LWN.net Weekly Edition for October 5, 2006
Similar in spirit?
The recent discussions on the proposed version 3 of the GNU General Public License have been well documented here and elsewhere. This proposal has clearly exposed some differences of opinion within the development community, with the anti-DRM provisions being at the core of the debate. The addition of these provisions has created a fair amount of ill will against the Free Software Foundation; opposition to them appears to have created similar feelings in the opposite direction.In theory, this disagreement should not come about. GPLv2 contains the following language:
If the FSF is adhering to its part of this bargain, then anybody who bought into the "spirit" of GPLv2 should not have trouble with this revision. So, clearly, those who oppose the GPLv3 draft - many of whom have released vast amounts of code under GPLv2 - believe that the revisions are not "similar in spirit." Some have gone as far as to accuse the FSF of using its power over the GPL to push its founder's radical agenda onto the code of large numbers of unwilling developers.
That accusation is probably over the top. The FSF is, with GPLv3, attempting to respond to a number of problems as it sees them. Software patents are a clear problem, and the GPLv3 draft tries to mitigate that problem somewhat. International applicability of the license has not yet proved to be a problem in practice, but it is clearly something that reasonable lawyers can worry about. It seems worth fixing the language before some court somewhere on the planet decides that the GPLv2 incantations only work in the US. And so on.
The FSF also, clearly, sees locked-down systems as a problem. It is interesting that this has not always been the case; back in 2000, LWN took issue with an interview with Richard Stallman, where he said:
(This interview has disappeared off the original site, but the Wayback Machine has it).
Most TiVo owners probably see their gadget as being more like a microwave oven than a computer. It is not that TiVo has come along since then (the 2000 LWN article mentions it); what has changed is the FSF's - or, at least, Richard Stallman's - position on it.
There are few people who disagree with the idea that locked-down systems can be a problem. Beyond the fact that such devices will always deny users the full potential of the hardware, they can spy on us, deny fair use rights under copyright law, lock us out of our own data, prevent us from fixing serious problems, and so on. Locked-down systems are designed to implement the goals of somebody other than the ultimate owner of the device. Such systems are undesirable at best, and outright evil at their worst.
The disagreement is over how this problem should be addressed. The two sides, insofar as there are two clear sides, would appear to be these:
- The anti-DRM provisions are a licensing-based response to a legal
and market problem. They prohibit legitimate uses of the technology
(examples could be ensuring that certified software runs on voting
machines or systems - like X-ray machines - which could hurt people if
the wrong software is run) while failing to solve the real problem.
These provisions are trivially circumvented by putting the software in
ROM, do nothing about the DRM being incorporated into all aspects of
computing systems, and would primarily result in Linux being replaced
with proprietary software
in the embedded market. These provisions are a new restriction on how
the software can be used, and, thus, are not "similar in spirit" to
GPLv2.
- The new provisions are needed to preserve the user's freedom to modify, rebuild, and replace the original software on devices that this user owns. Failure to provide encryption keys when the hardware requires them is a fundamental failure to live up to the moral requirements of using free software and, according to some, is already a violation of GPLv2. DRM is an evil which threatens to take away many of the freedoms we have worked so hard to assure for ourselves; it must be fought whenever possible and it certainly should not be supported by free software. The anti-DRM provisions simply reaffirm the freedoms we had thought the GPL already guaranteed to us, and, thus, they are very much "similar in spirit" to GPLv2.
This logjam looks hard to break. Your editor, in his infinite humility, would like to offer a couple of suggestions, however:
- Reasonable people who believe in free software, and who have put
much of their lives into the creation of that software, can support
either of the two viewpoints above (or other viewpoints
entirely). They are not (necessarily) free software fundamentalist
radicals, corporate stooges, people on power trips, or any of those other
mean and nasty things they have been called in recent times. We can
discuss this issue without doubting each others' motives and without
the need for personal attacks.
- The FSF clearly has some strong feelings about what it wants to achieve with this license revision, and there are issues it does not want to back down on. There have also been signs, however, that the FSF is listening more than it has in the creation of any other license. This process is not done yet, there is no GPLv3 at this time. Continued, polite participation in the process would seem to be called for.
Finally, while your editor is standing on this nice soapbox... The anti-DRM language was very appealing when it first came out. Your editor does not much appreciate the idea of some vendor locking up his software and selling it back to him in a non-modifiable and potentially hostile form. It is a violation of the social contract (if not the legal license) under which the software was contributed.
But the attempt to address this problem in GPLv3 carries a high risk of splitting the development community while doing very little to solve the real problem. Dropping that language could help to bring the community back together behind the new license, leaving us united to fight DRM (and numerous other attacks on our freedom) in more effective ways. The FSF may want to consider whether, in the long run, its goals would be better served by a license which lacks this language. Such a license might be closer to the spirit which brought this community together in the first place.
Busy busy busybox
BusyBox is a set of command-line utilities developed with the goal of keeping its size as small as possible. To that end, all unnecessary options and code are ruthlessly cut out, and the entire command set is implemented by a single, multipurpose executable. BusyBox is found in a number of embedded environments; chances are it is running on your wireless router, for example. The command set has reached a level of capability that the new BusyBox maintainer believes that it is almost ready for use on desktop systems.Yes, BusyBox has a new maintainer, as the result of another disagreement over the draft revision of the GNU General Public License (GPLv3). This episode is worth looking at, as it may be an omen of disagreements that could come up in other projects as the GPLv3 process moves forward.
Some projects reach 1.0 more quickly than others. BusyBox is one of the others. It was started by Bruce Perens in 1995, and became part of the Debian boot process. Bruce moved on to other interests shortly afterward, leaving BusyBox in an idle state, where it remained for a few years. Under the maintainership of Erik Andersen, BusyBox came back to life, and the much-delayed 1.0 release happened almost exactly two years ago - in October, 2004. Version numbers can be deceiving, however, as BusyBox had been in production use for many years prior to 1.0.
In recent years, the BusyBox maintainer has been Rob Landley, an energetic individual (at least, when sufficient caffeine is at hand) who has done a lot to push the project forward. So the task of thinking about how BusyBox and GPLv3 relate fell to him. Since BusyBox can be found in so many embedded systems, it finds itself at the core of the GPLv3 anti-DRM debate. A GPLv3-licensed BusyBox would create obvious difficulties for any vendor wishing to incorporate it into a locked-down product.
BusyBox is not a GNU project, so the Free Software Foundation does not hold its copyrights; instead, those copyrights are retained by the original authors. As Rob looked over the code, he found many contributions with the usual "or any later version" language which would allow a change to GPLv3. Others, however, had the explicit "version 2 only" language. Some, contributed by one Linus Torvalds, state that they "may be redistributed as per the Linux copyright." Some other contributions carry a BSD license - originally with the GPL-incompatible advertising clause. It was quite the mixture of licenses.
Rob was especially concerned about the version-2-only licensing, since that would obviously get in the way of any switch to GPLv3. And, in any case, he was ambivalent at best about GPLv3; it seems that the BusyBox project had developed a plan to dual-license its code under both GPL versions, allowing it to continue to be used under either license. So his question with regard to the v2-only code was:
That led to the beginning of a long and unpleasant discussion about whether BusyBox should move to GPLv3 or not - and it quickly became clear that Rob had no interest in such a move. His reasoning is worth a read, as it includes a couple of new concerns - including the fact that a dual-licensed GPLv2/GPLv3 code base would be unable to accept contributions licensed under a single version (either version) of the license.
Enter Bruce Perens, last seen in in BusyBox circles about ten years ago. Bruce clearly feels that he still has some rights over the code:
What followed was a long discussion on whether DRM differs from simply putting the code into ROM, whether the FSF is more worthy of trust than IBM, whether a move to a GPLv2-only license was possible, how much of Bruce's original contribution remains, and so on. Interested parties are encouraged to go into the BusyBox list archives and spend considerable time plowing through the postings; they do not always show the free software community at its best. The real outcomes, however, are this:
- BusyBox will be GPLv2 only starting
with the next release. It is generally accepted that stripping out
the "or any later version" is legally defensible, and that the merging
of other GPLv2-only code will force that issue in any case.
- Bruce Perens wants his contributions to keep the "any later version" language, and has requested ("and required") that the copyright notices reflect this wish. Accommodating a contributor's wishes in this regard is normally done, but Rob Landley has refused to go along; his reason, in the end, boils down to "I'm mad at Bruce and don't want to."
To show that he meant it, Rob launched a project to find and excise any remaining contributions to BusyBox from Bruce. In response, Bruce has announced that he will be creating a fork of BusyBox which will be more responsive to his wishes. All of that may be moot, now that Rob has resigned from the project and handed the maintainership over to Denis Vlasenko - who plans to pursue moving Busybox onto the desktop.
All of this could be dismissed as yet another silly community soap opera - and there is truth to that view. But this is a soap opera which is likely to be rerun a number of times over the coming months. Any project which (1) uses the GPL, and (2) allows contributors to retain their copyrights is likely to have a discussion like this one. Avoiding such discussions is, perhaps, why the FSF is so insistent on obtaining copyrights for the projects it manages.
Version 2 of the GPL has brought together vast numbers of developers into a single agreement on the terms under which their code could be distributed. It may never have been possible to update the GPL without fracturing that agreement; it seems increasingly clear that the GPLv3 draft has, so far, failed in that regard. There are enough developers who see it as not being "similar in spirit" to GPLv2 to ensure that the new license, in its current form, will not be a simple drop-in replacement for its predecessor. Regardless of how one feels about the new terms in the GPLv3 draft, it is hard to see the potential for this sort of discord in the community as a good thing.
(Thanks to the several LWN readers who brought this to our attention).
Open source systems management software
A previous LWN feature examined the rise of the open source enterprise stack - a modular collection of applications that together provide the entire spectrum of enterprise computing functions. One component of that stack is systems management. This area encompasses areas such as provisioning and patching of servers; configuration and management of applications running on those servers; and monitoring all elements of the computing system - hardware, software, networks and their security.
Systems management is dominated by the "Big Four": BMC's Performance Manager, CA's Unicenter, HP's OpenView and IBM's Tivoli. Like many proprietary systems, these are monolithic in design, and attempt to provide every kind of systems management features within a single, highly-complex program.
Free software is by its very nature modular, so open source systems management programs tend to be focused on particular tasks. This has led to a richness of the free software tools addressing this area, often with multiple solutions for a given problem. The downside is a confusing array of possibilities, a wide range of rival approaches and some unnecessary duplication of effort.
In an attempt to bring some harmony to this coding cacophony, the Open Management Consortium (OMC) was founded in May 2006 with the following objectives:
- Create awareness of open source management tools in the market
- Provide education and resources to help end users make informed decisions regarding open source
- Establish conventions and standards that enable integration and interoperability
- Enable collaboration and coordination on common development projects
- Promote collaborative open source systems management solutions
The founding members of the consortium are Ayamon, Emu Software, Qlusters, Symbiot, Webmin, and Zenoss. The oldest of these is Jamie Cameron's Webmin, established in 1997, which provides an easy Web-based user interface for Unix system administration. The project is sponsored by OpenCountry, which joined the OMC in September 2006. The other founding members of the OMC also support free software projects, in a variety of ways. For example, Ayamon was founded by Ethan Galstad, who is the creator and lead developer of Nagios, an open source host and service monitor that uses a plug-in architecture to provide a rich range of options.
The case of Symbiot, which provides software for network security event and risk management, is more complex. The company was founded back in 2001, but initially sold only proprietary products. Then, as Symbiot's founder and CEO Mike Erwin explains: "We introduced an open toolkit and visualization platform called OpenSIMS in 2005, upon which a great degree of the Symbiot software is based. OpenSIMS is an independent package, maintained by Symbiot and programmed with hooks for other common open source packages." He says the benefits of this move flow both ways: "Open source code bases provide a method for end-users to do intelligent customization while providing the original code creators with [a] 'lighthouse' pointing them towards where the commercial space should go."
Emu Software took a similar path to openness. It started life back in 2003 selling NetDirector as a closed source Web-based system administration platform. "Although we always felt that we would contribute at least part of the product to the open source community," says co-founder Greg Wallace, "we concluded in late 2005 that systems management would be the next big computing market to see significant open source adoption, and we wanted to be out in front." He believes that certain sectors lend themselves to the open source approach: those where there are "lots of users; a horizontal nature - that is, cross-industry adoption; a high incidence of user desire to customize; an initial market dominated by large incumbent vendors with integrated, and some might say over-engineered, products."
Wallace explains how the OMC is trying to bring some order to the wealth of open source systems management solutions:
And Erwin notes one practical benefit Symbiot has already derived since joining the consortium:
That may be some way off, but already the membership of OMC is swelling fast: just four months after its foundation, the original five members had grown to 29. Among them is Hyperic, another major player in this space, and with an interesting history. It was originally part of Covalent, which provides commercial support for Apache, before splitting off in March 2004. Like Symbiot and Emu Software, it too began selling closed source products before opening up its flagship software Hyperic HQ, a suite of inventory auto-discovery, monitoring, alerting and portal tools, in July 2006.
John Mark Walker, head of community development at Hyperic, explains the move: "From Hyperic's founding, it was always our intent to open source HQ - once we felt that it had reached a level of maturity to be useful for a number people, and once we had the in-house resources to properly support our community and foster its growth." And he points out: "The problem that existing management software strives to address - integrating with every existing and future technology in order to manage it - is only solvable through open source communities. It is impossible for a single company to keep up with all of the newly emerging software and other technologies in the data center. The problem requires the interactive, two-way communication inherent in the open source process.
Not everyone sees the OMC as the way to do this. For example, another leading company in this area, GroundWork, prefers to do its own integration of open source systems management tools to create its GroundWork Monitor product line, which includes both closed and proprietary elements. Although the company says it doesn't "see a particular need in being a part of the OMC at this time," it has created its own Open Source Council in August 2006, with the aim of ensuring that GroundWork "will always be comprised of the very best open source projects comprehensively integrated into a platform." Whether within or outside the context of the OMC, integration remains the key challenge for open source management tools.
Glyn Moody writes about open source at opendotdotdot.
Security
A look at OpenID
The OpenID project is an effort to produce a decentralized, open, user-centric identity management framework. The main benefit for users will be a 'single sign on' to websites that support it. The project provides open source libraries for both websites requiring authentication (relying parties) and for the servers that provide the authentication (identity providers, IdPs). One of the main goals is to allow anyone to run a server that authenticates their own or others' identities and avoid the centralized model of other identity frameworks.
At its core, OpenID allows a user to associate a URL with his or her identity; a server can then authenticate that the user is the owner of that URL. Giving users control of their own identity makes OpenID a user-centric identity management system. To use OpenID authentication, the username is the URL and the password is stored on the identity provider. Thus, the same password is used to authenticate multiple accounts on various websites.
There are different ways to use OpenID, depending on what the user's requirements and capabilities are. In the simplest case, one can sign up for a free account at a provider like MyOpenID and it will generate a URL for you to use (the author's test account was jake.edge.myopenid.com). After that, you can submit that URL at any OpenID enabled website and authenticate it. If you have not visited the site before, you will be redirected to MyOpenID to enable that site to authenticate you. You may also need to login to MyOpenID if you have not established a session there recently. Once you have enabled authentication, you are redirected back to the original site and MyOpenID will have authenticated you. If you have a valid MyOpenID session and have previously enabled the site you are visiting, you can be authenticated behind the scenes when you provide your URL and will be able to log in without providing a password.
Another way to use a service like MyOpenID is by using a URL under your control as your identity. By putting some HTML into the HEAD section of the index document served from that URL, you can delegate the authentication to another server and gain the benefits of using your own URL without running your own OpenID server. If you do that, the URL for OpenID logins becomes the URL under your control. Over time, you could change the server that you delegate to while still retaining the identity associated with your URL. In addition, various OpenID server implementations exist for those who wish to fully control their identity and can run their own server.
OpenID implements the authentication by using (but not requiring) strong encryption on the messages that are exchanged between relying parties and identity providers (IdPs). When a user enters a URL into an OpenID login, the relying party makes a GET request to the URL and expects to find some extra OpenID specific markup in the HEAD section. It uses this markup to find the IdP and can negotiate an association between the relying party and IdP, but does not have to. The association is an agreement on cryptographic protocols to use to sign the requests and responses. A relying party can then cache that information to use when contacting that IdP for any other user that might share the server.
After that, the relying party redirects the user to the IdP which allows any IdP specific cookies to be delivered. The IdP may decide to require the user to authenticate with it, but that is outside of the scope of the OpenID specification. As described above, the IdP may also require the user to make a decision about whether to allow the relying party to authenticate them. Once that is complete, the IdP returns the user to the relying party site with an assertion about whether the authentication succeeded or failed.
The most recent OpenID specification adds some additional capabilities. A nonce (a unique identifier) value was added as an option to the success response to thwart replay attacks. Also, support for Yadis discovery was added. Yadis allows relying parties to determine what authentication protocol to use so that sites can transparently support other protocols such as LID.
From a security standpoint, there are a few different attack vectors that are described in the specification. Eavesdropping and man-in-the-middle attacks can be circumvented by using HTTPS (SSL). Unless the IdP is compromised, the identity itself is secure, though it could be spoofed on a particular site using those vectors.
OpenID simply makes the connection between a URL and an identity, it asserts that the two are associated, it does not provide any trust information about the identity. Users of OpenID will still have to prove they are not programs at registration time because nothing in the protocol prevents programs from having identities. It is a starting point, as any kind of trust system must be based on an authenticated identity. A trust layer that uses OpenID identities could provide protection against blog spam and the like. Since OpenID identities can be anonymous, this will allow for anonymous, but authenticated, users; one can verify that the identity wrote a particular message without making a connection to the real life person behind it.
There seems to be a growing number of sites that support OpenID; there is even a bounty for adding support to open source programs. Overall, it seems that OpenID provides a fairly painless route for digital identity management for both users and websites. It is probably worth a look for anyone that might be interested in such a thing.
New vulnerabilities
cscope: buffer overflows
| Package(s): | cscope | CVE #(s): | CVE-2006-4262 | ||||||||||||||||
| Created: | October 2, 2006 | Updated: | June 16, 2009 | ||||||||||||||||
| Description: | Will Drewry of the Google Security Team discovered several buffer overflows in cscope, a source browsing tool, which might lead to the execution of arbitrary code. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
dokuwiki: input validation flaws
| Package(s): | dokuwiki | CVE #(s): | |||||
| Created: | September 29, 2006 | Updated: | October 4, 2006 | ||||
| Description: | Input validation flaws have been discovered in the image handling of fetch.php if ImageMagick is used, which is not the default method. A remote attacker could exploit the flaws to execute arbitrary shell commands with the rights of the web server daemon or cause a denial of service. | ||||||
| Alerts: |
| ||||||
migrationtools: insecure temporary files
| Package(s): | migrationtools | CVE #(s): | CVE-2006-0512 | ||||
| Created: | October 2, 2006 | Updated: | October 4, 2006 | ||||
| Description: | Jason Hoover discovered that migrationtools, a collection of scripts to migrate user data to LDAP creates several temporary files insecurely, which might lead to denial of service through a symlink attack. | ||||||
| Alerts: |
| ||||||
mono: symlink vulnerability
| Package(s): | mono | CVE #(s): | CVE-2006-5072 | ||||||||||||||||||||
| Created: | October 4, 2006 | Updated: | December 1, 2006 | ||||||||||||||||||||
| Description: | The mono System.CodeDom.Compiler classes suffer from a temporary file symlink vulnerability which could be used to overwrite files, or, in this case, even inject arbitrary code into a running mono application. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
openldap: security bypass
| Package(s): | openldap | CVE #(s): | CVE-2006-4600 | ||||||||||||||||||||
| Created: | September 29, 2006 | Updated: | June 12, 2007 | ||||||||||||||||||||
| Description: | slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN). | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
openssl: multiple vulnerabilities
| Package(s): | openssl | CVE #(s): | CVE-2006-2937 CVE-2006-2940 CVE-2006-3780 CVE-2006-4343 CVE-2006-3738 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | September 28, 2006 | Updated: | December 12, 2006 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | OpenSSL has a number of denial of service vulnerabilities including: two vulnerabilities involving invalid ASN.1 structures, a buffer overflow in the SSL_get_shared_ciphers() function and an SSLv2 client crash that can be caused by a malicious server. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
opera: RSA signature forgery
| Package(s): | opera | CVE #(s): | |||||
| Created: | September 28, 2006 | Updated: | October 4, 2006 | ||||
| Description: | The Opera browser has a problem verifying OpenSSL PKCS #1 v1.5 RSA signatures. An attacker can use this to forge certificates and appear as a valid CA. | ||||||
| Alerts: |
| ||||||
xine-lib: code execution
| Package(s): | xine-lib | CVE #(s): | CVE-2006-4799 | ||||||||
| Created: | October 4, 2006 | Updated: | November 21, 2006 | ||||||||
| Description: | The xine-lib package does not properly validate AVI headers, enabling an attacker to run arbitrary code via a specially crafted AVI file. | ||||||||||
| Alerts: |
| ||||||||||
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current 2.6 kernel remains 2.6.18; patches continue to flow into the mainline repository for the upcoming 2.6.19-rc1 release.The current -mm tree is 2.6.18-mm3. Recent changes to -mm include a patch to silence a lot of useless compiler warnings, a new attempt to get the swap token code working properly, swapfile support for software suspend, and the kevent subsystem.
The current 2.4 prepatch is 2.4.34-pre4, released on October 2. A small number of fixes went in this time around; 2.4.34 looks like it is about to go into the final stabilization phase.
Kernel development news
Quotes of the week
-- Alan Cox
More stuff for 2.6.19
The flow of patches into the mainline repository continues at a high rate, with a few thousand of them having been merged since last week's summary. The most significant of these are (starting with the user-visible changes):
- The GFS2 cluster
filesystem has been merged at last; it includes its own
distributed lock manager implementation.
- New drivers: MCS7840 USB port devices. ELAN U132 USB controllers,
ELAN Uxxx USB-to-PCMCIA adapters, Playstation 2 "Trance" vibrator
devices, the VIA VT1211 Super-I/O chip, AMD K8 CPU temperature
monitors, Philips TDA10086 and TDA826x tuner devices, DiBcom
DiB0700-based USB bridges, Hauppauge Nova-T 500 tuners, TI Flash Media
PCI74xx and PCI76xx host adapters, QUICC Engine communications
coprocessors, and HP Quicksilver AGP GARTs.
- The NFS server code has a number of improvements, including the
ability to do I/O in much larger chunks over TCP connections.
- eCryptfs, an encrypting
filesystem, has gone in.
- Bound
End-to-End Tunnel (BEET) mode support has been added to the IPSec
code.
- A USB gadget driver which connects the gadget interface to the ALSA
MIDI subsystem. The purpose is to allow a system to appear as a
USB-connected MIDI streaming device.
- POSIX access control lists are now available in the tmpfs filesystem.
- If a string with the form |program is written to
/proc/sys/kernel/core_pattern, all core dumps will be piped
to the given program instead of being written to disk.
- Some of the early containers patches have gone in, including separate
namespaces for utsname information and SYSV IPC objects.
- The BSD secure level security module has been removed.
- The "floppy tape" subsystem has been marked for removal in 2.6.20; it is unmaintained, probably has no active users, and its 1.6GB storage capacity looks rather quaint in current times. Anybody who actually has worthwhile data on this medium probably should have copied it to something newer some time ago.
Changes visible to kernel developers include:
- SRCU - a version of read-copy-update which allows read-side blocking -
has been merged.
- Much improved suspend and resume support for the USB layer.
- A new set of functions has been added to allow USB drivers to quickly
check the direction and transfer mode of an endpoint.
- A somewhat reduced version of Wireless Extensions version 21. Most of
the original functionality has been removed with the idea that the
wireless extensions will soon be superseded by something else.
- Vast numbers of annotations enabling the sparse utility to
detect big/little endian errors.
- A number of Video4Linux drivers have been converted to the V4L2 API.
- The flags field of struct request has been split
into two new fields: cmd_type and cmd_flags. The
former contains a value describing the type of request (filesystem
request, sense, power management, etc.) while the latter has the flags
which modify the way the command works (read/write, barriers, etc.).
- The block layer can be disabled entirely at kernel configuration
time; this option can be useful in some embedded situations.
- The kernel now has a generic boolean type, called bool; it
replaces a number of homebrewed boolean types found in various parts
of the kernel.
- There is a new function for allocating a copy of a block of memory:
void *kmemdup(const void *src, size_t len, gfp_t gfp);A number of allocate-then-copy code sequences have been updated to use kmemdup() instead. - The latency tracking
infrastructure patch has been merged.
- The readv() and writev() methods in the file_operations structure have been removed in favor of aio_readv() and aio_writev() (whose prototypes have been changed). See this article for more information.
As of this writing the merge window has not yet closed, so chances are that more significant changes could yet find their way into 2.6.19.
API changes: interrupt handlers and vectored I/O
Normally, the release of 2.6.19-rc1 would be the signal that the release cycle process would begin to slow down and focus on bug fixes. Things might be just a little different this time around, however, as a large and disruptive (almost 1100 files changed) API change is likely to go in between -rc1 and -rc2. The reasoning is this: a patch which hits so many files will inevitably conflict with a number of the other patches currently flooding into the mainline. Holding this patch until the flood should make life easier all around.So what is this patch? Consider that interrupt handlers currently have the following prototype:
irqreturn_t handler(int irq, void *data, struct pt_regs *regs);
The regs structure holds the state of the processor's registers at the time of the interrupt. It is passed to every interrupt handler, but it is almost never used; for the purposes of most handlers, the pre-interrupt register state is just a bunch of random bits. There is a cost to passing this pointer around, however. According to David Howells:
So David has put together a patch which removes the regs argument to interrupt handlers. Any code which actually needs the registers - seemingly only the timer interrupt handler - can get the pointer with a call to the new get_irq_regs() function. Since this change obviously requires fixing every interrupt handler in the system - and there are a lot of them in the mainline kernel - the patch is large and touches a lot of files.
This patch has just now come along, meaning that, by normal standards, it is a bit late for the 2.6.19 party. So it would normally sit in -mm for this cycle, and be merged into 2.6.20. But, Andrew Morton says:
Nobody else seems to object to the change, though Linus did spare a moment to feel the pain of people maintaining drivers out of the mainline tree. The writing on the wall all points to a near-term inclusion, perhaps with a special defined symbol to help out-of-tree maintainers write code which works with both handler prototypes.
Meanwhile, the file_operations structure can be found at the core of just about any subsystem which does I/O. Char device drivers create file_operations structures directly, while most other parts of the system (filesystems, network protocols and drivers, block drivers) bury them in higher-level logic. Two of the members of this structure are:
ssize_t (*aio_read) (struct kiocb *iocb, char __user *buf,
size_t len, loff_t pos);
ssize_t (*aio_write) (struct kiocb *iocb, const char __user *buf,
size_t len, loff_t pos);
These methods implement asynchronous reads and writes - operations which may be completed sometime after the original call returns to user space. One longstanding shortcoming of the Linux asynchronous I/O implementation is its lack of vectored operations; each AIO call can only operate on a single buffer. The 2.6.19 kernel will fill in that gap, at the cost of changing the above two prototypes to:
ssize_t (*aio_read) (struct kiocb *iocb, const struct iovec *iov,
unsigned long niov, loff_t pos);
ssize_t (*aio_write) (struct kiocb *iocb, const struct iovec *iov,
unsigned long niov, loff_t pos);
The single buffer has been replaced by an array of iovec structures:
struct iovec
{
void __user *iov_base;
__kernel_size_t iov_len;
};
Single-buffer calls are now wrapped in a single iovec structure and passed to the new, vectorized versions of the AIO operations. All code which provides aio_read() and aio_write() will need to be updated to the new API - and the possibility of being requested to perform vectored operations.
The changes actually go beyond that, however, in that the readv() and writev() file_operations methods have been removed. The associated system calls are now, instead, implemented with calls to aio_read() and aio_write(). Converting older readv() and writev() methods is not particularly difficult, since there is no requirement that aio_read() and aio_write() must be asynchronous (in fact, in this case, they will be passed a "synchronous KIOCB" which indicates that the operation must be performed synchronously). In most cases, it is simply a matter of adopting the new prototype, then looking in iocb->ki_filp for the struct file pointer, should it be needed.
(See this article from last February for more background on this change).
The final wireless extension?
"Wireless extensions" is an ioctl()-based API which allows user space to control parameters specific to wireless network interfaces - ESSID, encryption passwords, channels, etc. This API has long been maintained by Jean Tourrilhes; the last few kernel releases have had version 20 of this API. As of this writing, version 21 has been merged into the pre-2.6.19 mainline, but at least some of it may be on its way back out again.The problem is that version 21 is a real API change, in that sufficiently old tools will no longer operate properly. In particular, the formatting of the ESSID passed into the kernel has changed, so configurations which associated with a given network under version 20 will not do so under version 21. There is a workaround (add a space to the ESSID string), but many users will not know that, and, in any case, will only discover the need after upgrading their kernel and finding that the network is no longer there.
Since this problem came to light, many kernel developers (including Linus) have made it clear that they see this sort of API breakage as unacceptable. So they want the ESSID change backed out. There are, of course, real reasons for that change - the way those strings are handled in the protocols has evolved over time. But the right solution is to add a new ioctl() which can handle the new string format; the older version would continue to be supported indefinitely. Done in this way, the format change would be acceptable.
That seems like a good solution, except for one little hitch. It seems that Jean has foreseen this problem for some time. To help minimize the pain, he has been shipping versions of the wireless tools which understand the version 21 API for about six months. A number of distributors have picked up - and shipped - these new tools; affected distributions include Slackware 11 and Mandriva 2007. If those tools see a wireless extensions version greater than 20, they expect to use the new ESSID string format; if that change is backed out, those tools will break.
So wireless extensions 21 is now guaranteed to break some systems whether the ESSID change is included or not. At this point, the only way to avoid breaking deployed systems is to keep the wireless extensions version at 20 indefinitely. The wireless extensions, it seems, may be extended no more.
If that is how things work out, there will be some short-term pain, since needed enhancements will not find their way into the API. The long-term plan, however, is to replace the wireless extensions anyway; to that end, a new, netlink-based API called nl80211 is under development. That API, however, is tightly tied to the Devicescape 802.11 stack, which has been taking rather longer than expected to reach a state where it can be considered for merging. So the Linux wireless API may be stuck for a little while.
Slides and photos from Kernel Netconf 2006
David Miller has posted slides and photos from the 2006 Linux kernel network developers' conference. If you are interested in hardcore details on where the Linux networking layer is going, there are plenty to be found on that page.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Memory management
Networking
Security-related
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
Collaboration between Debian and Ubuntu
Ubuntu showed up in September 2004, a Debian derivative, that proved to be extremely popular. Ubuntu owes its existence to Debian, but there are philosophical differences and (sometimes) binary incompatibilities between the two.Here's a look at how the two projects are working at improving this relationship. Fabio Tranchitella has written a small script to track the differences between Ubuntu and Debian packages. The Ubuntu wiki has the UbuntuForDebianDevelopers wiki page that looks at the differences between the projects and looks at how Debian developers can address concerns, get patches and minimize the differences between packages.
The most significant effort is the Utnubu project, which was announced over a year ago. This is a Debian Project aimed at improving the relationship between Ubuntu and Debian and, in particular, taking the best of Ubuntu back to Debian. The Utnubu Team has created mailing lists, an SVN repository and other resources to help with this goal.
New Releases
FC6 prerelease available
The Fedora Project has another prerelease of FC6 available fixing some install-blocking bugs from test3.Mandriva Linux 2007 released
It's now official: Mandriva Linux 2007 is available. It has all the new stuff, but also a certain amount of proprietary software (LinDVD, for example),The key innovation of Mandriva Linux 2007 is the spectacular AIGLX and Xgl 3D-accelerated desktop. Mandriva is the only distribution to provide both technologies, making it compatible with the widest range of hardware; a special tool features auto-detection of the best 3D solution for your hardware. Mandriva is particularly happy to have achieved this major breakthrough in desktop appearance."
Correction: As some commenters have pointed out, there is a free version available for download - they just don't make it easy to find. We blew it, and regret the error.
Slackware 11.0 is released
Slackware 11 is out. The announcement (click below) has the details; this release includes leading-edge software like XFce 4.2.3.2, KDE 3.5.4, and a 2.4.33.3 kernel (2.6.17.13 is also available). "Another Slackware exclusive: Slackware's ZipSlack installation option is the fastest, _easiest_ Linux installation ever. ZipSlack provides a basic text-based Linux system as a 70 megabyte ZIP archive. Simply unzip on any FAT or FAT32 partition, edit your boot partition in the LINUX.BAT batch file, and you can be running Linux in less than five minutes."
Trustix Secure Linux 3.0.5 Beta 2
A second beta of Trustix Secure Linux 3.0.5 has been released. "This release fixes some critical issues in the installer and also adds support to new features for easy installation. In addition, most of the packages has been brought up to their latest stable versions." Click below for release highlights and download information.
Announcing Ubuntu 6.10 Beta
The first beta release of the Ubuntu 6.10 distribution (Edgy Eft) is out. According to the release notes: "The Edgy Eft Beta is the first beta release of Ubuntu 6.10, and with this new beta release comes a whole host of excellent new features. Improvements have been made all around such as faster system boot up times, faster GNOME start up times, improvements to the user interface, a shiny new optimized kernel, GNOME 2.16, and much, much more."
The 6.10 Beta release of Kubuntu, the KDE-based version of Ubuntu, has also been released.
Zeroshell Linux 1.0.beta2
ZeroShell Net Services 1.0.beta2 is out. "This Linux distribution, available in the form of live cd or compact flash image for embedded devices, provides the main network services a LAN requires."
Distribution News
BLAG50002 release
A revised release document for BLAG50002 is available (click below). Find out (almost) everything you need to know about the Fedora Core 5 based BLAG50002 including new and updated packages, useful links and download information.Debian announcements
Debian Project Leader Anthony Towns has posted two Bits from the DPL messages. One looks forward to the etch release, next year's DebConf in Edinburgh, and beyond. The other looks around at Debian derivatives.
Andreas Barth has posted an etch release
update. "Many of the long-standing bugs are either about license
issues, some of which we hope to address with a General Resolution; or will
be fixed with the removal of mozilla or the addition of X.org 7.1. This
means that we are doing better now, but it is too early to relax. As long
as we keep up the momentum of recent weeks, a December release is still in
sight!
"
The first call for votes is out on a General Resolution to clarify the scope and applicability of item 2 of the Debian free software guidelines.
Debian events
The BSP Marathon continues with a Bug Squashing Party in Dijon, France and another in Zurich.The first Venezuelan MiniDebConf is scheduled for October 14 - 21, 2006 in the city of Maturin in Venezuela.
Mandriva teams up with TransGaming
TransGaming Inc. and Mandriva have joined forces to provide a "gaming-enhanced" MandrivaLinux 2007. "The combination of Cedega and FlatOut is seamlessly integrated within the MandrivaLinux 2007 installer, giving Linux users access to top tier titles as part of the operating system, while also allowing them to play hundreds more games, right out of the box. In addition to FlatOut, users will be able to play blockbuster titles with Cedega such as Battlefield 2, World of WarCraft, Civilization IV, Need for Speed: Most Wanted, Madden 2006 and more."
OpenSUSE moving away from reiserfs with 10.2
SUSE has used ReiserFS as the default installation file system for some time, but that is about to change. Click below for the reasons why ReiserFS will be replaced with ext3 in openSUSE releases, with a possible switch to OCFS2 for the root file system in the long term.
New Distributions
Indian schools to use homebrew Debian distro (DesktopLinux)
DesktopLinux covers the Debian based IT@School GNU/Linux distribution. "IT@School GNU/Linux is a customized, single-CD distribution that includes the applications typically required by a high school student or teacher, according to the project. Apart from a wide range of typical desktop software, it also contains educational programs such as TuxPaint, Ghemical, Kalzium, DrGeo, and Gcompris, school spokesperson Vimal Joseph told DesktopLinux.com." (Found on GnomeDesktop)
Distribution Newsletters
Gentoo Weekly Newsletter
The Gentoo Weekly Newsletter for September 25, 2006 covers a media refresh for 2006.1, NASA uses Gentoo on robots, using GNU screen, and several other topics.DistroWatch Weekly, Issue 171
The DistroWatch Weekly for October 2, 2006 is out. "The unusually long development of Slackware Linux 11.0 continues with an ever growing changelog and more bug fixes. Will we see the final release this week? As Mandriva prepares to unveil its latest and greatest, some of the company's developers are found questioning the suitability of Linux for the desktop. Also in the news: Fedora quietly releases an unscheduled testing set of CD and DVD images of Fedora Core 6, Debian finds itself in a position of not being able to comply with the Mozilla trademark, and Ubuntu's Mark Shuttleworth talks about Dapper and the future of the project. A quick introduction to Instalinux.com is followed by a statistical titbit from our web logs, before we conclude the issue by awarding the September donation to Inkscape and Cape Linux Users Group."
Package updates
Fedora updates
Updates for Fedora Core 5: guile (bug fixes), perl-Net-DNS (upstream version 0.59), openoffice.org (bug fix), tar (downgrade to solid stable tar-1.15.1, backport patches), gzip (bug fixes), gnome-python2-extras (spec file cleanup), anacron (fix problem with "strange" emails), frysk (new upstream version), tar (bug fix).Thanks to Alain Portal KBackup 0.5 is now included in FC 5.
Mandriva updates
Updates for Mandriva Linux Corporate Server 4.0: fibric (better interaction with curl).rPath updates
Updates for rPath Linux 1: initscripts (fixes live CD issues), chkconfig, ntsysv (fix requirements), httpd, mod_ssl (gracefully restart apache).Trustix updates
Updates for Trustix Secure Linux 2.2 and 3.0: bind (various bug fixes).Ubuntu updates
Updates for Ubuntu 6.06 LTS: amarok_1.4.3-0ubuntu8~dapper1, ktorrent_2.0.2-0ubuntu1~dapper1, konversation_1.0-0ubuntu5~dapper1, libvisual-plugins_0.4.0.dfsg.1-1ubuntu1~dapper1, cpio 2.6-10ubuntu0.1, phpgroupware_0.9.16.011-1~dapper1, acidrip_0.14-0.2ubuntu2~dapper1, gnomebaker_0.6.0-0ubuntu1~dapper1, ktorrent_2.0.2-0ubuntu2~dapper1, altermime_0.3.7-2~dapper1, debootstrap_0.3.3.0ubuntu5~dapper1, acidrip_0.14-0.2ubuntu4~dapper1, sg3-utils_1.21-1ubuntu1~dapper1.
Newsletters and articles of interest
Linux-based LiveKiosk offers low-cost browsing (Linux.com)
Linux.com looks at Linux systems from LiveKiosk. "LiveKiosk produces a thin client Linux distribution and administrative interface, called EZWebPC, with a locked-down browser. Clients boot off the CD-ROM, eliminating the need for a local operating system or hard drive. It loads the browser with a custom configuration that will highlight a single site or allow the user access to the entire Internet, as long as a broadband connection is available. Because the system runs from the network and a CD-ROM, no local operating system or hard drive is required."
Running Internet Explorer in Debian and Ubuntu Linux (Debian Admin)
Debian Admin shows how to run Internet Explorer in Debian and Ubuntu. "IEs4Linux is the simpler way to have Microsoft Internet Explorer running on Linux (or any OS running Wine). No clicks needed. No boring setup processes. No Wine complications. Just one easy script and you'll get three IE versions to test your Sites. And it's free and open source.This may be very helpful for software developers and web developers to test their applications."
Distribution reviews
Going live, part 2: Introducing Musix and Studio To Go (Linux Journal)
Dave Phillips reviews two music-oriented live CDs for the Linux Journal. "I have no reservations about recommending Musix. It's obviously a labor of love, and I look forward to enjoying its evolution. You should try it, you might like it. And while you're trying it, be sure to check out Marcos's 'Zyn-techno' demo for Rosegarden combined with the ZynAddSubFX synthesizer. It's a sweet groove, just like Musix itself."
SUSE Pairs Well With Xen (eWeek)
eWeek takes a look at Novell's SUSE Linux Enterprise Server 10. "During tests, eWeek Labs found that Novell has tightened up the Xen configuration module that's built into SLES' suite of configuration tools, Yast. We installed versions of SUSE in our Xen virtual machines and found that the installations ran smoothly when we prepared for them by first using SLES' installation server feature to create install sources. We did this for the x86-64 and x86 versions of SLES, as well as for an alpha release of OpenSUSE 10.2."
Page editor: Rebecca Sobol
Development
Multi-track recording with Audacity
Audacity is one of the more popular audio editing systems for Linux. It features a straightforward user interface, recording and playback capabilities, and a number of useful editing options. Your author decided to see if Audacity was capable of working as a basic multi-track music recording system.
![[Audacity]](https://static.lwn.net/images/ns/audacity.png)
The hardware used for this experiment consisted of a fairly ancient
700 Mhz Pentium 3 box with 384 MB of RAM and an old IBM 20 GB hard drive.
This machine was purchased second-hand at a yard sale for a mere $10.
The sound card was an older no-frills Creative Labs model CT4810 PCI device.
Audio was generated with an electric guitar feeding into a guitar amplifier. The amplifier's line out was connected to the sound card's line in with a mono to stereo adapter plug.
The software consisted of the Ubuntu 6.06 LTS "Dapper Drake" distribution running the default stable version 1.2.4 of Audacity.
Setting up Audacity for multi-track recording took a bit of tweaking. The sample representation was changed to 16 bit integer mode and the audio i/o setting was changed to 2 channel (Stereo). The "Play other tracks while recording new one" setting was enabled, this is the critical feature that allows "sound-on-sound" recording. Tests using the default 32 bit floating point sample representation, single track recording and software play-through all resulted in serious dropouts and time distortion on the recordings. These problems also occurred with a more full-featured Sound Blaster Live card in the same system.
Once the correct settings were applied, recording was a simple matter of setting the input level below the clipping point using the input monitor VU meters, and pressing the record button. As with most multi-track recording, it was necessary to record, erase and retry most of the tracks. Audacity makes listening to and re-recording tracks easy, the rewind/play/stop/record buttons are identical to those found on a standard tape recorder, and the undo function (Control-Z) is used to remove a badly recorded track.
One minor problem showed up when playing back while recording. During the recording of the second track pair, the sound from the previously recorded first track pair made clicks and had some short sound dropouts. Fortunately, this problem only occurred while recording, the clicks disappeared when all of the tracks were played back simultaneously. This seemed to get worse as more tracks were added and may be symptomatic of insufficient CPU speed.
Once the desired number of tracks (3 stereo pairs) was correctly recorded, it was time to do a mixdown. This is a simple manner of setting the left/right pan setting for each stereo track pair and adjusting the output levels for a good volume balance between track pairs. The default 0 db track volume level produced audible clipping when multiple tracks were summed together, so it was necessary to attenuate all of the tracks by a few db. The final results can be easily exported to wav, ogg or mp3 format stereo files. The results of this (highly amateur) recording effort can be heard in this short ogg file.
This version of Audacity is a bit unpolished for multi-track audio recording work, but with a bit of effort, it can be made to function as well as an analog tape recorder. The output quality is very good, considering the inexpensive audio equipment that was used. Some of the editing effects such as track volume normalization, fade in/out and silencing of arbitrary sections make production of quality recordings much easier than with older analog equipment. Anyone who has ever waited for a reel-to-reel recorder to rewind will truly appreciate the instantaneous transport controls.
The inability to record mono tracks is an obvious deficiency, the recordings are twice as large as they should be, the screen fills up rather quickly and the total unique track count will be reduced for a given power of CPU. Despite this, Audacity can allow a junker computer to be turned into a useful piece of audio gear with a trivial amount of installation effort.
System Applications
Audio Projects
The Rivendell Operations Guide
A new operations guide for the Rivendell radio automation system has been published. "I'm pleased to announce the release of the first full version of the Rivendell Operations Guide. The Guide is written so as to provide a full "tour" of the Rivendell system from the standpoint of an end user."
Networking Tools
OpenSSH 4.4 released
Version 4.4 of OpenSSH has been released. This version features several bug and security fixes and adds a number of new capabilities.
Printing
ESP Ghostscript 8.15.3 released
ESP Ghostscript version 8.15.3 has been released. "ESP Ghostscript 8.15.3 is the third stable release based on GPL Ghostscript 8.15 which fixes CUPS driver, CJKV font support, IJS KRGB support, various compile problems, and several small issues in the command-line utilities."
RasterView 1.2.1 released
Version 1.2.1 of RasterView has been announced. "RasterView is a CUPS raster file viewer for CUPS 1.2 and higher. It basically allows you to look at the raster data produced by any of the standard CUPS RIP filters (cgimagetoraster, cgpdftoraster, imagetoraster, and pstoraster) and is normally used to either test those filters or look at the data that is being sent to your raster printer driver."
Security
Sussen 0.30 released
Version 0.30 of Sussen, a security and configuration vulnerability scanner, is out with an editor rewrite and bug fixes.
Web Site Development
Silva 1.6.b3 first public beta Released
The first public beta of the Silva content management system, version 1.6.b3, is out with new features, bug fixes and more.Tapestry: A Component-Centric Framework (O'ReillyNet)
Hemangini Kappla looks at Tapestry on O'Reilly. "Tapestry is an open source web application framework written in Java. Highly-interactive and content-rich applications can be easily developed using this framework. Tapestry offers advantages including a high-performance coarse-grained pooling strategy, high code-reuse, line-precise error reporting, and lots more. Tapestry applications can be run on any servlet container since the apps are 100 percent container agnostic."
Zope 2.9.5 and 2.10.0 released
Versions 2.9.5 and 2.10.0 of the Zope web development platform have been released. Both versions add support for ZODB 3.6, Five 1.3, and more.Zope 3.2.2 released
Zope version 3.2.2 has been announced. "On behalf of the Zope 3 development team I have just released Zope 3.2.2, a bugfix release for the 3.2.x line."
Zope News
The September 16-30, 2006 edition of Zope News is out with the latest Zope web development platform articles.
Web Services
Introducing WSGI: Python's Secret Web Weapon (O'Reilly)
James Gardner looks at the Web Server Gateway Interface Utilities in Python 2.5. "The recent Python 2.5 release features the addition of the Web Server Gateway Interface Utilities and Reference Implementation package to Python's standard library. In this two-part article, we will look at what the Web Server Gateway Interface is, how to use it to write web applications, and how to use middleware components to quickly add powerful functionality. Before diving into these topics, we will also take a brief look at why the specification was created in the first place."
Desktop Applications
Animation Software
3ds Max NIF Plug-in 0.2.7 Released (SourceForge)
Version 0.2.7 of 3ds Max NIF Plug-in, a Blender animation system plug-in, has been announced. "The 3ds Max NIF Plug-in allows 3ds Max users to open or import NIF files and also to export 3ds Max scenes to new NIF files. It is incomplete and likely will always be. It does support importing and exporting of scene hierarchy, meshes, textures, materials, and skins bound to their skeleton bones, transform animation, limit collision mesh support for Oblivion and more."
Audio Applications
eSpeak 1.16 released
Version 1.16 of eSpeak, a speech synthesizer, is available with bug fixes and other minor changes. See the change log for more information.FreeADSP 0.0.2 released
Version 0.0.2 of FreeADSP is out with build improvements and bug fixes. "FreeADSP is a free, audio-oriented, real-time, cross-platform DSP software heavily relying on external plugins for I/O, UI and effects."
Calendar Software
Sunbird and Lightning 0.3rc1 available
Version 0.3rc1 of the Mozilla Sunbird and Lightning calendar applications are out with a number of new capabilities. Testers are needed.
Desktop Environments
GNOME Software Announcements
The following new GNOME software has been announced this week:- Accessibility Test Suite 2.11.1 and 2.15.1 (new features and bug fixes)
- Agave 0.4.1 (new features, bug fixes and translation work)
- control-center 2.16.1 (bug fixes and translation work)
- Eye of GNOME 2.16.1 (bug fixes and translation work)
- fast-user-switch-applet 2.17.1 (bug fixes and translation work)
- GDM2 2.16.1 (bug fixes and translation work)
- gedit 2.16.1 (new features, bug fixes and translation work)
- Glade 3.0.2 (new features, bug fixes and translation work)
- GLib 2.12.4 (bug fixes and translation work)
- gnome-games 2.16.1 (bug fixes, documentation and translation work)
- GNOME Power Manager 2.16.1 (bug fixes and translation work)
- GNOME Screen Ruler 0.7 (new features, rewrite in Ruby)
- GNOME User Docs 2.16.1 (documentation and translation work)
- GQ LDAP Client 1.2.0 (new features and bug fixes)
- GTK+ 2.10.6 (bug fixes)
- GtkSourceView 1.8.0 (bug fixes and translation work)
- LDTP 0.6.0 (new features and bug fixes)
- metacity 2.16.3 (bug fixes and translation work)
- Netspeed 0.14 (new features, bug fixes and translation work)
- PyGObject 2.12.2 (new features and bug fixes)
- PyGTK 2.10.2 (bug fixes)
- PyGTK 2.10.3 (bug fixes)
- Rhythmbox 0.9.6 (new features, bug fixes and translation work)
- Scratchpad 0.3.0 (new features and bug fixes)
- Yelp 2.16.1 (bug fixes and translation work)
KDE Software Announcements
The following new KDE software has been announced this week:- Boson 0.13 (new features and bug fixes)
- Kphotobymail 0.3.2 (bug fix)
- LDTP 0.6.0 (new features and bug fixes)
KDE Commit-Digest (KDE.News)
The October 1, 2006 edition of the KDE Commit-Digest has been announced. The content summary says: "KPersonaliser, the new installation greetings wizard, has been removed from KDE 4. Solid is imported into kdelibs for KDE 4. Marble, a generic geographical widget with wide-ranging possibilities, is imported into KDE SVN. Work begins on supporting Telepathy in Kopete. Experimental eyecandy in the Kate editor, with a new, non-obtrusive search bar implementation. User interface experiments in Krita. Development of Krossrunner in KOffice, a command-line OpenDocument format manipulator. KArm has been renamed to KTimeTracker, to better represent its functionality. The kde.org website, along with many related sub-sites, has changed over to the Oxygen style. aKademy 2006 draws to a close."
Electronics
layout editor 20060920
Release 20060920 of layout editor, an integrated circuit CAD system, has been announced. "The new version has more than 20 bug fixes and some new functions like a 3D-view."
Games
Cyphesis 0.5.10 released
Version 0.5.10 of Cyphesis has been announced, it features bug fixes and more. "Cyphesis is a small to medium scale server for WorldForge games, with builtin AI. This version includes the demo game Mason which is currently in development."
KoLmafia: v9.3 Release (SourceForge)
Version 0.93 of KoLmafia has been announced, it adds a few new features and lots of bug fixes. "KoLmafia is a cross-platform desktop tool which interfaces with the online adventure game, Kingdom of Loathing. KoLmafia is written in Java (J2SE 1.4 compliant), with binary releases in JAR format."
GUI Packages
Qt 4.2 Released (KDE.News)
Version 4.2 of the Qt GUI system has been announced. "The main features of this release are CSS-like desktop stylesheets, a new graphics view class, Qt/Mac look-and-feel improvements including the ability to host Carbon widgets inside Qt widgets and tighter cross-desktop integration. See the Qt 4.2 intro for a detailed list."
Imaging Applications
Comix 3.6 released (SourceForge)
Version 3.6 of Comix, a customizable image viewer that is aimed at viewing comic books, has been announced. "Version 3.6 introduces a number of changes - such as a colour adjustment dialog with settings for contrast, brightness, saturation and sharpness. There have also been a number of bug fixes."
Instant Messaging
WeeChat version 0.2.1 released
Version 0.2.1 of WeeChat, a fast and light IRC client, is out with several new features and bug fixes. See the change log for details.
Interoperability
Wine 0.9.22 released
Version 0.9.22 of Wine has been announced. Changes include: The usual assortment of MSI improvements, Several bug fixes to the various common controls, Pixel shaders enabled by default in D3D, Various improvements to the build process, Many translation updates and Lots of bug fixes.
Multimedia
OpenLibraries 0.3.0 is out
Version 0.3.0 of OpenLibraries, a set of cross-platform set of C++ libraries for use in rich media applications, has been released by the Jahshaka Project. "The alpha version includes working implementations of the libraries object, media and image modules. Additionally, the libraries plugin module features a stable architecture for feature abstraction and development. Other key features include support for high-dynamic range images and 3D. The media module includes support for media and image sequence playback, with and without cache."
Music Applications
midi 0.2.1 announced
Version 0.2.1 of midi, a Pythonic MIDI API with hardware sequencer support, has been announced. "This release provides object oriented programmatic manipulation of MIDI streams. Using this framework, you can read MIDI files from disk, build new MIDI streams, process, or filter preexisting streams, and write your changes back to disk. If you install this package on a Linux platform with alsalib, you can take advantage of the ALSA kernel sequencer, which provides low latency scheduling of MIDI events."
MMA 1.0-RC1 Released
Version 1.0-RC1 of MMA, the Musical MIDI Accompaniment, is out. New features include inversion notation for chord generation, new MidiInc options and usability improvements.San Dysth V0.1.0, Snd-ls V0.9.7.1, E-Radium V0.61f
New versions of the audio applications San Dysth, Snd-ls and E-Radium are out. "San Dysth is a standalone realtime soft-synth written in SND. It was first developed as final project for the 220c course at CCRMA."
"Snd-ls is a distribution of Bill Schottstaedt's sound editor SND.
"
"E-radium is Radium and a special version of E-UAE (with support for
realtime scheduling and alsa midi). Radium is a unique type of music
event editor made to be efficient and provide many possibilities.
"
Office Applications
Kommander Releases, Plugs in and Updates Site (KDE.News)
KDE.News covers the release of Kommander version 1.3.0. "The Kommander team is proud to announce a new development release which has some bug fixes but most importantly a new text editor. Along with this we are releasing two new plugins for databases and HTTP forms. We have also updated our site with an article and tutorial section starting out with an Introduction to Kommander. We also have a development news section. More is in the works to be released in the coming week."
Office Suites
KOffice 1.6 RC 1 Released (KDE.News)
KDE.News covers the release of KOffice 1.6 release candidate 1. "This version does not contain any new features, but comprises of a number of bug fixes that were the result of user comments made about the beta 1 version. The team hopes to continue its great dialogue with the users, and is looking forward to the final release on October 15th."
Science
METRo: Model of the Environment and Temperature of Roads
Environment Canada has produced a road weather forecast application called METRo. "METRo is a program used on a operational basis since 1999 that together with the input of an atmospheric forecast, road composition and observations from a road weather station (RWIS), produces a local road forecast (temperature and road condition) for a 48-hour period, this in less than 2 seconds of computation time on a simple desktop computer. All the input and output of METRo are in XML format. Installation of the METRo program is relatively simple on a GNU/Linux system in less than a day."
Web Browsers
Mozilla Firefox 2 Release Candidate 1 Available for Testing (MozillaZine)
Mozilla Firefox 2 Release Candidate 1 has been announced. "This preview of the next version of Firefox browser is aimed at Web Application Developers, testers and early adopters. For more information, refer to the Release Notes."
Mozilla Links Digest for September 2006
The September, 2006 edition of the Mozilla Links Digest is online with a new collection of Mozilla articles.
Miscellaneous
Tabbed file manager for GNOME - PCManFM 0.3.2 (GnomeDesktop)
GnomeDesktop.org introduces PCManFM 0.3.2. "Nautilus is currently one of the greatest file manager on GNOME which is absolutely powerful. However, for people who have relatively limited system resource, or those who want to keep their desktop simpler and cleaner, is there any lightweight replacement? Besides, too many opened folders often make our desktop crowded, is there any possibility to get tabbed browsing interface in GNOME file managers? The anwser to these questions is yes."
QLoud v.0.19 - plotting much faster
Version 0.19 of QLoud is out with a bug fix and performance improvements. "QLoud is a tool to measure loudspeaker frequency and step responses and distortions."
Languages and Tools
Caml
Caml Weekly News
The October 3, 2006 edition of the Caml Weekly News is out with new Caml language articles.
Haskell
Haskell Weekly News
The September 27, 2006 edition of the Haskell Weekly News is online. This week we see a new Hugs release, and the results of the ICFP contest are out! We feature a special report on the Commercial Users of Functional Programming workshop, courtesy of John Hughes.Haskell Weekly News
The October 3, 2006 edition of the Haskell Weekly News is online. This week we see the proceedings of the first Haskell Workshop now freely available, and work has begun on a unified library for generics in Haskell.
Java
How do you test? (O'Reilly)
Dejan Bosanac discusses code testing issues on O'Reilly's OnJava site. "For starters, in Untested code is the dark matter of software post Cedric Beust questions common agile-development statements that untested code is broken. He points that missing-deadline or shipping the product that doesnt implement everything that was asked of you is much worse then shipping product that is not 90% covered with test cases."
Lisp
SBCL 0.9.17 released
Version 0.9.17 of SBCL (Steel Bank Common Lisp) is available. "This version adds an interpreter-based expression evaluator, supports weak hash tables, includes other changes related to FFI and debugging, and fixes a few bugs."
Perl
CPAN Module Review: Test::Perl::Critic (O'Reilly)
Chromatic discusses Perl's Test::Perl::Critic module on O'Reilly. "If you really want to make something a habit, find a way to do it without thinking about it. I like to automate the things I value so I never do them incorrectly, incompletely, or infrequently. Thus Test::Perl::Critic allows you to add customizable Perl::Critic tests to your test suites, so you can ensure that youve followed local style. Ive been part of the Perl QA group for around five years. In that time, weve built dozens of wonderful test modules around a common backend library and a common protocol, evangelized testing and quality to the Perl 5 and Perl 6 developers, spread the expectation and understanding of good testing to CPAN contributors and more, and even built automated systems to check various quality measures of public code."
Perl 6 mailing list summary
The September 24-30, 2006 edition of the Perl 6 mailing list summary is out with coverage of discussions on the Perl 6 mailing list.
Python
Urwid 0.9.7 - Console UI Library for Python
Version 0.9.7 of Urwid, the Console UI Library for Python, is out. "This release adds a new BigText widget for banners and text that needs to stand out on the screen. A new example program demonstrating BigText usage and a number of fonts are included. This widget is a fixed widget, a new alternative to flow widgets and a box widgets. Fixed widgets may be displayed within Overlay or Padding widgets to handle changing screen sizes."
Urwid 0.9.7.1 released
Version 0.9.7.1 of Urwid, the Console UI Library for Python, is out. "This release fixes bugs introduced in the Padding and Overlay classes in the previous release. These bugs prevent the graph.py example program from running."
Dr. Dobb's Python-URL!
The October 4, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.
Tcl/Tk
Dr. Dobb's Tcl-URL!
The October 3, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.
IDEs
Anjuta bounties (GnomeDesktop)
Some cash bounties are being offered for developers who find and fix bugs in the Anjuta development studio. "We are starting to offer bounties for some of our Anjuta tasks. This has been done to encourage people to contribute to Anjuta development and to speed up some of our priorities. Now, in addition to enjoying helping Anjuta get better, you also get the chance to earn some incentives for your valued contributions."
Test Suites
LDTP 0.6.0 released
Version 0.6.0 of LDTP, the Linux Desktop Testing Project, has been announced. "This release features number of important breakthroughs in LDTP as well as in the field of Test Automation. This release note covers a brief introduction on LDTP followed by the list of new features and major bug fixes which makes this new version of LDTP the best of the breed."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Putting Open Source Development Under the Scope (TechNewsWorld)
TechNewsWorld covers a University of California, Davis study on how the open source process works. "How are open source software projects able to set their speed and quality on the best participants? That's simple: 'No meetings,' [PostgreSQL developer Josh] Berkus said."
Mark Shuttleworth interview (Linux Format)
Linux Format interviews Mark Shuttleworth. "We will definitely see a multimedia version of Ubuntu kick in, and we'll probably see an embedded version. At that point we'll pretty much span the gamut from the server, through the very lightweight client through Xubuntu, and to the embedded client, with Ubuntu and Kubuntu in the middle. Beyond that, I think we'll start to see more fragmentation around vertical markets. Edubuntu is a leading indicator of that -- an aggregation of stuff from both Ubuntu and Kubuntu, but optimised for education."
Replacing init with Upstart (Linux.com)
Linux.com has an article about upstart written by one of its developers. "We wanted an init daemon that allowed the selection and order of scripts to be determined not just by information in the scripts themselves, but by events coming from outside the init system, in particular udev. In fact, what we wanted was an init sequence driven entirely by these events and those of its own making."
Trade Shows and Conferences
Akademy Hackathon Starts (KDE.News)
KDE.News covers the Akademy 2006 KDE contributors conference. "The inspirational Aaron Seigo started the conference off in a confrontational manner by looking the KDE project community in the eye and asking "who are we?". Punctuated by some awful music and a rapid-fire slide-show of contributors, Aaron outlined what he thought is the most important aspect of the KDE community: Building communities around Free Software and bringing Free Software into communities."
Developers Gather for ODF Day (Yahoo Business)
Yahoo Business reports on ODF Day at Akademy. "The Open Source Development Labs (OSDL) Desktop Linux (DTL) group, NLnet, and the KDE open source development community recently hosted an ODF Day at aKademy 2006. This year the leading open source developers from the KDE community were joined by senior technical staff member representatives from Intel and IBM for a day of seminars and technical talks on the many facets of software development opportunities enabled by the new ISO/IEC 263000 (OpenDocument Format) international standard." (Found on KDE.News)
KDE Regional Groups at Akademy (KDE.News)
KDE.News covers the Akademy the KDE regional groups session. "Last Wednesday the KDE regional groups Birds of a Feather session took place at aKademy 2006, Dublin. The focus of this BoF session was to share experiences that regional KDE-groups have had in building a community. A regional group is generally country based, e.g. KDE-IT for Italy and KDE-NL for Netherlands."
Hackers claim zero-day flaw in Firefox (ZDNet)
ZDNet reports from ToorCon, where a pair of presenters disclosed a remotely exploitable JavaScript vulnerability in Firefox. "The JavaScript issue appears to be a real vulnerability, Window Snyder, Mozilla's security chief, said after watching a video of the presentation Saturday night. 'What they are describing might be a variation on an old attack,' she said. 'We're going to do some investigating.'" The presenters claim to know about another 30 undisclosed Firefox vulnerabilities.
Update: it seems that the presenters' claims may have been a little overblown, if not entirely fraudulent.
Companies
OpenSparc Project Taps Advisory Board, Sees Linux Momentum (IT Jungle)
IT Jungle reports that Sun has set up an advisory board for the OpenSparc project. "First up, Sun has created an independent OpenSparc advisory board, which includes two representatives from Sun as well as three other industry luminaries. "Just like any well-behaved open source project, we want to establish an independent advisory board," explains Fadi Azhari, director of marketing and business development for OpenSPARC. This board will steer the OpenSparc project and, after a 12-month period, it will create a permanent governance board for the project. The initial board members include Simon Phipps, chief open source officer at Sun, and David Weaver, a senior systems engineer on the Sparc T1 development efforts inside Sun."
Weinstein: automatic hobbling mechanisms in Vista
Lauren Weinstein has sent a message to his Privacy Forum on the anti-piracy mechanisms which, it seems, will be built into Microsoft Vista. Free software looks more appealing all the time. "In particular, Vista will include technologies that can be used by MS to drastically reduce the functionality of systems that they believe to be pirated. This restricted environment will give users a choice between running Windows in its very limited 'Safe Mode' (apparently with networking disabled), or alternatively running a Web browser that will exit automatically after each hour or so of usage."
Business
SMB Linux Use on the Rise (eWeek)
eWeek's looks at the increasing use of Linux by small and midsize businesses. "A growing number of the estimated 5.8 million small and midsize businesses in the United States are buying Linux solutions, mostly from solution providers, according to research from AMI-Partners. Linux, according to AMI, of New York, is benefiting from a growing acceptance of open-source products overall. "While Linux is becoming more mainstream, our research shows that SMBs are more interested in open-source solutions than Linux per se," said Abhijeet Rane, AMI's senior vice president. "The SMBs buying Linux solutions are mostly buying apps that operate in the background of a business.""
Interviews
Interview with Tim Bray (Linux Journal)
James Gray talks with Tim Bray on a variety of topics. "No history book on the Internet would be complete without a chapter on Tim Bray. Not only was Tim a co-editor of the XML 1.0 specification, but he also created the first parser software for XML documents and has been co-driving the development of Atom. Today, fulfilling a dual role as tireless Netizen-evangelist and Director of Web Technologies for Sun Microsystems, Tim continues to build on his early work by advocating for a more elegant, platform-independent and user-friendly Internet. Linux Journal recently checked in with Tim Bray to get an update on where he is channeling his creative energies these days."
Interview with Milosz Derezynski (LinuxInterviews.com)
LinuxInterviews.com talks to Milosz Derezynski, lead developer of the BMPx media player. "BMPx is a media player rewritten from the ground up on the foundation of BeepMediaPlayer. Originally started as a "behind doors" project, BMPx aims high and will get there very soon. Version 0.30.x was launched just days ago in a totally new form that drops the old Winamp-style look, bringing a more iTunes-like interface that will soon support SVG themes."
Philip Rodrigues (People Behind KDE)
The People Behind KDE have interviewed Philip Rodrigues. "In what ways do you make a contribution to KDE? Any way I can :-). If you want something 'official', I'm a documentation writer and I do some co-ordination work for the docs team too. But I also do user support on IRC and mailing lists and some bug triage. I even have one or two code patches in KDE (though admittedly, they're one-liners). (Found on KDE.News)A New JRuby Interview and More (Linux Journal)
Pat Eyler talks with JRuby developers, Charles Nutter, Thomas Enebo, and Ola Bini. "Okay Charles, since you brought up refactoring tools -- you and Thomas, are supposed to be looking at programmers tools (which most people read as NetBeans). What do you think has been holding back refactoring tools for Ruby? More importantly, what can/will you be doing about it? (Ola, I'd love to hear your thoughts on this too.)"JRuby Interview (Part 2) (On Ruby)
Here's part 2 of an interview with the developers of JRuby. "Charles, you've mentioned 'Rubifying' some existing Jave tools and libraries. Can you give us some examples? Charles: A large part of our focus has been trying to fit Ruby into a Java-centric world. There are countless libraries and frameworks out there in Java-land...libraries that would be very useful for Ruby applications like Rails. However the effort required to hand-wrap those libraries in a Ruby lib is sometimes prohibitive; the set of interfaces provided in the Java code can be extensive and not particularly "Rubyish". We seek to make accessing those libraries simpler."
Resources
Keep your Web site online with a High Availability Linux Apache cluster (Linux.com)
Linux.com looks at heartbeat and high availability Linux clusters. "Failover clusters are used to ensure high availability of system services and applications even through crashes, hardware failures, and environmental mishaps. In this article, I'll show you how to implement a rock-solid two-node high availability Apache cluster with the heartbeat application from The High-Availability Linux Project. I tested the cluster on Fedora Core 5, CentOS 4.3, and Ubuntu 6.06.1 LTS server distributions."
Managing a Honeypot (O'ReillyNet)
O'ReillyNet covers the use of honeypots. "It's no secret that many intruders choose their victims by scanning large chunks of addresses and searching for services vulnerable to existing tools and exploits. This can be an effective approach, although there are still some problems for intruders. People employed in IT security must trace bug trackers and the appearance of new exploits. Even open source code cannot guarantee that the good guys will find vulnerabilities before the bad guys do."
MySQL Backup And Recovery With mysql-zrm On Debian Sarge (HowtoForge)
Falko Timme shows how to backup a MySQL database with mysql-zrm. "This guide describes how to back up and recover your MySQL databases with mysql-zrm on a Debian Sarge system. mysql-zrm is short for Zmanda Recovery Manager for MySQL, it is a new tool that lets you create full logical or raw backups of your databases (regardless of your storage engine and MySQL configuration), generate reports about the backups, verify the integrity of the backups, and recover your databases. It can also send email notifcations about the backup status, and you can implement multiple backup policies (based on your applications and based on time (e.g. daily, weekly, etc.))."
LDAP Series Part II - Netscape Directory Server (Linux Journal)
Tom Adelstein takes a look at the Fedora Directory Server. "If you wander on over to the Fedora Directory Server (FDS) site you can take a look at an enhanced version of the Netscape Directory Server. This isn't your older brother's directory server. Aside from open sourcing the Netscape server, you'll find an abundance of documentation to help you learn and operate a stellar product."
Linux Gazette #131
The October issue of Linux Gazette is out. In addition to the usual features you'll find the following articles: Apache2, WebDAV, SSL and MySQL: Life In The Fast Lane, Sharp does it once again: the SL-C3200, Ogg, WAV, and MP3, On Qmail, Forged Mail, and SPF Records, Songs in the Key of Tux: KGuitar and SVN Hackery: Versioning Your Linux Configuration.
Reviews
Attack of the Pod Penguins 3: Sampling, quality, and bitrates (LinuxWorld)
LinuxWorld looks at Audacity. "Last month, we described the open source audio editing application Audacity as the 16-ounce framing hammer of podcast creation and editing. This month, we'll take a deeper look into Audacity, familiarizing you a bit more with the interface and some of the more esoteric but useful features of the application."
Tiny Linux browser project seeks sponsors (LinuxDevices)
LinuxDevices covers the Dillo project. "A project to create an ultra-lightweight web browser for use in embedded devices and other resource-constrained hardware has issued a plea for financial help. The Dillo Project says it needs to find a corporate sponsor in order to add anti-aliased text, CSS, Javascript, and internationalization/localization support." (Thanks to Alan Carvalho de Assis)
Kamaelia 0.5.0 Released! (Ryan's Development Blog)
Ryan looks at some new code in Kamaelia 0.5.0. "Kamaelia is an intuitive way to structure applications -- as a network of components which message each other. Much like Unix pipes implemented in Python. It was originally designed by BBC Research for rapid development of server software."
Can open source messaging servers replace Microsoft Exchange? (Linux.com)
Linux.com has reviewed three open source messaging servers. "This week on Linux.com we reviewed Scalix, Open-Xchange, and Zimbra, three of the highest-profile open source alternatives to Microsoft Exchange. All of them have their defects, and all three offer commercial versions that make installation and maintenance easier than it is for their open source versions. We've also talked to marketing people from all three companies, and while they all talk about growing sales and a rosy future, it's obvious from the reader comments attached to the reviews of their products that none of them is an immediate threat to Microsoft's domination of the corporate messaging server market. But on the other hand, each one of these products has at least one or two features that Microsoft Exchange lacks."
Google's Tesseract OCR engine is a quantum leap forward (Linux.com)
Nathan Willis looks at the Tesseract Optical Character Recognition (OCR) engine on Linux.com. "The Tesseract code was written at Hewlett-Packard in the 1980s and '90s. In 1995, it was one of the top-tier performers at UNLV's OCR competition, but when HP withdrew from the OCR software marketplace, the code languished. Then in 2005, HP handed off the code to UNLV's Information Science Research Institute (ISRI), an academic center doing ongoing research into OCR and related topics. ISRI discovered that original Tesseract developer Ray Smith was now an employee at Google, and asked the search engine giant if it was interested in the code. Google spent a few months updating the code to compile on modern operating systems, and released it on SourceForge.net."
Miscellaneous
Google's Summer of Code wraps for 2006 (LinuxWorld)
LinuxWorld looks at the software from this year's Summer of Code. "The 2006 season of the Google's $3 million open source student development program is drawing to a close, with some of the resulting software already released as part of widely used open source projects. A total of 630 student developers from 90 countries took on software projects for 102 different open source projects as part of Google's "Summer of Code", said Leslie Hawthorn, the project coordinator."
Debian's in fine health? (Linux-Watch)
Linux-Watch ponders the fate of the Debian distribution. "After my recent story asking the question, "Is Debian Dying?" I received several email messages. By far the best of them was by C. J. Fearnley, CEO of LinuxForce Inc., a Linux service provider, and a long-time Debian developer. Here's what Fearnley had to say in defense of Debian: You are correct that Debian infighting is not an isolated incident, but your interpretation that Debian may be dying is way off the mark. From my perspective as a practitioner, philosopher, design science revolutionary, a Debian user and a Debian volunteer for over 10 years, my interpretation of the "infighting" is that it reveals, to the careful observer, Debian's strengths and not its weakness!"
Mambo and Joomla: One year on (NewsForge)
NewsForge looks at Mambo and Joomla. "In August 2005 Mambo, one of open source's poster child content management systems (CMS), was involved in a bitter duel with its core developers, who forked the project to give birth to Joomla. Could the developers survive without the management? Could Mambo do without its developers? Surprisingly, both projects today are doing pretty well. Here's a look at the projects' history, developer relations, community-building, and future prospects."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
EFF: Who Killed TiVoToGo?
The Electronic Frontier Foundation looks at the reasons behind the removal of a TiVo feature. "Digital Video Recorders (DVRs) have changed the way millions of people watch television. But the new TiVo Series 3 for HD lacks a feature that past versions have had -- TiVoToGo, which allows users to move recorded shows to a computer or other device. In a report released today, "Who Killed TiVoToGo?", EFF gets to the bottom of this digital murder mystery. The plot includes Hollywood, the Federal Communications Commission (FCC), and digital rights management (DRM) -- and it's an ominous tale for television fans looking forward to the widespread adoption of high-definition (HD) television."
Free Software Foundation fights DRM
The Free Software Foundation has declared October 3, 2006 a "Day Against DRM" with demonstrations in New York and London. Also today, the Free Software Foundation Europe launched DRM.info. "DRM.info is based on the idea that people should be informed and involved in decisions that will affect them on a very personal level. "DRM technologies are based on the principle that a third party has more influence over your devices than you, and that their interests will override yours when they come in conflict. That is even true where your interest is perfectly legitimate and legal, and possibly also for your own data," explains Georg Greve, FSFE's president."
OpenDomain Donates Use of Web Addresses to Encourage Online Collaboration
OpenDomain.Org has announced an effort to purchase domain names for open-source projects. "A Pennsylvania entrepreneur who owns registered Internet Web site domain names is allowing individuals and organizations to use many of them for free to encourage people who develop Internet applications to share information and contribute computer codes online. Unlike others who purchase domain names and later fight with companies over much-needed Web site addresses, OpenDomain.Org gives away the use of these valuable assets to those who use open sourcing - the practice of releasing previously proprietary software for free under license - to help advance Internet technologies around the world."
Commercial announcements
Public beta of CrossOver for Mac and Linux
New public beta versions of CrossOver Mac and CrossOver Linux, applications that allow the running of Windows binaries on other operating systems, are out. "For Linux users, the big highlights are support for World of Warcraft and many Steam based games (including Half Life 2 and Counterstrike), as well as support for Outlook 2003. Version 6 also represents a major improvement in the core of Wine since version 5 of CrossOver, so you may be pleasantly surprised as you try running unsupported applications."
Funambol announces Mobile Open Source Software v3
Funambol has announced the release of Funambol v3. "Funambol, the mobile open source software company, today announced the general availability release of Funambol v3. The announcement extends the company's reach to the mass market and puts open source on a collision course with proprietary mobile email vendors in what some consider the next technology battlefield. Funambol v3 provides mobile carriers with an open, cost-effective solution that can provide address book and calendar synchronization, and push email, for hundreds of millions of consumers with commodity cell phones."
WildPackets' new Linux network analysis appliance
WildPackets has announced Omnipliance, a commercial network analysis appliance for Linux. "The WildPackets Omnipliance is a turn-key hardware and software solution that gives network engineers unprecedented, real-time visibility into remote network segments. Each Omnipliance is a 3U rack-mountable appliance that runs a WildPackets' OmniEngine and sends real-time analytics and monitoring results to a central OmniPeek console."
New Books
Prentice Hall publishes An Introduction to Design Patterns in C++ with Qt
Prentice Hall has published An Introduction to Design Patterns in C++ with Qt by Alan Ezust and Paul Ezust.
Contests and Awards
Nominations open for Free Software Award for Projects of Social Benefit
The Free Software Foundation has requested nominations for the 2006 Free Software Award for Projects of Social Benefit. "This award is presented to the project or team responsible for applying free software, or the ideas of the free software movement, in a project that intentionally and significantly benefits society in other aspects of life. We look to recognize projects or teams that encourage collaboration to accomplish social tasks. A long-term commitment to one's project (or the potential for a long-term commitment) is crucial to this end."
GnuPG Logo Contest
A logo contest is being held for Gnu Privacy Guard (GnuPG). "We appreciate Thomas Löffelholz's Gnus-guarding-the-door logo which has served us for a long time. However, GnuPG has moved forward and is not anymore a plain OpenPGP application but features other protocols as well (S/MIME and partly Secure Shell). Further, the current logo is too detailed to be used as an icon or to be printed on a t-shirt. Thus we want to have a new modern logo."
Roktoberfest: The Amarok Project Fundraiser (KDE.News)
KDE.News has an announcement for the next Amarok Project Roktober fundraiser. "The Amarok Project is giving away an iPod Nano during its current fundraiser to celebrate the month of Roktober. Anyone that gives the equivalent of $10 or more is automatically entered in a random drawing to win a 2GB iPod Nano. Amazingly, a year has passed since the last fundraiser. Having the ability to spend some money on project resources and hardware made a big difference to the project's productivity."
Education and Certification
LPI Offers Discounted Certification Exams at LinuxWorld, Utrecht
The Linux Professional Institute will offer discounted Linux certification exams at the LinuxWorld Expo in Utrecht, the Netherlands on October 11 and 12, 2006.
Calls for Presentations
FAVE 2006 call for participants
A call for participants has gone out for FAVE 2006. "FAVE is an event for people who are interested in free and open source creative software on Linux and other computer platforms. The 2006 event is taking place at Limehouse Town Hall in London, England on Saturday the 25th of November."
FOSS.in CFP ends October 8
FOSS.in is a serious, development-oriented conference held in Bangalore, India; it will be held November 24 to 26 this year. The call for participation deadline is soon: Sunday, October 8. FOSS.in is a fun conference with intensely interested attendees; they also treat their speakers very well. If you are looking for an event to present at, this one is highly recommended.Foundations of Open Media Software - CFP
A call for participation has gone out for the first Foundations of Open Media Software meeting. The event will be held in Sydney, Australia on January 12-13, 2007, submissions are due by October 31.GNOME.conf.au Call for Submissions
A call for submissions has gone out for GNOME.conf.au, which will take place during Linux.conf.au in January, 2007. "Past topics presented at G.c.a haved included getting involved, 101 things you didn't Gnow about GNOME, freezing GTK+ processes, the design behind GNOME-Games, Opensolaris and more. This year we're hoping for an even bigger and better event."
USENIX Security Symposium CFP
The 16th USENIX Security Symposium "Security '07" is scheduled for August 6 - 10, 2007 in Boston, MA. The call for papers is open until February 1, 2007.
Upcoming Events
Events: October 12, 2006 to December 11, 2006
The following event listing is taken from the LWN.net Calendar.
| Date(s) | Event | Location |
|---|---|---|
| October 9 October 13 |
ApacheCon US | Austin, TX |
| October 9 October 13 |
13th Annual Tcl/Tk Conference | Naperville, IL |
| October 11 October 12 |
Eclipse Summit Europe | Esslingen, Germany |
| October 11 October 12 |
Linux World Conference and Expo | Utrecht, The Netherlands |
| October 12 October 15 |
Eighth Real-Time Linux Workshop | Lanzhou, Gansu, China |
| October 18 October 19 |
International Conference on IT-Incident Management and IT-Forensics | Stuttgart, Germany |
| October 18 October 22 |
Pike Conference 2006 | Riga, Latvia |
| October 19 October 21 |
HackLu 2006 | Kirchberg, Luxembourg |
| October 19 October 20 |
DC PHP Conference | Washington, D.C. |
| October 20 October 22 |
aLANtejo 06 | Évora, Portugal |
| October 20 October 22 |
RubyConf 2006 | Denver, Colorado |
| October 22 October 27 |
Colorado Software Summit | Keystone, CO, USA |
| October 23 October 24 |
Mono User and Developers Meeting | Cambridge, MA, USA |
| October 23 October 26 |
Enterprise Architecture Practitioners Conf | Lisbon, Portugal |
| October 25 October 26 |
LinuxWorld UK 2006 | London, UK |
| October 25 October 27 |
Plone Conference 2006 | Seattle, WA |
| October 26 October 27 |
IT Underground | Warsaw, Poland |
| October 26 October 27 |
Free Software and Open Source Symposium | Toronto, Canada |
| October 28 | LinuxDay 2006 | Many of them, Italy |
| October 31 November 2 |
Zend/PHP Conference and Expo | San Jose, CA |
| November 1 | Ingres Users Association Conference | London, England |
| November 4 November 8 |
I Jornadas técnicas KDE de | Zaragoza, Spain |
| November 4 November 11 |
Open Source in Performance and Exhibition | London, England |
| November 5 November 8 |
International PHP Conference | Frankfurt, Germany |
| November 5 November 10 |
Ubuntu Developer Summit - Mountain View | Mountain View, CA, USA |
| November 6 November 10 |
Colorado Python seminar | Estes Park, CO, USA |
| November 7 November 9 |
2006 Web 2.0 Conference | San Francisco, CA |
| November 9 November 10 |
Forum PHP 2006 | Paris, France |
| November 10 November 12 |
Chicago Perl Hackathon 2006 | Chicago, IL, USA |
| November 11 November 17 |
Supercomputing 2006 | Tampa, FL, USA |
| November 11 | FSFE Fellows Meeting | Bolzano, Italy |
| November 12 November 14 |
Firebird Conference 2006 | Prague, Czech Republic |
| November 14 November 16 |
LinuxWorld Cologne | Cologne, Germany |
| November 16 November 17 |
III Latin American Free Software Conference | Iguassu Falls, Brazil |
| November 16 November 17 |
Conference on Software Patents | Boston, MA, USA |
| November 18 | Richard Stallman speaks in Seoul | Seoul, South Korea |
| November 21 November 24 |
15th International Conference on Computing | Mexico City, Mexico |
| November 24 November 26 |
FOSS.IN 2006 | Bangalore, India |
| November 25 | FAVE 2006 - free software multimedia event in London | London, UK |
| November 27 November 30 |
PacSec Applied Security Conference 2006 | Tokyo, Japan |
| December 1 December 2 |
PHP Conference Brasil | Sao Paolo, Brazil |
| December 2 December 3 |
Technical Dutch Open Source Event | Eindhoven, the Netherlands |
| December 3 December 8 |
Large Installation System Administration Conference | Washington, D.C. |
| December 5 December 8 |
Open Source Developers' Conference 2006 | Melbourne, Australia |
| December 7 December 8 |
Desktop Architects Meeting | Portland, OR, USA |
| December 9 | London Perl Workshop | London, England |
If your event does not appear here, please tell us about it.
Event Reports
A report from an "IPR protection" seminar in Helsinki
Here's a one-week-old report from Georg Greve on the "IPR Protection of Software: Copyright, Patent and/or Open Source?" seminar recently held in Helsinki. "My personal favorite was probably the presentation of Dietmar Tallroth of Nokia. He had just come back from a face to face meeting in the GPLv3 process to discuss in particular the clauses on Digital Restrictions Management (DRM), that have recently made the headlines when some Linux kernel developers took public position against it. According to Mr Tallroth, the potential issues with DRM were clarified sufficiently for Nokia. He expressed understanding and acceptance of the position taken by FSF, and provided that the result of the recent discussions is present in the next draft, there are only a few more points to clarify in the software patent language, for which he was generally optimistic." (Thanks to Timo Jyrinki).
Report: The Large Software Systems Management and EDOS Workshop
Roberto di Cosmo has written up a summary of the Large Software Systems Management and EDOS Workshop, held in Nancy, France last July. "In Nancy, our goal was to put together experts from different distributions to confront experiences, ideas, tools, and solutions about the difficult task of maintaining a Linux distribution, and also to ask their informed opinions on some tools and ideas that are currently being developed in the EDOS project."
Web sites
CELF to set up Embedded Linux Wiki
CELF has announced plans to start a new Embedded Linux Wiki. "The CE Linux forum is working on setting up a vendor-neutral, community-oriented wiki to host information related to the use of Linux in embedded products. CELF will provide hosting and a dedicated editor for the site, and a task force is forming to help design and steer the site. The task force and the site will be open to the public."
CELF has also sent out a CE Linux Forum initiatives update that lists other new activities.
Audio and Video programs
Wizards of OS 4 streams available
The organizers of Wizards of OS 4 have now put up audio and video streams from the sessions that were held there. There is a lot of interesting discussion there - and it's all available in Ogg format.
Page editor: Forrest Cook