer Martin Michlmayr compiled the whole Debian archive on a quad-core MIPS machine donated by Broadcom using GCC 4.1. The aim was to find problems in GCC 4.1 itself and bugs in free software projects exhibited by GCC's increased standards conformance (in particular regarding C++ code). By compiling about 6200 packages, over 500 new bugs have been discovered and submitted, 280 of which are specific to the increased strictness of GCC 4.1. In a posting to the Debian development list, Martin classified the bugs he found and offered some useful links to programmers of C++ code. In a posting to the GCC list, he proposed that GCC should only produce new errors after warnings have been shown for at least one release, giving programmers more time to fix their code. This work is part of his research on quality in free software carried out at the University of Cambridge and sponsored by Google.

Full Story (comments: 18)

Second call for votes for the Debian Project Leader election 2006

The second call for votes contains a look at the votes so far, in the 2006 DPL elections. The voting period ends at 23:59:59 UTC on April 8, 2006.

Full Story (comments: none)

A day in the life of the CentOS team

It seems that the CentOS developers recently had a little run-in with the city manager of Tuttle, Oklahoma, who accused them of having taken over his city's web servers. The resulting email exchange has been posted for our amusement. "I am computer literate! I have 22 years in computer systems engineering and operation. Now, can you tell me how to remove 'your software' that you acknowledge you provided free of charge? I consider this 'hacking'. I have no fear of the media, in fact I welcome this publicity." It all ends happily, though.

Comments (84 posted)

Ubuntu 'Warty' to go unsupported on April 30

The initial Ubuntu release - 4.10 or "Warty Warthog" - will reach the end of its 18 months of support on April 30. The delay of "Dapper" means that there will be a one-month window where 4.10 users will have to upgrade to something else (the "Hoary" or "Breezy" releases) in order to have continuous support. "The Ubuntu 4.10 release changed the landscape of the Linux desktop. Quickly gaining popularity in homes, schools, businesses and governments around the world, Ubuntu is now widely considered the Linux desktop of choice."

Full Story (comments: 20)

Slackware 11.0 is coming

Boxed sets of Slackware 11.0 can be pre-ordered at the Slackware store. Meanwhile, the Slackware -current ChangeLog shows plenty of upgrades and bug fixes in preparation.

Comments (none posted)

LiveCD Linux distro supports traditional Chinese (DesktopLinux)

DesktopLinux introduces Taiwan's B2D Linux. "The new version -- B2D's sixth distribution release since March 2005 -- is called "PureKGB" and bundles applications from both the KDE and GNOME Linux environments, the project said."

Comments (none posted)

Debian Weekly News

The Debian Weekly News for March 28, 2006 is out. This edition looks at an RSS feed for DWN, the call for votes in the Debian Project Leader election ("which has seen the lowest participation ever in a Debian project leader election seen so far"), deprecating debmake after etch, notes from past events, the new Debian-Edu/Skolelinux release, and several other topics.

Full Story (comments: none)

Fedora Weekly News Issue 39

The Fedora Weekly News for March 27, 2006 looks at the Fedora Core 5 release announcement, Congratulations from Fedora Project Leader, Fedora Core 5 Now Available, Announcing FUDCon Boston 2006, Fedora Core 5 Feedbacks, Macromedia Flash Yum Repository for FC5, Space Optimization for Fedora Core 6, ATrpms for FC5/i386 and FC5/x86_64, and several other topics.

Comments (none posted)

Gentoo Weekly Newsletter

The Gentoo Weekly Newsletter for the week of March 27, 2006 covers the search for new members for the Security team, a Bugzilla category change, Ruby on Rails in Portage, and several other topics.

Comments (none posted)

DistroWatch Weekly, Issue 144

The DistroWatch Weekly for March 27, 2006 is out. "Following last week's Fedora 5 release, the next few days will be equally exciting: we are expecting KDE 3.5.2, DesktopBSD 1.0. Frugalware 0.4 and the first release candidate of SUSE Linux 10.1. Before that happens, we'll bring you news about MEPIS switching allegiance, Slackware preparing version 11.0, and Debian compiling with GCC 4.1. Also in this week's issue: Ulteo, a new distribution developed by the founder of Mandrake Linux is nearing release, while the user community of PCLinuxOS gets a new community resource. In the review section we'll take a brief look at an intriguing book entitled Mastering FreeBSD and OpenBSD Security."

Comments (none posted)

Fedora updates

Updates for Fedora Core 5: php-pear (update to XML_RPC 1.4.5), scim-anthy (bug 178400), anthy (new upstream release), shadow-utils (FC5 update), cpio (FC5 update), libsepol (rebuild for FC5), bind (minor fixes), file (fc5 update), readahead (cleanup), gnome-applet-vm (add dependence on usermode), man (fix the encoding of the Bulgarian translation), db4 (FC5 update), gok (update to 1.0.7), gedit (update to 2.14.1), epiphany (update to 2.14.0), evolution-connector (update to 2.6.0), evolution-data-server (update to 1.6.0), gnome-power-manager (update to 2.14.0), pyorbit (update to 2.14.0), totem (update to 1.4.0), libglade2 (make non-ASCII invisible characters work), gnome-icon-theme (update to 2.14.2), shared-mime-info (bug fixes), libxklavier (update to 2.2), gnome-vfs2 (packaging fix), gstreamer-plugins-base (bug fixes), gstreamer (bug fixes), cpio (bug fix), squirrelmail (fix Japanese mail), mtr (update to mtr-0.71), tix (make sure libTix8.4.so is in /usr/lib/Tix8.4), xterm (upgrade to upstream version 211), checkpolicy (update to NSA release), libselinux (update to NSA release), libsemanage (update to NSA release), policycoreutils (update to NSA release), selinux-policy (update to NSA release), libsetrans (update to NSA release), cpio (bug fixes), kernel (upgrade to 2.6.16.1), gconf-editor (bug fix), spamassassin (upgrade to 3.1.1), mlocate (update to mlocate-0.14), scim (bug fix), system-config-kickstart (bug fixes), ncpfs (remove opt flags).

Updates for Fedora Core 4: xterm (bug 183993), tzdata (upstream 2006b), logwatch (update to 7.2.1), authconfig (bug fixes), squirrelmail (fix Japanese mail), glibc (bug fixes), mtr (update to mtr-0.71), perl (bug fixes), system-config-nfs (rebase to 1.3.19), gdm (fix the occasional crash).

Comments (none posted)

Trustix Secure Linux updates

Trustix has released a bug fix advisory covering initscripts, php4 and xinetd for TSL 2.2 and 3.0.

Full Story (comments: none)

New YDL 4.0.1 Errata packages posted

Yellow Dog Linux has released a new set of YDL 4.01 updates.

Full Story (comments: none)

DSL Linux: Small distro that packs a big punch (developerWorks)

IBM developerWorks has a quick review of Damn Small Linux. "The popularity of Linux has grown by leaps and bounds. With so many distributions of Linux out there, selecting the best operating system for your business needs can be a challenge. But if you're looking for a great bundle of software in a small package, look no further than DSL Linux (also known as Demi-Sized Linux or the more common Damn Small Linux), one of the best "mini-Linux" distributions available. In this quick review, you see how to use DSL Linux, what applications come with the package, how to load and start it on your machine, and how to save between sessions when working from a bootable CD."

Comments (none posted)

Review: Trustix Secure Linux lives up to its name (Linux.com)

Linux.com reviews Trustix Secure Linux 2.2. "Trustix concentrates on keeping it simple. You won't get a GUI or the latest bells and whistles. What you do get with Trustix is a small and secure distribution that incorporates IBM's Stack Smash Protection, which protects the system and applications from stack-smashing attacks. This is one of the major forms of attacks, and many secure Linux distros have this turned on by default."

Comments (none posted)

My desktop OS: VectorLinux SOHO (NewsForge)

NewsForge looks at VectorLinux SOHO. "VectorLinux provides three editions (Standard, Deluxe, and SOHO) to cater to almost any Linux user. The SOHO Edition (Small Office, Home Office) includes KDE rather than the lightweight window managers provided with the Standard Edition. Despite the resource-hungry KDE desktop, VectorLinux SOHO still manages to be probably the fastest non-source distro on the planet, thanks to its use of a Slackware base, refinement of boot and shutdown scripts, well-chosen applications, and the loading of only necessary services."

Comments (none posted)

The XMMS2 "Dr. Doolittle" release

Version 0.1DR2.2 of XMMS2, the X(cross)platform Music Multiplexing System, was announced this week. The project is still in the early stages of development.

XMMS2 is a redesign of XMMS, the popular X Multimedia System music player.

Your editor, who only recently started using XMMS, decided to see what XMMS2 had to offer. A handy Ubuntu "Breezy Badger" package set was available for download. The XMMS2 and dependent packages installed with no trouble. Firing up xmms2 for the first time yielded some mysterious error messages. A little digging around on the XMMS2 web site yielded the Using the application document, which showed the way to making xmms2 work. It is first necessary to fire up xmms2d, the xmms2 daemon, before running xmms2.

Unlike the old XMMS GUI, xmms2 is a simple command line tool. Running xmms2 yields a list of possible command line options. One must first select a file or top-level directory where the audio files reside. The xmms2 radd directory command, followed by xmms2 play started the player. The xmms2 next command aborts playing of the current track and moves to the next one. The xmms2 stop commands stops playing and xmms2 quit shuts down the xmms2d process.

The basic installation works fine with .wav files, but an attempt to install the xmms2-flac decoder produced a dependency error. It seems that libflac6 is required by XMMS2, but the Synaptic package manager reports that the package is uninstallable.

The command line interface is sufficient for basic testing, but leaves the user wanting a GUI. There is a long list of GUI clients available, but none were included with the basic XMMS2 packages. At this point, XMMS2 is currently not an exact replacement for XMMS.

XMMS2 can perform the basic music playing function, but it is still a bit early in its development to consider it prime-time software. Your editor is looking forward to future developments on the project.

Comments (7 posted)

Firebird 2.00 Beta 2 for AMD64 released

Version 2.00 Beta 2 of the Firebird database, including a Classic kit for AMD64 Linux, is available for testing.

Comments (none posted)

Firebird Developer's Journal

A new Firebird database Developer's Journal has been launched. "Well, after many months of thinking about this idea, we are finally starting this journal. It's intended to provide you with all the necessary news about the Firebird development process. So if you cannot (or just don't want to) follow the development mailing lists closely, this is your chance to still be informed about the progress."

Comments (none posted)

PostgreSQL Weekly News

The March 26, 2006 edition of the PostgreSQL Weekly News is online with new articles and resources.

Full Story (comments: none)

BusyBox 1.1.1 announced

Version 1.1.1 of BusyBox, a condensed collection of command line utilities for embedded systems, is out. "The new maintainer is Rob Landley, and the new release is BusyBox 1.1.1. Expect a "what's new" document in a few days."

Comments (none posted)

Radmind 1.6.1 available (SourceForge)

Version 1.6.1 of the Radmind tools are available for download. Radmind is: "A suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. For Mac OS X, there's also a graphical interface. At its core, radmind operates as a tripwire. It is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change."

Comments (none posted)

SICM v0.95 has been released (SourceForge)

Version 0.95 of SICM is out with support for Perl 5.8.8 and improved documentation. "SICM is a tool to monitor, graph and alert the capacity of computing devices and applications. SICM runs on a Windows or Linux device on your network, 24 hours every day and constantly records the capacity parameters of any networked device using snmp, ping or custom modules. The recorded data is stored for later reference via a user friendly menu-driven web browser. E-mail alerts are raised if a user determined number of queries fail."

Comments (none posted)

Announcing Samba 4.0.0TP2

Version 4.0.0 TP2, the second technology preview of Samba 4, is available for testing. "Samba 4 is the ambitious next version of the Samba suite that is being developed in parallel to the stable 3.0 series. The main emphasis in this branch is support for the Active Directory logon protocols used by Windows 2000 and above."

Full Story (comments: 1)

Latest Samba preview launched (ZDNet)

ZDNet reviews the latest preview release of Samba. "Vernooij said the second test version of Samba 4 was aimed at "allowing users, managers and developers to see how we have progressed and to invite feedback and support." The development team has made more than 80 modifications to the software since the initial release, including better internal application programming interfaces and code quality in Samba's client-side application."

Comments (none posted)

Mailman 2.1.8b1 released (SourceForge)

Version 2.1.8b1 of GNU Mailman, a mailing list manager, has been announced. "This is a beta test release, which includes security enhancement and bug fixes in 2.1.7. It is highly recommended that all sites update to 2.1.8b1."

Comments (none posted)

Sendmail 8.13.6 released

Version 8.13.6 of Sendmail, a mail transfer agent, has been announced. "Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.13.6. It contains a fix for a security problem discovered by Mark Dowd of ISS X-Force. Sendmail thanks ISS for bringing this problem to our attention and reviewing the patch for it. sendmail 8.13.6 also includes fixes for other potential problems, see the release notes below for more details."

Comments (none posted)

CUPS 1.2 rc1 announced

Release candidate 1 of the CUPS 1.2 printing system has been announced. "The first release candidate of CUPS 1.2 is now available for download from the CUPS web site. We are also providing binary packages for Red Hat Enterprise Linux 4 (32-bit + 64-bit Intel), Fedora Core 4 (32-bit Intel), and MacOS X 10.4 (32-bit PowerPC + Intel) for your convenience."

Comments (none posted)

Bricolage 1.10.1 Released

Version 1.10.1 of Bricolage, a web content management and publishing system, is out. "This maintenance release adds a few new features, a number of improvements, and many bug fixes. Highlights include new SOAP modules, improved packaging support, and smother upgrades from 1.8.x versions."

Full Story (comments: none)

KForge 0.10 Released

Stable version 0.10 of KForge has been released, it adds new capabilities and includes some bug fixes. "KForge is an open-source (GPL) system for managing software and knowledge projects. It re-uses existing best-of-breed tools such as a versioned storage (subversion), a tracker (trac), and wiki (trac or moinmoin), integrating them with the system’s own facilities (projects, users, permissions etc). KForge also provides a complete web interface for project administration as well a fully-developed plugin system so that new services and features can be easily added."

Comments (none posted)

TurboGears 0.9a2 released

Version 0.9a2 of TurboGears, a Python-based web framework, has been announced. "We’ve had a whole raftload of feedback and contributions since the release of 0.9a1. 0.9 is becoming considerably more solid, but I’m not going to upgrade it to “beta” until there are more docs. Be sure to read the upgrade instructions, because you’ll need to make some changes to come from 0.9a1 or 0.8 to this release."

Comments (none posted)

Tina POS 0.0.15 released (SourceForge)

Version 0.0.15 of Tina POS has been released. "Tina POS is a point of sale application designed for touch screens. Supports ESC/POS ticket printers, customer displays and barcode scanners. Its multiuser and has a great backoffice with a product entry form, reports and charts. This new release adds important changes to the code base of Tina POS, a lot of refactoring has been done."

Comments (none posted)

40+ Suggestions for Better Desktop (GnomeDesktop)

GnomeDesktop.org points to an interesting article by Peter Chabada in improving the desktop. "An article "40+ Suggestions for a Better Desktop" discusses how to extend recent desktops to improve their usability. Ideas in this article cover a wide range of desktop applications, e.g. Nautilus, multimedia, spreadsheets, mail clients, configuration, security..."

Comments (none posted)

GNOME Software Announcements

The following new GNOME software has been announced this week:

• Glom 1.0 (new features)
• gparted 0.2.3 (new features, bug fixes and translation work)
• GShowTV 1.0.0 (new features and bug fixes)
• gyrus 0.3.6 (new features, bug fixes and translation work)
• LDTP 0.4.0 (new features and bug fixes)
• Tracker 0.0.3 (new features and bug fixes)

You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE 3.5.2 Released (KDE.News)

KDE.News looks at the release announcement for the K Desktop Environment 3.5.2. "This second update release in the KDE 3.5 series brings an improved user experience and stability by focusing exclusively on translations and bug fixes."

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week:

• anymeal 0.28 (new features and bug fixes)
• Eggibault 1.0 (new application)
• GamLetter 0.4 (new features)
• httpremote_amarok 0.0.2 (new features)
• Kamefu 0.1 beta1 (beta release)
• kAnyRemote 0.4 (unspecified)
• KBlogger 0.5 (new features, bug fixes and documentation work)
• kdesvn 0.8.0 (new features and bug fixes)
• KDevelop 3.3.2 (new features and documentation work)
• KeePassX 0.2.0 (new features and bug fixes)
• keurocalc 0.9.5 (new features and translation work)
• Kgraphviewer 0.2 (new features)
• KLinkStatus 0.3.1 (new features and bug fixes)
• Kmysignature 0.3 (unspecified)
• Knamer 0.9 (unspecified)
• KOffice 1.5.0rc1 (unspecified)
• Kopete 0.12 beta 2 (new features and bug fixes)
• Koppermine 0.2 Beta (unspecified)
• kovpn 0.1 (new application)
• KPowersave 0.5.11-rc5 (new features, bug fixes and documentation work)
• KWlan 0.2 (second alpha version)
• m3u manager 0.0-2 (bug fix)
• MusE 0.8.1 (bug fix)
• NetCARD Config 1.05 (new feature and bug fix)
• NetfilterStatsBuilder 1.5.1 (bug fix)
• Protoeditor Beta 0.9 (new features and bug fixes)
• PyQt 3.16 (improved interoperability)
• Qalculate! 0.9.3.1 (bug fixes)
• Quanta Plus 3.5.2 (new features and bug fixes)
• Samba Scanner / Mount / Umount 1.05 (bug fix)
• Scribus 1.3.2 (new features and translation work)

You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

Scribus 1.3.3 Released

Version 1.3.3 of Scribus, a cross-platform open source page layout application, is out. "The 1.3.3 release is the fourth development version working towards a new stable 1.4. Within this release period over 200 bugs and feature requests were completed mostly focused on useability and correctness."

Full Story (comments: none)

jtag-o-mat 1.2.5 released

Version 1.2.5 of jtag-o-mat, a cross-platform interface to JTAG test ports on embedded microprocessor devices, is out. "This program provides a simple but highly flexible interface to JTAG hardware. In opposite to similar projects, the focus is on running automatic JTAG sequences. The code has been kept intentionally simple to maintain portability and allow modification without the risk to spoil too many dependant parts."

Comments (none posted)

Kicad 2006-03-28 released

Version 2006-03-28 of Kicad, a printed circuit CAD application, is available. Changes include wxWidgets 2.6.3 support and bug fixes.

Comments (none posted)

KJWaves Version 1.0.7 released

Version 1.0.7 of KJWaves is out. "KJWaves was written to be a cross-platform SPICE tool in pure Java. It aids in viewing, modifying, and simulating SPICE CIRCUIT files. Output from SPICE3 (ngspice) can be read and displayed. Resulting graphs may be printed and saved."

Comments (none posted)

pcb-20060321 snapshot available

Development snapshot 20060321 of PCB, an printed circuit CAD application, has been announced. "I have made a new snapshot for pcb. It is anticipated that this is the last snapshot using only the GTK gui and that further releases will be based on the HID version of pcb."

Comments (none posted)

SQL-Ledger 2.6.8 released

Version 2.6.8 of SQL-Ledger, a web-based accounting system, is available. Changes include improvements to invoice batch printing, balance calculations, translations, and more.

Comments (none posted)

New PyGame Releases

The PyGame site lists several new game releases including GalaxyMage 0.3.0, Astrocrash 2.0, Legacy of Magic alpha-2 and more.

Comments (none posted)

Stendhal 0.47 released (SourceForge)

Version 0.47 of Stendhal, a multi-platform multi-player online adventure game, is available. "Stendhal features a new, rich and expanding world in which you can explore towns, buildings, plains, caves and dungeons. You will meet NPCs and acquire tasks and quests for valuable experience and cold hard cash. Your character will develop and grow and with each new level up become stronger and better. With the money you acquire you can buy new items and improve your armour and weapons. And for the blood thirsty of your; satisfy your killing desires by roaming the world in search of evil monsters! This release fix LOTS of bugs that we have recieve from and add some new interesting features like doors and keys, add two new big game areas: Wofol, the kobold's city that is suitable for team play of players around level 10-20 and N'mon, the lich fortress under the Orril castle, that is only for the most brave players."

Comments (none posted)

PyQt v3.16 Released (Python Language Bindings for Qt)

Version 3.16 of PyQt, the Python Language Bindings for Qt, is out. "The main benefit of this release is that it can be installed side by side with the soon-to-be-released PyQt v4 (for Qt v4)."

Full Story (comments: none)

wxWidgets 2.6.3 released

Version 2.6.3 of wxWidgets, a cross-platform GUI toolkit, is out "This is a bug fix release. Notable improvements include Mac universal binary creation with the command-line tools, Windows Mobile 5.0 support, context menu and enhanced file selector support on Windows CE, AMD 64-bit compilation on Windows, better VC++ 2005 support, and more efficient paint handling on wxGTK."

Comments (none posted)

Wine Weekly Newsletter

The March 24, 2006 edition of the Wine Weekly Newsletter has been published. Topics include: Wine 0.9.10, Fedora Packages Available, Windows Vista & Wine, Confusing Macros, Disabling Networking and Mech Commander 2 Source Available.

Comments (none posted)

Gallery 2.1 released (SourceForge)

Version 2.1 of Gallery, a web-based photo album organizer, has been announced. "This release is a substantial improvement over Gallery 2.0 in both features and performance. We've added 10 new modules supporting features like RSS, ratings, permanent links, Picasa and Google Sitemaps. We've made many changes to the core framework to reduce code size and improve our performance, and this release includes page level caching which can provide a profound performance increase in most situations. This release has also received a professional security audit."

Comments (none posted)

Open Movie Editor 20060325 released

Version 20060325 of Open Movie Editor is available. "Open Movie Editor is designed to be a simple tool, that provides basic movie making capabilites. It aims to be powerful enough for the amateur movie artist, yet easy to use."

Comments (none posted)

Maxima 5.9.3 released

Version 5.9.3 of Maxima, a computer algebra system written in Common Lisp, has been released. "This version provides a build system expanded for internationalization, many revised and expanded functions, improved documentation, new add-on packages, and fixes."

Full Story (comments: none)

Nautilus Actions : Share your actions ! (GnomeDesktop)

GnomeDesktop looks at Nautilus-actions. "I'm happy to announce that it is now possible to share your actions created for Nautilus-actions on its web site. Nautilus-actions is an extension for Nautilus, the GNOME file manager. It allows the addition of arbitrary programs to be launched through the Nautilus popup menu on files that are selected."

Comments (none posted)

Caml Weekly News

The March 21-28, 2006 edition of the Caml Weekly News is out with new Caml language articles.

Full Story (comments: none)

Advanced Configuration of the Spring MVC Framework (O'ReillyNet)

Dejan Bosanac works with Spring configuration in an O'Reilly article. "In this article I will present some configuration tips for the Spring MVC framework that could help you manage multiple instances of your Spring-based web application. The configuration management topic is often neglected in the literature, but as we will see, it is very important for real-life web development. It is not directly related to any particular technology, so we will start by explaining the basic concepts of the problem. Next, we will focus on the Spring MVC framework and offer a few solutions for projects developed using this technology."

Comments (none posted)

SBCL 0.9.11 released

Version 0.9.11 of Steel Bank Common Lisp is available. "William Harold Newman has announced SBCL 0.9.11 on 26 March 2006. This version provides experimental support for x86/Darwin under MacOS X on Intel, performance improvements, and more."

Full Story (comments: none)

McCLIM 0.9.2 released

Version 0.9.2 of McCLIM is available. "This version includes several changes such as a new installation process, improved backends, new documentation and examples, and more. McCLIM is an open-source implementation of the CLIM 2 (Common Lisp Interface Manager) specification. CLIM is "a powerful Lisp-based programming interface that provides a layered set of portable facilities for constructing user interfaces"."

Full Story (comments: none)

Python 2.4.3, release candidate 1 is available

Python version 2.4.3, release candidate 1 has been announced. "Python 2.4.3 is a bug-fix release. See the release notes at the website for details of the more than 50 bugs squished in this release, including a number found by the Coverity Scan project. Assuming no major problems crop up, a final release of Python 2.4.3 will follow in about a week's time."

Full Story (comments: none)

Dr. Dobb's Python-URL!

The March 27, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Dr. Dobb's Tcl-URL!

The March 28, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Understanding XForms: The Model (O'Reilly)

Kurt Cagle introduces XForms in part two of an O'Reilly Xml.com series. "What I wanted to look at in this particular article is a much simpler walk through to put together an XForm based application that illustrates that it really isn't that difficult to create an XForm - you just have to have an understanding of what exactly XForms really are."

Comments (2 posted)

eric3 3.8.2 released

Version 3.8.2 of eric3, an IDE for Python and Ruby, has been announced: "this is to let all of you know about the release of eric3 3.8.2. This version fixes a compatibility bug with the latest PyQt release (PyQt 3.16). Eric3 is a Python and Ruby IDE with batteries included."

Comments (none posted)

Stein: 'In 5-10 years, most of the software you use will be free' (ZDNet)

ZDNet covers the EclipseCon keynote by Greg Stein, chairman of the Apache Software Foundation. "Over time you're not going to see people paying for software anymore. All your software will be free. Customization, install, config, and maintenance will require expenditures. I predict that in 5-10 years most of the software you use will be free. So how do you win? The main thing is to track the licen[s]ing pressure trend. Everything is going down the stack. There are only a few types of software that can stay up at the top. Serviced based stuff. Software heavy in content, like modern games. Tax software, different in every state (needs a lot of paid people to research it, etc.). But most is going to go down."

Comments (5 posted)

Sandals and ponytail set cramp Linux (ZDNet)

According to this ZDNet Australia article, former Massachusetts CIO Peter Quinn knows what's holding back desktop Linux adoption. "He pointed to the 'sandal and ponytail set' as detracting from the business-ready appearance of open-source technology and blamed the developers for the inertia for business Linux adoption. 'Open source has an unprofessional appearance, and the community needs to be more business savvy in order to start to make inroads in areas traditionally dominated by commercial software vendors.'"

Comments (29 posted)

The powerful appeal of something for nothing (Financial Times)

Here's a Financial Times article giving a general overview of open source adoption in the developing world. "In the developing world, graduates with programming skills may have an extended family network depending on them as the breadwinner - so spending time debugging open source code for no payment will be especially hard to justify. 'The ability to become an active contributor to free software is at the moment limited to fairly wealthy countries and communities,' says Ubuntu founder Mark Shuttleworth." (Thanks to Philip Webb).

Comments (7 posted)

Conference Report: FOSS Means Business, Belfast (Linux Journal)

Linux Journal has a conference report from the FOSS Means Business Conference in Belfast. "Framed by two large stained glass windows, an impressive church pipe organ and an altar, Bruce Perens began his keynote by spreading his hands wide and uttering the words, "Dearly beloved". After the laughter died down, Perens joked further by comparing programmers to clergy, with references to "oaths of poverty", "chastity" and "celibacy" thrown in for good measure. Overall, Perens delivered an entertaining keynote, recounting tales from his days at Pixar and his first experience with collaborative software development across the Internet, apparently unbeknown to his Pixar bosses."

Comments (10 posted)

FreedomHEC to help Windows developers learn Linux (NewsForge)

NewsForge looks at the FreedomHEC unconference. "FreedomHEC is scheduled for May 26 and 27, and will follow Microsoft's WinHEC, which takes place in Seattle May 23 through 25. The idea behind FreedomHEC is to provide a "shadow" conference to WinHEC to teach Windows hardware developers how easy it is to make hardware compatible with Linux and other free operating systems."

Comments (2 posted)

Idlelo2 FOSS conference in Kenya (IT Manager's Journal)

IT Manager's Journal covers the Idlelo2 Conference in Nairobi, Kenya. "Last month Nairobi, Kenya, hosted the Idlelo2 Conference, a major African free and open source software (FOSS) symposium sponsored by the United Nations Economic Commission for Africa (UNECA), InWEnt Capacity Building International, Germany, and the eGovernment Directorate of Kenya. We spoke with one of the organizers of this year's conference, Milton Aineruhanga, program officer for Women of Uganda Network (WOUGNET)."

Comments (none posted)

Plone Symposium Wrap-up

Alan Runyan covers the recent Plone Symposium. "The Plone Symposium March 8-10 was a very special event. It was one of the first events to be held in New Orleans post Katrina. Quite a few people were hesitant to come to the Symposium event since New Orleans was shown in such bad condition on the national news. We still managed to pull in about 100 attendee's for a full three days of tutorials, talks, birds of feather and lightning talks. Oh and of course socializing. Lots of socializing *grin*"

Comments (none posted)

Microsoft's anti-ODF battle continues (Linux-Watch)

Linux-Watch reports that Microsoft has joined the the Open Document Format standards body, and may have done so in order to slow down the group's progress. "Microsoft claims that Apple, Intel, and numerous Microsoft partners and resellers, such as InterKnowlogy LLC and The Computer Solution Company, have joined the Open XML group. Perhaps a more significant move than this public relations announcement, is that Microsoft's Jim Thatcher has just joined the U.S. national body responsible for the JTC1 SC34 "V1 Text Processing: Office and Publishing Systems Interface," which, in turn, is the group responsible for sheparding the ODF (OpenDocument Format) through the ISO (the International Organization for Standardization) certification process."

Comments (4 posted)

Novell Strikes Three Open Source Deals (News.com)

News.com reports on Novell's newest customers. "Novell drove home its open source gospel Tuesday, trotting out three major converts to its Linux software suites: the Finnish military, a New England bank and a New York hospital chain. The announcements came on the second day of BrainShare Global 2006, the week-long conference that has drawn more than 6,000 Novell users, developers and sellers to the downtown Salt Lake Convention Center."

Comments (none posted)

SUSE Linux CTO To Exit Novell (CRN)

CRN reports that Juergen Geck, former CTO of SUSE Linux, is leaving Novell. "Last November, SUSE founder Hubert Mantel resigned from Novell following a corporate restructuring that claimed 600 jobs, a number of them at SUSE headquarters in Nuremberg, Germany. Earlier, in May, Novell lost former SUSE CEO Richard Seibt, who served as president of Novell's subsidiary for Europe, the Middle East and Africa (EMEA) after the acquisition. And in July, SUSE channel chief Petra Heinrich announced her resignation. Heinrich, who headed Novell's European, Middle East and Asia channel operations, joined Open-Xchange as its top sales executive."

Comments (none posted)

Maddog says desktop the final frontier for Linux (IT Wire)

IT Wire talks with Jon "maddog" Hall about Linux on the desktop. "In the desktop space, Maddog dismisses suggestions that Linux still faces challenges with usability in areas such as the installation of new applications. "I don't think that it's Linux itself that has to do work in that area. I think it's the people who create the applications that you want to install," he says."

Comments (14 posted)

Marco Gulino (People Behind KDE)

The People Behind KDE have interviewed Marco Gulino. "In what ways do you make a contribution to KDE? First of all with my own project, KMobileTools. I also created the Konqueror Sidebar for Amarok. And I do bug reporting/fixing, when I can. (I mean of other's apps of course. It would be weird if I wouldn't solve my own bugs.)" (Found on KDE.News)

Comments (none posted)

CEO Jack Messman talks about Novell's present and future (Linux-Watch)

Linux-Watch interviews Jack Messman. "Messman also sees Microsoft's stumbling introduction of Vista as opening the door for Novell's forthcoming SLED (SUSE Linux Enterprise Desktop) 10. "People tell us that the more they learn about Vista, the more they see that switching to it isn't a migration; it's a conversion.""

Comments (none posted)

Interview: Theo de Raadt of OpenBSD (NewsForge)

NewsForge interviews Theo de Raadt of OpenBSD. " NF: You regularly organize events called hackathons. What exactly is a hackathon? TdR: This is something we started many years ago. A bunch of us would fly to one location (typically before or after a conference) and we would sit down and code. These events really are about getting tasks done; there is very little chatter, as we already know basically what needs to be done. They are not meetings, no one presents talks, nor are they so-called summits. They are for taking action in the source tree, knowing that the guy you need to ask a question of really quickly is sitting at a table a meter away."

Comments (33 posted)

Multiple live CDs in one DVD (Linux.com)

Linux.com shows how to bundle multiple live CDs on one DVD. "Nautopia.net has put up a script that you can use to make a custom DVD to boot multiple live CDs. The Nautopia script currently supports Knoppix, Kanotix, Kurumin, Livux, MEPIS, ProMEPIS, Slax, Aurox, BerryLinux, Basilisk, Adios, PCLinuxOS, MandrakeMove, Gnoppix, RiP, SystemRescueCD, Ultimate Boot CD, and INSERT distributions. Grab a couple of live CDs of any of the above listed distributions".

Comments (1 posted)

Taking Free Software to the Farmers and Fields of India (Linux Journal)

Linux Journal covers the aAqua.org (Almost All Questions Answered) web site. "Thanks to work done by the prestigious Indian Institute of Technology (IIT-Bombay) and its partners, IT-savvy and knowledge-hungry people across rural India now can find relevant, demand-driven farming knowledge on the aAqua.org Web site. So far, the site has been a great way to bring together people such as Prasad Kaledhonkar, who has a clue about what the white patterns emerging on tomato plant leaves are; farmer's daughter Niyatee Nilesh, who wants advice on buying agricultural land; and Shirish, from rural Maharashtra, who wants to learn about using waste water from the school kitchen to irrigate gardens and crops."

Comments (none posted)

Open-Source Framework Means Happy Trails for Java Developers (eWeek)

eWeek covers the Trails framework, a new open source framework aimed at making Java easier for developers. "Some might call Nelson a flatterer, as imitation is considered the finest form of flattery and Trails gets some of its notions from the popular, though non-Java, Ruby on Rails framework. But Nelson said Trails was simply "inspired" by Ruby on Rails but is not a Java-based clone of it. "Developing J2EE [Java 2 Platform, Enterprise Edition] is just too hard," Nelson said in a talk at TheServerSide Java Symposium here on March 23. "Things like Hibernate, Spring, etc., make it easier, but it's still too hard. Ruby on Rails raises the bar," he said."

Comments (2 posted)

Mastering podcasts with Audacity (NewsForge)

NewsForge has some tips for podcasters using Audacity. "Open source software makes podcasting easy -- too easy. Listening to a playlist of first-timer podcasts can leave your ears ringing from sudden changes in playback volume. The problem is audio mastering. Recording sound is simple, but mastering that sound -- compressing volume differences, maintaining a decibel ceiling, and similar operations -- is anything but. Fortunately, an open source tool offers everything you need for mastering podcasts and other spoken-word recordings. Audacity is well-known among podcasters on all platforms for its ability as an editor; here are some tips and tools for mastering and adjusting volume, aimed at podcasters, but they could apply to anyone who needs to produce a spoken-word recording under less-than-perfect conditions."

Comments (1 posted)

My sysadmin toolbox (Linux.com)

Linux.com looks at a few desktop enhancement tools. "Torsmo differs from other system monitors, such as GKrellM, in that it does not spawn a new window, but instead renders text directly to your desktop. It can display almost anything about your system, including uptime, current CPU usage, network activity, hard drive usage, memory usage, and swap usage. The program's developers wrote it to use as little of your system's resources as possible, and it does a good job of this."

Comments (3 posted)

Snort on OpenWrt: Guarding the SOHO perimeter (Linux.com)

Joe Barr looks at getting extra security by running Snort on an OpenWrt router. "Nicholas Thill -- known as Nico in the OpenWrt community -- maintains three separate packages for Snort in his repository of packages. They include a plain Jane version, without any support for logging to a database, and two database-specific packages: one for MySQL and one for PostgreSQL. All are based on the Snort release 2.3.3-1 and are considered to be in a testing state and not yet included in the official release."

Comments (1 posted)

Marcel's Linux App of the Month: KDissert (Unix Review)

Marcel Gagné looks at KDissert on Unix Review. "Thomas Nagy's kdissert is an application referred to as a mind mapping tool. Its purpose is to help you create complex documents such as a thesis, or a dissertation, or a presentation. And yes, perhaps even an article or a book. You do that by creating a map of your ideas, a mind map, that allows you to structure the ideas you already have into the basis for producing a high-quality, well-ordered document." (Found on KDE.News)

Comments (2 posted)

Linux Multimedia Hacks: A Book Review (Linux Journal)

Linux Journal reviews the book Linux Multimedia Hacks. "If you're interested in multimedia and the penguin, you certainly must be puzzled by the plethora of software available for Linux. Which one fits your needs? Linux Multimedia Hacks (LMH) explores several software options, the ones the author feels are worth spending time with. In terms of the hacks I tested for the purpose of this review, as well as my personal tastes, I have to say that I'm pleased by the choices the author made. With the help of this book, I've been able to solve all of the issues I encountered while trying to edit video on my Linux box."

Comments (none posted)

New Scriptable Linux Screen Reader for Gnome on Freshmeat (Groklaw)

Groklaw takes a look at Linux Screen Reader 0.1.0. From the LSR homepage: "The Linux Screen Reader (LSR) is an application that transforms the contents of the computer screen to other media, enabling non-visual access to the graphical Gnome desktop environment."

Comments (3 posted)

Few Linux, FOSS alternatives at tax time (NewsForge)

NewsForge looks at Open Tax Solver (OTS), a tax application that was written by Aston Roberts. "Roberts says almost all tax software -- including popular programs such as TurboTax and TaxCut -- will calculate taxes, but describes OTS as an alternative method. "It operates quite differently from the commercial packages, which tend to be question-oriented, or interview-oriented," he says. "For some people, the interview method may be better, but others have found the direct input approach of OTS to be quicker, especially to those who have done taxes before and basically know where to put their numbers, but want to automate the math.""

Comments (6 posted)

Finding Linux Applications (Amauta)

Amauta takes a quick look at the Linux App Finder. "Since many Linux applications are free and have no marketing to inform the public of their existence, it is often difficult to find the right program when it is needed. The goal of Linux App Finder is to make finding the right software an easy task by grouping programs into categories and allowing for a task based search."

Comments (7 posted)

Get Thoggen, and leave your DVDs at home (Linux.com)

Linux.com has a review of thoggen, a DVD ripping tool. "That said, I still recommend Thoggen. For one thing, I can't heap enough praise on the interface. Simplicity is the watchword, and Thoggen gets it just right, presenting the user with the appropriate choices and working out the necessary details itself. Transcoding video is complicated, but Thoggen manages to make it simple. A lot of other apps could learn a lot from its design decisions."

Comments (14 posted)

Mozilla plans to fund developer community (ZDNet)

ZDNet reports that the Mozilla Foundation will be using some of its money to fund outside developers. "The foundation made $5.8 million in 2004 and is thought to have made tens of millions of dollars last year, predominantly from partnerships with search companies, such as Google and Yahoo. Though much of its money has gone toward increasing its head count, some has been used to bulk up its reserve fund. Mitchell Baker, the chief executive of the Mozilla Corporation, the commercial subsidiary of the Mozilla Foundation, said Mozilla plans to put some of its excess revenues back into the community."

Comments (2 posted)

Apple patents automatic software updates

Apple's patent #7,016,944, issued on March 21, seems somehow familiar: "The present invention is a system and method that monitors upgrade availability for computer information on a user's computer and allows the user to determine which of the available upgrades will be downloaded to the user's computer and installed. The upgrade availability for computer information on the user's computer is monitored in the background, without user-intervention when the user connects to a network, such as the Internet. If any such upgrades are available, a flag is set to notify the user of such upgrades. The user is notified of any available upgrades when computer information is accessed for which an upgrade is available, and given a choice of whether or not to download the available upgrade(s)." Filed in 1999. (Seen on Macsimum News by way of FFII).

Comments (18 posted)

GPL tested in US courts in Wallace

The Free Software Foundation has announced that the GPL has been upheld by a US court in the Wallace Vs FSF case. "On Monday March 20, 2006 US Federal Judge John Daniel Tinder, dismissed the Sherman Act antitrust claims brought against the Free Software Foundation. The claims made by Plaintiff Daniel Wallace included: that the General Public License (GPL) constituted a contract, combination or conspiracy; that it created an unreasonable restraint of trade; and that the FSF conspired with IBM, Red Hat Inc., Novell and other individuals to pool and cross-license their copyrighted intellectual property in a predatory price fixing scheme."

Full Story (comments: none)

The OSDL Fellowship Fund

OSDL has announced the creation of the "Fellowship Fund." "The Fund will provide financial support to software developers working on Linux and open source community projects that don't otherwise have access to financial resources or support." Funding decisions will be made by the OSDL board, with input from the newly-formed (kernel-heavy) technical advisory board. There is no information on the size of the fund.

Full Story (comments: 1)

SFLC representing BusyBox and uClibc

The BusyBox project is obtaining license enforcement management from the Software Freedom Law Center. "..we're pleased to announce that the Software Freedom Law Center has agreed to represent BusyBox and uClibc. We join a number of other free and open source software projects (such as X.org, Wine, and Plone in being represented by a fairly cool bunch of lawyers, which is not a phrase you get to use every day."

Comments (none posted)

Amanda 2.5 - A major new release of the Open Source Backup Software

Amanda has announced the release of version 2.5 of its open source backup and recovery software.

Comments (none posted)

ANTs Software to Exhibit at LinuxWorld Boston

ANTs software inc. has announced its LinuxWorld exhibit. "ANTs software inc., a developer of universally compatible, high-performance SQL database management systems, today announced it will be exhibiting in the IBM Business Partner Pavilion, Booth 612, at this year's LinuxWorld Conference & Expo in Boston. Expo attendees will have the opportunity to talk with representatives from ANTs software and IBM, as well as examine the latest ANTs Data Server running on a variety of Linux 64-bit operating systems on both AMD Opteron and Intel platforms."

Comments (none posted)

BitRock Releases LAMPStack 5

BitRock has announced the release of BitRock LAMPStack 5. "BitRock LAMPStack 5 is an integrated, easy to install LAMP distribution that includes the latest major releases of Apache, PHP, MySQL, Python, and supporting libraries. The stack is now available for download at www.bitrock.com."

Full Story (comments: none)

CodeSourcery Announces G++ GNU Toolchain for Luminary's Stellaris Microcontrollers

CodeSourcery, Inc. has announced the availability Sourcery G++ GNU Toolchain for Luminary Micro's Stellaris Microcontrollers. "In partnership with ARM, Ltd., CodeSourcery develops improvements to the GNU Toolchain for ARM processors and provides regular, carefully tested, precompiled releases of the GNU Toolchain. CodeSourcery's current release of Sourcery G++ includes full support for the ARM Cortex-M3 microcontroller core and Luminary Micro's Stellaris family of microcontrollers."

Comments (none posted)

IBM and EMC Join MySQL Network Certified Partner Program

MySQL AB has announced the joining of its Network Certified Partner Program by IBM and EMC. "Among other co-marketing and promotion activities with MySQL, both companies will be sponsors of next month's MySQL Users Conference in Santa Clara, California. The multi-tiered MySQL Network Certified Partner Program enables ISV partners to certify that their software has been tested and is compatible with the MySQL certified database server and related MySQL tools. The program also offers opportunities to hardware vendors and consulting companies to leverage the growing adoption of MySQL within mainstream IT organizations."

Comments (none posted)

OpenPKG GmbH established to provide Business Services

OpenPKG has announced the establishment of OpenPKG GmbH, a sibling organization with the dedicated goal of providing commercial services to OpenPKG business customers. "The Open Source software project OpenPKG was founded in 2000 by Ralf S. Engelschall and first released to the public in January 2002. Today OpenPKG is a mature technology in production use. It is maintained and improved by its original developers and volunteer contributors. Its end user and developer community is organized in the OpenPKG Foundation e.V. while its business customers are looked after by the OpenPKG GmbH."

Full Story (comments: none)

RaveHD 2.0 Officially ships

SpectSoft LLC has announced their RaveHD 2.0 video recording software. "SpectSofts newest version not only offers new features that include reverse audio, slave record, deck standby, and 2K HSDL support but the overhaul of the existing code base now takes RaveHD 2.0 to a client/server product and makes this product an extensive VTR replacement solution. The client/server implementation allows studios to control many DDRs from a single interface in addition to making the GUI modular and easily modified."

Full Story (comments: none)

Sun Releases UltraSPARC T1 Processor Design specs under GPL

Sun Microsystems, Inc. has announced the release of its UltraSPARC T1 Processor Design specifications under the GNU GPL license. "Sun Microsystems Inc. today announced a significant milestone in its OpenSPARC Initiative aimed at the creation of the world's first multi-core, multi-threaded eco-system: publication of the hardware design point and the Solaris(TM) 10 Operating System (OS) porting specifications for the breakthrough UltraSPARC T1 processor. For the first time in history, developers gain access to the chip multi-threading (CMT) technology unique to the UltraSPARC T1 processor, which will be released under the OSI-compliant GNU General Public License (GPL)."

Comments (2 posted)

Third Brigade's Intrusion Prevention System protects against Sendmail vulnerability

Third Brigade has announced protection from a recent Sendmail vulnerability by its Intrusion Prevention System. "Third Brigade, Inc. today announced that customers that have deployed Deep Security, its advanced Intrusion Prevention System (IPS), are protected from attacks that could exploit a vulnerability recently disclosed in Sendmail."

Full Story (comments: none)

Visibooks publishes four OO.o textbooks

Visibooks, LLC has announced the publication of four new OpenOffice.org textbooks. "An increasing number of schools in the U.S. and worldwide are using and teaching OpenOffice.org, a free, open-source suite of word processing, presentation, spreadsheet, and database programs. To serve these schools, Visibooks has published the first series of textbooks that help students learn OpenOffice.org programs. Visibooks has published four new textbooks on the programs that make up the OpenOffice.org 2.0 office suite: Base, Calc, Impress, and Writer. The titles are The Visibooks Guide to Base 2.0, The Visibooks Guide to Calc 2.0, The Visibooks Guide to Impress 2.0, and The Visibooks Guide to Writer 2.0."

Comments (none posted)

The Art of SQL - O'Reilly's Latest Release

O'Reilly has published the book The Art of SQL by Stephane Faroult and Peter Robson.

Full Story (comments: none)

Google: The Missing Manual, 2nd Ed--O'Reilly's Latest Release

O'Reilly has published the book Google: The Missing Manual, 2nd Edition by Sarah Milstein, J. D. Biersdorfer, and Matthew MacDonald.

Full Story (comments: none)

Tutorial: Setting Up A High-Availability NFS Server

Falko Timme has announced a new HowtoForge tutorial on setting up NFS servers. "in this tutorial I will describe how to set up a high-availability NFS server that can be used as storage solution for other high-availability services like, for example, a cluster of web servers that are being loadbalanced. In fact, I will create two NFS servers that mirror their data to each other in realtime using DRBD and that monitor each other using heartbeat, and if one NFS server fails, the other takes over silently."

Full Story (comments: none)

rPath announces new customer and cash awards

rPath has announced a set of awards for the use of its rBuilder software. "rPath is offering additional cash awards to winners of the VMware Ultimate Virtual Appliance Challenge who use its rBuilder Online technology to build a winning virtual appliance entry. In addition to VMware's prize offerings, rPath will pay out up to $25,000 to the top three entries and five best of category prizes. "This is a unique opportunity for developers to showcase their skills, while experiencing the flexibility and control that rBuilder provides," said Erik Troan, rPath founder and CTO."

Full Story (comments: none)

LPI Offers Certification Exams at LinuxWorld Boston

The Linux Professional Institute will hold certification exams at the LinuxWorld Boston conference on April 4-6, 2006. Pre-registration is required.

Full Story (comments: none)

Tuxaco extends training portfolio

Tuxaco will hold new Linux training courses in the UK. "OSC members, Tuxaco have recently announced that they will be providing public Linux courses in London and Birmingham, so the company can now offer classroom teaching in addition to its existing portfolio of onsite Linux courses."

Full Story (comments: none)

GUADEC CFP / WarmUp weekend and the After Hours workshops (GnomeDesktop)

GnomeDesktop has announced the final Call for Papers (March 31) for the GUADEC 2006 conference. The event will be held in Vilanova i la Geltrú, Spain on June 24-30, 2006. "As you probably know, March 31st (next Friday) is the deadline of the GUADEC 2006 Call for Participation. If you have a session in mind please submit it before then, even if it's only a draft or a collection of ideas. You will have more time to explain yourself once your session is submitted and scheduled. This year we have two new GUADEC phases apart from the 3 GUADEC Core days. They are also at your disposal and you are invited to submit sessions for these phases as well. Think of GUADEC as a funnel, where the WarmUp weekend is the wide entry, GUADEC Core is the neck and the After Hours workshops are in the exit, where the results of the discussions are distilled in hands-on work."

Comments (none posted)

FreedomHEC: May 26-27, 2006

FreedomHEC, the High-intensity learning, networking and taking-back-the-PC-industry unconference will take place on May 26-27, 2006 in Seattle, Washington.

Full Story (comments: none)

The Gelato ICE Conference and Expo

The Gelato Itanium Conference & Expo will take place during the week of April 24, 2006 in San Jose, CA. "Join other end users, developers, researchers, ISVs, and system vendors for an outstanding technical program comprised of 50+ Linux Itanium-centric talks."

Full Story (comments: none)

Linux Audio Conference 2006 registration open

Registration is open for the Linux Audio Conference 2006. The event takes place on April 27-30, 2006 in Karlsruhe, Germany.

Full Story (comments: none)

Optaros Launches Open Source Webinar Series

Optaros will be holding an Open Source Webinar Series. "Planned sessions throughout the year will include: * April 25 - Open Source and Customer Relationship Management, * June 27 - Service Oriented Architecture and Open Source Solutions, * August 24 - Overcoming Barriers to Open Source Adoption, * September 26 - Content Management Challenges and Open Source Solutions and * December 12 - Open Source Year in Review".

Full Story (comments: none)

PostgreSQL Anniversary Summit registration now open

Registration is open for the PostgreSQL Anniversary Summit. The event will take place on July 8-9, 2006 in Toronto, Canada. "This 2-day event will feature numerous presentations and community sessions to let community members share their knowledge. Many major contributors to PostgreSQL will be there, and most of them will be speaking or leading coding sessions: Tom Lane, Bruce Momjian, Tatsuo Ishii, Gavin Sherry, Neil Conway and more. At the event we will also discuss and coordinate community advocacy and fundraising efforts."

Full Story (comments: none)

rPath founder to present at LinuxWorld

rPath CTO and co-founder Erik Troan will be demonstrating rBuilder at the LinuxWorld Expo on April 4. "rBuilder is the engine for creating and maintaining software appliances. With rBuilder, a software developer combines an application with a tailored version of rPath Linux and as a result delivers a software appliance to the customer. Customers get the benefit of the application without the hassle of coordinating multiple maintenance streams, release schedules, and service contracts."

Full Story (comments: none)

Samba eXPerience 2006

Samba eXPerience 2006 will take place in Göttingen, Germany on April 24-26, 2006. "The fifth "sambaXP" is again the leading conference event focussing on the most important free software alternative to non free file servers. 25 talks from developers, users and vendors will show the particular importance of this Free Software alternative for Windows clients. This year's highlights are the user reports."

Full Story (comments: none)

Events: March 30 - May 25, 2006

Date	Event	Location
March 30 - 31, 2006	PHP Quebec 2006	(Plaza Montreal Hotel)Montreal, Canada
April 3 - 6, 2006	Embedded Systems Conference(ESC)	(McEnery Convention Center)San Jose, CA
April 3 - 7, 2006	CanSecWest/core06	(Marriott Renaissance Harbourside hotel)Vancouver, Canada
April 3 - 4, 2006	Freedom To Connect 2006(FTC)	(AFI Silver Theater)Washington, DC
April 3 - 6, 2006	LinuxWorld Conference and Expo	(Boston Convention and Exposition Center)Boston, MA
April 7 - 9, 2006	Notacon 3	(Holiday Inn Select Cleveland)Cleveland, OH
April 7, 2006	FUDCon Boston 2006	Boston, Mass. USA
April 11 - 12, 2006	CELF Embedded Linux Conference	San Jose, California
April 15 - 16, 2006	LayerOne 2006	(Pasadena Hilton)Pasadena, California
April 19 - 22, 2006	Forum Internacional Software Livre 7.0(FISL)	Porto Alegre, Brazil
April 19 - 20, 2006	UK Python Conference	(Randolph Hotel)Oxford, England
April 20 - 22, 2006	International Conference on Availability, Reliability and Security(AReS 2006)	Vienna, Austria
April 21 - 23, 2006	Penguicon 4.0	Livonia, Michigan
April 23 - 26, 2006	ItaniumR Conference and Expo 2006(Gelato ICE)	San Jose, CA
April 24 - 26, 2006	LinuxWorld & NetworkWorld Canada 2006 Conference & Expo	(Metro Toronto Convention Centre, North Bldg.)Toronto, Canada
April 24 - 27, 2006	MySQL Users Conference	Santa Clara, CA
April 24 - 25, 2006	2006 Desktop Linux Summit	(Manchester Grand Hyatt)San Diego, CA
April 24 - 26, 2006	SambaXP 2006	(Clarion Parkhotel)Göttingen, Germany
April 26 - 28, 2006	php|tek 2006	(Orlando Airport Marriott Hotel)Orlando, FL
April 27 - 30, 2006	Linux Audio Conference(LAC2006)	(ZKM)Karlsruhe, Germany
April 29, 2006	Linuxfest Northwest 2006	Bellingham, WA
April 29 - 30, 2006	European Common Lisp Meeting 2006	Hamburg, Germany
May 1 - 6, 2006	DallasCon 2006	(Richardson Hotel)Dallas, TX
May 3 - 6, 2006	LinuxTag 2006	(Rhein-Main-Hallen)Wiesbaden, Germany
May 6 - 7, 2006	WebTech 2006	Sofia, Bulgaria
May 8 - 18, 2006	LinuxWorld on Tour Conference and Expo 2006(LOT2006)	Montreal Ottawa Calgary Vancouver
May 12 - 13, 2006	BSDCan 2006	(University of Ottawa)Ottawa Canada
May 13, 2006	DebianDay	Oaxtepec, Mexico
May 14 - 22, 2006	DebConf 6	Oaxtepec, Mexico

Comments (none posted)