Geographic display and input using Marble

At first glance, the KDE Marble project might look like a competitor to other 3D mapping applications, like Google Earth or NASA's World Wind, but it has a very different focus. It has a similar globe view and the navigation is familiar, but, unlike the others, it does not rely upon enormous data sets accessed via the internet; it is, instead, self-contained and fairly lightweight. The intent is to provide a framework for other applications to use so they can incorporate geographic information, while the Marble application is a demonstration and testbed for those ideas.

The project wants to see Marble used by many different applications, both for input of geographic information and for presenting it. The project lives under the KDE Education Project as one of the applications for Marble is for geographic learning. Many other applications could use a standard framework for displaying maps of various sorts, from games, using their own, possibly fictional maps, to GPS and other visualization tools.

Marble does not rely on OpenGL or any hardware support for 3D, in order to reduce complexity and dependencies, which will serve it well when porting it to embedded devices. The dataset that comes with the program weighs in around 9M and provides reasonable, worldwide, detail. The interface is meant to work like other geographic tools to provide a "geo-widget" that behaves the way users expect, removing one barrier to its acceptance.

The project recently released its 0.4 version, which was easily installed on Fedora 7 using yum. When starting it for the first time, it goes through a setup process, lasting for 30 seconds or so (depending on hardware, of course), but after that, startup is very quick. It opens with a spherical projection view of the earth along the prime meridian allowing users to grab and rotate the earth in various directions.

The navigation is simple, with zoom and pan buttons in addition to the "grab and pull" style. One can also pan the view by moving the mouse to the edges of the display and clicking once the pointer has changed to an arrow indicating a direction. Left-clicking on the map will give the coordinates of the location, whereas right-clicking brings up a menu allowing a few operations to be performed. While not horribly painful, moving around is a bit jerky, tracking noticeably slower than the mouse pointer moves.

The default theme is the atlas view, which looks much like the name implies, with colors and relief shading to represent elevation and ocean depth. Other themes available include a satellite view, using NASA Blue Marble data providing 500 meter per pixel resolution, as well as an "earth at night" view showing populated areas by the amount of light they give off. The information overlaid on the map contains political boundaries, cities keyed by population, lakes and rivers, notable mountains, and a latitude/longitude grid, each of which can be disabled as desired.

Many of the map features can be clicked to bring up information about the location, both from the program data and Wikipedia. The main right-click option is a distance tool, which measures the distance between the two (or more) points. Marble also handles standard GPS .gpx data files, along with support for Google Earth's KML format. Overall, this release provides a limited subset of the capabilities eventually envisioned for the tool.

The main thrust of the 0.5 release is to fully integrate the contributions from three Google Summer of Code (GSoC) students. Improving the KML support, adding gpsd support to talk to to GPS devices, and "flat" projections were completed by the GSoC participants. They have not been fully integrated into the interface for 0.4, but will be for the next release.

Longer term plans include adding support for data from OpenStreetMap, a Wikipedia-like project to map streets and roads worldwide. The project also plans to offer optional OpenGL support to enable hardware acceleration for applications and users who want it. Better resolution satellite data is another area that will be addressed by adding Landsat 15m data.

Marble shows a lot of promise, the current release is stable and useful, though it lacks many features. The key to its success, as a library and framework as opposed to an application in its own right, is in defining an API that is flexible enough for most applications. If the project can get that right, there are lots of ways to use it. Once an API stabilizes, we can expect to see Marble-enabled applications, hopefully soon.

Comments (8 posted)

Mozilla forming new company for Thunderbird

Mozilla has made its decision and will be spinning off Thunderbird into a new organization. Back in August, we covered a discussion about the future of the Thunderbird project, which was spawned by a series of postings in the blog of Mitchell Baker, CEO of Mozilla Corp. At that time, it was recognized that Thunderbird was suffering from a lack of attention, mostly because of an intense focus on Firefox. This week, Baker announced that the results of that discussion were to start a new for-profit company to nurture Thunderbird.

The new company, as yet unnamed and referred to as "MailCo", will start with three million dollars in seed money from Mozilla. The intent is to use that money to hire a small team to foster email and internet communications through Thunderbird. To that end, they have hired David Ascher, currently CTO at ActiveState, as the CEO of the new company.

Ascher also posted a blog entry about the new organization, providing some insights into the role of MailCo:

The biggest job for Ascher and MailCo will be to determine what, exactly, Thunderbird should be. From the comments on Baker's blog and elsewhere, it is clear that there is no consensus on what an email client should and should not do. There are many constituencies; trying to please them all is likely to please none.

There are lots of questions about integration of email with other internet services: instant messages, RSS feeds, VoIP, etc. There are also questions of local vs. remote message storage and web vs. host-based clients. Each has its advantages and disadvantages along with a vocal set of users. If MailCo starts moving in a particular direction, to the detriment of supporting others, they may lose some significant portion of their [PULL QUOTE: While profit may not be a requirement, some kind of potentially sustainable business model will probably have to be established. END QUOTE] user base. But a decision will have to be made in order to concentrate their efforts; it will be hard to find the right balance.

While profit may not be a requirement, some kind of potentially sustainable business model will probably have to be established. It is hard to imagine that Mozilla will keep pumping money into the company, though Baker makes it clear that they will consider further investment. Thunderbird does not have the obvious 'sell eyes to Google' model that Firefox has so successfully used; it directly competes with Google and other, similar, ad-supported mail sites.

For various reasons, Thunderbird has never had a large development community in the way that Firefox or other free software projects do. There is a core group of developers, presumably strong candidates to be hired on at MailCo, but in order for the project to succeed, it will need a bigger army of volunteers. There can be friction between paid developers and volunteers, especially if the volunteers feel like they aren't being heard. Growing and working with the development community will be an important part of MailCo's first year or two.

Many folks point to the stagnation of the main competition, Outlook, and liken it to the situation, several years back, with Firefox and Internet Explorer. There are some similarities, but there is also one big difference: Exchange. It is relatively easy for a user to change their desktop applications, even in a controlled workplace environment, but companies are unlikely to toss out their Exchange servers anytime soon. Because Microsoft completely controls the mail client to Exchange server protocol, Thunderbird will have a hard time being a drop-in replacement, in the way that Firefox is. One possibility would be to work with Openchange or similar Exchange replacement projects to provide an end-to-end solution for the enterprise.

Obviously there are some challenges ahead, for email clients in general and for Thunderbird in particular, but there is reason for optimism as well. Many did not expect Firefox to achieve the level of adoption that it has – it has made remarkable inroads against an entrenched competitor – and many of the same folks are behind the effort to give Thunderbird a push. Though it may seem like Mozilla is kicking Thunderbird out of the nest, they are actually giving it some resources so that it has a chance to fly. It certainly will not suffer under an organization devoted solely to its development.

Comments (10 posted)

The case of the unwelcome attribution

A couple of weeks ago, LWN examined the dispute with the OpenBSD project over the copyright notices placed in (and removed from) the versions of the Atheros wireless network driver intended for eventual merging into the mainline Linux kernel. At that time, the files with the improperly removed license text had never made it anywhere near the mainline repository and an effort was being made to fix the problem. It really seemed like the whole issue should end then.

So why does a perusal of the OpenBSD lists (and, often, unfortunately, linux-kernel as well) turn up gems like these?

-- Jason Dixon

-- J.C. Roberts

-- Can E. Acar

One might well think that the whole issue is still open. In fact, much of the dispute has gone by the wayside. The files with the improperly removed copyright notices never were going to make it to the mainline. The allegations by Theo de Raadt that taking a dual-license notice at its word was illegal have been pretty well laughed off; the OpenBSD camp is no longer asserting that claim. In fact, there is really only one point of dispute left:

• The OpenBSD developers do not believe that developers Nick Kossifidis and Jiri Slaby should have added their own copyright attributions to the file ath5k_hw.c. Those two developers, it is claimed, have not done enough work on that file to have earned any copyright claims there.

For this offense, the OpenBSD community continues to flame, threaten lawsuits, and more. It seems that the developers named above should simply add some original haiku to the opening comments so that their right to claim copyright to portions of the file would be indisputable. Even in the absence of bad poetry, these developers have done some small amount of work and will certainly do more to get the code ready for Linux inclusion. Threatening legal action as a way of keeping them from adding their own attribution to the file seems gratuitous.

Part of what is going on here may be a simple culture clash. It seems that, in the BSD world, the adding of a copyright attribution to a file is usually done with the permission of the existing copyright holders. For a developer to just patch an attribution can come across as being a bit rude. In the Linux community, instead, developers simply add a copyright if they feel they have done enough work to justify it. It is hard to come up with cases where these attributions have gone in without merit.

Eben Moglen's one public contribution to this conversation includes this paragraph:

That is clearly what is going on here - this discussion is certainly happening on a strongly emotional level. But it must be said that the most harsh language seems to be flowing in one direction: from OpenBSD toward Linux. This was also true when the situation was reversed and an OpenBSD developer was found to have improperly relicensed some Linux code. In both cases (and in others) there is a clear sense that the OpenBSD people feel wronged by Linux.

One might well wonder why this is the case. To an extent, OpenBSD developers may be following the tone set by that project's leader. They may be irritated by the licensing asymmetry: BSD-licensed code can be incorporated into a GPL-licensed project, but GPL-licensed code cannot be brought into a BSD-licensed project. Or perhaps they feel that their system has been unfairly upstaged by an inferior rival. Whatever the reason, there is a certain hostility emanating from that camp which is unpleasant to see.

It would be a mistake, however, to let the public flaming obscure the fact that Linux and the BSD variants have much in common. There is certainly no shortage of Linux proponents whose "advocacy" makes our community look bad. BSD will have people like that too. Meanwhile, behind the scenes, there is a great deal of good will, information, and code which flows in both directions. We are all working toward the same ends, and there are plenty of places where we can learn from the BSD communities. This incident will pass, and hot heads will cool - before, undoubtedly, heating up again on a different topic - but, through it all, free software will just continue to get better.

Comments (34 posted)

Exploiting symlinks and tmpfiles

"Insecure tmpfile creation" and "arbitrary file overwrite using symlinks" (and other similar names) are commonly seen vulnerabilities listed in the LWN daily security update. The problems are related in many ways and can be very serious, with damage ranging from corrupted files to full takeover of a vulnerable system. By and large, they are easy to avoid, so it is disheartening to see them crop up time and time again.

Typically, these kinds of attacks exploit race conditions, where correct functioning depends, inappropriately, on the order of operations between two or more processes in the system. The classic example is a program that checks for the existence of a file, in a directory writable by others, before opening it, to avoid overwriting an existing file. An attacker can arrange, usually through repeated attempts, to create the file just after the existence check and before the open. The vulnerable program's author made an incorrect assumption about what else could be going on in the system, which allows the attacker's program to race with it.

At first blush, it doesn't seem particularly harmful for a program to mistakenly overwrite the attacker's carefully inserted file. After all, the victimized program will probably just truncate the file before writing whatever data it had planned. This is where symbolic links (symlinks) come into play.

Symlinks are just an alias for an entry in the filesystem which can be created by anyone with write access to the directory where the symlink will reside. The target of the symlink can be most any string, normally they are the path to the target of the alias, but there is no requirement that the target exist. More importantly, there is no check that the process which creates the symlink has access rights to the target. When operations are performed on a symlink, the filesystem layer follows the pointer to the actual file, checking the permissions on the inode of that file.

What that means is that any random Linux user can create a symbolic link from /tmp/foo to /etc/passwd, though they will not be able to write to the former, because the permissions on the latter do not allow it. But, privileged programs, either setuid or those run as root, do have the proper permission. If they open and write to /tmp/foo, they have just corrupted the password file.

Vulnerable programs aren't usually quite that simple, but they do use predictable filenames or patterns. If an attacker knows that the administrator often runs a vulnerable program or script, which writes to /tmp/fooNNNNN where NNNNN is a random number, they can run a program which continuously makes links from those filenames to some file they wish to corrupt. If their program happens to generate the right link at the right time, the corruption succeeds. Normally, a program that creates a temporary file will delete it when it is done executing, but for symlinks that just removes the link, leaving the file that was pointed to with the whatever contents were written.

A setuid program provides even more opportunities for exploitation as the attacker can run it many times, under his control, while running other programs that create the symlinks. If the attacker can control, via input to the program, what gets written, the problem becomes worse still, quite possibly leading to complete compromise of the system. The scenarios for abusing this kind of hole are endless.

It doesn't necessarily have to be a temporary file that gets exploited, any file that gets opened in a directory that is writable by others can potentially be symlinked elsewhere. This can lead to unexpected results for reads, or corruption of unexpected files for writes. These types of vulnerabilities can be used when a regular user login (or system user like 'apache') is compromised, by an exploit or password disclosure, to further compromise the system. Some may be difficult to exploit reliably, but the consequences are such that it may be worth the effort.

As always, David Wheeler's Secure Programming for Linux and Unix HOWTO is an excellent resource for avoiding these kinds of problems. The basic idea is to avoid the race by using atomic filesystem operations or, for tmpfiles, mkstemp(). When creating files, ensure that the open() call uses O_CREAT | O_EXCL which will fail if the file already exists. Another important note is that a program should not close and reopen files that live in shared directories, instead they should be left open until the program is done with them.

These kind of problems have been around for twenty years or more, but still keep cropping up, which is a good indication that many programmers aren't following secure coding practices. Whenever one is writing code that is opening files, which is, after all, a very common operation, some consideration should be given to symlink/tmpfile vulnerabilities. With some perseverance, these kinds of vulnerabilities could become a thing of the past.

Comments (11 posted)

cacti: denial of service

Package(s):	cacti	CVE #(s):	CVE-2007-3112 CVE-2007-3113
Created:	September 18, 2007	Updated:	December 16, 2009
Description:	A vulnerability in Cacti 0.8.6i and earlier versions allows remote authenticated users to cause a denial of service (CPU consumption) via large values of the graph_start, graph_end, graph_height, or graph_width parameters.
Alerts:	Debian DSA-1954-1 cacti 2009-12-16 Fedora FEDORA-2008-1737 cacti 2008-02-15 Fedora FEDORA-2007-3683 cacti 2007-11-22 Fedora FEDORA-2007-2199 cacti 2007-09-18 Mandriva MDKSA-2007:184 cacti 2007-09-17

Comments (none posted)

kvirc: remote arbitrary code execution

Package(s):	kvirc	CVE #(s):	CVE-2007-2951
Created:	September 14, 2007	Updated:	February 27, 2008
Description:	Stefan Cornelius from Secunia Research discovered that the "parseIrcUrl()" function in file src/kvirc/kernel/kvi_ircurl.cpp does not properly sanitize parts of the URI when building the command for KVIrc's internal script system.
Alerts:	SuSE SUSE-SR:2007:015 PHP, moodle, tomcat5, lighttpd, asterisk, libarchive, xpdf, evolution, kvirc, wireshark, gd, opera, clamav, gimp 2007-08-03 Gentoo 200709-02 kvirc 2007-09-13

Comments (none posted)

mediawiki: cross-site scripting

Package(s):	mediawiki	CVE #(s):	CVE-2007-4828
Created:	September 19, 2007	Updated:	September 19, 2007
Description:	The API pretty-printing mode in mediawiki suffers from a cross-site scripting vulnerability. Only sites which have enabled the API interface are vulnerable. See this advisory for more information.
Alerts:	Fedora FEDORA-2007-2189 mediawiki 2007-09-18

Comments (1 posted)

openoffice.org: arbitrary code execution via TIFF images

Package(s):	openoffice.org	CVE #(s):	CVE-2007-2834
Created:	September 17, 2007	Updated:	June 12, 2008
Description:	A heap overflow vulnerability has been discovered in the TIFF parsing code of the OpenOffice.org suite. The parser uses untrusted values from the TIFF file to calculate the number of bytes of memory to allocate. A specially crafted TIFF image could trigger an integer overflow and subsequently a buffer overflow that could cause the execution of arbitrary code.
Alerts:	Fedora FEDORA-2008-5239 openoffice.org 2008-06-11 Fedora FEDORA-2008-4104 openoffice.org 2008-05-17 Gentoo 200710-24 openoffice 2007-10-23 Ubuntu USN-524-1 openoffice.org/-amd64 2007-10-04 Fedora FEDORA-2007-2372 openoffice.org 2007-10-03 SuSE SUSE-SA:2007:052 OpenOffice_org 2007-09-21 Mandriva MDKSA-2007:186 openoffice.org 2007-09-17 rPath rPSA-2007-0189-1 openoffice.org 2007-09-18 Foresight FLEA-2007-0056-1 openoffice.org 2007-09-18 Fedora FEDORA-2007-700 openoffice.org 2007-09-18 Red Hat RHSA-2007:0848-01 openoffice.org 2007-09-18 Debian DSA-1375-1 openoffice.org 2007-09-17

Comments (none posted)

phpwiki: authentication bypass

Package(s):	phpwiki	CVE #(s):	CVE-2007-3193
Created:	September 19, 2007	Updated:	September 19, 2007
Description:	Versions of phpwiki prior to 1.3.14 suffer from an authentication bypass vulnerability when using an LDAP server containing an account with an empty password.
Alerts:	Gentoo 200709-10 phpwiki 2007-09-18

Comments (1 posted)

qt: buffer overflow

Package(s):	qt	CVE #(s):	CVE-2007-4137
Created:	September 14, 2007	Updated:	December 10, 2007
Description:	A buffer overflow was found in how Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or potentially allow for the execution of arbitrary code.
Alerts:	Debian DSA-1426-1 qt-x11-free 2007-12-08 Gentoo 200710-28 qt 2007-10-25 rPath rPSA-2007-0204-1 qt 2007-10-03 Foresight FLEA-2007-0059-1 dist 2007-10-04 SuSE SUSE-SR:2007:019 star, cpio, emacs, krb5, pptpd, mysql, qt3, balsa, id3lib 2007-09-28 Ubuntu USN-513-1 qt-x11-free 2007-09-18 Fedora FEDORA-2007-703 qt 2007-09-18 Fedora FEDORA-2007-2216 qt 2007-09-18 Mandriva MDKSA-2007:183 qt 2007-09-13

Comments (none posted)

quagga: denial of service

Package(s):	quagga	CVE #(s):	CVE-2007-4826
Created:	September 14, 2007	Updated:	October 25, 2010
Description:	The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers to cause a denial of service crash via a malformed OPEN message or COMMUNITY attribute.
Alerts:	Oracle ELSA-2012-1258 quagga 2012-09-13 CentOS CESA-2010:0785 quagga 2010-10-25 CentOS CESA-2010:0785 quagga 2010-10-20 Red Hat RHSA-2010:0785-01 quagga 2010-10-20 Debian DSA-1379-1 quagga 2007-10-01 Trustix TSLSA-2007-0028 fetchmail, quagga 2007-09-21 Fedora FEDORA-2007-2196 quagga 2007-09-18 Ubuntu USN-512-1 quagga 2007-09-15 Mandriva MDKSA-2007:182 quagga 2007-09-13

Comments (none posted)

streamripper: buffer overflow

Package(s):	streamripper	CVE #(s):	CVE-2007-4337
Created:	September 14, 2007	Updated:	December 9, 2008
Description:	Chris Rohlf discovered several boundary errors in the httplib_parse_sc_header() function when processing HTTP headers.
Alerts:	Debian DSA-1683-1 streamripper 2008-12-08 Gentoo 200709-03 streamripper 2007-09-13

Comments (none posted)

Kernel release status

The current 2.6 prepatch is 2.6.23-rc7, released by Linus on September 19. It contains a fair number of fixes and the return of the sk98lin driver. This should be the last prepatch before the final 2.6.23 release. See the long-format changelog for the details.

The current -mm release is 2.6.23-rc6-mm1. Recent changes to -mm include a patch to disable the timerfd() system call (to give time to work out what the API should actually be), randomization of the brk() system call on i386 and x86_64 systems, and lots of fixes.

Comments (none posted)

Quotes of the week

-- Andrew Morton launches 2.6.23-rc6-mm1

-- Richard Stallman

-- Linus Torvalds

Comments (5 posted)

Large pages, large blocks, and large problems

Most of the core virtual memory subsystem developers met for a mini-summit just before the 2007 Kernel Summit in Cambridge. They came away feeling that they had resolved a number of VM scalability problems. Subsequent discussions have made it clear that, perhaps, this conclusion was a bit premature. They may well have resolved things, but it is not clear that everybody came to the same resolution.

All of the issues at hand relate to scalability in one way or another. While the virtual memory subsystem has been through a great many changes aimed at making it work well on contemporary systems, one key aspect of how it works has remained essentially unchanged since the beginning: the 4096-byte (on most architectures) page size. Over that time, the amount of memory installed on a typical system has grown by about three orders of magnitude - that's 1000 times more pages that the kernel must manage and 1000 times more page faults which must be handled. Since it does not appear that this trend will stop soon, there is a clear scalability problem which must be managed.

This problem is complicated by the way that Linux tends to fragment its memory. Almost all memory allocations are done in units of a single page, with the result that system RAM tends to get scattered into large numbers of single-page chunks. The kernel's memory allocator tries to keep larger groups of pages together, but there are limits to how successful it can be. The file /proc/buddyinfo can be illustrative here; on a system which has been running and busy for a while, the number of higher-order (larger) pages, as shown in the rightmost columns, will be very small.

The main response to memory fragmentation has been to avoid higher-order allocations at almost any cost. There are very few places in the kernel where allocations of multiple contiguous pages are done. This approach has worked for some time, but avoiding larger allocations does not always make the need for such allocations go away. In fact, there are many things which could benefit from larger contiguous memory areas, including:

• Applications which use large amounts of memory will be working with large numbers of pages. The translation lookaside buffer (TLB) in the CPU, which speeds virtual address lookups, is generally relatively small, to the point that large applications run up a lot of time-consuming TLB misses. Larger pages require fewer TLB entries, and will thus result in faster execution. The hugetlbfs extension was created for just this purpose, but it is a specialized mechanism used by few applications, and it does not do anything special to make large contiguous memory regions easier for the kernel to find.

• I/O operations can work better with larger contiguous chunks of data to work with. Users trying to use "jumbo frames" (extra-large packets) on high-performance network adapters have been experiencing problems for a while. Many devices are limited in the number of scatter/gather entries they support for a single operation, so small buffers limit the overall I/O operation size. Disk devices are pushing toward larger sector sizes which would best be supported by larger contiguous buffers within the kernel.

• Filesystems are feeling pressure to use larger block sizes for a number of performance reasons. This message from David Chinner provides an excellent explanation of why filesystems benefit from larger blocks. But it is hard (on Linux) for a filesystem to work with block sizes larger than the page size; XFS does it, but the resulting code is seen as non-optimal and is not as fast as it could be. Most other filesystems do not even try; as a result, an ext3 filesystem created on a system with 8192-byte pages cannot be mounted on a system with smaller pages.

None of these issues are a surprise; developers have seen them coming for some time. So there are a number of potential solutions waiting on the wings. What is lacking is a consensus on which solution is the best way to go.

One piece of the puzzle may be Mel Gorman's fragmentation avoidance work, which has been discussed here more than once. Mel's patches seek to separate allocations which can be moved in physical memory from those which cannot. When movable allocations are grouped together, the kernel can, when necessary, create higher-order groups of pages by relocating allocations which are in the way. Some of Mel's work is in 2.6.23; more may be merged for 2.6.24. The lumpy reclaim patches, also in 2.6.23, encourage the creation of large blocks by targeting adjacent pages when memory is being reclaimed.

The immediate cause for the current discussion is a new version of Christoph Lameter's large block size patches. Christoph has filled in the largest remaining gap in that patch set by implementing mmap() support. This code enables the page cache to manage chunks of file data larger than a single page which, in turn, addresses many of the I/O and filesystem issues. Christoph has given a long list of reasons why this patch should be merged, but agreement is not universal.

At the top of the list of objections would appear to be the fact that the large block size patches require the availability of higher-order pages to work; there is no fallback if memory becomes sufficiently fragmented that those allocations are not available. So a system which has filesystems using larger block sizes will fall apart in the absence of large, contiguous blocks of memory - and, as we have seen, that is not an uncommon situation on Linux systems. The fragmentation avoidance patches can improve the situation quite a bit, but there is no guarantee that [PULL QUOTE: If this patch set is merged, some developers want it to include a loud warning to discourage users from actually expecting it to work. END QUOTE] fragmentation will not occur, either as a result of the wrong workload or a deliberate attack. So, if this patch set is merged, some developers want it to include a loud warning to discourage users (and distributors) from actually expecting it to work.

An alternative is Nick Piggin's fsblock work. People like to complain about the buffer head layer in current kernels, but that layer has a purpose: it tracks the mapping between page cache blocks and the associated physical disk sectors. The fsblock patch replaces the buffer head code with a new implementation with the goals of better performance and cleaner abstractions.

One of the things fsblock can do is support large blocks for filesystems. The current patch does not use higher-order allocations to implement this support; instead, large blocks are made virtually contiguous in the vmalloc() space through a call to vmap() - a technique used by XFS now. The advantage of using vmap() is that the filesystem code can see large, contiguous blocks without the need for physical adjacency, so fragmentation is not an issue.

On the other hand, using vmap() is quite slow, the address space available for vmap() on 32-bit systems is small enough to cause problems, and using vmap() does nothing to help at the I/O level. So Nick plans to extend fsblock to implement large blocks with contiguous allocations, but with a fallback to vmap() when large allocations are not available. In theory, this approach should be be best of both worlds, giving the benefits of large blocks without unseemly explosions in the presence of fragmentation. Says Nick:

From the conversation, it seems that a number of developers see fsblock as the future. But it is not something for the near future. The patch is big, intrusive, and scary, which will slow its progress (and memory management patches have a tendency to merge at a glacial pace to begin with). It lacks the opportunistic large block feature. Only the Minix filesystem has been updated to use fsblock, and that patch was rather large. Everybody (including Nick) anticipates that more complex filesystems - those with features like journaling - will present surprises and require changes of unknown size. Fsblock is not a near-term solution.

One recently-posted patch from Christoph could help fill in some of the gaps. His "virtual compound page" patch allows kernel code to request a large, contiguous allocation; that request will be satisfied with physically contiguous memory if possible. If that memory is not available, virtually contiguous memory will be returned instead. Beyond providing opportunistic large block allocation for fsblock, this feature could conceivably be used in a number of places where vmalloc() is called now, resulting in better performance when memory is not overly fragmented.

Meanwhile, Andrea Arcangeli has been relatively quiet for some time, but one should not forget that he is the author of much of the VM code in the kernel now. He advocates a different approach entirely:

The CONFIG_PAGE_SHIFT patch is a rework of an old idea: separate the size of a page as seen by the operating system from the hardware's notion of the page size. Hardware pages can be clustered together to create larger software pages which, in turn, become the basic unit of memory management. If all pages in the system were, say, 64KB in length, a 64KB buffer would be a single-page allocation with no fragmentation issues at all.

If the system is to go to larger pages, creating them in software is about the only option. Most processors support more than one hardware page size, but the smallest of the larger page sizes tend to be too large for general use. For example, i386 processors have no page sizes between 4KB and 2MB. Clustering pages in software enables the use of more reasonable page sizes and creates the flexibility needed to optimize the page size for the expected load on the system. This approach will make large block support easy, and it will help with the I/O performance issues as well. Page clustering is not helpful for TLB pressure problems, but there is little to be done there in any sort of general way.

The biggest problem, perhaps, with page clustering is that it replaces external fragmentation with internal fragmentation. A 64KB page will, when used as the page cache for a 1KB file, waste 63KB of memory. There are provisions in Andrea's patch for splitting large pages to handle this situation; Andrea claims that this splitting will not lead to the same sort of fragmentation seen on current systems, but he has not, yet, convinced the others of this fact.

Conclusions from this discussion are hard to come by; at one point Mel Gorman asked: "Are we going to agree on some sort of plan or are we just going to handwave ourselves to death?" Linus has just called the whole discussion "idiotic". What may happen is that the large block size patches go in - with warnings - as a way of keeping a small subset of users happy and providing more information about the problem space. Memory management hacking requires a certain amount of black-magic handwaving in the best of times; there is no reason to believe that the waving of hands is going to slow down anytime soon this time around.

Comments (34 posted)

A generic tracing interface

Dynamic kernel tracing remains high on the wishlists presented by many Linux users. While much work has been done to create a powerful tracing capability, very little of that work has found its way into the mainline. The recent posting of one small piece of infrastructure may help to change that situation, though.

The piece in question is the trace layer posted by David Wilder. Its purpose is to make it easy for a tracing application to get things set up in the kernel and allow the user to control the tracing process. To that end, it provides an internal kernel API and a set of control files in the debugfs filesystem.

On the kernel side, a tracing module would set things up with a call to:

    #include <linux/trace.h>

    struct trace_info *trace_setup(const char *root, const char *name,
			           u32 buf_size, u32 buf_nr, u32 flags);

Here, root is the name of the root directory which will appear in debugfs, name is the name of the control directory within root, buf_size and buf_nr describe the size and number of relay buffers to be created, and flags controls various channel options. The TRACE_GLOBAL_CHANNEL flag says that a single set of relay channels (as opposed to per-CPU channels) should be used; TRACE_FLIGHT_CHANNEL turns on the "flight recorder" mode where relay buffer overruns result in the overwriting of old data, and TRACE_DISABLE_STATE disables control of the channel via debugfs.

The return value (if all goes well) will be a pointer to a trace_info structure for the channel. This structure has a number of fields, but the one which will be of most interest outside of the trace code itself will be rchan, which is a pointer to the relay channel associated with this trace point.

When actual tracing is to begin, the kernel module should make a call to:

    int trace_start(struct trace_info *trace);

The return value follows the "zero or a negative error value" convention. Tracing is turned off with:

    int trace_stop(struct trace_info *trace);

When the tracing module is done, it should shut down the trace with:

    void trace_cleanup(struct trace_info *trace);

Note that none of these entry points have anything to do with the placement or activation of trace points or the creation of trace data. All of that must be done separately by the trace module. So a typical module will, after calling trace_start(), set up one or more kprobes or activate a static kernel marker. The probe function attached to the trace points should do something like this:

    rcu_read_lock();
    if (trace_running(trace)) {
        /* Format trace data and output via relay */
    }
    rcu_read_unlock();

Additionally, if the TRACE_GLOBAL_CHANNEL flag has been set, the probe function should protect access to the relay channel with a spinlock. This protection may also be necessary in situations where an interrupt handler might be traced.

In user space, the trace information will show up under /debug/root/name, where debug is the debugfs mount point, and root and name are the directory names passed to trace_setup(). The file state can be read to get the current tracing state; an application can write start or stop to this file to turn tracing on or off. The file trace0 is the relay channel where tracing data can be read; on SMP systems with per-CPU channels there will be additional files (trace1...) for additional processors. The file dropped can be read to see how many trace records (if any) have been dropped due to buffer-full conditions.

All told, it is not a particularly complicated bit of code. Perhaps the most significant feature of this patch is that it is part of the infrastructure created and used by the SystemTap project. Getting this code into the mainline will make it that much easier for distributors to provide well-supported tracing facilities to their users. And that, in turn, should make users happy and give analysts one less thing to complain about.

Comments (none posted)

A summary of 2.6.23 internal API changes

The final 2.6.23 kernel release is getting closer. At this point, it would be more than surprising to see any additional API changes find their way into this release, so it should be safe to summarize the changes which have been made.

• The UIO interface for the creation of user-space drivers has been merged. While UIO is aimed at user space, there is a kernel-space component for driver registration and interrupt handling.

• unregister_chrdev() now returns void.

• There is a new notifier chain which can be used (by calling register_pm_notifier()) to obtain notification before and after suspend and hibernate operations.

• The new "lockstat" infrastructure provides statistics on the amount of time threads spend waiting for and holding locks.

• The new fault() VMA operation replaces nopage() and populate(). See this article for a description of the current fault() API.

• The generic netlink API now has the ability to register (and unregister) multicast groups on the fly.

• The destructor argument has been removed from kmem_cache_create(), as destructors are no longer supported. All in-kernel callers have been updated.

• There is a new clone() flag - CLONE_NEWUSER - which creates a new user namespace for the process; it is intended for use with container systems.

• There is a new rtnetlink API for managing software network devices.

• The networking core can now work with devices which have more than one transmit queue. This is a feature which was needed to properly support some wireless devices.

• The sysfs core has been significantly rewritten to weaken the connection between sysfs entries and internal kobjects. The new code should make life easier for driver writers who will have fewer object lifecycle issues to worry about.

• The never-used enable_wake() PCI driver method has been removed.

• Drivers wanting to get the revision ID from the PCI config space should now just use the value found in the new revision member of the pci_dev structure. All in-tree drivers have been changed to use this new approach.

• The SCSI layer has picked up a couple of scatter/gather accessor functions - scsi_dma_map() and scsi_dma_unmap() - in preparation for chained scatter/gather lists and bidirectional requests. Most drivers in the kernel have been updated to use these functions.

• The idr code has a couple of new helper functions: idr_for_each() and idr_remove_all().

• sys_ioctl() is no longer exported to modules.

• The page table helper functions ptep_establish(), ptep_test_and_clear_dirty() and ptep_clear_flush_dirty() have been removed - they had no in-kernel users.

• Kernel threads are non-freezable by default; any kernel thread which should be frozen for a suspend-to-disk operation must now call set_freezable() to arrange for that to happen.

• The SLUB allocator is now the default.

• The new function is_owner_or_cap(inode) tests for access permission based on the current fsuid and capabilities; it replaces the open-coded test previously found in several filesystems.

• There is a new utility function:

      char *kstrndup(const char *s, size_t max, gfp_t gfp);
  

  This function duplicates a string along the lines of the user-space strndup().

As always, a cumulative record of API changes can be found in the LWN 2.6 API changes page.

Comments (none posted)

Fedora Audio Creation SIG

Hans de Goede has announced the creation of a Fedora Special Interest Group (SIG) dedicated to Audio Creation. The new SIG's initial goal to bring the packages currently in Planet CCRMA into the main Fedora repository.

CCRMA (pronounced "karma") is the Stanford University Center for Computer Research in Music and Acoustics. Planet CCRMA is a repository of software packages in RPM format. The CCRMA project was created and is still maintained by Fernando Lopez-Lezcano at Stanford.

The packages in Planet CCRMA were originally developed on Red Hat Linux and later on Fedora. Its packages are available to Fedora users as a third party repository, but there are too many packages to be easily maintained by one person. As a result not all the CCRMA packages have been updated to Fedora 7, much less Fedora 8. CCRMA does have realtime kernels for FC6 and F7 based on 2.6.22.6 and Ingo's 2.6.22.1-rt9 patch, which, along with a good selection of audio applications, seems like a good start for an Audio Creation spin.

Over time some of the CCRMA packages have migrated into the main Fedora repository. The Audio Creation SIG hopes to integrate more of the core Planet CCRMA packages into Fedora and to keep up-to-date any audio related packages that are currently in the Fedora repository.

There are many other audio projects out there. Dave Phillips has compiled a fairly comprehensive (though somewhat out-of-date) list of Linux Audio Bundles, Distributions, and Music Collections. Many projects are distribution specific (or bundled distributions such as 64 Studio and Dyne:bolic). The AGNULA project once had a ReHMuDi branch that was Red Hat Linux based, but that died before Fedora was born. Planet CCRMA is the place for Fedora audio packages and it is a great place to start in turning Fedora into a premiere distribution for audiophiles.

Comments (none posted)

Fedora 8 Test 2 released

The second Fedora 8 test release is out. "Test 2 is for 'beta' users. This is the time where we have more features in a 'testable' state where the more people using them and the more feedback we get the better. So please help us make Fedora 8 as good as we can!"

Full Story (comments: 5)

Fedora Electronic Lab - Livecd F8Test2

Fedora Electronic Lab live CD has released an F8Test2 ISO image.

Full Story (comments: none)

Gentoo Council 2007 Election Results

The Gentoo Council decides on global issues and policies that affect multiple projects in Gentoo. The election for the 2008 Council is now complete. The winners are Mike Frysinger (vapier), Donnie Berkholz (dberkholz), Roy Marples (uberlord), Diego Pettenò (flameeyes), Luca Barbato (lu_zero), Petteri Räty (betelgeuse) and Wernfried Haas (amne). Click below to see how the votes were tabulated.

Full Story (comments: none)

Ubuntu 7.10 beta approaching

Ubuntu 7.10 (Gutsy Gibbon) skipped the final Tribe CD (alpha) release and is now heading toward the first beta release currently scheduled for September 27, 2007.

Full Story (comments: none)

Ubuntu Launchpad 1.1.9 release delayed

The Launchpad 1.1.9 release, originally scheduled for September 19, has been delayed for further testing.

Full Story (comments: none)

Gentoo Weekly Newsletter

The Gentoo Weekly Newsletter for September 3, 2007 looks at the Emacs project, MIPS keywording, Gentoo Russian Summer Camp review, upcoming OpenExpo in Zurich and more.

The Gentoo Weekly Newsletter for September 10, 2007 covers the Council voting reminder, screenshot contest winners, Synergy tips and tricks.

Comments (none posted)

Ubuntu Weekly News: Issue #57

The Ubuntu Weekly Newsletter for September 15, 2007 covers Dell's remastered Ubuntu 7.04 ISO, Andrea Veri becomes a MOTU, Ubuntu Finland delivers Ubuntu to Finnish parliament representatives and much more.

Full Story (comments: none)

DistroWatch Weekly, Issue 220

The DistroWatch Weekly for September 17, 2007 is out. "DistroWatch has a new Number One distribution and it's called PCLinuxOS. But how is it possible that this small, little-known project, built mostly by one enthusiastic developer, has reached the height that eludes many of the more famous and better established distributions? Keep reading to find out. In the news section: Ubuntu technical team votes for CompizFusion by default, openSUSE continues to show faith in KDE 4.0, Debian looks at new features in X.Org 7.3 and 7.4, Ulteo launches new beta releases, and Linux Mint develops a new update tool - mintUpdate. Finally, don't miss our featured article that introduces MACH BOOT, a Linux live CD that boots into a graphical desktop in as little as 10 seconds!"

Comments (none posted)

Fedora Interview Series

Jonathan Roberts has started a series of interviews with Fedora developers to get some Fedora 8 feature previews. This week Jonathan talks with Bastien Nocera about Bluetooth support.

Comments (none posted)

Xen Cluster Management With Ganeti On Debian Etch (HowtoForge)

HowtoForge has a tutorial on using Ganeti on a Debian Etch system. "Ganeti is a cluster virtualization management system based on Xen. In this tutorial I will explain how to create one virtual Xen machine (called an instance) on a cluster of two physical nodes, and how to manage and failover this instance between the two physical nodes."

Comments (none posted)

Google Summer of Code 2007 Conclusion

This is the sixth and final piece in LWN's series of Google Summer of Code (GSoC) 2007 articles. The first five articles covered the program launch, Ubuntu's projects, the OpenMRS organization, the student who tackled Direct3D 10 support for Wine, and Mozilla's projects.

When LWN contacted Leslie Hawthorn, Google's Open Source Program Coordinator, back in April, Google had just announced the names of the 905 students who they would be sponsoring to work for established open source projects for the summer of 2007. For the program's third year, Google was experimenting with some administrative changes intended primarily to ease the student payment process (each student is given $4500, over three installments) and help them bond with their mentoring developers and organizations. The program ended on August 31st with the deadline for final student and mentor evaluations, and the participants seem to have had another generally successful year. Again, we look to Leslie Hawthorn for more information about the effects of those changes, the outcome of the final evaluations, the GSoC 2008, and some of the individual students and projects that LWN hasn't had a chance to cover yet this summer.

LWN: Google made several changes to the Summer of Code from the previous year, such as a new payment mechanism and alterations in the program timeline to give students and mentors more bonding time. Can you evaluate the impact that these changes have had on the program? Will you revert any of these changes for next year's program, or are all of them here to stay?

Hawthorn: Overall we've gotten good feedback that adding the community bonding period was helpful. A few students mentioned it gave them some no-pressure time to just idle in IRC and learn about how the project worked. Another few commented that the time gave them the opportunity to read up on the latest research in their project area. I'm hoping that the extra time means more projects end up with long-term contributors.

Our new payments system also meant that we were able to get 89% of our students paid within five days (and usually 48 hours), rather than weeks. That's a great improvement, but we can always do better.

LWN: From what I understand, students were asked to evaluate their mentors, as well as it going the other way round. What percentage of them received passing evaluations? What did you learn from those evaluations?

Hawthorn: We didn't ask students whether their mentors passed or failed, but I think that's not a bad idea. Most students were very pleased with their interactions with their mentors. I even had one student who failed ping me to let me know that he thought his mentor did a good job, but that the project just wasn't right for him.

LWN: What trends can you identify in the evaluation data? How have the evaluation success rates changed over the three years that the Google Summer of Code has been operating?

Hawthorn: Both students and mentors noted that they wish they had more time to devote to the project. That's a common complaint I hear from most open source developers, though.

A few newer organizations had lower success rates than we'd like, but that's somewhat to be expected. Students who had previous open source experience were more likely to pass, but other than that there are no clear trends that stick out in my mind at this time.

[The success rates over the years] have remained pretty consistent.

LWN: Are there any particular students, mentors, or organizations which you think deserve special attention?

Hawthorn: I think all of the projects are special, but a few do leap out at me as particularly noteworthy:

I'm a big fan of the OpenMRS project, but you've already profiled them in a previous article.

Creative Commons had some interesting projects this year, like the work of Jason Kivlighn, mentored by Jon Phillips. Jason worked on indexing embedded license claims, which resulted in many improvements to Liblicense, a C library that produces licensing information based on the specifications of calling libraries and programs. In addition to generating text for specific licenses, Liblicense allows an application to enumerate which licenses are currently available and provide descriptive text for each license, and for license features.

Another cool project was the work done by Andrew Morton, mentored by Angie Byron. Andrew worked on creating a project quality metrics system for Drupal modules, helping Drupal developers choose which modules would be most effective for them to use when creating Drupal sites. As there are *many* modules contributed to Drupal, Andrew's work has made developers' lives much easier.

LWN: Thank you very much for your time.

With about 733 successful projects, it is impossible to discuss every student's work. Over the past five months, LWN has reported on those GSoC projects that we hoped would be most interesting to our readership, but there have certainly been many qualified projects that slipped through the cracks. We'll try to bring justice to a few of them here:

AbiSource: Philippe Milot's OpenXML Importer, mentored by Kamran Khan.

Milot developed a plugin for AbiWord that imports documents in Microsoft's OpenXML format. According to the last update made on Milot's project wiki, the plugin is capable of importing text with some associated formatting, though advanced features such as styles had not yet been implemented.

Debian: Ian Haken's Automated Upgrade Testing Using QEMU, mentored by Lars Ivar Wirzenius

Haken built VLOSUTS (Virtual Live Operating System Upgrade Test Suite), software which will help Debian developers make sure that their latest package set will not cause errors for upgrading users. VLOSUTS builds a custom image of a Debian installation with a user-defined set of packages, runs the installation in virtualization software (Zen, KVM, and Qemu are supported), attempts to upgrade a specified list of packages from a particular repository, and then reports any errors. It is interesting to note that the Qemu backend may make it possible to test several architectures at once. As of the most recent post on Haken's blog, the project was "just out of alpha" and is available to build as a package.

Debian: Cameron Dale's BitTorrent Proxy for Debian Archive, mentored by Anthony Towns

Dale created DebTorrent, software that should significantly decrease the bandwidth required to host a mirror of a Debian repository. DebTorrent harnesses a modified version of BitTorrent, altered to meet the demands of software repositories, which contain far more files, often of far smaller size and updated more frequently than the protocol is usually applied to. Dale's most recent status report indicates that the software is in working order. It appears that CPU usage is moderate while downloading packages with DebTorrent, though memory usage needs immediate attention.

FreeBSD: Ivan Voras's Graphical installer for FreeBSD, mentored by Murray Stokely

Voras's finstall modular and extensible LiveCD installer is meant to be an eventual replacement for the six-year old sysinstall installer. The new installer is meant to be usable by the release of FreeBSD 7.0, but will likely not be the default and will only support the i386 and amd64 architectures. Voras has released an alpha version of finstall (screenshots are, of course, available) which is only usable on an unparitioned system.

Gnome: Raphael Nunes da Motta's Voice recognition applet to control desktop, mentored by Nickolay Shmyrev

Da Motta's Gnome-Voice-Control, only at version 0.2, is already an impressive usability tool, with the potential to be a phenomenally fun toy and time saver. Look to da Motta's blog for video demonstations of using the tool to run programs and manipulate windows and menus. The software uses a CMU Spinx speech recognition backend and is currently only available for English.

KDE: Rivo Laks' Icon cache for KDE, mentored by Aaron Seigo

Laks' KIconCache substantially reduces disk seeking and access upon KDE application startup by caching icons in memory. The results are excellent: about 10% faster desktop startup and about 25% faster startup time for applications, using Dolphin as a reference. He also developed KPixmapCache to cache image data for individual applications. His code has already been merged into kdelibs and will be released as part of KDE 4.0.

KDE: Urs Wolfer's KRDC UI Redesign and overall revamp, mentored by Bradley John Hards

Wolfer's work has received a lot of attention in the KDE community, where improvement of the KDE Remote Desktop Connection (KRDC) tool for VNC and RDP has been long awaited. All indications are that Wolfer has lived up to the expectations, including the complete rewrite of the VNC code, the new interface with tabbing, and a preliminary Windows build. The new KRDC has already been integrated into the KDE 4 trunk and is available as part of KDE 4 beta 2. Wolfer has indicated that he will continue to work on KRDC, suggesting possible NX support for KDE 4.1.

NetBSD: Jachym Holecek's Hardware monitoring and HAL port, mentored by Quentin Garnier

Holecek is bringing long overdue hardware event notification support to NetBSD via a port of the Hardware Abstraction Layer (HAL). It's a difficult project, involving some kernel modification, but it should have tremendous ease-of-use implications for NetBSD users, making transparent hardware management possible in KDE and Gnome. According to the last update posted to Holecek's project page, the port now successfully builds with some features disabled.

Neuros: Leif Johnson's Apple iPod integration for Neuros OSD, mentored by Thomas Bruno

Johnson sought to add a potentially killer feature to Neuros' latest gadget, the Linux-based Open Source Device (OSD) media center. His project would allow the OSD, as a USB-host device, to sync music and videos with an Apple iPod. It is difficult to find information on the status of his project, but it looks as though he was successful in creating a framework for hotplugging USB devices and implementing audio-read support for the iPod back in early August.

OpenOffice.org: Shane Mathews' OpenGL rendered Impress transitions, mentored by Thorsten Behrens

Mathews' work should satisfy eye candy-hungry users of OpenOffice.org's Impress slideshow application. He has released five stylish 3D slide transitions rendered with OpenGL and a platform for making more. Look to Mathews' blog for screenshots and more information about the project.

LWN was also interested in learning about how the GSoC might look next year. In all previous years, the program has received substantial administrative changes, growth in participation and diversity, and budget increases. While it may be logical to assume that the GSoC 2008 will be no exception, Hawthorn could only remark, "We don't have anything to announce right now about possible future instances of the Google Summer of Code program..."

Despite the fact that Google is unwilling to discuss the next GSoC, or even confirm that it will exist, feel free to attempt your own predictions based on the growth demonstrated in figures from the past summers. The following data was gathered with the help of Chris Ulbrich of Google's Global Communications and Public Affair division:

Google Summer of Code 2007

• 905 students
• 137 open source mentoring organizations
• 90 countries
• $4,500,000 approximate budget
• 81% overall student evaluation success rate
• Approximately 1500 mentors

Google Summer of Code 2006

• 630 students
• 102 open source mentoring organizations
• 90 countries
• $3,000,000 budget
• 82% overall student evaluation success rate
• 1,200 mentors

Google Summer of Code 2005

• 419 students
• 40 open source mentoring organizations
• 49 countries
• $2,000,000 budget

Comments (3 posted)

PostgreSQL 8.2.5, 8.1.10 announced

Versions 8.2.5 and 8.1.10 of the PostgreSQL DBMS have been announced. "The PostgreSQL Global Development Group has released the minor update versions updating all current and recent versions of PostgreSQL, including 8.2, 8.1, 8.0, 7.4 and 7.3. The primary fix in these versions is updating PostgreSQL for the upcoming New Zealand time zone change; users in that country are urged to update their database servers immediately. Other users are encouraged to update their installations at their earliest convenience. Additional fixes contained in this release include minor security fixes for dblink and pgstattuple, a potential index-corruption issue with vacuum, fixes for GIN indexing, and logging improvements."

Comments (none posted)

PostgreSQL Weekly News

The September 16, 2007 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

Initial ATI Radeon R500/R600 driver released

Graphics developers at Novell have announced the availability of an initial driver for AMD/ATI Radeon R500- and R600-based graphics adapters. It is described as an alpha-quality driver with basic mode setting capability. "Next steps are adding support for more hardware, RandR 1.2 support, video overlay support and 2D acceleration." Some more information is available in this announcement by Egbert Eich. (Thanks to Paul Sladen).

Comments (none posted)

BusyBox 1.7.1 released

Stable version 1.7.1 of BusyBox, a collection of command line tools for embedded systems, has been released. "This is a bugfix-only release, with fixes to cp, runsv, tar, busybox --install and build system."

Comments (none posted)

Clonezilla 1.0.5-4 (testing) and 1.0.5-4-nk-1 (experimental) (SourceForge)

Two new versions of Clonezilla have been announced. "Clonezilla is a partition or disk clone software similar to Ghost. It saves and restores only used blocks in hard drive. By using clonezilla, you can clone a 5 GB system to 40 clients in about 10 minutes. Clonezilla 1.0.5-4 (testing) and 1.0.5-4-nk-1 (experimental) released. Now the version number is synced. The same version means same programs except the newer kernel and ntfs-3g are used in "-nk" files."

Comments (none posted)

An OpenLDAP Update (O'ReillyNet)

Marty Heyman covers the state of OpenLDAP on O'Reilly. "OpenLDAP is the de facto Open Source reference implementation of the Internet standard Lightweight Directory Access Protocol (LDAP, see RFC 4510). This standard is now in Version 3 and was recently republished to clarify some points. Ever since various experimenters began developing bridges between internet applications and pre-internet X.500 directories, they have relied on a reference implementation to validate their approaches and verify the standard would be robust and complete."

Comments (none posted)

MailStripper 1.4.1 released

Version 1.4.1 of MailStripper, an SMTP spam filter with anti-virus capability, has been announced. "Just when you thought it would never happen... we at Eridani are finally able to announce the release of MailStripper 1.4.1!" This version features numerous bug fixes and improved spam filtering.

Full Story (comments: 3)

OpenNMS 1.3.7 released (SourceForge)

Version 1.3.7 of OpenNMS, a Java/XML-based distributed network and systems management platform, has been announced. "This is probably the strongest OpenNMS release in years. Numerous performance improvements have been made as well as some cool new features."

Comments (none posted)

Vuurmuur 0.5.73 released

Version 0.5.73 of Vuurmuur, a firewall manager built on top of iptables, has been announced. "I'm now pleased to announce Vuurmuur version 0.5.73. This release both adds a number of new features and fixes a lot of bugs. To start with the latter, many bugs in the log and connection management were fixed. Also, Vuurmuur can handle systems with nf_conntrack much better. There were lots of smaller fixes all over the program."

Full Story (comments: none)

Common UNIX Printing System 1.3.1 announced

Version 1.3.1 of CUPS, the Common UNIX Printing System, has been announced. "CUPS 1.3.1 is now available for download from www.cups.org and fixes some build, localization, binary PostScript, and Kerberos issues."

Comments (none posted)

ClamTk 3.03 released (SourceForge)

Version 3.03 of ClamTk has been announced. "ClamTk is a GUI front-end for Clam Antivirus using gtk2-perl. It is designed to be an easy-to-use, lightweight, point-and-click desktop virus scanner for Linux. This release introduces a right-click "save-as" feature. This is useful for when opening downloads (from Firefox, for example) with ClamTk to scan them first: one can then save it from the usual temp (/tmp) directory as desired."

Comments (none posted)

10th Issue of the Amarok Newsletter is Out (KDE.News)

KDE.News has announced a new edition of the Amarok newsletter. "After a long summer break, the Amarok newsletter is back. In the 10th issue we take a look into Amarok 2 development, talk about some interesting user interface changes & new features and instruct you how to Rok with your Bluetooth-enabled mobile phone."

Comments (none posted)

FLAC 1.2.1 released

Version 1.2.1 of FLAC, the Free Lossless Audio Codec, has been announced "New in this release is support for all RIFF/AIFF metadata, including Broadcast Wave Format (BWF). There are many other small improvements and bug fixes". See the changelog for more information.

Comments (none posted)

nova_filters 0.2 announced

Version 0.2 of nova_filters has been announced. "hi all, a quick update for the ladspa filters broken out of nova".

Full Story (comments: none)

Adaptive Planning version 4.0 announced (SourceForge)

Version 4.0 of Adaptive Planning has been announced "Adaptive Planning, the leading provider of collaborative business performance management (BPM) solutions, today announced Adaptive Planning 4.0, the latest release of its award-winning software solution. Featuring a revolutionary Report Builder module and new Cell Explorer functionality, Adaptive Planning 4.0 introduces new leading-edge capabilities that put powerful yet intuitive web-based reporting and analysis in the hands of business users throughout a company. With this new release, Adaptive Planning continues to deliver unprecedented value through affordable, easy-to-use, and quick-to-deploy budgeting, forecasting, and reporting solutions."

Comments (none posted)

Chandler preview 0.7.0.1 released

Preview release 0.7.0.1 of Chandler has been announced. "Chandler Project is an open source, standards-based personal information manager built around small group collaboration and a core set of information management workflows modeled on Inbox usage patterns and David Allen's GTD methodology. You can manage and share calendars, tasks, messages, notes and other information with the Chandler Desktop application and/or with the Chandler Hub web application. The Preview releases are public-beta quality applications ready for daily use. The Chandler team hopes to use feedback from these releases to build great 1.0 releases."

Full Story (comments: none)

GNOME 2.20 released

The GNOME 2.20 release is out. "Released on schedule, to the day, it is the culmination of six months effort by GNOME contributors around the world: hackers, documentors, usability and accessibility specialists, translators, maintainers, sysadmins, companies, artists, users and testers. Due to their hard work, we have another great release to be proud of - thanks very much to every contributor!" See the about GNOME 2.20 page for more information.

Full Story (comments: 13)

GARNOME 2.20.0 announced

Version 2.20.0 of GARNOME, the bleeding-edge GNOME distribution, is out. "This release incorporates the GNOME 2.20.0 Desktop and Developer Platform, fine-tuned with love by the GARNOME Team. It includes updates and fixes after the GNOME 2.20.0 freeze, together with a host of third-party GNOME packages, Bindings and the Mono(tm) Platform -- this release is the first of a new stable GNOME branch and ships with the latest and greatest releases."

Full Story (comments: none)

GNOME Software Announcements

The following new GNOME software has been announced this week:

• Accerciser 0.1.92 (new features and translation work)
• atk 1.20.0 (translation work)
• at-spi 1.20.0 (bug fixes)
• Clutter 0.4.2 - PyClutter 0.4.2 (bug fixes)
• Dasher 4.6.0 (bug fixes and translation work)
• Deskbar-Applet 2.20.0 (bug fixes)
• Ekiga 2.0.11 (bug and build fixes)
• Evince 2.20.0 (new features, bug fixes and translation work)
• Evolution 2.12.0 and related (new features and bug fixes)
• Eye of GNOME 2.20.0 (new features, bug fixes and translation work)
• gail 1.20.0 (translation work)
• gcalctool 5.20.0 (translation work)
• GDM2 2.20.0 (new features, bug fixes and translation work)
• gedit 2.20.0 (new features)
• Glade 3.4 (translation work)
• GLib 2.14.1 (bug fixes and translation work)
• gnome-applets 2.20.0 (new features, bug fixes and translation work)
• gnome-control-center 2.20.0 (bug fixes and translation work)
• gnome-games 2.20.0 (bug fixes and translation work)
• gnome-games-extra-data 2.20.0 (new card images)
• gnome-keyring 2.20 (new features, bug fixes and translation work)
• gnome-mag 0.14.10 (bug fix and translation work)
• GNOME Nettool 2.20.0 (bug fix and translation work)
• GNOME Power Manager 2.20.0 (bug fix and translation work)
• GNOME Utilities 2.20.0 (new features and bug fixes)
• GOK 1.3.4 (bug fixes and translation work)
• GTK+ 2.12 (new features and bug fixes)
• Gtk2-Perl 2.20.0 (new features)
• gtk-engines 2.12.0 (new features, bug fixes and translation work)
• gtkmm 2.12.0 and glibmm 2.14.0 (new features)
• GtkSourceView and PyGtkSourceView 2.0.0 (new features and code rewrite)
• gwenview 1.4.2 (new features and bug fixes)
• kiwi 1.9.18 (new features, bug fixes and translation work)
• libgnomekbd 2.20.0 (build fix and translation work)
• Orca 2.20.0 (bug fixes and translation work)
• Rarian 0.6.0 (bug fixes)
• Seahorse 2.20 (new features, bug fixes and translation work)
• Tinymail pre-release 0.0.2 (new features and documentation work)
• Tomboy 0.8.0 (new features and bug fixes)
• Yelp 2.20.0 (new features, bug fixes and translation work)
• Zenity 2.20.0 (documentation and translation work)

You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week:

• Beesoft Commander 4.0.02.beta (unspecified)
• Bulgarian Internet Radio Stations 1.0 (unspecified)
• CrossVC 1.5.2 (new features and bug fixes)
• Fractanoid 0.2 (new features and bug fixes)
• gambas 2 1.9.51 (development version)
• JFGolosone 0.7.2 (bug fix)
• KAlarm 1.4.16a / 1.9.8beta3 (new features and bug fixes)
• KDE Priority handler 0.1 Beta (initial release)
• KLatexFormula Integration Script 1.0 (unspecified)
• K Menu Gnome 0.6.8 (new feature)
• KSquirrel 0.7.1try4 (new features and bug fixes)
• Last.fm Missing Albums 0.1.1 (unspecified)
• Manslide 1.7.1 (new features and bug fixes)
• Playlog 1.0 (unspecified)
• PySMSsend 1.22 (new features and bug fixes)
• QChat 0.2.1 (new features and bug fixes)
• TorK 0.19 (new features, bug fixes and translation work)
• Zhu3D 3.0.2 (new features and bug fixes)

You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

Xorg Software Announcements

The following new Xorg software has been announced this week:

• xf86-input-vmmouse 12.4.2 (new feature and ABI change)
• xf86-video-amd 2.7.7.2 (bug fixes)
• xf86-video-mga 1.9.99 (new features, bug fixes and code cleanup)
• xf86-video-vmware 10.15.1 (new feature)
• xinit 1.0.7 (bug fix)

More information can be found on the X.Org Foundation wiki.

Comments (none posted)

XCircuit 3.4.27 released

Stable version 3.4.27 of XCircuit an electronic schematic drawing application, has been announced, it features a number of bug fixes. This is the first stable release in over a year.

Comments (none posted)

Using the launchpad for more transparent development (WorldForge)

The WorldForge game project has announced the use of Canonical's Launchpad. "During the last couple of weeks we’ve been using the Launchpad service for development. The Launchpad is a rich bug and feature tracker developed by Canonical, the company behind Ubuntu. It also providers other features useful for developers, such as translations and general answers to common questions about the application. Personally I think one of its main strengths is it’s easy to use interface. It’s a simple procedure to submit bug reports or feature requests."

Comments (none posted)

pyFltk 1.1.2 released

Version 1.1.2 of pyFltk, the Python bindings for FLTK, has been announced. "This is a maintenance release of pyFltk. Changes include various bug fixes, improved documentation, a new interactive mode, support for Python objects in callbacks and the resolution of several compilation issues."

Comments (none posted)

Wine 0.9.45 announced

Version 0.9.45 of Wine has been announced. Changes include: Many improvements to the crypto dlls (should make iTunes work), The usual assortment of Direct3D improvements, A number of fixes to sound support, Many more WordPad features and Lots of bug fixes.

Comments (none posted)

Claws Mail 3.0.1 announced

Version 3.0.1 of Claws Mail has been announced, this is mainly a bug fixing release. "Claws Mail is a GTK+ based, user-friendly, lightweight, and fast email client."

Comments (none posted)

CK-ERP 0.24.1 released (LinuxMedNews)

Version 0.24.1 of CK-ERP, an Open Source ERP / CRM / MRP solution, has been announced. "New features include, a connector for LegalCase and updated connectors for ClearHealth, OpenEMR and osCommerce, facilities to convert sales order topurchase order and/or material/service requisition so as to procure therequired material/service after a sale is concluded, addition of a sample lawoffice chart of accounts and a sample medical practice chart of accounts,addition of Australian GST tax rate and updating of Canadian GST tax rate,addition of narrow/wide display option for the various case handling screens,addition of customer, vendor, employee contact lists, and, addition of German translation for the Quotation module."

Comments (none posted)

Liferea 1.4.2 announced (SourceForge)

Stable version 1.42 of Liferea has been announced. "Liferea (Linux Feed Reader) is a GTK desktop news aggregator for online news feeds and weblogs. The project focus is on simplicity and easy installation. This is a bugfix release fixing broken functionality and crashes."

Comments (none posted)

Running KDE 3.5 on the Nokia N770 and N800 Tablets (KDE.News)

KDE.News mentions a new article about running KDE on the Nokia 770 and 800 tablets. "At Ars Technica, my colleague Ryan Paul has posted about KDE 3.5.6 now being able to run on the Nokia 770 and 800 tablets. If you want to get it up and running, check out the original forum post by "penguinbait" over at Internet Table Talk which gives the complete steps required in greater detail. The main drawback for these systems compared to full computers is the total memory available (64MB or 128MB), fortunately KDE runs quite nicely on these low memory systems nonetheless."

Comments (none posted)

Firefox 2.0.0.7 released

Firefox 2.0.0.7 is out. This release contains a fix for a "critical" security bug involving QuickTime files. It appears to be a Windows-only vulnerability. "Other command-line options remain, however, and QuickTime Media-link files could still be used to annoy users with popup windows and dialogs until this issue is fixed in QuickTime."

Full Story (comments: 1)

Caml Weekly News

The September 18, 2007 edition of the Caml Weekly News is out with new Caml language articles.

Full Story (comments: none)

An Introduction to Erlang (O'ReillyNet)

Gregory Brown introduces Erlang on O'Reilly. "These days, the functional languages are all the rage. You see more and more hackers from the traditionally vanilla languages trying out things like Haskell or Scheme or OCaml. Breaking away from an imperative tradition forces us to think in a different way, which is always a good thing. Recently, I've heard a lot about Erlang, especially from curious members of the Ruby community. This article is the result of my quick dive into the language, and will hopefully serve as a starting point for anyone else who's been hearing the buzz, but hasn't taken the plunge yet."

Comments (none posted)

Schemaless Java-XML Data Binding with VTD-XML (XML.com)

Jimmy Zhang discusses Java-XML data binding on O'Reilly's XML.com. "This article introduces a new Java-XML data binding technique based entirely on VTD-XML and XPath. The new approach differs from traditional Java-XML data binding tools in that it doesn't mandate schema, takes advantage of XML's inherent loose encoding, and avoids needless object creation, resulting in much greater efficiency."

Comments (none posted)

Python-URL! - weekly Python news and links

The September 17, 2007 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Tcllib 1.10 released (SourceForge)

Version 1.10 of Tcllib has been announced. "tcllib is a Tcl-only library of standard routines for Tcl (no compiling required). This release is a minor version change which fixes numerous bugs and provides enhancements as well. This release is a minor version change which fixes numerous bugs and provides enhancements as well, to existing modules, and via newly added modules."

Comments (none posted)

Tcl-URL! - weekly Tcl news and links

The September 13, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Tcl-URL! - weekly Tcl news and links

The September 19, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Report: Attacks on ISP Nets Intensifying (Dark Reading)

Distributed denial of service (DDoS) attacks are growing more frequent and more potent according to a survey covered by Dark Reading. "Nearly 60 percent of the ISPs in the survey said less than 10 attacks on their infrastructure per month actually affect their customers, and nearly 20 percent say anywhere from 10- to 100 of attacks do. Arbor expects that number to increase as more ISPs offer managed DDOS mitigation services, where ISPs more actively track attacks that affect their customers rather than relying on them to report problems."

Comments (none posted)

13 reasons why Linux won't make it to a desktop near you (DesktopLinux.com)

DesktopLinux.com has published a guest column by Australian technology marketing consultant Kim Brebach on the spread of Linux to the average user's desktop. "Linux is a beautiful woman of enormous intelligence. Linux is a precocious child with very bad manners. Linux is a teenager who needs patience and understanding. Linux is a sullen geek who refuses to speak to ordinary people. All these statements are true and explain why the messages Linux sends to the market tend to be as incoherent as the utterances of George Bush or Phillip Ruddock."

Comments (48 posted)

Windows Developers meet in Berlin (KDE.News)

KDE.News covers the recent KDE on Windows meeting. "On Friday evening, the participants were welcomed by the Berlin Trolls and introduced to the office. After a nice meal at a local restaurant, the group evaluated the main working areas of the participants and created a meeting roadmap. Saturday started with discussions about Ralf Habacker's installer, the autobuild system by Patrick Spendrin and Holger Schröder's emerge scripts. The KDE installer will be used by users to install KDE components and application on their computers."

Comments (none posted)

Linux World China 2007 and Software Freedom Day preview (ZDNet)

Peter Junge covers Linux World China 2007 on ZDNet Asia. "First of all, on the sponsors' list was a big surprise: Microsoft. I asked myself what could be their intention? But that's a difficult question to answer, and looking at their booth in the exhibition hall did not help much. Their exhibits hardly had any relation to Linux, not even to open source in general, only showing a selection of well-known business software such as SQL Server. It seems like they wanted to reach customers wherever they could get them, obviously ignoring the purpose of the event."

Comments (none posted)

Media coverage since the August 10th SCO ruling (Groklaw)

Groklaw presents a collection of links to recent media articles on the SCO case. "Part of what Groklaw is doing is making an historical record of the SCO litigation. Since the August 10th ruling by Judge Dale Kimball that found that Novell did not transfer the Unix and UnixWare copyrights to Santa Cruz Operation in the 1995 Asset Purchase Agreement, there has been a flurry of media coverage. For the record, then, I thought it might be useful to collect it all in one place and just for interest's sake put it in a table along with the stock price on the day the coverage appeared. Some of it is very good. Some of it is quite funny. My favorite is the headline, "Linux Users Uneasy at Ruling." Was that between the dancing and the whoops?"

Comments (1 posted)

SCO Group files for Chapter 11 bankruptcy (Reuters)

Reuters has a brief article stating that the SCO Group has filed for bankruptcy protection. It's a chapter 11 filing, meaning they want to reorganize and keep going. Update: here's the company's press release announcing the filing.

Comments (15 posted)

[SCO] Bankruptcy Hearing on Tuesday (Lamlaw)

For those of us who are not deeply familiar with how U.S. bankruptcy law works, this Lamlaw article on the upcoming SCO bankruptcy hearing will make interesting reading. "Now is the time for IBM, Novell, Red Hat and anyone else who wants to speak up to petition the court to deny SCO motions to continue as normal and instead appoint a trustee that they can agree with rather than the current SCO management. In other words, IBM, Novell, Red Hat or all of them can petition the bankruptcy court to throw current SCO management out on their ear. Or, at least appoint a trustee in bankruptcy that will not eat the chickens."

Comments (3 posted)

iPod Linux lock-out defeated (PC Pro)

PC Pro reports on Apple's recent attempt to lock out iPod users who don't run iTunes. An SHA1 hash was added to the files stored on the device and if it didn't match, no songs were listed. The folks at ipodsminusitunes figured out the information needed to calculate the hash in just a few days. "'Let's all hope that (if they haven't already from the iPhone unlocking) Apple learn that fighting against us is pointless,' Will, the ipodminusitunes blogger, writes. 'It's a waste of their time if the open-source crowd is going to get past it in just a weekend.'"

Comments (21 posted)

Dell produces customized Ubuntu Linux for customers (DesktopLinux)

DesktopLinux reports that Dell is making remastered Ubuntu 7.04 CD and DVD ISOs available for download. "According to John Hull, Linux OS engineering manager for Dell, based in Round Rock, Texas, these images are intended to "help with installing the OS on the Inspiron 1420 and 530. This media includes the drivers and fixes necessary to get the OS up and running with supported hardware on those systems." In addition, the ISO images will work with the Dell Inspiron E1505n."

Comments (22 posted)

Ubuntu comes knocking on Oracle's door (vnunet)

vnunet reports on Canonical's courting of Oracle. "Canonical has stated that its Ubuntu Server needs increased support from independent software vendors and system builders. "The acid test for Ubuntu Server is Oracle," Canonical chief executive Mark Shuttleworth told vnunet.com in an interview at the VMworld 2007 conference in San Francisco. Ubuntu is best known for its desktop Linux distribution which Dell ships on its consumer Linux desktop PCs, but the group is seeing increasing interest in its server version that was launched in 2005. Certification for third-party applications such as Oracle's database is considered critical for the continued growth of Canonical's support services."

Comments (4 posted)

Microsoft Loses European Appeal (Wired)

Microsoft has lost its appeal of the European Union antitrust verdict, as this Wired article describes. They have two months to decide whether to appeal the decision, which requires them to pay a $613 million dollar fine, stop bundling windows media player, and open up their server protocols to others. The Free Software Foundation Europe has a press release hailing the decision as a boon for Samba. "The EU Court of First Instance ruled against Microsoft Corp. on both major parts of the case, saying the European Commission was correct in concluding that the company was guilty of monopoly abuse in trying to use its power over desktop computers to muscle into server software."

Comments (17 posted)

Loop-based Music Composition With Linux, Pt. 1 (Linux Journal)

Dave Phillips looks at Linux audio applications that include powerful tools for loop manipulation. "Loop-based music composition is the practice of sequencing audio samples to create the various parts of a musical work. A sample may contain only a single event such as a bass note or cymbal crash or it may contain a measured pattern of events such as a drum beat, a guitar chord progression, or even an entire piece of music. The former type is sometimes referred to as a "one-shot" sample, while a longer sampled pattern is often simply called a loop."

Comments (none posted)

Maynor Releases Apple Wireless Bug Code (Dark Reading)

More than a year after the 'demonstration' at Black Hat 2006, David Maynor has released proof-of-concept code for an attack exploiting the vulnerability. Dark Reading covers the release. "David Maynor, CTO of Errata Security -- who with researcher Jon Ellch, a.k.a. johnnycache, faced a firestorm of criticism from Mac enthusiasts and some researchers for their demo last year -- today published a formal paper for the online researcher journal Uninformed in which he releases proof-of-concept code showing how the bug could be exploited. Maynor also explains in detail how he inadvertently found the heap buffer overflow bug in the OS X Atheros wireless device driver while fuzzing other wireless notebook machines."

Comments (none posted)

Inspiration: Pass It On (O'ReillyNet)

Gabrielle Roth writes this Women in Technology article. "What I do know is that women will not stay involved when they are deliberately shoved aside, like a story I heard recently about a woman being approached at a conference booth and asked "Is there a guy around who can answer my question?" (My response to that would be "Why? Do you need a guy to tell you you're a jackass?" which I acknowledge is not conducive to continuing the dialogue.) Here's how to fix this, taken directly from my own experience at OSCON 2007: one of the guys at the booth asked me if I was answering my fair share of questions, and when I said, "Not really," we came up with the solution that the men at the booth would turn over certain questions to me and then walk away, leaving the questioner with no choice but to talk to me. This also required a bit of effort on my part to get over my shyness in social situations, but it worked fabulously."

Comments (47 posted)

From Princess to Goddess: Female Success in IT (O'ReillyNet)

Molly Holzschlag writes this article from O'Reilly's Women in Technology series. "Ridiculous as it may sound, my experiences as an emotional, sometimes hysterical, highly paid, and astonishingly well-liked female in IT are perhaps somewhat unique. Now, don't get me wrong, I've met my fair share of gender (and other) bias, but I am certain that strong, authentic voices that steer clear of power plays and agenda-wars can actually skyrocket a woman's career rather than harm it. It's common knowledge that the IT workforce has been male-dominated for most of its life. However, this is clearly beginning to change as more women start careers in some aspect of either computer science or in the larger, more integrated world of the Web."

Comments (6 posted)

Thanking our own heaven on OneWebDay (Linux Journal)

Doc Searls celebrates OneWebDay. "Today (22 September) is OneWebDay, a project I'm proud to have been a part of since Susan Crawford thought it up many months before the first one last year. OneWebDay is meant as a day on which we celebrate the Web and what it does for each of us. So I want to celebrate what the Web does, and continues to do, for me as a journalist."

Comments (6 posted)

Patrick McHardy elected head of Netfilter Coreteam

The Netfilter Coreteam has elected Patrick McHardy as its head, following the resignation of Harald Welte. (Thanks to Gerd).

Comments (none posted)

Samba: A triumph for freedom of choice and competition

The Free Software Foundation Europe notes Microsoft's loss of a European Union antitrust case. "'Microsoft can consider itself above the law no longer,' says Georg Greve, president of the Free Software Foundation Europe (FSFE). 'Through tactics that successfully derailed antitrust processes in other parts of the world, including the United States, Microsoft has managed to postpone this day for almost a decade. But thanks to the perseverance and excellent work of the European Commission, these tactics have now failed in Europe,' Greve continues."

Full Story (comments: none)

ActiveState announces Komodo 4.2 updates

ActiveState has announced version 4.2 of the Komodo IDE advanced web development toolkit. "Komodo IDE helps free developers to focus on advanced web development. This release incorporates more useful features like auto-update, necessary features like bug fixes, and nice-to-have features like soft characters, plus improved functionality for dynamic languages. Key additions to this release are auto updates and soft characters. Auto updates means users don't need to check for the latest features or reinstall Komodo to get the latest version. Soft characters is a new feature for automatic insertion of closing brackets, braces and parentheses."

Full Story (comments: none)

Atmel and TimeSys announce free Linux board support package for AT91SAM9

Atmel and TimeSys have announced a collaborative microprocessor board support package. "Atmel(R) Corporation and TimeSys(R) announced today a free Linux(R) Board Support Package (BSP) for Atmel's ARM9-based AT91SAM9 Microcontrollers. Supporting the entire range of SAM9 products, this BSP includes Atmel's Linux kernel and drivers, BusyBox utilities for basic commands and features, and a Linux host/cross toolchain capable of re-building the Linux kernel and the basic packages included in the BSP. Together with a full documentation set and support services, this offering provides a ready-to-use package to validate Linux with Atmel microcontrollers."

Comments (none posted)

IBM's Lotus Symphony

Here is IBM's press release announcing the availability of Lotus Symphony. This version of Symphony appears to be reworked version of StarOffice distributed in a binary-only format; it is available for Windows, SLED 10, RHEL 5, and "RedHat5." Registration is required to download the software.

Comments (5 posted)

Commercial paid support options available for Freespire

Linspire, Inc. has announced the availability of commercial paid support offerings for Freespire users. "Following the launch of Freespire 2.0 last month, these competitively priced paid support options are now available at http://support.freespire.org and offer commercial support services for Freespire users around the globe."

Comments (none posted)

Angolan Government chooses Mandriva to develop information society

Mandriva has signed a broad technical cooperation agreement by the Angolan government. "Mandriva and CNTI have signed an agreement by which Mandriva will bring its knowledge and experience to Angola, providing technology solutions, training and consulting services. Mandriva will be training the first core team of open source specialists, it will help CNTI do the first open source deployments and it will provide technology and products and ensure their maintenance."

Full Story (comments: none)

Mozilla launching "MailCo"

According to Mitchell Baker's weblog, the Mozilla Corporation is launching "MailCo" (a real name will be chosen later) as a separate effort to develop Thunderbird. David Ascher will be leading the new organization. "Mozilla will provide an initial $3 million dollars in seed funding to launch MailCo. This is expected to be spent mostly on building a small team of people who are passionate about email and Internet communications. As MailCo develops it and the Mozilla Foundation will evaluate what's the best model for long-term sustainability. Mozilla may well invest additional funds; we also hope that there are other paths for sustainability."

Comments (7 posted)

Novell boosts Linux virtualization with VMware support

Novell, Inc. has announced improvements to the performance of SUSE Linux under VMware. "Novell today announced significant enhancements in the performance of SUSE(R) Linux Enterprise Server when the Linux operating system is running as a virtual machine guest in a VMware environment. To deliver this improved performance, Novell modified the SUSE Linux Enterprise kernel to support the VMware Virtual Machine Interface (VMI), a communication mechanism between the guest operating system and hypervisor that simplifies the task of virtualization and makes Linux a more efficient guest operating system when running in VMware environments."

Comments (none posted)

Novell Identity Manager selected by New York City Transit

Novell, Inc. has announced the use of Novell identity and security management solutions by New York City Transit. "North America's largest transportation agency, New York City Transit, has turned to Novell for improved security and management of its identity infrastructure and network access. With the world's largest fleet of subway cars and public buses, NYC Transit transports more than 7 million people each day. NYC Transit is using Novell(R) identity and security management solutions to centralize and automate its identity infrastructure for 49,000 staff members across 500 locations, ensuring timely and secure employee access to network resources."

Comments (none posted)

Seiko Instruments offering printer drivers for Smart Label Printers

Seiko Instruments has announced Linux compatible drivers for their Smart Label Printers. "Seiko Instruments USA, the pioneer of the one-label-at-a-time "smart" printer, is now offering a printer driver compatible with the Linux Operating System for its Smart Label Printers (SLPs). The new driver works with any Linux OS that uses the Common UNIX Printing System (CUPS) - allowing the Linux community to have an easy-to-use, convenient printer on their desktop, for jobs where they need single labels."

Full Story (comments: none)

Positions open at OLPC

The One Laptop Per Child project has several open positions, including support engineer, security software engineer, documentation lead, school server architect, localization expert, and a few other software engineering positions. See the OLPC jobs page for details.

Comments (none posted)

Linux System Programming--New from O'Reilly Media

O'Reilly has published the book Linux System Programming by Robert Love.

Full Story (comments: none)

PostgreSQL Reference Manual - Volumes 1, 2, 3

Printed copies of the PostgreSQL Reference Manual are available for purchase, $1 from each sale will be donated to the PostgreSQL project. "The manual has been printed in 3 volumes, running to 1300 pages in total. The volumes cover the SQL language, the PostgreSQL client/server programming interfaces, and server administration. Each volume is in a compact paperback format (6"x9")."

Full Story (comments: 3)

FSFE Newsletter

The September 13, 2007 edition of the FSFE Newsletter is online with the latest Free Software Foundation Europe news. Topics include: FSFE engages with irregularities in the ISO voting process, FTF informal legal network now covers sixteen European countries, Two days of Free Software in Chile, The Fellowship site now supports multiple languages, First distributed Fellowship meeting, FSFE German Team at FrOSCon, Fellows of the Rhein/Ruhr area holding monthly talks, Building the Fellowship in Kaiserslautern, Heidelberg, Darmstadt and Karlsruhe, FSFE supports demonstration "liberty instead of fear", September 22nd, Speeches about SELF, Open Standards and Free Software in Argentina and Free Software and Free Documentation licence consultations.

Full Story (comments: none)

LWN Comment Features

Jason Smith has written two Greasemonkey scripts to do interesting things with the LWN comments. Click below for details.

Full Story (comments: 1)

Zero Install survey 2007

A 30 question survey is being conducted on Zero Install. "Zero Install (as I'm sure you know) is a fully open source, decentralised installation system, currently included in the Debian, Ubuntu and Fedora distribution repositories (under the package name "zeroinstall-injector")."

Full Story (comments: none)

Call for Papers: FLOSS+Art deadline extended 2007

The call for papers deadline for FLOSS+Art has been extended to November 1. "Thanks to all the persons and groups who have replied to the call so far! Due to a growing demand for extra time, we have decided to extend the deadline. Please note that this new deadline will *not* be extended."

Full Story (comments: none)

NDSS 2008 call for papers

A call for papers has gone out for the Network and Distributed Systems Security (NDSS) conference. The event takes place on February 10-13, 2008 in San Diego, CA, submissions are due by September 21.

Full Story (comments: none)

IRC meeting to discuss AGPLv3 and GPLv3 on September 27

The Free Software Foundation has announced an online meeting on software licenses. "On September 27, at 20:00 US Eastern Time (September 28 00:00 GMT), the FSF Compliance Lab will hold a public meeting to discuss development of version 3 of the GNU Affero General Public License[1] (GNU AGPLv3) and answer general questions about GNU licenses. Please join FSF licensing compliance engineer Brett Smith to learn more about new GNU licenses."

Full Story (comments: none)

Linux Plumbers Conference 2008 announced

A developers-only conference for Linux "plumbing" has been announced for next September in Portland, Oregon. The conference is meant to cover low-level Linux issues, especially those that span different parts of the greater Linux OS; this is not just a kernel conference. It will be held September 17-19, 2008 at Portland State University.

Comments (none posted)

Events: September 27, 2007 to November 26, 2007

The following event listing is taken from the LWN.net Calendar.

Date(s)	Event	Location
September 24 September 27	14th Annual Tcl/Tk Conference	New Orleans, USA
September 24 September 27	Free and Open Source Software for Geospatial 2007	Victoria, BC, Canada
September 27 September 28	Audio Mostly 2007	Ilmenau, Germany
September 28 September 30	Ohio LinuxFest 2007	Columbus, USA
September 28 September 29	Freed.in	Delhi, India
September 28	IRC discussion on AGPLv3 and GPLv3	online, world
September 30 October 3	Gelato ICE: Itanium® Conference & Expo	Biopolis, Singapore, Singapore
October 2 October 3	Openmind 2007	Tampere, Finland
October 3 October 5	Apache Cocoon Get Together	Rome, Italy
October 6 October 7	Wineconf 2007	Zurich, Switzerland
October 6 October 8	GNOME Boston Summit	Boston, MA, USA
October 7 October 9	Graphing Social Patterns	San Jose, CA, USA
October 8 October 10	VISION 2007 Embedded Linux Developer Conference	Santa Clara, USA
October 8	Embedded Linux Bootcamp for Beginners	Santa Clara, CA, USA
October 9 October 10	Profoss	Brussels, Belgium
October 10 October 12	Plone Conference 2007	Naples, Italy
October 12	Legal Summit for Software Freedom	New York, NY, USA
October 13 October 14	T-DOSE 2007 (Technical Dutch Open Source Event)	Eindhoven, The Netherlands
October 13	The Ontario Linux Fest Conference	Toronto, Canada
October 13	Aka Linux Kernel Developer Conference	Beijing, China
October 16	Databases and the Web	London, England
October 17 October 19	2007 WebGUI Users Conference	Madison, WI, USA
October 17 October 19	Web 2.0 Summit	San Francisco, CA, USA
October 18 October 20	HackLu 2007	Kirchberg, Luxembourg
October 19 October 21	ToorCon 9	San Diego, CA, USA
October 20 October 21	Ubucon.de	Krefeld (Köln), Germany
October 20	PostgreSQL Conference Fall 2007	Portland, OR, USA
October 20	./freedom & opensource day - PERU	Lima, PERU
October 21 October 25	OOPSLA 2007	Montreal, Canada
October 21 October 26	Colorado Software Summit	Keystone, CO, USA
October 22 October 26	OpenGL Bootcamp with Rocco Bowling	Atlanta, GA, USA
October 22 October 23	She's Geeky - A Women's Tech (un)Conference	Mountain View, CA, USA
October 23 October 25	Open aLANtejo 07 - CNSL07	Évora, Portugal
October 23 October 26	Black Hat Japan	Tokyo, Japan
October 25 October 26	FSOSS 2007 - Free Software and Open Source Symposium	Toronto, Canada
October 27 October 28	FOSSCamp 2007	Cambridge, MA, USA
October 27	Linux Day Italy	many cities around country, Italy
October 28 November 2	Ubuntu Developer Summit	Cambridge, Massachusetts, USA
October 29	3rd International Workshop on Storage Security and Survivability	Alexandria, VA, USA
October 29 November 1	Fall VON Conference and Expo	Boston, MA, USA
October 30 October 31	BCS'07	Jakarta, Indonesia
October 31 November 1	LinuxWorld Conference & Expo	Utrecht, Netherlands
November 1 November 2	The Linux Foundation Japan Symposium	Tokyo, Japan
November 2	5th ACM Workshop on Recurring Malcode	Alexandria, VA, USA
November 2 November 3	Embedded Linux Conference, Europe	Linz, Austria
November 2 November 4	Real-Time Linux Workshop	Linz, Austria
November 3	Linux-Info-Tag Dresden	Dresden, Germany
November 5 November 9	Python Bootcamp with Dave Beazley	Atlanta, USA
November 7	NLUUG 25th anniversary conference	Beurs van Berlage, Amsterdam, The Netherlands
November 7	Alfresco North American Community Conference 2007	New York, NY, USA
November 8 November 9	Blog World Expo	Las Vegas, NV, USA
November 10 November 11	Linuxtage	Essen, NRW, Germany
November 11 November 17	Large Installation System Administration Conference	Dallas, TX, USA
November 12 November 16	Ruby on Rails Bootcamp with Charles B. Quinn	Atlanta, USA
November 12 November 15	OWASP & WASC AppSec 2007 Conference	San Jose, USA
November 12 November 16	ApacheCon US 2007	Atlanta, GA, USA
November 13 November 14	IV Latin American Free Software Conference	Foz do Iguacu, Brazil
November 15 November 18	Piksel07	Bergen, Norway
November 15	Alfresco European Community Conference	Paris, France
November 16 November 18	aKademy-es 2007	Zaragoza, Spain
November 20 November 23	DeepSec ISDC 2007	Vienna, Austria
November 22 November 23	Conferencia Rails Hispana	Madrid, Spain
November 24	LinuxDay in Vorarlberg (Deutschland, Schweiz, Liechtenstein und Österreich)	Dornbirn, Austria

If your event does not appear here, please tell us about it.