|
|
Subscribe / Log in / New account

LWN.net Weekly Edition for April 5, 2007

Two approaches to Flash

The free software community has two independent projects working toward the implementation of a free Flash player: Gnash and swfdec. There has been some talk recently about these two projects, their goals, their accomplishments, and whether it makes sense to have them both. In an effort to bring more light to the situation, LWN held a conversation with the principal developers of both projects.

LWN: Could you please introduce your project: its goal, what you think are its major strengths, and what you would most like to improve?

Benjamin Otte: The obvious goal of Swfdec is to create an open flash player that is acceptably similar to Adobe's flash player. This means that the average end user will install a Linux distro and automatically get Flash functionality in their web browser, and never know or worry about installing an add-on component.

Of course, attaining this goal will open up so many opportunities that one might consider the opening of these opportunities as the real goal. Some of these are concrete -- improving accessibility of Flash-based web applications, tighter integration with the desktop, automatic blocking of advertisements. Others are more nebulous -- now that you have a feature-rich, graphics-oriented managed platform, what can you do with it.

Rob Savoye We are the "GNU Flash" player, Gnash. Our goal is a multi-media architecture for a networked world that happens to be Flash programmable. Gnash is the client side for streaming multi-media. We also have a Flash media server project underway, and a large database of meta-data and media content so people can find things better than using Google. Gnash is the only currently released component, the rest will be announced over the next few months. All are GPL'd projects, and support multiple platforms.

Our major strengths are portability, and real support for small embedded systems. Gnash currently supports all the BSD and GNU/Linux distributions, as well as 64 bit systems, and embedded systems like the OpenEmbedded, and the OLPC. Gnash also runs on WinDoze and Darwin as well. We also support creating custom extensions to Flash, so it's now possible to embed a device driver for lets say, hardware buttons on your smartphone, to trigger event handlers within a Flash movie.

I'd like to improve the completeness of our ActionScript support, there are some classes that exist only as stubs. That and adding Flash v9 support. This is all on the roadmap, but we need more developers to make better progress.

LWN: How would you describe the current development state of your project?

Rob: We're in pretty good shape, although Gnash is not a fully complete Flash player yet. The video support is progressing nicely, and we will have full support for Lulu.tv, YouTube, MySpace, etc... in the next release. Streaming video works in CVS, now we're working our way through the obscure bugs in the various video players to have this work 100% correctly. After the next release, we'll be focusing on performance issues, and finally starting to look at Flash v9 compliance.

Benjamin: Swfdec is actively going forward. With every release it supports lots of new Flash files, and they currently come out circa monthly. But as I mentioned on my blog it's hard to determine how far we've come as a complete Flash replacement. It's certainly still closer to the start than being a done.

LWN: Tell us about your development community: how many active contributors do you have? Why should developers join your project?

Benjamin: These days the project is primarily run by me. David Schleef, the previous maintainer is the other person that hacks on the Swfdec core. But Swfdec integrates into the greater Freedesktop and GNOME world, so we can draw from the knowledge and input of hundreds of developers. I'd like to highlight in particular the Cairo or GStreamer people, which are invaluable in making Swfdec work. And then there's a pretty big community building around Swfdec. Packagers, bug fixers, people that want to use libswfdec in their applications or those that contribute bindings to other languages like Python.

And developers should of course join the project because they want to and hacking on Flash is fun. For me it's not just wanting to play Flash files, but it's also that Flash is a platform. You can work on anything: a script language interpreter, rendering, multimedia, accessibility or security. And code that you write is immediately leveraged -- you make one thing work, and 100s of flash files start working.

Rob: We have about 6 core developers right now, and are looking for more of course. What we offer to developers is several things. One, we are a GPL'd project, which is important to some open source developers. We also have funding now to work on Gnash, which is also useful for some people to pay their bills. :-)

LWN: A working free Flash implementation would seem to be a high priority for the more desktop-oriented distributions. What sort of support are you getting from those distributors? Why do you think it's not stronger?

Rob: We get zero support from any of the distributions, we'd love to see that change. I occasionally hear from the package maintainers about packaging issues, but that's about it...

Benjamin: It would seem that way, but it isn't. For example, a free Flash implementation was not on Ubuntu's list of priorities at the last Ubuntu Developer's Summit. It seems that a lot of distributions are content with shipping solutions that are closed software when no Free software exists for a purpose. Another example for this would be Free drivers for modern graphics cards.

But I don't think it's solely the distributions' job to point out and work on deficiencies in the Free software world. It is also the job of the community. Distributions often just package what the community makes available to them. But it seems the community has also has been content with the closed solution.

LWN: Some LWN readers have complained that having two projects aimed at implementing Flash is divisive and wasteful. How would you respond to those readers?

Benjamin: The optimal number of projects for a given project space sounds like a good PhD thesis topic. Having multiple projects in a space, or multiple solutions to a problem is simply how things work in the community. Any non-trivial bug or project space has multiple solutions, and often one cannot determine which is the best solution until all have been tried. Also, people working on these projects are real people with real interests and complex motivations for working on particular projects. Simplifying it into "you currently work on A, so you'd instead like working on B in the same project space" is unrealistic. And IMO, divisiveness between similar projects often has more to do with fanboys than it has to do with developers, who obviously share interests and experiences.

Rob:Maybe in the proprietary world this would be a problem, but not in the open source world when we are both reverse engineering how Flash works. It's easy to get into tunnel vision with a single implementation, as some are bugs in our code, and others are bugs in how we think Flash works internally. Having two projects with very different implementations is very useful in finding the differences between our bugs, and Flash internals issues.

There is also a lot of coordination on things like test cases, specifications, and documentation that are shared between the two projects. So why is this a problem for some people is beyond me...

LWN: What else do you wish I had asked? Answer too, please :)

Rob: The Adobe EULA for Flash forbids anyone who has installed their Flash tools or plugin from working on Flash technologies. This has had a chilling effect on the development of free Flash players, since a developer must either choose to decide that Adobe won't sue them over this, or to do what Gnash does, which is a slow and inefficient, clean room, reverse engineering project.

Adobe has declined to comment on this issue, since the confusion benefits their lockin of the market. Although Adobe has said they support Open Source projects, and donated Tamarin to Mozilla, we'd love to see a public statement that Gnash developers won't be subject to a lawsuit. It's very difficult to find developers that have never installed the Adobe software ever, which is what we've been doing to maintain our clean room approach.

Benjamin: A lot of people would describe Flash as an "evil" format. What do you think the Free software community can gain from Flash other than supporting yet another closed format?

Flash provides features that are unmatched in the current Free software world, even when comparing it to the newest projects in the realm like SVG. And Flash is a pretty simple format. People have done great-looking sites, games or applications with Flash in your browser that are currently hard or impossible to achieve on any desktop. And they did that 5 years ago. So even if the Free software world were to not use Flash it certainly can learn a lot from it.

Another often overlooked thing is that there are a lot of content creators that create new multimedia content daily. Other people like Lawrence Lessig have already said that it is important to introduce them to Free content. In providing Free solutions to those artists and developers, the Free software community has a lot of mindshare to gain.

Comments (28 posted)

Interview with Sun's Chris Melissinos

April 2, 2007

This article was contributed by Glyn Moody

Chris Melissinos, Sun's Chief Gaming Officer, has been playing - and writing - computer games since his teens. He has overseen the development of several major open source projects at Sun, including Darkstar, a research effort focused on the design of massive-scale, latency-optimized systems. He talked to Glyn Moody about the origins of Sun's interest in gaming, and how the company hopes to apply technologies like Darkstar far beyond that field.

What's the background to Sun's gaming activity?

It was about '98 when I started writing emails around the company, asking why we were not focusing on the games industry, how the oncoming surge of connected gaming was really going to require enterprise-level cross-platform technologies to really move the industry forward. Selling videogames to an enterprise company who was the dot in dotcom during the Internet boom days was almost a religious experience. About two years later, after trying to force this, I finally went directly to Scott McNealy and said: Why aren't we doing this? And he said: OK, well, you do it.

When was Sun's Game Technologies Group set up?

It was formally established in 2003. What we've done is gone out to the games industry and said we want your help in making Java a terrific platform for game development. So what's wrong with it? Why aren't you using it? We held a summit and walked away with a blueprint and from that assembled an experts group of 14 game companies and submitted the largest submission to the Java Community Process, called JSR 134, which was the Java Game Profile. Basically the attempt was to build the equivalent of DirectX in Java, and provide a complete cross-platform stack for media and game development.

Trying to build 9 APIs in a community process with 14 game companies proved to be just insane. So after a year and half of doing this we walked away from that process and decided to take the core APIs, which were the Java bindings for OpenGL, Java bindings for OpenAL for audio, and input, and we released those to the open source community, about the end of 2003, beginning of 2004.

Why did you decide to open source the APIs?

Consumers aren't going out and downloading a million different business applications or productivity applications, they're not going out and downloading a new email client every other week. But what they are downloading are new games, all the time. So in order to continue improving Java adoption on the consumer side, we really need to focus on entertainment.

If we're not going to actually to stand up the organization to go after that market, which would be a huge investment from Sun's perspective, we said, Why don't we go out and give it to the community, because they're the ones that are actually innovating in gameplay? The independent game development scene is important and it's going to continue to be important as nextgen consoles come and start tapping into that market. It was the open sourcing of those APIs that really helped further establish Java as a viable platform.

Why is open source attractive to developers in the gaming community?

It's all about mitigating risk and cutting cost. As the budgets of these games continue to climb, they're looking for hardened, tested, proven technologies rather than building it themselves. Today, nobody wants to build their own tools anymore. It's too much money, it's too time-consuming - how many times do you have to rebuild chat? So they're looking towards things that they can get access to for low cost, test against, prove that it works and build on top of it.

How did Project Darkstar come about?

We said, OK, we've got these APIs done and we're moving forward, but there are some much bigger issues coming down the road with regard to network games and online gameplay that the games industry is ill-equipped to address. Being able to build enterprise-grade, scalable, fault-tolerant systems for online gaming is something the games industry just is not equipped to do. Why? Because they're game developers. Game developers don't want to deal with the pipes, the underlying network infrastructure. They want to build a game, they want to build an experience in art and story and music.

One of the things I like to point out is that really the biggest online multiplayer game in the world is Wall Street. If you look at everything that goes into building a realtime transaction-based system like a trading system, it's almost one for one what is required to build an online massively multiplayer game. So we said, OK, how do we take the things that we've learned about building those sorts of systems and apply them in a way that a game developer can get their heads around the technology without having to understand all the underlying components? What we have put together is a game-agnostic, platform-agnostic, server technology for online multiplayer gaming.

Darkstar is a wholly new way of building back-end technologies for online gaming. I'll give you an example of the type of things that exist currently in the games industry, and what we had to do differently to bring this technology forward.

[The virtual world] Second Life uses a geography-based grid system, which means that every square of their geography has to be physically represented by a server on the back-end - they've got 3000 of these servers. What that means is that if I have resources available on 80% of the servers because they're only running at 20% capacity, there's no way for me to grab those idle resources and apply them to other servers that are being just pounded because people are trying to get into that geography within the game world.

Another model is the sharded model, and this is the one that's been most widely adopted by the massively multiplayer game marketplace. A series of servers that represents the entire video game state for a fixed amount of players. So I may have between 7 and 20 servers that run the entire game of Everquest II for 5000 players. And when I want to add another 5000 players I build another seven to 20 servers and I basically just replicate all the data and put the next 5000 on the second stack of servers.

Again, you have problems. If I have 5000 people on one stack and I want to add 10 more people, I have to build a stack to service 5000 people, just to facilitate the introduction of 10 more people into the environment. Which then means that that second stack is costing 10 times the amount to run than the first stack, because you're not utilizing it. I cannot share dynamically those resources.

More importantly, I can only see the 4999 people within my shard: I can't see the next 5000 people that have joined the Everquest II service. This becomes a problem if you and I are next door neighbors and we're sitting down to play a game of Everquest II and we log in to different servers. That's it, we can't play with each other.

These are the things we have been addressing with Darkstar. Rather than assigning compute resources to a particular geography of a particular world, or a particular group of people, we are in essence assigning compute resources to the individual that connects to the system. As they move from area to area within the game we are basically moving those resources with them dynamically.

Say I have the foo forest and the bar desert, and in the foo forest I can handle 100 people and in the bar desert I can handle a 100 people, and they're at 100% capacity. As people move out of the bar desert into the foo forest, they take those compute resources with them. All of a sudden the foo forest can handle 150 players and the resources being assigned to the bar desert have been decreased to handle only 50.

So what we're doing is moving dynamically compute resources with the player as they move from interaction to interaction. And we're able to do this in a seamless way, we're able to do this with an incredibly high degree of data integrity because of the way the database system works within Darkstar.

For example, if you're playing on the server, and you're doing a transaction, and the server goes down in the machine room, what we're able to do is on the fly say: OK, this thread that you were just occupying died; find any other available thread anywhere else in this entire thousand-node system, and just re-perform the operation. And it just does it automatically. That means the players never see the server go down, you're never disconnected from the service.

And even if they are, because of the way that we actually do these transactions and we're pulling things into memory, we maintain a very high degree of persistence. So let's say you logged off your machine by accident - because you kicked the power cord out. When you log back in, we're able to persist all of the data that was there when you abruptly logged out, because the system knew that something happened, there was a disconnect here, it wasn't shut down as the client is supposed to, so persist the data.

The interface that we've built to the system is through a set of APIs. So it's not as if [developers] have to understand how it's doing failover and what it's pulling into in memory, and all these other things. They just interface through the APIs.

How will you be managing the community side of Darkstar?

Those are things that we are currently addressing. We are working to make sure that we have a dedicated community landing spot and place for people to engage directly with the Darkstar team at Sun Microsystems. To help incubate the games that will be built on top of the technology, we have announced a program called the Darkstar Playground. Basically, developers will have access to a set of resources operated and paid for by Sun Microsystems, free of charge.

What is the business model for all this?

I have to tell you that I was not a big believer in open source, originally. It took me a while to understand exactly what the benefits are of open source, and that the benefits clearly outweighed any other model we looked at.

So how do we make money here? Because I give you a server, for free, and open source that required years of development, millions of dollars in funding, and some of the brightest people that we have in Sun Microsystems to build, when it comes time to service that, are you, as a game company, going to go out and hire four guys and have them sit down and try to understand all of the inner workings of everything? Or do you come to me, and I can give you a service contract that has an SLA in there, that guarantees certain things to the company, and it's reasonably priced?

Because Darkstar is game agnostic, and I can run multiple games simultaneously in the same stack, what you start looking at then is the ability to build a model that very much mirrors what the cable industry built against terrestrial television, which is a single infrastructure provisioning many channels of content. We can do the same sort of thing with Darkstar. One large infrastructure may handle many different channels of game content. So it's not unreasonable to look at the possibilities of setting up a complete service where a game developer or publisher never buys a single lick of hardware, they put their games onto a service, and then they're charged for usage.

Looking further down the road, what if you're so good at collecting money and doing the billing that basically you wind up collecting the payments for them? Instead of the developer getting a bill from you every month, they get a check, and [you] take the burden of the operation of these things off the shoulders of content creators.

And the third thing to look at is that we also happen to make some pretty awesome hardware, and wouldn't it be great if you had these kind of certified products that came out already preloaded that you could just slap into your data centre, expand your Darkstar infrastructure on the fly?

How important do you think the revenue streams from these will be?

Without really giving out hard numbers, because it's not something that I can do, I can tell you that the online multiplayer segment of the games industry is not only the fastest-growing segment of the $40 billion industry, but is proving to be among the most critical pieces of the games industry. You look at the fact that every game console coming out, every one of them now is network enabled. From the Nintendo DS to the PS3, all of them have a network strategy.

Most people go: Ah well, how many people are actually playing those dungeons and dragons games anyway? That's an extremely small segment of what I believe is massively multiplayer games. The next-generation demand for these are not going to come from people like you and I at our ages, they're going to come from our kids. In fact, the biggest growth area right now I believe for online gaming is children between the ages of 6 and 12. One only has to look at sites like Neopets to get an inkling of where this thing is going to go.

So do I believe that this could be a significant revenue source for Sun Microsystems? There is no doubt in my mind. I also believe that because of the nature of the technology, we're going to wind up seeing Darkstar in places other than pure online games - anything that's doing high volumes of transactions across many, many people simultaneously could leverage this technology. For example, at the Game Developers Conference we demonstrated a concept space called MPK20 - basically Sun looking at game-type technologies but applying them to business practices.

MPK20 was a virtual office, and one of the things we integrated into the environment that you don't see in multiplayer games is positional audio. The core thing about it was that we were able to integrate this voice bridge technology that Sun has, which is a VoIP and audio technology, directly into this environment. As you're walking into the environment you can hear the conversations of the other participants as you walk by, and as you turn your head you hear them move.

What about integration of external applications into this environment?

There is a complement to MPK20, which called Project Wonderland, basically an open source framework for doing the integration of applications into these sorts of environments. Look at this from a business perspective. Three of us are all connected to this virtual environment, and you and I are standing in your office, and on your wallpaper is your entire Linux desktop - you can use it from inside this 3D environment. And because you and I have sufficient permission to actually see that content, I'm looking at this screen as you're manipulating it. But then [someone] comes walking in and she does not have the right level of permissions, so what does she see? Just a blank window - she sees out to the mountains.

And can people collaborate on those documents?

Absolutely. I could put something up, we could each have a different-colored pen to draw on it, in this space in realtime. I can work on a piece of code, pop it up onto the wallpaper, and say: Hey, will you run this application when you come in, in the morning, since we're twelve hours behind each other in timezones, and just post your thoughts? And when I come back in the next day, you've run the application, all your notes are scribbled right there on the whiteboard in this virtual space.

Let's say there's a fourth person we wanted to be in this conversation, but they weren't able to be there. We can actually play back the entire script and they can view it at their leisure later on. Because it's just a script of a 3D engine, they can actually play it back nuance for nuance, word for word, audio for audio, movement for movement, at any other time. And because they're looking at it from a third-party perspective, they can actually move around the rest of the environment and hear other things that are going on, and see other things that were occurring at the same time.

That MPK20 demo happens to be entirely written in Java - it went from paper to demo in six weeks, with four engineers. But Darkstar, the technology, does not require that your game is built in Java. So if you're writing your entire game in C or C++ we have the same APIs that will let you connect to Darkstar as somebody who's building a Java game. And both of those games written in those two different languages can connect to the same Darkstar server at the same time and use its resources.

What we're saying is, from the client perspective, pick your client, we don't care. If you want to go out and build the game in Java, we'd love it. If you want to build it in C++, knock yourself out, and there are APIs to allow both of those technologies to leverage the platform. We're not saying that it has to be just Windows and OSX, it can be anything you want, including mobile.

Right now, we're the only company that has built the technology that's designed to be multiplatform for network-based gaming. I think we're coming to the market at the right time with the right message. Open sourcing it means the community can grow and build the pieces that they really want and we're going to be there to support it, grow on top of it, and build the business around it.

Glyn Moody writes about open source at opendotdotdot.

Comments (2 posted)

Page editor: Jonathan Corbet

Security

Brief items

CROSS: A step towards better open source security

April 4, 2007

This article was contributed by Jake Edge.

Finnish security company Codenomicon announced a new initiative to assist open source software projects in finding security flaws. The Codenomicon Robust Open Source Software (CROSS) program is targeted at projects that are part of the infrastructure of the internet and by making their proprietary testing tools available to the projects, they hope to find critical security flaws before attackers do.

For Codenomicon, this is their second foray into assisting open source projects. In 2004, their tools were used by Red Hat engineers to find denial of service vulnerabilities (here and here) in Apache and OpenSSL. Unlike the previous effort, the CROSS program aims to work directly with the projects, allowing them to use the tools to find flaws. They are currently working with around 20 hand-picked projects, but Codenomicon hopes to add more projects down the road.

The projects selected represent diverse network protocols, with voice over IP, network storage, and routing specifically mentioned as participants. Lack of prior testing as well as "interesting" protocols were also cited as criteria used to help select the participants. The list of specific CROSS projects is not publicly available as both Codenomicon and the projects themselves are concerned that participants would suffer from increased 'black hat' scrutiny if they were identified.

Codenomicon's product line is a suite of network protocol testing tools called DEFENSICS that are an outgrowth of research done at the University of Oulu in the Secure Programming Group (OUSPG). The PROTOS project produced free software for protocol testing that is still available and is "widely used" according to Codenomicon CTO Ari Takanen. PROTOS is based around the idea of proactive protocol testing by injecting unexpected input into a protocol stream; in essence, fuzzing with some smarts behind the generated test data.

Codenomicon observed that free tools did not get the same attention from management that was given to relatively expensive commercial tools and DEFENSICS bridges that gap. In addition, the DEFENSICS suite builds upon the lessons learned with PROTOS, extending and enhancing the basic concept while making it faster. Because of their research background and some level of altruism, Codenomicon wants to give back to the open source community and CROSS is their means of doing that. Obviously they are hoping to gain some name recognition and good press, but they also seem to have a real interest in helping to secure the internet by finding flaws proactively.

Open source projects can generally use all the help they can get when it comes to finding security flaws. It is accepted as an article of faith that "many eyes make all bugs shallow", but that only works when those eyes actually focus on a particular project. Just opening the source does not magically attract the attention of security minded developers and that makes projects like CROSS very useful. The Codenomicon tools (and PROTOS before that) have been successful in finding flaws in the past and one can hope that this effort will similarly bear fruit. With luck we will see a number of security bug reports over the next few months that will credit CROSS. This effort is reminiscent of the Coverity's code analysis tools being used to assist open source projects and hopefully more companies decide to use our code as a testbed for their tools; it can only help both to get better.

Comments (none posted)

Security reports

Fortify Software documents Web 2.0 vulnerability

Fortify Software has announced the release of a new security advisory on JavaScript Hijacking. "Fortify Software, the leading provider of security products that help companies identify, manage and remediate software vulnerabilities, today announced that its Security Research Group has documented the first major vulnerability associated specifically with Web 2.0 and AJAX-style software. Termed JavaScript Hijacking, the vulnerability allows an attacker to steal critical data by emulating unsuspecting users. To combat this issue, Fortify has released an in-depth security advisory that details this vulnerability, how enterprises can determine if they are vulnerable and how they can fix the issue."

Comments (2 posted)

New vulnerabilities

Asterisk: two SIP denial of service vulnerabilities

Package(s):Asterisk CVE #(s):CVE-2007-1561 CVE-2007-1594
Created:April 3, 2007 Updated:August 27, 2007
Description: The Madynes research team at INRIA has discovered that Asterisk contains a null pointer dereferencing error in the SIP channel when handling INVITE messages. Furthermore qwerty1979 discovered that Asterisk 1.2.x fails to properly handle SIP responses with return code 0. A remote attacker could cause an Asterisk server listening for SIP messages to crash by sending a specially crafted SIP message or answering with a 0 return code.
Alerts:
Debian DSA-1358-1 asterisk 2007-08-26
SuSE SUSE-SA:2007:034 asterisk 2007-06-06
Gentoo 200704-01 Asterisk 2007-04-02

Comments (none posted)

ImageMagick: DCM and XWD buffer overflows

Package(s):imagemagick CVE #(s):CVE-2007-1719
Created:April 3, 2007 Updated:April 4, 2007
Description: iDefense Labs reports several buffer overflow vulnerabilities in ImageMagick version 6.3.x..
Alerts:
Foresight FLEA-2007-0006-2 ImageMagick 2007-04-03
Foresight FLEA-2007-0006-1 ImageMagick 2007-04-03

Comments (1 posted)

ImageMagick: integer overflows

Package(s):imagemagick CVE #(s):CVE-2007-1797
Created:April 4, 2007 Updated:August 11, 2009
Description: Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.
Alerts:
Debian DSA-1858-1 imagemagick 2009-08-10
Red Hat RHSA-2008:0165-01 ImageMagick 2008-04-16
Red Hat RHSA-2008:0145-01 ImageMagick 2008-04-16
Fedora FEDORA-2007-1340 GraphicsMagick 2007-07-30
Mandriva MDKSA-2007:147 ImageMagick 2007-07-20
Ubuntu USN-481-1 imagemagick 2007-07-10
Gentoo 200705-13 imagemagick 2007-05-10
Fedora FEDORA-2007-414 ImageMagick 2007-04-17
Fedora FEDORA-2007-413 ImageMagick 2007-04-05
rPath rPSA-2007-0064-1 ImageMagick 2007-04-04

Comments (none posted)

kdelibs: bug in FTP protocol

Package(s):kdelibs CVE #(s):CVE-2007-1564
Created:March 30, 2007 Updated:April 4, 2007
Description: The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in a FTP PASV command.
Alerts:
Mandriva MDKSA-2007:072 kdelibs 2007-03-29

Comments (none posted)

krb5: multiple vulnerabilities

Package(s):krb5 CVE #(s):CVE-2007-0956 CVE-2007-0957 CVE-2007-1216
Created:April 3, 2007 Updated:March 24, 2008
Description: A flaw was found in the username handling of the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001

Buffer overflows were found which affect the Kerberos KDC and the kadmin server daemon. A remote attacker who can access the KDC could exploit this bug to run arbitrary code with the privileges of the KDC or kadmin server processes. MIT krb5 Security Advisory 2007-002

A double-free flaw was found in the GSSAPI library used by the kadmin server daemon. MIT krb5 Security Advisory 2007-003

Alerts:
Mandriva MDKSA-2007:077-1 krb5 2007-04-10
Foresight FLEA-2007-0008-1 krb5 2007-04-05
SuSE SUSE-SA:2007:025 krb5 2007-04-05
Mandriva MDKSA-2007:077 krb5 2006-04-04
rPath rPSA-2007-0063-1 krb5 2007-04-04
Ubuntu USN-449-1 krb5 2007-04-04
Gentoo 200704-02 mit-krb5 2007-04-03
Fedora FEDORA-2007-409 krb5 2007-04-03
Fedora FEDORA-2007-408 krb5 2007-04-03
Debian DSA-1276-1 krb5 2007-04-03
Red Hat RHSA-2007:0095-01 krb5 2007-04-03

Comments (none posted)

OpenPBS: multiple vulnerabilities

Package(s):openpbs CVE #(s):CVE-2006-5616
Created:April 4, 2007 Updated:April 4, 2007
Description: SUSE reported vulnerabilities due to unspecified errors in OpenPBS. An attacker might be able execute arbitrary code with the privileges of the user running openpbs, which might be the root user.
Alerts:
Gentoo 200704-04 openpbs 2007-04-03

Comments (none posted)

qt: "/../" injection

Package(s):qt CVE #(s):CVE-2007-0242
Created:April 4, 2007 Updated:September 13, 2007
Description: Andreas Nolden discovered a bug in qt3, where the UTF8 decoder does not reject overlong sequences, which can cause "/../" injection or (in the case of konqueror) a "<script>" tag injection.
Alerts:
CentOS CESA-2011:1324 qt4 2011-09-22
Scientific Linux SL-qt4-20110921 qt4 2011-09-21
Red Hat RHSA-2011:1324-01 qt4 2011-09-21
Red Hat RHSA-2007:0883-01 qt 2007-09-13
Debian DSA-1292-1 qt4-x11 2007-05-15
SuSE SUSE-SR:2007:006 Qt, kdelibs3, mediawiki, freetype2, xmms, spamassassin 2007-04-13
Ubuntu USN-452-1 kdelibs, qt-x11-free 2007-04-11
Mandriva MDKSA-2007:075-1 qt4 2007-04-10
rPath rPSA-2007-0066-1 kdelibs 2007-04-04
Slackware SSA:2007-093-03 qt 2007-04-04
Mandriva MDKSA-2007:075 qt4 2007-04-03
Mandriva MDKSA-2007:076 kdelibs 2007-04-03
Mandriva MDKSA-2007:074 qt3 2007-04-03

Comments (2 posted)

XFree86 X.org: integer overflows

Package(s):xfree86 x.org CVE #(s):CVE-2007-1003 CVE-2007-1667 CVE-2007-1351 CVE-2007-1352
Created:April 3, 2007 Updated:August 11, 2009
Description: iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003)

iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352)

An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667)

Alerts:
Debian DSA-1858-1 imagemagick 2009-08-10
SuSE SUSE-SR:2008:008 wireshark, otrs, xine, xgl, silc-toolkit, lighttpd, tk 2008-04-04
Debian DSA-1454-1 freetype 2008-01-07
Debian DSA-1294-1 xfree86 2007-05-17
Gentoo 200705-10 libXfont 2007-05-08
Gentoo 200705-06 libX11 2007-05-05
Gentoo 200705-02 freetype 2007-05-01
Ubuntu USN-453-2 libx11 2007-04-26
SuSE SUSE-SA:2007:027 XFree86, Xorg 2007-04-20
Slackware SSA:2007-109-01 freetype 2007-04-20
Ubuntu USN-453-1 libx11 2007-04-18
Red Hat RHSA-2007:0157-01 xorg-x11-apps libX11 2007-04-16
Red Hat RHSA-2007:0150-01 freetype 2007-04-16
Mandriva MDKSA-2007:079-1 xorg-x11 2007-04-11
Mandriva MDKSA-2007:080-1 tightvnc 2007-04-10
Mandriva MDKSA-2007:081-1 freetype2 2007-04-10
Fedora FEDORA-2007-427 libX11 2007-04-10
Fedora FEDORA-2007-426 libX11 2007-04-10
Fedora FEDORA-2007-425 xorg-x11-server 2007-04-10
Fedora FEDORA-2007-424 xorg-x11-server 2007-04-10
Fedora FEDORA-2007-423 libXfont 2007-04-09
Fedora FEDORA-2007-422 libXfont 2007-04-09
Foresight FLEA-2007-0009-1 xorg-server, libX11, libXfont 2007-04-05
Mandriva MDKSA-2007:080 tightvnc 2007-04-04
Mandriva MDKSA-2007:081 freetype2 2007-04-04
Mandriva MDKSA-2007:079 xorg-x11 2007-04-04
rPath rPSA-2007-0065-1 freetype 2007-04-04
Ubuntu USN-448-1 freetype, libxfont, xorg, xorg-server 2007-04-03
Red Hat RHSA-2007:0132-01 libXfont 2007-04-03
Red Hat RHSA-2007:0127-01 xorg-x11-server 2007-04-03
Red Hat RHSA-2007:0126-01 X.org 2007-04-03
Red Hat RHSA-2007:0125-01 XFree86 2007-04-03

Comments (none posted)

zope: cross-site scripting

Package(s):zope CVE #(s):CVE-2007-0240
Created:April 3, 2007 Updated:April 5, 2007
Description: A cross-site scripting vulnerability in Zope, a web application server, could allow an attacker to inject arbitrary HTML and/or JavaScript into the victim's web browser by using unspecified vectors in a HTTP GET request. This code would run within the security context of the web browser, potentially allowing the attacker to access private data such as authentication cookies, or to affect the rendering or behavior of Zope web pages.
Alerts:
Debian DSA-1275-1 zope2.7 2007-04-02

Comments (1 posted)

zziplib: buffer overflow

Package(s):zziplib CVE #(s):CVE-2007-1614
Created:April 4, 2007 Updated:September 5, 2007
Description: dmcox discovered a boundary error in the zzip_open_shared_io() function from zzip/file.c . A remote attacker could entice a user to run a zziplib function with an overly long string as an argument which would trigger the buffer overflow and may lead to the execution of arbitrary code.
Alerts:
Debian-Testing DTSA-56-1 zziplib 2007-09-04
Mandriva MDKSA-2007:093 zziplib 2007-04-23
Gentoo 200704-05 zziplib 2007-04-03

Comments (none posted)

Page editor: Jonathan Corbet

Kernel development

Brief items

Kernel release status

The current 2.6 prepatch is 2.6.21-rc5, released on March 25. It contains a number of fixes, including a set for timer-related regressions. Says Linus: "Those timer changes ended up much more painful than anybody wished for, but big thanks to Thomas Gleixner for being on it like a weasel on a dead rat, and the regression list has kept shrinking." See the long-format changelog for the details.

The current -mm tree is 2.6.21-rc5-mm3, released on March 30. (see below).

The current stable 2.6 kernel is 2.6.20.4, released on March 23.

For older kernels: 2.6.16.46 was released with several fixes and some USB work on March 31. (see below).

In the 2.4 world, 2.4.34.2 was released on March 24; it only contains two changes. 2.4.35-pre2 is also out with a rather larger set of fixes.

Comments (none posted)

Kernel development news

Quote of the week

I find that the key to understanding kernel code is to understand the data structures and the relationships between them. Once you have that in your head, the code tends to just fall out. Hence there is good maintainability payoff in putting work into documenting the struct, its fields, the relationship between this struct and other structs, and any and all locking requirements.

<wonders wtf "ticks" does>

-- Andrew Morton

Comments (3 posted)

A summary of 2.6.21 API changes

The 2.6.21 kernel release is getting closer, so it makes sense to review the internal API changes which have been made in this development cycle. As always, this information will eventually find its way to the LWN 2.6 kernel API changes page.

  • Sysfs now supports the concept of "shadow directories" - multiple versions of a directory with the same name. This feature is to be used with container applications, allowing each namespace to have resources (network interfaces, for example) with the same name. To that end, two new functions have been added: 

         int sysfs_make_shadowed_dir(struct kobject *kobj,
	          void *(*follow_link)(struct dentry *, 
                                       struct nameidata *));
     struct dentry *sysfs_create_shadow_dir(struct kobject *kobj);

    sysfs_make_shadowed_dir() takes the existing directory for a kobject and makes it shadowed - capable of having multiple instantiations. The follow_link() method must be able to pick out the right version for any given situation. A call to sysfs_create_shadow_dir() will create a new instantiation for a directory which has been made shadowed.

  • Quite a few kobject functions - kobject_init(), kobject_del(), kobject_unregister(), kset_register(), kset_unregister(), subsystem_register(), subsystem_unregister(), and subsys_create_file() - now return harmlessly if passed a NULL pointer.

  • Many kernel subsystems which once used class_device structures have been changed to use struct device instead; this work is toward a long-term goal of getting rid of the class tree and having a single device tree in sysfs.

  • There is a new function: 

         int device_schedule_callback(struct device *dev, 
                                  void (*func)(struct device *))

    This function will arrange for func() to be called at some future time in process context. It's meant to enable device attributes to unregister themselves, but one can imagine other applications as well.

  • The ALSA system on chip ("ASoC") layer provides extensive support for the implementation of sound drivers on embedded systems; see the documentation files packaged with the kernel for details.

  • Significant changes have been made to the crypto support interface.

  • The device resource management patches, making a lot of driver code easier to write, have been merged.

  • The DMA memory zone (ZONE_DMA) is now optional and may not be present in all kernels.

  • The local_t type has been made consistent across architectures and has gained some documentation.

  • The nopfn() address space operation can now return NOPFN_REFAULT to indicate that the faulting instruction should be re-executed.

  • A new function, vm_insert_pfn(), enables the insertion of a new page into a process's address space by page-frame number.

  • A new driver API for general-purpose I/O signals has been added.

  • The sysctl code has been heavily reworked, leading to a number of internal API changes.

  • The clockevents and dynamic tick patches have been merged. Most code will not require changes, but kernel developers should be aware of code which depends on jiffies.

Comments (none posted)

Video4Linux2 part 5b: format negotiation

The LWN.net Video4Linux2 API series.
This article is a continuation of the irregular LWN series on writing video drivers for Linux. The introductory article describes the series and contains pointers to the previous articles. In the last episode, we looked at how the Video4Linux2 API describes video formats: image sizes and the representation of pixels within them. This article will complete the discussion by describing the process of coming to an agreement with an application on an actual video format supported by the hardware.

As we saw in the previous article, there are many ways of representing image data in memory. There is probably no video device on the market which can handle all of the formats understood by the Video4Linux interface. Drivers are not expected to support formats not understood by the underlying hardware; in fact, performing format conversions within the kernel is explicitly frowned upon. So the driver must make it possible for the application to select a format which works with the hardware.

The first step is to simply allow the application to query the supported formats. The VIDIOC_ENUM_FMT ioctl() is provided for the purpose; within the driver this command turns into a call to this callback (if a video capture device is being queried): 

    int (*vidioc_enum_fmt_cap)(struct file *file, void *private_data,
			       struct v4l2_fmtdesc *f);

This callback will ask a video capture device to describe one of its formats. The application will pass in a v4l2_fmtdesc structure: 

    struct v4l2_fmtdesc
    {
	__u32		    index;
	enum v4l2_buf_type  type;
	__u32               flags;
	__u8		    description[32];
	__u32		    pixelformat;
	__u32		    reserved[4];
    };

The application will set the index and type fields. index is a simple integer used to identify a format; like the other indexes used by V4L2, this one starts at zero and increases to the maximum number of formats supported. An application can enumerate all of the supported formats by incrementing the index value until the driver returns EINVAL. The type field describes the data stream type; it will be V4L2_BUF_TYPE_VIDEO_CAPTURE for a video capture (camera or tuner) device.

If the index corresponds to a supported format, the driver should fill in the rest of the structure. The pixelformat field should be the fourcc code describing the video representation and description a short textual description of the format. The only defined value for the flags field is V4L2_FMT_FLAG_COMPRESSED, which indicates a compressed video format.

The above callback is for video capture devices; it will only be called when type is V4L2_BUF_TYPE_VIDEO_CAPTURE. The VIDIOC_ENUM_FMT call will be split out into different callbacks depending on the type field: 

    /* V4L2_BUF_TYPE_VIDEO_OUTPUT */
    int (*vidioc_enum_fmt_video_output)(file, private_date, f);

    /* V4L2_BUF_TYPE_VIDEO_OVERLAY */
    int (*vidioc_enum_fmt_overlay)(file, private_date, f);

    /* V4L2_BUF_TYPE_VBI_CAPTURE */
    int (*vidioc_enum_fmt_vbi)(file, private_date, f);

    /* V4L2_BUF_TYPE_SLICED_VBI_CAPTURE */ */
    int (*vidioc_enum_fmt_vbi_capture)(file, private_date, f);

    /* V4L2_BUF_TYPE_VBI_OUTPUT */
    /* V4L2_BUF_TYPE_SLICED_VBI_OUTPUT */
    int (*vidioc_enum_fmt_vbi_output)(file, private_date, f);

    /* V4L2_BUF_TYPE_VIDEO_PRIVATE */
    int (*vidioc_enum_fmt_type_private)(file, private_date, f);

The argument types are the same for all of these calls. It's worth noting that drivers can support special buffer types with codes starting with V4L2_BUF_TYPE_PRIVATE, but that would clearly require a special understanding on the application side. For the purposes of this article, we will focus on video capture and output devices; the other types of video devices will be examined in future installments.

The application can find out how the hardware is currently configured with the VIDIOC_G_FMT call. The argument passed in this case is a v4l2_format structure: 

    struct v4l2_format
    {
	enum v4l2_buf_type type;
	union
	{
		struct v4l2_pix_format		pix;
		struct v4l2_window		win;
		struct v4l2_vbi_format		vbi;
		struct v4l2_sliced_vbi_format	sliced;
		__u8	raw_data[200];
	} fmt;
    };

Once again, type describes the buffer type; the V4L2 layer will split this call into one of several driver callbacks depending on that type. For video capture devices, the callback is: 

    int (*vidioc_g_fmt_cap)(struct file *file, void *private_data,
    			    struct v4l2_format *f);

For video capture (and output) devices, the pix field of the union is of interest. This is the v4l2_pix_format structure seen in the previous installment; the driver should fill in that structure with the current hardware settings and return. This call should not normally fail unless something is seriously wrong with the hardware.

The other callbacks are: 

    int (*vidioc_s_fmt_overlay)(file, private_data, f);
    int (*vidioc_s_fmt_video_output)(file, private_data, f);
    int (*vidioc_s_fmt_vbi)(file, private_data, f);
    int (*vidioc_s_fmt_vbi_output)(file, private_data, f);
    int (*vidioc_s_fmt_vbi_capture)(file, private_data, f);
    int (*vidioc_s_fmt_type_private)(file, private_data, f);

The vidioc_s_fmt_video_output() callback uses the same pix field in the same way as capture interfaces do.

Most applications will eventually want to configure the hardware to provide a format which works for their purpose. There are two interfaces provided for changing video formats. The first of these is the VIDIOC_TRY_FMT call, which, within a V4L2 driver, turns into one of these callbacks: 

    int (*vidioc_try_fmt_cap)(struct file *file, void *private_data,
			      struct v4l2_format *f);
    int (*vidioc_try_fmt_video_output)(struct file *file, void *private_data,
			      	       struct v4l2_format *f);
    /* And so on for the other buffer types */

To handle this call, the driver should look at the requested video format and decide whether that format can be supported by the hardware or not. If the application has requested something impossible, the driver should return -EINVAL. So, for example, a fourcc code describing an unsupported format or a request for interlaced video on a progressive-only device would fail. On the other hand, the driver can adjust size fields to match an image size supported by the hardware; normal practice is to adjust sizes downward if need be. So a driver for a device which only handles VGA-resolution images would change the width and height parameters accordingly and return success. The v4l2_format structure will be copied back to user space after the call; the driver should update the structure to reflect any changed parameters so the application can see what it is really getting.

The VIDIOC_TRY_FMT handlers are optional for drivers, but omitting this functionality is not recommended. If provided, this function is callable at any time, even if the device is currently operating. It should not make any changes to the actual hardware operating parameters; it is just a way for the application to find out what is possible.

When the application wants to change the hardware's format for real, it does a VIDIOC_S_FMT call, which arrives at the driver in this form: 

    int (*vidioc_s_fmt_cap)(struct file *file, void *private_data,
    			    struct v4l2_format *f);
    int (*vidioc_s_fmt_video_output)(struct file *file, void *private_data,
    			             struct v4l2_format *f);

Unlike VIDIOC_TRY_FMT, this call cannot be made at arbitrary times. If the hardware is currently operating, or if it has streaming buffers allocated (a topic for yet another future installment), changing the format could lead to no end of mayhem. Consider what happens, for example, if the new format is larger than the buffers which are currently in use. So the driver should always ensure that the hardware is idle and fail the request (with -EBUSY) if not.

A format change should be atomic - it should change all of the parameters to match the request or none of them. Once again, image size parameters can be adjusted by the driver if need be. The usual form of these callbacks is something like this: 

    int my_s_fmt_cap(struct file *file, void *private, 
                     struct v4l2_format *f)
    {
	struct mydev *dev = (struct mydev *) private;
	int ret;

	if (hardware_busy(mydev))
	    return -EBUSY;
	ret = my_try_fmt_cap(file, private, f);
	if (ret != 0)
	    return ret;
	return tweak_hardware(mydev, &f->fmt.pix);
    }

Using the VIDIOC_TRY_FMT handler avoids duplication of code and gets rid of any excuse for not implementing that handler in the first place. If the "try" function succeeds, the resulting format is known to work and can be programmed directly into the hardware.

There are a number of other calls which influence how video I/O is done. Future articles will look at some of them. Support for setting formats is enough to enable applications to start transferring images, however, and that is what the purpose of all this structure is in the end. So the next article, hopefully to come after a shorter delay than happened this time around, will get into support for reading and writing video data.

Comments (2 posted)

A peek at the DragonFly Virtual Kernel (part 1)

March 29, 2007

This article was contributed by Aggelos Economopoulos

In this article, we will describe several aspects of the architecture of DragonFly BSD's virtual kernel infrastructure, which allows the kernel to be run as a user-space process. Its design and implementation is largely the work of the project's lead developer, Matthew Dillon, who first announced his intention of modifying the kernel to run in userspace on September 2nd 2006. The first stable DragonFlyBSD version to feature virtual kernel (vkernel) support was DragonFly 1.8, released on January 30th 2007.

The motivation for this work (as can be found in the initial mail linked to above) was finding an elegant solution to one immediate and one long term issue in pursuing the project's main goal of Single System Image clustering over the Internet. First, as any person who is familiar with distributed algorithms will attest, implementing cache coherency without hardware support is a complex task. It would not be made any easier by enduring a 2-3 minute delay in the edit-compile-run cycle while each machine goes through the boot sequence. As a nice side effect, userspace programming errors are unlikely to bring the machine down and one has the benefit of working with superior debugging tools (and can more easily develop new ones).

The second, long term, issue that virtual kernels are intended to address is finding a way to securely and efficiently dedicate system resources to a cluster that operates over the (hostile) Internet. Because a kernel is a more or less standalone environment, it should be possible to completely isolate the process a virtual kernel runs in from the rest of the system. While the problem of process isolation is far from solved, there exist a number of promising approaches. One option, for example, would be to use systrace (refer to [Provos03]) to mask-out all but the few (and hopefully carefully audited) system calls that the vkernel requires after initialization has taken place. This setup would allow for a significantly higher degree of protection for the host system in the event that the virtualized environment was compromised. Moreover, the host kernel already has well-tested facilities for arbitrating resources, although these facilities are not necessarily sufficient or dependable; the CPU scheduler is not infallible and mechanisms for allocating disk I/O bandwidth will need to be implemented or expanded. In any case, leveraging preexisting mechanisms reduces the burden on the project's development team, which can't be all bad.

Preparatory work

Getting the kernel to build as a regular, userspace, elf executable required tidying up large portions of the source tree. In this section we will focus on the two large sets of changes that took place as part of this cleanup. The second set might seem superficial and hardly worthy of mention as such, but in explaining the reason that lead to it, we shall discuss an important decision that was made in the implementation of the virtual kernel.

The first set of changes was separating machine dependent code to platform- and CPU-specific parts. The real and virtual kernels can be considered to run on two different platforms; the first is (only, as must reluctantly be admitted) running on 32-bit PC-style hardware, while the second is running on a DragonFly kernel. Regardless of the differences between the two platforms, both kernels expect the same processor architecture. After the separation, the cpu/i386 directory of the kernel tree is left with hand-optimized assembly versions of certain kernel routines, headers relevant only to x86 CPUs and code that deals with object relocation and debug information. The real kernel's platform directory (platform/pc32) is familiar with things like programmable interrupt controllers, power management and the PC bios (that the vkernel doesn't need), while the virtual kernel's platform/vkernel directory is happily using the system calls that the real kernel can't have. Of course this does not imply that there is absolutely no code duplication, but fixing that is not a pressing problem.

The massive second set of changes involved primarily renaming quite a few kernel symbols so that there are no clashes with the libc ones (e.g. *printf(), qsort, errno etc.) and using kdev_t for the POSIX dev_t type in the kernel. As should be plain, this was a prerequisite for having the virtual kernel link with the standard C library. Given that the kernel is self-hosted (this means that, since it cannot generally rely on support software after it has been loaded, the kernel includes its own helper routines), one can question the decision of pulling in all of libc instead of simply adding the (few) system calls that the vkernel actually uses. A controversial choice at the time, it prevailed because it was deemed that it would allow future vkernel code to leverage the extended functionality provided by libc. Particularly, thread-awareness in the system C library should accommodate the (medium term) plan to mimic multi-processor operation by the use of one vkernel thread for each hypothetical CPU. It is safe to say that if the plan is materialized, linking against libc will prove to be a most profitable tradeoff.

The Virtual Kernel

In this section, we will study the architecture of the virtual kernel and the design choices made in its development, focusing on its differences from a kernel running on actual hardware. In the process, we'll need to describe the changes made in the real (host) kernel code, specifically in order to support a DragonFly kernel running as a user process.

Address Space Model

The first design choice made in the development of the vkernel is that the whole virtualized environment is executing as part of the same real-kernel process. This imposes well defined limits on the amount of real-kernel resources that may be consumed by it and makes containment straightforward. Processes running under the vkernel are not in direct competition with host processes for cpu time and most parts of the bookkeeping that is expected from a kernel during the lifetime of a process are handled by the virtual kernel. The alternative[1], running each vkernel process[2] in the context of a real kernel process, imposes extra burden on the host kernel and requires additional mechanisms for effective isolation of vkernel processes from the host system. That said, the real kernel still has to deal with some amount of VM work and reserve some memory space that is proportional to the number of processes running under the vkernel. This statement will be made clear after we examine the new system calls for the manipulation of vmspace objects.

In the kernel, the main purpose of a vmspace object is to describe the address space of one or more processes. Each process normally has one vmspace, but a vmspace may be shared by several processes. An address space is logically partitioned into sets of pages, so that all pages in a set are backed by the same VM object (and are linearly mapped on it) and have the same protection bits. All such sets are represented as vm_map_entry structures. VM map entries are linked together both by a tree and a linked list so that lookups, additions, deletions and merges can be performed efficiently (with low time complexity). Control information and pointers to these data structures are encapsulated in the vm_map object that is contained in every vmspace (see the diagram below).

[diagram]

A VM object (vm_object) is an interface to a data store and can be of various types (default, swap, vnode, ...) depending on where it gets its pages from. The existence of shadow objects somewhat complicates matters, but for our purposes this simplified model should be sufficient. For more information you're urged to have a look at the source and refer to [McKusick04] and [Dillon00].

In the first stages of the development of vkernel, a number of system calls were added to the kernel that allow a process to associate itself with more than one vmspace. The creation of a vmspace is accomplished by vmspace_create(). The new vmspace is uniquely identified by an arbitrary value supplied as an argument. Similarly, the vmspace_destroy() call deletes the vmspace identified by the value of its only parameter. It is expected that only a virtual kernel running as a user process will need access to alternate address spaces. Also, it should be made clear that while a process can have many vmspaces associated with it, only one vmspace is active at any given time. The active vmspace is the one operated on by mmap()/munmap()/madvise()/etc.

The virtual kernel creates a vmspace for each of its processes and it destroys the associated vmspace when a vproc is terminated, but this behavior is not compulsory. Since, just like in the real kernel, all information about a process and its address space is stored in kernel memory[3], the vmspace can be disposed of and reinstantiated at will; its existence is only necessary while the vproc is running. One can imagine the vkernel destroying the vproc vmspaces in response to a low memory situation in the host system.

When it decides that it needs to run a certain process, the vkernel issues a vmspace_ctl() system call with an argument of VMSPACE_CTL_RUN as the command (currently there are no other commands available), specifying the desired vmspace to activate. Naturally, it also needs to supply the necessary context (values of general purpose registers, instruction/stack pointers, descriptors) in which execution will resume. The original vmspace is special; if, while running on an alternate address space, a condition occurs which requires kernel intervention (for example, a floating point operation throws an exception or a system call is made), the host kernel automatically switches back to the previous vmspace handing over the execution context at the time the exceptional condition caused entry into the kernel and leaving it to the vkernel to resolve matters. Signals by other host processes are likewise delivered after switching back to the vkernel vmspace.

Support for creating and managing alternate vmspaces is also available to vkernel processes. This requires special care so that all the relevant code sections can operate in a recursive manner. The result is that vkernels can be nested, that is, one can have a vkernel running as a process under a second vkernel running as a process under a third vkernel and so on. Naturally, the overhead incurred for each level of recursion does not make this an attractive setup performance-wise, but it is a neat feature nonetheless.

The previous paragraphs have described the background of vkernel development and have given a high-level overview of how the vkernel fits in with the abstractions provided by the real kernel. We are now ready to dive into the most interesting parts of the code, where we will get acquainted with a new type of page table and discuss the details of FPU virtualization and vproc <->; vkernel communication. But this discussion needs an article of its own, therefore it will have to wait for a future week.

Bibliography

[McKusick04] The Design and Implementation of the FreeBSD Operating System, Kirk McKusick and George Neville-Neil

[Dillon00] Design elements of the FreeBSD VM system Matthew Dillon

[Lemon00]  Kqueue: A generic and scalable event notification facility Jonathan Lemon

[AST06] Operating Systems Design and Implementation,Andrew Tanenbaum and Albert Woodhull.

[Provos03]  Improving Host Security with System Call PoliciesNiels Provos

[Stevens99] UNIX Network Programming, Volume 1: Sockets and XTI, Richard Stevens.

Notes

[1]

There are of course other alternatives, the most obvious one being having one process for the virtual kernel and another for contained processes, which is mostly equivalent to the choice made in DragonFly.

[2]

A process running under a virtual kernel will also be referred to as a "vproc" to distinguish it from host kernel processes.

[3]

The small matter of the actual data belonging to the vproc is not an issue, but you will have to wait until we get to the RAM file in the next subsection to see why.

Comments (4 posted)

Patches and updates

Kernel trees

Andrew Morton 2.6.21-rc5-mm3 ?
Greg KH 2.6.20-stable review ?
Adrian Bunk Linux 2.6.16.46 ?

Architecture-specific

Rusty Russell [PATCH] Cleanup: i386 separate hardware-defined TSS from Linux additions ?
Dan Williams iop13xx msi support and a couple msi cleanups ?
Jeremy Fitzhardinge i386 gdt and percpu cleanups ?
Rusty Russell Use X86_EFLAGS_IF in x86-64/irqflags.h. ?
Daniel Walker clocksource: arm initialize list value ?
Chris Wright x86_64: enable clockevents and dynticks ?
Cornelia Huck uevent_suppress handling. ?
Tony Lindgren Post 2.6.21 OMAP update ?

Build system

Mark Fasheh ocfs2 fixes ?

Core kernel code

Nick Piggin nicksched v33 ?
Christoph Hellwig kprobes: use hlist_for_each_entry ?
Gautham R Shenoy Enhance process freezer interface for usage beyond software suspend ?
Alexey Dobriyan Introduce cpuid_on_cpu() and cpuid_eax_on_cpu() ?
Alexey Dobriyan Simplify module_get_kallsym() by dropping length arg ?
Jeremy Fitzhardinge Revised softlockup watchdog improvement patches ?
Kyle Moffett Darwinux: Binary compat support for Mach-O/Darwin in Linux ?
Christoph Hellwig kprobes: use hlist_for_each_entry ?

Development tools

Junio C Hamano GIT 1.5.0.6 ?

Device drivers

Kristen Carlson Accardi Asynchronous Notification for SATA ATAPI devices ?
Dan Williams iop13xx msi support and a couple msi cleanups ?
Ed Lin [SCSI]stex: fix id mapping issue ?
Divy Le Ray cxgb3 - bug fixes ?
Sumant Patro scsi: megaraid_sas - intercepts cmd timeout and throttle io ?
Kristen Carlson Accardi Asynchronous Notification for SATA ATAPI devices ?
Greg KH [patch 01/37] ide: clear bmdma status in ide_intr() for ICHx controllers (revised #4) ?

Filesystems and block I/O

davi@haxent.com.br pollfs: a naive filesystem for pollable objects ?
Davide Libenzi signal/timer/event fds v9 - anonymous inode source ... ?

Janitorial

Uwe Kleine-König fix file specification in comments ?
Jeff Dike UML - cleanups ?
Jeremy Fitzhardinge i386 gdt and percpu cleanups ?

Memory management

Christoph Lameter SLUB: The unqueued slab allocator V6 ?
Christoph Lameter Generic Virtual Memmap suport for SPARSEMEM ?
Christoph Lameter x86_64: Switch to SPARSE_VIRTUAL ?
Jeremy Fitzhardinge paravirt_ops updates ?
Jan Beulich [PATCH] x86: tighten kernel image page access rights (v2, against firstfloor tree) ?
Benjamin Herrenschmidt Pass MAP_FIXED down to get_unmapped_area ?

Networking

Divy Le Ray cxgb3 - bug fixes ?

Security-related

Tasos Parisinos crypto: RSA algorithm patch (kernel version 2.6.21-rc5-git6) ?

Virtualization and containers

Avi Kivity kvm updates for 2.6.22 ?

Miscellaneous

Tejun Heo Lifetime problems of the current driver model ?
Tasos Parisinos crypto: RSA algorithm patch (kernel version 2.6.21-rc5-git6) ?
Jan Engelhardt Assorted patches ?

Page editor: Jonathan Corbet

Distributions

News and Editorials

A look at the BackTrack security distribution

April 4, 2007

This article was contributed by Jake Edge.

The BackTrack distribution, which just released its 2.0 version, helps organize security tools into a live CD package that will be helpful to anyone faced with security oriented tasks. Hundreds of open source security tools exist and it can be difficult to sort through them and determine what they are used for; BackTrack can help by providing one-stop shopping and a well organized interface that categorizes the tools by the task they are focused on. BackTrack seems well suited to its stated goal of being the distribution of choice for penetration testers and other security professionals.

BackTrack screenshot

Based on SLAX, a live CD version of Slackware, BackTrack can boot directly from CD or USB stick and once it is up, the user can start KDE or Fluxbox to provide a GUI interface. As part of a test drive of BackTrack, the author started up the KDE interface and found it to be well organized, especially the Applications menu (see screenshot). The Firefox and Konqueror bookmark toolbar customizations, with buttons for several security oriented websites, was quite useful as well. SLAX seemingly had no trouble with the author's off-brand laptop nor on several desktop machines that it was tried on. The X server handled high resolution screens (up to 1600x1200) with aplomb unlike other live CD distributions that have been booted over the years.

The selection of tools is where BackTrack truly shines. More than 300 up-to-date tools for everything from network mapping, through password cracking to digital forensics are available. Wireless network sniffing and packet injection are areas that BackTrack has clearly focused on. Using the 2.6.20 kernel and a variety of patched wireless drivers, BackTrack makes wireless penetration and fuzz testing easy. Bluetooth hacking is supported as well. The wiki provides a list of the security tools included for anyone who wants to ensure their favorite will be available before booting BackTrack.

BackTrack also provides the now standard ability to write to the ostensibly read-only root filesystem using unionfs, but it extends that to be able to write data back to the media itself if it has multi-session capabilities. It also has some other unique features including the ability to provide a BackTrack image for other machines to boot over the network via PXE. The PXE boot can be combined with 'John the Ripper' to create a password cracking cluster.

The BackTrack developers have also pre-configured some of the tools like Snort, kismet, Metasploit and others to allow folks to more quickly use those tools. Perhaps the 'swiss army knife' metaphor is overused, but this distribution certainly seems to fit that bill. There are other distributions with a similar focus (a year old list can be found here), but it will be hard to find one as up-to-date and as comprehensive as BackTrack 2.0.

Comments (1 posted)

New Releases

Fedora 7 Test 3

The third Fedora 7 test release is out. "Test 3 is for early adopters. Most things should work and we need to your help to find what is broken." Lots of packages have been updated, and a bleeding-edge 2.6.21-rc5 kernel is included.

Full Story (comments: none)

Mandriva Linux 2007 Spring RC3 released

Mandriva Linux 2007 Spring RC3 "Beijing" is now available. "Beijing features fixes to all major bugs in previous betas and release candidates, the final version of GNOME 2.18, and the full feature set intended for the final release."

Full Story (comments: none)

MontaVista Linux Professional Edition 5.0

MontaVista Software has announced the release of MontaVista Linux Professional Edition 5.0. "MontaVista Linux Professional Edition 5.0 release establishes a number of Linux firsts for real-time performance. Building on the highly successful real-time capabilities MontaVista pioneered in previous offerings, MontaVista Linux Professional Edition 5.0 is first to include the latest advancements in real time technology. These advanced capabilities include high resolution timers and other native Linux real-time enhancements lead by Linux kernel maintainer Ingo Molnar and enable developers to deliver a more reliable, higher quality end-user experience."

Comments (none posted)

SimplyMEPIS 6.5 Final Offers Many Updates For 6.0 Users

SimplyMEPIS 6.5 for 32 and 64 bit Intel and AMD based PCs and MacTels has been released by MEPIS. 6.5 started as a minor update to the Ubuntu pool compatible 6.0 release of SimplyMEPIS but the project quickly expanded to add the 7.1 X window manager, newer display and wireless drivers, Mac Intel support, Amarok music player with music store and mtp support, and the experimental Beryl 3D desktop.

Comments (none posted)

Distribution News

Debian Etch release schedule

Andreas Barth has an update on the Etch release, which should be soon. "The most important step that remains to be done is to finalize the release notes, skim through the update reports and - well, fix the last remaining few blockers. Etch is of a very good technical quality, and we just need to polish a few remaining issues."

Full Story (comments: none)

Debian security updates via IPv6

Martin "Joey" Schulze reports that security updates for Debian GNU/Linux are officially available via IPv6 in addition to the existing IPv4 mirrors.

Comments (none posted)

Fourth call for votes for the debian project leader election 2007

This is the fourth call for votes in this year's Debian Project Leader election. "At the time of writing, a couple of minutes into the third (and final) week of the vote, we are doing OK with regards to voter participation, all things considered. The big story in this election seems to be the debacle of the letter ë. This mostly impacts people sending in in-line OpenPGP signed ballots, since helpful MUAs and MTA in the path then "protect" the non-7bit clean message body, which mucks up the cryptographic check of the ballot."

Full Story (comments: none)

Announcing the Smith Review Project: proofreading English in Debian packages texts

The Smith Review Project is a new Debian project that aims to review all English texts associated with Debian packages, namely debconf templates, manual pages and package descriptions. "The project is named Smith because every nice project must have a name and Smith is a commonly accepted "common name" for people in English-speaking parts of the world. It also opens possibilities to play on words with "blacksmith", "wordsmith" and the like. The project also has a three-letter acronym name (SRP) which is mandatory in Free Software projects." Contributors with good skills in the English language and good writing ability are welcome to join the project by subscribing to the debian-l10n-english mailing list.

Full Story (comments: none)

DebConf7 - Reconfirmation phase started

Anyone who is planning on going to DebConf7 in Edinburgh should reconfirm their attendance by May 3, 2007.

Full Story (comments: none)

Mandriva Linux 2006 nearing EOL

According to the Mandriva End of Life Policy, Mandriva Linux 2006 will not be receiving security updates as of April 13, 2007.

Full Story (comments: none)

Distribution Newsletters

Fedora Weekly News Issue 81

This edition of the Fedora Weekly News covers the Fedora 7 Test 3 announcement, the March 27 meeting of the board, Presto debut, missing /dev/hdX devices, FC6 NetworkManager gets some love, LSB Compliance of Initscripts, and several other topics.

Full Story (comments: none)

Foresight Linux Newsletter Volume 1, Issue 1

The first edition of the Foresight Linux Newsletter is out. This edition covers March 2007 with reports on what's happening with Foresight Linux, including information on the latest release, security updates, tips and tricks, what's in development and Foresight in the press.

Comments (none posted)

Ubuntu Weekly News: Issue #34

In this edition of the Ubuntu Weekly Newsletter Canonical is looking to hire a user interface developer, a new way to ask for a program to be packaged, Ubuntu Receives PC Welt Editor's Choice Award, easy-to-install Codec Wizards, and much more.

Full Story (comments: none)

DistroWatch Weekly, Issue 196

The DistroWatch Weekly for April 2, 2007 is out. "April is traditionally one of the most exciting months on the distribution release calendar and this year will be no different - Mandriva, Debian, Ubuntu, Fedora, and possibly Gentoo and Slackware are all getting ready for delivering their latest and greatest later this month. In other news, Arch Linux 0.8 hits the download mirrors, Foresight Linux publishes its first monthly newsletter, the developers of GParted LiveCD have released a new "Clonezilla" edition, and Oracle prepares for the upcoming release of Enterprise Linux 5. Also in this issue: an overview of PCLinuxOS and MEPIS Linux as part of the update to our "Top Ten Distributions" page. Finally, we are pleased to announce that the recipient of the DistroWatch.com March 2007 donation is the CentOS project."

Comments (none posted)

Newsletters and articles of interest

Building DVD Images Of Ubuntu Repositories (HowtoForge)

HowtoForge has a tutorial on creating DVD images of Debian or Ubuntu. "Ubuntu doesn't offer DVDs ready to download with its main, universe, multiverse and/or restricted repositories. With the contents of this howto you can do it yourself. Having the Ubuntu or Debian repositories on DVD can be useful for those users who don't have access to the Internet where they have their Ubuntu installed but have access somewhere else to download the repository and build and burn the DVDs."

Comments (none posted)

Distribution reviews

Ubuntu 7.04 (Feisty Fawn) Beta Preview (Only Ubuntu)

The Only Ubuntu blog has a preview of the Ubuntu 7.04 (Feisty Fawn) beta. "The Ubuntu developers are moving very quickly to bring you the absolute latest and greatest software the Open Source Community has to offer. This is the Ubuntu 7.04 Beta and it comes packed with a whole host of excellent new features including the released GNOME 2.18, the 2.6.20 kernel and much more."

Comments (none posted)

Page editor: Rebecca Sobol

Development

GAFFitter: the Genetic Algorithm File Fitter

GAFFitter is a command line utility which can be run against directory trees to create groups of files that fit on media of a specified size:

Genetic Algorithm File Fitter (gaffitter) is a command-line software written in C++ that extracts --via Genetic Algorithm-- subsets of an input list of files/directories that best fit the given volume size (target), such as CD, DVD and others. It is initially designed to run under Linux and POSIX systems, but easily portable to non-POSIX operating environment. Using GA search, gaffitter improve different combinations of the files on the list so that the lost of space will be minimized. Ideal to be used for backups/records in CD, DVD and others.
[GAFFitter]

Installation of GAFFitter was easy, the software was downloaded here in tar.bz2 form. Building involved the usual bunzip2, tar, make and make install steps. This all worked without problems on an Ubuntu Edgy Eft system that had the usual software build tools installed.

The GAFFitter usage instructions give an idea of the various ways that the application can be run. An example run was tried on a collection of music files, GAFFitter did a good job of producing packed lists that would fit on a series of 700MB CDs.

Version 0.5.1 of GAFFitter was announced on March 28, 2007: "This release fixes a bug (uninitialized variable) and changes the default behavior of GAFFitter, which now extracts the volumes as much as possible (unlimited iterations)."

GAFFitter is a useful tool that can help to efficiently solve the problem of fitting large collections of files onto fixed-sized media. It is useful by itself, and can be incorporated into higher-level applications, as shown by this example integration script for the K3B multimedia utility. If you need to efficiently pack some files for archival, give it a try.

Comments (5 posted)

System Applications

Database Software

pgAdmin 1.6.3 released

Version 1.6.3 of pgAdmin is out with bug fixes. "The pgAdmin Development Team are pleased to announce the release of pgAdmin 1.6.3, the Open Source graphical PostgreSQL administration tool for Windows, Linux, FreeBSD , Mac OS X and Solaris".

Comments (none posted)

SQLite 3.3.14 released

Version 3.3.14 of the SQLite DBMS is out. "This version focuses on performance improvements. If you recompile the amalgamation using GCC option -O3 (the precompiled binaries use -O2) you may see performance improvements of 35% or more over version 3.3.13 depending on your workload. This version also adds support for exclusive access mode."

Comments (none posted)

Emulating Analytic (AKA Ranking) Functions with MySQL (O'ReillyNet)

Stéphane Faroult discusses the emulation of analytic functions in MySQL on O'Reilly. "One of the most hailed extensions brought to SQL in recent years has been these functions that Oracle calls analytic functions, DB2 calls OLAP functions, and SQL Server 2005 calls ranking functions--but which MySQL, so far, still lacks. The good news is that they can be (relatively) easily and efficiently emulated."

Comments (none posted)

Mail Software

Postfix 2.5 snapshot 20070402

Experimental release snapshot 20070402 of the Postfix 2.5 mail transfer agent is out. See the change log file for details.

Comments (none posted)

Web Site Development

Contineo 2.5.0 released

Version 2.5.0 of Contineo, a web-based document management system, has been released. "This release comes with many new features like skin (theme) support, right inheritance, valid XHTML page generation, limiting setup access to admin user, Italian and Spanish document search support, etc. The new version also brings an updated and extended technology platform, so that new versions should be easier to develop."

Full Story (comments: none)

A New, Improved Visualization for Web Server Logs (O'ReillyNet)

Raju Varghese presents part two in a series on visualizing web server log files in 3D. "In my last article I showed how web server logfiles can be visualized as a 3D plot with the help of Perl and gnuplot. In this article we will enhance the plot in several ways. The main things we will introduce are color and evening out of the plot."

Comments (none posted)

Desktop Applications

Audio Applications

JackMix 0.3 hits the shelfs

Version 0.3 of JackMix, a mixer application for the JACK Audio Connection Kit, is out with the following changes: "Inspired by a lot of talking during LAC I have redone the sliders. They still look kind of similar to some vu-meters but I think it isn't that bad anymore. But there are new knobs in this version too. They did get positive feedback during the conference. :-) The knobs from 0.2 didn't seem to scale well. At least not from the usability point. The biggest change is that version 0.3 saves the own state to xml-files which can be read again later. Also adding a filename on the commandline opens that file on startup. This enables version 0.4 to have lash-support."

Full Story (comments: none)

QjackCtl 0.2.22 released

Version 0.2.22 of QjackCtl, the GUI control for the JACK Audio Connection Kit, has been released. This version includes bug fixes and other improvements.

Full Story (comments: none)

Desktop Environments

Creation of a new roadmap for GNOME

A new GNOME roadmap process is being discussed. "In the next few days, all maintainers will receive a mail asking them some questions about their plans for the modules they're maintaining. It's really important that maintainers take the time to correctly reply to this mail. A new team (the Roadmap Gang) will analyse all the replies, and try to keep only the relevant parts for a GNOME-wide roadmap."

Full Story (comments: none)

GNOME Software Announcements

The following new GNOME software has been announced this week: You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week: You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

KDE Commit-Digest

The April 1, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "The beginnings of a KControl module for Decibel configuration make an appearance. Developments in the Subversion plugin for KDevelop. More optimisations in the KJS JavaScript interpreter. Further progress in the KBattleship rewrite. New country maps in KGeography. KRfb, a desktop sharing utility, starts to be ported to KDE 4. A new GStreamer backend for Phonon, and QSR, a search-and-replace utility, are imported into KDE SVN."

Comments (none posted)

Xorg Software Announcements

The following new Xorg software has been announced this week: More information can be found on the X.Org Foundation wiki.

Comments (none posted)

Educational Software

GradeL 0.7.5 released

Version 0.7.5 of GradeL, a grade book automation program for teachers, is available. "After quite a layoff, another version of GradeL has been released. This version fixes some issues and also adds some minor features."

Comments (none posted)

Electronics

gnucap development snapshot 2007-03-29

A development snapshot 2007-03-29 of gnucap, the GNU Circuit Analysis Package, has been announced. "The new one contains tools plugins. For now, there are two plugins to adjust calculation precision. One selects full 80 bit precision on systems that by default round to 64 bit. The other selects 64 bit IEEE compliant math on systems that default to 80 bit. These only work on Intel and AMD 32 bit CPU's."

Comments (none posted)

Icarus Verilog 0.8.4 released

Stable version 0.8.4 of Icarus Verilog, an electronic simulation language compiler, is out with bug fixes.

Comments (none posted)

Financial Applications

SQL-Ledger 2.8.0 released

Release 2.8.0 of SQL-Ledger, a web-based accounting package, is out with a long list of new features. See the What's New document for details.

Comments (none posted)

GUI Packages

wxWidgets 2.8.3 released

Release 2.8.3 of wxWidgets, a cross-platform GUI toolkit, has been announced. "This is mainly a bug fix release; please see changes.txt for details."

Comments (none posted)

Interoperability

Wine 0.9.34 released

Version 0.3.4 of Wine has been announced. Changes include: Support for Xcursor, A range of fixes for various installers, New builtin xcopy tool, The usual assortment of Direct3D fixes, and Lots of bug fixes.

Comments (none posted)

Wine Weekly Newsletter

The March 30, 2007 edition of the Wine Weekly Newsletter is online with coverage of the Wine project. Topics include: CrossOver & Linspire, Road to 1.0, DirectX To-Do List, 0.9.33 Benchmarks, Testing & Older Windows Versions and Wine's Coverity Contact.

Comments (none posted)

Medical Applications

Ultimate EMR launches (LinuxMedNews)

LinuxMedNews covers the release of Ultimate EMR. "Empower Med, Inc. announces the immediate release of Ultimate EMR on Sourceforge.net and Plone.org under the GNU General Public License. Ultimate EMR is the first Plone(tm) based, full-featured, web-enabled Electronic Medical Record software."

Comments (none posted)

GNUmed 0.2.5 released (LinuxMedNews)

LinuxMedNews notes the release of GNUmed version 0.2.5. "The GNUmed team worked hard to release yet another stable version. As features are being added more and more success stories of happy users reach us. For this release GNotary support on backup, improved phrasewheel code, handling of the original filename in the document archive, visual indication of patient birthday, initial KVK (German health insurance card) handling, connection pooling (massive speedup over slow network links), a generalized hooks framework and smart allergies handling has been added."

Comments (none posted)

Office Suites

OpenOffice.org 2.2 released

OpenOffice.org 2.2 is out. "In version 2.2, users will immediately notice the improvement in the quality of text display in all parts of OpenOffice.org. The reason for this is that the previously optional support for kerning, a technique to improve the appearance of text written in proportional fonts, has now been enabled by default. OpenOffice.org's unique pdf export function has also been enhanced with the addition of the optional creation of bookmarks feature, and support for user-definable export of form fields." Click below for the full announcement.

Full Story (comments: 65)

OpenOffice.org Newsletter

The March, 2007 edition of the OpenOffice.org Newsletter is out with the latest OO.o office suite articles and events.

Full Story (comments: none)

Languages and Tools

Caml

Caml Weekly News

The April 3, 2007 edition of the Caml Weekly News is out with new Caml language articles.

Full Story (comments: none)

Java

GCJ improves Eclipse support

Eclipse IDE support has been improved for GCJ the GNU Compiler for Java: "Keith Seitz and Kyle Galloway have made considerable progress on GCJ's implementation of the JDWP. It is now possible to use eclipse to debug interpreted Java code using libgcj as the VM."

Comments (none posted)

Perl

Weekly Perl 6 mailing list summary (O'Reilly)

The March 31, 2007 edition of the Weekly Perl 6 mailing list summary is out with coverage of the latest Perl 6 developments.

Comments (none posted)

Python

Python-URL! - weekly Python news and links

The March 30, 2007 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Python-URL! - weekly Python news and links

The April 2, 2007 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Tcl/Tk

Tcl-URL! - weekly Tcl news and links

The April 3, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

XML

XInclude Processing in XSLT

Erik Wilde discusses XInclude Processing in XSLT on O'Reilly. "Assembling various parts of a document before processing the assembled document is a recurring theme in document processing. XML Inclusions (XInclude) is the W3C standard created to support this scenario, but since it is a standalone specification, it needs to be supported by a piece of software implementing this functionality. The XInclude Processor (XIPr), written in XSLT 2.0, implements XInclude and thus may help to reduce the dependency on numerous software packages if XInclude is used in an environment where XSLT 2.0 is used anyway."

Comments (none posted)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

Stallman, Torvalds, and Novell comment on GPLv3 (Linux.com)

Linux.com has published some comments on the third draft of the GPLv3. "When the second draft of GPLv3 was released, Linus Torvalds was one of its most outspoken critics. Although he stresses that he is giving only a preliminary opinion on GPLv3, and may change his mind as he looks at it more closely, his first response to the third draft is to give it qualified approval. "Is it better?" Torvalds asks rhetorically. "Hell yeah. But it's been limited in ways that at least make it much saner. I'll have to think about it. The language seems cleaner and better than GPLv2 in many places, and many of my 'that is obviously totally idiotic crap' areas have either been improved or seem to have been removed entirely.""

Comments (6 posted)

Companies

Dell Promises Pre-Installed Linux (PC World)

PC World reports on Dell's plans for offering pre-installed Linux systems. "Thanks to requests by its customers, Dell Inc. is going to start offering Linux pre-installed on its PCs and notebooks, the company said Wednesday. Based on customer feedback Dell began soliciting last month, Dell said that top of mind among customers was that the company should begin offering Linux as an alternative to Windows on its personal computers, according to a posting on a company blog. Dell said it "has heard" what customers said and will act accordingly."

Comments (24 posted)

Buy! Buy! Buy! - into Openness (Linux Journal)

Glyn Moody looks at Dell and Linux. "One of the core problems for open source has always been that as a radical force outside the mainstream it is hard for its supporters to influence conventional players there. In part, this was what made Dell's Ideastorm so important: it gave a voice to those hitherto unable to communicate usefully with the company. The effects have been dramatic, with Dell now promising to sell systems with pre-installed GNU/Linux. The question then must be, how can we build on that success to achieve maximum impact?"

Comments (25 posted)

Microsoft’s Linux Woes (Red Herring)

Red Herring considers the effect of the GPLv3 license on Microsoft and Novell. "The new license, if accepted, could isolate Microsoft, as well as Novell, from the rest of the open-source community. What it means it that Novell and Microsoft would have to stay with the GPLv2 license since it would be in violation of the GPLv3 license—and the duo would not be able to take advantage of new developments made under GPLv3. Microsoft reacted to the proposal with concern. “It is unfortunate that the FSF is attempting to use the GPLv3 to prevent future collaboration among industry leaders to benefit customers,” said Horacio Gutierrez, Microsoft’s vice president of intellectual property and licensing, in an email."

Comments (8 posted)

Mozilla and eBay are working together

The Mozilla Corporation has announced a partnership with eBay. "Mozilla and eBay International AG today announced they are working together to improve the online auction experience for people in France, Germany and the United Kingdom. Together, Mozilla and eBay are collaborating on new technology and approaches to enable eBay users to stay up to date with their auctions more easily from within Firefox regardless of where they are on the Web."

MozillaZine predicts how the technology will be accomplished in the Firefox browser. "No more specific information has been released but further details are promised in the second quarter of this year. However, an extension that allows users to track eBay auctions from within Firefox seems a likely possibility."

Comments (none posted)

Red Hat's gross income grows, net disappoints (Linux-Watch)

Linux-Watch looks at Red Hat's financial results for the fiscal year. "Red Hat Inc. reported its financial results today for its fourth fiscal quarter and full fiscal year, both of which ended Feb. 28. While total revenue was up, the market was disappointed at the report that net income for the quarter fell about 25 percent year-over-year. Specifically, Q4 net income dropped from $28.75 million (13 cents per share) in 2006 to $21.5 million (10 cents per share) in 2007. Total revenue for the quarter was $111.1 million, an increase of 41 percent year-over-year and up 5 percent from the prior quarter. Subscription revenue was $95.9 million, up 44 percent year-over-year and 8 percent sequentially."

Comments (none posted)

Customers happy with Red Hat/JBoss connection (LinuxWorld)

LinuxWorld looks at Red Hat's acquisition of JBoss, nearly one year later. "Customers seem to like the acquisition, since many Red Hat customers were already JBoss users and can consolidate their vendor base with ease. Red Hat now offers a single subscription product, Red Hat Application Stack, that includes JBoss and Red Hat Enterprise Linux, along with the Apache Web server, the PHP and Perl languages, and the open-source databases MySQL and PostgreSQL."

Comments (none posted)

Legal

CAN-SPAM Act - Is it working? You Decide. (Linux Journal)

Linux Journal's Tom Adelstein considers the effectiveness of the CAN-SPAM act. "As I delete spam from my Gmail spam folder, I notice the volumes increasing. A year ago, I would see about five to ten emails a day in that folder. This morning, I woke up to 56 items. The volume of spam has grown, no doubt. The acronym CAN-SPAM comes from the Congressional legislation's name: Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003. The FTC has the responsibility of policing the Act. Of course, we all know what that means, the FTC will do little or nothing to enforce the legislation."

Comments (none posted)

Defence statement released in Israeli GPL test (Linux.com)

Linux.com reports that the GPL is being tested in Israeli court. "The defence in the Jin vs. Ichessu case, in which the GNU General Public License (GPL) is being tested in Israeli court, has filed a detailed defence, which moves the lawsuit from the fast-track short proceedings option into a regular court, where arguments are longer and possible settlements are unlimited. More importantly for the free and open source software community, the case now seems to hinge either on interpretations of the GPL or whether the GPL is valid under Israeli copyright law."

Comments (8 posted)

Interviews

Albert Astals Cid (People Behind KDE)

Here's a People Behind KDE interview with Albert Astals Cid. "In what ways do you make a contribution to KDE? I'm KPDF, Blinken and KGeography mantainer. I am the KDE liaison and one of the main developers of the Poppler project (a Freedesktop.org library for rendering PDF files). I am part of the okular project, that aims to give KDE 4 the best unified document viewer around. I'm working on a few new applications like Kombination (a scrabble game), PDF Transformer (a pdftk frontend) and Kiriki (a Gtali clone). Finally i'm quite active on the KDE-Edu and kdegames projects doing some maintenance work." (Found on KDE.News)

Comments (none posted)

Orbiting Debian: Interview with Bdale Garbee (Tux Deluxe)

Tux Deluxe has an interview with Bdale Garbee, Chief Technologist for Open Source & Linux at Hewlett-Packard, and a former Debian Project Leader. "The role of Bdale Garbee at HP involves advising the company on both the technology and community aspects of Linux and open source. He mentors internal HP departments on how to productively participate in the free software development process, and encourages the adoption of open source software and principles across the company. A contributor to the free software community for more than twenty-five years, his background also includes many years of hardware design, UNIX internals, and embedded systems work. He was an early participant in the Debian project, helped port Debian GNU/Linux to five architectures, and remains active in the Debian community."

Comments (3 posted)

An Interview with KDE-Edu Developers (KDE.News)

KDE.News interviews KDE-Edu project developers Carsten Niehaus, Albert Astals Cid and Anne-Marie Mahfouf. "The KDE-Edu developers are developing high-quality educational software for the K Desktop Environment. Their primary focus is on school children aged 3 to 18, and the specialised user interface needs of young users. However, they are also have programs to aid teachers in planning lessons, and others that are of interest to university students and anyone else with a desire to learn!"

Comments (none posted)

Portrait: GNOME Foundation's Dave Neary (Linux.com)

Joe 'Zonker' Brockmeier takes a look at Dave Neary. "Neary says his introduction to free software came later, while he was working on a postgraduate research project at Dublin City University in Dublin, Ireland. "The project I was working on wouldn't compile or run properly under Windows (something about the paging in the memory model) so I was doing must of my work remotely through xterms on the department's Sun workstations. Emmet Caulfield convinced me that I'd be better off with my own personal Linux workstation, so I finally gave in and bought Linux for Dummies, which included an install CD for Red Hat 5.0.... A month later, I was up and running with my new shiny FVWM 95 desktop.""

Comments (none posted)

Resources

Linux Gazette #137

The April edition of Linux Gazette is out. Articles include Cursor Appearance in the Linux Console, Getting Started with Linux Mint, Measuring Congestion Windows of TCP Senders, Rule-based DoS attacks prevention shell script and much more.

Comments (none posted)

The April, 2007 Netcraft Web Server Survey

Netcraft has published the April, 2007 edition of the Web Server Survey. "This month the Web Server Survey adds public tracking of lighttpd, an open source server designed for high-performance sites that has been gaining popularity in recent months. Lighttpd is currently detected on 1.38 million sites for a 1.2% share of the web server market, well ahead of Zeus and moving up quickly on Sun. Lighttpd has a relatively small memory footprint and is optimized for a large number of parallel connections, which has made it popular on sites using applications based on AJAX or Ruby on Rails, or hosting environments for virtual private servers."

Comments (none posted)

OpenOffice.org Calc functions, part 1: Understanding functions (Linux Journal)

Bruce Byfield introduces OO.o Calc functions in part one of a Linux Journal article series. "A function is a pre-defined calculation entered in a cell to help you analyze or manipulate data in a spreadsheet. All you have to do is add the arguments, and the calculation is automatically made for you. Beginners might be content to use Calc for lists, but, for advanced users, functions are the main reason for spreadsheets. If you understand functions, then you can start to use the real power of a spreadsheet. In Part 1 of this article, I'll give a brief overview of functions and how they operate."

Comments (1 posted)

Reviews

GNOME 2.18 shows incremental improvement (Linux.com)

Linux.com reviews GNOME 2.18. "To get into full GNOME 2.18 mode, I installed the Ubuntu Feisty beta, which includes GNOME 2.18, and also test-drove the Foresight Linux release that includes 2.18. I found that the bump from 2.16 to 2.18 is pretty gentle. You're not going to find many differences in this release that really stand out -- it takes some looking."

Comments (30 posted)

Pogo Linux introduces NAS appliance (Computer Technology Review)

Computer Technology Review takes a look at the Pogo Linux StorageDirector 3000, which comes in 4, 8 and 12 Terabyte versions. "Pogo Linux Inc., a provider of Linux-based servers, workstations and storage systems, has announced the release of its StorageDirector 3000 series NAS (network attached storage) appliance. The StorageDirector 3000 Series simplifies networked storage management, while providing NAS and iSCSI (Internet SCSI) functionality to meet increasingly complex customer needs at a small and medium business (SMB) price point, Pogo Linux said last week."

Comments (none posted)

Samba 3 preview release behaves more like Windows (SearchEnterpriseLinux.com)

SearchEnterpriseLinux.com looks at Samba 3.0.25. "The latest code changes and improvements to Samba 3.0.25 weren't overly dramatic, said the project's release manager, but the subtle changes do push things along toward a scheduled production release in early April. The changes also push Samba 3 along its path toward making Linux machines behave a bit more like Windows, said Samba release manager Jerry Carter."

Comments (none posted)

Review: System 76 Darter laptop (Linux.com)

Joe 'Zonker' Brockmeier reviews the Darter laptop from System 76. "With the exception of my trusty ThinkPad, the Darter is one of the sturdiest laptops I've had the pleasure of using. The laptop's chassis construction feels solid, and the screen does not flex much when you open and close it from a corner. The review system I received included a Intel Core 2 Duo T7200 CPU, 1GB of system RAM, an Intel GMA 950 video chipset, Intel integrated audio and 802.11 a/b/g wireless Ethernet adapter, and a dual-layer DVD-RW/CD-RW drive. The system also includes a 10/100 Ethernet port, a single PCI Express card slot, a memory card reader, and a FireWire port with a mini FireWire connector."

Comments (none posted)

Taking XenExpress for a Spin (MontanaLinux.org)

Scott Dowdle reviews XenExpress on MontanaLinux.org. "According to the XenSource About page, "XenSource plays the dual role of leading the open source Xen(tm) community, while simultaneously selling value-added enterprise solutions based on Xen technology." The first part of that leads to various Linux distro makers integrating Xen into their distributions (like SUSE, Red Hat/clones, and Fedora). For the second part of that, XenSource currently offers a product line which includes XenExpress, XenServer and XenEnterprise. Of the three offerings, XenExpress is designed to be the entry level product and is free."

Comments (none posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

Second discussion draft of LGPLv3 released

A new discussion draft for version 3 of the GNU Lesser General Public License (LGPLv3) is out. "Since the license is currently written as a set of additional permissions on top of GPLv3, a number of terms have been updated to reflect changes in the GPLv3 draft released last week. Additionally, we have made a few small adjustments to clarify particular requirements."

Full Story (comments: none)

Mandriva participates in Intel's Classmate PC project

Mandriva has sent out a press release announcing that it is working with Intel on its competitor to the OLPC. "Mandriva and Intel spent eight months customizing the Mandriva Linux operating system for Classmate PC, including integrating drivers and adapting applications specially developed for this project. Classmate PC will be produced in Brazil and launched in the second quarter of 2007. Following the launch, Classmate PCs running Mandriva Linux 2007 will be available to Mexico, India and developing countries."

Full Story (comments: 8)

Commercial announcements

Ampro PCI-104 CPU Breaks the 1 GHz Barrier

Ampro Computers, Inc. has announced announced a new PC/104 platform performance record. "Ampro Computers, Inc., a leading supplier of standards-based computer systems, single board computers (SBCs), and computer-on-modules (COMs), shatters the previously-impenetrable 1 GHz barrier for rugged PC/104-size modules while remaining true to form factor standards. In order for military, avionics, transportation, and industrial system manufacturers to leverage existing enclosures while upgrading performance, Ampro's new 1 GHz CoreModule(TM) 800 achieved a number of technological breakthroughs in fitting a complete CPU subsystem with I/O, PCI-104 bus expansion, and network interfaces without violating the required 3.550" x 3.750" (90 x 96 mm) board outline."

Comments (none posted)

Chelsio and AMCC demonstrate iSCSI storage solution

Chelsio Communications, Inc. and AMCC have announced a demonstration Gigabit Ethernet raid system. "The complete, low-cost GbE storage solution from client to storage server is running hardware accelerated RAID 5 on Linux. The storage server includes AMCC's 440SPe "Katmai" evaluation board featuring the PowerPC 440SPe storage processor with high performance hardware RAID computational capabilities. Mounted on the board is a 2x1 GbE T3 acceleration card from Chelsio acting as the iSCSI target and an LSI Logic SAS IOC card. The Katmai platform is connected to an 8-disk storage array."

Comments (none posted)

OpenVZ Virtualization for Latest Linux Kernel

The OpenVZ project has announced a version of its virtualization software for Linux kernel version 2.6.20. ""Linux 2.6.20 is also the basis for the next Ubuntu distribution, which potentially would enable us a smooth transition to add OpenVZ virtualization," said Kir Kolyshkin, manager of the OpenVZ project. "With this latest release of OpenVZ software, we've made a number of improvements to benefit our users in the open source community.""

Full Story (comments: none)

Open-Xchange Names New CEO and CTO

Open-Xchange Inc. has announced new CEO and CTO hires. "Open-Xchange Inc., the leading provider of open source collaboration software, today named Gerald Labie as the company's new CEO. The company also announced the appointment of Jurgen Geck to the position of CTO. The moves provide Open-Xchange with a seasoned management team to lead the company through a period of rapid growth."

Comments (none posted)

Paragon Software Launches New Version of NTFS for Linux

Paragon Software has announced the launch of Paragon NTFS for Linux 6.0. "The product’s purpose is to provide reliable, rapid and transparent read/write access to NTFS volumes under Linux. Among the new improvements and features in this release are complete support for 64 bit CPU architecture, Windows Vista NTFS file system, the latest Linux kernel and also includes performance enhancements."

Comments (none posted)

Penguin Computing Closes $9 Million in Series 2 Financing

Penguin Computing, Inc. has announced its latest venture capital financing. "Penguin Computing, the leader in Linux Cluster Virtualization, today announced that it has closed $9 million in Series 2 financing, led by vSpring Capital, with participation from existing investors, San Francisco Equity Partners, Weber Capital and Convergence Partners. The injection of funds will help Penguin Computing take advantage of the increasing demand for Linux High Performance Computing (HPC) solutions, both among its strong customer base in the commercial, government and academic fields, and beyond to rapidly expanding enterprise markets such as web infrastructure."

Comments (none posted)

TimeSys Announces Edward Nash as Vice President of Engineering

TimeSys has announced the appointment of Edward Nash as vice president of engineering. "Ed will be responsible for the development and deployment of TimeSys technologies, supporting the company's goal of delivering on-demand access to continuously updated processor-optimized Linux packages, components and tools for embedded Linux developers who build and assemble their own commercial-grade custom Linux platforms."

Full Story (comments: none)

XenSource releases XenEnterprise 3.2

XenSource has announced the release of XenEnterprise 3.2, its commercial server virtualization solution. "The new release, XenEnterprise 3.2, enables deployment of additional Windows and Linux versions, and enhances the power and flexibility of Windows guests via SMP support. XenEnterprise 3.2 also delivers greater security and performance, enhanced resource management capabilities, iSCSI SAN support, and improvements in manageability and serviceability."

Comments (none posted)

New Books

Release It! - New from the Pragmatic Programmers

Pragmatic Programmers has published the book Release It! Design and Deploy Production-Ready Software by Michael T. Nygard.

Full Story (comments: none)

Contests and Awards

Sahana wins the 2006 social benefit award

Free Software Foundation has announced the Sahana project as the winner of its Award for Projects of Social Benefit. "Sahana, an entirely volunteer effort to create technology for managing large-scale relief efforts, is the recipient of the 2006 Free Software Foundation Award for Projects of Social Benefit. Sahana was created, in the wake of the tsunami that devastated Southeast Asia in 2004, to compensate for the devastating consequences of a government attempt to manually manage the process of locating victims, distributing aid and coordinating volunteers." (Thanks to Krishna Pagadala).

Comments (none posted)

Surveys

OpenSUSE network settings survey

OpenSUSE is holding a survey on network settings, the survey is open until April 20, 2007.

Full Story (comments: none)

Education and Certification

O'Reilly School of Technology Opens its Virtual Doors

O'Reilly has launched the O'Reilly School of Technology. "The O'Reilly School of Technology bases its courses on the premise that for people to learn any skill they must immerse themselves in the skill and practice. The school employs an online learning technique called "useractive learning" in which the student or "user" is actively engaged in building and creating projects while the instructional material is presented. There are no presentation-heavy videos and simulations to sit through. Instead, the courses feature tutorial-style content and Learning Sandboxes(r) that contain easy-to-use, real, open programming environments in which the students try examples and work on projects."

Full Story (comments: none)

Upcoming Events

Gelato ICE technical program announced

The technical program for the Gelato ICE conference & expo has been announced. The event takes place in San Jose, CA on April 15-18, 2007. "Program tracks include: multi-core programming, IA-64 Linux kernel work, virtualization, tools and tuning, topics for enterprise, GCC improvements, and cutting-edge research. Linux keynote speakers will be Andrew Morton, Maintainer of the Linux 2.6 Kernel, and Wim Coekaerts, Senior Director for Linux Engineering at Oracle. You will also not want to miss the presentation from Intel's James Fister outlining the latest, yet to be disclosed, Itanium processor roadmap."

Full Story (comments: none)

Rockbox International Developers Conference 2007

The Rockbox International Developers Conference 2007 will take place in Stockholm, Sweden on May 19 and 20, 2007. "We thought we'd get together for a two-day Rockbox hacking session, and that it would be cool if there were some other Rockbox devs who would drop by and share the fun."

Full Story (comments: none)

Events: April 12, 2007 to June 11, 2007

The following event listing is taken from the LWN.net Calendar.

Date(s)EventLocation
April 12
April 14		 International Free Software Forum (Forum Internacional Software Livre) Porto Alegre, Brazil
April 14
April 15		 Ruby and Python Conference 2007 Poznan, Poland
April 15
April 18		 Gelato ICE: Itanium® Conference & Expo San Jose, California, USA
April 17
April 19		 Embedded Linux Conference San Jose, USA
April 18
April 20		 CanSecWest Applied Security Conference 2007 Vancouver, Canada
April 19 Linux 2007 Lisbon, Portugal
April 19 Power Architecture Software Summit Austin, TX, USA
April 20
April 22		 International Conference on Availability, Reliability and Security Conference on Availability, Reliability and Security Vienna, Austria
April 20
April 22		 Penguicon 5.0 Open Source Software & Science Fiction Convention Troy, Michigan, USA
April 21 Romanian Open Source Development Meeting Bucharest, Romania
April 23
April 25		 Samba eXPerience 2007 Göttingen, Germany
April 23
April 27		 PostgreSQL Bootcamp at the Big Nerd Ranch Atlanta, USA
April 23
April 26		 MySQL Conference and Expo Santa Clara, CA, USA
April 28
April 29		 Linuxfest Northwest Bellingham, WA, USA
May 3
May 4		 Ubuntu Education Summit Sevilla, Spain
May 3
May 5		 SugarCRM Global Developer Conference San Jose, CA, USA
May 4
May 6		 Libre Graphics Meeting 2007 Montreal, Quebec, Canada
May 5
May 6		 LayerOne Security Conference Pasadena, CA, USA
May 5 Ubucon - Sevilla Sevilla, Spain
May 6
May 11		 Ubuntu Developer Summit Sevilla, Spain
May 7 CommunityOne San Francisco, CA, USA
May 8
May 9		 World Summit on Intrusion Prevention Baltimore, MD, USA
May 8
May 11		 Annual Java Technology Conference San Francisco, CA, USA
May 8
May 11		 OSHCA 2007 Kuala Lumpur, Malaysia
May 9
May 11		 Red Hat Summit San Diego, CA, USA
May 10
May 11		 IEEE International Workshop on Open Source Test Technology Tools Berkeley, CA, USA
May 10 NLUUG Spring Conference 2007 Ede, The Netherlands
May 11
May 13		 Conferenze Italiana sul Software Libero Cosenza, Italy
May 12
May 13		 KOffice ODF Weekend Berlin, Germany
May 14
May 25		 The Pure Data Spring School 2007 Glasgow, Scotland
May 16
May 18		 php|tek Chicago, IL, USA
May 17
May 20		 RailsConf 2007 Portland, Oregon
May 18
May 19		 eLiberatica Open Source and Free Software Conference Brasov, Romania
May 18
May 19		 FreedomHEC Los Angeles, CA
May 18
May 19		 BSDCan 2007 Ottawa, Canada
May 19
May 20		 The 3rd International Workshop on Software Engineering for Secure Systems Minneapolis, Minnesota, USA
May 19
May 20		 Rockbox International Developers Conference 2007 Stockholm, Sweden
May 19 Grazer LinuxDays 2007 Graz, Austria
May 19
May 20		 Make Magazine Maker Faire 2007 San Mateo, CA, USA
May 19 Linuxwochen Austria - Graz Graz, Austria
May 21
May 23		 International PHP 2007 Conference Stuttgart, Germany
May 21
May 25		 Python Bootcamp with David Beazley Atlanta, USA
May 22
May 23		 Open Source Business Conference San Francisco, USA
May 22
May 24		 Linux Days 2007, Geneva Geneva, Switzerland
May 23
May 24		 PGCon 2007 Ottawa, ON, Canada
May 25 Linuxwochen Austria - Krems Krems, Austria
May 26 PAKCON III Karachi, Pakistan
May 29
May 30		 Where 2.0 Conference San Jose, CA, USA
May 29
May 31		 European ADempiere Developers Conference Berlin, Germany
May 29
May 30		 I FLOSS CONFERENCE RESISTENCIA Resistencia, Argentina
May 30
June 2		 Linuxtag Berlin, Germany
May 30
June 1		 3rd UNIX Days Conference - Gdansk 2007 Gdansk, Poland
May 30
June 1		 Linuxwochen Austria - Wien Wien, Austria
June 2
June 3		 Journées Python Francophones Paris, France
June 9
June 10		 PyCon Uno - First Python Italian conference Florence, Italy
June 10
June 15		 DebCamp Edinburgh, Scotland
June 10 Pluto Meeting 2007 Padova, Italy

If your event does not appear here, please tell us about it.

Web sites

Launchpad 1.0 Beta Released

Canonical has announced the release of Launchpad 1.0 Beta, a web-based collaboration service. "Collaboration is crucial to free software projects, but has traditionally been difficult across communities that use different tools which don't easily exchange information. Launchpad's new approach links data from a variety of project-specific sources in different communities and presents it in a unified interface, bringing those communities closer together to solve common problems such as bugs in shared code. This public beta includes a redesigned interface that allows projects to brand their presence in the system and highlights the current activity of project members, making it easier to keep track of the latest changes."

Comments (31 posted)

Audio and Video programs

Transcript of RMS on GPLv3 draft 3

The Free Software Foundation Europe has released a transcript and audio from a talk by Richard Stallman on the third draft of the GPLv3 license. "This was his first GPLv3 talk since the release of draft 3 and he explains how the Novell-MS deal was tackled and how the tivoisation clause was narrowed to make it more acceptable."

Full Story (comments: none)

Web 2.0 Podcast: What the desirable demographic wants (O'ReillyNet)

O'Reilly presents a new podcast from the Where 2.0 conference. "One of the most enjoyable sessions at last year's was Safa Rashtchy's panel with a variety of teens. This year Rashtchy, a managing director for Piper Jaffray, is back with more teens and this time he includes their parents as well. You can download the audio as an mp3 or download the video as an mp4, or you can subscribe to the audio podcast or to the video podcast."

Comments (none posted)

Page editor: Forrest Cook


Copyright © 2007, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds