LWN.net Weekly Edition for August 10, 2006
PostgreSQL business: another look
Last Week's Edition carried an article on the difficulties of the PostgreSQL business, using Pervasive Software's exit from that field as an example. Numerous comments were posted, but none mentioned another PostgreSQL-based business which, by all appearances, is going strong. That business is EnterpriseDB, which has just announced the closing of a $20 million funding round.EnterpriseDB's main offering is a version of PostgreSQL aimed at companies looking to get away from Oracle. All of the expected support offerings are there, but the key piece is a compatibility module which makes it easy to port Oracle-based applications. That greatly reduces the cost of moving to PostgreSQL, though customers will have to cope with losing the soft, warm feeling that comes from dealing with Oracle's contract negotiators. The biggest customer for this offering, so far, would appear to be Sony, which is moving its online games sites over to EnterpriseDB.
Unlike PostgreSQL, EnterpriseDB is not free software. It can be freely downloaded, and the license even allows for free use - as long as the user has a single-CPU system with less than 1GB of RAM, and the total database size does not exceed 4GB. Those who want to run larger systems or who want support from EnterpriseDB can pay between $1000/year (per CPU) for "Silver" support up to $5000/year for a "Platinum" package with 24x7 support, one-hour email response, tuning assistance, and access to the source code. See the EnterpriseDB pricing page for details.
So this company may look like the exception that proves the rule. It is not really selling PostgreSQL support; instead, it is selling licenses and support for a proprietary product which happens to have PostgreSQL at its core. The company does not release its code as free software, and it is distributing a number of enhancements (including the Oracle compatibility layer and a number of claimed performance improvements) without contributing those back to the PostgreSQL community. From the point of view of the PostgreSQL license, there is nothing wrong with this behavior; the PostgreSQL developers have explicitly allowed their work to be used in this manner.
This is not a case of a company hitching a free ride on a free software project, however. The company's senior database architect is Bruce Momjian, a long-time top-tier PostgreSQL hacker; a number of other PostgreSQL developers are on the payroll as well. Much of the work these people do does go right into the PostgreSQL code base. The company has also contributed to a fund to sponsor future PostgreSQL development. It would be hard to argue against the idea that EnterpriseDB is, on the whole, a good thing for PostgreSQL, even if its proprietary software business model does not sit well with everybody.
As it turns out, EnterpriseDB does offer PostgreSQL support - at least, for Sun customers running PostgreSQL on Solaris. For everybody else, there is a very long list of support providers out there, most of them apparently quite small companies. So the PostgreSQL support business might not be quite as hard as last week's article may have indicated - though it appears that a proprietary twist may be required for those wanting to go for the big bucks.
Google's project hosting service
Google used the recent O'Reilly Open Source Convention (OSCON) to announce that it is launching a project hosting service. The two primary features of the this service are Subversion hosting, and a brand new take on managing bug reports.
Google has seven Subversion developers on staff who are building a new storage back-end for Subversion to store data in a "Bigtable." A Bigtable is a system for storing and managing very large amounts of structured data. The system is designed to manage several petabytes of data distributed across thousands of machines, with very high update and read request rates coming from thousands of simultaneous clients. This architecture allows Google to scale Subversion up to the meet the demands of storage and concurrency it believes will be needed to serve its members. According to Google's Greg Stein, “The existing two back-ends for Subversion (Berkeley DB and flat files) just do not have the capability to scale to our needs. The Bigtable system also gives us things like failover, monitoring, and performance tuning capabilities that are not present in the standard Subversion back-ends.” More information on Google's version of Subversion can be found on the FAQ.
When asked if Google intends to contribute its Bigtable code back to Subversion, Greg Stein responds: “We're certainly not opposed to the concept, but the devil is in the details.” The issue is that the code that interacts directly with Bigtable cannot be contributed back to the Subversion project since Google has no plans to publish the source code to Bigtable at this time. Stein explains, “We have made a number of changes in the functional tests, and a couple higher level libraries that we are going to contribute back.” However, source code changes that are highly specific to Google's environment will not be contributed back to the Subversion project because as Stein says, “It would not make sense...[since]... those changes would needlessly pollute the code base with no measurable benefit for others.” In essence Stein isn't opposed to contributing source code back to the community and stresses that “We've got to figure out what the best line is that helps the public code base".
One potential solution is to publish a non-working copy of the back-end database simply to see if there is some interest in the open source community for reviewing Google's model. Stein says: “The lessons learned and control/data flow patterns might be helpful for other, future back-ends.” Since Google started work on a version of Subversion that could be integrated with Google's technology “We have been heads-down getting the service built and delivered to the public”, claims Stein. He further states “We have much more work that we want to do, but it may be time for a breather to review what we've done and figure out the best options to get some pieces published.”
Google's ability to contribute the source code for its issue tracker back to the open source community falls under constraints similar to those it faces with Subversion. Stein explains, “When you subtract the Bigtable code, the search technology, and a few of the other proprietary pieces, then there is actually very little left.” Stein asserts Google has talked about this right from the start. In the event that someone should want to replicate Google's issue tracker Stein, says, “We'd happily consult with that community about what we've done. There may be a couple pieces we can provide (under the Apache license).”
As for the architecture of the issue tracker, Google disregarded the idea of a heavily structured database and replaced it with a free-form system based on Google's search technology. Issues can be arbitrarily labeled to note version information, operating system, milestones, priority or other project specific information. Users can query across all of the descriptions, comments, and labels to find the relevant issues. Advanced search allows a user to search just the labels or just the status of an issue. On top of this new model for storing and querying issues, Google built an Ajax-based interface to make it very easy for users to interact with. Issues are listed in a standard list format but users can perform basic changes to the user interface including adjusting the columns and sorting.
Google has also made it simpler to submit a bug report. Stein says, “Today a user is typically faced with a crazy set of drop-downs and fields covering everything from priority, to software components, to the target milestones.” Stein asks the logical question: “How is the user supposed to know any of this? They just wanted to use that screaming mp3 server, and have no idea whether the affected component is Foo or Bar.” Google addresses this potential problem by only requiring the user to specify a summary and description. The user can also optionally attach files and an optional indication that they want updates as developers work on the bug report. Project developers can add, remove, or alter labels, assign owners, change the status to an existing bug report, and, when they are creating a new issue to be tracked in Google's issue tracker, they can add these labels as part of creating the bug report.
Stein claims, “Most open source groups don't require the heavy structure or workflow that is present in today's issue trackers.” Still Stein concedes that there are some large groups that do need these features, but they are typically in the minority. By focusing on the majority's needs, Google's take on bug reports could turn out to be beneficial for the open source community.
Google's Project Hosting enters a crowded space with alternative services from not only Sourceforge.net but also Savannah and Debian's Alioth, among others. This leads to the question of how easy is it to import a project, or to export it and move it somewhere else in the future. According to Stein, the answer is “Not very easy”. This is because at present there is no way to upload or download a Subversion dump file. Google engineers are working on both of these efforts. Stein says, “For upload, we'll maybe do something in combination with a file upload/download feature or rely on the revision of Subversion 1.4's sync/reply feature when it is released and after we upgrade the servers.”
Download is a different story. Google plans to make the dump file available to project owners so they can always access their complete information. Stein states, “We know how important it is to open source groups to know that they are not locked into a hosting service.” Google does not support the data export capability today but it does plan on allowing for the export of all information. The import and export functionality is not defined yet and Google plans to investigate using some simple APIs for this. Stein voices some concern about this approach and says: "I have a natural wariness with APIs. If you get them wrong then you can paint yourself into a corner.”
A question on some peoples' minds is: will Google project hosting offer the same services as Sourceforge? Google project hosting is similar to Sourceforge in its goal to encourage open source projects and foster productive open source communities. Aside from architectural considerations, another difference between the two services is the new Google service will not include Web site hosting and will initially target smaller projects. Since Google has no plans to make it easy to move a project from other hosting sites it appears that Sourceforge.net does not have to worry about losing its share of current users.
Stein stresses: “Sourceforge is one the major cornerstones of the open source community, and we have zero interest in damaging that foundation.” It is clear that, while Stein recognizes that people may develop tools on their own, especially once the Google project hosting system has a better import system, but he says, “We have no plans to be an instigator for that.” If you try to create a project at Google Code using a name of a Sourceforge project then Google will stop the process and note the conflict. An email will be be sent to the owner of the Sourceforge project requesting approval (or denying the project creation). Google wants to prevent malicious impersonation or accidental name conflicts and worked with Sourceforge to get a list of all hosted projects and email addresses of the owners. Google is also working with other hosting sites such as tigris.org, java.net and Codehaus to avoid naming conflicts.
Google has set initial storage limits at 100 MB for Subversion, and 50 MB for issue attachments. Stein says, “These limits will be more than enough for for open source projects, but we can individually adjust them for valid projects.” The limits are designed to prevent spam or abusive projects from inappropriately using Google's services to host content which is unrelated to free software projects or not freely redistributable.
The first step in getting started is creating a Gmail account, which is required for project owners and members. Owners have the ability to reconfigure projects, add/remove other owners and members, and to manage basic metadata about the project. Members can commit to the repository, and can change metadata on bug reports. To file a bug report or issue a comment on one, a user only needs a Google account with a verified email address. A Google account can be associated with any email address; a Gmail account is not required for this purpose. A valid email address is required so that the project members can get in touch with the person filing the bug report or in the event that further clarification is required.
Google requires a Gmail account for project owners and members in an attempt to obtain a higher certainty that they are not bots that could use the project space for spam or other malicious purposes. Also the fact that all owners and members use a Gmail account may also help Google in future integration efforts.
It is clear that Google wants to participate in the free software development process and provide a viable alternative to other open source project repositories. Less clear is whether Google hosting is merely a goodwill exercise with the open source community or whether its goal is to be a profit-making venture, either via advertising revenue or by encouraging more Gmail usage. Regardless, Google's new offering will no doubt be a useful service to open source developers and a challenge for other hosting sites to improve the services offered to their users. As we all know, competition is a good thing.
A couple of lessons on the hazards of proprietary software
The advantages of free software are not always immediately apparent to all computer users. Many people think that, since they have no interest in or ability for working with the source, its free availability is of no benefit to them. LWN readers, instead, tend to understand this issue well, so we try to resist harping on the point too much. Every now and then, however, the problems associated with non-free software hit such a level that one can only sit back and laugh - before writing a snide article on the subject.Wired News has been carrying the story of a robotic parking garage in Hoboken, New Jersey. This garage is apparently an impressive gadget, for those who enjoy this sort of mechanical technology. It also depends heavily on its operating software; without that software, the system cannot operate, and any cars which happen to be inside remain there.
And that is exactly what happened. Robotic Parking Systems, the company which owns said software, decided that the time had come to raise its rates. The city disagreed, and talks between the two came to an ugly point. Once the old contract ran out and Robotic's staff were escorted from the scene, the garage was no longer operable and hundreds of cars were left imprisoned inside. Robotic claimed that any attempt to operate the garage constituted copyright infringement, since the city no longer had a license to run the required software.
As is described in a local newspaper article, the situation was eventually resolved, with the city licensing the software for $5500 per month. There have been mumblings about how the city would have been better off running open source software. A quick check shows a relative paucity of viable free robotic garage projects at the moment, however.
A slightly older story can be found in this South Florida Business Journal article. It describes the experience of a Georgia medical practice, which used the "Dr. Notes" package for its patient records. The friendly Dr. Notes people decided to raise their support fees by a factor of four, and, when the practice declined to pay, stopped providing the monthly password required to make the system work. At that point, all of the clinic's medical records became inaccessible.
Impounded cars may be a major annoyance, but locking doctors out of their medical records can lead to life-threatening situations. Holding the keys to those records can give an unethical company a powerful weapon, useful for extorting price increases from its customers. It is not the sort of situation any business would want to get into, much less one which is concerned with health care. Access to a company's critical data should not depend on another company's continued good will.
Proprietary software will always carry this kind of risk. It is subject to the whims of the company behind the license agreement - and corporate whims can be subject to sudden and catastrophic change. One still hears stories of business leaders worrying about whether they can handle the risks of moving over to free software. They would be well advised to consider thoroughly the risks of not moving as well.
A new LWN events calendar
LWN readers who have consulted our Linux Events Calendar over the last years will have likely noticed that it is one of the less attractive parts of a site which, in general, is not well known for its eye candy. It is visually unattractive, difficult to read, and not entirely easy to navigate through. It is not integrated with the rest of the LWN site; it is, in fact, based on an ancient version of Zope and must contain no end of interesting security holes. And, as if that weren't enough, the calendar has increased its resource use, to the point that it is the culprit behind most of the LWN site slowdowns experienced over the last few months.It is also history. After a couple of weeks of frantic hacking, LWN.net is happy to announce the new LWN.net Events Calendar. There are a few advantages over the old system:
- It is somewhat less ugly than its predecessor. Please note that a
few residual rendering issues remain. It looks nice most of the time
in Firefox, looks better in Konqueror, and looks terrible with
Internet Explorer. It seems that your site code hacker's naive idea
of how CSS works does not entirely match IE's naive ideas on that
subject. Our response, of course, is to recommend immediate Firefox
upgrades for all IE users, but we'll try to smooth out the rendering
as well.
- There are a couple of preferences controlling how calendars are
displayed; logged-in users can tweak them in the account area. In particular, the starting day
of the week can be changed, and the calendar can be configured to
always display in the "printable page" format, making it easier to
read in relatively narrow windows.
- LWN readers can now submit events directly into the system. All events go through an approval phase before being posted, so there is no point in submitting uninteresting events (like the East Armpit Meds Fest, the Annual Blog Spammers' Rendezvous, or SCO Forum) to the calendar. If you have an event you would like to see on the calendar, and you've checked to be sure it's not already there, please go to the event entry screen and tell us about it.
Planned future enhancements include increasing the number of event types represented, adding different calendar views, and an iCal export mechanism. Meanwhile, have a look, and let us know if you have any improvements to suggest.
Security
A report from the Black Hat Briefings
Last week's Black Hat Briefings had little of the drama of last year's conference, but did provide some interesting presentations on security vulnerabilities and techniques to detect and avoid them. There was little in the way of full disclosure this year at Black Hat, most presentations obscured the specific sites or vendors affected and instead concentrated on the underlying technology and how it could be exploited. Most of the presenters represented companies engaged in security research and penetration testing for their clients and seemed to want to protect those clients and/or bring in new ones by their 'responsible' disclosure. How exactly that helps the users of vulnerable software is, of course, the obvious question.
The purported 'main event' of the conference was the presentation on device drivers by David Maynor and johnny cache. LWN reported on this wireless vulnerability several weeks ago and looked forward to more details being released. Unfortunately, the session was rather anticlimactic; the 'demo' was a video and the details were still obscured. Maynor and cache were concerned that attendees with wireless cards would packet capture the demo and decided to use video instead. The only new information released about the vulnerability was that it was against a third party wireless adapter for MacOS X. It is a shame that the session was over-hyped because the rest of the information presented, fingerprinting wireless cards based on their 802.11 behavior, was quite interesting.
Two major themes were evident, at least in the talks the author attended: Asynchronous Javascript and XML (AJAX) security and automated fuzzing approaches. Fuzzing is the process of modifying data in a file format or protocol to attempt to subvert the program and it comes in (at least) two flavors: dumb and targeted. Dumb fuzzing just randomly changes values within the format or protocol to elicit unexpected behavior. Targeted fuzzing is, as the name implies, more focused on the details of the format or protocol and tries to change things that logically fit within the structure but may be corner cases that the implementer did not expect. Several tools and techniques to automate fuzzing of both varieties were presented in different sessions.
AJAX is, of course, the 'Web 2.0' technology that is becoming the buzzword of choice for startup companies. It is also a way to increase the risk of web application vulnerabilities if implemented poorly. AJAX increases the attack surface of an application by exposing more interfaces that can potentially be exploited. It is also a relatively immature technique and much of the instructional material, particularly tutorials available on the web, do not even bring up the topic of security. Several sessions were devoted to discussing areas of concern in AJAX and how using other techniques (such as cross-site scripting) can lead to web worms and viruses.
LWN will be covering both of these topics in more detail over the coming weeks.
More than 3000 people attended this year - a 30% increase over last year; this increase was very evident when trying to maneuver through the hallways or attend a popular talk in a smaller room. Several comments were heard about Black Hat outgrowing Caesar's Palace and potentially moving elsewhere sometime in the future. Even with the unexpected level of attendance, the show was very well run and provided many interesting sessions; it is certainly worth a look as a security conference to attend in the future.
[ The author wishes to thank his employer, Privacy Networks, for financial support for his trip to Las Vegas for Black Hat.]
New vulnerabilities
apache: cross-site scripting
| Package(s): | apache | CVE #(s): | CVE-2006-3918 | ||||||||||||||||||||||||
| Created: | August 9, 2006 | Updated: | April 4, 2008 | ||||||||||||||||||||||||
| Description: | From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header." | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
cfs: denial of service
| Package(s): | cfs | CVE #(s): | CVE-2006-3123 | ||||
| Created: | August 3, 2006 | Updated: | August 9, 2006 | ||||
| Description: | The cryptographic filesystem has an integer overflow that can be used by local users to crash the encryption daemon and cause a denial of service. | ||||||
| Alerts: |
| ||||||
chmlib: missing input sanitizing
| Package(s): | chmlib | CVE #(s): | CVE-2006-3178 | ||||
| Created: | August 7, 2006 | Updated: | August 9, 2006 | ||||
| Description: | It was discovered that one of the utilities shipped with chmlib, a library for dealing with Microsoft CHM files, performs insufficient sanitizing of filenames, which might lead to directory traversal. | ||||||
| Alerts: |
| ||||||
clamav: remote code execution
| Package(s): | clamav | CVE #(s): | CVE-2006-4018 | ||||||||||||||||||||
| Created: | August 9, 2006 | Updated: | August 18, 2006 | ||||||||||||||||||||
| Description: | There is a boundary error in the clamav code used to unpack Windows PE executable files; the result could potentially allow a remote attacker to execute code on the system running clamav. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
dhcp: programming error
| Package(s): | dhcp | CVE #(s): | CVE-2006-3122 | ||||
| Created: | August 4, 2006 | Updated: | August 9, 2006 | ||||
| Description: | Justin Winschief and Andrew Steets discovered a bug in dhcp, the DHCP server for automatic IP address assignment, which causes the server to unexpectedly exit. | ||||||
| Alerts: |
| ||||||
freeradius: several vulnerabilities
| Package(s): | freeradius | CVE #(s): | CVE-2005-4745 CVE-2005-4746 | ||||||||
| Created: | August 8, 2006 | Updated: | April 24, 2007 | ||||||||
| Description: | Several remote vulnerabilities have been discovered in freeradius, a high-performance RADIUS server, which may lead to SQL injection or denial of service. | ||||||||||
| Alerts: |
| ||||||||||
gnupg: integer overflow
| Package(s): | gnupg | CVE #(s): | CVE-2006-3746 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | August 3, 2006 | Updated: | August 15, 2006 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | GnuPG has an integer overflow vulnerability. An attacker can create an overly long packet that can cause GnuPG to crash or possibly overwrite memory, causing a denial of service or possible code execution. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
krb5: local privilege escalation
| Package(s): | krb5 | CVE #(s): | CVE-2006-3083 | ||||||||||||||||||||||||||||||||||||||||
| Created: | August 9, 2006 | Updated: | July 7, 2010 | ||||||||||||||||||||||||||||||||||||||||
| Description: | Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges. | ||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||
libvncserver: authentication bypass
| Package(s): | libvncserver | CVE #(s): | CVE-2006-2450 | ||||||||||||
| Created: | August 4, 2006 | Updated: | March 19, 2007 | ||||||||||||
| Description: | LibVNCServer fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None". LibVNCServer will accept this security type, even if it is not offered by the server. | ||||||||||||||
| Alerts: |
| ||||||||||||||
pike: SQL injection
| Package(s): | pike | CVE #(s): | |||||
| Created: | August 7, 2006 | Updated: | August 9, 2006 | ||||
| Description: | Some input is not properly sanitized before being used in a SQL statement in the underlying PostgreSQL database. A remote attacker could provide malicious input to a pike program, which might result in the execution of arbitrary SQL statements. | ||||||
| Alerts: |
| ||||||
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current stable 2.6 kernel is 2.6.17.8, released on August 6. There is a fairly long list of important fixes this time around, but none with CVE (vulnerability) numbers attached.
The current 2.6 prepatch is 2.6.18-rc4, announced by Linus on
August 6. "The diffstat (and the appended shortlog)
tells the story: a lot of small fixes in various areas, mostly
drivers. Input layer, infiniband, usb, net, sound, vlb. Some cpufreq and
architecture updates. Also some audit rule improvements from Al &
Amy.
" The changes also include a new event notification mechanism
within the networking code and a function (netdev_alloc_skb()) for
allocating packet buffers in a NUMA-aware fashion. See the
long-format changelog for the details.
The current -mm tree is 2.6.18-rc3-mm2. Recent changes to -mm include the return of the CacheFS subsystem, full compact flash support in the libata code, a big x86-64 update, a number of memory management tweaks, vectored asynchronous I/O support, and a "comprehensive system accounting" patch.
Kernel development news
Quote of the week
-- Dave Jones
Some movements in the kernel community
When Linus announced the 2.6.18-rc4 release, he tossed in one extra bit of news:
He then promptly fled the scene without actually putting -rc4 up on kernel.org - an omission which Greg fixed some hours later. While kernel development will continue as always, we are likely to see rather fewer -rc releases over the next few weeks, and almost certainly no 2.6.18 final release.
Andrew Morton, meanwhile, used the 2.6.18-rc3-mm1 announcement to pass on a little news of his own:
He evidently made this change to find a working environment which better suits his habits; from the kernel development point of view, no real changes are expected.
Finally, Greg Kroah-Hartman has announced a transition in 2.6.16 support:
He will still be following the same -stable rules that are documented in the Documentation/stable_kernel_rules.txt file, but just doing this for the 2.6.16 kernel tree for a much longer time than the current stable team is willing to do (we have moved on to the 2.6.17 kernel now.)
Adrian had announced his intention to maintain this kernel for the long haul early in the 2.6.16 cycle. It will be interesting to see how this goes; fitting important patches into 2.6.16 will get harder as the mainline gets more distant. The long-term success of this project may depend on whether distributors make use of this kernel - and, as a result, help to maintain it.
The Grand Unified Flow Cache
The Grand Unified Flow Cache is one of those items which shows up as a bullet in networking summit presentations; the networking folks appear to know what it means, but they have been somewhat remiss in documenting the idea for the rest of us. This concept has returned in the context of the network channels discussion, and enough hints have been dropped to let your editor - who is not afraid to extrapolate a long way from minimal data - get a sense for what the term means. Should it be implemented, the GUFC could bring significant changes to the entire networking stack.The net channel concept requires that the kernel be able to quickly identify the destination of each packet and drop it into the proper channel. Even better would be to have a smart network adapter perform that classification as the packet arrives, taking the kernel out of that part of the loop altogether. One way of performing this classification would be to form a tuple from each packet and use that tuple as a lookup key in some sort of fast data structure. When a packet's tuple is found in this structure (the flow cache), its fate has been determined and it can be quickly shunted off to where it needs to be.
This tuple, as described by Rusty Russell, would be made up of seven parameters:
- The source IP address
- The destination IP address
- A bit indicating whether the source is local
- A bit indicating whether the destination is local
- The IP protocol number
- The source port
- The destination port
These numbers, all together, are sufficient to identify the connection to which any packet belongs. A quick lookup on an incoming packet should, thus, yield a useful destination (such as a network channel) for that packet with no further processing.
Features like netfilter mess up this pretty picture, however. Within the kernel, netfilter is set up such that every packet is fed to the appropriate chain(s). As soon as every packet has to go through a common set of hooks, the advantage of the GUFC is lost. Rusty's description of the problem is this:
So, the way around this problem would be to change the netfilter API to work better with a grand unified flow cache. Rules could be written in terms of the above tuples (with wild cards allowed), and only packets which match the tuples need pass through the (slow) netfilter path. That would allow packets which are not of interest to the filtering code to bypass the whole mechanism - and the decision could be made in a single lookup.
Often, however, a packet filtering decision can be made on the basis of the tuple itself - once a packet matches the tuple, there is no real need to evaluate it against the rule separately. So, for example, once the connection tracking code has allowed a new connection to be established, and a tuple describing that connection has been added to the cache, further filtering for that connection should not be required. If netfilter and the flow cache worked together effectively, the per-packet overhead could be avoided in many cases.
One way this might work would be to have a set of callbacks invoked for each tuple which is added to the flow cache. A module like netfilter could examine the tuple relative to the current rule set and let the kernel know if it needs to see packets matching that tuple or not. Then, packets could be directed to the appropriate filters without the need for wildcard matching in the tuple cache.
There is a small cost to all of this:
Rusty has never let this sort of obstacle stop him before, so all of this might just happen.
But probably not anytime soon. There's a long list of questions which need to be answered before a serious implementation attempt is made. Whether it would truly perform as well as people hope is one of them; these schemes can get quite a bit slower once all of the real-world details are factored in. Rule updates could be a challenge; an administrator who has just changed packet filtering rules is unlikely to wait patiently while the new rules slowly work their way into the cache. Finding a way to get the hardware to help in the classification process will not be entirely straightforward. And so on. But it would seem that there are a number of interesting ideas in this area. That is bound to lead to good stuff sooner or later.
Connecting Linux to hypervisors
Paravirtualization is the act of running a guest operating system, under control of a host system, where the guest has been ported to a virtual architecture which is almost like the hardware it is actually running on. This technique allows full guest systems to be run in a relatively efficient manner. The highest-profile free paravirtualization implementation remains Xen; on the proprietary side, VMWare has been active for a long time. Both of these efforts would like to see (at least some of) their code in the mainline kernel. The kernel developers, however, are uninterested in merging a large collection of hooks specific to any one solution.One attempt to solve this problem, proposed by VMWare, is the VMI interface. VMI works by isolating any operations which may require hypervisor intervention into a special set of function calls. The implementation of those functions is not built into the kernel; instead, the kernel, at boot time, loads a "hypervisor ROM" which provides the needed functions. The binary interface between the kernel and this loadable segment is set in stone, meaning that kernels built for today's implementations should work equally well on tomorrow's replacement. This design also allows the same binary kernel image to run under a variety of hypervisors, or, with the right ROM, in native mode on the bare hardware.
The fixed ABI and ability to load "binary blobs" into the kernel does not sit well with all kernel developers, however. It looks like another way to put proprietary code into the kernel, which is something most kernel hackers would rather support less of. Plus, as Rusty Russell put it:
For this and other reasons, VMI has not had a smooth path into the kernel so far. That has not stopped VMWare hacker Zachary Amsden from pushing for a binary blob interface recently on linux-kernel, however.
There have been rumblings for a while concerning an alternative hypervisor interface (called "paravirt_ops") under development. An early implementation of paravirt_ops was posted on August 7, making the shape of this interface clearer. In the end, paravirt_ops is yet another structure filled with function pointers, like many other operations structures used in the kernel. In this case, the operations are the various machine-specific functions that tend to require a discussion with the hypervisor. They include things like disabling interrupts, changing processor control registers, changing memory mappings, etc.
As an example, one of the members of paravirt_ops is:
void (fastcall *irq_disable)(void);
The patch also defines a little function for use by the kernel:
static inline void raw_local_irq_disable(void)
{
paravirt_ops.irq_disable();
}
As long as the kernel always uses this function to disable interrupts, it will use whatever implementation has been provided by the hypervisor which fills in paravirt_ops.
The patch includes a set of operations for native (non-virtualized systems) which causes the kernel to behave as it did before - or which will bring this about, once the remaining bugs are fixed. That kernel may be a little slower, however, since many operations which were performed by in-line assembly code are now, instead, done through an indirect function call. To mitigate the worst performance impacts, the paravirt_ops patch set includes a self-patching mechanism to fix up some of the function calls - the interrupt-related ones, in particular.
This interface may look a lot like VMI; both interfaces allow the replacement of important low-level operations with hypervisor-specific versions. The difference is that paravirt_ops is an inherently source-based interface, with no binary interface guarantees. It is assumed that this interface will change over time, as most other internal kernel interfaces do. In fact, since this is a relatively new area for kernel support, chances are that paravirt_ops will be more than usually volatile for some time. There is also, currently, no provision for loading the operations at run time, so kernels must be built to work with a specific hypervisor.
On the surface, paravirt_ops thus looks like a competitor to VMI - a choice of open, mutable kernel interfaces against binary blobs and a fixed ABI. As it happens, however, there is a diverse set of developers working on paravirt_ops, including representatives from Xen and, yes, VMWare. Some of the VMI code has found its way into the initial paravirt_ops posting. All of the large players appear to be behind this development - a fact which will greatly ease its path into the kernel.
So why are the VMWare developers still pushing for a binary interface? It would appear that they are considering the creation of a glue layer connecting paravirt_ops with the VMI binary interface. This design leaves the VMI people solely responsible for maintaining their ABI while freeing the kernel developers to mess with paravirt_ops at will. Some of the relevant developers feel more at ease with the VMI interface when it is connected this way, though there is some residual discomfort about the possibility of linking non-GPL binary hypervisor modules into the kernel.
The paravirt_ops developers would like to get their code into the 2.6.19 kernel. That schedule looks ambitious, given that the merge window is due to open in a few weeks and that, as of this writing, paravirt_ops has not yet done any time in the -mm kernel. It is, however, an option which should disappear entirely when configured out, so inclusion in 2.6.19 might not be entirely out of the question.
Code of uncertain origin
Recently, a set of patches was posted for inclusion in the mainline kernel. These patches make use of the (undocumented) "SMAPI" BIOS found in Thinkpad laptops to provide support for a number of useful Thinkpad features. It looks like it could be the sort of code that would be welcomed; improving hardware support is generally considered to be a good thing to do.There is just one little problem. The code was signed off as:
Signed-off-by: Shem Multinymous <multinymous@gmail.com>
Various developers quickly pointed out that there was little useful information here, and that code signed off by an obvious pseudonym would be difficult to trust enough to merge into the kernel. "Mr. Multinymous" argued the case for inclusion with statements like:
The author of the code remains unwilling to reveal him or herself, however, with the result that others have refused to consider the code for inclusion. The standoff might have been broken by Pavel Machek, who has offered to sign off the code. Whether that is good enough will be decided by Linus, presumably, sometime after he returns from his travels.
In the post-SCO world, it does not take a great deal of paranoia or imagination to suppose that somebody could attempt to sabotage the kernel project through the deliberate injection of illicit code. If the true nature of the code were revealed after it had been widely shipped, the result could be a great deal of trouble for kernel developers, Linux distributors, and possibly even users. So it is a good thing for the kernel developers to hold the line and not accept code from anonymous posters. The SCO episode has shown the world just how clean the kernel code base is; we would like to keep it that way.
That said, it is hard to avoid the disquieting feeling that, had this code been posted under a more normal-sounding name, it would not have been subjected to such scrutiny. Code does show up from unknown names from all parts of the world, and nobody has the resources or the desire to verify that those names belong to real people who have a legitimate right to contribute that code. For this reason, people contributing code which demonstrates deep knowledge of undocumented hardware will often be asked just how they came by that knowledge. Verifying the answer can be difficult, however. Our defenses are thin, but it is hard to see how they could be improved without killing the process entirely.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
Fedora's legacy changes
With the release of Fedora Core (FC) 6 Test 2, the Fedora project has stopped supporting FC4 and passed the baton to the Fedora Legacy project. This is as expected, but another announcement may come as a bit of a surprise. Fedora Legacy has dropped support for FC1 and FC2 and will be dropping support for Red Hat (RH) 7.3 and RH9 at the end of the year.
The Fedora Legacy project was established to backport critical security fixes to FC releases that had reached end of life so that admins did not have to upgrade on the fairly short time scales (roughly one year) that Fedora would support those releases. When the project was established, it was also providing security updates for various RH releases. After 31 December, the last two RH releases will drop off the list and Fedora Legacy will just be supporting FC3 and FC4.
That change potentially leaves many systems without a way to get security patches and will require admins to either upgrade or backport fixes on their own. It would appear that this situation is actually nothing new; the Fedora Legacy project has been slow to patch security issues with all of the releases they have supported. For example, the most recent RH7.3 patches are from 6 June and there have been several recent security issues that are presumably unpatched.
It is not just the older releases that are impacted by this, FC3 has kernel version 2.6.12 in the legacy updates, but there have been quite a few 2.6 kernel releases, some of them for security problems, that are not available for FC3. The recent Apache web server vulnerability is another that remains unpatched for any of the legacy releases.
Where does this leave users of FC4? Given the track record, it is hard to believe that Fedora Legacy will be quickly patching security issues as they arise in that distribution. Upgrading to FC5 would seem the best option for admins who do not want to maintain patches for themselves. Of course, FC5 will be moving to Legacy support in roughly six months.
Fedora Legacy is a great idea, but appears to suffer from a lack of participation from the community. Without timely updates for critical bugs, the entire FC distribution series would seem to be at risk. Yearly upgrades of systems, particularly servers, is just not possible for many admins. This could easily turn into the Achilles' heel for Fedora Core.
New Releases
Ark Linux 2006.1 released
The Ark Linux team has announced the immediate availability of Ark Linux 2006.1 and Ark Linux Live 2006.1. "There have been numerous changes since the last release. Highlights include KDE 3.5.4, the current version of X.Org and amaroK 1.4.1, and a new tool, "rpmhandler", that makes installing 3rd party packages easier than ever -- and we've fixed numerous bugs, especially in the Live version."
Freespire 1.0 released
Linspire has announced the release of "Freespire 1.0," a Linux distribution which, by virtue of including no end of proprietary drivers and applications, is not exactly free. "Freespire 1.0 offers users the ability to choose what software they want installed on their computer, with no limitations or restrictions placed on that choice. By including 3rd-party proprietary drivers, codecs and applications software, Freespire is able to provide better out-of-the-box hardware, file type and multimedia support, such as MP3, Windows Media, Real, QuickTime, Java, Flash, ATI, nVidia, fonts, WiFi, and modems."
Fedora Core 6 Test 2
The second Fedora Core 6 test release is now available, click below for the details and a discussion of the evils of software patents. The updated schedule now calls for a Test 3 release on September 11, and a final FC6 on October 9.There has been no notice to this effect (yet), but the FC6t2 release is also the expected cut-off point for Fedora Core 4 support.
LinuxFromScratch 6.2 released
The LinuxFromScratch Team has announced the release of LFS-6.2. The LFS LiveCD x86-6.2-1 is also available although UK users should be aware of a bug in the British keymap.64 Studio 0.9.1 'Toe Rag Update'
64 Studio has released a second beta of its Toe Rag release, now with an i386 version available.
Distribution News
Debian GNU/Linux adopted in the Extremadura
The councillor for Infrastructure and Technological Development has announced that within one year all the computers of the Junta of Extremadura (government of the autonomous region of Extremadura, Spain) will run Free Software office tools and gnuLinEx, the local flavour of Debian GNU/Linux 3.1.Debian Python transition status
Matthias Klose reports on the status of the Debian Python transition. Python 2.4 is in testing and will soon become the default version for etch.etch release update: freeze, RC Bug count, python, toolchain
Here's the latest release update for Debian etch, with a look at the freeze, the RC bug count the Python transition and more.MiniDebconf Colombia 2006
The first Colombian Mini-DebConf will be held at Popayan, Cauca, on August 19 and 20, 2006. ".It will be a space where the people of the Debian community of Colombia could meet together and work around the project. We'll have talks, hacklabs, some "free"-time for BSP, packaging or any other debian-related activity, and of course, recreation time, like a trip around the city in Chiva, a typical bus of the country."
Debian dak now supports ~ in version numbers
dak, the Debian archive management software, finally supports the use of the tilde ('~') in version numbers. "Given that dpkg has supported ~ in version numbers since before sarge, APT treats them fine, BTS and PTS play along, linda is aware of them, lintian will soon be (#381965), devscripts handles them as it should, and dput works..."
Fedora usability is born
The Fedora Usability project has been announced. The project aims to provide coherence and accessibility for all people using Fedora Core and its associated resources.Fedora Core 4 Transferred to Fedora Legacy
Maintenance of Fedora Core 4 has been transfered to the Fedora Legacy project. Fedora Legacy has previously announced an end-of-life for Fedora Core 1 and 2, and Red Hat Linux 7.3 and 9.Gentoo Linux celebrates third Bugday Anniversary - with a living penguin
Gentoo Linux is celebrating the third anniversary of its Bugday initiative on Saturday, August 5, with a number of contests and prizes. "A devoted Gentoo member sponsored a one-year adoption of a Chilean penguin under the care of the International Penguin Conservation Work Group. The winner not only gets to name the bird, but he (or she) will also receive information and pictures on a regular basis."
New Distributions
Dreamlinux
Dreamlinux comes from Brazil and aims to be a light, modern and functional free OS that runs as a live CD or installed to a hard drive. Dreamlinux Works edition includes plenty of desktop applications. The XGL Edition is still in the experimental stage and it provides additional eye candy for people with Nvidia cards. It comes with the XFCE desktop environment. The MkDistro tool is included to help people create their own specialized distribution. (Thanks to Leonardo)Sectoo Linux
Sectoo Linux is a live CD based on Gentoo, with tools related to network security. It does port scanning, packet sniffing, OS fingerprinting, intrusion detection, and much more. A pre-alpha version was released August 4, 2006.Linux router distro available as bootable CF image (LinuxDevices)
LinuxDevices introduces the ZeroShell Net Services distribution. "Italian developer Fulvio Ricciardi has produced a GPL-licensed x86 Linux router distribution available as a live CD or bootable CompactFlash (512MB) image. The ZeroShell Net Services distribution includes a Web-based configuration interface, and can provide "the main network services a LAN requires," Ricciardi says."
Distribution Newsletters
Debian Weekly News
The Debian Weekly News for August 8, 2006 looks at erroneous search results in the Pike package (and others), new SPI Board Officers elected, Debian Architectures Statistics, a new Information Media for users, Bits from the Stable Release Team, Debian adopted in the Extremadura, and several other topics.Fedora Weekly News Issue 58
This edition of the Fedora Weekly News covers fedoraproject.org wiki outages, the updated Fedora Core 6 Schedule, a Red Hat Survey for the Fedora Community, no country orders for OLPC laptops, What Is Fedora's Prime Directive?, Fedora wants to draw in women, and several other topics.Gentoo Weekly Newsletter
The Gentoo Weekly Newsletter for August 7, 2006 covers the Adopt a developer project, PowerPC CELL support, PDA/KDE/Ruby recruiting, and several other topics.Ubuntu Weekly Newsletter Issue #8
The Ubuntu Weekly Newsletter covering July 23 - August 5, 2006 is out. This edition covers the Behind Ubuntu interview with Jani Monoses, The Fridge, plugged in again and humming along, California sees an Ubuntu billboard, Ubuntu wins on security, Ubuntu article featured on Wikipedia, Educating on Ubuntu: The Ubuntu Classroom launches and The MOTU School teaches bugs and patching, An update on Google Summer of Code, and more.DistroWatch Weekly, Issue 163
The DistroWatch Weekly for August 7, 2006 is out. "The Linux world is starting to heat up again after a brief break - following the first beta release of Mandriva 2007 and KDE 3.5.4 last week, a new test release of Fedora Core 6 will be out today and the third alpha build of openSUSE should appear on the download mirrors on Thursday. Besides the usual news round-up, a short article takes a look at the current status of Linux in the countries and territories of the South Pacific. Finally, with this being the first issue of DistroWatch Weekly of the new month, we are pleased to announce that the July 2006 DistroWatch donation of US$500 goes to the Blender Foundation."
Package updates
Fedora updates
Updates for Fedora Core 5: gnome-icon-theme (bug fix), gimp (bug fix), sed (bug fix), ftp (bug fix), ypbind (bug fix), pam (rebuild for FC5 - ainit back), mtools (bug fix).Updates for Fedora Core 4: sed (bug fix).
rPath updates
Updates for rPath Linux 1: conary, conary-build, conary-repository (Conary 1.0.26 maintenance release), PIL (works with freetype), vconfig (move to /sbin), vsftpd (depend on the "nobody" user), conary, conary-build, conary-repository (Conary 1.0.27 maintenance release).Slackware updates
There have been many changes to Slackware-current this week. Bugs fixed, packages upgraded, and so on. KDE 3.5.4 is in, as is Firefox 1.5.0.6 and Seamonkey 1.0.4. The linux-2.6.17.8 kernel packages are in testing. See the change log for complete details.Trustix update
Various bugs have been fixed in cpplus, perl-dbd-mysql and perl-dbd-pg for TSL 2.2 & 3.0.Ubuntu updates
Updates for Ubuntu 6.06: ia32-libs-gtk 16.1, nautilus 2.14.3-0ubuntu1, gnome-screensaver 2.14.3-0ubuntu1, kubuntu-docs 6.06-12, cupsys 1.2.2-0ubuntu0.6.06, language-selector 0.1.20.1, base-files 3.1.9ubuntu7.1, openoffice.org 2.0.3-4dapper2, ubiquity 1.0.15, openoffice.org-amd64 2.0.3-4dapper2-1, pango1.0 1.12.3-0ubuntu2, gst-plugins-base0.10 0.10.7-0ubuntu5, language-pack-gnome-es-base 1:6.06+20060725.1, language-pack-es-base 1:6.06+20060725.1, language-pack-kde-es-base 1:6.06+20060725.1, ubuntu-meta 0.120, pango1.0 1.12.3-0ubuntu3, ia32-libs-gtk 16.2, app-install-data-commercial 5, matplotlib 0.82-5ubuntu2.1, ubiquity 1.0.16, gfxboot-theme-ubuntu 0.1.27, kubuntu-meta 0.86, edubuntu-meta 0.81, ubiquity 1.0.17, debian-installer-utils 1.22ubuntu10, debian-installer 20051026ubuntu36.6.
Newsletters and articles of interest
Building a Desktop Firewall (O'ReillyNet)
Dru Lavigne covers a quick firewall for your FreeBSD system. "Everyone knows that you should be behind a firewall whenever you go online. However, not everyone knows that it's easy to create a personal firewall for a FreeBSD (or PC-BSD or DesktopBSD) system. This article shows how even a casual home user can get a firewall up and running in about ten minutes. Like all of the BSDs, FreeBSD has always been security conscious. It offers several built-in firewalls to choose from: ipfw, ipf, and pf. I use pf because it is built into all of the BSDs, including OpenBSD, NetBSD, and DragonFly BSD."
Novell removes proprietary software from its Linux distribution (Techwack.com)
Techwack.com covers Novell's new policy of removing proprietary software from its Linux distributions. "This is to prevent any legal hassles for their users and corporate customers. The company recently launched SuSE Linux Enterprise 10 server and desktop under the GNU General Public License and they are prohibiting Linux distributors from shipping the open-source operating system with proprietary software that hooks to the Linux kernel. These applications usually are proprietary drivers used to run video cards, sound cards, printers or other devices."
Distribution reviews
PCLinuxOS 0.93a MiniMe (TuxMachines)
TuxMachines reviews PCLinuxOS 0.93a MiniMe. "New graphics, a great new kernel, and lots and lots of updates equal a wonderful offering. The first new aspect noticed is the boot screen. PCLinuxOS now uses grub to feature many new boot options. One of these is the copy2ram feature where it copies the cd to memory and runs from there. You can pull the cd out of the drive and continue to use the computer. It runs very fast from memory because it doen't have to access the cd anymore."
Page editor: Rebecca Sobol
Development
Season of KDE fosters young students, Part Two
The first five student projects in the Season of KDE coding effort were explored in part one (subscription required) of this two-part series. We look at the final ten projects in this article.
Hugo Parente Lima's database modeler (mentored by Jaroslaw Staniek)
For all its components, KOffice (and KDE) lack a database modeler. Applications such as the open source DBDesigner render visual representations to help users maintain their expansive databases. Lima is targeting his implementation at KDE and Qt 4, which have tools and optimizations well suited for such modeling. His work will consist of developing the underlying logic for mapping the database, a KDE interface for the program, and a plugin architecture to offer extensibility and future support for diverse databases.
Mentor Jaroslaw Staniek has suggested that Lima focus his efforts on improving existing software such as Umbello or Staniek's own Kexi. A final decision has not yet been made, but Lima reported to me that: "I analyzed the Umbrello support to ER diagrams... my conclusion is that Umbrello is for UML and not for database design, nor has it the functionality to handle databases. Making a tool specialized to handle databases give me much more freedom that I do not have in a UML editor." For the moment, Lima can be expected to continue developing his independent project: "So... against the majority, but respecting the opinion of the majority, I'll continue to develop the project." Code already exists in the KDE SVN repository and Lima hopes for a stable version within two months. Staniek maintains that due to the short time frame for development (one season), his code is more likely to be integrated into an existing application.
Lima is a student at the Universidade Federal de Campina Grande in Brazil, noted for its focus on technology and computer science. He began his project before the Summer of Code, and had intended to continue it with or without support from either Google or KDE. He is the creator of KNetStats, part of the kdeextragear module, and several other unpublished projects developed with the KDE framework. When asked when his project might be finished, Lima offered a wise philosophy of software development: "a finished version... never! Finished applications are applications that no one uses, it's like asking what's the final version of KDE ;-)"
Marcin Przylucki's mobile:/ KIOslave (mentored by Stephan Kulow and Marco Gulino)
Today's mobile phones present problems for desktop users similar to those that PDAs once did: there are several different access protocols and no unified way to get data on to all of them. The Kandy and KitchenSync Kontact components are addressing synchronization of calendars, address books, and other information with mobile phones, but users still may want direct access to their mobile phone's filesystem.
Currently, users must figure out which of several protocols their phone uses and pray that it is one of those which KDE has support for. Like other directory protocols, mobile phones can be accessed through KIO-Slaves by any KDE application. KIO-Slaves exist for everything from network file-sharing protocols like NTFS, Samba, FTP, and even HTTP, to specialized slaves that format man pages and audio CDs for easy browsing. KIO-Slaves can already be used with some Bluetooth phones, but those with other models may need to use Gammu, moto4lin, or SieFS. Przylucki will try to unify all these protocols, and ones that don't currently work with Linux, into a single "mobile://" KIO-slave.
Przylucki will work with two mentors on her project. Marco Gulino, creator of related application KMobileTools, should be invaluable in helping with protocol support. KMobileTools already works with a few dozen phones, and has a user friendly interface for checking voice and text messages, addresses, and phone status. Stephen Kulow was among the original KDE developers and remains an integral part of the core team. His work in SVN maintenance, mailing list moderation, and code porting leaves his footprint on nearly ever part of KDE.
Klaus Rieger's See-By-Touch integration (mentored by Olaf Jan Schmidt)
SeeByTouch is an evolved form of the virtual tactile display developed at the University of Heidelberg, which allows blind users to "feel" images via a matrix of braille-cells. The project's hardware and software were open-sourced in 2004, and have since been further developed by Rieger. He presented SeeByTouch at the Unix Accessibility Forum in 2004. His modern SeeByTouch device weighs under a kilogram, is collapsable to the size of a book, and is affordable. Rieger also notes educational uses for the tool, such as letting children feel graphs to better understand them.
Accessibility continues to receive strong focus from both KDE and Qt developers. There is an established KDE Accessibility team which works to keep all applications in the desktop usable by those with impaired vision, hearing, and dexterity who may not be able to read text, hear audible alerts, or operate a mouse as other users would. To that end, both separate applications and integrated features have been developed for KDE and Qt. Mentor Olaf Jan Schmidt is a longstanding member of both the KDE Usability and Accessibility teams. Integrating SeeByTouch in KDE will involve creating a KControl configuration module for the system, making it available to all KDE applications as a KPart, and improving language support.
Rieger, a student at the Universität Mannheim in Germany, is the ideal student for a SeeByTouch integration project, having been heavily involved with the technology for several years. Though many people's efforts were harnessed in the evolution of SeeByTouch, he is the only registered developer on the project's SourceForge site (founded in February, 2004), where software source code and hardware schematics are available. He has ported SeeByTouch to seven different languages, fourteen different operating systems, and added important features such as zooming. Rieger reported to me that he has familiarized himself with KDE development and that he is on track to meet Season of KDE project deadlines.
Rafael Rodriguez's PDF optimization (mentored by Albert Astals Cid)
In his Summer of Code application, Rodriguez describes poppler, the PDF rendering library used in KPDF and the forthcoming Okular (due for release as part of KDE 4), and laments that both of these overlying applications lag in rendering patterns within PDFs due to a deficiency in poppler. Rodriguez intends to mend poppler according to Adobe's PDF specification (PDF) (section 4.6) in order to optimize its rendering of patterns.
Rodriguez outlines a four step process for completing his project: researching, hacking poppler, hacking okular and KPDF for compatibility, and then testing. Rodriguez reported to me that he has more or less finished his research and begun experimenting with the poppler code. He suspects that he may have the project finished as early as August, though no developer could be expected to promise such haste. Project mentor Albert Astals, KPDF maintainer, reminds me that Rodriguez's work will not strictly be in aid of KDE, but also other applications which rely on poppler such as evince.
As a member of the KDE Spanish translation team and a computer science major at Universitat Politècnica de Catalunya in Barcelona, Rodriguez has experience with both KDE and general software development. Rodriguez notes a possible reason for the rejection of his Summer of Code application, "I had to prepare my application in just a couple of hours because I was getting on a plane the next morning", and goes on to praise the Season of KDE for giving him an opportunity to become involved with KDE development. "I was thinking of getting involved in my beloved KDE project this summer since I've got some free time to spend. Getting support from them in the form of Albert Astals is a plus."
Daniel Calviño Sánchez's Umbrello field ordering (mentored by Jonathan Riddell)
Hugo Parente Lima chose not to build upon the KDE UML modeler Umbrello for his database modeler project, but Sánchez opted to do the exact opposite. UML is an open specification for modeling systems created in 1997 and now in version 2.0, widely used in business, engineering, and software design. UML models can be visualized as diagrams to help modelers organize and understand very complex systems. Wikipedia has an example diagram displaying the thirteen possible types of UML diagrams in their respective categories. Umbrello is a respected competitor in the UML modeler field, but Sánchez looks to improve upon it by adding support for automatic field ordering
Adding a field sorting feature involves more complex tasks than one might expect. Sánchez must first look over Umbrello's code and decide where and how his addition will fit, something made easier by Umbrello's UML model of it's source classes. Sánchez's feature must be very flexible so that users may order their fields by regexp, common parameters, or any other criteria that may arise. His Season of KDE page discusses the complexities of this and arrives at the following solution: a dialog-based frontend to configure the most common uses of a custom-designed scripting language, which can be edited directly if necessary. Sánchez also plans to provide both user and developer documentation for his code, including UML diagrams.
When I spoke with Sánchez, a student at the Computer Science School at the University of Oviedo in Spain, he had begun designing the syntax for his scripting language. He is hoping for a usable version in October and a completed, user-friendly version in November. Sánchez has experience in bug-fixing with Umbrello and is already working on KDE GUI development for a school project. His work should help to improve KDE's already robust suite of developer tools, and make the desktop even more attractive to business users.
Luke Alan Sandell's universal "push content" for KMail (mentored by Till Adam)
In his Season of KDE page, Sandell describes "Push content" as content routinely downloaded from a remote server and presented to the user as a communique - specifically email, Usenet posts, and newsfeed updates. All this content is fundamentally the same: a message. KDE currently manages each of them in separate and redundant applications (KMail for email, KNode for Usenet, and Akregator for newsfeeds). Sandell planned to use KMail as a base for combining the three push content readers because it has support for multiple accounts, although time constraints have forced him to leave newsfeed support for another time.
Such integration is not an entirely new concept. Projects outside of KDE, such as Mozilla Thunderbird already support all three communication formats, and KDE personal information management (PIM) frontend Kontact already offers access to KDE's three push content applications from one interface via KParts. An improved KMail is nonetheless necessary, as Sandell explains, "Because of the similarity in functionality between KMail, KNode, and Akregator, it makes sense to merge them into a single application. Kontact does this somewhat inadequately by allowing the user to quickly switch back and forth between the three applications' respective KParts, but this is disorienting and also results in an inconsistent user interface."
Sandell will begin by increasing KDE modularity by creating a KTrader service type to allow KMail, and other KDE applications, to access account data. Users will then be able to create separate KMail accounts for Usenet and Mail, whose content will be stored in separate locations. Only minor UI changes to KMail will be necessary to support the new content types, and code from KNode will be used to implement the new protocols. Sandell's code will be built against KDE 4, making use of new Qt 4 interface technologies and the KDE PIM storage solution Akonadi.
When I contacted Sandell he had yet to begin work on the project, citing a new job working on database software as the hold up. Nonetheless, he expects to have the project done on time now that he is settled in at his new position. He will be aided by experience developing an improved icon selection dialog and a resources KIO-slave for KDE. Sandell will be graduating from Appalachian State University in August. Mentoring him will be KMail developer Till Adam, who has worked with the project since 2003.
David Sansome's Wine integration (mentored by Kevin Krammer)
Unix users have been using Wine to run Windows programs for years, and it has proved an excellent tool for easing Windows switchers into Linux-based operating systems. Unfortunately, Wine configuration and use has always proved a barrier for inexperienced users - one of the largest audiences for the software. Several distributions have done their own Wine integration, but David Sansome intends to add support for Wine into KDE itself, to benefit users of all distributions. Visit Sansome's project proposal for very detailed information about himself, his goals, and Wine as it stands now.
Wine integration consists chiefly of two things: a KControl module for Wine configuration and KDE-wide support for recognizing and launching Windows executables. The KControl module will allow users to configure Wine settings such as the pseudo "Program Files" directory for installed applications and mapped storage drives. Hopefully, many of these options will be automatically configured using information from KDE technologies like Solid and basic assumptions about KDE users. Support for Windows executables will require specifying a MIME type that defaults to opening EXE files with Wine, a KFileMetaInfo plugin to let KDE applications recognize meta information stored in EXEs such as version number, improvements to Konqueror so that it displays Windows program icons, and Konqueror context menu entries for per-application configuration of Windows programs. Sansome expects working code for all of these tasks in just a few weeks, with intense testing to follow.
Sansome's project will involve patching and developing plugins for several different KDE applications and libraries, and making sure that each part of his project is of high enough quality to be accepted into KDE and contribute towards complete integration. Fortunately, Sansome has extensive experience with KDE development, integration, and Windows support. He is the creator of the widely-popular Gtk-Qt theme engine which visually integrates Gnome and Gtk applications with KDE, has ported several Windows screensavers that are now included with KDE, and has written code for the Qt frontend to Autopackage. Mentor Kevin Krammer is also an experienced Qt and KDE developer. The pair's work will no doubt ease Linux migration for users in years to come.
Carlo Segato's Phonon integration for Kopete (mentored by Matt Rogers and Matthias Kretz)
As instant messaging becomes more and more entwined with multimedia, via voice and video communication, KDE is eager to make the use of these features easy for its users. Reverse engineering of closed AOL, Yahoo, and Microsoft protocols to support their networks has proved rather difficult, but using existing KDE technologies to support A/V hardware ought to be rather simple. Segato is working to combine Kopete, the KDE universal instant messenger, with Phonon, KDE 4's universal multimedia framework API.
Segato will be focusing on the new Jingle plugin for Kopete, which is an extension to the open Jabber IM protocol. Jingle adds A/V communication support to Jabber, a protocol used by Kopete since 2002. Phonon is the new multimedia API for KDE 4, which will give all KDE applications easy access to A/V input and output hardware via any of a number of existing multimedia frameworks. In order to add Jingle support to Kopete, Segato will need to implement a Jingle plugin (or improve the existing Jabber plugin) for Kopete, add configuration to the Kopete A/V settings module, and improve any deficiencies in the still-evolving Phonon.
Despite experience with C++ and Qt coding, Segato will find help from mentors Kretz and Rogers invaluable. Kretz is the designer of Phonon, first released only a few months ago. Kretz will surely be watching Segato's work carefully, as his brainchild is put to the test in one of its first application uses. Rogers is the lead developer of Kopete as well as the OSCAR (AIM/ICQ) plugin maintainer.
Dusan Stefanovic's K3b lite, simplified disc burning (mentored by Sebastian Trueg)
As a major improvement to an existing and widely used application, K3b Lite is perhaps the Season of KDE's most visible project. K3b, "The CD and DVD Kreator", is among KDE's most revered applications, often compared favorably to commercial competitors in terms of both power and ease of use. It is undeniable, however, that some inexperienced users may find the K3b interface daunting. The Lite project aims to create a wizard interface that will guide users step-by-step through selecting a disc type (audio, data, etc.), selecting files, and burning the disc. The wizard will be integrated into K3b itself so that users may switch back and forth between the advanced and simplified interfaces.
Stefanovic's mockup of the wizard is the most descriptive possible summary of the project. His placeholder design is not very pretty, but at the project's end one can expect the sort of attractive graphics K3b is known for. The wizard not only directs the user as to the steps in burning a disc, but also has plenty of help text along the way to explain foreign terms like "mixed mode". Unless significant changes are made to the mockup, it will be necessary to use the main interface for video disc (VCD, eMovix) burning which may entail advanced K3b tasks such as video encoding. It will also be necessary to drop back to the K3b interface for other tasks or options that should not be presented to inexperienced users, like hardware setup and CD/DVD ripping. Stefanovic promises extensive developer and user documentation of the wizard.
Mentor Sebastian Trueg is K3b's lead developer and maintainer, one of the Season organizers, and a growing influence in the KDE project as a whole. Stefanovic, a student at the The Faculty of Mathematics, University of Belgrade Computer Science Department, has a demanding task in familiarizing himself in libk3b, but Trueg can lend his intimate understanding.
Sheng Yang's KNotes improvement (mentored by Michael Brade)
Knotes is a venerable application which has found an important place in KDE as a component of Kontact, the KDE PIM suite. Yang's application to support hierarchical notes and relationships in KNotes was passed over by Google, but there was enough encouragement among Kontact users and developers for him to revive the project in the Season of KDE.
In order to modernize KNotes, support for categorization and organization of notes will be added. The simplest way to do this is to simply allow users to tag notes as "Personal", "Business", etc., or any combination thereof. A potential hurdle is Palm synchronization, which may limit the possible number of categories to sixteen, and rule out features such as sub-categories. Yang, a Materials Processing and Control student at Huazhong University in China, plans to make the categories accessible via a menu and configurable via a separate dialog. He speculates that the three months the Season of KDE offers him will be more than enough time, although he must balance the project with an internship at Oak Pacific in Beijing.
Both Yang and Mentor Michael Brade, KNotes maintainer, described progress on the project to me as favorable. Yang expects a usable version in early September. Some work will be necessary to finish porting KNotes to KDE 4, since it was decided that Yang would focus on the upcoming platform, but both agreed that the project will likely be completed on time and the Code will be accepted into KDE in November. Brade offered to mentor three Summer of Code projects, all of which were not accepted. Yang's is the only of the three active in the Season of KDE.
Getting yourself involved
These students have taken a unique path to becoming KDE developers, but the road is open to all. Anyone with some spare time will be welcomed into the fold at KDE, whether as a developer, artist, writer, tester, or simply a user. Visit the How to Help page for general information on joining the team. If you're considering writing code, you'll find plenty of documentation designed for those at any skill level. If you're anxious to begin hacking, try solving a few Junior Job bug reports targeted at new KDE developers. If you'd like a more casual position, try submitting some of your work for peer review at KDE-Apps or KDE-Look. If you have some OpenGL experience, donate it to the new compositing engine for KWin.
One would have to wait a few months to find out, but I doubt that any of the Season of KDE participants will end their projects in poor spirits - not a given, considering that they recently lost out on $4,500. They have all found kind and knowledgeable mentors and an easy to use, advanced, and professional development environment forged by the hundreds of KDE contributors that came before them. They might not all finish their projects before the season's end, not all of their code will be accepted into KDE, and not all of them will stick with open source or KDE programming, but it's hard to find any negatives when young people are being accepted into a charitable community and encouraged to learn.
System Applications
Audio Projects
Rivendell v0.9.70 announced
Version 0.9.70 of Rivendell, an automation system for radio stations, is available. Changes include a new PAM Authentication Module, Play-While-Recording and Play-While-Importing capabilities and bug fixes.
Clusters and Grids
A plan for implementing TUNES
Michael Fig is assembling a project based on TUNES, a Free Reflective Computing System. "I am a professional project manager and cybernetician. I have been studying TUNES (http://www.tunes.org/) for several years, and have come up with a project plan to accomplish it. I am running it past you to see what you think, but honestly, I will work on it whether you want to cooperate or not, as is my freedom with free software. However, I would be happier if you joined me."
Database Software
MySQL 5.0.24 has been released
Version 5.0.24 of the MySQL DBMS is available. "This is a bugfix release for the current production release family."
Device Drivers
Free Intel i965 graphics drivers released
Intel has announced the first release of a set of free drivers - 2D and 3D - for the Intel i965 graphics chipset. "This release represents the start of a long term effort by Intel to work with the X.org and Mesa communities to continuously improve and enhance the drivers. While these drivers represent significant work at both Tungsten Graphics and Intel, as our first release of this code, they're still in need of significant testing, tuning and bug fixing before they'll be ready for production use."
Interoperability
Samba 3.0.23b released
Version 3.0.23b of Samba has been released. "The Samba Team is pleased to announce the general availability of Samba 3.0.23b. This is the latest stable release of Samba. This is the version that production Samba servers should be running for all current bug-fixes. Please read the changes in the Release Notes for details on new features and difference in behavior from previous releases."
LDAP Software
Demystifying LDAP (O'Reilly)
Brian K. Jones looks at LDAP, the Lightweight Directory Access Protocol, on O'Reilly. "If you've been struggling to understand what LDAP is and how it can be useful to you without picking up a 1,000-page tome, look no further. LDAP is great for some problems, pretty good for some others, and completely inappropriate for yet another batch of problems. In this first part of a series on understanding just what LDAP is, I hope I can help make LDAP easier to deal with by explaining, in English, what LDAP is and what it is good at. After that, looking at the data and writing code will be much easier."
Security
Sussen 0.27 announced
Version 0.27 of Sussen, a security and configuration file scanner, is available, it features bug fixes.
Web Site Development
Midgard 1.8beta1 released
Version 1.8beta1 of the Midgard web development platform is available. "The Midgard Project has released the first beta release version for the upcoming 1.8 stable branch of the Midgard Open Source Content Management System. Midgard's 1.8 branch focus on improved stability for Midgard2 technology preview features introduced in 1.7 branch. First beta release is fully customizable and installable release adressed for developers and users who want to use Midgard environment on testing and even semi-production servers."
Mod_python 3.2.10 released
Version 3.2.10 of Mod_python, the Apache Python integration suite, is out. The Changes from Version 3.2.8 document details what's new in this version.
Desktop Applications
Audio Applications
eSpeak 1.11 released
Version 1.11 of eSpeak, a text to speech application (recently covered here on LWN.net), is out. Changes include new SSML (Speak Synthesis Markup Language) support, Afrikaans language support, more preliminary work on several new languages, improvements to the English languages variants, and more.swh-plugins 0.4.15 announced
Version 0.4.15 of swh-plugins, the SWH LADSPA plugins package, is out with numerous bug fixes. "Hopefully this will be the last LADSPA flavoured release of these plugins as they are now nearly all working in LV2. I will be concentrating any further improvments on the LV2 versions, and only backporting major bugfixes."
CAD
Thirty-fourth release of PythonCAD is available
Version 34 of PythonCAD is out. "The thirty-fourth release builds on the graphics improvements from the previous release. A number of small optimizations again reduce unneeded screen redraws, and a variety of redraw issues have been corrected. The newest PythonCAD release is the first release using Cairo graphics routines for entity drawing. If the Cairo routines are not available on the system then the existing GDK routines will be used, so only people running PythonCAD on recent PyGTK/GTK+ releases will see the change. The latest release includes the new ability to rotate objects around an arbitrary point in addition to the entity display improvements. Finally, a variety of other bug fixes and code improvements are included in the release."
Calendar Software
pcal 4.10.0 and lcal 2.0.0 announced
New versions of pcal and lcal, calendar and lunar calendar applications with PostScript and html output, are out. "Changes (to pcal) include support for new languages (Danish, Dutch, Polish, and Romanian), improved compilation in certain Cygwin and Solaris environments, various bug fixes, and other minor improvements." ""
Desktop Environments
Desktop entry specification 1.0
A proposed 1.0 version of the desktop entry specification has been posted. This document describes how .desktop files are to be formatted for use by both the GNOME and KDE systems. A lot of issues have been addressed, but it is not clear that the security concerns (covered on LWN last April) have been dealt with.GNOME 2.14.3 Released
GNOME 2.14.3 has been announced. "The latest stable release of GNOME is here: GNOME 2.14.3! This is the final release in a series of point releases for the 2.14 branch. Come and see all the bug fixing, all the new translations and all the updated documentation brought to you by the wonderful team of GNOME contributors! While development is blazing ahead on the Gnome 2.15/2.16 road, with 2.16.0 not far around the corner, work on the stable branch has continued to make it even more solid."
GARNOME "Rock Solid" 2.14.3 announced
Version 2.14.3 of GARNOME, the bleeding edge GNOME distribution, is out. "We are pleased to announce the release of GARNOME 2.14.3. This release incorporates the GNOME 2.14.3 Desktop and Developer Platform (the final release in the stable 2.14 series), fine-tuned and updated with love by the GARNOME Team. As usual it includes updates and fixes after the official GNOME freeze, together with a host of third-party GNOME packages, Bindings and the Mono(tm) Platform -- this release irons out yet-more bugs, hopefully adds yet-more stability and ships with the latest and greatest stable releases."
New module decisions for GNOME 2.16 (GnomeDesktop)
GnomeDesktop.org covers the latest module decisions for GNOME 2.16. "Elijah Newren wrote: "The release team has completed its second meeting to try to finish the new module decisions. And, after all the long threads on d-d-l (mailing list) and the many discussions amongst ourselves trying to determine community consensus, we finally have the decisions..."" See the development list discussion for details.
Deprecation of libgnomeprint(ui)
libgnomeprint and libgnomeprintui are being deprecated. "The libgnomeprint and libgnomeprintui modules are now marked as upcoming deprecatings in the desktop release suite. We hope to get them out of the suite as soon as possible, and 2.18.0 sounds like a nice deadline :-)"
GNOME Software Announcements
The following new GNOME software has been announced this week:- cairo 1.2.2 (bug fixes)
- Conduit 0.1.0 (initial release)
- Dasher 4.1.9 (bug fixes)
- Deskbar-Applet 2.15.91 (bug fixes and translation work)
- Evince 0.5.5 (new features, bug fixes and translation work)
- Eye of GNOME 2.15.91
- gcalctool v5.8.20 (translation work)
- GDM2 2.15.9 (unstable development release)
- GNOME Games 2.15.6 (bug fixes and translation work)
- GNOME Nettool 2.15.91 (bug fixes and translation work)
- GNOME Power Manager 2.15.91 (bug fixes)
- gnome-speech 0.4.3 (bug fix)
- Gnome-utils 2.15.91 (new features, bug fixes and translation work)
- GNOME Utilities 2.15.92 (bug fixes)
- gnubiff 2.2.2 (new features, bug fixes and translation work)
- Gossip 0.14 (bug fixes and translation work)
- GQ LDAP client 1.0.1 (new features and bug fixes)
- GQ LDAP client 1.1.0 (unstable development release)
- Gtk2-Perl 2.15.91 (bug fixes)
- gtkmm 2.9.10 (bug fixes, example improvements and documentation work)
- Mathusalem 0.0.2 (new features and bug fixes)
- Memprof 0.6 (new features, bug fixes and translation work)
- Metacity 2.15.21 (bug fixes)
- orca 0.2.8 (new features and bug fixes)
- Pango 1.14.0 (new features and bug fixes)
- PCMan File Manager (new release)
- PyGObject 2.11.1 (new features, bug fixes and documentation work)
- PyGObject 2.11.2 (new features and bug fixes)
- PyGTK 2.9.4 (unstable development release)
- PyGTK 2.9.5 (unstable development release)
- PyGTK 2.9.6 (unstable development release)
- Vala 0.0.2 (new features and bug fixes)
- Yelp 2.15.91 (bug fixes and translation work)
- Zenity 2.15.91 (translation work)
KDE Software Announcements
The following new KDE software has been announced this week:- Address List 0.1 (initial release)
- DeliK 0.3.3 (new features and bug fixes)
- Dolphin File Manager 0.6.1 (new features and bug fixes)
- K3b 1.0 Preview 1 (preview release)
- knoda 0.8.2-test2 (new features and bug fixes)
- KonsoleLock 0.1 (initial release)
- KTorrent 2.0 (new features)
- KTU 0.0.2 (new features and translation work)
- Kwine 0.1 (initial release)
- kX Generator 0.3.2 (new feature and bug fix)
- Media Tag Tools 0.2 (new features and bug fixes)
- mrclean 0.1 (initial release)
- Perl Audio Converter 3.2.1 (translation work)
- Piklab 0.10 (new features and bug fixes)
- QtiPlot 0.8.6-2 (new features and bug fixes)
- smblansearch 0.1b (unspecified)
- Umbrello UML Modeller 1.5.4 (bug fixes)
- WorKflow 0.1 (initial release)
- WorKflow-Kate 0.1 (initial release)
KDE 3.5.4 VMware Image Available (KDE.News)
KDE.News has announced the availability of a VMware Player image of KDE 3.5.4 with KOffice 1.5.2 running on SUSE Linux 10.1.KDE Commit-Digest (KDE.News)
The August 6, 2006 edition of the KDE Commit-Digest has been announced. "In this week's KDE Commit-Digest: Support for PostScript page deletion and editing of metadata in KViewShell, and for using a SQL backend with KPhotoAlbum (feature derived from KexiDB). Strigi gets support for inotify. Plasmagik, an application to assist developers in making "Plasmoids" (Plasma applets), is imported into KDE SVN. Rendering development work continues in the Unity web rendering engine. Work stars on a "Magnetic Outline Selection" tool for Krita."
Fonts and Images
Libertine Open Fonts Project releases version 2.1.0
Progress on the Libertine Open Fonts Project continues with the release of version 2.1.0. "Letters and fonts have two charakteristics: On the one hand they are basic elements of communication and fundament of our culture, on the other hand they are cultural goods and artcraft. You are able to see just the first aspect, but when it comes to software you'll see copyrights and patents even on the most elementary fonts. Therefore we want to give you an alternative: This is why we founded The Libertine Open Fonts Project." (Thanks to Philipp Poll.)
Games
Polyform Puzzler
David J. Goodger has announced the Polyform Puzzler project. "Polyform Puzzler is a software toolkit for exploring & solving polyform puzzles, like Pentominoes and Soma Cubes. It consists of a set of front-end applications for specific polyform puzzles and a Python library that does the heavy lifting. New polyforms and new puzzles can easily be defined and added."
StepMania 4.0 CVS 20060729 released (SourceForge)
Version 4.0 CVS 20060729 of StepMania has been announced. "This is a new release of StepMania, a music/rhythm game. The player presses different buttons in time to the music and to note patterns that scroll across the screen. Features 3D graphics, visualizations, support for gamepads/dance pads, a step recording mode, and more!"
Graphics
DANCE v072506 released
Version 072506 of DANCE, the Dynamic Animation and Control Environment, has been announced. DANCE is a plug-in based software package for physics-based character animation. "ODE simulation with control is now very stable and can run in real time. Several other enhancements such as collisions through capsules, props, and user interface improvements. It is recommended to update your DANCE sof[t]ware to this version."
GUI Packages
wxWidgets 2.7.0 released
Version 2.7.0 of wxWidgets, a cross-platform C++ GUI application framework, has been announced. "This is the first version in the new 2.7 series. Please notice that this series is called "development" and not "stable" solely because compatibility is not assured among between different 2.7 series versions but there are no known issues with the stability of the programs using this version."
Mail Clients
Mozilla Thunderbird 1.5.0.5 Released (MozillaZine)
Version 1.5.0.5 of Mozilla Thunderbird has been announced. "Mozilla Thunderbird 1.5.0.5 was made available for download late last week. Much like the release of Mozilla Firefox 1.5.0.5, this is a minor update to improve stability and security. More information is available in the Mozilla Thunderbird 1.5.0.5 Release Notes with the Thunderbird 1.5.0.5 section of the known vulnerabilities page detailing the security issues fixed in this version."
Mozilla Thunderbird 2 Alpha 1 Available for Testing (MozillaZine)
Version 2 Alpha 1 of Mozilla Thunderbird has been released. "Lead Mozilla Thunderbird developer Scott MacGregor writes in with news of the release of Mozilla Thunderbird 2 Alpha 1: "The Thunderbird 2 Alpha is now available. This alpha release is intended for developers and testers. It is focused on collecting feedback for several new features including: message tags, folder views, a new Windows installer, and a new mail alert notification. See the Thunderbird 2 Alpha Release Notes or the discussion thread for more information. Thunderbird 2 is scheduled for release late fall 2006.""
Web Browsers
Mozilla Firefox 1.5.0.6 Released
Version 1.5.0.6 of the Mozilla Firefox browser is out with a bug fix for playing Windows Media content. See the release notes for more information.SeaMonkey 1.0.3 Released (MozillaZine)
SeaMonkey 1.0.3 has been announced. "Version 1.0.3 of SeaMonkey, the community-driven replacement for the Mozilla Application Suite, is now available for download. This release includes security and stability improvements and fixes a bug introduced in SeaMonkey 1.0.2 that sometimes stopped the Location Bar from working when switching tabs. In terms of some of the issues addressed, this update can be considered to be equivalent to Mozilla Firefox 1.5.0.5 and Mozilla Thunderbird 1.5.0.5."
SeaMonkey 1.0.4 followed, it fixes a bug introduced in version 1.0.3.
Languages and Tools
Caml
Caml Weekly News
The August 8, 2006 edition of the Caml Weekly News is out with new Caml language articles.
PHP
PHP 4.4.3 Released
Version 4.4.3 of PHP, the PHP Hypertext Processor, is out. "This release combines small number of bug fixes and resolves a number of security issues." See the change log for more details.
Python
Python 2.5 beta 3 announced
Version 2.5 beta 3 of the Python language has been announced. "This is an beta release. It is not suitable for production use. It is being released to solicit feedback and hopefully discover bugs, as well as allowing you to determine how changes in 2.5 might impact you. In particular, note that changes to improve Python's support of 64 bit systems mean that some C extension modules may very well break. This post has some pointers to more information for C extension authors. There's been over 50 fixes made since the second beta. This large number of changes meant we felt more comfortable cutting a third beta release, rather than charging ahead to the release candidate. Python 2.5 is now in feature freeze mode."
python-dev Summary
The python-dev Summary for June 16-30, 2006 is out with coverage of the python-dev mailing list.Dr. Dobb's Python-URL!
The August 8, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.
Ruby
Ruby Weekly News
The August 6th, 2006 edition of the Ruby Weekly News looks at the latest discussions on the ruby-talk mailing list and comp.lang.ruby newsgroup.
Tcl/Tk
Dr. Dobb's Tcl-URL!
The August 8, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.
Page editor: Forrest Cook
Linux in the news
Recommended Reading
HP balks at patent provision in GPL update (ZDNet)
According to this ZDNet article, HP is worried about the patent covenant in the GPLv3 draft. "'Suppose somebody added into the Linux kernel some feature that might go into a Linux distribution, (a feature) we had intended to retain as a differentiator and that we were not expecting was going to become open source,' [HP attorney Scott] Peterson said. 'Our mere redistribution of that would mean we could no longer enforce that patent.'"
VMware and Xen clash over Linux virtualization patch (InfoWorld)
InfoWorld looks at virtualization support and the Linux kernel. "It seems VMware has been working on a hypervisor-based virtualization technology, similar to Xen's, for an upcoming release of its commercial virtualization product line. Like Xen, VMware's technology will work better on Linux if the Linux kernel gives it a little help and so, like Xen, VMware has been submitting long lists of patches to the kernel developers for review and possible inclusion in the kernel. And wouldn't you know it, the Xen group's patches and VMware's patches are totally incompatible with each other." (Thanks to bjg)
Trade Shows and Conferences
Day one at Black Hat (NewsForge)
NewsForge covers the first day of the Black Hat security conference. "Jeff Moss opened the Black Hat Briefings this morning with a short talk before introducing the morning's keynoter, Dan Larkin. The ballroom was packed beyond seating capacity, and attendees lined the walls around the room. Almost the first words out of his mouth this morning were "I want to dispel the myth that Microsoft bought a track for Vista." The crowd was appreciative of Moss's approach, and he followed that by saying "I've already sold my soul. You can't do that twice, in the same year." They loved it."
Day two at Black Hat (NewsForge)
Joe Barr covers the Black Hat conference in Las Vegas. "I got a tip from an unimpeachable source last night that William Arbaugh of Komoku was ahead of the wave in the rootkit detection business, so his presentation -- with Jamie Butler of fu and fu2 rootkit fame -- was the first session I attended this morning."
Melbourne gets linux.conf.au guernsey (ZDNet)
ZDNet Australia reports that the 2008 linux.conf.au will be held in Melbourne. "A Web site outlining the Melbourne organising team's plans noted they had missed out in previous efforts to host the conference and acknowledged the efforts of their Tasmanian competition."
Companies
Is Apple serious about open source? (Linux-Watch)
Linux-Watch looks at the Darwin kernel. "When Apple announced that it was moving Mac OS X to the Intel platform, one thing that didn't get much attention was that Apple would not be open-sourcing the Intel Darwin kernel. Now, Apple has reversed its course and has quietly announced that it will open-source the kernel after all."
Google: the Godfather of Open Source? (Linux Journal)
Glyn Moody looks at Google and free software in the Linux Journal. "After the dotcom meltdown, key people were forced to find new jobs, with several ending up at the increasingly important OSDL. Against this background, Google's growing collection represents a return to the earlier pattern of concentration of programming talent at one company. But this time, their work is only indirectly related to Google's principal markets."
Linux Adoption
Four countries commit to 4 million Linux-powered OLPC laptops (DesktopLinux)
DesktopLinux reports that four countries have committed to buy laptops through the One Laptop Per Child program. "OLPC program director for Middle East and Africa Khaled Hassounah confirmed to DesktopLinux.com July 31 that Nigeria has indeed committed to buy 1 million machines, and then revealed that Brazil, Argentina, and Thailand also have placed similar commitments."
Interviews
The state of OpenOffice.org (NewsForge)
Joe 'Zonker' Brockmeier talks with Louis Suárez-Potts about OpenOffice.org developments. "It's been nearly a year since OpenOffice.org 2.0 was released, so I sat down with Louis Suárez-Potts, chair of OpenOffice.org's community council and community manager, at the O'Reilly Open Source Convention (OSCON) in Portland, Ore., last week to see what's on the OpenOffice.org development roadmap. Suárez-Potts says that development is moving along nicely, but it will probably be a while before we see OpenOffice.org 3.0. Suárez-Potts says that OpenOffice.org is concentrating on smaller releases that add features to the OpenOffice.org 2.0 architecture."
Linux expert sees expanded role for Ubuntu on the server (SearchOpenSource)
SearchOpenSource.com interviews Benjamin Mako Hill. "Ubuntu has always been a perfectly good server OS. Part of the problem though is that historically Debian has been really good for servers, and Ubuntu was really good for the desktop. People assumed that because there was so much effort given to the desktop by Ubuntu developers, then the server side would not work at all. But the truth is we [at Ubuntu] have been running the OS on our servers ever since the Warty Warthog release.3wThe success of the desktop distribution really distracted people from that good effort on the server side."
KDevelop Authors Talk About Their Coming Releases (KDE.News)
KDE.News talks with KDevelop authors about things to come. "KDevelop is the premier Free integrated development environment. The project is currently working towards KDevelop 3.4 with a bunch of new features and a major new version KDevelop 4. To find out what's coming up in one of KDE's most important projects KDE Dot News spoke to three of the authors about their current work and future plans."
The state of Firefox (NewsForge)
Joe 'Zonker' Brockmeier talks with Mike Schroepfer from Mozilla Corp. "At the O'Reilly Open Source Convention in Portland, Ore., last week, I had the opportunity to sit down for a few minutes with Mozilla Corp.'s Mike Schroepfer to talk about Firefox development, security, updates to JavaScript, and cooperation with Linux vendors and other downstream providers of Firefox."
Novell turns its focus toward growth (Boston Globe)
The Boston Globe has an interview with Ron Hovsepian. "When Ron Hovsepian was named chief operating officer of Waltham's Novell Inc. in November, investors were already calling for the ouster of then-chief executive Jack Messman. In June, Messman's critics got their wish, and Hovsepian got one of the toughest jobs in the software industry. Hovsepian recently spoke with Globe reporter Hiawatha Bray on how he expects to meet the challenge that defeated his former boss."
Interview: PortableApps brings open source to USB (NewsForge)
Mayank Sharma talks with John T. Haller about the PortableApps project. "On the project's Web site you'll find several portable applications: Portable VLC player (audio and video player), Portable NVU (HTML editor), Portable Firefox (Web browser), Portable Gaim (instant messaging), Portable Thunderbird (email client), Portable AbiWord (word processor), Portable OpenOffice.org (office suite), Portable GIMP (image editor), and several others, each with a dedicated support page and forum."
Phil Thompson Talks About PyQt (KDE.News)
KDE.News talks with Phil Thompson, the author of the Python Qt bindings. "PyQt makes a profit - it is self funding. It's not just sales of licenses, it is also the spin-off work that sometimes arises from a sale. For example I'm spending the rest of the year working with a customer on making greater use of PyQt within their organisation."
Resources
A Five Minute Guide to Opposing DRM (Linux Journal)
Linux Journal looks at some reasons to oppose DRM. "What strikes me, though, is that, for all the loathing of DRM, how rarely the reasons for opposing it are spelled out. In some cases, the reason may be that people consider them too obvious to be worth mentioning, but, too often when I've probed, people haven't even heard of the possible objections. These objections begin with the fact that the case for DRM has yet to be made, and continues with arguments about consumer rights, privacy, competitiveness, and industry standards."
Automate interactive transactions with Expect (Linux.com)
Michael Stutz explores expect in a Linux.com article. "Did you ever wish you could automate your interaction with a program, making a script that can smartly handle an interactive session? You can -- with Expect, an extension to the Tcl programming language whose purpose is to communicate with interactive applications. You can write Expect programs that automate live sessions, handling any tasks where a user interacts with the system. This suggests a multitude of uses, but where it has been most popularly applied is in software testing and in automating network transfers, such as site updates or downloads."
Documenting the GIMP's file format resolves technical and political issues (NewsForge)
NewsForge looks at the GIMP's file format. "The GIMP finally has a documented file specification. The free image editor has long been criticized over the fact that its native image format XCF was not publicly documented. Recently the issue came to a head, sparked unintentionally by discussions over the proposed OpenRaster graphics interchange format. Once the argument cooled off, however, an independent developer decided to tackle the problem head on -- to the benefit of all."
JDBC 4.0 Enhancements in Java SE 6 (O'ReillyNet)
Srini Penchikala examines upcoming changes to JDBC 4.0 in an O'Reilly article. "Java Platform, Standard Edition (Java SE) version 6 (code name Mustang), is currently in its second beta release and is scheduled to be delivered in October of this year. Java SE 6 includes several enhancements to the Java Database Connectivity (JDBC) API. These enhancements will be released as JDBC version 4.0. The main objectives of the new JDBC features are to provide a simpler design and better developer experience. This article provides an overview of the JDBC 4.0 enhancements and what benefits they offer to enterprise Java developers."
Processing RAW image files on Linux (Linux.com)
Linux.com looks at manipulating RAW format pictures using open source tools. "The easiest way to sound like a professional when you talk about photography these days is to grumble about the deficiencies of RAW file converters. The ability to save pictures in RAW format rather than JPEG or TIFF is what distinguishes a "pro level" camera from a consumer device. But rather than mentioning your camera's specs outright, the shrewd move is the heavy sigh followed by lamentations about your tireless search for the perfect software to properly manipulate your beautiful work. Let's take a look at how to do it using Linux and open source."
Reviews
Manage your time with Remind (Linux.com)
Linux.com takes a look at Remind. "One thing most people are bad at is remembering things -- anniversaries, deadlines, schedules. Computers, on the other hand, are very good at tracking things -- so long as you have a way to tell them to do so. Remind, a GPLed calendar and alarm application from Roaring Penguin, is a good way to keep track of your appointments and commitments on your computer so you don't need to worry about keeping them in your head."
Miscellaneous
CBR's Open Source VIPs, Part One (Computer Business Review)
Computer Business Review lists some of the VIPs of Open Source. "The CBR Open Source VIPs represent the individuals who are considered to be the most influential people in open source right now. As can be seen by our first entry - who tops the list thanks to alphabetical ranking - it also includes some blasts from the past, because their influence still resonates today." (Found on Groklaw)
Linux memorabilia sought for 15th anniversary display (Linux Devices)
Linux Devices reports that the Computer History Museum in Mountain View, CA is seeking Linux historical items. "The Computer History Museum is inviting LinuxWorld attendees to bring Linux-related memorabilia, for display in a booth celebrating the 15-year anniversary of the kernel. Suitable items include historical prototypes, early business plans for Linux and open source companies, and early photographs of key figures in the Linux and open source movement. The Museum began soliciting Linux-related pre-1998 artifacts earlier in the year, and has already collected a number of items for display at the Expo, and for its permanent collection, it says."
Mozilla calls on user community today for testing (NewsForge)
NewsForge reports that today is a test day for calendar applications Sunbird and Lightning, "Participants may submit test cases on any aspect of either program, from scheduling and printing to searching and device syncing. Previous test case writing experience is not required, and at least three team leaders will be available on the #calendar-qa channel on irc.mozilla.org throughout the day to answer questions."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
Debian Linux Adopts OpenVZ Virtualization Software
The OpenVZ project has announced its operating system-level server virtualization software technology is incorporated into Debian GNU/Linux giving users full access to OpenVZ software, which helps increase server utilization rates.GWeather Locations DB major update
The GWeather developers are clearing out dead weather monitoring locations from their database. "People have noticed that at one point we accidentally added a lot of dead locations to the GWeather database. Frank Solensky has been monitoring the locations to count the number of reports from every location. I have then knocked together a quick Python script to remove all the locations that had zero reports over the last half a year. What we need you to do is QA our data through random sampling."
Xandros Joins OSDL to Accelerate Adoption of Desktop Linux
OSDL has announced its newest member, Xandros. "Xandros will participate in OSDL's Desktop Linux (DTL) working group with a specific focus on advancing standards-based usability and consistency."
Commercial announcements
Mozilla Corporation Signs Distribution Deal with RealNetworks (MozillaZine)
MozillaZine covers a new distribution deal between the Mozilla Corporation and RealNetworks. "The Mozilla Corporation and RealNetworks have entered into a multi-year agreement under which RealNetworks will distribute Mozilla Firefox with its products. During the installation of RealPlayer, users will be given the option to also install Firefox. In the near future, Firefox will also be an installation option with Real's Rhapsody music download service and RealArcade gaming platform."
New Books
LPI Linux Certification in a Nutshell, Second Edition - O'Reilly's Latest Release
O'Reilly has published the book LPI Linux Certification in a Nutshell, Second Edition by Steven Pritchard, Bruno Gomes Pessanha, Nicolai Langfeldt, James Stanger, and Jeff Dean.Mastering Regular Expressions, Third Edition - O'Reilly's Latest Release
O'Reilly has published the book Mastering Regular Expressions, Third Edition by Jeffrey E. F. Friedl.
Resources
FSF opinion papers published
The Free Software Foundation has published a set of opinion papers as a supplement to the rationale document for the GPLv3 second draft. They cover topics like patent retaliation, DRM, BitTorrent, and others. "Draft 1 did not address peer-to-peer transmission; it was an issue that had escaped our notice. The experts on the discussion committees we formed in January did not call this issue to our attention either. Rather, the issue was pointed out to us by two unaffiliated members of the free software user community."
Contests and Awards
Amarok Live Calling for Artwork (KDE.News)
KDE.News has announced a new Amarok artwork contest. "The Amarok project has announced an artwork contest for their upcoming live CD, Amarok Live, for fancy new version 1.4. The contest includes among other things bootsplash screens, wallpapers and Amarok splash screens. Also the Amarok Live team would like to have a complete set with similar style for all the items listed in the Amarok wiki. This artwork contest will be opened for submission until midnight UTC ending September 1st."
Call for nominations for the 2006 FSF Award for the Advancement of Free Software
The Free Software Foundation (FSF) and the GNU Project have announced the request for nominations for the 2006 Award for the Advancement of Free Software. "This annual award is presented to a person who has made a great contribution to the progress and development of free software, through activities that accord with the spirit of software freedom (as defined in the Free Software Definition)."
PyWeek #3 in September!
The third PyWeek game programming challenge has been announced. The object of the challenge is to develop a Python-based game in one week. "PyWeek 3 is coming up. I've scheduled it for the first week of September. The exact dates are 00:00UTC Sunday 3rd September to 00:00UTC Sunday 10th September."
Valgrind receives Google-O'Reilly Award (KDE.News)
KDE.news reports that Valgrind has won an award. "Julian Seward, father of the the famous Valgrind, an opensource tool for debugging and profiling your applications, won this years Google-O'Reilly Open Source Award for "Best Toolmaker". This years ceremony was the second of the annual event. Congratulations, Julian! In other news, Valgrind 3.2 has been released."
Surveys
Volunteers Wanted for Mozilla Firefox User Panel (MozillaZine)
MozillaZine mentions an effort to collect user opinions on the User Panel. "Rachel Werner writes: "Mozilla is now recruiting for the Firefox User Panel, which is an initiative to learn more about how end-users interact with the Web. Firefox User Panel members will complete a series of short online surveys on a variety of Web-related topics, with the aggregate results made available to the Mozilla community."
Education and Certification
LPI and FSG join forces in Latin America
The Linux Professional Institute and the Free Standards Group will provide professional certification in Latin America. "The two organizations will initiate this relationship through their key participation in a five city IT tour in Brazil beginning in August 2006 which includes such leading companies as IBM and Novell, local LPI training partners and other IT organizations."
Calls for Presentations
ARES 2007: Call for workshop proposals
A call for workshop proposals has gone out for ARES 2007, The Second International Conference on Availability, Reliability and Security. The event takes place from April 1013th, 2007 in Vienna, Austria, proposals are due by September 10.
Upcoming Events
Boston Summit 2006 announced
The GNOME Boston Summit will be held on October 7-9 in Boston, MA. "The annual GNOME Boston Summit is a three-day hackfest for GNOME developers and contributors. It is not primarily aimed at users or new contributors, but if you want to jump right into the deep end, it's a fantastic way to meet everyone and get involved. Unlike traditional conferences, the Boston Summit is all about getting developers together and getting things done. While there are some non-hacking sessions, they are geared heavily towards many-to-many, interactive discussion and planning, rather than one-to-many presentations."
Help KDE at LinuxWorld London (KDE.News)
KDE.News has posted a call for help for the next London LinuxWorld Conference and Expo. "Today we received confirmation that we have been successful in obtaining a booth at LinuxWorld Conference and Expo. The two-day event is taking place on the 25th and 26th of October in London's Olympia 2 conference hall. Following last year's success we are hoping to have a bigger presence this year to demonstrate our efforts at Akademy 2006 as well as the progress that will have been made with KDE 4."
Events: August 17, 2006 to October 16, 2006
The following event listing is taken from the LWN.net Calendar.
| Date(s) | Event | Location |
|---|---|---|
| August 14 August 17 |
ApacheCon Asia | Colombo, Sri Lanka |
| August 14 August 17 |
LinuxWorld San Francisco 2006 | San Francisco, CA |
| August 17 August 18 |
Python for Scientific Computing | Pasadena, CA |
| August 18 August 19 |
The Ubucon Conference | Mountain View, CA |
| August 19 August 20 |
Colombian Mini-DebConf | Popayan, Cauca, Colombia |
| August 19 | Linux Picnic 15 | Sunnyvale, CA, USA |
| August 21 August 27 |
Ireland PyPy sprint | Limerick, Ireland |
| August 23 August 24 |
Fourth International Conference on GPLv3 | Bangalore, India |
| August 26 | RubyConf*MI | Grand Rapids, MI |
| August 28 August 31 |
Bellua Cyber Security Asia 2006 | Jakarta, Indonesia |
| August 30 September 1 |
YAPC::EU 2006 - Yet Another Perl Conference - Birmingham | Birmingham, UK |
| September 5 September 8 |
Linux Kongress 2006, 13th International Linux System Technology Conference | Nürnburg, Germany |
| September 8 | Leipzig Python Workshop | Leipzig, Germany |
| September 9 September 10 |
Linuxtage in Essen | Essen, Germany |
| September 11 September 13 |
OpenOffice.org Conference | Lyon, France |
| September 12 September 15 |
php|works/db|works 2006 | Toronto, Canada |
| September 13 September 15 |
2006 WebGUI Users Conference | Las Vegas, NV |
| September 14 | NLUUG najaarsconferentie 2006 | Gelderland, The Netherlands |
| September 14 September 16 |
Wizards of OS 4 - Information Freedom Rules | Berlin, Germany |
| September 14 September 15 |
RailsConf Europe 2006 | London, UK |
| September 14 | Open Source: New DoD Paradigm, or Business as Usual? | Arlington, VA, USA |
| September 14 September 15 |
Software Tagging Workshop | Portland, OR, USA |
| September 16 September 17 |
WineConf | Reading, UK |
| September 16 September 17 |
Linux-Delhi (India Linux users group Delhi chapter) Freedel 2006 | Delhi, India |
| September 17 | KLDP 10 year Anniversary Free/Open Source Software Conference | Seoul, Korea |
| September 18 September 21 |
2006 European Open Source Convention | Brussels, Belgium |
| September 18 September 21 |
New Security Paradigms Workshop | Schloss Dagstuhl, Germany |
| September 19 September 21 |
High Performance Embedded Computing Workshop | Lexington, MA, USA |
| September 23 September 30 |
KDE World Summit 2006 | Dublin, Ireland |
| September 25 September 28 |
Embedded Systems Conference | Boston, MA |
| September 29 September 30 |
No cON Name 2006 Congress | Palma de Mallorca, Spain |
| September 29 October 1 |
ToorCon 2006 | San Diego, CA |
| September 29 October 1 |
Encuentro de Desarrolladores de GNOME Zaragoza | Zaragoza, Spain |
| September 30 October 1 |
RuxCon 2006 | Sydney, Australia |
| September 30 | Ohio LinuxFest 2006 | Columbus, Ohio |
| September 30 | Defective by Design, 2pm-5pm, Apple Store, Regent Street, London, UK | London, UK |
| October 1 October 4 |
Gelato ICE Itanium Conference and Expo | Biopolis, Singapore |
| October 1 October 3 |
LinuxBIOS Symposium 2006 | Hamburg, Germany |
| October 2 October 5 |
Security OPUS Infosec Conference | San Francisco, CA, USA |
| October 7 October 9 |
GNOME Boston Summit | Boston, MA, USA |
| October 9 October 13 |
ApacheCon US | Austin, TX |
| October 9 October 13 |
13th Annual Tcl/Tk Conference | Naperville, IL |
| October 11 October 12 |
Eclipse Summit Europe | Esslingen, Germany |
| October 11 October 12 |
Linux World Conference and Expo | Utrecht, The Netherlands |
| October 12 October 15 |
Eighth Real-Time Linux Workshop | Lanzhou, Gansu, China |
If your event does not appear here, please tell us about it.
Audio and Video programs
Linux Link Tech Show Interviews Amarok Developers (KDE.News)
KDE.News has announced the availability of an audio interview with Amarok developers. "The Linux Link Tech Show has interviewed Amarok developers Max Howell and Ian Monroe in their latest show. Max talks about Amarok's many features and what they plan for KDE 4, while Ian explains what the main goals of the Amarok project are. Start 12 minutes in to skip the technical problems and listen to the interview."
Page editor: Forrest Cook