LWN.net Weekly Edition for November 16, 2006
Resisting the binary blob
Last week, LWN pointed at a software review claiming that Fedora Core 6 was so bad that the whole distribution should simply be shut down. The failing which led to such a dire prescription was a lack of proprietary software. According to the reviewer:
This reviewer is not the only one to express this point of view; there would appear to be a rising chorus out there calling on Linux distributors to load up their systems with proprietary code. Some distributors have heeded this call, as witnessed by (for example) Ubuntu's decision to include more binary drivers by default in its next release.
It's not too hard to see where this pressure is coming from. A prospective user with a problematic laptop will be happier with a distribution which "just works." Most of the people who truly care about free software are likely to be using a free system already, so it is easy to imagine that the next wave of users will be less concerned - at the outset - about software freedom. So they will gravitate toward a system which does what they want to do (running on closed hardware, playing patent-encumbered media, etc.) without concerning themselves much about the provenance of the software they are using.
The fact that many of these users worry little about software freedom now does not mean that they will never care, however. Very few of us were born knowing that free software is a better solution, that using free software is an important part of being free in general. Just like most of us have learned, over time, that saving some of the money we earn, while perhaps being inconvenient in the short term, brings long-term benefits, we have also learned that using free software - and helping to improve that software - is better in the long term. Certainly some subset of the new users coming to Linux will come to understand this fact as well.
But it will not matter how well these users understand the fine points of software freedom if, by the time they have figured it out, there are no free operating systems for them to run. If we want free systems then, we have to build and use free systems now. There can be a place for a binary blob which enables a specific bit of hardware to work; your editor would argue that running such a blob is not an inherently immoral act. But it is not necessarily a wise act, and a distribution which quietly installs such blobs on an unsuspecting user's system in the name of "it just works" is not necessarily doing that user any favors.
As a thought experiment, consider how things might have gone if the Linux community had accepted the "just works (most of the time)" non-free Java implementation that Sun made available. Linux distributors, rather than put large amounts of work into making Java code work with free alternatives, could have simply shipped Sun's version. Had they done so, would we have (the promise of) a GPL-licensed Java from Sun now? If we simply accept proprietary drivers in the name of "it just works," when, exactly, do we think free drivers will become available?
So criticism of Fedora - or any other distributor which sticks to free software principles - is, at best, misplaced. There are proprietary systems out there for people who want to run them, but Linux is about free software. It makes no sense to try to push proprietary code onto a distribution which has set a goal of being 100% free, and it is silly to criticize such a distribution for containing only free software. We should, instead, be appreciative of the vast amount of work that has gone into giving us a 100% free system - and help to improve that system.
Along these lines, it becomes natural to wonder why the Free Software Foundation has not recognized the work done by the Fedora Project to make its distribution entirely free. Instead, the FSF has put its energy into promoting obscure distributions like gNewSense and UTUTO. It seems that the Fedora developers and the FSF have been talking about recognition for Fedora, resulting in the posting of this message from Richard Stallman. It covers a number of issues, including firmware, fonts, patents, and more. One sticking point, it would seem, is this:
Given the people involved with Fedora, and the work that has been done to eliminate packages with problematic licensing, your editor has no qualms in saying that Fedora is a truly free distribution. It is unfortunate that the work which has gone into the creation of this distribution is not as widely recognized as it should be. If we want to promote free software, and if we want to live in a world where we can use exclusively free software, we should not hesitate to acknowledge the work of those who have built free systems, and who have not given in to those pushing for the addition of proprietary code. They are doing the work we so very much want to see done, and we are far richer for it.
Some notes on free Java
The free software community would appear to have developed a winning strategy for bringing semi-proprietary code under a free license. Just create a project to reimplement that code, and name the project "Harmony." About the time that the Harmony project starts to make some real progress, the original code base will be relicensed to the GPL, and everybody will be happy.This approach worked well with the first Harmony project, which was created to make a free version of the then-proprietary Qt library. In September, 2000, Trolltech finally made Qt available under the GPL. More recently, a Project Harmony set out to create a free Java implementation. A year and a half later, Sun Microsystems finally let go, and has promised to release Java as free software - and under the GPL at that.
Clearly some serious thought needs to be put into picking an appropriate target for the next Harmony project.
Actually, the "Harmony" name may not become available for a while yet; a quick look at the mailing list shows that, unlike the previous Harmony project, the current Harmony developers are continuing full-speed with their work. One might well wonder why, given that the "real" Java code is now promised to the community. It may be partly a matter of momentum, and partly waiting until the code actually becomes available (it will be a few months yet). Sun's interesting choice of the GPL also appears to be relevant. The Harmony project, being under the Apache umbrella, is using the Apache license, which is not compatible with the GPL. So the Harmony developers will not be able to make use of Sun's code in their project. If they want an Apache-licensed Java, they will have to continue to work to create it themselves.
There appears to be some concern within Harmony that Sun will require copyright assignments from those who would contribute to the GPL code base, and that, in turn, would allow Sun to make use of contributed code in proprietary projects. There are Harmony developers who are unwilling to contribute under those conditions. It has also been suggested in the Harmony camp that Sun might use patents to enforce Java compatibility. So Harmony may well continue for a while.
Another project which will be affected by this release is GNU Classpath. Unlike Harmony, however, Classpath uses a "GPL plus exception" license which allows the use of the library in proprietary applications. Sun's choice of the GPL makes life easy for the Classpath developers - especially since Sun adopted the same exception. But it does leave open the question of whether Classpath is needed at all. The real answer there probably depends on the shape of the actual code release; there may be parts of the "real" Java class library which Sun is unable to release, and which might then be substituted from Classpath. It also seems that Classpath has managed to build a dynamic and effective development community; the desire to continue to develop in that environment may keep Classpath going for a while yet.
Many pixels have been expended in attempts to analyze Sun's choice of the GPL. Most likely, Sun went with the GPL because (1) the response to the CDDL has been lukewarm at best, and (2) experience shows that GPL-licensed code is relatively resistant to the creation of incompatible forks. Sun's ostensible reason for resisting free licensing all these years was a fear of incompatible versions, so fork resistance should have been on their minds. Also worthy of note is the fact that Sun has specified that it is using version 2 of the GPL. A switch to GPLv3 seems likely once the license is final (see Jonathan Schwartz's weblog), but Sun is not committing to that ahead of time.
Sun has made some hints that Solaris might move over to the GPL as well. This would be a significant change, as it would allow Solaris code to find its way into the Linux kernel. There must be useful code within Solaris, even if some of the more interesting parts (the ZFS filesystem, say) would be a major challenge to port.
In any case, Sun's freeing of Java is a significant - if a bit overdue - gift to the community. It will enable the Java language to become a first-class citizen within Linux distributions and make a powerful language fully available to free software developers. Sun certainly cannot be faulted for failing to contribute in recent years. Soon, it will be up to the community to take this code and do great things with it.
Open Firmware is now free
A full twenty years ago, Mitch Bradley sat down to write the firmware (BIOS) code for Sun's upcoming SPARCstation line. The resulting code, then called OpenBoot, shipped on SPARC systems for years, and found its way into other vendors' computers as well. Mr. Bradley eventually left Sun to continue to work with this code, now called Open Firmware. It has proved to be useful for system manufacturers who found it to be a quick way to get their hardware going. Twenty years later, he is still at it at his company, FirmWorks.As of this week, however, one aspect of Mr. Bradley's job has changed: he is now working with free software. Between code releases by Sun Microsystems and FirmWorks, the entire Open Firmware system is now free. Most of it is available under the BSD or MIT license; it can be browsed on the net or obtained from the Subversion repository at svn://openbios.org/openfirmware.
Open Firmware is an interesting system. At its core, it is an interpreter for the Forth language; most of the higher-level functionality is implemented in Forth and run on the interpreter. That will make the Open Firmware source relatively opaque for those of us who are not accustomed to working in stack-based languages; Open Firmware will certainly have the only ext2 filesystem code which looks like this:
: ext2fsfread ( addr count 'fh -- #read )
drop
dup bsize > abort" Bad size for ext2fsfread"
file-size lblk# bsize * - ( addr count rem )
umin swap ( actual addr )
lblk# read-file-block ( actual )
dup 0> if lblk#++ then ( actual )
The use of Forth does help to keep the Open Firmware code compact and quick, however. This system can work with several different filesystems, perform TCP/IP networking (including functioning as an HTTP server or client), work with USB devices, and drive a wide range of devices in general. And it all fits in about 350KB of flash, with the ability to shoehorn it into 256KB if need be.
Open Firmware can also be useful for debugging hardware issues. The Forth interpreter is available at the system console, allowing a sufficiently clued developer to poke at device registers directly and see what happens. This feature is especially useful when trying to bring up new hardware which is displaying unexpected behavior. As Mr. Bradley has been heard to say:
Open Firmware is a foot-shooting tool of substantial power.
The Open Firmware code was widely used, even when it was a proprietary product. This code will be even more widely distributed soon. Back in October, the One Laptop Per Child project announced that it would be adopting Open Firmware for its systems. LinuxBIOS will remain on those systems as the low-level BIOS, but Open Firmware will be the code which performs boot loading and presents the firmware-level interface to the user. The OLPC decision was based on smaller size, greater speed, and greater flexibility of the Open Firmware code. Once Open Firmware set on the path toward a free release, OLPC's decision was relatively easy.
In the future, the now-free nature of Open Firmware may cause it to appear on a number of new systems, in places where a proprietary BIOS would have been found before. As a result, a part of our systems which has traditionally been proprietary and closed might just become open and free. So, while many of us may never work with this code directly, we'll likely benefit from its freedom anyway.
LWN comes out early next week
Thursday, November 23, is the Thanksgiving holiday in the U.S. As has become traditional, LWN will be published one day early next week so that we all have time to join our families and begin the task of serious eating. We'll return to the normal schedule the following week.
Security
November: the month of kernel bugs
A security researcher has proclaimed November to be the 'Month of Kernel Bugs' (MoKB) and is releasing one bug each day to highlight unreported issues with various kernels. The associated web site currently has six separate Linux bugs listed as well as bugs for MacOS, FreeBSD, Solaris and Windows. The project was first announced on the bugtraq mailing list along with a tool that can fuzz various Linux filesystems.
The Linux bugs described are all filesystem related; they were found using the fsfuzzer tool to generate various kinds of improperly formatted filesystem data and to feed it to the Linux filesystem code. This leads to various kinds of kernel problems, mostly crashes. Bugs have been found in several different filesystem types: ext2, ext3, iso9660, cramfs, and squashfs. The vulnerability found for cramfs actually exists in the zlib decompression code and could potentially lead to arbitrary code execution.
While these bugs are fairly serious, they are also fairly difficult to exploit. Other than iso9660, it is rare that a Linux user will mount a filesystem generated by some external, potentially malicious, entity. USB flash drives might provide a vector for exploiting some of these bugs, but users are hopefully savvy enough to be wary of mounting them if they do not know where they came from. Administrators may also remove the ability for regular users to mount filesystems, especially on sensitive machines such as servers.
Kernel bugs that allow arbitrary code execution are particularly serious because they can provide a way to completely take over the system. If an attacker can convince someone to mount a specially crafted cramfs image, they may be able to cause all manner of mayhem with that system. Attacks targeted at a specific person or company would seem to be the biggest concern as it would be somewhat difficult to use as a vector for a widespread infection; the logistics of distributing thousands of USB keychains to create a Linux botnet would be daunting. The money that could be earned by renting out the botnet, however, might be enough for some, especially if they could find a way to do it anonymously.
Two of the reported bugs against Windows wireless drivers would seem to be of little interest to Linux users, but, unfortunately, that is not the case. As mentioned here, Ndiswrapper is often used to provide Linux 'support' for many wireless adapters and, as Dave Jones points out, this makes Linux potentially vulnerable as well. It may be that the vendors release a fix promptly, but until they do, users of those drivers are vulnerable to attack. And, in any case, propagating a fix in a Windows network driver to a substantial portion of its users is not a simple thing to do.
The MoKB announcement mentions the possibility of 'silent fixes' of these problems; at least so far, that does not seem to be happening. Silent fixes are ones that fix a security problem, but in some way obfuscate the security implications of the fix (or, at least, are not accompanied by a security advisory). Proprietary vendors are well known for this kind of behavior, but one would hope open source developers are more, well, open about those kinds of things. The only fix that seems to have made its way into the kernel so far is for a an ext3/ext4 bug that was found prior to the MoKB. It was clearly described as a crash in the patch and the fsfuzzer tool was referenced. It did not specifically mention it as a security problem, but opinions differ on whether denial of service that is not caused externally should be considered a security issue.
While the fixes are not silent, they also do not seem to be very high on anyone's priority list, either. So far, there do not seem to be patches for any of the MoKB reported issues posted to the linux kernel mailing list. The zlib inflate issue, with its memory corruption potential, would seem like one that should be fixed relatively soon even if its exploit potential is low.
So far, MoKB has produced some interesting bugs, especially on other operating systems. We will be keeping an eye out for any others that might have a bigger impact on Linux users and for fixes going into the kernel. November is only half over.
New vulnerabilities
avahi: sender id check
| Package(s): | avahi | CVE #(s): | CVE-2006-5461 | ||||||||||||||||||||||||
| Created: | November 13, 2006 | Updated: | December 20, 2006 | ||||||||||||||||||||||||
| Description: | Steve Grubb discovered that netlink messages were not being checked for their sender identity. This could lead to local users manipulating the Avahi service. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
bugzilla: multiple vulnerabilities
| Package(s): | bugzilla | CVE #(s): | CVE-2006-5453 CVE-2006-5454 CVE-2006-5455 | ||||||||
| Created: | November 10, 2006 | Updated: | August 28, 2007 | ||||||||
| Description: | Bugzilla has the following vulnerabilities:
Input data passed to various fields is not properly sanitized before being passed back to users. Users can gain unauthorized access to read attachment descriptions while using diff mode. HTTP GET and HTTP POST requests can be used to perform unauthorized actions due to improper verification. Input that is passed to showdependencygraph.cgi is not properly sanitized before being returned to users. | ||||||||||
| Alerts: |
| ||||||||||
ftpd: privilege escalation
| Package(s): | ftpd | CVE #(s): | CVE-2006-5778 | ||||||||||||
| Created: | November 10, 2006 | Updated: | February 14, 2007 | ||||||||||||
| Description: | Ftpd is vulnerable to a privilege escalation attack, an incorrect seteuid() call can be used by an FTP user to gain unauthorized access to files or directories. | ||||||||||||||
| Alerts: |
| ||||||||||||||
kernel: denial of service
| Package(s): | kernel | CVE #(s): | CVE-2006-5757 | ||||||||||||
| Created: | November 13, 2006 | Updated: | November 14, 2007 | ||||||||||||
| Description: | From the MOKB-05-11-2006
advisory: "The ISO9660 filesystem handling code of the Linux 2.6.x kernel fails to properly handle corrupted data structures, leading to an exploitable denial of service condition. This particular vulnerability seems to be caused by a race condition and a signedness issue. When performing a read operation on a corrupted ISO9660 fs stream, the isofs_get_blocks() function will enter an infinite loop when __find_get_block_slow() callback from sb_getblk() fails ("due to various races between file io on the block device and getblk")." | ||||||||||||||
| Alerts: |
| ||||||||||||||
openldap: denial of service
| Package(s): | openldap | CVE #(s): | CVE-2006-5779 | ||||||||||||||||||||||||||||
| Created: | November 10, 2006 | Updated: | December 1, 2006 | ||||||||||||||||||||||||||||
| Description: | openldap has a denial of service vulnerability. Remote attackers can create special LDAP Bind requests to trigger a libldap assertion failure. | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
pdns: buffer overflow
| Package(s): | pdns | CVE #(s): | CVE-2006-4251 | ||||||||
| Created: | November 15, 2006 | Updated: | November 16, 2006 | ||||||||
| Description: | The PowerDNS nameserver suffers from a buffer overflow which can be exploited to cause a denial of service, with the potential for the execution of arbitrary code. | ||||||||||
| Alerts: |
| ||||||||||
trac: cross-site request forgery
| Package(s): | trac | CVE #(s): | CVE-2006-5848 CVE-2006-5878 | ||||||||||||
| Created: | November 13, 2006 | Updated: | December 13, 2006 | ||||||||||||
| Description: | It was discovered that Trac, a wiki and issue tracking system for software development projects, performs insufficient validation against cross-site request forgery, which might lead to an attacker being able to perform manipulation of a Trac site with the privileges of the attacked Trac user. | ||||||||||||||
| Alerts: |
| ||||||||||||||
Page editor: Jonathan Corbet
Kernel development
Brief items
Kernel release status
The current 2.6 prepatch remains 2.6.19-rc5; no prepatches have been released in the last week. Enough patches have found their way into the mainline git repository that a 2.6.19-rc6 release will probably happen before this kernel cycle runs its course.The current -mm tree is 2.6.19-rc5-mm2. Recent changes to -mm include the fault injection capability (see below), file-based capabilities, and a backport of the ext3 reservation code to ext2.
For 2.6.16 users, Adrian Bunk has released 2.6.16.32 with a number of fixes.
Kernel development news
Quote of the week
1/7th think it's deteriorating
1/4th think lkml response is inadequate
3/5ths think bugzilla response is inadequate
2/5ths think we have features-vs-stability wrong
2/3rds hit a bug. Of those, 1/3rd remain unfixed
1/5th of users are presently impacted by a kernel bug
Happy with that?
Counting on the time stamp counter
The time stamp counter (TSC) is a hardware feature found on a number of contemporary processors. The TSC is a special register which is simply incremented every clock cycle. Since the clock is the fundamental unit of time as seen by the processor, the TSC provides the highest-resolution timing information available for that processor. It can thus be used for a number of applications, such as measuring the exact time cost of specific instructions or operations.The TSC can also be read quickly (it is just a CPU register, after all), making it of interest for system timekeeping. There are a lot of applications which check the current time frequently, to the point that gettimeofday() is one of the most performance-critical system calls in Linux. By using the TSC to interpolate within the resolution of a coarser clock, the system can give accurate, high-resolution time without taking a lot of time in the process.
That is the idea, anyway. In practice, the TSC turns out to be hard to use in this way. If the CPU frequency changes (as it will on CPUs which can vary their power consumption), the TSC rate will change as well. If the processor is halted (as can happen when it goes idle), the TSC may stop altogether. On multiprocessor systems, the TSCs on different processors may drift away from each other over time - leading to a situation where a process could read a time on one CPU, move to a second processor, and encounter a time earlier than the one it read on the first processor.
These challenges notwithstanding, the Linux kernel tries to make the best use of the TSC possible. The code which deals with the TSC contains a number of checks to try to detect situations where TSC-based time might not be reliable. One of those checks, in particular, compares TSC time against the jiffies count, which is incremented by way of the timer tick. If, after ten seconds' worth of ticks, the number of TSC cycles seen differs from what would have been expected, the kernel concludes that the TSC is not stable and stops using it for time information.
Interesting things happen when the dynamic tick patch is thrown into the mix. With dynamic ticks, the periodic timer interrupt is turned off whenever there's nothing to be done in the near future, allowing the processor to remain idle for longer and consume less power. Once something happens, however, the jiffies count must be updated to reflect the timer ticks which were missed - something which is generally done by obtaining the time from another source. At best, this series of events defeats the test which ensures that the TSC is operating in a stable manner; at worst, it can lead to corrupted system time. Not a good state of affairs.
For this reason, the recently-updated high-resolution timers and dynamic tick patch set includes a change which disables use of the TSC. It seems that the high-resolution timers and dynamic tick features are incompatible with the TSC - and that people configuring kernels must choose between the two. Since the TSC does have real performance benefits, disabling it has predictably made some people unhappy, to the point that some would prefer to see the timer patches remain out of the kernel for now.
In response to the objections, Ingo Molnar has explained things this way:
Ingo has also posted a test program which demonstrates that time inconsistencies on TSC-based systems are common - at least, when multiple processors are in use.
Arjan van de Ven has suggested a "duct tape" solution which might work well enough "to keep the illusion alive." It involves setting up offsets and multipliers for each processor's TSC. Between the offsets (which could compensate for TSC drift between processors) and the multipliers (which adjust for frequency changes), some semblance of synchronized and accurate TSC-based time could be maintained - as long as the kernel is able to detect TSC-related events and adjust those values accordingly. No code which implements this idea has yet been posted, however.
The conversation faded out with no real conclusion, though, near the end, Thomas Gleixner did note that the complete disabling of the TSC was "overkill." The preferred solution, which he is working on, is to keep the system from going into the dynamic tick mode if there is no other reliable timer available. Once that code has been posted, it may be possible to have the full set: high-resolution timers, dynamic ticks, and fast clocks using the TSC.
Injecting faults into the kernel
Some kernel developers, doubtless, feel that their systems fail too often as it is; they certainly would not go out looking for ways to make more trouble. Others, however, are most interested in how their code behaves when things go wrong. As your editor recently discovered to his chagrin, error paths tend to be debugged rather less well than the "normal" code. One can try to anticipate possible failures and try to code the right response, but it can be hard to actually test that code. So error-handling paths can be incorrect (or missing) but the code will appear to work - until something blows up.In an attempt to help test kernel error handling, Akinobu Mita has been working for some time on a framework for injecting faults into a running kernel. By causing things to go wrong occasionally, the fault injection code should help to ensure that error situations are handled - and handled correctly. This mechanism has found its way into 2.6.19-rc5-mm2 where, hopefully, it will be employed by developers to make sure that their code is bulletproof. Hopefully.
The framework can cause memory allocation failures at two levels: in the slab allocator (where it affects kmalloc() and most other small-object allocations) and at the page allocator level (where it affects everything, eventually). There are also hooks to cause occasional disk I/O operations to fail, which should be useful for filesystem developers. In both cases, there is a flexible runtime configuration infrastructure, based on debugfs, which will let developers focus fault injections into a specific part of the kernel.
Your editor built a version of 2.6.19-rc5-mm2 with the fault injection capability turned on. For whatever reason, the configuration system insisted that the locking validator be enabled too; perhaps somebody injected a fault into the config scripts. In any case, the resulting kernel exports a directory (in debugfs) for each of the available fault injection capabilities.
So, for example, the slab allocation capability has a directory failslab. At system boot, failure injection is turned off; slab failures can be enabled by writing an integer value to the failslab/probability file. The value written there will be interpreted as the percent probability that any given allocation will fail; so writing "5" will cause a 5% failure rate. For situations where a failure rate of less than 1% (but greater than zero) is needed, there is a separate interval value which further filters the result. So a 0.1% failure rate could be had by setting interval to 1000 and probability to 100 - preferably in that order. There is also a times variable which puts an upper limit on the number of failures which will be simulated.
As it happens, randomly injecting failures into the kernel as a whole does not necessarily lead to a lot of useful information for a developer, who is probably interested in the behavior of a specific subsystem. There is only so long that one can put up with basic shell commands failing while trying to make something happen in one particular driver. So there are a number of options which can be used to focus the faults on a particular part of the kernel. These include:
- task-filter: if this variable is set to a positive value, faults will
only be injected when a specially-marked processes are running. To
enable this marking, each process has a new flag
(make-it-fail) in its /proc directory; setting that
value to one will cause faults to be injected into that process.
- address-start and address-stop: if these values are
set, fault injection will be concentrated on the code found within the
address range specified. As long as any entry within the call chain
is inside that address range, the fault injection code will consider
causing a failure.
- ignore-gfp-wait: if this value is set to one, only non-waiting (GFP_ATOMIC) allocations will potentially fail. There is also a ignore-gfp-highmem option which will cause failures not to be injected into high-memory allocations.
Various other options exist; there is also a set of boot options for turning on injection which might be useful for debugging early system initialization. The documentation file has the details. Also found in the documentation directory are a couple of scripts for concentrating faults on a specific command or module.
The end result of all this is a useful tool. One need not just hope that the error recovery paths in a piece of kernel code will just work properly; it is now possible to actually run them and see what happens. This should lead to a better tested, more robust kernel in the near future, and that can only be a good thing.
Toward a free Atheros driver
The Atheros family of wireless chipsets finds its way into a number of network adapters and laptop systems. It is a flexible and capable device, with one little limitation: there is no free Linux driver available. Linux support can be had via the freely-downloadable MadWifi driver, but, at the core of that driver, there is a binary-only "hardware access layer" (HAL) module which does much of the real work. This module has all of the problems associated with proprietary drivers: it cannot be audited or fixed, it cannot be improved, it is only available for the kernel versions and architectures supported by the manufacturer, etc. But, for Linux users, the choices are MadWifi or nothing.A free Atheros HAL module called "ar5k," written by Reyk Floeter, has been in circulation for a couple of years; OpenBSD uses it. But this code has long been followed by allegations that it was improperly developed and potentially subject to copyright claims by Atheros. In the current climate, nobody wants to risk bringing possibly tainted code into the kernel; the potential consequences are just too severe. So, while the desire to support Atheros devices in Linux remains strong, the existing HAL has not been considered and little work has been done to bring that about.
Except that, as it turns out, work has been quietly happening in an unexpected place. The Software Freedom Law Center was asked by the ar5k developers to look at the development history of the code and come up with a pronouncement on whether it was legitimate (from a copyright law perspective) or not. On November 14, the SFLC produced its answer:
This finding should clear the way for the entry of the free Atheros HAL into the Linux kernel - eventually. But there are a couple of problems which need to be overcome first.
One of those is the general level of upheaval in the Linux wireless subsystem. The developers still intend to move over to the Devicescape stack and to get that code into the mainline, but there is still work to be done in that area. But a new wireless driver which does not work with Devicescape will have a harder path into the kernel. There is an effort to move MadWifi over to Devicescape (it's called "DadWifi"), so that might be the quickest path for Atheros support to get into the kernel.
The other problem, however, is that code based on the HAL concept tends to be unpopular at best. A HAL is typically seen as an unnecessary abstraction layer between the driver and the hardware which serves to obscure what's really going on while adding no real value of its own. So developers who propose HAL-based drivers are usually told to go away and come back once the HAL is gone. There is no real reason to expect things to happen differently this time around.
But, even if it can't be used directly, the ar5k code is now fair game for reference and eventual adaptation into a Linux driver. There are enough developers out there with an interest in making Atheros adapters work that the chances of this work getting done in the (relatively) near future are relatively good. The list of devices which are not supported by Linux is about to get shorter.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
Fedora Summit
There was a Fedora Summit this week to discuss a public roadmap for Fedora 7 and other Fedora-centric topics. The summit was still in progress at press time. The meeting was partly face-to-face, with additional people chiming in via IRC and telephone.Your editor was not able to attend the summit, so this is based on wiki pages and IRC logs. First and foremost though, it seems that Fedora Core packages will move into the community infrastructure currently used for Fedora Extras. Opening Core will make it easier for outside contributors and encourage more community participation. One side effect of that might be a smaller Fedora base platform. Dare we hope for a single install CD? A new build system was proposed to support the more open infrastructure.
There was considerable discussion about the role of Fedora Legacy and the possibility of extending Fedora support from the current ~9 months to about 13 months, so that users could reasonably move from FCn to FCn+2. Fedora Legacy would disappear, or be reabsorbed into the main Fedora project. Jesse Keating has some details about this proposal in this blog post. Suffice to say that this sparked some discussion on the Fedora Legacy mailing list.
A policy for secondary architectures was proposed. Fedora currently focuses on x86 and x86_64, but this proposal would support other architectures such as PPC or Sparc. The proposal comes from Tom Callaway from the Aurora Sparc Project.
Overall, Fedora 7 will likely be a different beast than previous releases. More like the community oriented distribution that Red Hat promised.
New Releases
EnGarde Secure Linux 3.0.10
EnGarde Secure Linux 3.0.10 is now available. The most significant new feature, perhaps, is the "SELinux Control Console," which provides a graphical interface for some SELinux management tasks.Debian Installer etch RC1 released
The Debian Installer team has announced the first release candidate (RC1) of the installer for Debian GNU/Linux Etch. Click below for a look at the many improvements and known problems.NetBSD Live! 2007
The NetBSD project has released a live CD based on 4.4BSD-Lite. See the release notes for more information.openSUSE 10.2 Beta2 is available
The second beta of openSUSE 10.2 (codename Basilisk Lizard) is out. It contains a large number of enhancements and updates done by the open source community and Novell's development teams. There was a problem with openSUSE-10.2-Beta2-Addon-Lang-i386.iso and openSUSE-10.2-Beta2-Addon-Lang-i386.torrent, although corrected versions should have hit the mirrors by now. You'll find the MD5SUMS of the new files here.Pardus Linux 2007 beta
Pardus has announced the release of Pardus Linux 2007 beta. "Pardus operating system's latest beta version, codenamed "ATA", is out for download and testing. This beta version will be followed by the stable version Pardus 2007, to be released on December 18th, 2006. Pardus is a Linux based operating system, developed under the auspices of TUBITAK (The Scientific and Technological Research Council of Turkey) UEKAE (National Electronic and Cryptography Research Institute)." Pardus "ATA" comes as a single CD with Dutch, English, German and Turkish support on the desktop.
Ubuntu Customization Kit 1.3 released
The Ubuntu Customization Kit (UCK) 1.3 is out with many fixes and improvements, including built-in support for Edgy. UCK is a tool that helps you customizing official Ubuntu Live CDs (including Kubuntu/Xubuntu and Edubuntu) to your needs. You can add any package to the live system, for example language packs, or applications.
Distribution News
Gentoo Anonymous CVS and SVN now available
Anonymous read-only CVS and SVN services for Gentoo repositories are now available for use. "The anonymous services are primarily intended help our non-dev contributors easily produce patches and modifications (cvs diff/svn diff), and provide easier access to the source for gentoo-hosted projects."
New openSUSE Mailinglists
Mailing lists at suse.com have migrated to lists with new names at opensuse.org. Click below to find the new lists.Slackware -current
Slackware -current is undergoing renovations to the toolchain (gcc, glibc, binutils, etc.). "In addition, these things aren't going as smoothly as anticipated. I'd like to put the NPTL version of glibc into /lib and the LinuxThreads version into /lib/obsolete/linuxthreads (since some old binaries are going to need them), but doing this prevents the use of a 2.4 kernel. Perhaps it's finally time to drop support for Linux 2.4? Personally, I'd rather not as 2.4 is more forgiving of flaky hardware and thus tends to get better uptimes (at least on the servers I run ;-). Comments about this issue are welcomed."
Release Schedule, Herd 1 and "later" bugs
Ubuntu has announced a release schedule for the Feisty Fawn. According to the schedule we can expect the first Herd CD on November 30. The final Feisty release is currently set for April 19, 2007.YDL v5.0 for PLAYSTATION3
Terrasoft Solutions has announced that Yellow Dog Linux (YDL) 5.0 for the Sony Computer Entertainment, Inc. PLAYSTATION(R)3 will be made available via YDL.net Enhanced accounts on Monday, November 27, 2006.
Distribution Newsletters
Fedora Weekly News Issue 66
The Fedora Weekly News covers Fedora Summit Preparations, Fedora Ambassadors Day, Fedora Directory Server 1.0.4 is released, Announcing pungi-0.1.0, Why every child deserves a laptop, OLPC taps 2.6.19 kernel, plus Fedora reviews and more.Gentoo Weekly Newsletter
The Gentoo Weekly Newsletter for November 6, 2006 covers things heard in the community, Linux Day in Italy, tips on searching overlays and running 32-bit mplayer with 64-bit kmplayer and several other topics.The Gentoo Weekly Newsletter for November 13, 2006 is also available. This edition covers anonymous CVS and SVN services, Gentoo-based Ruby on Rails service, summaries from gentoo-user and more.
DistroWatch Weekly, Issue 177
The DistroWatch Weekly for November 13, 2006 is out. "As Novell continues to endure the wrath of the open source developer and user community, many people are wondering whether they should boycott Novell's products. In the meantime, openSUSE continues its 10.2 development process unabated and on target for the early December release. Also in the news: a war of words erupts between Fedora and Ubuntu, Feisty Fawn's new features attract fresh controversy, Debian prepares a new set of kernels for "etch", and Slackware introduces modern features into its "current" tree. We'll bring you the results of our Mandriva Linux 2007 PowerPack competition and continue our discussion on DistroWatch's Page Hit Ranking statistics."
Package updates
Fedora updates
Updates for Fedora Core 6: librsvg2 (update to 2.16.1), gcalctool (update to 5.8.25), libxklavier (bug fix), speex (update to 1.2beta1), cairo (update to 1.2.6), libX11 (bug fixes), gnome-panel (update to 2.16.1), jwhois (use the new upstream config), system-config-printer (bug fix update to 0.7.35), redhat-menus (pick up missing translations), mikmod (bug fix), policycoreutils (bump for FC6), selinux-policy (bump for FC6), perl-DateManip (bug fixes), gaim (bug fixes), gnome-vfs2 (update to 2.16.2), eel2 (update to 2.16.1), nautilus (bug fixes), nautilus-cd-burner (pass joliet flag when using growisofs), gnome-python2-extras (rebuild against Firefox), xorg-x11-xinit (bug fixes), gnome-pilot-conduits ($libdir change), pygobject2 (multilib bug fixes), system-config-kickstart (bug fix), gnome-python2 (update to 2.16.2), man-pages-fr (change in spec file), nautilus (bug fixes), nfs-utils (upgrade to 1.0.10), sysstat (add NFS mount statistics), libsoup (update to 2.2.97), hal-cups-utils (fix the 'select printer model' dialog), openoffice.org (bug fixes), foomatic (database update), oprofile (add Intel Core 2 support, AMD64 event names), nfs-utils (upgrade to 1.0.10), iscsi-initiator-utils (rebase to upstream open-iscsi-2.0-730).Updates for Fedora Core 5: jwhois (use the new upstream config), mikmod (bug fix), arts (KDE 3.5.5 release), kdelibs (KDE 3.5.5 release), kdeaccessibility (KDE 3.5.5 release), kdeaddons (KDE 3.5.5 release), kdeadmin (KDE 3.5.5 release), kdeartwork (KDE 3.5.5 release), kdebase (KDE 3.5.5 release), kdebindings (KDE 3.5.5 release), kdeedu (KDE 3.5.5 release), tcpdump (bug fixes), kdegames (KDE 3.5.5 release), kdegraphics (KDE 3.5.5 release), kdemultimedia (KDE 3.5.5 release), kdenetwork (KDE 3.5.5 release), kdepim (KDE 3.5.5 release), kdesdk (KDE 3.5.5 release), kdeutils (KDE 3.5.5 release), kdevelop (KDE 3.5.5 release), kdewebdev (KDE 3.5.5 release), kde-i18n (KDE 3.5.5 release), iscsi-initiator-utils (rebase to upstream open-iscsi-2.0-730).
Mandriva updates
Updates for Mandriva Linux 2007.0: gnuplot (fix a segmentation fault), desktop-common-data (fix menu problems), ical (bug fixes), webmin (bug fix), opensc (smart card bug fix).rPath updates
Updates for rPath Linux 1: conary (Conary 1.0.38 maintenance release), rmake (function correctly with Conary 1.0.38).Trustix updates
Updates for Trustix Secure Linux 2.2 & 3.0: clamav, freetds, gettext (various bug fixes).Ubuntu updates
Updates for Ubuntu 6.10: debootstrap_0.3.3.0ubuntu8~edgy1, brasero_0.5.0-0ubuntu1~edgy1.Updates for Ubuntu 6.06: gnome-commander_1.2.0-3.1~dapper1, debootstrap_0.3.3.0ubuntu8~dapper1, mpd_0.12.1-1ubuntu1~dapper1, eagle_4.16-2~dapper1, scorched3d_40-1ubuntu1~dapper1.
Newsletters and articles of interest
Ubuntu Developer Summit report: X.org improvements, driver controversy, and bling (Linux.com)
Linux.com has this report from the latest Ubuntu Developers Summit. "The announcement that Ubuntu will ship binary drivers by default in Feisty is getting a lot of negative commentary from users and Ubuntu members alike. Of course, there's also a vocal contingent that complains that Ubuntu and other distros are unsuitable for general users because they don't ship with Nvidia or other binary drivers enabled. There's no position here that will satisfy all users."
The Perfect Setup - OpenVZ with CentOS 4.4 (HowtoForge)
HowtoForge sets up OpenVZ on CentOS. "In this HowTo I will describe how to prepare a CentOS 4.4 server for OpenVZ virtual machines. With OpenVZ you can create multiple Virtual Private Servers (VPS) on the same hardware, similar to Xen and the Linux Vserver project. OpenVZ is the open-source branch of Virtuozzo, a commercial virtualization solution used by many providers that offer virtual servers."
Ubuntu 6.10 (Edgy Eft) LAMP Server Installation with Screenshots (Debian Admin)
Debian Admin has a howto article on setting up a server on Ubuntu 6.10. "Automatic LAMP (Linux, Apache, MySQL and PHP) In about 15 minutes, the time it takes to install Ubuntu Edgy Server Edition, you can have a LAMP server up and ready to go. This feature, exclusive to Ubuntu Server Edition, is available at the time of installation."
How To Compile A Kernel - The Fedora Way (HowtoForge)
HowtoForge builds a custom kernel on Fedora. "Each distribution has some specific tools to build a custom kernel from the sources. This article is about compiling a kernel on Fedora systems. It describes how to build a custom kernel using the latest unmodified kernel sources from www.kernel.org (vanilla kernel) so that you are independent from the kernels supplied by your distribution. It also shows how to patch the kernel sources if you need features that are not in there. I have tested this on Fedora Core 6."
Distribution reviews
Fedora Core 6: Kneel before Zod! (Linux.com)
Linux.com reviews Fedora Core 6. "The FC6 schedule slipped a bit at the last minute due to a handful of serious issues, such as an Ext3 data corruption bug, but the Fedora team managed to get the final release out pretty close to schedule. Unfortunately, it's still a bit buggy in some scenarios. It might have been better to hold off releasing FC6 for another week or two to fix the problems, but it is a good release if you're willing to be careful during the install."
Review: 3 Linux Desktops Put To The Test (CRN)
CRN reviews and compares Linspire, Xandros and SLED. "System builders considering a Linux desktop are faced with a dizzying array of choices. There are dozens, if not hundreds, of Linux distributions to choose from. Narrowing the field of contenders basically comes down to what works best for both the system builder and its customers. Finding that fit often leads system builders to pursue a commercial distribution over an open-source one. Today's commercial desktop Linux distributions make a lot of sense for system builders, mostly because of three factors: recurring revenue, licensing and support. With that in mind, the CRN Test Center set out to compare commercial versions of Linux that are aimed at the channel, specifically the custom-system channel."
Userfriendly Linux Shoot-out (openaddict.com)
openaddict.com compares Xandros Home Edition Premium and Linspire Five-O. "Today I'm taking a look at two ultra-userfriendly Linux distributions: Xandros Home Edition Premium and Linspire Five-O. I'm comparing these two against each other for their technical merits, ease of installation, look/feel, available software and ease of use. Are these two commercial Linux distros easy enough for your Grandmother? Read on to find out."
Page editor: Rebecca Sobol
Development
The release of GNU Privacy Guard version 2.0.0
GNU Privacy Guard (GnuPG) is an open-source encryption utility that was started in 1997 as a replacement for the commercial application PGP. GnuPG runs on a wide variety of operating system platforms.
![[GnuPG]](https://static.lwn.net/images/ns/gnupg.png)
Stable version 2.0.0 of GnuPG has been
announced,
it represents an architectural design fork for the project.
New features in GnuPG version 2 include:
- A gpg-agent daemon for maintaining private keys and a passphrase cache.
- A new implementation of the S/MIME protocol via the gpgsm command line tool.
- The scdaemon daemon for accessing smart cards.
- The gpg-connect-agent tool, which allows scripts to access gpg-agent and scdaemon services.
- The gpgconf tool for maintaining configuration files.
- Support for the Dirmngr server, which manages certificate revocation lists and more.
- Secure Shell Agent protocol support and built-in ssh-agent capabilities.
- The addition of smart card support to the Secure Shell.
- Improved documentation.
The GnuPG project has succeeded in filling an important space in the open-source tool collection. The release of version 2 shows that the project is moving forward with the addition of a lot of new functionality.
System Applications
Database Software
Firebird 2.0 released
Version 2.0 of the Firebird relational DBMS has been announced. "This new version offers many new enhancements: support for 64 bit Linux (64 bit support for other platforms to follow shortly), table sizes above 30Gb, enhanced Unicode support, improved optimizer, improved security, execution of dynamic SQL inside stored procedures, greater index key length, and a new incremental backup facility."
PostgreSQL 8.2 beta 3 is ready for testing
Version 8.2 beta 3 of the PostgreSQL DBMS has been announced. "This beta includes a substantial fix to a WAL issue, so users are urged to test Beta3 using PITR and to try power-failure tests."
Interoperability
Samba 3.0.23d released
Version 3.0.23d of Samba has been announced, it adds stability fixes for winbindd and portability fixes for the FreeBSD and Solaris platforms. "This is the latest stable release of Samba. This is the version that production Samba servers should be running for all current bug-fixes."
Libraries
Cairo 1.2.6 released
Version 1.2.6 of Cairo, a 2D graphics library with support for multiple output devices, is available. The change log states: "This is the third bug fix release in the 1.2 series, coming less than two months after the 1.2.4 release made on August 18. The 1.2.4 release turned out to be a pretty solid one, except for a crasher bug when forwarding an X connection where the client and the server have varying byte orders, eg. from a PPC to an i686. Other than that, various other small bugs have been fixed."
Mail Software
SIEVE Language for Mail Filtering Quick Guide
Alina Popescu has released a quick guide on SIEVE, a mail filtering language. "SIEVE is a language created and used for mail filtering that broadens the filtering options generally provided by mail servers or Antispam/Antivirus applications. They work basically by comparing different keys using different comparators and comparison methods, against headers of a mail message. Based on the result of the comparison, you can apply different actions to the corresponding mail message, i.e. reject, discard, redirect, etc."
Networking Tools
Bigboos 1.3 released
Version 1.3 of Bigboos is out. "BigBoos is one of the fully open source network monitoring System from YinuxPRO (SuYash LinuxPROjects).It uses standard unix ping command to check the status of hosts as well as the snmp if the ping returns 100% loss."
Web Site Development
mnoGoSearch 3.2.40 released
Version 3.2.40 of mnoGoSearch, a web site search engine, is out with numerous bug fixes. See the changelog for more information.
Desktop Applications
Audio Applications
Ardour 2.0 beta 8 released
Version 2.0 beta 8 of Ardour, a multi-track audio workstation package, is out: "Another solid week of bug fixing leads us to 2.0 beta 8." See the release announcement for more details.
Snd-ls V0.9.7.12 and jack_capture V0.3.9 released
Version 0.9.7.7 of the sound editor Snd-ls, and version 0.3.9 of the JACK recording application jack_capture, have been announced.
Desktop Environments
GNOME 2.17.2 released
Version 2.17.2 of the GNOME desktop environment is available. "This is our second development release on our road towards GNOME 2.18.0, which will be released in March 2007. New features are coming in at a nice rate, and that's great. A lot of bug fixes too. And some crashers are appearing here and there: that's the fun of unstable releases!"
GARNOME 2.17.2 released
Version 2.17.2 of GARNOME, the bleeding edge GNOME distribution, is out. "This release includes all of GNOME 2.17.2 plus a whole bunch of updates that were released after the GNOME freeze date. This is the second release in the unstable cycle, with more features, more fixes and yet more madness added."
GNOME Software Announcements
The following new GNOME software has been announced this week:- gnoMint 0.1.3 (new features and bug fixes)
- Gossip 0.19 (bug fixes and translation work)
- Gwget 0.98.2 (new features, bug fixes and translation work)
- Labyrinth 0.3 (new features, bug fixes and translation work)
- monotone 0.31 (new features, bug fixes and translation work)
- nemiver 0.1.0 (initial release)
- system-monitor 2.17.2.1 (new features and bug fixes)
- xdm 1.1.1 (bug fixes)
D-Bus 1.0 'Blue Bird' Released (KDE.News)
KDE.News takes a look at D-Bus version 1.0. "D-Bus 1.0 ("Blue Bird"), the Freedesktop.org inter-process messaging system has just been released. A collaborative effort between industry and open source developers, D-Bus was created to allow arbitrary applications to easily communicate with each other and exchange data. An additional system daemon allows for communication with system services. D-Bus is known to work on all Unix platforms and has also been ported to Mac OS X, while a Windows port is in progress. This makes D-Bus the ideal messaging system for KDE 4."
KDE Software Announcements
The following new KDE software has been announced this week:- KBib 0.5.3 (new features and bug fixes)
KDE Commit-Digest (KDE.News)
The November 12, 2006 edition of the KDE Commit-Digest has been announced. The content summary says: "KViewShell is renamed Ligature. Okular gets support for Text and Line annotations. KSame and Konquest start their conversion to SVG graphics. Marble gets enhanced support for presenting and displaying geographical data interactively, and showing national flags. Mailody, the alternative email client, continues to develop at a rapid pace. Telepathy support in Kopete starts to emerge from experiment towards a usable implementation. Kile gets scripting support, with improvements to scripting across KOffice. KPresenter receives export to text document (OpenDocument) functionality. Improvements in the Magnatune music store facility in Amarok."
Xfce 4.4 Release Candidate 2 (4.3.99.2) released
Release Candidate 2 of Xfce 4.4, a light weight desktop environment, is out. "The second and hopefully last release candidate of the Xfce 4.4 desktop is now available for download. This release focuses primarily on bug fixes and optimizations. Please refer to the changelog for a list of fixes and changes. Please help us making Xfce 4.4 the best Xfce release ever, download it, try it, help us fixing it!"
Electronics
Covered 0.4.8 released
Stable version 0.4.8 of Covered, a Verilog code coverage analysis tool, is out "This is a bug fix release only."
gSpiceUI 0.8.90 announced
Version 0.8.90 of gSpiceUI, a GUI for two electronic circuit simulation engines, has been announced. It adds several new features and fixes some bugs.OpenTech CDROM 1.6.1 released
Version 1.6.1 of the OpenTech CDROM project is available. "OpenTech 1.6.1. is ready with 10 CDs full of new designs, tools and even some books and tutorials in topics like, wireless, VLSI, VHDL, and basic electronics." The CDROM set costs 77 Euros.
Games
Welcome Castlegard (WorldForge)
The WorldForge virtual world project has added a new castle. "Kai finally got around to place jayrs fantastic castle on the mason map. Now people can start exploring the castle, and we can get started adding some gameplay. Castle defence anyone?"
GUI Packages
wxWidgets 2.8.0 RC 1 released
Version 2.8.0 RC 1 of wxWidgets, a cross-platform GUI toolkit, is out, the announcement states: "A few minor bugs have been fixed since 2.7.2; we will release 2.8.0 in a couple of weeks, and as ever, testing of this release candidate will be appreciated."
wxPython 2.7.2.0 is out
Version 2.7.2.0 of wxPython, a blending of the wxWidgets C++ class library with the Python programming language, has been announced. "This is expected to be the last stepping stone in the path to the next stable release series, 2.8.x. We're driving full speed ahead in order to get 2.8.0 included with OSX 10.5, and so far we are very close to being on schedule. This release has some house-keeping style changes, as well as some user-contributed patches and also the usual crop of bug fixes."
xorg-server 1.1.99.902 announced
Version 1.1.99.902 of xorg-server is out with a long list of bug fixes and new features.
Interoperability
Wine 0.9.25 released
Version 0.9.25 of Wine has been announced. Changes include: Many more fixes for installer support, many MSHTML improvements, support for NTLMv2, RPC over TCP improvements and lots of bug fixes.
Mail Clients
Claws Mail 2.6.0 released
Claws Mail, the mail client formerly known as Sylpheed-claws, has released version 2.6.0. There's a number of new features, as well as the new name, which, according to the web site, is "...mainly due to different goals and the fact that syncing both codebases doesn't happen anymore." So it seems that the separation from Sylpheed is complete.
Medical Applications
Release of OpenClinica 2.0 (LinuxMedNews)
LinuxMedNews has an announcement for OpenClinica 2.0, an open-source clinical research software platform. "OpenClinica is an open source web-based software platform that enables sponsors and investigators to manage clinical research data in multi-site studies. It facilitates protocol configuration, design of case report forms, electronic data capture, and study/data management. OpenClinica supports HIPAA and 21 CFR Part 11 guidelines and is designed as a strictly standards-based, extensible, and modular platform."
Office Suites
New OpenOffice.org charting features
Some new OpenOffice.org charting capabilities have been announced, new features include: a new chart wizard, flexible source ranges, easier settings for 3D charts, enhanced logarithmic scales, pie segment offset for 3D charts, enhanced automatic scaling, improved automatic axis label layout, improved selection handling, regression curves are available for 2D line charts, 2D bar and column charts and 2D area charts, and several new sub chart types.
Video Applications
Announcing KungFu 0.1.0
KungFu 0.1.0 has been announced. "KungFu is a GStreamer-based DVD ripper written in Python. It transcodes DVD tiles to Theora/Vorbis. It is more or less complete, but still lacks audio track language selection, subtitle support, and meta data writing. The GUI is done with GTK."
Web Browsers
Mozilla Firefox and Thunderbird 1.5.0.8 released (MozillaZine)
Version 1.5.0.8 of both the Mozilla Firefox browser and Mozilla Thunderbird email client have been announced. "Security and Stability updates for Mozilla products based on the Gecko 1.8 branch have been released. Firefox 1.5.0.x will be maintained with security and stability updates until April 2007. All users are strongly encouraged to upgrade to Firefox 2."
SeaMonkey 1.0.6 and SeaMonkey 1.1 Beta Released (MozillaZine)
Two new versions of Seamonkey have been announced. "Seamonkey 1.0.6, a security and stability update for the all-in-one Internet Suite has been released. The Seamonkey 1.0.6 Release Notes have more information. SeaMonkey 1.1 Beta, a version aimed at developers and testers has also been released. New features include tab previews, spell check, an e-mail tagging system, an improved Linux startup script, better new mail notifications and an updated Chatzilla IRC client."
Languages and Tools
Caml
Caml Weekly News
The November 14, 2006 edition of the Caml Weekly News is out with new Caml language articles.
Haskell
Haskell Weekly News
The November 14, 2006 edition of the Haskell Weekly News is online. This week we see the announcement of a Haskell to Javascript compiler project, and the overhaul of GHC's typeclass machinery is complete.
Perl
Weekly Perl 6 mailing list summary (O'Reilly)
The November 5-11, 2006 edition of the Weekly Perl 6 mailing list summary is out with coverage of the latest Perl 6 discussions.
Python
Python FAQ heading toward 1.0 release
A call for review has gone out for the semi-official Python FAQ, questions and answers are being reviewed in preparation for the upcoming 1.0 release.Dr. Dobb's Python-URL!
The November 13, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.
Tcl/Tk
Dr. Dobb's Tcl-URL!
The November 14, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.
XML
Cracks in the Foundation (XML.com)
Micah Dubinko reports on some controversy surrounding XML namespaces. "The last week in October wasn't the smoothest for the W3C HTML Working Group. First, a notable blog entry criticized their handling of XML namespaces, leading to a formal objection. On top of that, Tim Berners-Lee blogged that new and separate HTML and forms Working Groups would be chartered to "incrementally" update HTML, in contrast with the groups' present approach. More on that later. As has always been the case, XML Annoyances aims to stimulate discussion on XML topics by challenging entrenched views. This article digs beneath the surface issues and encourages others to do the same."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Degrees of Openness (O'ReillyNet)
Adrien Lamothe explores some aspects of openness in an O'Reilly article. "The open source software movement has received a lot of press coverage in recent years. A result of this is many people associating the term "open" with open source software. This popular definition of "openness" is incomplete. Openness affects many aspects of computing besides freedom to view and modify source code. Shrewd proprietary computer companies have been able to take advantage of popular misconceptions about openness, masking their products in partial degrees of openness, then applying the "open" label. We should understand the different forms of openness and how they apply to the many facets of computers, software, systems, and even warranties and service agreements."
How GPLv3 tackles license proliferation (LinuxDevices.com)
Ciaran O'Riordan discusses license proliferation issues with regards to the GPLv3 on LinuxDevices.com. "The most obvious way to limit license proliferation is to write new licenses as rarely as possible. So while updating the GPL, it's good to be thorough so that it doesn't have to be done too often. What any one license can do to lessen the problem is less obvious, and this is an area where GPLv3 is breaking new ground. In case the more controversial provisions of GPLv3 have overshadowed the provisions that tackle license proliferation, I've put together this summary as a discussion primer."
Trade Shows and Conferences
Report from the Ubuntu Developer Summit (Linux.com)
Joe 'Zonker' Brockmeier covers the Ubuntu Developer Summit on Linux.com. "Ubuntu developers and other interested parties from all over the world have swarmed to Google's offices in Mountain View this week for the Ubuntu Developer Summit (UDS) to plan out the next release of Ubuntu. In total, about 140 people have registered for the summit. According to Jane Silber, head of marketing with Canonical, only 30 of the attendees are actually employed by Canonical, the company that sponsors Ubuntu. The remainder of the participants include members of the Ubuntu community, representatives of upstream projects, and other parties who have an interest in how Ubuntu is developed."
Companies
Microsoft open to more deals like Novell Linux one (TechSpot.com)
TechSpot.com suggests that Microsoft may be willing to get involved in more Linux support deals. "What is all of this about? Well, Steve Ballmer (Chief Executive Officer of Microsoft since January 2000) believes that Microsoft will have to change its business model in order to continue to prosper. "The next frontier for us is to embrace a new business model. And if we embrace it well and that business model is subscription and advertising, where we will be a market leader. If we do not embrace it well there will be issues.""
Microsoft starts a group for software harmony (ZDNet)
ZDNet reports that Microsoft is creating a council with other technology vendors in an effort to sort out product interoperability problems. "The list of vendors participating in the initiative include Sun Microsystems, Novell and SugarCRM. Microsoft already has a formal partnership with these companies to ensure their respective products work well together. Other members include open-source virtualization company XenSource, Xcalia, Software AG, Siemens, Citrix, BEA Systems, CA and Advanced Micro Devices."
Sun Set To Move On GPL License For Open-Source Java (Dr. Dobb's Portal)
Dr. Dobb's Portal claims that Sun Microsystems is very close to announcing that it will put the mobile (ME) and standard (SE) editions of the Java platform into the GNU General Public License (GPL). "Offering Java only under the GPL would have a cataclysmic effect on the software industry, forcing Java platform developers to freely release their contributions if they continue developing around the platform's GPL code. IBM, for example, licenses Java from Sun and has its own version of the Java Virtual Machine." (Thanks to Francesco P. Lovergine)
Linux Adoption
The war is over and Linux won (ZDNet)
This ZDNet blog post looks at an IBM sponsored study. "Web servers and database servers remain the dominant applications, but development environments are now among the most popular systems in production, meaning the trend toward Linux and open source applications should accelerate."
Large public-sector Linux project flops (ZDNet)
ZDNet UK reports on the Birmingham Linux project, which has been mothballed. "[City council manager Les] Timms said the council had compared the cost of the Linux desktop migration with an upgrade to Windows XP, and had found that a Microsoft upgrade would be cheaper. Most of the difference was made up of costs attributed to 'decision making' and 'project management', largely brought about because of a shortage of skills in open-source networking and the changes to IT processes that would result."
Legal
'Second Life' faces threat to its virtual economy (ZDNet)
ZDNet writes about the open source "CopyBot" tool which, by being able to make copies of objects, is stirring up the Second Life community. "Problem is, it's not clear yet if there's anything Linden Lab can do to stop people from using the bot. Linden Lab said Second Life content creators who had their wares stolen had few immediate options for stopping the thefts and that the best recourse for them could be to file a Digital Millennium Copyright Act complaint--in the real world--against offenders."
SFLC's Bradley M. Kuhn's Letter to the FOSS Development Community (Groklaw)
Groklaw covers a statement from Bradley Kuhn, CTO of the Software Freedom Law Center, regarding the Novell/Microsoft deal. "The Software Freedom Law Center's CTO Bradley Kuhn has issued a statement regarding the Novell-Microsoft agreements and how they will impact FOSS developers. They have analyzed in particular Microsoft's Patent Pledge for Non-Compensated Developers and see little value and in fact say it's worse than useless, because it creates an illusion of safety and because it limits severely what that developer is allowed to do with his work."
Interviews
Red Hat Speaks: Microsoft And Oracle Are Following The Linux Leader (IW)
Information Week interviews Paul Cormier, Red Hat's executive VP of engineering Paul Cormier. "Everyone wants a piece of Red Hat lately, in particular software giants Microsoft and Oracle. If competition is the sincerest form of flattery, then Red Hat should feel flattered several times over. What Red Hat doesn't feel is worried. InformationWeek editor-at-large Larry Greenemeier spoke Friday with Red Hat executive VP of engineering Paul Cormier about Red Hat's response to the newly invigorated competition in the Linux market."
Resources
Demystifying LDAP Data (O'ReillyNet)
Brian K. Jones explains LDAP in an O'Reilly article. "Is LDAP a database or a protocol? Is it understandable and deployable without reading a thousand pages of explanation and documentation? Brian Jones explains LDAP schemas and the layout of data to help you understand what you can store and how you can retrieve it."
Give the Gift of Pre-Installed Linux This Year (LXer)
LXer has been compiling a database of vendors that will ship pre-installed Linux computers. "A few months back, LXer reader, cyber_rigger, began compiling a list of vendors who offer GNU/Linux pre-installed. The list quickly grew, even drawing attention from other news outlets. Meanwhile, the LXer team went to work to produce a usable database that anyone can browse and search. We still have one or two features to implement, but users can quickly and easily browse the Pre-Installed Linux Vendor Database of 106 vendors. All vendors in the list offer reasonably-priced desktops and/or notebooks for home and office users, and either offer Linux only, or as an installation option on the system configuration page of their sites."
An Introduction to Salesforce.com's AppExchange (O'ReillyNet)
O'ReillyNet looks at building and distributing applications on Salesforce's AppExchange. "I attended Salesforce's Dreamforce conference last month because I'd heard that Salesforce has been making a big effort to build a platform that was friendly to developers. I expected to be confronted with a pile of corporate-speak and a lot of vaporware, but what I found was much more surprising. Six different keynote presenters talked about mashups, and one-third of customers in attendance talked about wanting to build or purchase mashups. There was some corporate-speak, which these articles should cut through. The technology, however, was powerful and easy."
Getting Started with WSGI (O'ReillyNet)
Jason R. Briggs introduces WSGI on O'Reilly. "Python 2.5 added support for the WSGI standard. This is a specification for web programming that allows interoperability between frameworks and components. It's also terribly easy to use. Jason Briggs introduces WSGI and gives the background you need to use it productively."
Reviews
Apache project keeps pace with Java changes (ZDNet)
ZDNet looks at the Apache Harmony project. "Apache Harmony, started last year, is creating an open-source version of Java Platform Standard Edition (Java SE), software for making Java programs on PCs. About two weeks ago, the board of the Apache Software Foundation approved a change in status from incubator to top-level project, Geir Magnusson, who is the chair of the Harmony Project Management Committee, said Tuesday."
Reviews of financial software (Linux.com)
Linux.com has reviewed two more financial software packages, Ledger and KMyMoney. From the Ledger review: "Ledger is a command-line accounting application for the hardcore financial professional. If you're an MBA who groks Emacs and regular expressions, or a kernel hacker who appreciates tax deferred accruals, you'll love this application."
From the KMyMoney
review: "KMyMoney is KDE's personal financial management
program. If you don't have complex needs and a lot of history to import,
KMyMoney lets you set up accounts, enter transactions, and generate reports
easily, and other features are doable with some help from the generous
amounts of documentation. However, KMyMoney is not a good choice for small
business owners, who need more functionality than it can provide.
"
SQL-Ledger: Impressive capabilities, but needs polish (Linux.com)
Linux.com reviews SQL-Ledger, a web-based accounting system. "SQL-Ledger is a popular free accounting application with a rich set of features. It's written in Perl and stores your accounting information in a PostgreSQL database, which makes deployment much easier when you have users who work on different machines. Like GnuCash, supports double-entry accounting. Unlike GnuCash, however, it appears to be squarely aimed at the small business community, boasting multiple user support, multiple company support, point-of-sale entry, accounts receivable and payable, and stock tracking. It has a good list of supported languages (29, according to the Web site), and by virtue of its HTML interface is usable on practically any modern operating system -- or indeed a whole range of different operating systems simultaneously."
Linux printing: much done and more to do (Linux.com)
Bruce Byfield summarizes the state of Linux printing on Linux.com. "In the last seven years, printing on Linux has undergone a metamorphosis. Barely adequate printing support, provided on a program by program basis, has been transmuted by a half dozen projects into a wealth of options comparable to those available on Windows or the Mac OS. Where printer manufacturers once ignored Linux, a growing number support it and the rest are watching closely. Standardization and support for multiple distributions remain major problems, but community and corporate interests have recently started working together to address these last remaining problems."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
FSFE Launching Freedom Task Force, Co-operating with gpl-violations.org
The Free Software Foundation Europe (FSFE) has announced the launch of the Freedom Task Force. The Task Force is working closely with Harald Welte of gpl-violations.org and seeks to help programmers properly set up and organize projects legally, as well as educate companies to understand how the GPL works. As needed, the purpose of the group will also include enforcement in the case of license violations.Microsoft seeks input on promise not to sue individuals
Microsoft's Jason Matusow has posted a request for input from the community on how to improve its promise not to sue individual developers. He acknowledges that it "missed the mark," but don't expect things to change too much. "Our design goal is to get language in place that allows individual developers to keep developing. We are not interested in providing carte blanche clearance on patents to any commercial activity - that is a separate discussion to be had on a per-instance basis. As you comment, please keep in mind that we are talking about individuals, not .orgs, not .com, not non-profits, not...well, not anyone other than individual non-commercial coders."
The first OLPC test system arrives in Cambridge
The OLPC team has posted a set of pictures of the first "B1 test" version of the laptop on its arrival at their office. The holiday season, it seems, has arrived early in Cambridge.Samba Team Asks Novell to Reconsider
The Samba Team has sent out a release asking Novell to reconsider its deal with Microsoft. "The patent agreement struck between Novell and Microsoft is a divisive agreement. It deals with users and creators of free software differently depending on their 'commercial' versus 'non-commercial' status, and deals with them differently depending on whether they obtained their free software directly from Novell or from someone else. The goals of the Free Software community and the GNU GPL allow for no such distinctions."
Commercial announcements
Announcing beta 3 of CrossOver 6.0
The beta 3 release of CrossOver 6.0 is available for the Linux and Mac platforms. "This new version fixes a lot of bugs and begins to bring us to a close on the beta process. This includes support for Office 2003 service packs, improved support for Outlook 2003, many Quicken bug fixes, and many other improvements as well."
MySQL to get a new storage engine from NitroSecurity
MySQL and NitroSecurity have announced a deal to work the "NitroEDB" database engine into MySQL. "NitroSecurity originally developed its database technology to address the growing demand for real-time analysis within the network security event management market. Utilizing unique indexing techniques, data management methods and query processing algorithms, the technology enables 'multiple order of magnitude' increases in relational data management and query performance with multi-billion record volumes running on commodity hardware."
Novell Releases Mono 1.2 With Enhanced Support for .NET on Linux
Novell, Inc. has announced the release of Mono 1.2.. "Mono 1.2 adds support for the Microsoft* Windows* Forms API to more easily port .NET client-side applications to Linux*. Other enhancements in this release include virtual machine upgrades and enhanced Java* support, significant performance, memory consumption and stability improvements, and support for many .NET 2.0 features."
OpenVZ adds live migration capability
The OpenVZ project adds a live migration capability to its latest version of the OpenVZ open-source virtualization software. "The OpenVZ project today announced availability of its operating system-level server virtualization software in the form of a kernel based on Linux 2.6.9, including for the first-time in a stable branch, fully-tested and performance-tuned live migration and Virtual Ethernet device features. Previously, those features were only available in the development branch of OpenVZ software."
SWsoft announces Virtuozzo Linux update
SWsoft has announced the availability of an update for its Virtuozzo operating system-level virtualization software. "The Virtuozzo 3.0 for Linux Service Pack 1 delivers advanced networking features including: Ethernet layer network adapter support - enables a virtual environment (VE) to run any Ethernet dependent application or service; VLAN support - allows set up of a virtual networking infrastructure that meets strict security requirements with complete network traffic isolation via support for virtual environment network adapters; Improved CPU management - enables system administrators to assign any number of virtual CPUs, up to the number of physical CPUs available."
Zenoss Launches Core 1.0 Product
Zenoss has announced the launch of their Zenoss Core 1.0 product. "Zenoss Core is an integrated IT monitoring product that allows IT administrators to manage the status and health of their entire infrastructures through a single web-based console. As a free, open source software product, Zenoss provides organizations world-wide with a new alternative for enterprise-grade IT monitoring that is substantially less expensive and easier to deploy than traditional solutions."
New Books
Learning MySQL - O'Reilly's Latest Release
O'Reilly has published the book Learning MySQL by Seyed M.M. "Saied" Tahaghoghi and Hugh E. Williams.New O'Reilly Book - Network Monitoring with Nagios
O'Reilly has published the book Network Monitoring with Nagios by Taylor Dondich.
Resources
Best Practices in Embedded Linux
James Chapman has announced a new white paper entitled Best Practices in Embedded Linux [PDF] that is available from katalix systems for download. A discussion forum is also available for discussion of the paper.FSFE Newsletter
The November 13, 2006 edition of the Free Software Foundation Europe newsletter is online. Topics include: DRM.info platform launched, Introducing Shane M. Coughlan and Maria Luisa Carli, FSFE helped liberating Italian ZIP code database, FSFE at LWE fairs in Utrecht (Netherlands) and London (UK) and FSFE Swedish Team at the Internet Days in Stockholm (Sweden).
Contests and Awards
IMIA OSWG Award - winner Ignacio Valdes (LinuxMedNews)
Ignacio Valdes has won the inaugural annual award of the IMIA Open Source Working Group. "The award is made in recognition of long-standing significant achievment in the promotion of free/libre and open source software in health informatics. The award was presented at the annual business meeting of the AMIA OSWG in Washington DC on 13 November, 2006 by Peter Murray, IMIA Vice President for Working Groups and Special Interest Groups."
The 2006 LMN Freedom Award winners (LinuxMedNews)
LinuxMedNews reports on the winners of the 2006 LMN Freedom Award. "It was a split decision this year. Both Nancy Anthracite and Will Ross are recipients of the 2006 Linux Medical News Freeodm award, co-sponsored with the International Medical Informatics Association. Ross and Anthracite have worked tirelessly to advance the cause of software freedoms in medicine".
Qt Jambi Developer Contest Announced (KDE.News)
KDE.News covers the Qt Jambi Developer Contest. "Trolltech has announced the Qt Jambi Developer Contest, which is now open to all developers following the release of the third Technology Preview (TP) of Qt Jambi. The contest is aimed at encouraging both Java and Qt programmers to try out the new features available in the Qt Jambi TP3. This third and final technology preview is built on the newly-released Qt 4.2, giving Java programmers access to powerful new Qt features like the powerful 2D graphics canvas (Qt Graphics View) and simplified application styling through Widget Stylesheets." The winner will receive a 2.0GHz Apple MacBook.
Education and Certification
Big Nerd Ranch Announces Fast-track LPI Linux Admin Bootcamp
The Big Nerd Ranch will hold the next Fast-track LPI Linux Admin Bootcamp on February 19-23, 2007 outside of Atlanta, GA.
Calls for Presentations
GNOME Journal submission deadline: December 1
The submission deadline for the next edition of the GNOME Journal is December 1, the Journal will be published on December 15.
Upcoming Events
FAVE 2006 final line-up announced
The final line-up for FAVE 2006 has been announced. "FAVE is an event for people who are interested in free and open source creative software on Linux and other computer platforms. It features workshops, talks and performances from free software developers and artists. The 2006 event is taking place at Limehouse Town Hall in London, England on Saturday the 25th of November."
IEEE International Workshop on Open Source Test Technology Tools
The 2007 IEEE International Workshop on Open Source Test Technology Tools (IOST3) will take place in Berkeley, CA on May 10-11, 2007. "The IOST3 workshop establishes and supports a community of practice focused on open source tools, and tools with open interfaces, for the test, quality assurance, and reliability estimation of electronic devices, assemblies, and systems."
Third International Conference on Open Source Systems (LinuxMedNews)
LinuxMedNews has announced the Third International Conference on Open Source Systems. "The Third International Conference on Open Source Systems will be held in Limerick, Ireland 11-14 June 2007. The goal of the conference is intended to "provide an international forum where a diverse community of professionals from academia, industry and public administration can come together to share research findings and practical experiences. The conference is also meant to provide information and education to practitioners, identify directions for further research, and to be an ongoing platform for technology transfer.""
FFII announces the European Patent Conference
The FFII has sent out an announcement for a series of conferences on patents in Europe; the first two events are in Munich (November 25) and Brussels (January 24). "[P]roblems in the patent system affect all industries and all consumers. The European Patent Conference is the ideal opportunity for those who want to fix these problems."
foss.in partial speaker list available
A partial list of speakers for the upcoming foss.in event has been published. The event will take place on November 24-26, 2006 in Bangalore, India. "This year, we have tried to stay away from overpowering people with glitz. We therefore decided that despite my better judgement, we wouldn't be inviting Pamela Anderson, but we do hope that Christoph Hellwig's unique hairstyle will make up for that."
London Perl Workshop 2006
The 2006 London Perl Workshop has been announced, the event will take place on Saturday December 9, 2006 at Westminster University. "The LPW is (like all of the other local Perl workshops) a grass-roots, one day, free Perl conference. The talks are of a very high standard and its a great way to meet people from the Perl community (who come from all over the world to be at the workshop)."
Registrations are open for tutorials at OSDC 2006
Registration is open for the Open Source Developers' Conference 2006 tutorial program. "The tutorials run on the 5th December, followed by the technical program on the 6th - 8th December. Most tutorials include printed reference material." The event takes place in Melbourne, Australia.
Last chance to join the Summer of PyPy
A European PyPy sprint event has been announced. "Hopefully by now you have heard of the "Summer of PyPy", our program for funding the expenses of attending a sprint for students. If not, you've just read the essence of the idea :-) However, the PyPy EU funding period is drawing to an end and there is now only one sprint left where we can sponsor the travel costs of interested students within our program. This sprint will probably take place in Leysin, Switzerland from 8th-14th of January 2007."
Events: November 23, 2006 to January 22, 2007
The following event listing is taken from the LWN.net Calendar.
| Date(s) | Event | Location |
|---|---|---|
| November 21 November 24 |
15th International Conference on Computing | Mexico City, Mexico |
| November 24 November 26 |
FOSS.IN 2006 | Bangalore, India |
| November 25 | FAVE 2006 - free software multimedia event in London | London, UK |
| November 27 November 30 |
PacSec Applied Security Conference 2006 | Tokyo, Japan |
| December 1 December 2 |
PHP Conference Brasil | Sao Paolo, Brazil |
| December 2 December 3 |
Technical Dutch Open Source Event | Eindhoven, the Netherlands |
| December 3 December 8 |
Large Installation System Administration Conference | Washington, D.C. |
| December 5 December 8 |
Open Source Developers' Conference 2006 | Melbourne, Australia |
| December 7 December 8 |
Desktop Architects Meeting | Portland, OR, USA |
| December 9 | London Perl Workshop | London, England |
| December 12 December 19 |
Virtual Congress UnInet Meeting UMeet'2006 | irc.uninet.edu, #linux |
| December 27 December 30 |
23rd Chaos Communication Congress 2006 | Berlin, Germany |
| January 11 January 12 |
Foundations of Open Media Software | Sydney, Australia |
| January 15 January 20 |
linux.conf.au 2007 | Sydney, Australia |
| January 20 January 26 |
Cell Hack-a-thon | Loveland, CO, USA |
If your event does not appear here, please tell us about it.
Web sites
FSF Compliance Lab announces new web site
The Free Software Foundation has announced a new Free Software Licensing web site. "The site aims to help people find the information they need about licenses published by the FSF, such as the GNU General Public License (GPL), and to provide more information about the Lab's work."
Audio and Video programs
Web 2.0 Podcast - a look ahead (O'ReillyNet)
O'Reilly presents podcast coverage of the Web 2.0 Summit 2006. "Two and one half days jam packed with sessions. You'll get to hear and see most of them in this Web 2.0 podcast stream. Next week Tim O'Reilly and John Battelle kick our podcast off with their look at Web 2.0."
Page editor: Forrest Cook