OLS: Open source graphics drivers

An Ottawa Linux Symposium talk called Open source graphic drivers - they don't kill kittens caught your editor's attention. The relative safety of kittens in the presence of these drivers had, until now, been something which, your editor thought, could be taken for granted. Sure enough, young felines need not worry too much - especially since open source graphic drivers have a distressing tendency to not exist for a fair number of cards. That situation may be changing, however.

Speaker David Airlie started with a review of the current state of free graphics drivers. Intel chipsets are relatively well supported, thanks to an enlightened position being taken by that company. ATI is a "former leading light" in the free software world, but is no longer cooperating. Even so, the free R200 driver is feature-complete and, at this point, faster than the binary-only fglrx driver. The reverse-engineered R300/R400 driver is getting closer to being ready; there is no hope for the R500 chipset at this point. Nvidia has a 2D driver in X.org which is "written in hex" and a well-supported, binary 3D driver. Said driver "still sucks," of course.

David took the time to point out that, once you load a 1MB binary blob into your kernel, you are no longer running a free operating system. There is no way to know what that code is doing, no way to fix it, and no way to support systems which have that code loaded. Support going into the future tends to be problematic; the vendors drop support for old cards sooner than many users would like, and are not always quick to add support for the newer chipsets.

Why do vendors refuse to support the free software community? David noted, with amusement, that both ATI and Nvidia withdrew support at about the same time that they got Xbox contracts. Let's hope, he says, that Intel never works an Xbox deal. More seriously, there is the usual talk of patent problems, third-party software which cannot be freed, and so on. These problems tend to evaporate when enough money is applied to the situation, however.

So what do things look like in the future? For Intel chipsets, says David, the future is "mostly excellent." Intel is friendly, and driver support tends to be available about the same time that new chipsets are released. For now, this is a group which seems to get it.

On the ATI front, the R300 reverse engineering effort continues. Support for the 9800 series cards has been stabilized - an effort which, at one point, required almost six months of a developer's time to find a single bit in one register which was causing the card to lock up. The R500 series is harder - though it does not differ all that greatly from previous offerings. David actually has a 2D driver which he wrote, and which he has submitted to ATI for permission to distribute. ATI has sat on the driver for some months with no response. Until such a time as ATI gives permission, David (due to NDA constraints) is unable to release his code.

On the Nvidia side, the best hope is the Nouveau project, which has set out to create a reverse-engineered 3D Nvidia driver. There about five or six people currently working on the project, which also looks to add some nice 2D features (EXA acceleration, dual head support). The Nouveau developers have no code to show at this point, being heavily involved in the reverse engineering work. Progress is being made, but this is a large project, bigger than the ATI R300 effort. For those who are interested in contributing to the community, Nouveau looks like a project which could use some more help.

Linux needs free drivers for graphics adapters. The challenges involved in freeing this part of our systems are daunting - there is a great deal of work yet to be done. The overall tone of the talk was optimistic, however. Developers are on the task, progress is being made, and the goal is, slowly, getting closer. The kittens will have their revenge in the end.

Comments (44 posted)

Free Software Sets the Computing Agenda

The news that the European Commission is to fine Microsoft - €280.5 million has naturally provoked plenty of headlines, both in the technical and non-technical press. But big as that number might seem, it is in truth a gnat-bite as far as the Microsoft behemoth is concerned: last year its net income was $12 billion, and it holds cash and short-term investments worth over $39 billion. Against this background, the EU's fine is a little more than an accountancy rounding error.

What is interesting about the whole affair is that the sticking point seems to be an apparently minor requirement to provide technical information that would allow third parties to interoperate better with networks running Microsoft Windows. But as a press release from the Free Software Foundation Europe rightly points out, this obstinacy is not over some general principle, whatever Microsoft might claim, but is actually highly specific, and has one aim above all: to thwart Samba's rise in the enterprise.

Thus Microsoft's brinkmanship with the European Commission is driven almost entirely by its need to react to free software. It turns out that this is by no means the only sphere where Microsoft has ceased to be master of its own destiny, and finds itself constantly responding to open source initiatives, and playing catch-up with free software projects.

A good example is to be found in the world of high-performance computing (HPC). GNU/Linux was first used for computing clusters back in 1994, when the Beowulf project began. Since then, free software has established itself as the pre-eminent HPC solution. In June 2006, the TOP500 listing of the most powerful supercomputers in the world showed that well over 70% of them ran some variant of GNU/Linux; precisely two systems out of 500 used some form of Windows. The same month, Microsoft finally launched its official HPC solution, the Windows Computer Cluster Server 2003 – fully 12 years after the first free software solution was made available for this sector.

While the crushing lead that free software has over Windows in the HPC area is little known outside specialist circles, most people in computing are familiar with the fact that the Apache Web server has maintained a commanding lead over Microsoft's Internet Information Server (IIS) for the past few years.

Microsoft, too, is obviously acutely aware of this, and recently has been making sustained efforts to reduce the embarrassingly large lead Apache holds, and with some success. For example, the Netcraft survey for June 2006 showed that Microsoft IIS gained 4.5 million Web servers, while Apache lost 429,000, giving Microsoft a whopping 4.25% gain for the month, and cutting the gap between them to 31.5%, a drop of 16.7% in just three months. Closer examination reveals exactly why this is happening. As Netcraft's analysis explains:

This is unlikely to be coincidence. After a year of steady market share, the graph for IIS has been rising sharply since March 2006, which suggests a concerted effort by Microsoft to court hosting companies in order to swing them away from Apache on GNU/Linux towards IIS running on Windows. Once again, then, this shows Microsoft being forced to react to free software's successes. Despite these efforts, the market still seems to be moving away from Microsoft: the Netcraft survey for July 2006 shows a gain of 1.8% for Apache, mostly made of up incremental gains at a dozen hosting companies.

Perhaps the best-known example of Microsoft being compelled to revise its strategy thanks to free software is in the world of Web browsers. Development work on Microsoft's browser had effectively came to a halt after the release of Internet Explorer 6 in August 2001. Microsoft's refusal to provide any significant updates to IE 6, despite its mounting security problems, was one of the prime reasons why the Firefox project was started. Firefox's steady rise in popularity, and the corresponding drop in Internet Explorer's market share, eventually compelled Bill Gates to announce a reversal of Microsoft's previous decision not to produce a standalone browser before Vista appeared.

With betas available of both IE 7 and Firefox 2.0, the emerging consensus seems to be that Microsoft has largely caught up with the free software world as far as browser technology is concerned, but the price that it has paid for its lengthy refusal to satisfy the needs of users is a serious loss of market share. Latest figures from OneStat.com show that Firefox holds some 15.8% of the browser market in the US, and a massive 39% in Germany.

Even though the appearance of IE 7 is likely to staunch the flow of users away from IE to Firefox, the latter has established itself as a serious rival, one that Microsoft will need to track continually to prevent more of its users defecting. In itself, this is not a huge problem for Microsoft. The appearance of Firefox has essentially made Microsoft more responsive to users, and more amenable to following open standards. It does not, though, imply any loss of revenues.

The situation for office suites is quite different. Microsoft Office is one of the main cash cows for the whole company: any loss of market share here will have serious financial repercussions. This makes Microsoft's decision to sponsor a project to create tools to build "a technical bridge" between the Microsoft Office Open XML Formats and the OpenDocument Format all the more surprising, since potentially it could lead to a costly leak of Office users to other office suites supporting ODF.

It shows once more the world's leading software company being forced to backtrack in response to developments in the open source world. Microsoft's position initially was that no one was using ODF, and so there was no point supporting it. But the announcements by Massachusetts and, particularly, the Belgian and Danish governments in favor of ODF - with administrations in France, Germany and elsewhere considering the move - meant that Microsoft was forced to cede to the growing pressure for some kind of ODF support in Office. The fact that Google has joined the ODF Alliance - whose members now number 260 - and will be supporting the ODF standard with its online word processor Writely means that Microsoft's scope for independent action is even more circumscribed.

Taken on their own, each of these instances of Microsoft emulating or accommodating free software might seem fairly minor. Put together, they represent a consistent pattern of loss of control that is unprecedented in the company's recent history. From being on the fringes, ignored or at best derided by traditional software companies, open source has gradually moved to the centre, to the point where today it is free software - and not Microsoft - that is setting the agenda for computing at practically every level.

Glyn Moody writes about open source at opendotdotdot.

Comments (29 posted)

The /proc vulnerability

A second local privilege escalation bug has been found recently in the 2.6 kernel series. The first, covered by LWN last week, configured processes to dump core in directories not normally writable by the user. The most recent vulnerability exploits the setuid permissions bit on files in the /proc filesystem and a kernel race. In both cases, the result is root privileges for interested local users.

The first indication of the vulnerability came as a working exploit posted to the full-disclosure mailing list. The exploit uses an mmap() of a large file on the disk to slow the system down enough to exploit a race condition in the /proc filesystem handling. Permissions for the /proc/self/environ file can be set with the setuid bit 'on' and prctl() can be used to set the owner of that file to root. Tacking an a.out executable onto the environ file allows a local user to get a root shell.

The fix is fairly obvious: setuid and setgid bits do not make any sense for /proc filesystem entries and removing that 'feature' fixes the problem. The stable 2.6 kernels were patched the same day as the exploit was released and a tweak to the original fix was released the next day.

A fairly simple workaround is to mount (or remount) /proc with the nosuid flag. That flag will prevent the setuid/setgid bits from having any affect for files on that filesystem. It should be noted that this workaround was the right thing to do for /proc all along; nothing good can come from allowing those bits to be used. Distributions should take a look at tightening these kinds of restrictions and help their users avoid these kinds of problems whenever possible.

Systems that have sufficiently restricted SELinux configurations were not affected by this vulnerability. For example, the targeted policy in enforcing mode that is the default for Red Hat Enterprise Linux 4 will not allow setting those bits on /proc files. In addition, kernels that did not have a.out support enabled would not be affected by this exploit, but there may be other ways to exploit the bug without using an a.out binary. Even so, this vulnerability is a good example of why it makes sense to disable unused functionality, even if it doesn't have any immediate security implications. Most currently-running Linux systems have probably never seen an a.out binary; they certainly do not need that format enabled in their kernels.

It is fairly common for local privilege escalation issues to be given insufficient attention by system administrators because their systems either have no login user accounts or trust the people who do have them. Unfortunately, there is often a significant risk even to those kinds of systems. All that it takes is an exploit in a web program or other network service that allows a malicious user to get a shell. That shell will be running with the permissions of the user that runs the exploited service ('apache' for example), but a privilege escalation can allow that limited shell access to become a full takeover of the box. Any network accessible system should be considered vulnerable to this kind of problem and be patched accordingly.

Comments (7 posted)

kernel: denial of service by memory consumption

Package(s):	kernel	CVE #(s):	CVE-2006-2936
Created:	July 17, 2006	Updated:	November 14, 2007
Description:	The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the driver can handle, which causes the data to be queued.
Alerts:	SuSE SUSE-SA:2007:035 kernel 2007-06-14 Mandriva MDKSA-2006:151 kernel 2006-08-25 Mandriva MDKSA-2006:150 kernel 2006-08-25 Ubuntu USN-331-1 linux-source-2.6.15 2006-08-03 rPath rPSA-2006-0130-1 kernel 2006-07-17

Comments (none posted)

kernel: race condition

Package(s):	kernel	CVE #(s):	CVE-2006-3626
Created:	July 17, 2006	Updated:	July 21, 2006
Description:	It was discovered that a race condition in the process filesystem can lead to privilege escalation.
Alerts:	Trustix TSLSA-2006-0042 gnupg, kernel, samba 2006-07-21 Ubuntu USN-319-2 linux-source-2.6.10, linux-source-2.6.12 2006-07-19 Mandriva MDKSA-2006:124 kernel 2006-07-18 Ubuntu USN-319-1 linux-source-2.6.15 2006-07-18 Debian DSA-1111-1 kernel-source-2.6.8 2006-07-16

Comments (2 posted)

libpng: buffer overflow

Package(s):	libpng	CVE #(s):	CVE-2006-3334
Created:	July 19, 2006	Updated:	December 15, 2008
Description:	In pngrutil.c, the function png_decompress_chunk() allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow.
Alerts:	Gentoo 200812-15 povray 2008-12-14 Mandriva MDKSA-2006:213 chromium 2006-11-16 rPath rPSA-2006-0133-1 libpng 2006-07-19 Gentoo 200607-06 libpng 2006-07-19

Comments (none posted)

libtunepimp: buffer overflows

Package(s):	libtunepimp	CVE #(s):	CVE-2006-3600
Created:	July 13, 2006	Updated:	August 2, 2006
Description:	The libtunepimp tag parser has multiple buffer overflow vulnerabilities. If a user can be tricked into opening specially crafted tagged multimedia files, arbitrary code can be executed with the user's privileges.
Alerts:	Debian DSA-1135-1 libtunepimp 2006-08-02 Gentoo 200607-11 tunepimp 2006-07-28 Mandriva MDKSA-2006:126 libtunepimp 2006-07-18 Ubuntu USN-318-1 libtunepimp 2006-07-13

Comments (none posted)

libwmf: integer overflow

Package(s):	libwmf	CVE #(s):	CVE-2006-3376
Created:	July 13, 2006	Updated:	November 6, 2006
Description:	libwmf, a library that is used for processing Windows MetaFile vector graphics files, has an integer overflow vulnerability.
Alerts:	Arch Linux ASA-201701-1 libwmf 2017-01-01 OpenPKG OpenPKG-SA-2006.031 libwmf 2006-11-06 Debian DSA-1194-1 libwmf 2006-10-09 Gentoo 200608-17 libwmf 2006-08-10 Ubuntu USN-333-1 libwmf 2006-08-09 Mandriva MDKSA-2006:132 libwmf 2006-07-28 Fedora FEDORA-2006-831 libwmf 2006-07-18 Fedora FEDORA-2006-832 libwmf 2006-07-18 Fedora FEDORA-2006-805 libwmf 2006-07-12 Fedora FEDORA-2006-804 libwmf 2006-07-12

Comments (none posted)

rssh: bypass access restrictions

Package(s):	rssh	CVE #(s):	CVE-2006-1320
Created:	July 17, 2006	Updated:	July 19, 2006
Description:	Russ Allbery discovered that rssh, a restricted shell, performs insufficient checking of incoming commands, which might lead to a bypass of access restrictions.
Alerts:	Debian DSA-1109-1 rssh 2006-07-16

Comments (none posted)

vixie-cron: directory permissions

Package(s):	vixie-cron	CVE #(s):
Created:	July 18, 2006	Updated:	July 19, 2006
Description:	vixie-cron has a directory permission issue, the cron spool directories had the wrong permissions and have been changed to 0700. The security implications of the previous permissions are unspecified.
Alerts:	Fedora FEDORA-2006-823 vixie-cron 2006-07-17

Comments (none posted)

webmin: arbitrary file read

Package(s):	webmin	CVE #(s):	CVE-2006-3392
Created:	July 19, 2006	Updated:	August 7, 2006
Description:	Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files.
Alerts:	Gentoo 200608-11 webmin 2006-08-06 Mandriva MDKSA-2006:125 webmin 2006-07-18

Comments (none posted)

wireshark: multiple vulnerabilities

Package(s):	wireshark	CVE #(s):	CVE-2006-3627 CVE-2006-3628 CVE-2006-3629 CVE-2006-3630 CVE-2006-3631 CVE-2006-3632
Created:	July 19, 2006	Updated:	August 16, 2006
Description:	Wireshark (formerly Ethereal) reports numerous vulnerabilities in versions 0.8.16 up to and including 0.99.0.
Alerts:	Red Hat RHSA-2006:0602-01 wireshark ethereal 2006-08-16 Fedora FEDORA-2006-860 wireshark 2006-07-28 Debian DSA-1127-1 ethereal 2006-07-28 Gentoo 200607-09 wireshark 2006-07-25 rPath rPSA-2006-0132-1 wireshark 2006-07-19 Mandriva MDKSA-2006:128 wireshark 2006-07-18

Comments (none posted)

zope: privilege escalation

Package(s):	zope	CVE #(s):	CVE-2006-3458
Created:	July 13, 2006	Updated:	August 9, 2006
Description:	Zope version 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 has a privilege escalation vulnerability related to its failure to deactivate the raw command. Remote users with privileges to edit zope pages with RestructuredText can cause arbitrary files to become exposed.
Alerts:	SuSE SUSE-SR:2006:019 fbi gimp libwmf X.org zope horde 2006-08-09 Debian DSA-1113-1 zope2.7 2006-07-18 Ubuntu USN-317-1 zope2.8 2006-07-13

Comments (1 posted)

Kernel release status

The current stable kernel is 2.6.17.6, released on July 15. This release fixes some problems caused by 2.6.17.5, which, in turn, fixed a local root vulnerability in the /proc filesystem code. 2.6.16.25 and 2.6.16.26 were also released with the same fixes.

The current 2.6 prepatch is 2.6.18-rc2, released by Linus on July 15. It contains a large number of fixes and the per-task delay accounting patch set. See the long-format changelog for the details. Once -rc2 came out, the merging of patches into the mainline came to a halt for the Kernel Summit and the Ottawa Linux Symposium.

The current -mm tree is 2.6.18-rc1-mm1. Recent changes to -mm include Atmel architecture support and a lot of fixes.

Comments (none posted)

The 2006 Linux Kernel Summit

The group photo is available in medium and high resolution.

The 2006 Linux Kernel Summit was scheduled for its traditional time: the two days prior to the opening of the Ottawa Linux Symposium. Also following tradition, LWN editor Jonathan Corbet, a member of the Summit program committee, was there and taking notes.

Day 1: July 17

Discussions held during the first day of the Kernel Summit include:

• The processor panel, wherein three vendors discuss their future product plans with the kernel developers.

• Mini-summit summaries: updates from the storage, wireless networking, filesystems, memory management, and power management mini-summits.

• Kernel quality and development process. Andrew Morton looks into whether the kernel really has a quality problem, and at ways to improve the way the kernel is developed.

• The ioctl() interface, dedicated to the proposition that this much-criticized system call is not always evil.

• The kernel ABI, how to avoid breaking it, and how to best maintain tools which are tightly coupled to the kernel.

• Software suspend, what it will take to make it work reliably, and whether user-space software suspend is a good idea.

• Documentation: the current state of affairs and what can be done to improve it.

Day 2: July 18

The second and final day of the kernel summit included these sessions:

• Realtime: the state of the realtime patches.

• Embedded systems and what is required to better support them.

• Security; in particular, the fate of AppArmor and the Linux Security Modules framework.

• Paravirtualization and containers and how to make multiple virtualization solutions work in one kernel code base.

• Automated testing: work being done to catch kernel bugs before they affect users.

• The VFS layer.

• Scalability: how big can Linux go?

• DMA and IOMMU issues.

• Development process II; a final look at the process and the conclusion of the summit.

In summary: in your editor's opinion, this was one of the more successful kernel summits. The discussions were energetic and interesting, the topics covered were relevant, and some real decisions were made. While there are always improvements which can be made, it seems that the kernel process is functioning well and the developers are, for the most part, working well together. Things are going relatively smoothly, so the summit did as well.

Comments (23 posted)

Embedded Linux: Small Kernels

A few years back, LWN noted the introduction of a new project led by Matt Mackall to help trim the fat from a bulging Linux kernel: the TinyLinux project. In a paper presented the 2004 Ottawa Linux Symposium Mackall explained that much code had been added over the years to the kernel to improve performance for certain classes of hardware but that, over time, this code had become less helpful with newer hardware and in some cases even caused performance degradation.

The solution was to provide a mechanism to remove features from the kernel that were unnecessary for certain classes of hardware, making the kernel smaller and more suited to certain environments. This includes embedded devices like those in the consumer electronics market but also older systems (like 386-based hardware and handhelds) which typically have tighter resource restrictions (less memory, smaller caches, reduced storage, and so forth). To this end, Mackall created the TinyLinux project which provides a set of patches (or one giant patch) aimed at making various features in the kernel optional as a way of reducing the size of the kernel.

A Meaningful First Step

Mackall's project based on his original paper is called TinyLinux, and is also known as the -tiny tree. It consists of a number of small patches allowing users to disable various features that otherwise might not be configurable. This includes items like switching from the SLAB allocator to a more space-efficient version called SLOB, configurable IDE and serial PCI hardware support, optional support for asynchronous I/O, sysfs and vm86, and minimizing VT support. There are also patches for debugging with netconsole, kgdb and kgdb-over-ethernet.

TinyLinux comes as a set of patches. Users are free to pick and choose which patches they want to apply to the kernel source. Alternatively they can use a monolithic patch that applies all of the TinyLinux features to the source. Once the patches are applied, TinyLinux features can be enabled under the "General Setup->Configure standard kernel features" menu that is displayed with "make menuconfig".

The goal of the project has always been to build a modern kernel that will run in as little as 2MB of RAM. That includes console, disk and network support. Guidelines set by Mackall for the project include:

1. Anything that isn't applicable to all systems should be configurable.
2. Patches should be small and independent so integrators can choose the ones of value to them.
3. Attempt to make the patches mergeable with the mainline.

TinyLinux Features

Once the selected patches have been applied the configurable options will be found under the General Setup page in the kernel config menu (re: make menuconfig). At the bottom of this page is an option labeled "Configure standard kernel features (for small systems)". This option, which is the CONFIG_EMBEDDED option in the kernel config file, must be set in order to reach the next level menu where the TinyLinux options live.

There are 80 patches in the 2.6.14 release for TinyLinux which add a much smaller set of configurable kernel options. Some of the more interesting options include the following (listed with the menuconfig label followed by the kernel config file option in parenthesis):

Enabled accounting of kmalloc/kfree allocations (CONFIG_KMALLOC_ACCOUNTING)

This patch adds accounting features for kmalloc/kfree calls. While not meaningful in itself for reducing kernel image sizes or runtime memory allocation, this patch can be useful in helping to track down memory leaks and abusers of dynamically allocated memory. The patch adds a /proc/kmalloc entry that can be read to find kmalloc/kfree usage statistics. See the LWN announcement of this patch from 2005 for more details.

BUG() support (CONFIG_BUG)

This patch isn't in the 2.6.14 patch set. It was originally delivered in early 2005 and has since been rolled into the kernel mainline. The config option removes all the kernel BUG and WARN messages. It is said to trim about 35k off the typical kernel as well as make the system slightly faster.

Enable ELF core dumps (CONFIG_ELF_CORE)

This patch allows removing of the code that handles ELF core dumps. Small systems don't tend to need ELF core dumps because there probably isn't any way for the consumer to view the dump, nor do you usually want the consumer to see it. The config option, if not set, strips a large chunk of lines from the fs/binfmt_elf.c file.

Enable inline measurement (CONFIG_MEASURE_INLINES)

When enabled produces data during a kernel compile that can be saved to a file and processed by the count-inlines script to show the number of code instantiations. This option counts instantiations by marking the inline functions as deprecated. If you set this, be prepared for a very verbose build output.

Number of swap files log2 (0 => 1, 5 => 32) (CONFIG_MAX_SWAPFILES_SHIFT)

This sets the maximum number of swap files that can be configured. The value is log2 so 0 means 1 swap file and the maximum, 5, means 32 swapfiles. The old default is 5, and that's the same setting if this option is not changed.

Use full SLAB allocator (CONFIG_SLAB)

If this is not set, then -tiny replaces the advanced SLAB allocator and it's associated kmalloc support with a simpler system called SLOB. From the original post for SLOB from Matt:

SLOB is a traditional K&R/UNIX allocator with a SLAB emulation layer, similar to the original Linux kmalloc allocator that SLAB replaced. It's significantly smaller code and is more memory efficient. But like all similar allocators, it scales poorly and suffers from fragmentation more than SLAB, so it's only appropriate for small systems.

Use mempool allocator (CONFIG_MEMPOOL)

Mempools were an early part of the 2.5 tree that were introduced as part of the (then) new block I/O layer. The goal was to provide a solution to prevent deadlocks for memory requests that had to succeed but could not sleep. For some small system configurations preallocating pools of memory could be considered both unnecessary and a waste of limited resources. However, the introduction of this option raised some interesting concerns over whether mempools really reduced deadlock to zero to begin with and that removing mempools completely might ensure that deadlocks were guaranteed to occur. In any case, use of this option can help with small memory systems but be aware that even Matt has said that "deadlock odds are significantly higher with some usage scenarios."

Working With TinyLinux

TinyLinux was last updated for the 2.6.14 kernel. To find out if these patches really worked to reduce the image size and let the kernel run in as little as 2MB of memory, I experimented with the -tiny patches with this kernel. First, I compiled the kernel for my Via EPIA-M kernel and a stripped down Busybox initramfs that simply booted into a shell prompt.

I then applied the TinyLinux monolithic patch. The kernel built from this is based on the the configuration options specified on the CE Linux Forum page about using TinyLinux. This page is not quite in sync with the latest TinyLinux so I had to modify their suggestions slightly.

The compiled kernels are compressed to boot on the test board. The compressed files show roughly 410KB are saved in the TinyLinux image:

    mjhammel(tty3)$ l linux-2.6.14*
    -rw-r--r--  1 root root 1550312 Jun 25 23:09 linux-2.6.14-via
    -rw-r--r--  1 root root 1139708 Jun 26 22:08 linux-2.6.14-tinylinux

Memory Usage

To find out if TinyLinux really helped, we can first check to see if the text, data and bss sizes in the images changed significantly. The size-delta script (from the CE Linux Forum) program can read the uncompressed Linux kernel images and compare how much of an impact TinyLinux is having:

    $ size-delta vmlinux.via vmlinux.tinylinux
    vmlinux.via  =>  vmlinux.tinylinux
     text:  2695282  2050286  -644996 -23%
     data:   440124   229107  -211017 -47%
      bss:   178912   129976   -48936 -27%
    total:  3314318  2409369  -904949 -27%

As you can see, the final configuration produces up to 27% reduction in size compared to the original Via configuration.

But the things that the TinyLinux patches really affect can only be seen when you check runtime memory usage. The best way to see how the kernel looks at boot time is to check dmesg for the memory usage line. I booted the Via kernel (sans TinyLinux patches) first and checked it's usage:

% dmesg | grep Memory
   Memory: 4028k/8192k available (2179k kernel code, 3756k reserved, 727k data, 160k init, 0k highmem)

Then I tried the TinyLinux kernel. There is a minor problem with using dmesg here. In the config for this kernel, as suggested by the CE Forum configurations, I disabled the printk()'s using a TinyLinux option, but dmesg needs those printk()'s. Turning printk()'s back on increases the memory usage for the kernel. It's a tradeoff that is required to make it easy to see the changes in memory usage at runtime.

The TinyLinux kernel produced this line at boot time:

% dmesg | grep Memory
   Memory: 4028k/8192k available (1794k kernel code, 3072k reserved, 484k data, 136k init, 0k highmem)

The "reserved" number is the amount of memory the kernel has taken out of circulation before anything starts running - it includes the "kernel code" amount and various other things. Both kernels were booted with mem=8M. The TinyLinux kernel saved about 400k in kernel code and close to 700k in reserved memory.

To see if I could use other options (not listed in the CE Forum suggestions) to get the kernel smaller, I tried the following:

	Disabled these:
	- Enable panic reporting code 
	- Enable various size reductions for networking 
	- Enable ethtool support 
	- Enable device multicast support 
	- Enable inline measurement 
	
	Enabled these:
	- Optimize for size 

The results were even better:

% dmesg | grep Memory
    Memory: 5016k/8192k available (1526k kernel code, 2768k reserved, 464k data, 126k init, 0k highmem)

This produced a savings of nearly 1M. And I haven't even tried to strip the kernel of unnecessary drivers yet.

If you want to get more into it, have a look at /proc/slabinfo. It contains the system slab caches and how much memory is committed to each. This is low-level grungy information, but part of what -tiny does is to try to reduce the size of many of the slabs. The "slab" line in /proc/meminfo gives a total of the memory consumed by slabs. For the last kernel I built, meminfo showed a Slab value of 796kB. On the original kernel this value was 872kB.

The Future of TinyLinux

The latest TinyLinux patch set works with the 2.6.14 kernel. Many features from Linux-tiny have already been integrated into the 2.6 mainline kernel and Mackall is in the process of trying to clean up what's left for final merging.

Mackall stated at a CELF presentation that TinyLinux wasn't helping much anymore. Additionally, he wasn't getting a lot of feedback or contributions to the project, making his efforts to create new TinyLinux releases for new kernel releases all the harder. According to Mackall, the problem might have been his quick, early success with the project:

Mackall is in the process of rolling most of the patches into the mainline.

Beyond TinyLinux

What else can you do to reduce kernel size? The CE Linux Forum Open Test Lab offers resources for working with system size. Some suggestions include the use of SquashFS and CramFS for using extremely compact ramdisk based root filesystems. This is a subject I'll take up in my next article on Embedded Linux.

One area not discussed in the use of smaller network stacks, such as the uIP stack. Such solutions are not for the novice systems integrator, however, and go way beyond simple patching and recompiling of the kernel. So, caveat developer.

In the next installment of this series I'm moving past the kernel and up to the root filesystem. The root filesystem is necessary not only to boot but to get access to the applications you're inevitably going to run on your small system. Keeping the root filesystem small involves a mixture of special build tools and utilities along with clever kernel modules. I'll be looking at BusyBox, compressed filesystems like SquashFS and the special UnionFS filesystem.

Comments (9 posted)

Debian server compromise

Last Wednesday it was discovered that gluck.debian.org had been compromised. Several Debian services, hosted on gluck, were unavailable while that machine was taken offline for examination and reinstall. Other debian.org machines were also locked down until the vulnerability could be found and fixed.

Gluck and other machines were restored to service by the following day. A local root vulnerability in the Linux kernel was used to gain root access through a compromised developer account.

This issue exists in Linux kernels from 2.6.13 and up to 2.6.17.3, or in 2.6.16 up to 2.6.16.23. Debian Sarge uses Linux kernel 2.6.8 and is not affected.

Comments (3 posted)

Novell announces SUSE Linux Enterprise 10

Novell has announced the release of SUSE Linux Enterprise 10. "“We're extremely proud and excited to provide the latest and most innovative Linux desktop and server technology to our customers,” said Jeff Jaffe, executive vice president and chief technology officer for Novell. “We also look forward to showing the world the capabilities of SUSE Linux Enterprise 10 in August at LinuxWorld, as we address the pressing needs of today's IT executives by being first to deliver fully supported Linux innovations such as Xen virtualization, exceptional performance and scalability, application-level security, and improved desktop usability.”" (Thanks to Stephan Binner.)

Comments (none posted)

SUSE Linux 10.2 Alpha2 Release - and distribution rename

SUSE Linux 10.2 (Basilisk Lizard) Alpha2 has been announced, along with a name change. "We'll rename SUSE Linux into openSUSE. With current naming we experienced confusion internally and externally between the project openSUSE and the distribution created there. And especially with the new naming of our Linux business products (SUSE Linux Enterprise 10) the differentiation between our business products and community/consumer product is not intuitive. Therefor the upcoming community/consumer version will be named openSUSE 10.2. We'll implement first name changes with Alpha 3 starting directly after Alpha 2 and will have a fully renamed distribution with Beta 1 in Nov."

Comments (6 posted)

rPath Linux 1.0.3 available for x86 and x86_64

rPath Linux has released updated images for rPath Linux 1. "The new images incorporate installation changes, new kernels, and all package updates released as of July 12. If you have already installed rPath Linux 1, you should update your current system using Conary rather than reinstall using the new images. In this update, additional image types are now available for use with VMWare, QEMU, and other emulation technologies. A "live" or "demo" CD image is included as well."

Full Story (comments: none)

Dzongkha Version of Debian GNU/Linux 3.1 launched

The Dzongkha Localization Project has released a complete localized version of Debian GNU/Linux 3.1. From the press release (click below): "The Bhutan Department of Information Technology chose Debian for its high versatility and reliability as well as the guarantee to always remain 100% Free Software. DzongkhaLinux developers have already contributed back their translations and development (fonts, input methods...) to both Debian and end-user applications, such as GNOME, OpenOffice.org and the Mozilla."

Full Story (comments: none)

dyne:bolic 2.1 codename DHORUBA

Dyne:bolic GNU/Linux is a live bootable CD that may be installed to a hard drive if desired. Version 2.1 has been released. "DHORUBA is a complete rebuild and modular rewrite of the whole system, enhanced for full usability and open for developers to join maintenance. Recent versions of audio and video tools provide a fully featured multimedia studio out of the box, ready for being employed at home, in classrooms and in media centers."

Full Story (comments: none)

Freespire Linux OS Beta 1 Released (LinuxElectrons)

LinuxElectrons looks at the first beta of Freespire Linux. There are two editions of Freespire, one that includes proprietary codecs, drivers and applications "for an enhanced, "out-of-the-box" user experience" and the Freespire OSS Edition which contains only open source software.

Comments (1 posted)

ROCK 3 RC3 ISOs uploaded

The third release candidate for Rock Linux 3 is available for testing. "i just finished uploading the 3rd release candidate of what has been decided to be ROCK 3. If no more show-stopper bugs are found, i'd tag in subversion and release this as -final as soon as th agrees, then the feature-freeze can be lifted and all the cool new stuff applied."

Full Story (comments: none)

Debian 'Etch' release update

A status update for the upcoming Debian "Etch" release has been posted. Highlights include: the December 4 release date still holds, a 2.6.17 (or later) kernel will be used, and the version number for Etch will be 4.0. Click below for the full text.

Full Story (comments: 3)

Bits from the Package Tracking System

Raphael Hertzog takes a look at the latest changes made to the Debian Package Tracking System. "The PTS will be used to relay informations from derivative distributions. Therefore, a new keyword "derivatives" has been implemented. By default, a PTS subscriber won't receive the messages associated to this keyword unless he has already manually activated the "cvs" keyword (i.e. the set of users having the "derivatives" keyword has been initialized as the set of users having the "cvs" keyword because those people can read patches and are most probably interested in them)."

Full Story (comments: none)

FC6 Test2 Freeze Slip

The schedule for Fedora Core 6 test 2 has slipped again. FC6 has updated to a 2.6.18-rc based kernel and Xen isn't working as well as it should, so the release has been delayed to get Xen working.

Full Story (comments: none)

Introducing Fedora Women

The Fedora Women program has been launched. "This new program provides a forum for communication between the women of Fedora, and it will eventually offer additional support to the women that help make Fedora what it is." Also the fedora-women-list mailing list is now available, as is the #fedora-women IRC channel on freenode.

Full Story (comments: none)

Fedora at O'Reilly OSCON 2006

Everyone attending OSCON (July 24-28) is invited to visit the Fedora Project in the .org pavilion. The Fedora Project will also be running a Birds of a Feather session.

Full Story (comments: none)

Retiring the Tao Linux project

The Tao Linux project is shutting down. Tao Linux users are encouraged to switch to CentOS.

Full Story (comments: none)

Ubuntu Edgy freeze

Matt Zimmerman reports that the Upstream Version Freeze is on schedule. "This means that we will no longer automatically import unchanged source packages from Debian, and that syncs or uploads of new upstream code require freeze exceptions. The usual exceptions apply where our release cycle is coordinated with upstream (e.g. GNOME, and projects developed within Ubuntu)."

The Knot 1 Freeze is the first milestone freeze of the Edgy Eft cycle. "Once Knot-1 is released, the freeze will be lifted again and we will be in UpstreamVersionFreeze doing regular feature development."

Comments (none posted)

Please participate in the Ubuntu Popularity Contest !

The Ubuntu Popularity Contest (or popcon, in short) gathers statistics on packages installed and used by users. Once a week, the popularity-contest package submits data to a central server. The data is then processed anonymously to generate the statistics available on popcon.ubuntu.com.

Full Story (comments: none)

Ubuntu Developers Sprint - August 2006

The next Ubuntu Developers Sprint is now confirmed. The details are listed on the wiki.

Full Story (comments: none)

Debian Weekly News

The Debian Weekly News for July 18, 2006 covers the Debian server compromise, updated Sarge CD images with newer kernel available, the new wildcard behavior of tar, and several other topics.

Full Story (comments: none)

Fedora Weekly News Issue 55

The Fedora Weekly News looks at FC6 test2 freeze slipping by a week, Packaging Committee Information, How was NECC 2006?, SELinux blocks local privilege escalation vulnerability, Linux Magazine: AppArmor vs SELinux, New Linux Hardware Compatibility List Launches, and several other topics.

Comments (none posted)

Gentoo Weekly Newsletter

The Gentoo Weekly Newsletter for July 17, 2006 covers VDR project seeking help, developer of the week - Jason Wever, conference information, and much more.

Comments (none posted)

Ubuntu Weekly Newsletter - Issue No. 6

This issue of the Ubuntu Weekly Newsletter covers the Chicago LoCo Team, a Kubuntu meeting, new KOffice and Amarok, the Edubuntu Community Grows, the Feature Of The Week - Baobab, and more.

Full Story (comments: none)

DistroWatch Weekly, Issue 160

The DistroWatch Weekly for July 17, 2006 is out. "As you may recall, Ladislav is on vacation in Fiji. When he asked if I'd like to write DistroWatch Weekly in his absence, I admit I was a bit intimidated. So, be gentle with me kind readers, it's my first time. In the news section the big news this week was Novell's decision to rename SUSE Linux to openSUSE, a Debian server was hacked, and PCLOS is still logo shopping. Released this week was BLAG Linux and GNU 50000, PC-BSD 1.2, and SUSE Linux 10.2 Alpha 2. This week we are presenting an in-depth interview with our own "keeper of the record." Oh, and as Ladislav always says, "Happy reading!""

Comments (none posted)

Fedora updates

Updates for Fedora Core 5: qt (bug fixes), mc (bug fixes), kdelibs (bug fixes), anthy (new upstream release), kasumi (bug fix), flex (bug fixes), selinux-policy (not specified), util-linux (bug fixes), createrpo (fiddle revision to build for FC5), quota (big fix), indent (add buildrequires makeinfo), sed (sync with devel branch), flex (bug fixes)system-config-kickstart (bug fix), perl-Net-IP (upgrade to upstream version 1.25), tog-pegasus (more upstream 2.5.2_APPROVED bug fixes), selinux-policy (bump for FC5), mailcap (add audio and video x-ms mime types), hplip (update to 1.6.6a), system-config-kickstart (bump release to fix updates), coreutils (update to 5.97), GFS-kernel (update to 2.6.17-1.2157_FC5), dlm-kernel (update to 2.6.17-1.2157_FC5), cman-kernel (update to 2.6.17-1.2157_FC5), gnbd-kernel (update to 2.6.17-1.2157_FC5), flex (reverted posix patch).

Updates for Fedora Core 4: nfs-utils (minor bugs), tzdata (not specified), indent (bug fixes), sed (not specified), flex (syncing with devel branch), mc (bug fixes), flex (reverted posix patch).

Comments (none posted)

Mandriva update to apache2

Mandriva has updated apache2 packages to address a logging bug in Mandriva Corporate 3.0.

Full Story (comments: none)

rPath updates

Updates for rPath Linux 1: conary, conary-build, conary-repository (Conary 1.0.23 maintenance release), latex2html (bug fix).

Comments (none posted)

Slackware updates

The Slackware-current change log says, "We *are* getting closer to 11.0, friends." A 2.6.16.24 kernel was followed by a 2.6.16.27 kernel in extras/ and there's a 2.6.17.6 kernel in testing. Other upgrades include samba, KOffice and lilo.

Comments (none posted)

New Fedora test lead begins work (NewsForge)

NewsForge introduces Will Woods. "Will Woods, the new test lead for the Fedora Project, has only been in his position a few weeks, but already he has a clear goal in mind. Whenever Fedora is mentioned on Slashdot, he notes, "There's always someone who will comment that Fedora is just Red Hat's beta test for Red Hat Enterprise Linux (RHEL). It's not true, and I want no one to have cause to say that ever again.""

Comments (16 posted)

Using DesktopBSD (O'ReillyNet)

O'ReillyNet reviews DesktopBSD. "Like PC-BSD, DesktopBSD provides many features that will allow a complete Unix novice to start using the operating system immediately. Those already familiar with FreeBSD and the KDE desktop will recognize the tools underlying the GUI conveniences."

Comments (none posted)

Feather Linux: Light is right (Linux.com)

Linux.com has a short review of Feather Linux. "As a live CD, Feather can accomplish a lot of tasks, such as performing backups of your existing hard drive files or recovering a misbehaving operating system. You can also boot with the "toram" option, which loads the CD to RAM, thus allowing you to eject the CD-ROM whilst improving the overall speed of the system. There are other possibilities as well, such as booting Feather from a USB stick, or from a multi-session CD, which allows you to add more packages to the live CD, in effect creating your own customized Feather CD."

Comments (none posted)

A first look at SUSE Linux Enterprise Desktop 10 (DesktopLinux.com)

DesktopLinux reviews SLED 10. "The newest SUSE Linux Enterprise Desktop, version 10, is so close to being done that you can almost taste it. Novell released the gold master last week to its partners, and the server version, SLES (SUSE Linux Enterprise Server), based on the same code, is also almost ready for release. This is an early review of the new version of SLED 10 (SUSE Linux Enterprise Desktop)."

Comments (none posted)

Linux Starter Kit: a review (NewsForge)

NewsForge reviews the Sams Publishing's Linux Starter Kit. "Sams Publishing's Linux Starter Kit bundles a SUSE Linux 10.1 DVD, a searchable SUSE reference manual in PDF, and a paperback Quick Start Guide together in one $40 package. Here is a look inside. Since SUSE 10.1 has already been reviewed extensively, and is not the product of Sams' efforts, I will dispense with reviewing directly. It is worth examining Sams' choice of distributions, however. SUSE is a good choice because -- despite being historically a KDE distro -- since its acquisition by Novell, it has elevated GNOME desktops to more-or-less equal status."

Comments (none posted)

The Rosegarden MIDI Sequencer

Rosegarden is a MIDI sequencer application for Linux that has been under development for a number of years. The Freshmeat listing shows the initial project registration on May, 1998. The project went through a branch/rewrite, the original version was renamed X11-Rosegarden and the new Qt-based version was named Rosegarden 4. The current project description states:

The Rosegarden online tour explains the capabilities of the software. Rosegarden features include:

• A matrix editor for working with MIDI note events.
• A notation editor for working with musical scores.
• Musical notation can be exported to LilyPond for professional quality output.
• Built-in capabilities for sequencing of audio clips.
• An event editor for working with MIDI events.
• Support for graphical editing of MIDI control changes.
• Input from a remote MIDI keyboard, the computer keyboard or a mouse.
• Output to MIDI devices and software synthesizers.
• Support for the LADSPA audio processor plugin API.
• Support for DSSI-compatible software synthesizers.
• Support for ALSA-compatible MIDI software synthesizers.
• Integration with the JACK Audio Connection Kit and associated tools.
• An integrated audio mixer.
• Unlimited undo/redo functionality.
• Translations available for 14 languages.

Stable version 1.2.4 of Rosegarden was released this week, it is a bug-fix release: "The 1.2.4 release addresses several issues with the prior 1.2.3 feature release. 1.2.4 introduces no new application features."

The latest version of Rosegarden is available for download here, it is a good idea to review the minimum system requirements for hardware selection and supporting software before installing the software.

If you are looking for a capable MIDI sequencer, give Rosegarden a try.

Comments (3 posted)

BEAST/BSE v0.7.0 is available

Version 0.7.0 of BEAST/BSE, the BEdevilled Audio SysTem and the Bedevilled Sound Engine, is out. "The 0.7 development series of Beast focusses on improving usability and ease of music production. Feedback is very much appreciated, please take the opportunity and provide your comments and questions in online forums like the Beast Help Desk, Beast Bugzilla or the mailing list, all of which can be reached through http://beast.gtk.org/."

Full Story (comments: none)

netjack 0.12 announced

Version 0.12 of netjack, a JACK Audio Connection Kit network driver, is out. "This release finally handles the packet disordering UDP does. Thus high channel counts can now be achieved. However a 24ch in/out link over 100Mbit gave me a major "net xrun" storm on vanilla 2.6.15 kernel. At a roundtrip latency of 2.9ms that is. It was reliable with 5.8ms. 16 channels gave me some "net xruns", which i could not hear though. i expect this performance to increase when using an rt-kernel with the network-irq set to rt-prio. So please report back."

Full Story (comments: none)

Release 2.0.6 of Linux-HA is available

Version 2.0.6 of Linux-HA, a cluster control application, is out. "2.0.6 has significant bug fixes and enhancements making it a worthwhile upgrade for anyone running R2 CRM-style configurations, or who want to."

Full Story (comments: none)

SXP releases HampusDB, the worlds first Open Source Hybrid Database

SXP has announced the release of HampusDB as open-source software. "HampusDB is a flexible and efficient hybrid database, a mixture of a filesystem and a database. The aim is to fill the gap when storing data in a relational database is to rigid and storing data in textfiles is too cumbersome. A typical example would be XML, configuration or heirarchical data."

Full Story (comments: none)

FreeImage 3.9.1 released (SourceForge)

Version 3.9.1 of the FreeImage graphics library has been released. "Release 3.9.1 fixes a bug in the GIF plugin. This bug may cause FreeImage to crash on some malformed GIF files, so that an update is highly recommended."

Comments (none posted)

Wireshark 0.99.2 is now available

Version 0.99.2 of Wireshark, a network protocol analyzer, is available. This release includes security fixes, bug fixes and lots of new capabilities.

For some history on Wireshark, see this recent LWN interview with developer Gerald Combs.

Full Story (comments: none)

BlockSSHD version 0.5 released (SourceForge)

Version 0.5 of BlockSSHD is out with a bug fix. "BlockSSHD protects computers from SSH brute force attacks by dynamically blocking IP addresses by adding iptables rules."

Comments (3 posted)

WSMT v1.3 Released (SourceForge)

Version 1.3 of the Web Service Modeling Toolkit has been announced. "The main aim of this release has been to improve the functionality of the WSML Text Editor and Reasoner Views with respect to syntax completion. In the previous release only keywords where recommended and this keyword recommendation was not sensitive to the current location in the document. This release sees the addition of full context sensitive syntax completion."

Comments (none posted)

smbind 0.4.4 released (SourceForge)

Version 0.4.4 of smbind is available. "Smbind-0.4.4 has been released. Smbind is a PHP-based tool for managing DNS zones for BIND via the web. Supports per-user administration of zones, error checking, and a PEAR DB database backend. This is a bugfix release."

Comments (none posted)

jack_capture V0.3.1, das_watchdog V0.2.2 and Mammut V0.22 announced

A triple announcement for the audio applications jack_capture V0.3.1, das_watchdog V0.2.2 and Mammut V0.22 has been posted.

Full Story (comments: none)

OpenWFE 1.7.1 released (SourceForge)

Version 1.7.1 of OpenWFE has been announced. "This is a new release of OpenWFE, an open source java workflow engine / environment. It is a complete Business Process Management suite, with 4 components : an engine, a worklist, a webclient and an 'apre' (Automatic Participant Runtime Environment). OpenWFE 1.7.1 brings two new features : decision tables and generic (regex) users. Decision tables are excel tables used to modify workitem fields. Generic users is a new technique for managing users and their task lists."

Comments (none posted)

GNOME 2.15.4 Released

Version 2.15.4 of the GNOME desktop environment is available. "This is our fourth development release on our road towards GNOME 2.16.0, which will be released in September 2006. GNOME 2.15.4 has some rough edges but you should definitely try it to see how well it works."

Full Story (comments: none)

GARNOME 2.15.4 announced

Version 2.15.4 of GARNOME, the bleeding-edge GNOME distribution, is out. "2.15.x has been especially rough on all of us due to the API/ABI changes. We are finally beginning to see the light. With a two day delay to fix all kinds of build and dependency issues throughout the entire GNOME stack, GNOME 2.15.4 finally got ready to be released today. Given that work and the fact we are getting closer to the various freezes in the unstable branch, we are heading straight towards feature complete, stable and usable apps again -- ready for all your smoketesting pleasure."

Full Story (comments: none)

GNOME Software Announcements

The following new GNOME software has been announced this week:

• Agave 0.4.0 (new features and bug fixes)
• control-center 2.15.4 (new features, bug fixes, documentation and translation work)
• Eye of GNOME 2.15.4 (code cleanup and translation work)
• GnomePython 2.15.4 (unstable testing release)
• gtkmm 2.9.8 (new features and documentation work)
• Hippopotamus 0.1 (initial release)
• Mathusalem 0.0.1 (initial release)
• PyGObject 2.11.0 (unstable testing release)
• PyGTK 2.9.3 (unstable testing release)
• Vala 0.0.1 (preview release)

You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week:

• digikam and digikamimageplugins 0.8.2 (bug fixes and translation work)
• kdesvn 0.9.0 (new features, bug fixes and translation work)
• KTorrent 2.0rc1 (bug fixes)

You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

KDE Commit-Digest (KDE.News)

The July 16, 2006 edition of the KDE Commit-Digest has been announced. "In this week's KDE Commit-Digest: Unity, a project to re-synchronise KHTML with WebKit, has begun, with work continuing throughout the week. Support for suspend and resume on KIO jobs. KSpread gets support for scripting with Python and Ruby. One Summer Of Code project, "C# parser for KDevelop", reaches the feature-complete stage, with progress in the "Advanced Session Management", "GMail-style conversations for KMail" and "WorKflow" projects. Fixes made to support the German language in KLettres, with large-scale refactoring work in Kiten."

Comments (none posted)

LyX 1.4.2 is released

Version 1.4.2 of LyX, a GUI front-end to the TeX typesetting system, is out. "This is a bug fix release that improves performance, stability and native OS support."

Full Story (comments: none)

New Evolution patch reduces memory by 40-60MB (GnomeDesktop)

GnomeDesktop.org covers a new release of the Evolution email client. "Philip Van Hoof wrote: "Here are the patches to get the upstream version of evolution-data-server and evolution-exchange to start using the mmap technique for loading the header and content info summary data of Evolution and tinymail. I expect it to reduce memory usage of Evolution with approximately fourty to sixty megabytes of ram, depending on the amount of folders you have.""

Comments (none posted)

TuxGuitar 0.7 has been released (SourceForge)

Version 0.7 of TuxGuitar is available. "We have released TuxGuitar-0.7, a multitrack guitar tablature editor and player written in Java-SWT, It can open GP3,GP4 and GP5 files. Changes: A score viewer was added. A transport was added. A clone track option was added. An option to move a track up and down was added."

Comments (none posted)

eGroupWare maintainance release 1.2-104 available (SourceForge)

Maintenance release 1.2-104 of eGroupWare has been released. "This is a maintainance release of eGroupWare, a multi-user, web-based groupware suite developed on a custom set of PHP-based APIs. Currently available modules include: email, addressbook, calendar, infolog (notes, to-do's, phone calls), content management, forum, bookmarks, and wiki. Release 1.2-104 contains no new features, only bugfixes. Every productional system should get updated to this version."

Comments (none posted)

KOffice 1.5.2 Released (KDE.News)

Version 1.5.2 of KOffice has been announced. "The KOffice team today released the second bug-fix release in their 1.5 series. Several crash bugs were fixed, as well as a PowerPC issue in Krita and of course many smaller issues. There are also updated languages packs and a totally new language: Traditional Chinese."

Comments (none posted)

Open Movie Editor 0.0.20060712 released

Stable version 0.0.20060712 of the Open Movie Editor is available. "Open Movie Editor is designed to be a simple tool, that provides basic movie making capabilities. It aims to be powerful enough for the amateur movie artist, yet easy to use." See the status page for the project state.

Comments (none posted)

Caml Weekly News

The July 18, 2006 edition of the Caml Weekly News is out with new Caml language articles.

Full Story (comments: none)

GNU CLISP 2.39 released

Version 2.39 of GNU CLISP has been released. "This version features better ANSI compliance, improved I/O functionality and performance, a new argument for SAVEINITMEM, and more. CLISP is one of the most popular and actively maintained open-source Common Lisp implementations."

Full Story (comments: none)

Urwid 0.9.5 announced

Version 0.9.5 of Urwid, the console UI library for Python, is out with new features and bug fixes.

Full Story (comments: none)

Dr. Dobb's Python-URL!

The July 17, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Dr. Dobb's Tcl-URL!

The July 18, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

SDCC 2.6.0 RC1 released

Version 2.6.0 RC1 of SDCC, the Small Device C Compiler, is available. "SDCC is a Freeware, retargettable, optimizing ANSI - C compiler that targets the Intel 8051, Maxim 80DS390, Zilog Z80 and the Motorola 68HC08 based MCUs. Work is in progress on supporting the Microchip PIC16 and PIC18 series. The entire source code for the compiler is distributed under GPL."

Comments (none posted)

Brazil (Linux Journal)

Nicholas Petreley finds an allegory for the world of free software in the movie "Brazil". "The world depicted in a different movie, "Brazil", is similar to that of Matrix in that it is governed by controlling self-interest. Freedom, as in free speech, is a partial cure for controlling self-interest, which is what makes the concept of free software superior to any other type of software. But there's more to free software than concept. There's implementation. And that's where free software sometimes gets into trouble with self-interest."

Comments (9 posted)

In the Beginning Was Linux? (The Loom)

Carl Zimmer has written an essay that looks at software evolution from a biological point of view. "If the software performed better--in the sense that an organism had more reproductive success--the changes might become incorporated into the genome across an entire species. This was only a metaphor, but it was a powerful one. One example of its power is the rise of genetic algorithms. Rather than trying to find a perfect solution to a problem--the ideal shape for a plane, for example--genetic algorithms create simulations and tweak them through a process that mimics evolution. The algorithm can seek out good solutions very effectively. This sort of evolution resembles old-fashioned, closed-source software. All of the innovations happen in-house--that is, within a single species." (Thanks to Martin Michlmayr.)

Comments (none posted)

SCO's Redacted Objections to Wells' Order and Appendix (Groklaw)

Groklaw analyzes SCO's new redacted version of its Objections to Order Granting in Part IBM's Motion to Limit SCO's Claims. "Note as I do with a smile number 2 on the list, where Sontag's statement was that they had compared the Linux kernel and System V and found "many instances where our proprietary software has been simply copied and pasted or changed in order to hide the origin..." SCO then states in the Appendix: This is an accurate statement of comparison work performed by SCO in advance of public statements. There are in fact instances in which SCO's proprietary System V code was simply copied and pasted into the Linux kernel or associated libraries that were then included in a Red Hat distribution. Items Nos. 183, 184, 272. Ah! Weasel! Thy name is SCO. Hint to nongeeks: the libraries they are talking about are not part of the Linux kernel."

Comments (1 posted)

Google adds ODF to its online office moves (Linux-Watch)

Linux-Watch reports on Google's joining with the ODF Alliance. "To Google's recent purchase of Writely, a Web-based word processor; the creation of Google Spreadsheet; and the release of Google Calendar, you can now add impending broad support for the ODF (Open Document Format) to Google's online office moves. During the 4th of July week, Google quietly joined the ODF Alliance. The Alliance seeks to promote and advance the use of ODF."

Comments (none posted)

Red Hat Pushes Linux Into Telecom (internetnews.com)

internetnews.com reports on Red Hat's moves into the world of Telecom. "Linux leader Red Hat is aggressively pushing its Linux solutions into the telecom space with a series of new partner initiatives. One part of the push is Red Hat's partnership with IBM and HP, which is intended to produce a hardware and software combination targeted at carrier-grade deployment. The other part is Red Hat's Telecommunications Partner Program, which is about driving both awareness and adoption of Red Hat-based carrier-grade solutions and platforms."

Comments (none posted)

Embedded Linux specialist RidgeRun runs again (Linux Devices)

Linux Devices covers the reappearance of RidgeRun. "RidgeRun, a stalled start-up focused on Linux development for Texas Instruments (TI) dual-core (RISC/DSP) processors, has re-launched. The new RidgeRun will offer Linux, Windows, and RTEMS BSPs (board support packages), drivers, application development, and software integration services for ARM-based processors from multiple vendors, including TI. Todd Fischer, who directed engineering for the old RidgeRun, will provide technical leadership for the new RidgeRun as well. Other principals include Clark T. Becker, former CTO of Best Buy, and Michael Frank, a former Best Buy GM."

Comments (none posted)

Mandriva Linux Powers Moroccan Ministry of Agriculture (LinuxElectrons)

LinuxElectrons reports on the use of Mandriva Linux by the Moroccan Ministry of Agriculture. "The Ministry of Agriculture, Rural Development and Sea Fisheries (MARDSF), one of the first Moroccan government departments to take advantage of free software, has just signed a contract with Liberty Tech to migrate all its servers to Mandriva Linux. Technical support will be handle by Mandriva and Liberty Tech via a yearly subscription to the Mandriva Corporate Club."

Comments (none posted)

Growth of Open Source Solutions in Healthcare in the 21st Century (Virtual Medical Worlds Monthly)

Virtual Medical Worlds Monthly looks at open source software in the health care industry. "It is important to recognize that a wide range of OSS solutions are already in use in health care, generally consisting of technical tools and business applications - Linux, Apache, Open Office, mySQL, FireFox, and other fairly well known products. In addition, there are a large number of health care specific OSS solutions that have also been developed and are being widely deployed, such as OSCAR, FreeMed, MedLine, BLAST, Epi-X, SaTScan, VistA, and many more." (Found on LinuxMedNews)

Comments (none posted)

Open, programmable humanoid robot runs Linux (LinuxDevices)

LinuxDevices reports on the Japanese Choromet robot project. "Four companies in Japan have created a low-cost, user-programmable humanoid robot targeting educational and research applications. The HRP-2m Choromet uses technology from Japan's National Institute of Advanced Industrial Science and Technology (AIST), and is user-programmable thanks to open software running on a user-space real-time Linux implementation. The Choromet stands about 13-3/4 inches tall, and is capable of walking upright on two legs. It can also assume supine or prone positions, and stand up from either."

Comments (none posted)

Day One of New EU Patent War

Florian Mueller from the NoSoftwarePatents campaign has sent us an update on the latest EU patent proposal, the European Patent Litigation Agreement (EPLA). "Florian Mueller, the founder of the award-winning NoSoftwarePatents campaign that helped to defeat the EU software patent directive last year, was one of the speakers at the hearing. He said in his speech that the EPLA "is just another attempt to give software and business method patents a stronger legal basis in Europe than they have now. [...] From a software patents point of view, the EPLA would have far worse consequences than the rejected patentability directive would have had: not only would software patents become more enforceable in Europe but also would patent holders in general be encouraged to litigate.""

Full Story (comments: 10)

French law affects copyright, DRM, Apple (Macworld UK)

Macworld UK reports on a new copyright law in France. "The French law on authors' rights orders the creation of a new regulatory authority to ensure companies using DRM respond to requests for interoperability information. DRM technology developers may prevent publication of source code based on the information they disclose if they can show that it hurts their system's security. That's bad news for programmers wanting to distribute alternatives under an open-source licence, said noted free software campaigner Richard Stallman. "If they are allowed to provide such information under NDA, then it would not be possible to develop free software using the information," since the NDA - or nondisclosure agreement - would forbid publication of the source code, Stallman said at a conference in Paris on Monday." (Thanks to Max Hyre.)

Comments (4 posted)

Ubuntu open to aiding derivative distributions (NewsForge)

NewsForge looks at GPL compliance and the derivative distribution. "The article revealed that many distributions' maintainers were erroneously assuming that they did not need to provide source repositories for packages they did not modify, so long as the original upstream distribution did provide the source code. This responsibility is by no means new, but seems to have been widely overlooked. David Turner, GPL compliance officer at the Free Software Foundation, suggested that these distros might come into compliance by making some arrangement with the upstream supplier."

Comments (5 posted)

Source Distribution and the GNU GPL (NewsForge)

Richard Stallman looks at source distribution compliance for the GPL v2, and how it could change in GPL v3. "The goal of the GNU GPL is to ensure that all users have the four essential freedoms -- (0) to run the program, (1) to study and change it, (2) to redistribute it, and (3) to distribute modified versions. Access to the source code is essential for freedom 1 and freedom 3. Thus, we designed the GNU GPL to insist that all redistributors make the source code available to their users. This requires them to do a little extra work, but that work is generally necessary for the sake of the users' freedom. Keeping source code conveniently and reliably available for the users is more important than saving distributors a little effort."

Comments (4 posted)

Net Neutrality Advocates Face Off (eWeek)

eWeek covers a debate over network neutrality between Vinton Cerf and David Farber. "What Farber is most worried about, he said, is poorly drafted legislation that would leave regulation of the Internet open to broad interpretations that could lead to unintended restrictions on the use of the Internet . He said that regulators, in an attempt to somehow make the Internet more fair, could actually end up restricting access. "The network never has been a fair place," he said. Cerf responded, saying that the Internet flourished when common carriage rules applied, but Farber argued that such regulation could become a slippery slope if Congress gets involved."

Comments (none posted)

People Behind KDE: Ellen Reitmayr (KDE.News)

KDE.News has announced a new People Behind KDE series interview. "Today on People Behind KDE we introduce you to Ellen Reitmayr, one of KDE and OpenUsability.org's top usability experts. Ellen has done a lot to help the usability of Kontact and other applications but is now focusing on a consistent user experience for the whole KDE desktop. In her interview we get to find out about her "denkbrett" and "liebsters"."

Comments (none posted)

Interview: JRuby Development Team (Linux Journal)

Pat Eyler interviews the JRuby development team. "Alternative Ruby implementations seem to be on the move throughout the Ruby community. JRuby is the furthest along at this point, so I decided to talk to Charles Nutter and Thomas Enebo, two of the principal programmers on the project. Read on to hear what they have to say about Ruby, JRuby, and the art of re-implementing Ruby."

Comments (none posted)

Michlmayr: QA brings together the cathedral and the bazaar (NewsForge)

NewsForge talks with Martin Michlmayr. "In the last two years, Martin Michlmayr has gone from serving as Debian Project Leader to studying for a doctorate at the Centre for Technology Management, University of Cambridge. His dissertation, tentatively titled "Quality Improvement in Volunteer Free Software Projects: Exploring the Impact of Release Management," is sponsored by Google, Intel, and other companies with an interest in free software development. Michlmayr told NewsForge he sees the need for quality assurance as the price that many projects must pay for their popularity and growing maturity. However, in order to perceive this need correctly, he believes, projects need to take a revised look at the familiar dichotomy of the cathedral and the bazaar."

Comments (none posted)

Updating and installing software in Ubuntu (Linux.com)

Linux.com has produced a pair of videos on Ubuntu package management. "The first video in this pair shows you how to update all the software in your Ubuntu GNU/Linux installation in a single, big gulp. The second video shows you how easy it is to install and remove software with the Synaptic Package Manager."

Comments (none posted)

Accessing network resources in a mixed environment (Linux.com)

Linux.com has published an article on using NFS across multiple operating systems. "The first thing that comes to most sysadmins' minds when they hear about file and print services in mixed Windows and Linux environments is probably Samba, but you can also make a rock-solid system for sharing resources via NFS on the *nix platform and DiskShare on Windows. What's wrong with Samba? Nothing. I use DiskShare on Windows instead of Samba's SMB/CIFS sharing because I need a fileshare on Windows storage (SAN) to be accessible by Solaris clients, and unfortunately there is no SMB/CIFS support in the Solaris kernel yet."

Comments (none posted)

Data Protection for LAMP Applications (O'ReillyNet)

O'ReillyNet covers data security in LAMP applications. "An often overlooked aspect in the LAMP application solution is the protection of the application and configuration data. This article examines how to use available open source tools to protect the LAMP application data. The security aspects of the application data and securing the LAMP application servers is beyond the scope of this article. It is also important to test the data recovery scenarios before the actual need arises."

Comments (none posted)

Site helps developers navigate open-source jungle (ZDNet)

ZDNet covers a new web site that aims to be a directory of open source projects. "While other open-source databases offer this to some degree, many times developers are left wondering about licensing, Collison said. Accordingly, Ohloh also lists the licenses held for the open-source project, as well as a link to the full text of each license. (The name Ohloh refers to a cry of enlightenment in Buddhism and also the name of the first surfboard in Hawaii.)"

Comments (2 posted)

LastFMProxy makes a good service better (Linux.com)

Linux.com looks at using LastFMProxy with Last.fm. "In "Last.fm makes Internet music social," Dmitri Popov extols the wonders of Last.fm, a "social" music site that lets users create Internet radio stations that fits their tastes. Last.fm provides a free player for Linux, but if you want to use Last.fm with your favorite Linux player, you'll need the LastFMProxy written by Vidar Madsen."

Comments (2 posted)

Create a secure Linux-based wireless access point (Linux.com)

Linux.com looks at WPA2. "Wi-Fi Protected Access version 2 (WPA2) is becoming the de facto standard for securing wireless networks, and a mandatory feature for all new Wi-Fi products certified by the Wi-Fi Alliance. We all know the security weaknesses of its predecessor, WEP; this time they got it right. Here's how to implement the WPA2 protocol on a Linux host and create a secure wireless access point (WAP) for your network."

Comments (1 posted)

Linux Pre-installed on a AMD 64-bit Based System for $300 (LinuxElectrons)

LinuxElectrons looks at the latest hardware from Technalign. "Technalign has said that they have partnered with Britt Systems in Florida to provide a 64-bit AMD 2800+ computer for under $300.00. The certified system will include a SATA 80 GB hard drive, CD-RW, 256 MB of memory, 1.44 MB floppy, 400-Watt power supply, and a full OEM copy of the newly released Frontier Operating System."

Comments (4 posted)

Firefox 2.0 preview (NewsForge)

NewsForge takes a look at the first beta of Firefox 2.0. "I tested the new release on Ubuntu Linux 6.06 "Dapper Drake" on two machines. On the first machine, I moved my .mozilla directory so I could start with a fresh new profile; on the second, I left my profile in place. If you're going to test Firefox 2 Beta 1, it might be a good idea to back up your ~/.mozilla directory, just in case, so that your profile isn't corrupted if you decide to switch back to the Firefox 1.5 series."

Comments (none posted)

Smart Package Manager: a better mousetrap (Linux.com)

Linux.com covers the Smart Package Manager. "The Smart Package Manager hopes to beat the native package management applications for distributions like Red Hat, SUSE, and Debian at their own game. Still in beta, it has support for most major GNU/Linux package and repository formats, with a modular codebase that hints at further compatibility. Smart introduces many innovative and useful ideas, but its killer feature, with which it purports to excel beyond its counterparts, is the algorithms it uses to select packages and versions that best resolve dependencies and ensure cooperation between the hundreds of applications and libraries on a user's system."

Comments (6 posted)

OpenOffice.org Extensions (Linux Journal)

Linux Journal takes a look at OpenOffice.org extensions. "OpenOffice.org extensions are a quick way to add functionality. Writable in a variety of languages, including Java, JavaScript, OpenOffice.org Basic, Python, and C++, they allow developers to contribute features without having to master much of OpenOffice.org's notoriously cryptic source code. For users, they provide quick fixes for commonly requested features."

Comments (none posted)

Review: Levanta Intrepid M (Linux.com)

Joe 'Zonker' Brockmeier reviews the Levanta Intrepid M on Linux.com. "So, how does it work? Basically, the Intrepid M provides centralized management for Linux servers and workstations. Machines that are managed by the Intrepid, boot over the network off of images stored on the Intrepid, called Vservers. The Intrepid also provides storage for those machines, so local disks are not necessary. Once a machine boots off of the Intrepid appliance, you can manage the machine from the Intrepid interface -- so it's possible to update systems, reboot, power on or off, and even move a managed host from one physical machine to another. The most appealing thing about the Intrepid is that it abstracts the system from the hardware."

Comments (2 posted)

Ekiga 2.0.2 Review (Softpedia)

Softpedia reviews Ekiga 2.0.2, a VoIP and teleconferencing application. "Ekiga (formely known as GnomeMeeting) is an open source VoIP and video conferencing application for GNOME. Ekiga uses both the H.323 and SIP protocols. It supports many audio and video codecs, and is interoperable with other SIP compliant software and also with Microsoft NetMeeting."

Comments (none posted)

LGPL - A change on the way (Groklaw)

Groklaw covers some changes to the LGPL license, as told by Richard Stallman and Eben Moglen at the GPLv3 conference in Barcelona, Spain. "Instead of being a separate license, the LGPL will be the GPL with additional privileges, a kind of template of what additions should be. First Stallman: One of the nice things this has enabled us to do is: we have been able to rewrite the Lesser GPL - the GNU LGPL - so that it uses this clause. The GNU Lesser GPL will not have to restate most of the things in the GPL, it will say it's the GNU GPL plus these added permissions. One of the other benefits we get from this is that we make it clear that any time someone adds extra permissions on top of the GNU GPL, that when you modify the program you can take off those added permissions. You can release your version under the strict GPL and nothing more."

Comments (10 posted)

Free Standards Group Unites Linux Printing Initiatives

The Free Standards Group has announced the merging of Linuxprinting.org and the OpenPrinting workgroup. "The Free Standards Group (FSG), a nonprofit organization dedicated to developing and promoting open source software standards, today announced Linuxprinting.org, the de facto standard repository for printer drivers on Linux, is merging with the FSG's OpenPrinting workgroup and will be integrated and supported in the Linux Standard Base (LSB). The result will be easier and standardized printing functionality on Linux and an ease of support for Linux and printing vendors and makes the Free Standards Group the central organization for printing on Linux and open source Unix."

Full Story (comments: 4)

Season of KDE 2006 (KDE.News)

KDE.News has announced the first Season of KDE event, which takes place from July 10 - November 11, 2006. "The first Season of KDE has started. The Season of KDE is a follow-up project to Google's Summer of Code, giving all the applications that did not make it into the final selection a chance to be implemented anyway. We are happy to announce that 14 students have agreed to work on their projects even without the financial support from Google."

Comments (none posted)

KDE e.V. Hardware Fundraiser Week (KDE.News)

KDE.News has posted a request for hardware funds. "It's hot and you're melting? The KDE.org hardware infrastructure owned by KDE e.V. is melting as well! Out of the desperate need to upgrade our current disk RAID, we need new hard drives. If you have visited bugs.kde.org any time the last couple of months, you've noticed that this site often responds extremely sluggish. To improve the situation, we need to employ a new server, but need some more money for the hard drives for this beast!"

Comments (none posted)

Cluster File Systems Attains World Leadership Position

Cluster File Systems(TM), Inc. has sent out an announcement about its Lustre File System. "(CFS), announced that its Lustre(R) File System has established a world leadership position in High Performance Computing (HPC) in the area of parallel, scalable cluster file systems. With the most recent release by the TOP500 Supercomputer Sites, it was confirmed that the highest-ranked supercomputers in North America, Europe and Asia rely on Lustre technology to meet their requirements for scalability and high performance."

Comments (none posted)

Microsoft and XenSource to Develop Interoperability for Windows Server Virtualization

Microsoft Corp. has announced a partnership with XenSource Inc. "Microsoft Corp. and XenSource Inc. today announced they will cooperate on the development of technology to provide interoperability between Xen(TM)-enabled Linux and the new Microsoft(R) Windows(R) hypervisor technology-based Windows Server(R) virtualization. With the resulting technology, the next version of Windows Server, code-named "Longhorn," will provide customers with a flexible and powerful virtualization solution across their hardware infrastructure and operating system environments for cost-saving consolidation of Windows, Linux and Xen-enabled Linux distributions."

Comments (16 posted)

Former Unilever CTO to Lead OSDL's Work With Linux Users in Europe

Open Source Development Labs has announced the appointment of Colin Hope-Murray as its Linux User Advisory Council director for Europe, the Middle East and Africa. "Hope-Murray will focus OSDL's EMEA efforts with a specific emphasis on the requirements of Linux and open source users. Europe is considered a spawning ground for Linux and open source projects. With projects such as Linux, Mandriva, MySQL, Trolltech and many others rooted in Europe, the region is in a position to drive new business opportunities around these technologies. Hope-Murray will help facilitate user discussions that bring potential obstacles to the surface and help drive solutions."

Comments (none posted)

VMware second quarter results

VMware has announced its second quarter financial results. "VMware, an independent subsidiary of EMC with separate sales, marketing and R&D, grew total Q2 revenues 73% year-over-year to $157 million, its highest growth rate in five quarters. VMware now has an annualized run rate of $630 million."

Full Story (comments: none)

CLAM has won the 2006 ACM Open Source Multimedia Contest

CLAM has won the 2006 ACM Open Source Multimedia Contest. "CLAM is an open-source C++ framework for doing research and application development in the audio and music domain. It offers a conceptual model for audio systems, a repository of processing algorithms, data types, and tools , as well as applications for analysis, synthesis and processing of audio signals. These features can be exploited to build cross-platform applications or to build rapid prototypes."

Full Story (comments: none)

The OpenWengo Code Camp

The OpenWengo Code Camp has been announced. "OpenWengo Code Camp is a friendly, challenging and mind-stimulating contest aimed at pushing open source software projects forward. Students apply for proposed software development subjects for which they have a particular interest in. These subject proposals describe ways to bring enhancements to existing or new FOSS projects, generally by writing source code."

Comments (none posted)

TimeSys adds Embedded Training to Educational Webinar Series

TimeSys Corporation has announced a new Embedded Linux Webinar Series for LinuxLink Subscribers. "TimeSys(R) Corporation, the leading developer service provider for the embedded Linux market, announces the next series of embedded Linux webinars, available beginning mid-July. The latest series will cover topics ranging from testing and validation features available for LinuxLink subscribers to advice on some great projects in the open source community targeted directly at embedded developers."

Full Story (comments: none)

23rd Chaos Communication Congress 2006: Call for Participation

A call for participation has gone out for the 23rd Chaos Communication Congress 2006. The event takes place in Berlin, Germany from December 27-30, 2006, submissions are due by September 15.

Full Story (comments: none)

OSDC Israel 2007, Call for Participation

A Call for Participation has gone out for OSDC Israel 2007. The event will be held in Netanya, Israel on February 20-22, 2007, submissions are due by September 10.

Full Story (comments: none)

RUXCON 2006 Final Call For Papers

The final call for papers has gone out for RuxCon 2006, a security conference. The event will take place at the University of Technology in Sydney, Australia on September 30 - October 1, 2006. Submissions are due by September 15.

Full Story (comments: none)

ToorCon 2006 Call for Papers

A call for papers has gone out for the ToorCon 2006 hacker convention. The event will take place at the San Diego Convention Center in San Diego, CA on September 29 - October 1, 2006. Submissions are due by August 18.

Full Story (comments: none)

Health Care Open Source Conference (LinuxMedNews)

LinuxMedNews has announced the LinuxWorld Healthcare Day, which will take place at the upcoming LinuxWorld Conference and Expo in San Francisco, CA. "Linux World is hosting a Health Care day organized by OSDL.org on August 15. This is shaping up to be a key event on open source and health care -- a focused opportunity to absorb the latest info on this wave of the future, a less expensive and safer way to go."

Comments (none posted)

Ohio LinuxFest registration now open

Registration is now open for the fourth annual Ohio LinuxFest, which is being held at the Greater Columbus Convention Center in Columbus Ohio on September 30, 2006.

Full Story (comments: none)

Call for participation: Siggraph 2006 (GnomeDesktop)

GnomeDesktop.org has posted a call for participation for the Siggraph 2006 graphics conference. The event will be held on August 1-3, 2006 in Boston, MA. "The Blender Foundation, the GNOME Foundation (including the GIMP) and the Uni-verse consortium have partnered together to organize a presentation of Free and Open Source software for the entire Computer Graphics creation pipeline. We will have a 30'x20' island stand in the main aisle of the Siggraph 2006 conference."

Comments (none posted)

Annual WebGUI Users Conference announced

Plain Black Corporation has announced the WebGUI Users Conference. The event will take place in Las Vegas, NV from September 13-15, 2006. WebGUI is an open-source content management system.

Comments (none posted)

Events: July 20 - September 14, 2006

Date	Event	Location
July 20 - 22, 2006	Ottawa Linux Symposium 2006(OLS 2006)	Ottawa, Canada
July 22 - 23, 2006	LugRadio Live	(Wolverhampton University)Wolverhampton, UK
July 24 - 28, 2006	O'Reilly Open Source Convention(OSCON 2006)	Portland, Oregon
July 29 - August 3, 2006	Black Hat USA 2006 Briefings and Training	(Caesars Palace)Las Vegas, NV
July 30 - August 3, 2006	SigGraph 2006	(Boston Convention and Exposition Center)Boston, MA
August 4 - 6, 2006	DEF CON 14	(Riviera Hotel)Las Vegas, NV
August 4 - 6, 2006	Wikimania	(Harvard Law School)Cambridge, MA
August 4 - 6, 2006	Vancouver Python Workshop	Vancouver, BC, Canada
August 8 - 10, 2006	Flash Memory Summit	(Wyndham Hotel)San Jose, CA
August 14 - 17, 2006	LinuxWorld San Francisco 2006	(Moscone Center)San Francisco, CA
August 14 - 17, 2006	ApacheCon Asia	(Trans Asia Hotel)Colombo, Sri Lanka
August 17 - 18, 2006	Python for Scientific Computing(SciPy2006)	(Caltech)Pasadena, CA
August 18 - 19, 2006	The Ubucon Conference	(Google headquarters)Mountain View, CA
August 28 - 31, 2006	Bellua Cyber Security Asia 2006	(Jakarta Convention Center)Jakarta, Indonesia
September 11 - 13, 2006	OpenOffice.org Conference(OOoConf 2006)	Lyon, France
September 12 - 15, 2006	php|works/db|works 2006	Toronto, Canada
September 13 - 15, 2006	2006 WebGUI Users Conference	(The Vegas Club Hotel and Casino)Las Vegas, NV
September 14, 2006	NLUUG najaarsconferentie 2006	(De Reehorst)Gelderland, The Netherlands
September 14 - 16, 2006	Wizards of OS 4 - Information Freedom Rules	Berlin, Germany

Comments (none posted)

The DMCA has started to be looked at on campaign.wiki.

Janet Hawtin has sent in an update on the campaigns.wikia DMCA discussion. "Jimmy Wales of wikipedia fame has started campaign.wiki http://campaigns.wikia.com/wiki/Campaigns_Wikia. While the overall site is still developing its primary goals (ie whether the site is for campaigners to develop better ways of getting to the public, or whether the publi[c] are discussing issues to add real content to [there] is the beginning of a DMCA discussion. The page has been trolled and vandalised already, and is locked. So I am posting to the discussion page to request that the information be updated."

Full Story (comments: none)

Videos online from 2-day GPLv3 event

Videos from the 3rd International GPLv3 Conference are available.

Full Story (comments: none)

Konqcast at KDE://radio (KDE.News)

KDE.News has announced the availability of new audio interviews. "At the recent KDE Four Core meeting Aaron Seigo interviewed a number of the developers. You can hear them now on the new KDE://radio (listing) site. Subscribe to the podcast feed in Ogg or MP3. The interviews cover the new liveui framework, Akonadi PIM Storage Service, the Human Interface Guidelines and many more."

Comments (none posted)

CVE-2006-2451 update

From:		"Michael K. Johnson" <johnsonm-AT-rpath.com>
To:		lwn-AT-lwn.net
Subject:		CVE-2006-2451 update
Date:		Thu, 13 Jul 2006 16:46:14 -0400
Cc:		jmforbes-AT-rpath.com

In regards to http://lwn.net/Articles/190385/, we are providing an
updated advisory which radically revises the description of the
vulnerabilities and upgrades the rating.
 
I am concerned (and I with others have raised this concern on
vendor-sec) that there has been a tendency in advisories to label
almost any bug as a potential privilege escalation, and I fear that
doing so whenever no one is confident that the bug cannot lead to
a privilege escalation will lead to lack of attention paid to the
cases where there is a known privilege escalation vulnerablity,
due to alert fatigue.
 
Our approach is intentionally not to artificially inflate advisory
ratings, and to release updated advisories whenever appropriate.
It is always possible that in the human process of evaluating
severity, we will mis-judge any particular vulnerability. When we
do so, our policy is to release advisory updates, as we would for
any other significant mistake in an advisory. (This will be our
sixth advisory update for any reason, out of 126 released advisories
for rPath Linux 1.) The change in status itself should help avoid
the alert fatigue problem for users of rPath Linux.
 
Least importantly, your complaint about nominal version numbers
really doesn't apply to our advisory. It is specifically about
previous versions of the kernel package we provide, not previous
versions of the kernel. That distinction is both key to Conary
technology (we do not use version number ranking within Conary) and
also the reason that we consistently use wording such as "previous
versions of ... package" in our advisories. Our advisories are
not meant to cover software outside our repositories; the generic
descriptions of vulnerabilities is properly done within the CVE
system, not in vendor-specific advisories.
 
Thank you for recognizing that we did at least publish the
original advisory and update in a timely manner, and for your
continued intelligent and insightful coverage of Linux generally.

Comments (1 posted)

Yeah, a letter to the editor

From:		"Jay R. Ashworth" <jra-AT-baylink.com>
To:		letters-AT-lwn.net
Subject:		Yeah, a letter to the editor
Date:		Thu, 13 Jul 2006 18:07:14 -0400

Fancy that.
 
Think about this, folks:
 
What would we do if Microsoft released IE7.0 simultaneously...
 
for Windows 2K/XP, OS/X and Linux?
 
And was 100% ALA/Zeldman compliant?
 
Discuss.
 
Cheers,
-- jra
--
Jay R. Ashworth jra@baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274
 
        Fanfic: read enough, and you'll loose your mind. --me

Comments (8 posted)

Open letter to nVidia: Please open source the legacy nVidia video drivers

From:		"Floris Kraak" <randakar-AT-gmail.com>
To:		"Ken Brown" <kebrown-AT-nvidia.com>, "Derek Perez" <dperez-AT-nvidia.com>, "Andrew Fear" <afear-AT-nvidia.com>
Subject:		Open letter to nVidia: Please open source the legacy nVidia video drivers
Date:		Tue, 18 Jul 2006 13:18:02 +0200
Cc:		letters-AT-lwn.net, editors-AT-linuxtoday.com

Greetings,

The issue I am about to discuss has been talked about before. The
linux community has asked nVidia for open source video drivers in the
past and most likely will again. nVidia so far has consistently said
'no', citing various reasons*.

It is my belief many of those reasons are invalid when it comes to
drivers for cards older than two years**. The so called 'legacy'
drivers.


Allow me go through the arguments one by one.

1) 'the graphics market is hotly competitive .. [we] want to maintain
the proprietary, trade-secret nature of [the drivers] as long as
possible' (ATI quote)

This argument does not apply for legacy drivers. If you still have a
trade secret in a graphics card driver two years after it's released
the competition is simply not doing it's job. So far the evidence
suggests otherwise.


2) 'It's so hard to write a graphics driver that open-sourcing it
would not help' (quoting Andrew Fear)

That statement is just not true - neither the linux nor the X
community can be accused of not writing high quality, highly complex
software. It can be said*** that the reverse is true - it is so hard
to write a graphics driver that keeping it closed will hurt. It is
certainly not true for legacy drivers, where the development effort
largely consists of keeping them working as new kernel versions
appear. This effort would be considerably easier if these drivers were
to be part of the mainline linux kernel.


3) 'customers aren't asking for open-source drivers'

I'm a customer. I'm asking. With me there are tens of thousands of
linux enthousiasts who are asking. In fact large government
institutions such as the Department of Defense**** are asking too.
Given the current growth figures for Linux, Firefox and other open
source software I think it's safe to say pressure from real customers
will only grow with time*****.


4) Third-party intellectual property.

This may be the only reason I cannot argue against, simply because I
cannot argue against something if I don't know details about it. All I
can say is that nVidia appears to have stated in the past that this
was not a major obstacle. Even if it is an obstacle for some parts of
the code then nVidia may still be in a position to release partial
drivers, old libraries or even specs for the older cards.


Having countered the arguments against opening up legacy drivers I
want to make a case in favor of it. There are several reasons why
nVidia would benefit from opening up their legacy drivers.

a) Costs. It can easily be argued that opening up the legacy drivers
will shift some of the maintenance burden of those drivers to the
Linux community, freeing up development resources inside the company.

b) PR. nVidia will be lauded for doing the right thing, for showing
vision. It would probably be hailed as a victory for the open source
community and as such generate a fair amount of positive press.

c) Higher quality drivers. The open source community has long
maintained free software is higher quality software. Undoubtedly the
peer review process that is part of the linux development model will
help improve the drivers.


Finally, I call upon nVidia to put it's money where it's mouth is.
Andrew Fear said****** "We believe in open source where it makes
sense". It makes sense here. I call upon nVidia to follow up on that
statement.


*) A short list of them, and some debuking can be found here:
http://lwn.net/Articles/180633/

**) Needless to say I am in support of Open Sourcing the graphics
drivers of all major players entirely. But I am not making an argument
for that here.

***) "On binary drivers and stable interfaces", discussing why keeping
a driver closed source hurts development.
http://lwn.net/Articles/159313/

****) Department of Defense report "recommends that the DoD move to a
roadmap to adopt open source and open standards, maintaining that such
a move is not only in the US national interest, but in the interests
of US national security."
http://www.businessreviewonline.com/os/archives/2006/07/o...

*****) Also interesting is the fact that graphics cards get compared
on how well they support Linux nowadays:
http://tomshardware.co.uk/2006/07/12/geforce_and_radeon_t...

******) "We believe in Open Source when it makes sense."
http://www.zdnetasia.com/news/software/0,39044164,3935258...


Regards,
Floris Kraak
---
"Any technology distinguishable from magic is insufficiently advanced."
   --- Corollary to Clarke's Law

Comments (13 posted)