How Mono got into Fedora

Back in January, Red Hat reversed a longstanding policy and allowed the Mono .NET implementation into the Fedora distribution. A set of Mono applications (Tomboy, Banshee, F-spot) also went in at that time. The move was generally welcomed, but a number of observers wondered what had changed to make the addition of Mono possible. The sticking point had been a set of patents on .NET held by Microsoft; presumably those patents were no longer seen as a threat. But no information on why that might be was released at that time.

We missed it at the time, but Fedora hacker Greg DeKoenigsberg posted an explanation in late March. The answer, as it turns out, may offer some clues of how the software patent battle might play out.

Back in November, the Open Invention Network (OIN) announced its existence. OIN is a corporation which has been set up for one express purpose: to acquire patents and use them to promote and defend free software. The OIN patent policy is this:

The list of "certain Linux-related applications" is said to exist, though it has not, yet, been posted publicly. But Mono is apparently on that list. So anybody who files patent infringement suits against Mono users, and who is, in turn, making use of technology covered by OIN's patents is setting himself up for a countersuit. Depending on the value of the patents held by OIN, that threat could raise the risk of attacking Mono considerably.

That last sentence is important: a potential OIN countersuit will only have a deterring effect if OIN's patents cover an important technology and look like they would stand up in court. As it happens, OIN holds a set of patents covering a number of fundamental aspects of XML-based web services. These patents (originally assigned to a failing company called Commerce One) created a fair amount of concern when they went up for auction at the end of 2004; many companies feared that they could be used to shake down companies all over the e-commerce field. What actually happened is rather different: they were bought by Novell for $15.5 million and eventually contributed to the OIN pool. These patents, it seems, are considered strong enough to keep Mono safe.

Novell did the community (and perhaps the technology industry as a whole) a big favor by buying those patents; in the process, it beat out bids from a couple of "intellectual property" firms associated with Nathan Myhrvold. Donating them to OIN multiplied the favor by putting these patents directly into the service of free software. We may all be a little safer as a result of this action.

Some observers in the community have criticized the patent pool idea in the past. Playing the software patent game in any way is a little distasteful, and it is not clear to everybody that the owner of the pool would have the standing or interest to defend the target of a patent attack. The true success of OIN can only be judged in the long term, and, in the best case scenario (no software patent suits are ever brought against free software users), its contribution will never be entirely clear. What is clear, however, is that OIN has already brought some peace of mind to some of the people who were most worried about the software patent threat. That seems like a step in the right direction.

Comments (14 posted)

Fear of a Linux virus

There can be no doubt that the folks at Kaspersky Lab are persistent. Back in 1999, Kaspersky released its anti-virus product for Linux; the company also claimed to be preparing "the world's first Linux-based rescue disk." In 2000, the company claimed that "new viruses for Linux appear every day," though it backed down when that claim was questioned. Now Kaspersky claims to have encountered a "cross-platform virus," which is capable of infecting both Linux and Windows systems. Time to be worried:

There is hope, however: worried system administrators need only purchase Kaspersky's anti-virus service, and they will be protected from the threat of this new cross-platform virus.

Strangely enough, Linux administrators have somehow managed to avoid going into a panic over this announcement. In fact, few Linux users feel any more threatened than they did before.

This new "virus" is a program which is able to inject its code into executable files found in the current working directory. It can't be the first code with this capability - that particular problem is not especially hard to solve. Given write access to an executable file, a program can write to that file. If it is coded to write something unpleasant, that is what will happen.

What this "virus" appears to lack is any sort of propagation mechanism. If somebody runs it, their executable files will be corrupted, but it has no way of traveling further. Any attempt to add propagation to this code will run into some well-known problems: (1) getting Linux users to run random malware is still challenging, and (2) most Linux users lack the access to modify most of the executables they run, most of the time. The normal protection mechanisms designed to keep users from accidentally (or maliciously) damaging their systems will also serve to impede any attempt to infect those systems.

One should not say that writing a rapidly-propagating, Linux-based virus or worm is not possible. Sooner or later, somebody will probably pull it off. But any such malware will have to exploit an open security vulnerability in the target systems, and any vulnerability which is exploited in this manner will be closed in a hurry. Commercial anti-virus products work by trying to keep threatening malware away from the system altogether. The Linux way of doing things, instead, is to make the system resistant to the attack vector used by the malware in the first place. Security updates may propagate a little more slowly than virus descriptions, but the end result will tend to be far longer-lasting.

So it is not clear that there will ever be a real market niche for anti-virus products on Linux systems. Linux administrators prefer to fix the root problem, and most distributors have well-tuned mechanisms in place for making those fixes quick and easy. Anti-virus products add complexity to a system, can create problems of their own, and may well not be any more effective against any sort of "zero-day" attack. If, in the future, we find ourselves truly needing anti-virus software, our development process will have failed badly. Chances are that we will not fail in that way, but the flow of scary press releases from anti-virus companies will certainly continue regardless.

Comments (14 posted)

Some distribution disagreements

Back when Red Hat Linux was a product delivered by Red Hat Inc. in its final form, the user community had little visibility into the decisions that affected the distribution. One of the early promises that came with the Fedora Project was that the important discussions would happen in a public forum. Things have not always happened that way, and a number of things still seem to happen by anonymous decree. It is true, however, that the public discussion has grown more vibrant as the wider Fedora community insists on having its say.

One recurring discussion has to do with one of those decisions by decree: Fedora Core 5 lacks the "install everything" option which has characterized Red Hat releases for many years. The reasons behind this change make some sense: it is increasingly hard to support as the distribution grows, and as the distribution is split between "core" and "extras." Some packages conflict with others, making a true "everything" install impossible in any case. Installing everything is an invitation to unnecessary security problems. And the Anaconda installer has been reworked around a yum-based backend which is not so well equipped to do "everything" installs in any case. Administrators who do a lot of "everything" installs can use kickstart to obtain something close to the old behavior.

So removing this option was not an unreasonable thing to do. But the community was not involved in the decision, and quite a few Fedora users are most unhappy with the change. Since there was no discussion - not even an announcement of the change - these unhappy users continue to fill the Fedora lists with complaints; it is beginning to look like one of those threads which never really goes away. But, "install everything" has gone away, and appears highly unlikely to return.

A more relevant discussion, perhaps, is this one: what is to happen with evolution in Fedora Core? The state of the FC5 evolution package is evidently so poor that some Red Hat developers are suggesting that it should be shoved out to Fedora Extras, or dropped altogether:

(Alan Cox).

The state of evolution is a bit of a problem. It has been pushed for some time as the mail user agent for Red Hat and Fedora systems; it is also the only mail client with its particular combination of email and calendar features. Quite a few Fedora (and RHEL) users depend on it heavily. So the chances are that evolution is not truly destined for the bit bucket.

There appear to be two issues here. One is that the core evolution project has been on hold for some time. There is a new set of developers working on evolution, and there are signs that the process is beginning to move again - though some observers are not yet convinced. The other issue is that the evolution package within Fedora is unmaintained, and has been for some time. This is a different sort of problem: Red Hat is actively trying to hire somebody to maintain the evolution package, but has not yet found anybody. Until that position can be filled, the evolution package in Fedora is likely to continue to languish.

An interesting side note on this discussion is that some participants have complained about Red Hat engineers suggesting the removal of Evolution. It seems that Red Hat folks have a duty to not scare the users that way. But the truth of the matter is that we cannot have it both ways: if we want to have a vibrant and open Fedora development community, the engineers involved must be able to speak their minds.

Meanwhile, the Ubuntu community has run into a different sort of issue. The original Ubuntu distribution was very much GNOME-based, with a KDE-based version ("Kubuntu") being somewhat of a second-class citizen. Last November, however, Mark Shuttleworth announced that Kubuntu would become "a first class distribution within the Ubuntu community." From the outside, it would appear that things have happened that way; Kubuntu releases happen at about the same time as "plain" Ubuntu releases, and Kubuntu has a large and (seemingly) happy user community.

As of this writing, however, visitors to the Kubuntu.de site are greeted with a protest message rather than the normal resources found there. It seems that some of the developers working on Kubuntu are not particularly happy with their relationship with Canonical. They do not feel that Kubuntu is, yet, a "first-class distribution."

The protest appears to be lead by Andreas Mueller, a co-founder of the Kubuntu project and the maintainer of Kubuntu.de. Mr. Mueller is a volunteer Kubuntu developer, not currently on the Canonical payroll. There are a number of complaints being voiced, and it is not entirely clear what the real problem is. Discussion on the lists suggests that a misunderstanding over administrative accounts is part of it. The core, however, may well be this:

A cynical observer might be tempted to conclude that Mr. Mueller is trying to shame Canonical into hiring him.

It is hard to say whether Canonical is putting sufficient resources into Kubuntu or not. It is true that there has been no great outpouring of support for this protest on the Kubuntu mailing lists. Kubuntu users seem generally content with their lot. Hopefully this disagreement can be resolved without changing that situation.

Comments (31 posted)

Cross-site scripting attacks

Two weeks ago, this page examined SQL injection attacks on web applications. Another well-known attack is cross-site scripting, often abbreviated as "XSS." Cross-site scripting is, perhaps, a more subtle way of breaking web applications, but its effects can be just as damaging as SQL Injection.

The basic vector for XSS is user input into a website that is not filtered to remove dangerous content. One of the more obvious ways this can occur is with sites that allow users to add comments to stories, without removing or altering HTML tags that they enter. For example, if one adds a comment that contains:

    <script>alert("howdy")</script>

and someone else, when looking at that comment, gets the alert, the site is vulnerable to XSS. Obviously, a javascript popup is not particularly dangerous and would be a clear sign that something odd is going on. This kind of 'attack' is only used as a proof of concept. The key thing to note is that one user can run javascript in the context of another user's browser, with all of the information and privileges of the targeted user (or, at least, the subset granted to javascript).

There are other mechanisms to inject this kind of malicious content, either as HTML links or by causing error messages that display the content. Essentially any place that a web application displays user input can be exploited if the input or output is not filtered correctly. When XSS attacks appear in links, they are often encoded in hex using the '%xx' or '&#xx;' so that it is not immediately apparent that the link contains malicious content.

A wide variety of actions can be triggered by an XSS exploit, including cookie theft, account hijacking, and denial of service. A clever attacker could make a page that looks exactly like the login page of a popular website (Google for example) and an unwary user could be fooled into entering their username and password into this page after following a link. By exploiting an XSS hole recently reported and discussed on the Bugtraq mailing list, the link would not obviously be malicious and could start with http://www.google.com.

Another common attack is to hijack a session by using an XSS exploit to capture a cookie value that stores a session ID. An attacker can then use that session ID to take over a currently logged-in session at the web site and for all intents and purposes, become that user. This attack is especially nasty if that user happens to be an administrative user - or is logged into, say, a financial site.

Avoiding XSS in a web application requires diligence in filtering user input (a common theme in nearly all web application vulnerabilities). Any user input that is sent back to browser for any reason needs to have certain characters converted to strings that will display properly, but not be interpreted as HTML by the browser. An XSS FAQ recommends replacing the following characters: < > ( ) & and # with &lt;, &gt;, &#40, etc.

XSS vulnerabilities are one of the most commonly reported security issues with web applications today. New XSS techniques are discovered regularly that find new ways to evade various security measures implemented by the browser scripting languages and new ways to fool users into falling into an XSS trap. Any technique that allows attackers to run code in your browser with your permissions is obviously cause for worry. Website users can only take some fairly drastic measures to avoid XSS (turning off javascript, not following links, etc.). This is clearly something that website owners must handle to protect their users.

Comments (9 posted)

Anti-virus to protect against anti-virus vulnerabilities

Users of the ClamAV free anti-virus system should be aware of the recent vulnerabilities in that package. No need to fear, however: SonicWALL has announced that its (proprietary) anti-virus system is now equipped to shield your network from attempts to exploit one of those vulnerabilities. So ClamAV users need not actually apply the update - just layer another anti-virus package on top of it instead.

Comments (35 posted)

clamav: multiple vulnerabilities

Package(s):	clamav	CVE #(s):	CVE-2006-1614 CVE-2006-1615 CVE-2006-1630
Created:	April 6, 2006	Updated:	April 12, 2006
Description:	The ClamAV anti-virus toolkit has three vulnerabilities. the PE header parser has an integer overflow problem, the logging code has format string vulnerabilities that may lead to the execution of arbitrary code, and the cli_bitset_set() function can be used to create a denial of service.
Alerts:	SuSE SUSE-SA:2006:020 clamav 2006-04-11 Mandriva MDKSA-2006:067 clamav 2006-04-07 Gentoo 200604-06 clamav 2006-04-07 Trustix TSLSA-2006-0020 multi 2006-04-07 Debian DSA-1024-1 clamav 2006-04-05

Comments (1 posted)

doomsday: format string vulnerability

Package(s):	doomsday	CVE #(s):	CVE-2006-1618
Created:	April 6, 2006	Updated:	April 12, 2006
Description:	The doomsday gaming engine has a format string vulnerability that may be utilized by a remote attacker for the execution of arbitrary code.
Alerts:	Gentoo 200604-05 doomsday 2006-04-06

Comments (none posted)

libimager-perl: denial of service

Package(s):	libimager-perl	CVE #(s):	CVE-2006-0053
Created:	April 10, 2006	Updated:	April 12, 2006
Description:	The libimager-perl Perl extension has a vulnerability in which maliciously created 4-channel JPEG images can cause a segmentation fault and cause a denial of service.
Alerts:	Debian DSA-1028-1 libimager-perl 2006-03-07

Comments (none posted)

mplayer: integer overflows

Package(s):	mplayer	CVE #(s):	CVE-2006-1502
Created:	April 10, 2006	Updated:	May 1, 2006
Description:	MPlayer 1.0pre7try2 has multiple integer overflow vulnerabilities. Remote attackers can maliciously craft an ASF file or an AVI file in order to cause a denial of service.
Alerts:	Gentoo 200605-01 mplayer 2006-05-01 Mandriva MDKSA-2006:068 mplayer 2006-04-07

Comments (none posted)

openvpn: arbitrary code execution

Package(s):	openvpn	CVE #(s):	CVE-2006-1629
Created:	April 11, 2006	Updated:	April 27, 2006
Description:	OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
Alerts:	Debian DSA-1045-1 openvpn 2006-04-27 Mandriva MDKSA-2006:069 openvpn 2006-04-10

Comments (none posted)

plone: unauthorized access

Package(s):	plone	CVE #(s):	CVE-2006-1711
Created:	April 12, 2006	Updated:	April 12, 2006
Description:	From the Debian advisory: "It was discovered that the Plone content management system lacks security declarations for three internal classes. This allows manipulation of user portraits by unprivileged users."
Alerts:	Debian DSA-1032-1 zope-cmfplone 2006-04-12

Comments (none posted)

xscreensaver: possible password exposure

Package(s):	xscreensaver	CVE #(s):	CVE-2004-2655
Created:	April 11, 2006	Updated:	May 24, 2006
Description:	In some cases, xscreensaver did not properly grab the keyboard when reading the password for unlocking the screen, so that the password was typed into the currently active application window. The only known vulnerable case was when xscreensaver activated while an rdesktop session was currently active.
Alerts:	Red Hat RHSA-2006:0498-01 xscreensaver 2006-05-23 Ubuntu USN-269-1 xscreensaver 2006-04-11

Comments (none posted)

Slides: open standards and security

David A. Wheeler has posted the slides from his "open standards and security" talk [PDF]. When viewing, skip immediately to the middle, where you can find a second set of slides with added commentary. "In contrast, open standards make security possible. They enable continuous competition between suppliers, so you can now choose the supplier who provides adequate security. Suppliers now compete on security, so they will have to improve. The key is using open standards appropriately to enable competition."

Comments (2 posted)

Kernel release status

The current stable 2.6 release is 2.6.16.5. 2.6.16.2 was released on April 7 with a fair number of fixes; 2.6.16.3 and 2.6.16.4 - each containing a single security fix - both came out on April 11, and 2.6.16.5, with a pair of x86-64 fixes, was released on April 12.

The current 2.6 prepatch remains 2.6.17-rc1; no prepatches have been released over the last week. 2.6.17-rc2 would appear to be imminent, however, and may be out by the time you read this.

The patches merged since 2.6.17-rc1 are mostly fixes, but there are a few more substantive changes, including a simplified form of the scheduler starvation avoidance patch, some tweaks to the memory overcommit algorithm, the removal of the obsolete blkmtd driver, the removal of the unmaintained Sangoma WAN drivers, and a new "kernel internal pipe" object (and other changes) for the splice() system call.

The current -mm tree is 2.6.17-rc1-mm2. Recent changes to -mm include a new set of patches for 64-bit resource tracking and some core dump code tweaks.

Comments (none posted)

Containers and lightweight virtualization

"Virtualization" is the act of making a set of processes believe that it has a dedicated system to itself. There are a number of approaches being taken to the virtualization problem, with Xen, VMWare, and User-mode Linux being some of the better-known options. Those are relatively heavy-weight solutions, however, with a separate kernel being run for each virtual machine. Often, that is exactly the right solution to the problem; running independent kernels gives strong separation between environments and enables the running of multiple operating systems on the same hardware.

Full virtualization and paravirtualization are not the only approaches being taken, however. An alternative is lightweight virtualization, generally based on some sort of container concept. With containers, a group of processes still appears to have its own dedicated system, but it is really running in a specially isolated environment. All containers run on top of the same kernel. With containers, the ability to run different operating systems is lost, as is the strong separation between virtual systems. Thus, one might not want to give root access to processes running within a container environment. On the other hand, containers can have considerable performance advantages, enabling large numbers of them to run on the same physical host.

There is no shortage of container-oriented projects. These include relatively simple efforts like the BSD jail module through more thorough efforts like Linux-VServer, OpenVZ, and the proprietary Virtuozzo (based on OpenVZ) offering. Many of these projects would like to get at least some of their code into the kernel and shed the load of carrying out-of-tree patches. There is little interest, however, in merging code which only supports some of these projects. The container people are going to have to get together and work out some common solutions which they can all use.

It appears that this is exactly what the container developers are doing. A loose agreement has been put in place wherein developers from a few projects will discuss proposed changes and jointly work them into a form where they meet everybody's needs. Once a particular patch has reached a point where all of the developers are willing to sign off on it, it can be forwarded for eventual merging into the mainline.

The more complex and intrusive changes, such as PID virtualization, appear to be on hold for now. Instead, it looks like the first jointly-agreed patch might be the UTS namespace virtualization patch. The aim of the patch is relatively straightforward: it allows each container (as represented by a family tree of processes) to have its own version of the utsname structure, which holds the node name, domain name, operating system version, and a few other things. In essence, it replaces a single global structure with multiple structures attached at various places in the process tree. It still requires a five-part patch, with every reference to the global system_utsname structure replaced by a call to the new utsname() function.

Longer-range plans call for the virtualization of every global namespace in the kernel, including SYSV IPC, process IDs, and even netfilter rules. There was an interesting discussion on the virtualization of security modules; some think that each container should be able to load its own security policy, while others argue in favor of a single system security policy which is aware of (and able to use) containers. Unsurprisingly, SELinux is already equipped with a type hierarchy mechanism which can be used with containers in the single-policy approach.

Containers might still prove to be a hard sell with some developers, who will see them as complicating access to many internal kernel data structures without adding a whole lot of value. It is clear, however, that there is a demand for this sort of lightweight virtualization - OpenVZ, alone, claims to be running over 300,000 virtual environments. So the pressure to standardize this code and move it into the mainline will only grow over time. Once they are clean enough to satisfy the development community, pieces of the container concept are likely to be merged.

Comments (6 posted)

tee() with your splice()?

The new splice() system call was covered here last week. As was predicted then, this new kernel API has continued to evolve; many of the non-fix patches going into the post-2.6.17-rc1 mainline involved changes to splice().

For starters, the prototype of the splice() system call has changed:

    long splice(int fd_in, loff_t *off_in, int fd_out, loff_t *off_out,
                size_t len, unsigned int flags);

The two offset values (off_in and off_out) are new; they indicate where each file descriptor should be positioned prior to beginning the transfer of data. Note that these offsets are passed via pointers; user space can use a NULL pointer to indicate that the current offset should be used. Note also that these offsets do not work like the offsets in pread() or pwrite(): they will actually change the offset associated with the file descriptor. Providing an offset for a file descriptor associated with a pipe is an error.

Internally, the splice() code has seen a couple of interesting changes. One of them (in the regular pipe code, actually) is the creation of a new pipe_inode_info structure to represent the core machinery behind a pipe. This structure can stand apart from the normal inode structure. Many of the internal interfaces have been changed to use the new structure, including the new methods in the file_operations structure:

    ssize_t (*splice_write)(struct pipe_inode_info *pipe, 
                            struct file *out, size_t len, 
			    unsigned int flags);
    ssize_t (*splice_read)(struct file *in, struct pipe_inode_info *pipe, 
                           size_t len, unsigned int flags);

Since there are still few implementations of these methods in the kernel, the changes are not particularly disruptive.

Next in the list is support for directly splicing two file descriptors where neither is a pipe. This functionality is not (yet) available to user space via splice(), but it is used internally to implement sendfile() with the splice() mechanism. The direct splicing is implemented using a hidden pipe_inode_info structure (i.e. a pipe); it is stored in the new splice_pipe field of the task structure, so each process can only have one such connection running at any given time.

One patch which has not been merged - and will likely wait until 2.6.18 at this point - is the tee() system call:

    long tee(int fdin, int fdout, size_t len, unsigned int flags);

This call requires that both file descriptors be pipes. It simply connects fdin to fdout, transferring up to len bytes between them. Unlike splice(), however, tee() does not consume the input, enabling the input data to be read normally later on by the calling process. Jens Axboe provides an example implementation of the user-space tee utility, which comes down to a couple of calls:

    len = tee(STDIN_FILENO, STDOUT_FILENO, INT_MAX, SPLICE_F_NONBLOCK);
    splice(STDIN_FILENO, out_file, len, 0);

The input data will be written both to the standard output and the file represented by out_file without ever being copied to or from user space. To be sure of copying the entire input data stream, the application must perform the above calls within a loop, of course; see the full example at the end of the tee() patch.

This call is quite new, and may well change before it makes it into the mainline. Among other things, it might get a new name, since something as simple as tee() may already be in use in a number of applications.

Comments (6 posted)

The 2006 Wireless Networking Summit

Once upon a time, setting up a Linux system was a long and problematic process, with no assurance that a given system would work without great pain. Most of those problems have been overcome for years, and, to a great extent, a system can be expected to "just work" with Linux. A few problematic areas remain, however, and wireless networking is one of them. Even when the available hardware is supported (often not the case), making a wireless connection work in a fully-featured way can often be a challenge.

Group photo: 1000x620, 2200x1360

A lot is happening in the wireless area, however. To help things along, the folks at the Open Source Development Labs hosted a summit for wireless networking developers on April 6 and 7 at OSDL headquarters in Portland. This event brought together a diverse mix of developers from around the world, many of whom had never met before. Its purpose - to chart a path forward for the creation of a reasonable Linux wireless networking implementation - appeared to have been largely achieved.

Your editor was fortunate enough to be able to attend this meeting. The following report is an attempt to summarize the conclusions from the summit - it is not a set of detailed minutes, and your editor will engage in some chronological reordering along the way. Hopefully the result will provide a sense for where things stand, and where they are likely to go in the near future.

History

As John Linville (the recently-named wireless networking maintainer) noted in a conversation with your editor, early wireless adapters were marketed as "wireless Ethernet," and Linux kernel developers treated them as a sort of slow, unreliable, fiddly Ethernet adapters. But wireless is not Ethernet in any way - it is a completely different set of networking standards with its own quirks, special features, and distinct needs. Treating wireless as a form of Ethernet slowed support for those special features, and, more importantly, impeded the development of any sort of internal kernel support for wireless. Each developer who set out to write a driver for a wireless adapter ended up implementing everything from the beginning. So there was no general wireless API, no comprehensive support of wireless features, and a great deal of divergence and duplication of code between drivers.

In 1997, Jean Tourrilhes decided to do something about this situation. The result was WE-1 - the first version of the Linux wireless extensions. There was still no 802.11 standard at the time, but the WE API enabled the configuration and operation of wireless adapters with a single set of tools. Jean's wireless tools are still the core utilities for managing wireless adapters, though the graphical interfaces are replacing the wireless tools for most users.

Development of the wireless extensions continued, with WE-9 - supporting the new 802.11 standard - being released in 1999. WE-18, merged last year, added support for WPA ("WiFi Protected Access"). The current revision, WE-20, adds a new, netlink-based interface as a future replacement for the current ioctl() API.

Though development continues, there appears to be a general, shared feeling that the wireless extensions are heading toward the end of their useful life. A replacement API - which does not exist yet - would work with the entire wireless networking stack, rather than being an interface directly to the low-level drivers. Regardless of how that plays out, however, the wireless extensions are likely to be around for a long time to come.

The current status

The current effort to create a proper wireless stack for Linux started in 2004, when Jeff Garzik announced the creation of a special wireless tree, initially seeded with the HostAP code. The merging of HostAP enabled support of some relatively current networking cards and the use of a Linux system as a wireless access point. The creation of this tree did help to get things going, but HostAP has not turned out to be everything that had been hoped for. In particular, there is no support in HostAP for cards which need software MAC ("softmac") implementations. But many contemporary cards rely upon the host software for many low-level operations; these cards can not be supported by the wireless stack found in the current (2.6.16) kernel.

The result is, as John Linville put it, a Linux wireless implementation which supports "anything which is obsolete." Some cards are supported, some better than others. Most noteworthy among current hardware is the set of Intel IPW drivers, which, thanks to Intel, have very good support in the kernel - but these adapters do not need softmac support.

What is lacking, at this point, is a small list of mildly desirable features, including support for much widely-used hardware. Ease of use is also lacking - despite improvements in the graphical tools, configuring a wireless connection can still be a painful procedure. Perhaps the best demonstration of these two problems was to be found at the summit itself, where about 25% of the participants ended up using an Ethernet cable to plug directly into the OSDL network.

Other problems include consistency (or the lack thereof) across hardware - there are still a number of adapter-specific APIs in the kernel and in the out-of-tree drivers. The documentation of APIs is, well, nonexistent; a complaint was heard that Linux Device Drivers does not describe how to write a wireless driver. There is no coordinated process for extending APIs. Quality of service support is not present - an issue we'll return to shortly. There are no driver test suites in general circulation. And the whole regulatory issue looms over the wireless networking arena, and is the largest single cause of out-of-tree (or nonexistent) wireless drivers. Many vendors simply do not feel that they can release programming information or free drivers and remain compliant with regulatory regimes worldwide.

Meanwhile, the upcoming 2.6.17 kernel will see some improvements in its wireless support. John merged one of the many softmac implementations out there, on the theory that it was one of the most active projects and that it would help to support driver development. The bcm43xx (Broadcom) driver, which uses softmac, was also merged, and there are a couple of other softmac-based drivers under development. Even so, the consensus appears to be that softmac is not the way forward; that, instead, the Devicescape stack is the real future of Linux wireless.

Devicescape

Devicescape is a company which offers a number of products and services around wireless networking. In developing it offerings, Devicescape created its own, Linux-based 802.11 stack with a number of nice features - including good softmac and WPA support . This stack was recently released under the GPL and has been fixed up for the kernel by Jiri Benc. It is regarded by many as being the best of the available free stacks.

When Jeff Garzik maintained the wireless tree, he took a firm position against moving to the Devicescape stack, stating instead that the in-kernel code should be evolved toward the needed capabilities. He appears to have found himself in the minority, however, and John Linville seems poised to merge this stack for a future kernel release. He maintains a separate development tree which includes Devicescape, and some drivers (notably bcm43xx) have been ported to this stack. Nobody at the summit was heard to argue against merging Devicescape.

Devicescape hacker Simon Barber talked about this code for a bit, and a separate breakout session addressed it as well. This stack is a large body of code. The freely-released code available now includes the 802.11 stack, the "openap" access point code, and a link-layer bridging module. Work which will be released soon includes improvements to the hostapd daemon (802.11g support, among other things; this code is being merged now); bridging and VLAN integration, and various improvements to Ethereal for wireless developers. There is also "a complete home gateway distribution" in the works. There is the inevitable web portal being put together to provide access to all this code.

Quite a bit of work is foreseen for the Devicescape stack. It is composed, internally, of a long list of handler functions which deal with frames (both data packets and 802.11 management frames) on their way to and from the adapter. Future plans call for enabling loadable modules to plug in their own handler functions. More of the management code may also eventually be moved out to user space. To that end, some additional management capabilities will be added to the hostapd daemon, which handles authentication and management tasks. Merging hostapd with wpa_supplicant, which handles the client side of the authentication process, is envisioned; evidently a number of things become easier when the two functions are merged into the same process.

There is also a great deal of complexity coming with the long list of future 802.11 standards. These standards will require support as they are adopted.

One interesting area of development has to do with quality of service support. 802.11 defines four service levels: "voice," "video," "best effort," and "background." There is a priority range for each service level, and the ranges overlap. All voice packets will go out before any background packets, but the rest of the levels will share the available bandwidth. With proper QoS support, a wireless user can carry on a voice-over-IP conversation, stream video of the latest "breaking news" celebrity sighting from CNN, grab a new kernel by FTP, and distribute materials (best not to ask what) via Bittorrent. Each activity can operate at its own quality of service level, and all should get the best available performance.

Some wireless network adapters have quality of service support in the form of four separate transmit queues. If the host places each packet in the appropriate queue, the adapter will divide the available bandwidth between them in a way which respects each level's service quality. The problem is that the Linux networking stack only supports one transmit queue per device. This presents a problem when one of the four device-level queues fills up. There is no way to tell the kernel that no more background packets can be queued, but there is still space for voice packets, for example; the only thing the driver can do is to stop the queue for all packets.

The Devicescape hackers have worked around this problem using the traffic control mechanism built into the networking stack, which normally operates at a level not seen by driver code. By creating a separate internal queue for each service level, the Devicescape stack can, for all practical purposes, implement a separate transmit queue for each service level. Even better, it becomes possible to configure policy - which types of traffic get which service level - from user space using the normal traffic control tools. What would be nice, however, would be to generalize this use of the queueing discipline code, and to make it available for other sorts of hardware as well.

Another area requiring work is user-space API definition. There is no well-understood API which, for example, can be used by a graphical wireless management utility to talk with the networking stack and with processes like hostapd. There isn't really even a discussion of how such an API should look at the moment.

Other open issues include the usual regulatory hassles, the lack of a user-space MAC-layer management environment, the need for better scanning, support for adapters which perform MAC management in hardware, power management support, and a rework of the configuration interface. Configuration is handled by way of ioctl() calls and a /proc interface. It was noted, in a pointed manner, that the Devicescape code will not make it into the mainline as long as it contains /proc files. It seems that the Devicescape stack also needs some work before it will operate properly on SMP systems.

Finally, adding proper wireless support to the kernel will involve the creation of a specific net_device type for 802.11 devices. An 802.11-specific sk_buff structure should also be defined. Current code still uses the Ethernet types and drags along the extra needed information on the side.

The biggest open issue, however, may be this: what happens to the just-merged softmac code when Devicescape is merged? There is much duplication of functionality there, and nobody is thrilled by the idea of having to maintain two separate 802.11 stacks indefinitely into the future. There is a clear parallel with the OSS and ALSA sound drivers; ALSA was supposed to replace OSS, but removing the OSS drivers has proved to be a difficult thing to do. It is not clear what can be done to make removing softmac any easier.

Tools

The summit was mostly attended by kernel-oriented developers, but there was also some discussion of user-space tools; NetworkManager hacker Daniel Williams was present. It is recognized by all that, while the quality of the available tools has improved significantly in the last couple of years, there is some ground to cover yet. In particular, configuring an interface can be relatively painless when things go well, but, as soon as something doesn't quite work, the whole experience falls apart.

Improving the situation will require support from the kernel side. When things go wrong, user space needs to know just what the problem is. But there is no consistent set of error codes returned by the kernel to indicate, for example, that the required adapter firmware is not present, or the provided WEP key is not valid. Some drivers support more of the current API than others, which does not help, and API documentation is generally not available. Better scanning support would also be useful.

Hardware support

While getting the networking stack and user-space tools into shape is necessary, improving hardware support is also a necessary step toward a Linux wireless implementation which truly "just works." Some hardware (Intel, others) is well supported now, others (Broadcom) will be supported soon. Some, such as the Atheros chipset, may be a long time in coming. The existing Atheros driver (as found in OpenBSD) appears to be severely tainted by code of questionable origin, to the point that its chances of being merged into Linux are about zero. There is an effort to document the Atheros hardware from the currently-available code, enabling a clean-room driver implementation in the future, but there is quite a bit of work yet to be done.

The regulatory compliance issue came up again in this context. Some adapters (such as Atheros) are, for all practical purposes, general-purpose radios which can be programmed to operate far out of the 802.11 specification. When a free driver is developed for such hardware, it would be a Good Thing to be sure that it runs the hardware in a manner compliant with the applicable regulations, even if it cannot necessarily be certified as such. That sort of testing requires specialized equipment, however, and is evidently a multi-day process. The necessary equipment does exist at companies like Nokia and at some universities, but there is currently no process for obtaining access to that equipment for compliance testing.

Much of the current driver work is done outside of the mainline tree, and the kernel developers would like to see that changed. Once code gets into the mainline, it is easier for others to review and improve. Greg Kroah-Hartman encouraged driver developers to merge their code as early as possible, even if it doesn't work yet.

Communications regarding wireless drivers, it was agreed, would remain on the netdev mailing list for now. If, at some point, that conversation threatens to overwhelm other traffic on netdev, a new list can be created. There will also likely be a web set put together for wireless driver information in the near future.

Other issues

One purpose behind the summit was simply to try to pull more of the relevant developers into the wider kernel process. To that end, there was a talk on source control systems - git and quilt in particular. The "merge early" approach was advocated many times.

Stephen Hemminger gave a talk on the state of the bridging code. Bridging is of interest to wireless developers - it can be used for connection sharing and mesh networking applications. To that end, the bridging code is likely to be reworked and much of it moved to user space. Just like routing is mostly handled by user-space daemons now, bridging management - including the spanning tree maintenance - will move to user space in the future.

Some representatives of the Personal Telco Project were brave enough to compete with a delivery of pizza for the developers' attention at lunch time. These folks have put together a network of over 100 Linux-based free wireless hotspots around Portland. They had a number of requests of the kernel developers, including free Atheros drivers which don't crash the system and good, zero-configuration mesh networking. This is an interesting project which shows the power of what a few "unemployed geeks" can do.

Overall, the wireless summit was an optimistic event. While the shortcomings of Linux wireless support were well recognized and understood, there was also a clear sense that not only could the problems be solved, but that many of the solutions were already well advanced. If all goes according to plan, the day when Linux wireless "just works" is not that far off.

Comments (30 posted)

A Quick Look at grml

GRML 0.7 (codename Bootenschnitzl) was released earlier this week. GRML is a Debian-based Live CD with software for users of text tools and system administrators. In addition to the live CD, it supports installation to a hard drive or a USB stick. When using the live CD you save configuration files to a RW-CD, to a USB stick or create a partition on the hard drive for that purpose.

The kernel in 0.7 is a vanilla 2.6.16.1 kernel with several additional patches and modules. Other packages in this version were updated to Debian unstable as of April 7, 2006, with a few minor updates added later.

The live CD boots to a root console. Another user "grml" is available in the default setup and there is a 'grml-x' script that can be used to start up X and a window manager such as fluxbox. See the screenshots page for some views of grml booting and running with fluxbox.

Although grml-0.7 is small, there is another, even smaller version, grml-small currently at 0.2. There is also a repository with over 2300 packages, with plenty of security and networking tools, data recovery and forensic tools, and more that can be added with a simple apt-get.

GRML is released under the GNU General Public License. The FAQ contains answers to most questions. All in all it looks like grml is shaping into a nice, lightweight distribution that many system administrators will enjoy having in their tool kit.

Comments (2 posted)

FoX Desktop 1.0 Professional

FoX Linux has announced (in Italian) the release of FoX Desktop 1.0 Professional. This version is based on Fedora Core 4 and features Linux kernel 2.6.15 with drivers for NTFS, ndiswrapper, Ati Radeon, NVidia GeForce, plus KDE 3.5.1 and more.

Comments (none posted)

Debian Project Leader Election 2006 Results

The winner of the 2006 Debian project leader election has been announced. "I would like to thank all the candidates for their service to the project, for standing for the post of project leader, and for offering the developers a strong and viable group of candidates. Finally, I would like to congratulate Anthony Towns, the Project Leader-elect, for his success." See the Debian Project Leader Elections 2006 page for more information. Here is AJ's first response to the news, and more thoughts at AJ's indolence log.

Full Story (comments: none)

Debian news

Joerg Jaspert reports that amd64 packages are in unstable and will soon move to testing. "As inclusion of AMD64 in Debian is now at a point where unstable nearly has all packages built we are at the point to move on with this archive."

Marc 'HE' Brockschmidt takes a look at New Maintainer reform. "Problems with the New Maintainer process have been a regular topic on Debian mailing lists in the past few months. As I'm both interested in not reading more flamewars and actually improving things, I've summarized my experiences and tried to come up with something that is perhaps able to fix most of the problems. Please note that this is my opinion, not something decided by the NM team."

Wouter Verhelst presents some bits from the experimental autobuilder team. "As many of you undoubtedly know, experimental is autobuilt these days. Experimental is a bit of a special case in Debian's distributions, which means that our experimental autobuilders act slightly differently from those of unstable, stable-security, and others."

Raphael Hertzog has announced the Debian Python Modules Team and issued an invitation for all maintainers of python modules to join. Python 2.4 will soon be the default, so the goal is to update all packages that currently depend on older versions.

Comments (none posted)

It's the HUG DAY!

Ubuntu thinks that all bug triagers should get a hug for their efforts. There will be a HUG DAY April 13, 2006. If you missed it, don't worry. Click below to see how you can get involved in squishing bugs in Dapper Drake every day.

Full Story (comments: none)

openSUSE at LinuxTag 2006

Look for openSUSE at LinuxTag 2006 and join the openSUSE Day subconference.

Full Story (comments: none)

Debian Weekly News

The Debian Weekly News for April 11, 2006 covers the preparations for a Sarge update (Debian 3.1r2), the DPL election, a server for internationalization efforts, a proposed general resolution to alter the Debian Free Software Guidelines, Linksys NSLU2 support in the Debian installer, changes to su and sudo, Xen in Debian, and several other topics.

Full Story (comments: none)

Fedora Weekly News Issue 41

The Fedora Weekly News for April 10, 2006 looks at the Fedora Foundation, Fedora Art Team Now Open, LinuxWorld and FUDCon Boston 2006, FUDCon Boston 2006 Videos, Linux Online: Fedora Core 5 Review, LinuxForms: Overview of the ten major Linux distributions, University Launches Linux Technology Center, and other topics.

Comments (none posted)

Mandriva Community Newsletter #118

The Mandriva Community Newsletter for April 7, 2006 covers Mandriva's win of Editor's Choice in TUX Magazine's distro smackdown, Warly speaks to the Mandriva Club, Transgaming signs agreement with Polish Mandriva partner, and more.

Full Story (comments: none)

DistroWatch Weekly, Issue 146

The DistroWatch Weekly for April 10, 2006 is out. "This will be an interesting week for distribution developers and beta testers - if everything goes according to the plan, the release candidate of the much delayed SUSE Linux 10.1 should be released later this week, together with the first beta of Ubuntu Linux 6.06. We'll also look at the events of the past week - the unexpected burial of the Fedora Foundation plans, troubles in Kubuntu, and elections of the new Debian Project Leader. As promised, the winners of the Beginning Ubuntu Linux competition are also announced."

Comments (none posted)

Fedora updates

Updates for Fedora Core 5: sane-backends (don't use automake), iptraf (fix crash), tix (shared lib placement fixup), xscreensaver (patch zombie process leaks), GConf2 (bug fixes, improvements), liboil (update to 0.3.8), gnome-screensaver (refresh kerberos credentials), alsa-utils (bug fix), system-config-printer (update to 0.6.151.2), gnome-screensaver (fix idle activity detection), xsane (bug fixes), cairo (update to 1.0.4), subversion (update to 1.3.1), netpbm (update to 10.33), shadow-utils (bug fix), gnbd-kernel (build xen for x86_64), cman-kernel (build xen for x86_64), dlm-kernel (build xen for x86_64), GFS-kernel (build xen for x86_64), ghostscript (bug fixes), checkpolicy (FC5 update), libsemanage (FC5 update), libsepol (FC5 update), selinux-policy (FC5 update), eclipse-changelog (update to version 2.0.2), gaim (bug fix), squirrelmail (fixes Chinese and Korean encoding).

Updates for Fedora Core 4: sane-backends (bug fix), netpbm (update to 10.33), gaim (bug fix), squirrelmail (fixes Chinese and Korean encoding).

Comments (none posted)

Trustix updates

Trustix Secure Linux has updated device-mapper, evms, lvm2 and vsftpd. Various bugs have been fixed for TSL 3.0.

Full Story (comments: none)

Installing Software on Debian (O'ReillyNet)

O'ReillyNet provides a primer on Aptitude, with a look at Synaptic. "Using APT is the most important skill for a Debian administrator to learn. The two most popular tools in Debian for managing packages are apt-get and aptitude. Most people find aptitude superior, as it not only includes all of apt-get's features, but also includes many others, such as an interactive menu-driven mode and the removal of packages when you no longer need them."

Comments (2 posted)

DCC Alliance: I'm not dead yet! (Linux-Watch)

Linux-Watch takes a look at the current status of the DCC Alliance. "Rumors were swirling around the halls of LinuxWorld that the often-troubled DCC Alliance was going to fold its tents and disappear. What actually happened was that several of the members met quietly and agreed to a tenuous plan to move forward under a new president pro tem, Kevin Carmony, Linspire Inc.'s CEO."

Comments (none posted)

Using Distrowatch (Zenwalk.org)

Zenwalk.org takes a look at Distrowatch scoring. "This article is about the "Hits Per Day" (HPD) score on Distrowatch, what it can be used for and how you can read a lot of different information out of it. On Distrowatch you can follow the "popularity" of almost any distro of your choice. I put quotes around the popularity because you can question what the score actually means."

Comments (none posted)

Damn Small Linux plus pendrive equals portable paradise (Linux.com)

Linux.com takes a look at Damn Small Linux on a pen drive. "I recently acquired a 256MB USB pendrive that I use for storing personal documents and work-related stuff. As a Linux fan who wanted to make the most of his new toy, I went looking for the simplest, smallest distro I could find that could boot from a pendrive. I found Debian-based Damn Small Linux, whose long list of bundled applications fits into a meager 50MB. The more I use it, the more I like it."

Comments (none posted)

My desktop OS: Damn Small Linux (NewsForge)

NewsForge hears from a fan of Damn Small Linux. "Damn Small Linux is a great match for older hardware because it's loaded with lightweight software. My machine has a 166MHz Pentium CPU with 32MB of RAM and a 1.2GB hard drive, and it runs extremely well with DSL. I've always favored simple applications that do one job and do it well, so the stripped down nature of the programs included with DSL doesn't bother me. However, if I need the extra power of more complex programs, they're a breeze to install."

Comments (none posted)

Get your game on with SuperGamer-1 (TuxMachines)

TuxMachines.org looks at the SuperGamer-1 live DVD. "The SuperGamer-1 is a modification of the famous and well respected PCLinuxOS distribution optimized for gaming. It includes 3d acceleration drivers, the underlying pclos system, and several nice games (or demos). It was originally based on P91 and it is still so today. Much of the everyday software included on the disk/iso is beginning to grow a little long in the tooth, but Darin, the shy and quiet developer, states, "this is completely pclinuxos with a few tweaks and can be updated to P92 levels at the very least. The supergamer is completely compatible with all the updates and normal mirrors are used in synaptic...it will update completely to all the new stuff. I will be doing some testing to see how compatible taking the base supergamer up to P93 levels will be." And of course, being based on PCLinuxOS, the infallible harddrive installer we all know and love is also included, as well as the PCLinuxOS Control Center and Synaptic."

Comments (none posted)

Review of the LINI PC

Around the end of 2005, the LWN chief editor suggested that it might be a good time to invest in some new computing hardware for the development and distributions editors. Your development editor was assigned the task of finding this new hardware. Being a hardware guy at heart, I did not find this to be an especially odious task.

Requirements

The new machines needed to be reasonably fast, yet inexpensive. Their use was mainly for desktop work. The machines that were being replaced, Athlon 1700 XP systems with Asus A7V333 motherboards, were noisy to the point of being annoying. Silence is golden. The new machines were destined to run only Linux, so there was no need to pay extra for Microsoft operating system licenses. This requirement narrowed the field of available desktop machines considerably.

Several weeks were spent searching through ads in Linux magazines and searching around the net. The possibility of assembling machines from individual parts was considered, but the array of available motherboards, CPUs, cases and graphics cards made the task difficult. Success with that approach was unpredictable.

Next, some Linux-specific PC vendors were investigated. Penguin Computing was considered, but their hardware was more aligned with the server market than the desktop market. The fun was beginning to wear off of the project when your author stumbled across Open Sense Solutions and their LINI PC line. The LINI PC was advertised as being small, quiet, and fast. It came with a pre-installed version of the Ubuntu Linux distribution, so Linux compatibility was guaranteed. A 1 year warranty was also part of the deal.

Features

The configuration of the LINI machines, with some additional options, included:

• Asus K8V-MX Micro-ATX motherboard with built-in:
  • S3 2D Graphics card
  • AC97 sound chip
  • Serial port
  • Parallel port
  • 8 USB 2.0 ports
  • 10/100 mbit/sec ethernet
  • SATA hard drive interface
  • PATA CDROM interface
• AMD Athlon 64 2800+ CPU
• 1 GB of PC3200 RAM
• 200 GB SATA disk drive (250GB on one box)
• DVD +-R/RW drive with CDR capabilities
• Antec Aria case
• front panel USB ports
• front panel Compact Flash and Memory Stick sockets
• front panel audio ports

The front-panel Compact Flash slot is a very useful feature if you frequently use a digital camera (without USB), it allows for fast and easy downloads of images. All of the various ports have been tried out, and no problems have been encountered.

The box has 3 fans, one for the power supply, one for the CPU, and a vertical slot-fan. While not totally silent, the box is reasonably quiet, and is a huge improvement over the previous system. The cooling is also quite effective, this should give the hardware a long life.

The Antec Aria case (reviewed here) is well designed. Access to the inside is achieved by unscrewing a single thumb screw on the back of the box. The top and side panels just slide out and the innards are revealed. The contents of the box are packed together fairly tightly, but sufficient air flow is available for cooling of all of the internal components.

There is space (not much) for a second and third hard drive, but both have to be mounted vertically, and they would add a lot more heat to the inside of the box. Fortunately, disk space is not a big problem with the current generation of hard drives, and a single drive will work for most users.

The Asus motherboard's Micro-ATX form factor allows the box to be quite small. The box measures in at 10-1/2" wide by 8" tall by 13" deep. It is roughly one third the size of the full-size tower case that it replaced. Here are some large format images of the outside and inside of the LINI PC.

Nothing's Perfect

The worst feature of the LINI box is the location of the power switch. Space on the front panel is limited, and the large square power button is located just below the CDROM eject button. This is especially a problem when the CDROM tray is in the out position and the buttons are not easily seen. It only takes one instance of pressing the wrong button before one becomes extremely cautious when using the CDROM. A rear panel power switch would be an improvement, although space is very limited there as well.

The power supply in the Antec cube box is in an L-shaped box. This is not a huge problem, but it is a non-standard form factor and could prove to be difficult to find a replacement in the event of a failure. The odd power supply shape was required due to the small box size.

The only other mis-feature of the LINI that your editor found is the placement of the two blindingly bright Blue LEDs on the front of the case. The LEDs are directly visible When the box is viewed from the side, a fogged diffuser lens would be a nice addition.

Conclusion

Most computer reviews are written within a short period after the hardware is received. The problem with that approach is that it takes some time to become familiar with the hardware, and subtle problems may take a while to show up. The LINI machine has been running reliably for almost four months, it is safe to call it a good piece of hardware. Compile times are blazingly fast, and GUI response is quite zippy.

We are lucky to live in an era when computer hardware is improving at a rate that is on a par with the slowing effects of software bloat. The best way to discover that your current computer has made the gradual transition from cheetah to snail is to upgrade to a faster box, then return to the old machine. The author's previous machine once seemed like it had more processor power than one could ever use. After using the LINI, the older machine just doesn't seem very responsive anymore.

Comments (21 posted)

MySQL 5.0.20 has been released

Version 5.0.20 of the MySQL database has been released. "This is a bugfix release for the current production release family."

Full Story (comments: none)

PostgreSQL Weekly News

The April, 9 2006 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL database articles and resources.

Full Story (comments: none)

SQLite 3.3.5 released

Version 3.3.5 of SQLite, a small C library that implements a self-contained, embeddable, zero-configuration SQL database engine, is out. "This release fixes many minor bugs and documentation typos and provides some minor new features and performance enhancements."

Comments (none posted)

BusyBox 1.1.2 (stable) is out

Stable version 1.1.2 of BusyBox, a collection of command line tools for embedded systems, is available. "You can now download BusyBox 1.1.2, a bug fix release consisting of 11 patches backported from the development branch: Some build fixes, several fixes for mount and nfsmount, a fix for insmod on big endian systems, a fix for find -xdev, and a fix for comm."

Comments (none posted)

CUPS 1.2rc2 announced

Version 1.2 rc 2 of the CUPS printing system has been announced, it features a long list of bug fixes. "The second release candidate of CUPS 1.2 is now available for download from the CUPS web site. We are also providing binary packages for Red Hat Enterprise Linux 4 (32-bit + 64-bit Intel), Fedora Core 4 (32-bit Intel), and MacOS X 10.4 (32-bit PowerPC + Intel) for your convenience. In accordance with the updated CUPS Developers Guide, we will have at least a two-week release candidate period to resolve any issues in the 1.2 release."

Comments (none posted)

Campsite 2.5.1 released

Version 2.5.1 of Campsite, a multi-lingual content management system, has been released. "Campsite 2.5.1 is a localization and minor bug fix release. If you havent experienced any problems with 2.5.0, there is no need to upgrade."

Full Story (comments: none)

GNOME 2.14.1 Released

GNOME 2.14.1 is out. This appears to be primarily a bug-fixing release; click below for the details.

Full Story (comments: 1)

GNOME Goal #2 (GnomeDesktop)

GnomeDesktop.org has an announcement for the second round of GNOME goals. "After the success of the first GNOME Goal, the second one is a combo GNOME Goal: you get two goals for one. The first one is to install theme-friendly icons, because every application has the right to be correctly themed! The second goal is to help our translators, so they don't have to check out an entire module to add a translation. And it's really easy to do this since you only have to put a LINGUAS file, with some other small changes."

Comments (none posted)

GNOME Software Announcements

The following new GNOME software has been announced this week:

• Beagle 0.2.4 (new features, bug fixes and translation work)
• control-center 2.14.1 (bug fixes, translation work, and other improvements)
• Deskbar 2.14.1 (bug fixes and translation work)
• duty-roaster-0.1.0 (new features and translation work)
• Eye of GNOME 2.14.1 (new features and translation work)
• GDM2 2.14.1 (bug fixes and translation work)
• gedit 2.14.2 (bug fixes and translation work)
• GLib 2.10.2 (new features, performance improvements and translation work)
• gnome-games 2.14.1 (bug fixes)
• GNOME Nettool 2.14.1 (new features, bug fixes and translation work)
• GNOME Power Manager 2.14.1 (new features)
• gnubiff 2.2.0 (new features and bug fixes)
• GnuCash 1.9.4 (unstable development release)
• GQ LDAP client 1.0 RC 1 (bug fixes and code improvements)
• GTK+ 2.8.17 (bug fixes and translation work)
• gtk-doc 1.6 (bug fixes and other improvements)
• Gtk2-Perl 2.14.1 (bug fix)
• Metacity 2.14.2 (new features, bug fixes and translation work)
• Pango 1.12.1 (bug fixes)
• PyGObject 2.10.1 (bug fixes)
• Zenity 2.14.1 (new features, documentation and translation work)

You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week:

• Beesoft Commander 2.18 (translation work)
• Binarieposter 1.b_engl (initial release)
• GamLetter 0.6 (new features and bug fix)
• KAlarm 1.4.0 (new features, bug fixes and translation work)
• KBarcode 2.0.1 (bug fixes and translation work)
• KDE DVDAuthor Wizard 1.2 (new features, bug fixes and code cleanup)
• KDE SSH-Agent 1.2 (bug fixes and other improvements)
• KDiff3 0.9.89 (new features and bug fixes)
• Kerry Beagle 0.1 (bug fixes and translation work)
• Kexi 1.0 (new features and bug fixes)
• Kgraphviewer 0.3 (new features)
• KMediaFactory 0.5.1 (bug fixes and translation work)
• KMess 1.4.3 (bug fixes)
• Konqueror Anti-Phishing Toolbar 0.1.0 (unspecified)
• KPowersave v0.6.0-stable (bug fixes and translation work)
• Kslackcheck Slackware Tool 3.3 (bug fixes)
• KVideoEncoder 0.07-pre1 (new features and bug fixes)
• RSIBreak 0.6.0 (new features and bug fixes)
• vTaskPro 6.32 R4 (stable release)

You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

The Return of KDE Commit Digest (KDE.News)

KDE.News has announced a new issue of the KDE Commit Digest. "The weekly summery of happenings in KDE development, The KDE Commit Digest, has returned with a new author, Danny Allen. Highlights in the current issue: "KFileDialog becomes aware of media:/ and system:/. New icons and other fixes in amaroK. New privacy features and multiple webcam connection support for the MSN protocol in Kopete. kcmwifi removed in /trunk (to be replaced by Solid in KDE 4). Kerry, the KDE Beagle frontend, is imported into KDE SVN." It also shows the week's most important postings to the KDE mailing lists and the top ten committers of the week (congratulations Gilles Caulier)."

Comments (none posted)

LyX 1.4.1 is released

Version 1.4.1 of LyX, a GUI front-end to the TeX typesetting system, has been released. "This is a bug fix release, but some of the bugs were big."

Full Story (comments: none)

Icarus Verilog 20060409 released

Version 20060409 of Icarus Verilog, an electronic simulation language compiler, is out. "The most substantial difference in this snapshot the first signs of generate support. The compiler now supports generate loops and has been tested with examples that include wires and gates within the generate scheme." See the release notes for more change information.

Comments (none posted)

New OpenCollector releases

The latest electronic software releases on the OpenCollector site include asco 0.4.1, a SPICE circuit optimizer and Covered 0.4.1 (stable), a Verilog code coverage utility.

Comments (none posted)

watermelons 1.1.0 released

Version 1.1.0 of watermelons, a PyGame project, has been announced. "pekuja, philhassey, and treeform got together on irc this evening and cranked out this whacky game about bouncing watermelons on a trampoline in about 4 hours. enjoy!"

Comments (none posted)

Comix 3.0 released (SourceForge)

Version 3.0 of Comix, an image viewer that is customized for viewing comic books, is available. "It includes quite a few changes, the biggest one is the cleanup of the entire codebase, but there are also some changes to the functionality of the program. A completely redesigned properties dialog, support for recent files, an "Add to library" menu item, a new preference to set the size of the magnifying lens and an Italian translation by Raimondo Giammanco among other things."

Comments (none posted)

MMA Beta 21 released

The Beta 0.21 release of MMA (Musical MIDI Accompaniment) is out. Changes include: " Minor bug fixes, MAJOR change to the modules filename and import routines (shout if broken), MidiInc fixes, MidiInc lyrics import. Yet again, this may be the last BETA!!!"

Full Story (comments: none)

KOffice 1.5 released

KOffice 1.5 has been announced. A lot of work has gone into this release, including the use of OpenDocument as the default format, improved accessibility features, Kexi 1.0 (a database access package), and a "technology preview" of the upcoming KPlato project management application.

Comments (1 posted)

Releasing OpenOffice.org 2.0 in 7 Indian Languages

The BharateeyaOO.o Group has announced the release of OpenOffice.org 2.0 in seven Indian Languages. "The languages are 1) Assamese 2) Gujarati 3) Hindi 4) Malayalam 5) Marathi 6) Oriya 7) Urdu".

Full Story (comments: none)

Phex 2.8.4 released (SourceForge)

Version 2.8.4 of Phex, a peer-to-peer file sharing program that runs on the Gnutella Network, has been announced. "In this release we completely removed the need of a network to connect to the Gnutella Network. Instead Phex now communicates with other Phex' via your speakers and notifies you of successful downloads by twinkling, bringing you an experience you won't ever forget, except maybe if you read these release notes on the day they where published :)"

Comments (none posted)

Speedometer 2.4 released

Version 2.4 of Speedometer is out with several new capabilities. "Speedometer is a console bandwidth and file download progress monitor with a logarithmic bandwidth display and a simple command-line interface."

Full Story (comments: none)

Caml Weekly News

The April 4-11, 2006 edition of the Caml Weekly News is out. The one topic this week is: Announcing xml2cd 0.1 alpha1.

Full Story (comments: none)

Unraveling Code with the Debugger (O'Reilly)

Daniel Allen advocates the use of the Perl debugger in an O'Reilly article. "Many people who work with Perl code never touch the debugger. My goal in this article is to provide reasoned argument for adding the Perl debugger to your set of tools, as well as pointers on how to do so. Many people are most comfortable with adding debugging variables and print statements to their code. These are fine techniques; I use them too, when they are appropriate. At other times, the debugger has saved me from tearing my hair out."

Comments (none posted)

Python 2.5 API changes for C Extension Modules and Embedders

An announcement for the Python 2.5 C Extension Module API changes has been sent out. "Python 2.5 alpha 1 was released April 5, 2006. The second alpha should be released in a few weeks. There are several changes which can cause C extension modules or embedded applications to crash the interpreter if not fixed. Periodically, I will send out these reminders with updated information until 2.5 is released."

Full Story (comments: none)

New Python blogs from Guido van Rossum

Guido van Rossum has posted a web log on Python Dynamic Function Overloading. "I've checked an implementation of dynamic function overloading into Python's subversion sandbox."

Also, take a look at Guido's blog on Python 3000, the next generation of Python. "We've started discussing Python 3000 for real. There's a new mailing list and a branch. The first point of order is about process; a slew of meta-PEPs are being written (and the goal is to avoid a repeat of Perl 6 :-). But I'm blogging about a feature proposal that evolved dramatically over the past days."

Comments (none posted)

Dr. Dobb's Python-URL!

The April 10, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Schemer's Gazette

The early April, 2006 edition of the Schemer's Gazette is online with new Scheme language articles. Topics include: sassy-0.2, an x86 assembler, SchemeScript 1.2.0, Scheme Workshop 2006, Planet Scheme, Pocket Scheme 1.3, SRFI 86: MU and NU simulating VALUES & CALL-WITH-VALUES, and their related LET-syntax, guile-gtk 0.41 and SISC 0.13.3-rc.

Full Story (comments: none)

Dr. Dobb's Tcl-URL!

The April 11, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Prototype: Easing AJAX's Pain (O'Reilly)

Bruce Perry looks at Prototype on O'Reilly's XML.com. "This article describes Prototype, an open source JavaScript library to create an object for an AJAX application. I explain how to use Prototype by describing an environmentally oriented web application that displays an annual atmospheric carbon dioxide (CO2) level. First, I will discuss Prototype's benefits and describe how to set up Prototype in your application. Second, I will delve into the nitty-gritty of how this application puts the library to good practical use."

Comments (none posted)

Mercurial 0.8.1 released

Version 0.8.1 of Mercurial, a distributed revision control system, is out. "This release features numerous usability improvements, performance enhancements, and bug fixes over previous releases."

Full Story (comments: none)

monotone 0.26 released

Version 0.26 of monotone, a distributed version control system, is out. "This release includes major enhancements relative to 0.25.2, including completely rewritten versioning and merging code, a change in the name of the main binary, and many many smaller changes. Due to the magnitude of these changes, migration is more elaborate than usual".

Full Story (comments: 2)

RODIN platform 0.5.4 released (SourceForge)

Version 0.5.4 of the RODIN platform has been announced. "The RODIN platform is an open tool platform for the cost effective rigorous development of dependable complex software systems services. This platform is based on the event-B formal method and provides natural support for refinement and mathematical proof."

Comments (none posted)

Bruce Perens: State of Open Source

Bruce Perens has published a transcript of his State of Open Source press conference from the LinuxWorld conference. "It's interesting to note that Jack Abramoff, the lobbyist implicated in scandal with Republican Tom Delay, was employed by Bill Gates' dad's law firm "Preston Gates", a political proxy for Microsoft. Microsoft succeeded in lobbying both Republicans and Democrats to oppose ODF. Two candidates for the Massachussets Secretary of State are already facing off on Open Document: Democrat John Bonifaz is for it, Republican William Francis Galvin was one of Quinn's tormentors and remains opposed. Departing Republican Massachussets governor Mitt Romney wants to be the next President of the United States, and after an abortive flip-flop on the topic, seems to be resisting pressure to abandon ODF as a means of distancing his campaign from Microsoft's aggressive lobbying and the Abramoff scandal."

Comments (44 posted)

Dress for success? Decide on your goals, then act to reach them, by David A. Wheeler (Groklaw)

David A. Wheeler looks at dressing for success, on Groklaw. "The fact is, people judge others by appearance. Pretending this is not true doesn't change the truth. What's more, you're unlikely to stop people from judging by appearance; universal genetic engineering on humans would probably be required."

Comments (38 posted)

FUDCon and folding the Fedora Foundation (NewsForge)

NewsForge covers FUDCon. "Last Friday, after the LinuxWorld Conference & Expo, I sat in on the fifth Fedora User and Developer Conference (FUDCon) at the Boston University School of Management. Some of the buzz in the halls concerned Red Hat's announcement of the end of the Fedora Foundation (about which more in a moment), but there were some good talks too."

Comments (none posted)

LinuxWorld Boston (Linux-Watch and NewsForge)

Linux-Watch covers LinuxWorld, Boston. "Another move that appears quiet but speaks volumes is that Ubuntu, the popular community Linux, is starting its own certification program. Since the only reason to certify administrators on an operating system is for business use, this makes it clear that Ubuntu is going to try the jump from community distribution to business Linux."

NewsForge has this LinuxWorld expo wrapup. "Exhibitors had different opinions about what is important in the world of Linux this year, depending on their perspective, but one common thread seemed to be the desktop, and specifically multimedia support."

Comments (none posted)

PalmSource has high hopes for Linux (vnunet)

Vnunet covers a LinuxWorld presentation by Didier Diaz. ""What Linux has done on the PC and server can also happen on the phone and handheld," Didier Diaz, vice president of marketing at PalmSource, said during a presentation at LinuxWorld in Boston. "We want to speed up the creation of a complete Linux-based platform for the mobile phone." PalmSource is the developer of the Palm OS mobile operating system. The company was acquired last November by Access of Japan, and has since shifted its focus entirely to the creation of a Linux operating system for mobile phones. Several other mobile phone makers have created Linux phones, including Samsung and Motorola, but unlike the competition, ALP will feature APIs that allow developers to create applications for the device."

Comments (3 posted)

SourceForge.net Community Choice Award winners announced (NewsForge)

NewsForge covers the announcement of the SourceForge Community Choice Awards at the LinuxWorld Expo. "For the past few months, SourceForge users have been voting for the best projects on the site in various project categories, as well as an overall choice. Nearly 250,000 votes were cast to determine the winners." First place winners include: BitTorrent, phpMyAdmin, Wine, Gaim, a PHP PayPal API, Xbox Media Center, Linux on Xbox, FileZilla, WinSCP, phpMyAdmin, Asterisk, and Azureus.

Comments (2 posted)

LinuxWorld Boston 2006 Wrap-Up (Linux Journal)

Linux Journal covers LinuxWorld, Boston. "Overall, Novell seemed to have the biggest presence of all the exhibitors. In addition to having its own booth, the company sponsored the Zen Email Garden. Also, Novell won the Best of Show award for its OpenSUSE product, which recognizes the best total industry solution, as well as the Best Application Development Platform award for the Mono Development Framework."

Comments (none posted)

U.S. calls for more antipiracy action from China (ZDNet)

ZDNet reports from a US/Chinese press conference in Washington. "Chinese Vice Premier Wu Yi said her government has already issued rules requiring all manufacturers to preload legal operating systems on all computers sold in China--a change from sales of what the software industry decries as 'naked' PCs, lacking legitimate operating systems or applications.... (It wasn't clear whether Linux would qualify--Wu said only that 'legal operating systems must be preloaded on all machines.')"

Comments (4 posted)

Intel, Red Hat Team to Help Users Move to Linux (eWeek)

eWeek covers a collaboration between Intel and Red Hat on a global training and support program. ""The Red Hat and Intel Solution Acceleration Program will give customers real-time access to the critical information, tools and support they need to build and optimize high-value Linux solutions on Intel-based platforms," Jon Bork, director of Intel's open-source program office, said in a statement. "This program will help customers quickly and effectively take advantage of new Intel platforms and technologies as they come to market." Intel is taking a much more active interest in supporting, not just Red Hat, but Linux in general. During a panel discussion, Waldo Bastian, Intel's Linux client architect, said that "Intel is making sure that all of our equipment comes with the drivers needed for Linux.""

Comments (none posted)

Intel and Red Hat Launch Linux Global Solution Acceleration Program (TheHN)

The Hosting News covers a collaboration between Red Hat and Intel. "A global program to help customers plan for, accelerate and optimize their deployments of Linux solutions has been developed by Intel Corporation and open source and Linux provider, Red Hat. According to the companies, the Red-Hat Intel Solution Acceleration Program will launch this month and be the first of its kind for Linux solutions development, initially focusing on developing and disseminating tools for platform virtualization and grid computing."

Comments (2 posted)

Microsoft Launches Linux Website (CIO)

CIO.com mentions a new Microsoft web site for Linux, known as Port 25. "Microsoft Thursday at LinuxWorld is expected to unveil a new website for users to find information about its Linux and open-source interoperability efforts, according to the executive in charge of those plans. Bill Hilf, general manager of the platform strategy group for Microsoft, will discuss the site during his keynote at the conference in Boston Thursday morning. The site will also go live on Thursday."

Comments (9 posted)

Nokia's journey with Maemo, 770, and open source (NewsForge)

NewsForge looks at Nokia. "Within its research center, Nokia has ported the Linux kernel to all of its hardware for some time, "just for kicks," says [product manager Ari] Jaaksi. But the decision was made just under two years ago to stop toying around and finally make an actual product. Nokia settled on the Web pad form factor in order to have something complementary to the cell phone, but that didn't duplicate any of its functionality. Responding to an audience question on the matter, Jaaksi explained that the PDA -- similar in size to the 770 -- is a phenomenon almost solely limited to the United States. Instead, smart phones dominate the calendar and PIM landscape overseas."

Comments (6 posted)

Intense Linux Competition in China (IDC)

IDC has sent out a press release concerning the rise of Linux in China. "China's Linux market revenue reached USD11.8 million in 2005, up 27.1% over 2004. 2005 saw a steady growth in the China Linux market, brought about mainly by the huge volume of government procurements and large-scale SCO Unix replacement by major banks and industrial projects such as Telecommunication and Internet cafes. Along with the growing acceptance of Linux in the China market, IDC also noted that Linux servers were adopted for high-end, mission critical support applications in some industries and Linux desktops were able to withstand the competition of pirated Windows to hold its market share."

Comments (none posted)

Life Insurance Corporation of India chooses Red Hat (moneycontrol)

moneycontrol.com covers a large deployment of Red Hat Enterprise Linux at the Life Insurance Corporation of India (LIC). "LIC will deploy Red Hat Enterprise Linux across its 2,048 branches, 100 divisional offices, seven zonal offices, head office, subsidiary offices and overseas locations. The Linux deployment will provide LIC with a uniform, finely tuned operating system environment, along with security and integrity for its core application software. The implementation will also include utilisation of enterprise-layered solutions through Linux Servers for management, provisioning and monitoring of Red Hat Network."

Comments (none posted)

Linux a BIG hit in India (rediff.com)

rediff.com looks at the deployment of Linux, particularly Red Hat, in Indian businesses. ""Linux has become prettly stable. We never considered Windows because of the perception that it has a lot of vulnerabilities. Hence, we adopted the Linux route and are satisfied with the results," says Tejinderpal Singh Miglani, CTO, Indiabulls. IDBI's Sanjay Sharma, Head IT, corroborates this view. IDBI has been using an Oracle HR management and financial accounting system, which runs on Linux. From Sharma's perspective, this is a "mission-critical" application. "We did evaluate options like Unix and Windows too. However, we did not want to be tied up to resource-hungry applications and any particular vendor. Besides, you hardly have a problem of viruses with Linux," he says."

Comments (3 posted)

Sendmail may turn tools over to open source (ZDNet)

ZDNet talks to Sendmail's Eric Allman about the release of several applications as open-source software. "One candidate for sharing is the company's Mailcenter Store, Allman said. The technology archives e-mail once it reaches its destination server and lets personal computers access it over a network. Another possibility is the Mailstream Manager, an engine that handles mail according to policies and that accepts plug-ins for tasks such as screening out viruses, or complying with regulatory requirements."

Comments (4 posted)

Interview with Debian Project Leader-elect Anthony Towns (Linux.com)

Linux.com has an interview with Anthony Towns. "NF: What do you see as Debian's biggest challenges for the next year? AT: One major challenge is ensuring that we find ways to allow all the people who want to contribute something to Debian to do so -- the time it takes to get through our new-maintainer process is one problem we have in that aspect, but it can also be hard just getting any idea where your help is actually wanted; and in a volunteer project like Debian, you need to make sure you harness all the help you possibly can."

Comments (none posted)

People Behind KDE: Kenneth Wesley Wimer II (KDE.News)

KDE.News has announced the latest interview in their People Behind KDE series. "Tonight, the People Behind KDE interview series brings you an interview with Kenneth Wesley Wimer II. As an KDE artist, he is known for his work on KDE's artwork and the Oxygen Icons for KDE 4. An American living in Germany, Kenneth tells you what he wants us to know about himself in this interview."

Comments (none posted)

Traditional DNS Howto (HowtoForge)

Tom Adelstein and Falko Timme have published a Traditional DNS Howto on HowtoForge. "Linux system administrators should learn traditional DNS. Front-ends and quick templates to setup domain records have a place in managing sites. When confronted with DNS configurations already in existence, nothing can substitute for knowing and using the fundamentals. The vast majority of users on the Internet have no clue about DNS. They may have seen the term when they set up their ISP connection, but they do not realize its connection to their lives. Simply put, DNS servers allow you to use friendly names in your browser, email or other Internet applications to perform tasks which require IP addresses."

Comments (none posted)

Set up a secure IMAP/POP3 server with Dovecot (Linux.com)

Manolis Tzanidakis shows how to install Dovecot in a Linux.com article. "Internet Message Access Protocol (IMAP) servers such as Courier-IMAP and Cyrus IMAP may work well, but they’re complicated to install and configure. I'll show you how to set up your mail server quickly and securely using Dovecot, an open source IMAP and Post Office Protocol version 3 (POP3) server for Unix-like operating systems."

Comments (none posted)

Installing iPodLinux on the iPod Nano (Linux.com)

Joe Barr installs iPodLinux on an iPod Nano mp3 player in a Linux.com article. "My Nano is amazingly small, contains a gigabyte of storage, and sounds very good through its ear buds. It didn't take long for me to learn that folks have been putting Linux on iPods for a couple of years now, courtesy of the iPodLinux Project. Granted, the software for the Nano and most fourth- and fifth-generation versions of the iPod is experimental -- we're talking the bleeding edge -- but, well, you know me -- Linux on my desktop, workstation, laptop, Tivo, and router. I had to have it on the Nano, too. Here's my report how I converted my stock iPod Nano into a dual-booting, sweet MP3-singing, iDoom-playing monster."

Comments (none posted)

Running Photoshop plugins in the GIMP, even under Linux (Linux.com)

Nathan Willis explores the use of Photoshop plugins under the GIMP in a Linux.com article. "Linux advocates are familiar with the refrain that would-be switchers in the graphic arts have to rely on Adobe Photoshop under Windows because it can do things that the GIMP can't. An important but altogether different hurdle is the installed (and paid-for) base of often expensive third-party Photoshop plugins. But a solution to that problem might be easier than you think. The key is a piece of software called pspi (for Photoshop Plugin Interface), written by GIMP hacker Tor Lillqvist. It is a GIMP plugin that acts as a bridge between the GIMP and Photoshop plugins; to the Photoshop plugin it looks like a full, running copy of Photoshop. It provides the hooks into the menus and functions of Photoshop that the plugin expects to see, and connects them to the GIMP's extension and menu system."

Comments (none posted)

My sysadmin toolbox (Linux.com)

Linux.com presents another edition of the sysadmin toolbox, featuring GNU Screen, Duplicity, ssync, FUSE, and more. "Figaro's Password Manager (FPM) is a lightweight password manager and password generator. After you type your master password, double-clicking a link in the FPM GUI will launch your browser, or gnome-terminal with SSH, or any other program. It also copies your username to the clipboard and the password to the primary selection, to make it easy to log into whatever service you're using. You can then paste your username with Shift-Insert and your password with the middle mouse button. I find this tool useful on my notebook, and feel safe using passwords even if I'm not alone, since no one can see me typing a password on the keyboard."

Comments (2 posted)

At the Sounding Edge: Music Notation Software, the Final Installment (Linux Journal)

Dave Phillips presents the final installment in his Linux Journal series on music notation software. "Dave wraps up his discussion of music notation programs with a look at FOMUS and a new one on the horizon, MuseScore."

Comments (none posted)

KDE 3 - All About the Apps (KDE.News)

KDE.News explores some of the software improvements in KDE 3.5.0. "Last November, KDE 3.5.0 was released. Since then, many users have been waiting for the next big steps. While most of the core developers are working on the first iterations of KDE 4, the KDE 3 developer platform is more vital than ever, resulting in new and exciting applications. "All About the Apps" puts the spotlight on the classics of KDE's applications as well as new and promising applications from the KDE community that can make your KDE desktop more productive. We will also keep you informed about development in current KDE 3.5 series."

Comments (none posted)

Linux Terminal Server Project releases 4.2 (NewsForge)

Joe 'Zonker' Brockmeier reviews version 4.2 of the Linux Terminal Server Project, a thin client system. "The new release adds improved local device support, reduces memory requirements, and offers scanner and multi-head support and a 2.6 kernel. With improved local device support, users can plug in USB flash drives or other devices which are read across the network and can be used normally -- just as if their thin client was a regular desktop computer. Project leader Jim McQuillan says that the goal of the project is to see to it that "people aren't penalized for using a thin client" and that they can have the same type of experience as a normal desktop machine."

Comments (none posted)

Debian electing new project leader (NewsForge)

NewsForge takes a look at this year's DPL election. "Every year, Debian developers are asked to choose one of their own to serve as Debian Project Leader (DPL). It's that time again, and once again it's a crowded field. Seven developers are running this year: Jeroen van Wolffelaar, Ari Pollak, Steve McIntyre, Anthony Towns, Andreas Schuldei, Jonathan (Ted) Walther, and Bill Allombert. Retiring DPL Branden Robinson is not running for re-election."

Comments (1 posted)

EFF Files Evidence in Motion to Stop AT and T's Dragnet Surveillance

The Electronic Frontier Foundation has sent out a press release concerning Dragnet Surveillance by AT&T. "The Electronic Frontier Foundation (EFF) on Wednesday filed the legal briefs and evidence supporting its motion for a preliminary injunction in its class-action lawsuit against AT&T. After asking EFF to hold back the documents so that it could review them, the Department of Justice consented to EFF's filing them under seal -- a well-established procedure that prohibits public access and permits only the judge and the litigants to see the evidence."

Full Story (comments: none)

FSF Europe Newsletter

The April 10, 2006 edition of the Free Software Foundation Europe newsletter is online with the latest FSFE news.

Full Story (comments: none)

Mandriva to participate in ENERGy

Mandriva has announced its participation in the French ENERGy project. "Mandriva, the publisher of the popular Mandriva Linux operating system, with the support of the French Department of Commerce and Finance, today announced its participation in the ENERGy project with a subsidy of 287,000 euros. This two-year ITEA (a European research and development program) project will contribute to the improvement of existing and emerging technologies to cope with the requirements of network management automation."

Full Story (comments: none)

Nokia and Linksys to bundle technologies for the digital home

Nokia has announced a collaboration with Linksys in the wireless home market. "Nokia, the world leader in mobile communications and Linksys(R), a Division of Cisco Systems, Inc, the recognized leading provider of voice, wireless and networking hardware for the consumer and small business customer today announced a product bundle entitled, "Go wireless at home", which includes the Nokia 770 Internet Tablet bundled with either a Linksys high-speed wireless router or gateway. This convenient and secure wireless Internet bundle has been designed to provide freedom for home users who wish to access the Internet using the Nokia 770 Internet Tablet over Wi-Fi, together with the latest in wireless solutions from Linksys."

Comments (none posted)

Open Source Edition of OpenLink Virtuoso

OpenLink Software has announced the availability of an open-source version of its OpenLink Virtuoso Universal Server product. "The new product release provides a cross-platform workbench for exploiting recent technology advances in areas such as Web Services, RDF Data Management, XML Data Management, Object-Relational Data Management, and Unified Storage."

Comments (none posted)

Red Hat to acquire JBoss

Red Hat has announced that it will be acquiring JBoss for $350 million, plus some extra cash if things turn out well. "By acquiring JBoss, Red Hat expects to accelerate the shift to service-oriented architectures (SOA), by enabling the next generation of web-enabled applications running on a low-cost, open source platform."

Comments (5 posted)

TimeSys Delivers Commercial Support for 2.6.16

TimeSys Corporation has announced commercial support for the Linux 2.6.16 kernel with its LinuxLink 2nd Edition product. TimeSys "..today announced the next generation of LinuxLink by TimeSys(TM) with an unprecedented content upgrade, web-based interface enhancements, and launch of new features that follow rapid growth of the service. LinuxLink has gained traction by delivering continuously updated resources to embedded developers via Web services."

Full Story (comments: none)

WIN4LIN announces support for AMD and INTEL 64-bit processors

Win4Lin, provider of Windows-on-Linux solutions, has announced support for 64 bit processors. ""IT decision-makers are increasingly turning to 64-bit platforms from AMD and Intel as default choices to build their next-generation computing infrastructure on. Today's announcement positions Win4Lin as the leader in providing virtual Windows sessions on 64-bit Linux-based hosts", said Jim Curtin, president and CEO of Win4Lin."

Full Story (comments: none)

Open Source Zenoss Adds Monitoring of Windows Servers

The Zenoss open-source IT management system has announced the ability to monitor Windows, Linux and Network Infrastructure. "Zenoss, an open source systems and network management project, announced today at LinuxWorld in Boston, Massachusetts, the availability of a new module that provides detailed monitoring of servers running Microsoft Windows using Microsoft's Windows Management Instrumentation (WMI) management protocol."

Full Story (comments: none)

Flash 8: The Missing Manual--O'Reilly's Latest Release

O'Reilly has published the book Flash 8: The Missing Manual by E.A. Vander Veer.

Full Story (comments: none)

iPhoto 6: The Missing Manual--O'Reilly's Latest Release

O'Reilly has published the book iPhoto 6: The Missing Manual by David Pogue and Derrick Story.

Full Story (comments: 1)

No Starch Press Releases "PGP and GPG: Email for the Practical Paranoid"

No Starch Press has published the book PGP & GPG: Email for the Practical Paranoid by Michael W. Lucas.

Full Story (comments: none)

Practical VoIP Security--latest from Syngress

Syngress has published the book Practical VoIP Security by Thomas Porter.

Full Story (comments: none)

Pragmatic Bookshelf releases "Practices of an Agile Developer"

Pragmatic Bookshelf has published the book Practices of an Agile Developer by Venkat Subramaniam and Andy Hunt.

Full Story (comments: none)

Prentice Hall publishes User Mode Linux

Prentice Hall has published the book User Mode Linux by Jeff Dike.

Comments (none posted)

Web Design in a Nutshell--O'Reilly's Latest Release

O'Reilly has published the book Web Design in a Nutshell by Jennifer Niederst Robbins.

Full Story (comments: none)

April 2006 Web Server Survey (Netcraft)

Netcraft's April, 2006 Web Server Survey is out. "This month's survey brings one of the largest one-month swings in the history of the web server market, as Microsoft gains 4.7 percent share while Apache loses 5.9 percent. The shift is driven by changes at domain registrar Go Daddy, which has just migrated more than 3.5 million hostnames from Linux to Windows. Go Daddy, which had been the world's largest Linux host, is now the world's largest Windows Server 2003 host, as measured by hostnames. The company said it will shift a total of 4.4 million hostnames to Windows Server 2003."

Comments (37 posted)

First "Firefox Flicks" released

The first set of Firefox Flicks - entries in a contest to create a 30-second video promoting Firefox - has been posted. They look like they could be interesting, though it is somewhat amusing that Firefox on your editor's system is unable to display the videos or even suggest a plugin which can.

Comments (27 posted)

LinuxForce CEO Named to Philadelphia Business Journal "40 Under 40" List

LinuxForce CEO CJ Fearnley has been added to the Philadelphia Business Journal "40 Under 40" List. ""The 40 Under 40 program gives us an opportunity to put a spotlight on some of the young and increasingly influential leaders in our region," said Bernard Dagenais, editor of the Philadelphia Business Journal. "These individuals have established themselves as leaders through their professional and volunteer achievements. They have made a difference and can be expected to continue to do so in the years to come.""

Full Story (comments: none)

SWsoft Virtuozzo Wins Award for Best Virtualization Solution at LinuxWorld

SWsoft Virtuozzo has announced the winning of a LinuxWorld Best Virtualization Solution award. "SWsoft Virtuozzo was announced the winner of the “Best Virtualization Solution” at LinuxWorld Expo. Virtuozzo is operating system level server virtualization software that turns a single physical server into multiple virtual environments – enabling maximum server performance and utilization."

Full Story (comments: none)

TimeSys Extends Webinar Series on Embedded Linux Development

TimeSys Corporation has announced an extension of its online web seminar series. "TimeSys(R) Corporation, the leading developer service provider for the embedded Linux market, will extend the complimentary, interactive, educational Webinar series to cover specific technical topics of interest in the embedded Linux market. Each session will target a particular focus area with the opportunity for attendees to interact with the technical area experts from TimeSys." Events will be held on April 13, April 18, April 25, and May 2.

Full Story (comments: none)

Black Hat Call for Papers and Registration now open

A Call for Papers for the Black Hat USA 2006 security conference is open. The event takes place in Las Vegas, Nevada on August 2-3, 2006. Registration to the event has been opened as well.

Full Story (comments: none)

Technical Program Announced for Gelato ICE

The technical program for the Gelato ICE: Itanium Conference & Expo is online. The event takes place on April 23-26, 2006 in San Jose, CA.

Full Story (comments: none)

Linux Installfest workshop in Davis - Saturday, April 15th

The Linux Users' Group of Davis has announced another free "Linux Installfest" workshop in Davis, California. The workshop will take place on April 15.

Full Story (comments: none)

Events: April 13 - June 8, 2006

Date	Event	Location
April 15 - 16, 2006	LayerOne 2006	(Pasadena Hilton)Pasadena, California
April 19 - 22, 2006	Forum Internacional Software Livre 7.0(FISL)	Porto Alegre, Brazil
April 19 - 20, 2006	UK Python Conference	(Randolph Hotel)Oxford, England
April 20 - 22, 2006	International Conference on Availability, Reliability and Security(AReS 2006)	Vienna, Austria
April 21 - 23, 2006	Penguicon 4.0	Livonia, Michigan
April 23 - 26, 2006	ItaniumR Conference and Expo 2006(Gelato ICE)	San Jose, CA
April 24 - 26, 2006	LinuxWorld & NetworkWorld Canada 2006 Conference & Expo	(Metro Toronto Convention Centre, North Bldg.)Toronto, Canada
April 24 - 27, 2006	MySQL Users Conference	Santa Clara, CA
April 24 - 25, 2006	2006 Desktop Linux Summit	(Manchester Grand Hyatt)San Diego, CA
April 24 - 26, 2006	SambaXP 2006	(Clarion Parkhotel)Göttingen, Germany
April 26 - 28, 2006	php|tek 2006	(Orlando Airport Marriott Hotel)Orlando, FL
April 27 - 30, 2006	Linux Audio Conference(LAC2006)	(ZKM)Karlsruhe, Germany
April 29, 2006	Linuxfest Northwest 2006	Bellingham, WA
April 29 - 30, 2006	European Common Lisp Meeting 2006	Hamburg, Germany
May 1 - 6, 2006	DallasCon 2006	(Richardson Hotel)Dallas, TX
May 3 - 6, 2006	LinuxTag 2006	(Rhein-Main-Hallen)Wiesbaden, Germany
May 6 - 7, 2006	WebTech 2006	Sofia, Bulgaria
May 8 - 18, 2006	LinuxWorld on Tour Conference and Expo 2006(LOT2006)	Montreal Ottawa Calgary Vancouver
May 12 - 13, 2006	BSDCan 2006	(University of Ottawa)Ottawa Canada
May 13, 2006	DebianDay	Oaxtepec, Mexico
May 14 - 22, 2006	DebConf 6	Oaxtepec, Mexico
May 26 - 27, 2006	FreedomHEC	Seattle, WA
May 30 - June 3, 2006	2006 USENIX Annual Technical Conference	(Boston Marriott Copley Place)Boston, MA

Comments (none posted)

Atlanta Desktop Linux Printing Summit

Kurt Pfeifle has sent us coverage of the Atlanta Desktop Linux Printing Summit.

Full Story (comments: none)

open Zope 3 cookbook launched

The zope-cookbook.org site has been announced. "zope-cookbook.org is a website that starts to gather recipes and tutorials for Zope 3. The cookbook aims to provide a complete sight of Zope 3 through various recipes written by project participants, both in french and english."

Comments (none posted)

Glimpses of LinuxWorld (NewsForge)

NewsForge presents some short videos from the LinuxWorld Conference and Expo. "These are short "impromptu" videos I shot at OSTG's Slashdot Lounge in the middle of the ORG pavilion at the LinuxWorld Conference and Expo. Their purpose is to help you put faces (and voices) to people whose names you often see on this site and others -- and one or two people who just happened to be in the vicinity and looked like they might have something to say, too."

Comments (none posted)

Stimulating Open Source development using competitions (O'Reilly)

Rick Jelliffe suggests that competitions may be a good way to stimulate development of open-source software. "Indeed, I think the Open Source development does not deliver its best results when the customer is a large corporation at a financial distance from the developer. So banks, governments, corporations, consortia, vendors and so really have a vital interest in stimulating Open Source development that meets their needs. Rather than being passive bottom feeders."

Comments (none posted)