User: Password:
Subscribe / Log in / New account Weekly Edition for March 22, 2007

Linux and flash

As part of your editor's moral duty to be a torment to his children, he requires them to use Linux whenever possible. They have come to realize that Linux works well for almost anything required by their school, but that it is not up to their requirements for fun. The lack of a World of Warcraft client is a big problem, but the lack of solid Flash support seems to be an even bigger one. The YouTube/MySpace lifestyle remains hard to support on Linux; children are unimpressed by our high-quality Theora implementation.

One of the things your editor heard Lawrence Lessig say at Wizards of OS 4 was that video is the communication medium of our time. The free software world needs to better support this channel. In support of this argument, consider that those of us interested in the next U.S. presidential election (a mere year and a half away) may have to resort increasingly to anonymously-posted videos to get our full share of attack advertisements. The best mudslinging will be unavailable to those of us stuck in the text world.

While there are a number of video formats out there, what all of this really comes down to is that we need decent support for Flash. For better or for worse, Flash dominates in a number of areas, including network video and a number of interactive site features. It's not just for really obnoxious advertisements anymore. We do not have decent support for Flash now; that proprietary plugin just does not cut it in the free software world.

The good news is that we're getting closer to the level of support we need. In particular, Benjamin Otte has recently announced that the swfdec Flash player is now able to work with video from YouTube. In general, swfdec has some ground to cover yet; to answer the question of whether swfdec can replace proprietary Flash Benjamin writes:

That really depends on your definition of close. For the definition "implements all of Flash's features" it'll probably not hit 5%. For the definition of "plays all the Flash files on the Web" I think it's 80/20 right now. Swfdec plays 80% of the ads and 20% of the real content.

What's important here is that swfdec has hit a point where it will start to be truly useful; that, in turn, may help to attract more developers to the project. A program which almost works is often more attractive to hack on than something which is just a promise for the future.

Swfdec is not the only Flash-related project out there; Gnash is also working toward a solution to this problem. Gnash would also appear to be at a similar point in development; the project is not quite ready to proclaim YouTube support, but, according to Gnash hacker Rob Savoye, that's a result of different objectives:

I don't want to sound like I'm insulting swfdec, I think it's good there are multiple open source flash players. But swfdec is tweaked to handle primarily YouTube, Gnash handles many more Flash movies correctly. It's a difference in focus.

Given that what we need is one truly good Flash player, one might well wonder what the point of two competing projects is. That is the same question people asked about desktops in the past; at this point it seems clear (to your editor, at least) that the competition between GNOME and KDE has helped to increase the pace of free desktop development and to explore different approaches to the graphical Linux experience. The important thing is to focus on the development and stay away from silly flame wars. To that end, Rob's message contains some good news:

We all spend alot of time talking about Flash internals. [Benjamin's] very happy. We're happy too, because of the discussions of how swfdec and Gnash are implemented, we're learning things from each other's experiences.

If the projects can continue to cooperate and learn from each other, Linux should have a high-quality Flash implementation in short order. If some of the more desktop-oriented distributions were to realize that supporting these projects is very much in their own interest, it could happen even sooner. There are few limits to what a free software project can do once it gets rolling.

A good Flash player is just the beginning, however. If we want free software to have a significant role in the creation of all this content, we need good authoring tools - and those are rather further behind. Another thing Lawrence Lessig urged was the creation of a free software culture for Flash developers, almost all of whom are, for all practical purposes, shipping binaries at this point. Some good free Flash tools, along with increased support for sharing source, could transform the Flash development world - for video and more. We could help to bring freedom to an important communication medium; that would be even better than creating the ability to watch silly videos with free software tools.

Comments (32 posted)

Playing with the N800

Your editor recently decided to pick up a Nokia N800 tablet device. This acquisition wasn't just another case of yielding to the lure of a new gadget - your editor would never do that. Instead, the hope was that the N800 would be useful as a way of getting onto the net and dealing with simple situations without having to haul the laptop everywhere. Besides, such a device is always good for an article or two, at a cost that isn't that much above buying an article from an outside author.

Besides, it's a cool new gadget.

The N800 is, naturally, a Linux-powered device. It has an 800x480 screen, two speakers, and a pop-out camera. There's a headphone jack, a USB port, and two SD memory slots. The device can communicate wirelessly via 802.11 or Bluetooth. Also provided is a stylus which is used for most interaction [N800] with the device; there is a built-in storage slot for the stylus which should help to prevent loss, but it's still nice that Nokia thought to provide a spare as well.

On the connectivity side, the N800 developers have done some nice work. On the first boot, the tablet offers to pair with a Bluetooth-capable phone and set up a GPRS connection automatically. Anybody who has been through the process of setting up a Bluetooth/GPRS link on a Linux system knows that there can be a certain amount of pain involved - and that's before trying to get any real work done over such a painfully slow connection. Having GPRS Just Work is a nice bonus. The tablet also handles WiFi connections easily.

After that, however, a new N800 user might well feel at a bit of a loss. The startup screen includes a Google search bar (the usage of which is entirely straightforward), an RSS reader window with no subscribed feeds, a contact manager window (with no contacts, obviously), and a "Discover Tableteer" window which, when "tapped," opens a web browser on a remarkably static and unhelpful Nokia page. Digging through the menus yields a simple email client. Anybody expecting something that feels like a normal Linux system will be disappointed; there's not a whole lot else there. That can be changed, of course; we'll get to application installation shortly.

The tablet comes packaged with a user's manual, in PDF format, in a large number of languages. The user will not encounter this manual until he or she happens to fire up the file manager and look in the right place, however. The "Discover Tableteer" window does not do much to help a beginning user find this useful document.

Text entry is done through a keyboard which appears at the bottom of the screen; individual letters are approximately 2mm square. In practice, the letters are not hard to hit, and, with a bit of practice, one gets good at entering text quickly. Learning the simple gestures to minimize trips to the shift keys helps a lot. There is another mode where the keyboard expands to fill most of the screen; in this mode, the stylus can be put aside and text can be typed directly with the fingers. It works, and can be nice for extended text input, but your fat-fingered editor had a hard time using it as a real QWERTY keyboard. Finally, the tablet does support handwriting recognition, but your editor has not really had a chance to play with that mode yet.

The web browser is the proprietary Opera application. It works reasonably well for the most part, making good use of the limited display space. Your editor has found it to be not entirely stable; it occasionally hangs and must be restarted. Dragging Google maps around does not work. Pages generally render well, though; the browser is good enough for the sort of work one would want to do on a small tablet device.

Your editor tried the Minimo browser as well. It does not seem to render pages as nicely as Opera, based on some quick tests. It is also far less stable; your editor managed to crash it almost immediately. Still, Minimo will stay on the system in the hope that it gets better; your editor would much prefer to run free software on this system.

There is an application manager which can be used to install more software onto the tablet. The bad news is that it has little to offer out of the box. The good news is that one can go to to look for a rather wider variety of software goodies for the device. The bad news is that the majority of those applications, as of this writing, say "missing install" and cannot actually be installed onto a tablet. The good news is that there's still quite a few useful tools available. In short order, your editor was able to equip his tablet with essential utilities like xterm and an ssh client.

The really bad news showed up with some of the other interesting packages, such as vim and gnumeric. The application manager will happily download the packages before popping up a window which says:

Unable to install: some application packages required for the installation are missing.

Such a message would perhaps have been acceptable ten years ago on some distributions. One would not expect to see it on a Debian-based system in 2007. There is no excuse for an "application manager" which is unable to handle dependencies anymore.

The N800 includes a (proprietary) Flash player and a media player as well. As many others have noted, the tablet comes well equipped to handle patent-encumbered formats like MP3 but it cannot play an Ogg file. One can make an argument for minimizing the size of the base system on a resource-limited tablet, but there's no easy way to fill in that gap afterward either. It would appear that installing an Ogg player, at this point in time, would involve downloading the development kit and building the application from source.

In general, the N800 feels a little like an unfinished product. Nokia has created a nice piece of hardware, based (mostly) on free software, and appears to be hoping that the development community will help turn it into a fully capable device. The company's practice of selling tablets to developers at a sharply-reduced price is clearly intended to help make this happen. One can only hope that Nokia succeeds here; the company has done what we really need it to do: made a open, Linux-based device. We certainly have the ability to make it do interesting things from here.

Comments (9 posted)

The road to freedom in the embedded world

March 16, 2007

This article was contributed by Georg Greve

If I had to choose the single moment that defines when the Free Software movement became self-aware, it would be the 1983 publication of the GNU manifesto by Richard Stallman. Despite its age it is amazingly up to date. Free Software has come a long way since that time; creating an alternative by inspiring people to put together the GNU Project piece by piece on a proprietary platform.

Only with the publication of the Linux kernel were people able to see pure Free Software operating systems running on their computers in the 90s. But they were still booting off a proprietary BIOS, and we also saw an increasing tendency to put hardware functionality into proprietary firmware. Only recently have projects such as LinuxBIOS managed to bring more freedom to the BIOS, although notebooks still are problematic. The issue of proprietary firmware is still being worked on, including by the FSF.

Compared to the situation in the personal computer area, embedded devices are still several years behind, but there are people who are working hard to catch up. I recently had the pleasure to learn a little more about this exciting field.

One device that a lot of people have in their homes or offices are routers to connect to the internet. Until not so long ago, these used to be entirely proprietary. That is no longer true. Not only do several vendors provide routers with more or less free firmware based on the Linux kernel, but the OpenWRT project and its younger offspring the FreeWRT project have also made some amazing advances in this area.

However even though FreeWRT has a web interface to build custom firmware online, both are still catching up with the freedom, ubiquity and sophistication of modern GNU/Linux desktop distributions.

There are still problems with hardware compatibility and drivers, as both distributions are still confined to a certain chipset, and locked into the 2.4 Linux kernel series because of proprietary drivers for the wireless card built by Broadcom, a manufacturer that has proven itself to be very uncooperative towards the Free Software community.

Getting rid of these restrictions to freedom is a collaborative effort with many different players, including FSFE's Freedom Task Force, which helped the OpenWRT team to avoid making mistakes in the reverse engineering of the Broadcom wireless driver, such that the result will then be fully usable by all Free Software.

The situation with mobile phones and PDAs is even worse than that of routers. Until very recently it was close to impossible to find mobile phones that were running Free Software and gave the user control over what they were doing.

One of the first companies that tried to answer requests for Free Software mobile phones was Trolltech with their Qtopia Greenphone. Maybe because this was the first time this was tried, and maybe because they didn't consult enough community voices before launching the phone, they made some mistakes. One of them was the overly restrictive EULA terms, which Trolltech quickly corrected after being confronted with the problem.

This was not the only problem. The Greenphone's package management is still proprietary, although that problem can be mitigated by using the ipkg package manager instead. Ultimately it seems that everything but the communication stack can be replaced by Free Software in this way. So the Greenphone was a step in the right direction, but it is not yet good enough.

The interest it raised probably also helped bringing about the OpenMoko phone, which will ship very soon and which is taking another big step toward freedom. Like the Greenphone, the GSM stack remains proprietary, though. Reasons for this appear to be a thicket of cross-licensed patents and regulatory concerns about frequency usage and transmission strength.

Many politicians are concerned that tinkering with these could impair the ability of other people to communicate, including the ability to access emergency services. Their argument is that the potential damage done by tinkering is greater than the damage of not having the freedom to change the code. This is a reincarnation of the old "your freedom to swing your fist ends at my nose" argument, and it is not easily discarded. We need to convince society with good answers to this and because of that, the GSM stack is likely to remain a difficult area for some time.

Depending on when you start to count, it took our community at least 10 years to address the issue of the proprietary BIOS on our PCs, but we did not let this stop us from improving our GNU/Linux Desktops. In the same way I believe we should work to create maximum freedom on mobile phones.

Other possible candidates have been launched by Nokia, namely the 770 and N800 internet tablets. Both devices are running a Linux kernel with a very small GNU/Busybox system using Debian package management.

Because they do not need the GSM stack, these devices might be made entirely free, though unfortunately they are not being shipped that way. They come with the proprietary Opera browser and a Flash player, which are easily uninstalled and can be replaced by a Mozilla port called Minimo; maybe Gnash can be compiled for them as well.

But there is more work waiting to be done: In a sad kind of irony Nokia seems to have chosen the Gtk+ library over Qt because that would allow them to keep part of their helper library for the embedded small screen proprietary. There are also other parts that are still kept proprietary, like the boot loader and battery charging application. They also seem to share the proprietary firmware problem with the personal computer platform. Even the flashing utility is proprietary software at the current point in time.

This has made some people very sceptical. It may even turn out that we will not be able to free these specific devices entirely without Nokia's help on the hardware interfaces, which may never come. But working to free them will inevitably end up providing more freedom, although maybe not on these specific devices. Experience gained can be used in many ways, and Free Software written can be transferred to other platforms.

Like the Greenphone, these Nokia devices provide a substantial step towards freedom, but are not yet good enough. So they have to be seen as an intermediate step towards freedom in the embedded world. Both Trolltech and Nokia deserve praise for making a step into the right direction, as well as constructive criticism on the remaining proprietary parts, which should also be set free.

There are projects that have already gotten very far in this effort for other devices, like the Familiar Project for the iPAQ which, I was told, is now running fully Free Software except for the wireless driver. And there are other devices that seem capable of running Familiar, like the Siemens Simpad, which also spawned its own community project to set it free. So maybe a project is what we need for the Nokia internet tablets.

An essential element in truly achieving freedom in the embedded world will be to further strengthen the Free Software community in this area and enable more Free Software developers to tinker with these devices.

One person who has done extraordinary work in this area is Harald Welte. His signature is also visible all over the OpenMoko project and the way it actively reaches out to build a strong developer community. We need more people like him and the other OpenMoko developers, and I hope you will take a look at their call for GPL'ed wireless drivers and application developers.

We also need to get more of the devices into the hands of capable developers. This is what Armijn Hemel of did during FOSDEM 2007 when he gave a bunch of routers to the OpenWRT project so they would have more devices to work with and set free.

Ultimately freedom is not static. It is a process that involves a lot of work. It is also a differential question: There are steps towards more freedom, which are good, and steps towards less freedom, which cause problems -- if not immediately, then in the future. The choices of which direction to take were recently described by FSFLA as "The fifth freedom."

As a community, we have set the personal computer free to a very large extent. We are not yet as far with embedded devices, but there are first signs of the Free Software community growing into this area.

With the possible exception of the GSM stack, I believe we have good reason to expect 100% Free Software devices in the near future by starting from the most free, although imperfect, options available and setting them free entirely.

Through this effort we'll not only see the Free Software community flourish in this area and we are also likely to see more hardware vendors willing to supply the community and people who value their freedom with such devices.

Eventually it will be possible to enter the store and buy such a device running only Free Software out of the box, which is what I really want. And with projects such as the GPE Palmtop Environment we will be able to use the same software environment on different hardware devices; something that is common on personal computers, and a great advantage.

Working for this goal can serve to strengthen Free Software on the desktop, because integration of the mobile devices with desktop computers is an important issue. With Free Software it could be possible to use the same software on both, possibly in different versions and from different vendors. The result would be seamless integration that proprietary software might not be able to achieve across vendor boundaries.

It seems only a question of time until someone picks up on this and offers the combination of freedom and convenience to people. In the end, by walking forward on the road to embedded freedom, we might end up strengthening Free Software overall.

(The author is initiator and president of the Free Software Foundation Europe (FSFE) and his personal blog is available at the Fellowship of FSFE)

Comments (124 posted)

Page editor: Jonathan Corbet


SQL-Ledger and LedgerSMB: a study in security reporting

March 21, 2007

This article was contributed by Jake Edge.

Accounting information is the kind of data that most organizations would want to keep private; it is also information that attackers might be most interested in. Because of that, security vulnerabilities in accounting packages require high visibility and prominent announcements so that users can take the appropriate steps to safeguard their data. Two related accounting systems, SQL-Ledger and LedgerSMB provide an interesting contrast in approaches to security reporting.

SQL-Ledger is a GPL-licensed accounting system first released in 1999; it has a large feature set and a sizable number of happy and loyal users. It is a web-based program, written in Perl that uses an SQL database to store the information. The original intent seems to be a system that lived behind a firewall and was not exposed to the Internet; most of the vulnerabilities reported recently have a much reduced impact behind the firewall. In fact, buried at the end of the FAQ, SQL-Ledger recommends using the web server authentication mechanisms (presumably HTTP Basic Auth for Apache) on top of those provided by SQL-Ledger.

SQL-Ledger is tightly controlled by its creator, Dieter Simader, and he has not encouraged a developer community to spring up around the system. This has caused some users to become frustrated with the pace of development; it doesn't help that the suggested way to get features added more quickly is to pay Simader's company to develop them. In addition, the documentation, user forums and wiki are only available to those who pay for them. There is nothing inherently wrong with doing things this way, but it is quite different than the way most GPL projects operate.

The project continued in this manner for quite some time until a reported session hijacking issue was not handled quickly by Simader. Another user mentioned that the issue had been known for a lot longer as they had reported it nearly a year earlier and, though there had been several releases in the interim, no fix had been made. This incident led directly to the September 2006 fork of the SQL-Ledger code as the LedgerSMB (SMB for 'small-medium business') project.

The LedgerSMB developers have created a project that operates the way open source developers expect, with open documentation, a public source code repository and a willingness to accept patches from anyone interested. They have also been doing an informal security audit of the shared codebase and coordinating security releases with SQL-Ledger. They have released a number of detailed vulnerability reports on the Bugtraq mailing list that cover security updates for both projects.

Visiting each project's homepage is very instructive with regards to the security updates. The SQL-Ledger page makes no mention of updates; one must follow the "What's New" link to see the updates and the descriptions make no mention of the security implications of the release. A user could easily be lulled into thinking that "added %00 check for login to trigger an error" is just a run-of-the-mill bug fix rather than a fix for an arbitrary code execution and authentication bypass bug as described in the report.

The LedgerSMB site, on the other hand, has its news listed on the front page and calls the most recent security release (1.1.10) a fix for "a serious security hole." The users and announce mailing lists both have detailed reports about the problem whereas the SQL-Ledger public user mailing list makes no mention of the new release. One presumes and hopes that the users who have purchased support get some kind of notification from DWS Systems (Simader's company), but the non-paying users need to pay close attention to Bugtraq (or the LedgerSMB site).

In many ways, the contrast between the two mirrors the contrast between how open source and proprietary software projects handle security issues. One disseminates the information far and wide while the other treats it as a public relations black eye and obscures it. DWS Systems is presumably trying to protect its income stream but, by doing it in the way it has, it appears to have alienated a segment of its user base which is now directly competing with the company. Had Simader been more responsive to those issues, there very well might not be a competing project. It will be interesting to see which approach works better in the long term or if both thrive equally.

Comments (5 posted)

Brief items

Felten: Too much innovation in the OLPC?

Ed Felten questions the OLPC security model. His problem is not with specifics of the model itself, but rather with an overall sense of second system syndrome. "OLPC needs to be innovative in some areas, but I don't think security is one of them. Sure, it would be nice to have a better security model, but until we know that model is workable in practice, it seems risky to try it out on millions of kids." (LWN covered the OLPC security model in February).

Comments (15 posted)

New vulnerabilities

asterisk: SIP denial of service

Package(s):asterisk CVE #(s):CVE-2007-1306
Created:March 19, 2007 Updated:March 21, 2007
Description: The MU Security Research Team discovered that Asterisk contains a NULL-pointer dereferencing error in the SIP channel when handling request messages. A remote attacker could cause an Asterisk server listening for SIP messages to crash by sending a specially crafted SIP request message.
Gentoo 200703-14 asterisk 2007-03-16

Comments (2 posted)

inkscape: format string vulnerabilities

Package(s):inkscape CVE #(s):CVE-2007-1463 CVE-2007-1464
Created:March 21, 2007 Updated:April 16, 2007
Description: Inkscape has a format string vulnerability in its URI handling, possibly allowing an attacker to execute code with user privileges via a specially crafted file.

Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.

Gentoo 200704-10 inkscape 2007-04-16
rPath rPSA-2007-0061-1 inkscape 2007-03-28
Foresight FLEA-2007-0002-1 inkscape 2007-03-24
Mandriva MDKSA-2007:069 inkscape 2007-03-22
Ubuntu USN-438-1 inkscape 2007-03-20

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-0005 CVE-2007-1000
Created:March 15, 2007 Updated:November 14, 2007
Description: The Linux kernel has a boundary error problem with the Omnikey CardMan 4040 driver read and write functions. This can be used to cause a buffer overflow and possible execution or arbitrary code with kernel privileges.

The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c is vulnerable to a NULL pointer dereference. Local users can use this to crash the kernel or to disclose kernel memory.

Fedora FEDORA-2007-599 kernel 2007-06-21
Ubuntu USN-489-1 linux-source-2.6.15 2007-07-19
Ubuntu USN-486-1 linux-source-2.6.17 2007-07-17
Debian DSA-1286-1 linux-2.6 2007-05-02
Red Hat RHSA-2007:0169-01 kernel 2007-04-30
Mandriva MDKSA-2007:078 kernel 2007-04-04
Fedora FEDORA-2007-336 kernel 2007-03-14
Fedora FEDORA-2007-335 kernel 2007-03-14

Comments (none posted)

libwpd: buffer overflows

Package(s):libwpd CVE #(s):CVE-2007-0002
Created:March 16, 2007 Updated:April 9, 2007
Description: iDefense reported several overflow bugs in libwpd. An attacker could create a carefully crafted Word Perfect file that could cause an application linked with libwpd, such as OpenOffice, to crash or possibly execute arbitrary code if the file was opened by a victim.
Gentoo 200704-07 libwpd 2007-04-06
Slackware SSA:2007-085-02 libwpd 2007-03-27
Fedora FEDORA-2007-351 libwpd 2007-03-19
Fedora FEDORA-2007-350 libwpd 2007-03-19
Ubuntu USN-437-1 libwpd 2007-03-19
Debian DSA-1268-1 libwpd 2007-03-17
Mandriva MDKSA-2007:064 2007-03-16
Mandriva MDKSA-2007:063 libwpd 2007-03-16
rPath rPSA-2007-0057-1 libwpd 2007-03-16
Red Hat RHSA-2007:0055-01 libwpd 2007-03-16

Comments (none posted)

lookup-el: insecure temporary file

Package(s):lookup-el CVE #(s):CVE-2007-0237
Created:March 19, 2007 Updated:December 10, 2007
Description: Tatsuya Kinoshita discovered that Lookup, a search interface to electronic dictionaries on emacsen, creates a temporary file in an insecure fashion when the ndeb-binary feature is used, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
Gentoo 200712-07 lookup 2007-12-09
Debian DSA-1269-1 lookup-el 2007-03-18

Comments (none posted)

LSAT: insecure temporary file creation

Package(s):lsat CVE #(s):
Created:March 19, 2007 Updated:March 21, 2007
Description: LSAT insecurely writes in /tmp with a predictable filename. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When the LSAT script is executed, this would result in the file being overwritten with the rights of the user running the software, which could be the root user.
Gentoo 200703-20 lsat 2007-03-18

Comments (none posted)

nas: code execution

Package(s):nas CVE #(s):CVE-2007-1543 CVE-2007-1544 CVE-2007-1545 CVE-2007-1546 CVE-2007-1547
Created:March 21, 2007 Updated:April 24, 2007
Description: The Network Audio System daemon has a number of vulnerabilities which can be exploited to run arbitrary code or force a crash.
Gentoo 200704-20 nas 2007-04-23
rPath rPSA-2007-0067-1 nas 2007-04-04
Foresight FLEA-2007-0007-1 nas 2007-04-03
Ubuntu USN-446-1 nas 2007-03-28
Debian DSA-1273-1 nas 2007-03-27
Mandriva MDKSA-2007:065 nas 2007-03-20

Comments (none posted)

openafs: privilege escalation

Package(s):openafs CVE #(s):CVE-2007-1507
Created:March 21, 2007 Updated:April 4, 2007
Description: The handling of setuid files in the OpenAFS filesystem is flawed in such a way that a sufficiently clever attacker could make an arbitrary executable file to appear to be setuid.
Gentoo 200704-03 openafs 2007-04-03
Mandriva MDKSA-2007:066 openafs 2007-03-20
Debian DSA-1271-1 openafs 2007-03-20

Comments (none posted) buffer overflow and command execution

Package(s) CVE #(s):CVE-2007-0238 CVE-2007-0239
Created:March 21, 2007 Updated:April 17, 2007
Description: The StarCalc parser in suffers from an "easily exploitable" stack overflow which could be exploited (via a malicious document) to execute arbitrary code.

Additionally, there is a failure to escape shell metacharacters in URLs, exposing users to command execution by way of hostile links.

Gentoo 200704-12 openoffice 2007-04-16
rPath rPSA-2007-0070-1 2007-04-09
Mandriva MDKSA-2007:073 2007-03-29
Foresight FLEA-2007-0004-1 2007-03-29
Ubuntu USN-444-1 2007-03-27
Debian DSA-1270-2 2007-03-28
Fedora FEDORA-2007-376 2007-03-27
Fedora FEDORA-2007-375 2007-03-27
Red Hat RHSA-2007:0069-01 2007-03-22
Red Hat RHSA-2007:0033-01 2007-03-22
SuSE SUSE-SA:2007:023 2007-03-21
Debian DSA-1270-1 2007-03-20

Comments (none posted)

ssh: privilege escalation

Package(s):ssh CVE #(s):CVE-2006-0705
Created:March 15, 2007 Updated:March 21, 2007
Description: The SSH server has a format string vulnerability in the SFTP code for scp2 and sftp2. The accessed filename can be passed to the system log, an unspecified error could allow uncontrolled stack access. Authenticated users may be able to use this to bypass command restrictions or run commands as another user.
Gentoo 200703-13 ssh 2007-03-14

Comments (none posted)

webcalendar: missing input sanitizing

Package(s):webcalendar CVE #(s):CVE-2007-1343
Created:March 16, 2007 Updated:March 21, 2007
Description: It was discovered that WebCalendar, a PHP-based calendar application, insufficiently protects an internal variable, which allows remote file inclusion.
Debian DSA-1267-1 webcalendar 2007-03-15

Comments (none posted)

Page editor: Jonathan Corbet

Kernel development

Brief items

Kernel release status

The current 2.6 prepatch is 2.6.21-rc4, released by Linus on March 16. It consists mostly of fixes, but there is also a patch adding device_schedule_callback(), which lets device-oriented code request a callback (from process context) in the near future. See the long-format changelog for more details on 2.6.21-rc4.

The current -mm tree is 2.6.21-rc4-mm1. Recent changes to -mm include a new version of the lumpy reclaim patch, some anti-fragmentation work, an updates RSDL scheduler, and the revoke() system call.

There is a stable kernel update in the works as this is written; it may well be released by the time you read it.

For older kernels: was released on March 20 with a fair number of fixes, a couple of which are security-related.

Comments (none posted)

Kernel development news

Quote of the week

Quite frankly, I was *planning* on merging RSDL very early after 2.6.21, but there is one thing that has turned me completely off the whole thing:

  • the people involved seem to be totally unwilling to even admit there might be a problem.

This is like alcoholism. If you cannot admit that you might have a problem, you'll never get anywhere. And quite frankly, the RSDL proponents seem to be in denial ("we're always better", "it's your problem if the old scheduler works better", "just one report of old scheduler being better").

-- Linus Torvalds

Comments (none posted)

Toward improved page replacement

When memory gets tight (a situation which usually comes about shortly after starting an application like tomboy), the kernel must find a way to free up some pages. To an extent, the kernel can free memory by cleaning up its own internal data structures - reducing the size of the inode and dentry caches, for example. But, on most systems, the bulk of memory will be occupied by user pages - that is what the system is there for in the first place, after all. So the kernel, in order to accommodate current demands for user pages, must find some existing pages to toss out.

To help in the choice of pages to remove, the kernel maintains two big linked lists for each memory zone. The "active" list contains pages which have been recently accessed, while the "inactive" list has those which have not been used in the recent past. When the kernel looks for pages to evict, it will scan through the inactive list, in the theory that the pages least likely to be needed soon are to be found there.

There is an additional complication, though: there are two fundamental types of pages to be found on these lists. "Anonymous" pages are those which are not associated with any files on disk; they are process memory pages. "Page cache" pages, instead, are an in-memory representation of (portions of) files on the disks. A proper balance between anonymous and page cache pages must be maintained, or the system will not perform well. If either type of page is allowed to predominate at the expense of the other, thrashing will result.

The kernel offers a knob called swappiness which controls how this balance is struck. If the system administrator sets a higher value of swappiness, the kernel will allow the page cache to occupy a larger portion of memory. Setting swappiness to a very low value is a way to tell the kernel to keep anonymous pages around at the expense of the page cache. In general, the system can be expected to perform better if page cache pages are reclaimed first; they can often be reclaimed without needing to be written back to disk, and their layout on the disk can make recovery faster should they be needed again. For this reason, the default value for swappiness favors the eviction of page cache pages; anonymous pages will only be targeted when memory pressure becomes relatively severe.

Swappiness clearly affects how the process of scanning pages for eviction candidates is done. If swappiness is low, anonymous pages will simply be passed over. As it turns out, this behavior can lead to performance problems; there may be a lot of anonymous pages which must be scanned over before the kernel finds any page cache pages, which are the ones it was looking for in the first place. It would be nice to avoid all of that extra work, especially since it comes at a time when the system is already under stress.

Rik van Riel has posted a patch which tries to improve this situation. The approach taken is quite simple: the active and inactive lists are each split into two new lists: one pair (active and inactive) for anonymous pages and one pair for page cache pages. With separate lists for the page cache, the kernel can go after those pages without having to iterate over a bunch of uninteresting anonymous pages on the way. The result should be better scalability on larger systems.

The idea is simple, but the patch is reasonably large. Any code which puts pages onto one of the lists must be changed to specify which list is to be used; that requires a number of small changes throughout the memory management and filesystem code. Beyond that, the current patch does not really change how the page reclamation code works, though Rik does note:

For now the swappiness parameter can be used to tweak swap aggressiveness up and down as desired, but in the long run we may want to simply measure IO cost of page cache and anonymous memory and auto-adjust.

There tends to be a lot of sympathy for changes which remove tuning knobs in favor of automatic adaptation within the kernel itself. So if this approach could be made to work, it might well be adopted. Getting system tuning right is hard; it's often better if the computer can figure it out by itself.

Meanwhile, the list-splitting patch, so far, lacks widespread testing or benchmarking. So, at this point, it is difficult to say when (or in what form) this patch will find its way into the mainline.

Comments (17 posted)


Applications do not normally worry about the allocation of blocks for files they create; instead, they simply write the data and assume the the kernel will do a proper job of finding a home for that data. There are times when it is useful to take a more active role in block allocation, though. If an application knows how much data it will be writing, it can request the needed blocks ahead of time, enabling the kernel to allocate them all at once, contiguously on the disk. Application developers concerned about reliability may also want to know that the needed disk space has already been procured before beginning a critical operation.

Unix systems have not traditionally provided a way for applications to control block allocation. An application on a current Linux kernel has only one way to force allocation: write a stream of data to the relevant portion of the file. This technique works, but it loses one of the advantages of preallocation: letting the kernel do all the work at once and ensure that the blocks are contiguous on disk if possible. Writing useless data to the disk solely for the purpose of forcing block allocation is also wasteful.

The POSIX way of preallocating disk space is the posix_fallocate() system call, defined as:

     int posix_fallocate(int fd, off_t offset, off_t len);

On success, this call will ensure that the application can write up to len bytes to fd starting at the given offset and know that the disk space is there for it.

Linux does not currently have an implementation of posix_fallocate() in the kernel. This patch by Amit Arora may change that situation, however. Amit's patch has been through a couple of rounds of review which have changed the interface considerably; the current form of the proposed system call is:

    long fallocate(int fd, int mode, loff_t offset, loff_t len);

The fd, offset, and len arguments have the same meaning as with posix_fallocate(), making it easy for the C library to implement the standard interface. The additional mode argument changes the way the call operates; normal usage will be to specify FA_ALLOCATE, which causes the requested blocks to be allocated. If, instead, FA_DEALLOCATE is given, the requested block range will be deallocated, allowing an application to punch a hole in the file.

Internally, the system call does not do much of the work; instead, it calls the new fallocate() inode operation. Thus, each filesystem must implement its own fallocate() support. The future plans call for a possible generic implementation for filesystems which lack fallocate() support, but the generic version would almost certainly have to rely on writing zeroes to the file. By pushing the operation into the filesystem itself, the kernel gives the filesystem the opportunity to satisfy the allocation in a more efficient way, without the need to write filler data. Filesystems do need to be sure that applications cannot use fallocate() to read old data from the allocated blocks, though.

For now, filesystem-level support is scarce. There are patches circulating which add fallocate() support to ext4. The XFS filesystem has supported preallocation (through a special ioctl() call) for some time, but will need to be modified to do preallocation through the new inode operation. It's not clear when other filesystems may get native support; the tracking of allocated but unwritten blocks is a significant addition. So, for the near future, the efficiency benefits of fallocate() may be unavailable for most users.

Comments (7 posted)

The 2007 Linux Storage and File Systems Workshop

March 19, 2007

This article was contributed by Brandon Philips

Fifty members of the Linux storage and file system communities met February 12 and 13 in San Jose, California to give status updates, present new ideas and discuss issues during the 2007 Linux Storage and File Systems Workshop. The workshop was chaired by Ric Wheeler and sponsored by EMC, NetApp, Panasas, Seagate and Oracle.

Day 1: Joint Session

Ric Wheeler opened with an explanation of the basic contract that storage systems make with the user: the complete set of data will be stored, bytes are correct and in order, and raw capacity is utilized as completely as possible. It is so simple that it seems that there should be no open issues, right?

Today, this contract is met most of the time but Ric posed a number of questions. How do we validate that no files have been lost? How do we verify that the bytes are correctly stored? How can we utilize disks efficiently for small files? How do errors get communicated between the layers?

Through the course of the next two days some of these questions were discussed, others were raised and a few ideas proposed. Continue reading for the details.

Ext4 Status Update

Mingming Cao gave a status update on ext4, the recent fork of the ext3 file system. The primary goal of the fork was the move to 48-bit block numbers; this change allows the file system to support up to 1024 petabytes of storage. This feature was originally designed to be merged into ext3, but was seen as too disruptive. The patch is also built on top of the new extents system. Support for greater than 32K directory entries will also be merged into ext4.

On top of these changes a number of ext3 options will be enabled by default including: directory indexing which improves file access for large directories, "resize inodes" which reserve space in the block group descriptor for online growing, and 256-byte inodes. Ext3 users can use these features today with a command like:

    mkfs.ext3 -I 256 -O resize_inode dir_index /dev/device

A number of other features are also being considered for inclusion into ext4 and have been posted on the list as RFCs. This includes a patch that will add nanosecond timestamps and the creation of persistent file allocations, which will be similar to posix_fallocate() but won't waste time writing zeros to the disk.

Ext4 currently stores a limited number of extended attributes in-inode and has space for one additional block of extended attribute data, but this may not be enough to satisfy xattr-hungry applications. For example, Samba needs additional space to support Vista's heavy use of ACLs, and eCryptFS can store arbitrarily large keys in extended attributes. This led everyone to the conclusion that data needs to be collected on how extended attributes are being used to help developers decide how to best implement them. Until larger extended attributes are supported, application developers need to pay attention to the limits that exist on current file systems e.g. one block on ext3 and 64K on XFS.

Online shrinking and growing was briefly discussed and it was suggested that online defragmentation, which is a planned feature, will be the first step toward online shrinking. A bigger issue however is storage management and Ted Ts'o suggested that the Linux file system community can learn from ZFS on how to create easy to manage systems. Christoph Hellwig sees the disk management issue as being a user space problem that can be solved with kernel hooks and sees ZFS as a layering violation. Either way it is clear that disk management should be improved.

The fsck Problem

Zach Brown and Valerie Henson were slated to speak on the topic of file system repair. While Val booted her laptop, she introduced us to the latest fashion: laptop rhinestones, a great discussion piece if you are waiting on a fsck. If Val's estimates for fsck time in 2013 come true, having a way to pass the time will become very important.

Val presented an estimate of 2013 fsck times. She first measured a fsck of her 37GB /home partition (with 21GB in use) which took 7.5 minutes and read 1.3GB of file system data. Next, she used projections of disk technology from Seagate to estimate the time to fsck a circa-2013 home partition, which will be 16 times larger. Although 2013 disks will have a five-fold bandwidth increase, seek times will only improve about 1.2 times (to 10ms) leading to an increase in fsck time from about 8 minutes to 80 minutes! The primary reason for long fscks is seek latency, since fsck spends most of its time seeking over the disk discovering and fetching dynamic file system data like directory entries, indirect blocks and extents.

Reducing seeks and avoiding the seek latency punishment is key to reducing fsck times. Val suggested one solution would be keeping a bitmap on disk that tracks the blocks that contain file system metadata; this would allow for reading all data in a single arm sweep. This optimization, in the best case, would make a single sequential sweep over the disk and, on the future disk, reading all file system metadata would only take around 134 seconds, a large improvement over 80 minutes. A full explanation of the findings and possible solutions can be found in the paper Repair-Driven File System Design [PDF]. Also, Val announced that she is working full time on a file system called chunkfs [PDF] that will make speed and ease of repair a primary design goal.

Zach Brown presented some blktrace output from e2fsck. The outcome of the trace is that, while the disk can stream data at 26 Mb/s, fsck is achieving only 12 Mb/s. This situation could be improved to some degree without on-disk layout changes if the developers had a vectorized I/O call. Zach explained that in many cases you know the block locations that you need, but with the current API you can only read one at a time.

A vectorized read would take a number of buffers and a list of blocks to read as arguments. Then the application could submit all of the reads at once. Such a system call could save a significant amount of time since the I/O scheduler can reorder requests to minimize seeks and merge requests that are nearby. Also, reads to blocks that are located on different disks could be parallelized. Although a vectorized read could speed up the fsck eventually file system layout changes will be needed to make fsck faster.

libata: bringing the ATA community together

Jeff Garzik gave an update on the progress of libata, the in-kernel library to support ATA hosts and devices. He first presented the ATAPI/SATA features that libata now supports including: PATA+C/H/S, NCQ, FUA, SCSI SAT, and CompactFlash. The growing support for parallel ATA (PATA) drives in libata will eventually deprecate the IDE driver; Fedora developers are helping to accelerate testing and adoption of the libata PATA code by disabling the IDE driver in Fedora 7 test 1.

Native Command Queuing (NCQ) is a new command protocol introduced in the SATA II extensions and is now supported under libata. With NCQ the host can have multiple outstanding requests on the drive at once. The drive can reorder and reschedule these requests to improve disk performance. A useful feature of NCQ drives is the force unit access (FUA) bit which will ensure the data, in write commands with this bit set, will be written to disk before returning success. This has the potential of enabling the kernel to have both synchronous and non-synchronous commands in flight. There was a recent discussion about both NCQ FUA and SATA FUA in libata on the linux-ide mailing list.

Jeff briefly discussed libata's support for SCSI ATA translation (SAT) which lets an ATA device appear to be a SCSI device to the system. The motivation for this translation is the reuse of error handling and support for distribution installers which already know how to handle SCSI devices.

There are also a number of items slated as future work for libata. Many drivers need better suspend/resume support and the driver API is due for a sane initialization model using a allocate/register/unallocate/free system and "Greg blessed" kobjects. Currently libata is written under the SCSI layer and debate continues on how to restructure libata to minimize or eliminate its SCSI dependence. Error handling has been substantially improved by Tejun Heo and his changes are now in mainline. If you have had issues with SATA or libata error handling, try an updated kernel to see if those issues have been resolved. Tejun and others continue to add features and tune the libata stack.

Communication Breakdown: I/O and File Systems

During the morning a number of conversations sprung up about communication between I/O and file systems. A hot topic was getting information from the block layer about non-retryable errors that affect an entire range of bytes and passing that data up to user space. There are situations when retries are happening on a large range of bytes even when the I/O layer knows that an entire range of blocks are missing or bad.

A "pipe" abstraction was discussed to communicate data on byte ranges that are currently in error, under performance strain (because of a RAID5 disk failure), or temporarily unplugged. If a file system were aware of ranges that are currently handling a recoverable error, have unrecoverable errors or are temporarily slow, it may be able to handle the situation more gracefully.

File systems currently do not receive unplug events and handling unplug situations can be tricky. For example, if a fibre channel disk is pulled for a moment and plugged back in it may be down for only 30 seconds but how should the file system handle the situation? Ext3 currently remounts the entire file system as read only. XFS has a configurable timeout for fibre channel disks that must be reached before it sends an EIO error. And what should be done with USB drives that are unplugged? Should the file system save state and hope the device gets plugged back in? How long should it wait and should it still work if it is plugged into a different hub? All of these questions were raised but there are no clear answers.

The Filesystems Track

The workshop split into different tracks; your author decided to follow the one dedicated to filesystems.

Security Attributes

Michael Halcrow, eCryptFS developer, presented an idea to use SELinux to make file encryption/decryption dependent on application execution. For example, a policy could be defined so that the data would be unencrypted when OpenOffice is using the file but encrypted when the user copies the file to a USB key. After presenting the mechanism and mark-up language for this idea Michael opened the floor to the audience. The general feeling was that SELinux is often disabled by users and that per-mount-point encryption may be a more useful and easy to understand user interface.

Why Linux Sucks for Stacking

Josef Sipek, Unionfs maintainer, went over some of the issues involved with stacking file systems under Linux. A stacking file system, like Unionfs, provides an alternative view of a lower file system. For example, Unionfs takes a number of mounted directories, which could be NFS/ext3/etc, as arguments at mount time and merges their name space.

The big unsolved issue with stacking file systems is handling modifications to the lower file systems in the stack. Several people suggested that leaving the lower file system available to the user is just broken and that by default the lower layers should only be mounted internally.

The new fs/stack.c file was discussed too. This file currently contains a simple inode copy routines that is used by Unionfs and eCryptfs, but in the future more stackable file system routines should be pushed to this file.

Future work for Unionfs includes getting it working under lockdep and additional experimentation with an on-disk format. The on-disk format for Unionfs is currently under development; it will store white-out files (representing files which have been deleted by a user but which still exist on the lower-level filesystems) and persistent Unionfs inode data.

B-trees for a Shadowed FS

Many file systems use B-trees to represent files and directories. These structures keep data sorted, are balanced, and allow for insertion and deletion in logarithmic time. However, there are difficulties in using them with shadowing. Ohad Rodeh presented his approach to using b-trees and shadowing in an object storage device, but the methods are general and useful for any application.

Shadowing may also be called copy-on-write (COW); the basic idea is that when a write is made the block is read into memory, modified, and written to a new location on disk. Then the tree is recursively updated starting at the child and using COW until the root node is atomically updated. In this way the data is never in an inconsistent state; if the system crashes before the root node is updated then the write is lost but the previous contents remain intact.

Replicating the details of his presentation would be a wasted effort as his paper, B-trees, Shadowing and Clones [PDF], is well written and easy to read. Enjoy!

eXplode the code

Storage systems have a simple and important contract to keep: given user data they must save that data to disk without loss or corruption even in the face of system crashes. Can Sar gave an overview of eXplode [PDF], a systematic approach to finding bugs in storage systems.

eXplode systematically explores all possible choices that can be made at each choice point in the code to make low-probability events, or corner cases, just as probable as the main running path. And it does this exploration on a real running system with minimal modifications.

This system has the advantage of being conceptually simple and very effective. Bugs were found in every major Linux file system, including a fsync bug that can cause data corruption on ext2. This bug can be produced by doing the following: create a new file, B, which recycles an indirect block from a recently truncated file, A, then call fsync on file B and crash the system before file A's truncate gets to disk. There is now inconsistent data on disk and when e2fsck tries to fix the inconsistency it corrupts file B's data. A discussion of the bug has been started on the linux-fsdevel mailing list.


The second day of the file systems track started with a discussion of an NFS race. The race appears when a client opens up a file between two writes that occur during the same second. The client that just opened the file will be unaware of the second write and will keep an out-of-date version of the file in cache. To fix the problem, a "change" attribute was suggested. This number would be consistent across reboots, unit-less and would increment on every write.

In general everyone agreed that a change attribute is the right solution, however Val Henson pointed out that implementing this on legacy file systems will be expensive and will require on disk format changes.

Discussion then turned to NSFv4 access control lists (ACLs). Trond Myklebust said they are becoming a standard and Linux should support them. Andreas Gruenbacher is working on patches to add NFSv4 support to Linux but currently only ext3 is supported; more information can be found on the Native NFSv4 ACLs on Linux page. A possibly difficult issue will be mapping current POSIX ACLs to NFSv4 ACLs, but a draft document, Mapping Between NFSv4 and Posix Draft ACLs, lays out a mapping scheme.

GFS Updates

Steven Whitehouse gave an overview of the recent changes in the Global File System 2 (GFS2), a cluster file system where a number of peers share access to the storage device. The important changes include a new journal layout that can support mmap(), splice() and other system calls on journaled files, page cache level locking, readpages() and partial writepages() support, and ext3 standard ioctls lsattr and chattr.

readdir() was discussed at some length, particularly the ways in which it is broken. A directory insert on GFS2 may cause a reorder of the extensible hash structure GFS2 uses for directories. In order to support readdir() every hash chain must be sorted. The audience generally agreed that readdir() is difficult to implement and Ted Ts'o suggested that someone should try to go through committee to get telldir/seekdir/readdir fixed or eliminated.


A brief OCFS2 status report was given by Mark Fasheh. Like GFS2, OCFS2 is a cluster file system, designed to share a file system across nodes in a cluster. The current development focus is on adding features, as the basic file system features are working well.

After the status update the audience asked a few questions. The most requested OCFS2 feature is forced unmount and several people suggested that this should be a future virtual file system (vfs) feature. Mark also said that users really enjoy the easy setup of OCFS2 and the ability to use it as a local file system. A performance hot button for OCFS2 are the large inodes and occupy an entire block.

In the future Mark would like to mix extent and extended attribute data in-inode to utilize all of the available space. However, as the audience pointed out, this optimization can lead to some complex code. In the future Mark would also like to move to GFS's distribute lock manager.

DualFS: A New Journaling File System for Linux

DualFS is a file system by Juan Piernas that separates data and meta data into separate file systems. The on-disk format for the data disk is similar to ext2 without meta-data blocks. The meta data file system is a log file system, a design that allows for very fast writes since they are always made at the head of the log which reduces expensive seeks. A few performance numbers were presented; under a number of micro- and macro-benchmarks DualFS performs better than other Linux journaling file systems. In its current form, DualFS uses separate partitions for data and metadata, forcing the user to answer a difficult question: how much metadata do I expect to have?

More information, including performance comparisons, can be found on the DualFS LKML announcement and the project homepage. The currently available code is a patch on top of 2.4.19 and can be found on SourceForge.

pNFS Object Storage Driver

Benny Halevy gave an overview of pNFS (parallel NFS), which is part of the IETF NFSv4.1 draft and tries to solve the single server performance bottleneck of NFS storage systems. pNFS is a mechanism for an NFS client to talk directly to a disk device without sending requests through the NFS server, fanning the storage system out to the number of SAN devices. There are many proprietary systems that do a similar thing including EMC's High Road, IBM's TotalStorage SAN, SGI's CXFS and Sun's QFS. Having an open protocol would be a good thing.

However, Jeff Garzik was skeptical of including pNFS in the NFSv4.1 draft particularly because to support pNFS the kernel will need to provide implementations of all three access protocols: file storage, object storage and block storage. This will add significant complexity to the Linux NFSv4 implementation.

Benny explained that the pNFS implementation in Linux is modular to support multiple layout-type specific drivers which are optional. Each layout driver dynamically registers itself using its layout type and the NFS client calls it across a well-defined API. Support for specific layout types is optional. In the absence of a layout driver for some specific layout type the NFS client falls back to doing I/O through the server.

After this overview Benny turned to the topic of OSDs, or object based storage devices. These devices provide a more abstract view of the disk than the classic "array of blocks" abstraction seen in todays disks. Instead of blocks, objects are the basic unit of an OSD, and each object contains both meta-data and data. The disk manages the allocation of the bytes on disk and presents the object data as a contiguous array to the system. Having this abstraction in hardware would make file system implementation much simpler. To support OSDs in Linux Benny and others are working to get bi-directional SCSI command support into the Kernel and support for variable length command descriptor blocks (CDBs).

Hybrid Disks

Hybrid disks with an NVCache (flash memory) will be in consumers' hands soon. Timothy Bisson gave an overview of this new technology. The NVCache will have 128-256Mb of non-volatile flash memory that the disk can manage as a cache (unpinned) or the operating system can manage by pinning specified blocks to the non-volatile memory. This technology can reduce power consumption or increase disk performance.

To reduce power consumption the block layer can enable the NVCache Power Mode, which tells the disk to redirect writes to the NVCache, reducing disk spin-up operations. In this mode the 10 minute writeback threshold of Linux laptop mode can be removed. Another strategy is to pin all file system metadata in the NVCache, but spin-ups will still occur on non-metadata reads. An open question is how this pinning should be managed when two or more file systems are using the same disk.

Performance can be increased by using the NVCache as a cache for writes requiring a long seek. In this mode the block layer would pin the target blocks ensuring a write to the cache instead of incurring the expensive seek. Also, a file system can use the NVCache to store its journal and boot files for additional performance and reduced system start-up time.

If Linux developers decide to manage the NVCache there are many open questions. Which layer should manage the NVCache? The file system or block layer? And what type of API should be created to leverage the cache? Another big question is how much punishment can these caches take? According to Timothy it takes about a year (using a desktop workload) to a fry the cache if you are using it as a write cache.

Scaling Linux to Petabytes

Sage Weil presented Ceph, a network file system that is designed to scale to petabytes of storage. Ceph is based on a network of object based storage devices and complete copies of each object is distributed across multiple nodes using an algorithm called CRUSH. This distribution makes it possible for nodes to be added and removed from the system dynamically. More information on the design and implementation can be found on the Ceph homepage


The workshop concluded with the general consensus that bringing together SATA, SCSI and file system people was a good idea and that the status updates and conversations were useful. However, the workshop was a bit too large for code discussion and more targeted workshops will need to be held to workout the details of some of the issues discussed at LSF'07. Topics for future workshops include virtual memory and file system issues and extensions that are needed to the VFS.

Comments (52 posted)

Patches and updates

Kernel trees


Core kernel code

Development tools

Device drivers

Filesystems and block I/O


Memory management




Page editor: Jonathan Corbet


News and Editorials

On the road to Slackware 12

After Slackware 11.0 was released last October the Slackware-current changelog was pretty quiet. Firefox 2.0 became optionally available to Slackers and there were a few security fixes, but for several months the entry heading up the log was this one from November 9th.
Thu Nov 9 18:16:50 CST 2006
Q: Hey, what's the deal with -current?
A: Renovations are underway to the toolchain (gcc, glibc, binutils, etc),
       and it makes little sense to update what is essentially Slackware 11.0
       only to do the work all over again once the new toolchain is ready.
       In addition, these things aren't going as smoothly as anticipated.
       I'd like to put the NPTL version of glibc into /lib and the LinuxThreads
       version into /lib/obsolete/linuxthreads (since some old binaries are
       going to need them), but doing this prevents the use of a 2.4 kernel.
       Perhaps it's finally time to drop support for Linux 2.4? Personally,
       I'd rather not as 2.4 is more forgiving of flaky hardware and thus
       tends to get better uptimes (at least on the servers I run ;-).
       Comments about this issue are welcomed.
       glibc-2.5 has also been having some problems with locale support here
       that need to be investigated and dealt with. I'd rather base the glibc
       in Slackware on an official glibc release, but using the development
       repo is also something under (slight) consideration if it works

That changed this week with this lengthy changelog notice going back to this November 20th entry.

Mon Nov 20 14:31:25 CST 2006
Thanks to everyone who provided valuable feedback on the question below.  It
looks as if Slackware -current (future 12.0?) is going to charge into 2.6-only
territory, but it will be a conservative "charge".  :-)  The overwhelming
consensus is that the 2.6 series is now more than stable enough for production
use.  Some folks expressed concern over the loss of Linux 2.4.x compatibility,
but they were a definite minority.  Some suggested maintaining two -current
branches -- one following 2.4 and the other 2.6.  The solution that'll be
taken concerning 2.4.x will be to make Slackware 11.0 better maintained than
simply security updates.  It should see some other non-security updates as
well (perhaps the introduction of an /updates directory?), and will be a long
lived OS for those who swear by the stability of the 2.4.x kernel series.
Meanwhile, 2.4.x compatibility features (such as the, er, mess? going on in
the startup scripts) will be steadily eliminated in -current to focus on the
best possible 2.6.x support.  With a lot of work, we should be able to make
the next Slackware release an excellent choice for both servers and desktops.
Again -- thanks for all the input!  :-)

So what's new for the next Slackware release, besides a 2.6 kernel? Many packages have been upgraded. Several packages have been added to go along with the modular upgrade. Python 2.5 is in along with newer versions of Ruby, Samba and several version control systems (git, Subversion, Mercurial). The init scripts have been split into a new package to go along with an upgrade to sysvinit-2.86. The current kernel is Linux and KDE 3.5.6 is in. All in all there's been quite a bit of removal of old cruft, shiny new packages added, many things split and rearranged. From the March 17th entry:

Sat Mar 17 19:14:35 CDT 2007
  Happy St. Patrick's Day!  :-)
  This is more-or-less stable (functionally), but there's still a lot of
  package splitting and other rearranging and adding to be done, but it's
  time for the Slackware community to see how far we've gotten.  If the
  luck o' the Irish is with us, it'll be a fairly short alpha/beta/rc
  period from here.  Well, have fun!

Comments (1 posted)

New Releases

Debian Installer etch RC2 released

The second release candidate for the Debian Etch installer is available for testing. "Unless release critical issues are discovered, this will be the version of the installer that will be included in the release of Etch. There are no real major changes in this release, but we have been able to use the time since RC1 to fix quite a few important and minor issues."

Full Story (comments: none)

Foresight Linux 1.1 released

Foresight Linux 1.1 has been released. Foresight includes the latest version of GNOME, the Epiphany web browser, Orca, Evince, Tomboy, and much more.

Comments (none posted)

openSUSE 10.3 Alpha2 Release

openSUSE 10.3 Alpha2 is is available. "openSUSE 10.3 Alpha2 is an important milestone for us since it is an installable release so that everybody doing development in the last weeks can double check that their changes not only work in their own environment but also in the complete distribution. It also shows us the state of STABLE so that everybody should be able to use STABLE as basis for their work."

Full Story (comments: none)

Slightly changed openSUSE 10.2 ISOs released

Slightly changed openSUSE 10.2 ISO images have been released. "The reason for putting out those updated ISOs is a license issue, which had to be addressed."

Full Story (comments: none)

Distribution News

Call for votes for the Debian Project Leader Elections 2007

Voting has begun in the 2007 Debian Project Leader Elections. Debian Developers have until the end of April 7th to vote for the candidate of their choice.

Full Story (comments: none)

Gentoo code of conduct adopted

The Gentoo Council has adopted the proposed code of conduct after making a few modifications. Now things move to the implementation stage, including the naming of "proctors" who will enforce the code. Click below for the council meeting summary.

Full Story (comments: 4)

openSUSE @ FOSDEM 2007 video recordings online

All talks that were given in the openSUSE "DevRoom" have been recorded (in audio and video) and are now available from

Full Story (comments: none)

Ubuntu announcements

The Ubuntu 7.04 beta freeze is in effect. The beta is expected to be released March 22, 2007.

Daniel Holbach looks at using tags in Malone (the bug tracker), especially the 'bitesize' tag.

Ben Collins covers the kernel team bug triage policy. "This policy is meant to work in conjunction with current bug triaging policies. This is in the hopes that the bug flow to the kernel team will be easier, and allow community to better help the team with the large amount of bug reports we receive."

Comments (none posted)

Ubuntu 5.10 reaches end-of-life on April 13th 2007

Ubuntu has announced an end-of-life for 5.10 "the Breezy Badger". Released on October 13, 2005, Breezy will have been supported for 18 months on April 13, 2007. The supported upgrade path from Ubuntu 5.10 is via Ubuntu 6.06 LTS. Ubuntu 7.04 "the Feisty Fawn" will be newly released for those Breezy users ready for a clean install.

Full Story (comments: none)

Distribution Newsletters

Gentoo Weekly Newsletter

The Gentoo Weekly Newsletter for March 12, 2007 covers Gentoo/FreeBSD 6.2 stages, Updated Playstation 3 stages, Gentoo Documentation Project seeking help, and much more.

Comments (none posted)

Mandriva : Cooker : the Inside Man VI

The 6th issue of Cooker: the inside man looks at how to become a Mandriva packager, multi-language support on the wiki, automatic updates to the kernel, pre-versions of X11 server 1.3 and Intel video driver 2.0, default Gnome desktop apps, and several other topics.

Comments (none posted)

Ubuntu Weekly News: Issue #32

The Ubuntu Weekly Newsletter for March 18, 2007 covers Ubuntu's new Website redesign, Breezy Badger's end of the road and Ubuntu's involvement in the year's Google Summer of Code. "Feisty is also going into Beta, so everyone can feel the excitement in the air."

Full Story (comments: none)

DistroWatch Weekly, Issue 194

The DistroWatch Weekly for March 19, 2007 is out. "With the release of Red Hat Enterprise Linux (RHEL) 5, the focus of many Linux users will shift to those projects that rebuild the source packages made available by the prominent North American Linux vendor into a complete RHEL clone. Many other distributions are also in advanced stages of development: Mandriva Linux 2007.1 will be one of the first major distributions to make a new release this year, while a highly up-to-date Slackware Linux 11.1 shouldn't be far behind either. In other news: Debian has announced the second release candidate of Debian Installer for Etch, Gentoo approves a new code of conduct for its developers, the Freespire community voices its concerns over the direction of the distribution, and OpenBSD announces the release date for version 4.1. Our feature story this week is a commentary about a new, collaborative development model as pioneered by the Wolvix and Ultima developers, followed by a brief review of Wolvix 1.1.0 alpha."

Comments (none posted)

Newsletters and articles of interest

Four good reasons to switch to RHEL 5 (Linux-Watch)

Linux-Watch presents four reasons to switch to Red Hat Enterprise Linux 5. "What Red Hat brings to the table ahead of the pack is virtualization management. Anyone can set up a VM (virtual machine) on Linux -- or, they can try. To set one up successfully, you really do have to know precisely what you're doing. With RHEL 5, any reasonably experienced system administrator should be able to set up VMs without yanking out major amounts of hair. Once in place, those VMs are also a lot easier to manage."

Comments (none posted)

Kubuntu-based Pioneer Linux turns 2.0 (DesktopLinux)

DesktopLinux takes a look at Pioneer Linux 2.0. "Techalign has released version 2.0 of its Kubuntu-based Pioneer Linux desktop. The new version features a 2.6.17 kernel and the KDE 3.5.4 desktop, extensive support for multimedia, and Automatix, which automates the installation and uninstallation of many popular applications."

Comments (none posted)

Novell preps SUSE Enterprise Linux 10 SP1 (Linux-Watch)

Linux-Watch covers Novell's upgrade to SUSE Enterprise Linux 10. "According to Novell, SP1 will include enhanced virtualization support and management via the latest update, version 3.0.4, of the Xen hypervisor. With this, Novell will also include new paravirtualized network and block device drivers said to allow Microsoft Windows Server 2000/2003/XP to run unmodified in Xen virtual environments on SUSE Linux Enterprise Server 10 operating with chips that support Intel VT (Virtualization Technology) and AMD "Pacifica" virtualization."

Comments (none posted)

Distribution reviews

Ubuntu Feisty Fawn: Desktop Linux Matured (OSnews)

OSnews reviews Ubuntu's Feisty Fawn Herd 5 CD. "I've been an Arch/Slackware Linux user for the last 3 years, but Ubuntu has won me the last few days because of the conveniences it brings. The point of the matter is, I am now older. I am 33 years old and I just don't have the same energy as I used to to deal with stupid issues that they should not be there, or with removal or non-development of conveniences for no good reason. Ubuntu is a distro that obviously has paid attention to detail (and everyone who knows me from my past writings knows how much I can bitch about "defaults" and "details") and has found a good middle ground between hard core Linux users and new users from the Windows/OSX land. I am looking forward for the final version of Feisty Fawn in April and you should do too."

Comments (none posted)

Getting started with the CentOS 4.4 Single Server CD ( looks at the CentOS 4.4 Single Server CD. "The Single Server CD contains most of the items required for a basic server set up, but without a GUI. It's great for those who want a functional install quickly. Also, since there is no memory-hungry GUI, you can run a basic server with just 128MB of RAM, though of course you will need more if you need to deploy large databases."

Comments (none posted)

BOSS Linux makes new users feel at home ( has a review of BOSS Linux. "BOSS Linux is a single-CD Debian-based distribution primarily designed for an Indian language user, though everything from the installer to the desktop defaults to English. BOSS 1.1, which was released last month by the Indian government-sponsored National Resource Center for Free/Open Source Software (NRCFOSS), includes several utilities and desktop enhancements, such as a document converter and the 3-D desktop Beryl, which make it a very usable distro, despite a few rough edges."

Comments (none posted)

Page editor: Rebecca Sobol


Analyze audio with Sonic Visualiser

Sonic Visualiser is an application for viewing audio files, designed by Chris Cannam at the Queen Mary University of London Centre for Digital Music. Sonic Visualizer's target audience is people in the field of music production:

The aim of Sonic Visualiser is to be the program you reach for when you find a musical recording you want to study rather than simply hear. As well as a number of features designed to make exploring audio data as revealing and fun as possible, Sonic Visualiser also has powerful annotation capabilities to help you to describe what you find, and the ability to run automated annotation and analysis plugins in the new Vamp analysis plugin format. We hope Sonic Visualiser will be of particular interest to musicologists, archivists, signal-processing researchers and anyone else looking for a friendly way to take a look at what lies inside the audio file.

[Sonic Visualizer] Sonic Visualiser's feature list includes:

  • Support for WAV, Ogg and MP3 formatted audio files.
  • Designed to work with the JACK Audio Connection Kit.
  • The ability to play audio files with realtime visualization.
  • Display of time-series audio data.
  • Display of audio spectrum data.
  • Display of basic, melodic range and peak frequency spectrograms.
  • Interactive control knobs for changing display height and time windows.
  • The ability to overlay annotations for comparison purposes.
  • Support for loading external annotation data.
  • Support for adding labels to audio segments.
  • Support for loading, displaying and playing of MIDI file note data.
  • Support for feature-extraction plugins such as beat and pitch detectors.
  • The ability to play audio back at different speeds.
  • The ability to extract regions of audio to external files.
  • Support for large audio files.
See the reference manual and other documentation for a more complete description of Sonic Visualiser's capabilities.

Your author tried running the precompiled binary on a 1.8 Ghz Athlon system with an M-Audio Delta 44 four channel sound card. The system was running the Ubuntu Edgy Eft distribution with JACK installed and running at 44.1Khz. The software worked fine with the basic time series display, but sound playback started to drop out when the more demanding spectrogram displays were enabled. The system was not able to fully compute the spectrum display while the music played. A faster and more finely tuned machine would probably help.

The user interface did not take long to figure out, the waveform display was easy to navigate around and the amplitude and time span knobs were fun to play around with. When viewing the spectrum analysis display, a few minor changes to the controls quickly caused the application to became unresponsive while it cranked on the data.

[Sonic Visualiser Screenshot] A .wav file with Roger Waters playing the song "Shine on you Crazy Diamond" was viewed. Interestingly, it was possible to see the individual guitar notes, drum beats, singing and other components of the music in the spectrogram display. When real-time playback was stopped, the machine was able to crank on the audio data and produce a more complete view of the spectral data.

Version 1.0 pre3 of Sonic Visualiser was announced on March 19, 2007: "Announcing the release of Sonic Visualiser 1.0pre3, a pre-release for the soon forthcoming Sonic Visualiser 1.0." If you want to try the code out, source code and precompiled binaries are available for download here.

Comments (2 posted)

System Applications

Audio Projects

JACK 0.103.0 released

Version 0.103.0 of JACK, the JACK Audio Connection Kit, is out with numerous bug fixes. "JACK is a low-latency audio server, written for POSIX conformant operating systems such as GNU/Linux and Apple's OS X. It can connect a number of different applications to an audio device, as well as allowing them to share audio between themselves."

Comments (none posted)

Database Software

PostgreSQL Weekly News

The March 18, 2007 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

Embedded Systems

BusyBox 1.4.2 announced

Version 1.4.2 of BusyBox, a collection of command line utilities for embedded systems, is out. "This release includes only trivial fixes accumulated since 1.4.1."

Comments (none posted)


CUPS 1.2.10 released

Version 1.2.10 of CUPS, the Common UNIX Printing System, has been announced. "CUPS 1.2.10 fixes the init script used to start the scheduler, a recursion bug in the pdftops filter, and several other issues reported after the 1.2.9 release."

Comments (none posted)

CUPS Driver Development Kit 1.1.1

Version 1.1.1 of the CUPS Driver Development Kit has been announced. "The new release fixes a bug in ppdmerge when importing Japanese PPD files. The CUPS Driver Development Kit (DDK) provides a suite of standard drivers, a PPD file compiler, and other utilities that can be used to develop printer drivers for CUPS and other printing environments."

Comments (none posted)

Web Site Development

mnoGoSearch 3.3.1 released

Version 3.3.1 of mnoGoSearch, a web site search engine, is out with numerous enhancements. See the change history document for details.

Comments (none posted)

A Relational View of the Semantic Web (O'Reilly)

Andrew Newman discusses the semantic web on O'Reilly. "As people are increasingly coming to believe, Web 2.0 and the Semantic Web have a lot in common: both are concerned with allowing communities to share and reuse data. In this way, the Semantic Web and Web 2.0 can both be seen as attempts at providing data integration and presenting a web of data or information space. As Tim Berners-Lee wrote in Weaving the Web[1]: If HTML and the Web made all the online documents look like on huge book, RDF, schema and inference languages will make all the data in the world look like one huge database."

Comments (none posted)

Desktop Applications

Audio Applications

Ardour 2.0 beta12 released

Version 2.0 beta12 of Ardour, a multi-track audio workstation project, is out. "Two months since our last beta release, we are finally ready to unleash 2.0 beta12, with over a hundred fixes and hugely improved stability. Here is the Mac OS X 10.4.x universal binary, a 10.3.x version can be made upon request. This will be the last beta before 2.0rc1, which will be followed by 2.0rc2 and then 2.0. There are still bugs (Shock!) in 2.0 beta12, but it's time to get the 2.0 release wrapped up so that developers can start working on new features in addition to bug fixes. 2.0 is now at least as stable as 0.99.3, and for a number of tasks, much more stable." Read the full release announcement for more information.

Comments (none posted)

Desktop Environments

GARNOME 2.18.0 released

Version 2.18.0 of GARNOME, the bleeding edge GNOME distribution, is out. "This release incorporates the GNOME 2.18.0 Desktop and Developer Platform, fine-tuned with love by the GARNOME Team. It includes updates and fixes after the GNOME 2.18.0 freeze, together with a host of third-party GNOME packages, Bindings and the Mono(tm) Platform -- this release is the first of a new stable GNOME branch and ships with the latest and greatest releases."

Full Story (comments: none)

GNOME Software Announcements

The following new GNOME software has been announced this week: You can find more new GNOME software releases at

Comments (none posted)

KDE 4.0 release schedule finalized (KDE.News)

KDE.News reports that the release schedule for KDE 4.0 has been finalized. "The KDE Community and the release team have put together a release plan for the long anticipated version 4.0, which is planned to be released in October 2007. KDE 4.0 will be a major milestone for the Free Desktop, as it offers a new foundation and set of frameworks that will shape the desktop user experience for years to come."

Comments (none posted)

KDE Commit-Digest (KDE.News)

The March 18, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "Interface experiments in Amarok 2.0, with the aKode engine shown the door. Initial work on incremental parsing functionality in KDevelop. Further functional development in the Step educational physics simulation package. More refinement of the Oxygen-themed KDE Games artwork, revised sounds in the Oxygen sound theme and more work done on the Oxygen widget style. The Oxygen iconset is dual-licenced as Creative Commons and LGPL. Support for the Plucker document format in okular. Zoom work (ViewBar) and Coverity fixes in KOffice. Basic Phishing protection and the start of user documentation in Mailody. Optimisations in KJS (JavaScript interpreter) and KSysGuard. Import of Athec into playground/games and KBackup to playground/utils in KDE SVN. First NEPOMUK-based GUI elements appear. KSplashX displaces KSplashML as the splash screen engine for KDE 4."

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week: You can find more new KDE software releases at

Comments (none posted)

Xorg Software Announcements

The following new Xorg software has been announced this week: More information can be found on the X.Org Foundation wiki.

Comments (none posted)


CBOLD 1.00 announced

Version 1.00 of the CBOLD Framework has been announced. "CBOLD is a C++ framework for capturing board-level electronic designs. The CBOLD class libraries allow you to capture and process a design using a text editor and a C++ compiler. CBOLD provides a concise, intuitive notation for schematicless capture of board-level designs. Instead of entering a schematic into an EDA tool, the designer creates a C++ program that describes the design and the desired outputs. When the program is compiled and run, it verifies the legality of the design and writes output files (CAD layout netlist, bill of materials, FPGA constraint files, etc.) to disk."

Comments (none posted)

Qucs 0.0.11 released

Version 0.0.11 of the Qucs project has been announced "Qucs is a circuit simulator with a graphical user interface. It aims to support all kinds of circuit simulation types, e.g. DC, AC, S parameter, and harmonic balance analysis. Qucsator, the simulation backend, is a command line circuit simulator. It takes a network list in a certain format as input and outputs a Qucs dataset. It has been programmed for usage in the Qucs project but may also be used by other applications. The new release comes with two new translations into Czech and Catalan, subcircuit parameters and equations in subcircuits. The tabular scrollbar can now be moved directly with the mouse cursor dragging and painting and handling of graphics has been much improved at zoom factors != 1. ..."

Comments (none posted)

Financial Applications

SQL-Ledger 2.6.27 released

Version 2.6.27 of SQL-Ledger, a web-based accounting system, is out with the following change: "added %00 check for login to trigger an error". Note that this is a security fix!

Comments (none posted)


libwfut 0.1.0 released

The WorldForge game project has announced version 0.1.0 of libwfut. "The first release of libwfut is now available. libwfut is a C++ implementation of the Java updater tool, WFUT. It is primarily intended for use with WorldForge clients to allow integrated media updates, although it is not limited to this task. A command line tool, wfut, is provided which can replace the Java tool for command line based updates. This tool does not provide the GUI interface that the Java tool does, nor does it provide the server-side update functionality."

Comments (none posted)

GUI Packages

Qt 4.2.3 and 3.3.8 Released (KDE.News)

KDE.News has announced the release of Qt versions 4.2.3 and 3.3.8. "Trolltech has released version 4.2.3 of Qt. This is mainly a bug-fix release, with updates to numerous classes across all platforms. Changes include a new unofficial Portuguese translation, three fixes to lupdate including one which brings a 400x speed increase, and a fix to a bug in QTextEdit which caused the bottom lines to become unreachable after adding the scroll bar. Meanwhile Qt 3.3.8 has been released, quite possibly the penultimate in the Qt 3 line with support for Qt 3 ending in July."

Comments (none posted)


Wine 0.9.33 released

Version 0.9.33 of Wine has been announced. Changes include: "Many Direct3D fixes and performance improvements, More comctl32 tests and some bug fixes, Compatibility improvements in cmd.exe, Still more fixes to builtin OLE, Support for process control on Solaris and Lots of bug fixes."

Comments (none posted)

Wine Weekly Newsletter

The March 19, 2007 edition of the Wine Weekly Newsletter is online with coverage of the Wine project. Topics include: Wine 0.9.33, Coverity Changes, DSound & ALSA Project, Winecfg DirectX Options, New Benchmarks and Status of MacOS X Port.

Comments (none posted)


Swfdec works with YouTube

Benjamin Otte, a developer for the Swfdec Flash player, has posted some information on the current development version, which can play videos from YouTube. "It means that when you grab the Swfdec library and the swfdec-mozilla package out of git and manage to install it correctly, you will be able to go to any Youtube video site and have it play back the videos in your browser. The buttons don't work yet and it certainly doesn't behave 100% like the Adobe plugin, but it certainly plays the videos."

Comments (4 posted)

Music Applications

GMIDImonitor 3.0 released

Version 3.0 of GMIDImonitor, a GTK+ application that shows MIDI events, is out. New features include JACK MIDI support, force disabling for LASH, JACK MIDI and ALSA MIDI and more.

Full Story (comments: none)

GMIDImonitor 3.1 released

Version 3.` of GMIDImonitor, a GTK+ application that shows MIDI events, is out with two bug fixes.

Full Story (comments: none)

pnpd/nova 0.00.3 released

Version 0.00.3 of nova (formerly called pnpd) is out. "nova is a new computer music system, with a dataflow syntax." This version adds a prototype graphical patcher.

Full Story (comments: none)

Rosegarden 1.5.1 released

Version 1.5.1 of Rosegarden, an audio and MIDI sequencer and musical notation editor, is out. "This is a minor release fixing a dozen or so bugs found in the previous, more thrilling 1.5.0 release."

Full Story (comments: none)

Office Applications

HylaFAX 4.3.3 released

Version 4.3.3 of HylaFAX, a fax modem control application, has been announced. "This is primarily a bugfix release, and as such is a recommended upgrade. Our sincerest thanks go to all who participate in the development and testing process."

Comments (none posted)

Web Browsers

Firefox and released

Two new versions of Firefox are out: "Due to the security fixes, we strongly recommend that all Firefox users upgrade to these latest releases." Note that Firefox 1.5.0.x will only be maintained (by Mozilla) until April 24.

Full Story (comments: none)


Wasabi renamed to Xesam

The Wasabi unified desktop searching project has been renamed Xesam. "It is final. Wasabi is no more - it has been renamed to Xesam. There where a lot of positive feedback through our minor crisis, and I thank all who have put up suggestions for project names. I am sorry that I had to cut through, but we really needed to leave this behind us and get some actual work done."

Full Story (comments: none)

Languages and Tools


Caml Weekly News

The March 20, 2007 edition of the Caml Weekly News is out with new Caml language articles.

Full Story (comments: none)


Reflections on Java Reflection (O'ReillyNet)

Russ Olsen discusses Java Reflection on O'Reilly. "In ordinary life, a reflection is what you see when you look in the mirror. In the world of programming, reflection is what you call it when a program looks at and possibly even modifies its own structure. The Java reflection API allows you to do exactly that by giving you a window into the fundamental features of the language -- classes and fields and methods -- via an ordinary Java API. Understanding reflection will help you understand the tools that you use every day."

Comments (none posted)


Python Software Foundation meeting minutes

The minutes from the February, 2007 Python Software Foundation board and members meetings are available.

Comments (none posted)


Ruby Weekly News

This week's edition of the Ruby Weekly News covers the Google Summer of Code, a new Ruby release, how to deal with unmaintained projects, and more.

Comments (none posted)


Tcl-URL! - weekly Tcl news and links

The March 20, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

The Torvalds Transcript (InformationWeek)

InformationWeek interviews Linus Torvalds about GPLv3. "Finally, the real basic issue is that I think the Free Software Foundation simply doesn't have goals that I can personally sign up to. For example, the FSF considers proprietary software to be something evil and immoral. Me, I just don't care about proprietary software. It's not "evil" or "immoral," it just doesn't matter. I think that Open Source can do better, and I'm willing to put my money where my mouth is by working on Open Source, but it's not a crusade -- it's just a superior way of working together and generating code."

Comments (54 posted)

Perens blasts Microsoft/Novell 'protection racket' (Linux-Watch)

Linux-Watch reports on Bruce Perens' press conference protesting the Novell/Microsoft deal. "In a small conference room across the street from the location of Novell's BrainShare conference, free-software advocate Bruce Perens attacked Novell's patent deal with Microsoft and said that Novell was enabling Microsoft to run "a protection racket" with the threat of its patents."

Comments (9 posted)

Trade Shows and Conferences

PyCon Wireless Network (

Sean Reifschneider, from, writes about running the wireless network for PyCon 2007. "How do you make 600 Python geeks happy? Well, wireless network access is a good start... It was so bad [at PyCon 2006], that we decided to run our own wireless network this year. The wired network last year worked reasonably well, though there were some issues with DHCP there as well. So, I volunteered to run the network for 2007."

Comments (none posted)


Linux platform supports dual-mode phones (Digit Online)

Digit Online covers the latest offering from A la Mobile. "A la Mobile is hoping to help fuel the supply of converged Wi-Fi and GSM (Global System for Mobile) phones with a new version of its Linux-based mobile phone software package. A la Mobile designed the new Linux system stack to make it easier for handset makers to quickly build and deliver converged phones that can support VOIP (voice over IP) services over Wi-Fi as well as GSM voice. The software stack includes a standard SIP (Session Initiations Protocol)-based VOIP client as well as the other applications included in A la Mobile's initial offering such as Java, Adobe Flash, a browser and e-mail."

Comments (3 posted)

Novell adds Virtuozzo virtualization to SLES (Linux-Watch)

Linux-Watch looks at SWSoft's Virtuozzo virtualization software in Novell's SLES 10. "Novell and SWsoft have partnered to combine Novell's SLES 10 (SUSE Linux Enterprise Server 10) with SWSoft's Virtuozzo virtualization software, to deliver an integrated virtualization server, SWSoft announced today."

Comments (none posted)

Secure Linux Appliances in Your Enterprise

High Mobley at q!Bang Solutions talks about the Debian Router Project, which provides an easy way to build your own Linux appliances. "What's great about DebRouter is that you get a fully functional Debian Linux installation. So you can add whatever software packages you want to extend the functionality of the DebRouter. This is implemented through the usual Debian package management utilities, which means that you can change a DebRouter's functionality on the fly and in the field after it's been deployed."

Comments (none posted)

Red Hat bands with open-source allies (ZDNet)

ZDNet covers Red Hat's upcoming Red Hat Exchange program. "Red Hat, planning a new expansion beyond its core Linux operating system business, will launch a service later this year called the Red Hat Exchange to sell partners' open-source software. The service, which the company announced Wednesday, marks a new stage both in Red Hat's competition with proprietary software companies such as Microsoft, IBM and Oracle, and in its alliances with open-source companies. The Red Hat Exchange is designed to help bring a much broader collection of open-source options to market, piggybacking on Red Hat's brand and customer connections."

Comments (none posted)

Red Hat Plans Linux Desktop Offering 'for the Masses' (eWeek)

eWeek looks at Red Hat's plans for an Enterprise Desktop. "Red Hat is planning a packaged Linux desktop solution that it hopes will push its Linux desktop offering to a far broader audience than exists for its current client solution. The move is designed in part to compete with Novell's SUSE Linux Enterprise 10 platform, which includes SUSE Linux Enterprise Server and SUSE Linux Enterprise Desktop, which were released in July 2006."

Comments (6 posted)

Sun hires Debian Linux founder (ZDNet)

ZDNet reports that Ian Murdock has taken a job at Sun. " At Sun, Murdock now holds the title of chief operating platforms officer. On his blog, he said he'll work both with Linux and Sun's competing, newly open-source Solaris. "I'm not saying much about what I'll be doing yet, but you can probably guess from my background and earlier writings that I'll be advocating that Solaris needs to close the usability gap with Linux to be competitive," he said on his blog. But it won't be just about Solaris at Sun: "Even with Solaris front and center, I'm pretty strongly of the opinion that Linux needs to play a clearer role in the platform strategy.""

Comments (8 posted)

Symantec's Storage Software To Support Red Hat Linux 5 ( reports that Symantec's Veritas storage products will be available for Red Hat Enterprise Linux 5 in the near future. "Symantec, which has had a working partnership with Red Hat since 2003, will offer Veritas Storage Foundation, Veritas Cluster Server and Veritas NetBackup solutions to Red Hat customers, and will also offer support for Red Hat Enterprise Linux 5 within 90 days, said Laura Shepard, Linux product line manager."

Comments (none posted)

Linux Adoption

Living (and dying) with Linux in the workplace (ComputerWorld)

ComputerWorld has a "Windows user tries Linux" article; this one is rather longer and more detailed than most. "Unlike many of the applications included on new Windows systems, these don't seem to come with annoying self-launching advertisements, such as the irony-challenged Trend Micro Anti-Spyware pop-up upgrade pleas that plagued my HP system at home. Novell's SUSE also boasts some of the on-screen eye candy corporate users have come to expect, such as a 3D swoosh when a window minimizes."

Comments (9 posted)

More Hope for the Linux Desktop (CIO)

CIO reports from a "council" held by HP involving a number of large financial companies. "Based on my take regarding the Council's interest in the Linux desktop, I would say that these organizations are diligently seeking a desktop solution beyond the Microsoft nightmare of purchase, patch, and upgrade. When your wealthiest clients are actively looking to stop using your solution, you should be worried."

Comments (4 posted)

Linux at Work

Pharmacy System Using Ubuntu to fight AIDS (tectonic)

tectonic looks at iDART-in-a-box. "Written in Java and released under the GPL, iDART (intelligent Dispensing of Antiretroviral Treatment) is a pharmacy system designed for use at antiretroviral (ARV) pharmacies in the public health sector. Initially distributed only as software, it was generally implemented on machines using Windows. Due to issues of reliability and security, Cell-Life have created iDART-in-a-box, which is a complete system running on Ubuntu Linux." (Found on LinuxMedNews)

Comments (none posted)


Ian Murdock: Debian "missing a big opportunity" (Linux Format)

Linux Format interviews Ian Murdock. "I believe that open source projects are no different from businesses or any other kind of organization in that to get any meaningful work done, there has to be strong leadership. That leadership has to be empowered to make decisions even when those decisions are unpopular. I think that's part of the reason why Ubuntu has done well: there is a strong leader, and that strong is empowered."

Comments (13 posted)

Pino Toscano (People Behind KDE)

Here's a People Behind KDE interview with Pino Toscano. "In what ways do you make a contribution to KDE? I'm the current okular maintainer (Albert Astals Cid gave me his blessing two months ago). First of all, I'm an active KDE-Edu developer, holding the maintainance of kig, and being and helping hand all round. Moreover, I give my contributions translating KDE into Italian (I'm part of the Italian translation team)." (Found on KDE.News)

Comments (none posted)


Open source video editing still has a long way to go (

Robin 'Roblimo' Miller discusses the state of Linux video editing tools in a article. "Once or twice a year I look at FOSS video editing tools to see if they're ready for everyday use by advanced amateur and low-end professional video makers, which is where I classify myself in the video production hierarchy. There have been several notable improvements recently that have moved FOSS video editing tools a little closer to practicality, but FOSS desktop video editing still has a long way to go before it can be taken seriously by people who need to turn out high-quality video productions on tight deadlines."

Comments (12 posted)

How to create a command-line password locker (

Duane Odom creates a simple locker script for passwords, on "Like many people, I have too many passwords to remember. To keep them straight, I wrote a simple password locker script using dialog and GnuPG (GNU Privacy Guard). The script prompts the user for a master password using a dialog box, unencrypts a file that holds a list of passwords, and opens the file in a text editor. When the editor is closed, the script re-encrypts the password file."

Comments (13 posted)

How To Install VMware Server On A Fedora Core 6 Desktop (HowtoForge)

HowtoForge presents a tutorial on installing VMware Server on a Fedora Core 6 machine. "With VMware Server you can create and run guest operating systems ("virtual machines") such as Linux, Windows, FreeBSD, etc. under a host operating system. This has the benefit that you can run multiple operating systems on the same hardware which saves a lot of money, and you can move virtual machines from one VMware Server to the next one (or to a system that has the VMware Player which is also free)."

Comments (none posted)


The Fedora Desktop User Guide needs some editing ( takes a look at the Fedora Desktop User Guide. "Aimed at new users, the Fedora Project's Fedora Desktop User Guide (FDUG) attempts to address some worthwhile questions: What does its audience want to do? What does the audience need to know to accomplish those tasks? What explanations and layout will help them absorb the information they need as easily and as quickly as possible? FDUG does a reasonable job of anticipating audience need, covering topics from logging in and basic desktop features to descriptions of setting up mail and managing photos and sharing directories. However, its presentation of information fails to answer the other questions implicit in technical writing, and suffers in both text and design from a lack of consistency."

Comments (none posted)

FSlint: annoyingly vague, but useful (Linux Journal)

Bruce Byfield looks at FSlint 2.20. "Version 2.20 of FSlint is a program whose functionality is at odds with its design. On the one hand, a program for -- as the name suggests --- locating and removing unnecessary or useless material ("lint") from a filesystem is a handy one to install. On the other hand, a rough interface with cryptic buttons and options and a lack of anything except minimal help files makes accessing its options a bit of a challenge, especially at first."

Comments (none posted)

PDFedit fills hole in the desktop ( reviews PDFedit. "PDFedit is not the first tool for editing PDF files on the GNU/Linux desktop, but it does have a strong claim to being the first truly practical one. Although only at version 0.2.5, PDFedit is already a practical solution for manipulating pages and text in PDF files, as well as for salvaging content in usable formats. It suffers only from an eccentric interface and some of the instability typical of an early release."

Comments (1 posted)

Page editor: Forrest Cook


Non-Commercial announcements

John Backus dies

John Backus, the creator of the Fortran programming language, has passed on. There is an obituary in the New York Times. "In an interview several years ago, Ken Thompson, who developed the Unix operating system at Bell Labs in 1969, observed that '95 percent of the people who programmed in the early years would never have done it without Fortran.'"

Comments (23 posted)

Ardour joins the Google Summer of Code

The Ardour multi-track audio workstation project has joined the 2007 Google Summer of Code. "Last year we had several great projects, a great time and both got some work done and brought some new developers onto the team. Let's repeat that this year!"

Comments (none posted)

Beagle participation in Summer of Code

The Beagle desktop search project will take place in the Google Summer of Code. "The application process has just begun, and students have until March 24th to submit their applications."

Full Story (comments: none)

CLAM at the 2007 Google Summer of Code

The CLAM audio project will be participating in the 2007 Google's Summer of Code. "We are very excited to offer a number of ideas that would benefit CLAM now that it is about to reach its 1.0 release. We also encourage you to propose new ideas if you feel none of the ones offered by the CLAM team suits your profile or interests."

Full Story (comments: none)

gEDA in the Google Summer of Code

The gEDA electronic design and analysis project will participate in the 2007 Google Summer of Code. "Now is the time for interested students to get their applications ready. Note that if you want to participate in the SoC, you must apply to Google, not to the gEDA Project. However, prior to making an application to Google, I suggest you contact one of us (Dan, Stuart) who can informally review your project proposal, and suggest a mentor for your project."

Comments (none posted)

GNOME in Google Summer of Code 2007 (GnomeDesktop) has announced the GNOME participation in the 2007 Google Summer of Code. "If you are a student and you want to apply, you can submit your project before March 24th. You can find some ideas for projects on our wiki."

Comments (none posted)

KDE participating in Google Summer of Code 2007 (KDE.News)

KDE.News reminds KDE contributors to sign up for the 2007 Google Summer of Code. "As usual, we are looking for mentors and students to take us singing through the summer. Whether you have been part of the program in previous years or not, we need your help and fantastic ideas! If you're a developer: Make sure that your project ideas are listed on the ideas page. Consider applying as a mentor and guiding a student and help KDE budding programmers break into the development world. If you're a student: Get started on your ideas!"

Comments (none posted)

OpenMRS to Participate in Google Summer of Code (LinuxMedNews)

LinuxMedNews has announced participation by the OpenMRS project in the 2007 Google Summer of Code. "Computer science students, need a summer job? Have you ever imagined that writing code could save lives? Why not apply to OpenMRS for the Google Summer of Code 2007?"

Comments (none posted)

The Google Summer of Code

The PHP project will join the Google Summer of Code. "The PHP team is once again proud to participate in the Google Summer of Code, and we are still looking for project ideas from interested students. In case you want to spend the summer with your favorite Open Source project, PHP, and get some money for adding an interesting project to it, you should contact us at The deadline for submitting ideas is the 24th of March, 2007. Also, the current list of ideas includes suggested topics still looking for student participants."

Comments (none posted)

Scribus participating in Google Summer of Code 2007

The Scribus project has announced its participation in the 2007 Google Summer of Code. Student participation is being requested.

Full Story (comments: none)

Sparse participating in Google Summer of Code

The Sparse semantic parser project will participate in the 2007 Google Summer of Code. "Google has accepted Sparse as a mentoring organization for Summer of Code 2007. Interested students can propose work on Sparse-related projects, work on those projects over the summer, and receive a stipend from Google for their work. Student application deadline: March 24th".

Full Story (comments: none)

Zope Foundation participates in Google summer of code

The Zope Foundation has announced plans to participate in the Google Summer of Code. "We're very excited about this opportunity and we are looking for interested students who would like to participate."

Full Story (comments: none)

GNOME Foundation Retains Software Freedom Law Center

The Software Freedom Law Center (SFLC) has announced the addition of a new client, the GNOME Foundation. "As a client of SFLC, the GNOME Foundation can receive advice regarding a variety of legal issues, including patent and trademark issues. "GNOME is one of the most important projects for everyday users of free software systems," said James Vasile, SFLC Counsel. "I am pleased to welcome the GNOME Foundation as SFLC's client.""

Full Story (comments: 1)

Commercial announcements

Collax announces software development kit

Collax has announced the release of its Software Development Kit product. "The SDK offers a comprehensive collection of development tools, interfaces (Application Programming Interfaces; APIs) and documentation enabling software manufacturers to either develop their applications on top of the Collax Solution Platform, or to integrate existing applications into the platform via the graphical maintenance user interface, the Collax GUI. Saving both development effort and time, Independent Software Vendors (ISVs) and software companies can now build and market their own Linux-based server solutions."

Full Story (comments: none)

Koders Professional Edition public beta program announced

Koders, Inc. has announced a public beta of Koders Professional Edition. "The beta program gives developers a free trial opportunity to experience the company's new code search tool firsthand. Koders Professional Edition allows developers to instantly search local source code to more efficiently create new applications. Participation in the public beta program, which includes a download of the newly-developed code search application, is free with registration at the Koders website."

Comments (none posted)

Linspire to Deliver CrossOver Linux 6.0 via CNR

Linspire, Inc. has announced the availability of CrossOver Linux 6.0 via the CNR one-click digital software delivery service. "CrossOver Linux has become an essential productivity utility for millions of Linux users around the world by supporting the seamless, dependable installation and operation of scores of top-name Windows applications natively within Linux."

Comments (none posted)

The Linux Foundation needs a new CTO

The Linux Foundation is looking for a new chief technology officer to replace the recently-departed Ian Murdock. "This is a hands-on role with high visibility in both the community of interest and the IT industry. The CTO is expected to not only lead the engineering teams , but also constructively contribute to resolving standards issues, including me diating between interested parties to broker widely accepted solutions." Click below for the full job description.

Full Story (comments: none)

Mandriva and Seanodes sign a partnership agreement

Mandriva has announced a partnership with Seanodes. "Mandriva has become a strategic partner for Seanodes, with two main areas of co-operation: - availability of Seanodes' Shared Internal Storage (SIS) solution in Mandriva Corporate Server 4; - global technical partnership between Mandriva and Seanodes on virtualization solutions. This new partnership will provide a low cost storage solution both for high performance computing and virtualized environments."

Full Story (comments: none)

Open Sound System 4.0 released

Version 4.0 of the Open Sound System (OSS) is out with a number of new features. "Open Sound System is a cross platform audio architecture that provides drivers for most consumer and professional audio devices and comes with an API that allows applications to be simply recompiled on any of the supported operating systems."

Full Story (comments: none)

Postbank Selects Novell

Novell, Inc. has announced a planned switch to Novell Open Enterprise Server by Deutsche Postbank AG. "Postbank will replace all of BHW Holding's Microsoft* Windows* 2000 servers with Novell Open Enterprise Server in 2007. In addition, 3,500 BHW office staff and 4,500 field staff will switch to Novell GroupWise(R) from Microsoft Exchange, joining 9,000 Postbank employees who are using GroupWise for secure e-mail and collaboration. Novell ZENworks(R) will also take over desktop management for BHW office staff, replacing CA* Unicenter*. Novell Consulting(R) will support Postbank through the entire migration."

Comments (none posted)

Novell launches ZENworks Configuration Management

Novell, Inc. has announced the launch of the Novell ZENworks Configuration Management system. "Novell today introduced a new solution to significantly ease desktop management of Windows operating systems, including Vista, for customers who need streamlined management in their Microsoft and Novell environments. With native integration for both Microsoft* Active Directory* and Novell(R) eDirectory(TM), Novell ZENworks(R) Configuration Management is the first product on the market to enable real-time, identity-based systems management that speeds service delivery and ensures accurate desktop configuration."

Comments (none posted)

SWsoft Virtuozzo Bundled with SUSE Linux

SWsoft will be packaging its virtualization solution with SUSE Linux Enterprise. "SWsoft will deliver Virtuozzo server virtualization software bundled with SUSE Linux Enterprise Server 10 from Novell as an integrated solution and one place to turn for support."

Full Story (comments: none)

UndoDB gets smarter

Undo Ltd. has announced new features for the UndoDB smart debugger: "Reversible debugger for Linux gets support for threads and signals."

Full Story (comments: none)

Virtual Bridges announces major update of Win4Lin Pro

Virtual Bridges has announced the release of a major upgrade to Win4Lin Pro. Win4Lin Pro Desktop allows Linux users to run Windows applications from the security of the Linux desktop.

Full Story (comments: none)

Xandros News From Cebit Germany

Xandros has made two announcements at the CEBIT conference: "New Xandros Linux Server to Provide Enterprise-Grade O3Spaces OpenDocument Collaboration and Xandros and O3Spaces Team Up to Deliver OpenDocument Collaboration, Management and Retention".

Full Story (comments: none)


Quality Improvement in Free Software: Release Management

Martin Michlmayr is getting close to the completion of his PhD; his thesis, it seems, is on quality improvement in free software projects with an emphasis on release management. To that end, he studied seven projects to see what problems they encountered and how those problems have been addressed. Martin has now posted a summary of his findings for each project he studied: Debian, GCC, GNOME, the Linux kernel,, Plone, and "[GNOME's] six month schedule has been successful in the delivery of incremental updates. There are some concerns whether this release cycle makes the project less innovative and ambitious regarding major changes that would lead to GNOME 3.0."

Comments (10 posted)


Konsole Usage Survey (KDE.News)

KDE.News has announced the Konsole Usage Survey. "Robert Knight, lead maintainer of Konsole has launched a Konsole Usage Survey. 28 questions are waiting for your answers. Use this chance to give useful feedback about a vital and often-used base application of KDE to enable Robert to make Konsole the best console application for KDE 4."

Comments (none posted)

Event Reports

Report from the 2007 O'Reilly Emerging Telephony Conference

O'Reilly has sent out a wrapup from the 2007 O'Reilly Emerging Telephony Conference (ETel). "A number of events took place during the conference including ETel Launch Pad, where seven companies demonstrated their groundbreaking start-ups and innovative technologies to the telephony community. Participating companies were GrandCentral Communications, Peerant, Flat Planet Phone Co., Cellcrypt, mySay, Jive Software, and Mig33. ETel Launch Pad was co-sponsored by GigaOm, Covad, and GrandCentral and hosted by Om Malik and Surj Patel. Another event of interest was the telephony mashup contest, co-sponsored by StrikeIron, Tellme, Sylantro, and O'Reilly."

Full Story (comments: none)

Novell's BrainShare 2007 announcements

Novell's BrainShare 2007 conference is in full swing, bringing with it a stack of press releases. This press release contains an overview of the announcements, which can be found here.

Comments (none posted)

KDE at CeBIT 2007 This Week (KDE.News)

KDE.News covers the KDE project at CeBIT. "The KDE Project will present itself at CeBIT, the world's largest computer trade show, taking place in Hannover, Germany, from March 16th to March 21th. KDE will be presenting the latest release KDE 3.5 and give a preview of current developments for KDE 4, the next major KDE-version."

Comments (none posted)

Calls for Presentations

Call For Papers - IT Underground Dublin

A call For papers has gone out for the IT Underground security conference. The event will take place in Dublin, Ireland on June 20-22, 2007, submissions are due by April 28.

Full Story (comments: none)

Upcoming Events

NLUUG springconference 2007

Registration has opened for the NLUUG springconference 2007. "On May 10th the NLUUG (formerly Unix Users Group the Netherlands) will organise a conference about virtualisation. The program has been finalised and is available at Some highlights of the program are Joanna Rutkowska (Blue Pill), Anil Madhavapeddy (Xensource) and Avi Kivity (Qumranet). Specifically for non-Dutch speakers there will always be at least one talk in English in each timeslot."

Full Story (comments: none)

Join EFF at 16th Annual Pioneer Awards at ETech

The Electronic Frontier Foundation will be involved with the presentation of the Pioneer Awards at the 2007 O'Reilly Emerging Technology Conference. "Please join the Electronic Frontier Foundation (EFF) for the 16th Annual Pioneer Awards, presented in conjunction with the O'Reilly Emerging Technology Conference in San Diego. The ceremony will be held at 7:30pm, March 27th, in the Douglas Room of the Manchester Grand Hyatt. The 2007 winners of EFF's Pioneer Awards are Professor Yochai Benkler of Yale Law School, writer and Boing Boing co-editor Cory Doctorow, and security technologist Bruce Schneier."

Full Story (comments: none)

Spanish GUADEC to be held in Granada (GnomeDesktop) has announced the Spanish GUADEC conference, it will take place on July 12-13, 2007 in Granada, Spain. "Next GUADEC-ES (Spanish GUADEC) will be held in Granada, the most beautiful city I've ever visited, with one of the wonders of the world, the palace of La Alhambra. And not only that, but going around Granada for tapas is one of the best (and cheapest) experience, since you just have to pay for the drinks, the food is for free (a tradition unfortunately lost in other cities of Spain)."

Comments (none posted)

Events: March 29, 2007 to May 28, 2007

The following event listing is taken from the Calendar.

March 26
March 29
Emerging Technology Conference San Diego, CA, USA
April 1
April 4
International Lisp Conference 2007 Cambridge, England
April 1
April 5
Embedded Systems Conference San Jose, CA, USA
April 1 GPLv3: Improving a Great Licence (discussion draft 3) Brussels, Belgium
April 2
April 6
DJango Bootcamp Atlanta, Georgia, USA
April 2
April 5
Hack in The Box Security Conference 2007 Dubai, United Arab Emirates
April 3
April 8
Make Art 2007 Poitiers, France
April 12
April 14
International Free Software Forum (Forum Internacional Software Livre) Porto Alegre, Brazil
April 14
April 15
Ruby and Python Conference 2007 Poznan, Poland
April 15
April 18
Gelato ICE: Itanium® Conference & Expo San Jose, California, USA
April 17
April 19
Embedded Linux Conference San Jose, USA
April 18
April 20
CanSecWest Applied Security Conference 2007 Vancouver, Canada
April 19 Linux 2007 Lisbon, Portugal
April 19 Power Architecture Software Summit Austin, TX, USA
April 20
April 22
International Conference on Availability, Reliability and Security Conference on Availability, Reliability and Security Vienna, Austria
April 20
April 22
Penguicon 5.0 Open Source Software & Science Fiction Convention Troy, Michigan, USA
April 21 Romanian Open Source Development Meeting Bucharest, Romania
April 23
April 25
Samba eXPerience 2007 Göttingen, Germany
April 23
April 27
PostgreSQL Bootcamp at the Big Nerd Ranch Atlanta, USA
April 23
April 26
MySQL Conference and Expo Santa Clara, CA, USA
April 28
April 29
Linuxfest Northwest Bellingham, WA, USA
May 3
May 4
Ubuntu Education Summit Sevilla, Spain
May 3
May 5
SugarCRM Global Developer Conference San Jose, CA, USA
May 4
May 6
Libre Graphics Meeting 2007 Montreal, Quebec, Canada
May 5
May 6
LayerOne Security Conference Pasadena, CA, USA
May 5 Ubucon - Sevilla Sevilla, Spain
May 6
May 11
Ubuntu Developer Summit Sevilla, Spain
May 7 CommunityOne San Francisco, CA, USA
May 8
May 9
World Summit on Intrusion Prevention Baltimore, MD, USA
May 8
May 11
Annual Java Technology Conference San Francisco, CA, USA
May 8
May 11
OSHCA 2007 Kuala Lumpur, Malaysia
May 9
May 11
Red Hat Summit San Diego, CA, USA
May 10
May 11
IEEE International Workshop on Open Source Test Technology Tools Berkeley, CA, USA
May 10 NLUUG Spring Conference 2007 Ede, The Netherlands
May 11
May 13
Conferenze Italiana sul Software Libero Cosenza, Italy
May 12
May 13
KOffice ODF Weekend Berlin, Germany
May 14
May 25
The Pure Data Spring School 2007 Glasgow, Scotland
May 16
May 18
php|tek Chicago, IL, USA
May 17
May 20
RailsConf 2007 Portland, Oregon
May 18
May 19
eLiberatica Open Source and Free Software Conference Brasov, Romania
May 18
May 19
FreedomHEC Los Angeles, CA
May 18
May 19
BSDCan 2007 Ottawa, Canada
May 19
May 20
The 3rd International Workshop on Software Engineering for Secure Systems Minneapolis, Minnesota, USA
May 19
May 20
Rockbox International Developers Conference 2007 Stockholm, Sweden
May 19 Grazer LinuxDays 2007 Graz, Austria
May 19
May 20
Make Magazine Maker Faire 2007 San Mateo, CA, USA
May 19 Linuxwochen Austria - Graz Graz, Austria
May 21
May 23
International PHP 2007 Conference Stuttgart, Germany
May 21
May 25
Python Bootcamp with David Beazley Atlanta, USA
May 22
May 23
Open Source Business Conference San Francisco, USA
May 22
May 24
Linux Days 2007, Geneva Geneva, Switzerland
May 23
May 24
PGCon 2007 Ottawa, ON, Canada
May 25 Linuxwochen Austria - Krems Krems, Austria
May 26 PAKCON III Karachi, Pakistan

If your event does not appear here, please tell us about it.

Audio and Video programs

Video: What's Wrong With My iPod?

Benjamin Mako Hill has put up an announcement of an 8-minute video called "What's Wrong With My iPod?" It discusses the problems with DRM and covers the "iRony" party held last year in Cambridge where iPods were liberated through the installation of iPodLinux or Rockbox. It's available in Ogg Theora format.

Comments (6 posted)

Page editor: Forrest Cook

Copyright © 2007, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds