|
|
Subscribe / Log in / New account

LWN.net Weekly Edition for November 29, 2007

Freeing web services with Forkolator

By Jake Edge
November 28, 2007

The next battle in the war for software and data freedom is likely to be in the online services realm. There are already calls for legislation to govern what Gmail and Facebook can do with your data along with efforts to provide free alternatives to some popular web applications. Coming at the problem from a different direction, the Forkolator project is looking toward a world where free web applications are not only free to change, but those changes are immediately available to use on the same site.

Many of the web applications that people use today are not free in any sense other than price. There are also lots of applications that are free software – Wikipedia and Wordpress are often used as examples – but changing the source code for them does little to change the user's experience, because the service controls the software version that they run. This is as it should be, few would argue that Wikipedia should be forced to run some modified version of their code. Vast quantities of collaboratively developed data reside there, however, that any modified version of Wikipedia would want to access. Currently, one could work with the Wikipedia folks to get the change integrated into their codebase and eventually rolled-out for users, or one could fork the project.

The Forkolator vision – at this point it is not much more than that – is to provide a third choice. In a mockup of the Wordpress management interface, Forkolator founder Erik Pukinskis added a "fork this page" button. Somewhere down the road, if Wordpress were written to support Forkolator, that button would instantiate a copy of the server code running on the server, with access to all the same data. It would then allow a user to change the underlying code to fix a bug or add a feature, which would then run live in that instance. Users who accessed the weblog or management screen would use the updated code.

Obviously, people that are able to host their own Wordpress instances are able to do this already – it is free software after all. What may be missing is the collaborative environment that a blog hosted at wordpress.com provides. Wordpress is free software, but wordpress.com does not provide a free, as in freedom, service. Likewise for Wikipedia, most of the value is in the site itself and the data; even forking it only gives a static version at the point of the fork. The Forkolator concept would provide another level of freedom; one could have their own view of Wikipedia running side-by-side with the standard code, allowing users to decide which they preferred.

At the moment, Forkolator is a PHP application that provides a web-based integrated development environment (IDE) that can be forked and modified live. It provides a kind of proof-of-concept; an IDE running in the browser may not provide the ideal development environment. Ruby on Rails already has Heroku, which shares many traits with the Forkolator vision. The focus of Heroku seems to be avoiding the pain of deploying an individual web application rather than Forkolator's explicit push for freedom in the web services arena.

The problems inherent in allowing users to modify the function of a server-side application are legion. Forkolator advocate Sandy Armstrong calls the problems "staggering" and they are; providing security, privacy, and stability while still allowing user modification is uncharted territory. Solving those problems in a sensible fashion will make or break the project and it is far from clear that they can be solved.

There is talk that some of the problems inherent in the model could be solved in the same way that wiki defacements are handled; by the community. If a rogue user modified the web application to be a spambot, for example, other users could shut down or quarantine the fork. Data access is another area that will need close attention. Obviously the application needs read and write access to the database, but how can you keep rogue applications from trashing the data for everyone else? This goes well beyond defacing individual pages, wholesale removal of all content could be effected by a malicious application. The Forkolator team will need to come up with ways to deal with all of these kinds of problems and more.

Forkolator is in its infancy – perhaps gestation is more accurate – with an enormous number of serious technical hurdles to overcome, but it does provide an interesting view of how free web services could work. It is not a model that all web applications will adopt, with good reason, but for sites that are largely collaborative in nature, it could make a great deal of sense. Whether Forkolator, Heroku, or some other framework can actually deliver the vision remains to be seen. We will be watching.

Comments (18 posted)

Linux in realtime

By Jake Edge
November 28, 2007

The Ninth Real-Time Linux Workshop, held in early November in Linz Austria, provides a look into the current direction of realtime Linux research as well as applications of the technology. LinuxDevices has collected up the available papers from the workshop which make for interesting reading. Roughly half of the papers cover applications, from robotics to train monitoring, while the other half cover realtime development and measuring the impacts of various techniques.

Realtime Linux solutions have branched out quite a bit since the original RTLinux. Because that solution is patented, now owned by Wind River, and largely unmaintained, various other solutions are maturing. In addition, the realtime preemption (RT_PREEMPT) patches are also making their way into the mainline kernel. For "hard" realtime, guarantees must be made about the interrupt (and other) latencies in the system; so far Linux with RT_PREEMPT has not been proven to make those guarantees. It does provide a solution described by some of the authors as "good enough" for many hard realtime applications, however.

Several of the papers covered various aspects of the performance of the RT_PREEMPT kernel. Worst-case latencies for low-end PowerPC and ARM processors (suitable for embedded applications) were measured and reported. Two different clock frequencies were used for each processor to determine if there was a simple relationship between processor speed and latency: "A better realtime behavior cannot be achieved by simply choosing a processor with a higher clock frequency."

Another paper measured the impact of RT_PREEMPT on general system performance to try and gauge the cost of those kernel changes. They found "no significant impact of [RT_PREEMPT] on the general performance of the system unlike the preempt patches of earlier kernel versions". They also measured latencies and jitter to try to determine its suitability for hard realtime tasks, finding that even though there are no guaranteed worst case latencies, RT_PREEMPT kernels are not "definitely unsuitable".

The third paper measuring performance looked at the performance characteristics of an RT_PREEMPT kernel on an industrial controller board. In addition, the measurements were validated using a paint robot. Their conclusion provides a nice summary of the progress the Linux kernel has made for realtime applications:

Linux has for a long time proven that its stability is excellent, and now we see that the real-time performance is really moving towards other commercial real-time operating systems. The ability to be able to run a real-time application on the same processor as other standard applications is a winning combination. This is really what favors Linux as a real-time operating system compared to other dedicated real-time operating systems.

Research into how to effectively use multi-processor and multi-core systems for realtime tasks was the topic of another of the presentation. LITMUSRT is a kernel modification that implements pluggable schedulers. It was created to test different kinds of scheduling policies to discover which algorithms work best for realtime applications on multiple processors.

An area that generally receives little notice in the realtime community is disk I/O, but a paper presented looks to change that. The authors looked at existing I/O schedulers for realtime systems and found them lacking – the models used are too simplistic and do not take into account prefetching and write-caching. They implemented a more realistic model into an I/O scheduler for RTLinux and report their results.

The XtratuM "nanokernel" is a virtualization solution used in realtime applications. Linux has also been ported to run on XtratuM for the x86 architecture, which allows it to run alongside a realtime OS. Two papers were concerned with XtratuM, one covering a FIFO implementation between XtratuM domains, allowing communication between guest OSes. The other covered porting it to the PowerPC architecture.

PaRTiKle OS is a compatible replacement for RTLinux, allowing applications built for that platform to run unchanged. It uses an entirely different technique, implementing the kernel system calls itself, rather than using the Linux kernel. This makes the connection to Linux a bit tenuous, but because it avoids the RTLinux patents and is LGPL licensed, it may be a useful migration path for RTLinux users.

The participation of Universities at the workshop is something that stands out right away. The vast majority of the papers came from Universities, mostly European – unsurprising given the location – but from China and Mexico as well. LWN raised some questions about the lack of University participation in Linux development back in July, perhaps part of the answer lies in the realtime realm. It is unclear how much of the code will actually reach the mainline, but the number of University participants in the workshop is impressive.

This article just notes some of the papers presented, for those interested, there is much more available. The papers covering various applications where realtime Linux is actually being used are very detailed. We can expect to see Linux used more frequently in these kinds of applications in the future.

Comments (none posted)

Electing the GNOME Foundation board

By Jonathan Corbet
November 27, 2007
The GNOME Foundation is charged with several tasks, including serving as the official voice of the project, coordinating releases, deciding which projects fit under the GNOME umbrella, supporting events, and more. Once a year, a board of directors is chosen by the Foundation's members. This time around, there are ten candidates running for the seven available positions. This election may seem like another boring bureaucratic exercise, but its results are important: GNOME is the desktop used by a great many free software users, and it is the platform supported by the Free Software Foundation.

In a number of ways, this seems like one of the more tense elections of its kind in our community. A number of items discussed last year (such as the hiring of a business development manager and/or executive director) remain undone. The workings of the board seem distant and obscure to some GNOME developers. There are clear tensions between some of the project's leaders. Criticism of the project's participation in the OOXML standardization process seems unlikely to let up anytime soon. And there seems to be a general sense of frustration that the board's members are too busy to get things done and too unwilling to delegate things to others. It's also worth noting that the winners will be serving a relatively long term; a change in the Foundation's bylaws means that the next election will happen sometime around June, 2009.

Given that, the themes which have come out in the electoral debate should be clear. How should the whole OOXML participation process have been handled? What should be done with the Foundation's money (about $150,000 in the bank and $50,000 in receivables, according to the minutes from a recent board meeting)? How should GNOME push forward into interesting areas, such as mobile applications and web-hosted services? And how can the board become more effective than it has been in the past?

Along with deciding on these issues, the new board will have one other new decision ahead of it. Until very recently, the Foundation has operated under a single president: a certain Miguel de Icaza. Miguel has been absent from the GNOME development community for some time, and many of the developers in that community have not found themselves in agreement with the public positions he has taken. The current board has convinced Miguel to resign the presidency, and has changed the by-laws its practices to the effect that, in the future, the president will be appointed by the board. The interim president will be Quim Gil.

In that context, here are a few selections from recent statements by this year's candidates.

Brian Cameron

I think it is an important part of the Foundation to encourage new people to get involved with volunteer aspects of the community. I would like to encourage more participation from communities that are not so well represented today. For example, users with accessibility needs. I think having someone on the board with accessibility experience is important to foster these sorts of things.
Full posting.

I think it would add value to spend more on marketing and on evangelical community building opportunities. For example, Windows and MacOS have flashy "Welcome to the desktop" presentations. Perhaps it is time for the GNOME community to find ways to better advertise itself.
Full posting.

Behdad Esfahbod

One tipping point for GNOME would be when the membership/community stops thinking of board as visionaries who set the direction and happenings of project and starts seeing that it's just set of trusted people who volunteered to do the boring and frustrating tasks (take my word for that) that are so essential to the project but no-one else is doing. [...]

As for the issue of single standards, I hate it when people use standardization as a tool to take advantage over their competitors. "I got here first, so you can't" is exactly what's broken about the patent system right now. Think about it.

Full posting.

George Kraft

Personally, I would not mind it if GNOME were more compatible with web services; however, I would not want a desktop which is dependent on them. A danger of an online desktop would be the dependency on non libre software services where we are not invited to make changes. [...]

There are important topics like the Online Desktop and OOXML which many are interested in; however, I would like to bring to everyone's attention that GNOME accessibility could be positioned as a clear winner over Windows's MSAA and KDE accessibility, but instead GNOME's accessibility is on the defensive. From an accessibility perspective, GNOME could be winning the hearts and minds of corporations and government agencies; however, GNOME accessibility is being threatened by the deprecation of Orbit2 & its migration to DBus, and the migration of Microsoft's UIA to GNU/Linux. Why regress and/or re-engineer when we can beat the competition now?

Full posting.

Og Maciel

[T]he Online Desktop could be the one thing that will tip the scale when users choose their desktop environment. I've had the opportunity to see a few demos and was fairly impressed with its potential. I believe that it is not up to the Board to decide on the implementation or even which tools/languages to use, but serve as a facilitator and guiding light to make sure that the project stays on track and focused... GNOME users have become used to expect innovation and great software in every release, so the Online Desktop could definitely provide that extra buzz!
Full posting.

I'd like to see more support going for the guys behind Abiword, Glom, Gnumeric, Epiphany, etc... Open Office and Firefox are GREAT examples of good software but I happen to believe that we already have great software in our code base that has been delegated to second place. How about we promote a an event where people who are involved with the software mentioned before plus anyone who can be of help and offer insight can sit down and jot down what needs to be done in order to bring them out of the closet?
Full posting.

John Palmieri

I see the GNOME Online push as pulling us into the Wild West of the Web platform where everyone is staking their claims and there is yet to be monopolies to stifle innovation. Sure Google is big but sites like Facebook and Wikipedia were able to emerge. The only way to defeat entrenched adversaries in business is to outflank them with disruptive technology. Microsoft did it to IBM with the Desktop, Google did it to Microsoft with web search and we have the chance to bring in integrated Open Source web applications to the mix and even define a new era of Open Services.
Full posting.

Well one weak point is the board seems almost foreign to the every day GNOME contributor. People vote and pretty much forget about the inner workings until Slashdot gets a hold on some sensationalized story and a press release is put out and still to the outside world the role of the foundation is unclear. It is hard to figure out weak points because it is hard to see exactly what the foundation does. I would fix this by communicating any decision, from the mundane to the sensational, in an easy to digest format on my blog. Meeting minutes and press releases are just not enough. Active engagement of the community is a must.
Full posting.

Lucas Rocha

I think the Online Desktop initiative is a great opportunity for us to enwide the scope of GNOME project from a specific desktop environment to a broader user experiences set. This means taking advantage of this huge amount of funny, socially powerful, useful information and services available on the Web. Embracing Online Desktop also means trying to bring a new set of goals to GNOME which are related to a more social and entertaining user experience, something that, in my opinion, has been lacking in GNOME for a long time.
Full posting.

I think the most serious problem about GNOME Foundation participation on ECMA TC45-M was that it wasn't properly explained and clarified to the community at the time it started. The statement came after a lot of noise.
Full posting.

Vincent Untz

About the GNOME Foundation being part of the OOXML ECMA committee: I've supported this decision and I still do. If we can have someone asking for clarifications and maybe even have the ability to improve the format, it'd be wrong to not do it and just complain about the format. We want our users to read their files, and some will have OOXML files. This means I'll want our applications to be able to read such files, and therefore that a better documentation of the format is good.
Full posting.

We've seen this year that hiring an "executive director" is hard, very hard. I'm hopeful that hiring a sysadmin would be (comparatively) easier. And I'm also hopeful that we can get some funding to hire the sysadmin. So my plan is to hire a sysadmin using part of what we have in our back account now and using some new funding, and keep enough cash so that we can hire an "executive director" too. It might sound too ambitious, but I think it's doable and that it's the best way to go.
Full posting.

Diego Escalante Urrelo

Support initiatives in Latin America for getting people involved as users and developers. Concretely, I would like to "deploy" 2 or 3 of our rockstars next year to a LA-tour, as seen on marketing-list and later gugmasters the idea has had a positive response. I would like to serve as a direct link to this initiative and hopefully other similar ones.
Full posting.

I would have included a line in all-caps saying "GNOME Foundation doesn't like OOXML, we have someone in the committee because standard or not Ms is gonna push it everywhere, so we are taking the chance to ask questions and raise concern on all the problems we can find."
Full posting.

Luis Villa

I'll be running again for the Board this year. This will be an unusual candidacy. I will not be running to do various and sundry board tasks; I'll be running to do exactly one thing: legal work- a vote for me is a vote that says 'Luis should be the coordinator of all GNOME-related legal issues.'
Full posting.

I think it is inevitable that GNOME, or GNOME partners, will be offering web-backed services to GNOME users. My personal vision for that is to dot the i's and cross the t's on the legal parts- to make sure that as we sail into uncharted waters, the rights of GNOME users and contributors are being protected.
Full posting.

I wish [the statement on OOXML] were more explicit about how the Foundation feels that the ODF folks have been undermining the standards process. It isn't obvious to everyone that ODF shares much of the blame for the politicization of the process, so the statements about that in the statement are a little vague.
Full posting.

Jeff Waugh

It is ISO's role to facilitate the development of standards in a coherent, transparent manner, not to determine the market demand for a given standard. I think it's extremely short-sighted to protest OOXML on the basis of "competing standards" given that standards exist for technologies that we are very likely to want true Free standards for in the future - for example, video encoders and decoders.
Full posting.

We must have a full time staff member to manage any further hires, as there is no way our part time administrator should have to deal with any duties related to management. So, of the two, I'd prefer a full time, management capable hire before a sysadmin hire.
Full posting

Ballots must be returned by December 9, and the initial results from the election are due to be announced on December 11; stay tuned.

Comments (10 posted)

Page editor: Jonathan Corbet

Security

ITU getting serious about botnets

By Jake Edge
November 28, 2007

Botnets are an increasing problem in today's internet. They can do much harm in the way of spam propagation and distributed denial of service attacks, but they also tend to evolve much more quickly than preventative measures. The International Telecommunication Union, an organization that predates the internet by more than 100 years, wants to do something about that. To that end, they are creating a Botnet Mitigation Toolkit.

The ITU is now an agency of the United Nations, which puts it in the right place to assist with botnet mitigation. Much like the internet, botnets do not respect political boundaries; it is often the case that a botnet is attacking a target in one country, from hosts in multiple countries, using a command and control (C&C) infrastructure in yet another country. It will take an international response to thwart an attack of that sort.

The toolkit is primarily focused at developing countries; it is meant to provide guidelines and best practice information to entities that need it. There are three types of information in the toolkit: legal, technical, and social. Each has a role to play in successfully handling botnets and their effects.

From a legal standpoint, many developing countries do not have laws governing "cybercrime" that could be used to shut down or redirect botnet traffic. The toolkit will contain recommendations for how such legislation might be structured, what kind of jurisdiction requirements make sense, as well as the kinds of evidence that are likely to be available. One of the more serious difficulties is rectifying the needs of botnet fighters with the privacy of internet users. A country's privacy laws may cover what information can be gathered. A paper describing the toolkit (PDF), which is still in draft form, has some information about the intersection of privacy rights and internet security, but this is clearly an area that will need to be handled carefully.

Another policy area that will be covered by the toolkit is in establishing a framework for handling incidents that occur. How to establish monitoring, putting together a collaboration between the government and internet service providers, along with deterring internet criminals from setting up shop in the country are all facets of a national "cybersecurity" policy. If a country is starting from a point where none of this kind of organization exists, which is true for much of the developing world, the toolkit will provide the government with the right questions to ask and areas that need a decision. At a minimum, it will also make recommendations that may be followed or ignored.

From a technical standpoint, internet service providers may need information on best practices for securing their networks from external threats. They also may need information on handling malicious traffic originating in their networks. The toolkit intends to provide information on both. The contents of the paper contain a great deal of good information for those that are interested. Even for ISPs in developed countries, there is much that could be learned.

The social aspect of dealing with botnets is perhaps the most difficult part, but, if successful, may provide the best defense. Like the technical measures, this is by no means a problem only in developing countries. Users everywhere need to learn good habits when using the internet. Free software is specifically called out as part of the solution in the social section of the paper, not because it is more resistant to malware (which is unclear), but because it can always be upgraded to fix security flaws. Many users in developing countries use unlicensed software from proprietary vendors that is difficult or impossible to upgrade.

The ITU toolkit is a worthy project, which will hopefully be well received by countries around the world. Due care needs to be taken so that it is not seen as something being imposed by the developed world. Even if botnets are not currently causing any major pain for a country, they certainly will some day. Getting out ahead of that curve would be of great benefit, hopefully most countries will see it that way.

A pilot project is planned for Malaysia, in cooperation with the government there, in 2008 that will allow the ITU to fine tune its message and the toolkit. After that, it can start rolling it out in other interested countries. It may be a few years off, but bot herders may start feeling the heat.

Comments (19 posted)

Brief items

Insecurity Blues: Jeremy Allison reflects on Samba security flaws

Jeremy Allison, of the Samba project, reflects on the recent security flaws in Samba, how responses (and response times) have changed over time, and how they try to avoid new security problems. "What we do now on seeing a security bug is immediately audit the entire code-base to discover if there are any similar problems, or even similar coding practices that might cause future problems, and re-write or remove all such code. It takes longer, but is much safer in the long run. If you examine parts of the Samba code you'll find common functions that are known to be insecure simply won't compile if added to our code. A set of automated macros warns of any use of known bad functions." (thanks to Richard Hillesley)

Comments (79 posted)

EFF's IP interference detection toolkit

The Electronic Frontier Foundation has announced the release of a set of reports on ISP manipulation of IP traffic and some comprehensive documentation on how to detect that manipulation for yourself. The document on detecting packet injection appears to mostly be a set of detailed instructions on using Wireshark to compare TCP streams at both ends.

Full Story (comments: none)

New vulnerabilities

cacti: SQL injection vulnerability

Package(s):cacti CVE #(s):CVE-2007-6035
Created:November 22, 2007 Updated:February 18, 2008
Description: Versions of Cacti prior to 0.8.7a have an SQL injection vulnerability. Remote attackers can execute arbitrary SQL commands via unspecified vectors.
Alerts:
Fedora FEDORA-2008-1737 cacti 2008-02-15
Fedora FEDORA-2008-1699 cacti 2008-02-15
Debian DSA-1418-1 cacti 2007-12-02
Mandriva MDKSA-2007:231 cacti 2007-11-22
Fedora FEDORA-2007-3683 cacti 2007-11-22
Gentoo 200712-02:02 cacti 2007-12-05
SuSE SUSE-SR:2007:024 cacti, openldap2, phpPgAdmin, ruby, perl, rubygem-activesupport, yast2-core, librpcsecgss, liblcms 2007-11-22
Fedora FEDORA-2007-3667 cacti 2007-11-22

Comments (none posted)

CSTeX: multiple vulnerabilities

Package(s):CSTeX CVE #(s):
Created:November 26, 2007 Updated:November 28, 2007
Description:

From the Gentoo advisory:

Remote attackers could possibly execute arbitrary code and local attackers could possibly overwrite arbitrary files with the privileges of the user running CSTeX via multiple vectors.

Alerts:
Gentoo 200711-34 CSTeX 2007-11-25

Comments (none posted)

feynmf: symlink vulnerability

Package(s):feynmf CVE #(s):CVE-2007-5940
Created:November 28, 2007 Updated:November 28, 2007
Description: The feynmf drawing package suffers from a symbolic link vulnerability.
Alerts:
Gentoo 200711-32 feynmf 2007-11-20

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox seamonkey CVE #(s):CVE-2007-5947 CVE-2007-5959 CVE-2007-5960
Created:November 27, 2007 Updated:March 3, 2008
Description: A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Alerts:
rPath rPSA-2008-0093-1 thunderbird 2008-02-29
Foresight FLEA-2008-0001-1 firefox 2008-02-11
Gentoo 200712-21 mozilla-firefox 2007-12-29
Red Hat RHSA-2007:1083-01 thunderbird 2007-12-19
Mandriva MDKSA-2007:246 mozilla-firefox 2007-12-13
Fedora FEDORA-2007-4098 seamonkey 2007-12-06
Debian DSA-1425-1 xulrunner 2007-12-08
Fedora FEDORA-2007-4106 seamonkey 2007-12-06
rPath rPSA-2007-0260-1 firefox 2007-12-06
Fedora FEDORA-2007-756 firefox 2007-12-03
Slackware SSA:2007-333-01 seamonkey 2007-11-30
Fedora FEDORA-2007-3962 galeon 2007-11-29
Fedora FEDORA-2007-3952 devhelp 2007-11-29
Red Hat RHSA-2007:1082-01 firefox 2007-11-26
Debian DSA-1424-1 iceweasel 2007-12-08
Ubuntu USN-546-2 firefox 2007-12-04
SuSE SUSE-SA:2007:066 MozillaFirefox 2007-12-05
Slackware SSA:2007-331-01 firefox 2007-11-28
Ubuntu USN-546-1 firefox 2007-11-26
Red Hat RHSA-2007:1084-01 seamonkey 2007-11-26

Comments (1 posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-5500
Created:November 28, 2007 Updated:July 8, 2008
Description: The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors.
Alerts:
SuSE SUSE-SA:2008:032 kernel 2008-07-07
SuSE SUSE-SA:2008:030 kernel 2008-06-20
Mandriva MDVSA-2008:112 kernel 2007-06-12
SuSE SUSE-SA:2008:013 kernel-rt 2008-03-06
Ubuntu USN-578-1 linux-source-2.6.15 2008-02-14
Mandriva MDVSA-2008:044 kernel 2008-02-12
Ubuntu USN-574-1 linux-source-2.6.17/20/22 2008-02-04
Red Hat RHSA-2008:0055-01 kernel 2008-01-31
Mandriva MDVSA-2008:008 kernel 2008-01-11
Ubuntu USN-558-1 linux-source-2.6.17/20/22 2007-12-19
Debian DSA-1428-2 linux-2.6 2007-12-11
Debian DSA-1428-1 linux-2.6 2007-12-10
Fedora FEDORA-2007-759 kernel 2007-12-07
Fedora FEDORA-2007-3751 kernel 2007-12-06
Fedora FEDORA-2007-3837 kernel 2007-12-03
SuSE SUSE-SA:2007:063 kernel 2007-12-03
rPath rPSA-2007-0245-2 kernel 2007-11-21
rPath rPSA-2007-0245-1 kernel 2007-11-21

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-5501
Created:November 28, 2007 Updated:March 7, 2008
Description: The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.
Alerts:
SuSE SUSE-SA:2008:013 kernel-rt 2008-03-06
Mandriva MDVSA-2008:044 kernel 2008-02-12
Ubuntu USN-574-1 linux-source-2.6.17/20/22 2008-02-04
Ubuntu USN-558-1 linux-source-2.6.17/20/22 2007-12-19
Fedora FEDORA-2007-759 kernel 2007-12-07
Fedora FEDORA-2007-3751 kernel 2007-12-06
Fedora FEDORA-2007-3837 kernel 2007-12-03
SuSE SUSE-SA:2007:063 kernel 2007-12-03
rPath rPSA-2007-0245-2 kernel 2007-11-21
rPath rPSA-2007-0245-1 kernel 2007-11-21

Comments (none posted)

lcms: stack-based buffer overflow

Package(s):lcms CVE #(s):CVE-2007-2741
Created:November 23, 2007 Updated:October 14, 2008
Description: Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.
Alerts:
Gentoo 201412-08 insight, perl-tk, sourcenav, tk, partimage, bitdefender-console, mlmmj, acl, xinit, gzip, ncompress, liblzw, splashutils, m4, kdm, gtk+, kget, dvipng, beanstalkd, pmount, pam_krb5, gv, lftp, uzbl, slim, iputils, dvbstreamer 2014-12-11
Gentoo 201412-11 emul-linux-x86-baselibs 2014-12-11
Ubuntu USN-652-1 lcms 2008-10-14
Mandriva MDKSA-2007:238 liblcms 2007-12-06
SuSE SUSE-SR:2007:024 cacti, openldap2, phpPgAdmin, ruby, perl, rubygem-activesupport, yast2-core, librpcsecgss, liblcms 2007-11-22

Comments (none posted)

mysql-dfsg: multiple vulnerabilities

Package(s):mysql-dfsg CVE #(s):CVE-2007-2583 CVE-2007-2691 CVE-2007-2692 CVE-2007-3782
Created:November 27, 2007 Updated:July 30, 2008
Description: The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583)

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. (CVE-2007-2691)

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. (CVE-2007-2692)

MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. (CVE-2007-3782)

Alerts:
Red Hat RHSA-2008:0768-01 mysql 2008-07-24
Red Hat RHSA-2008:0364-01 mysql 2008-05-21
Ubuntu USN-588-2 USN-588-1 fixed 2008-04-02
Ubuntu USN-588-1 mysql-dfsg-5.0 2008-03-19
SuSE SUSE-SR:2008:003 java, nss_ldap, cairo, geronimo, moodle, SDL_image, python, mysql, nx, xemacs 2008-02-07
Mandriva MDVSA-2008:028 mysql 2007-01-29
Debian DSA-1413-1 mysql-dfsg 2007-11-26

Comments (none posted)

nss_ldap: credential or other information disclosure

Package(s):nss_ldap CVE #(s):CVE-2007-5794
Created:November 26, 2007 Updated:July 30, 2008
Description:

From the Gentoo advisory:

Josh Burley reported that nss_ldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded applications using nss_ldap, which might lead to requested data being returned to a wrong process.

Alerts:
Red Hat RHSA-2008:0715-01 nss_ldap 2008-07-24
Red Hat RHSA-2008:0389-02 nss_ldap 2008-05-21
Mandriva MDVSA-2008:049 nss_ldap 2007-02-25
Foresight FLEA-2008-0003-1 nss_ldap 2008-02-11
SuSE SUSE-SR:2008:003 java, nss_ldap, cairo, geronimo, moodle, SDL_image, python, mysql, nx, xemacs 2008-02-07
Debian DSA-1430-1 libnss-ldap 2007-12-11
rPath rPSA-2007-0255-1 nss_ldap 2007-11-30
Gentoo 200711-33 nss_ldap 2007-11-25

Comments (none posted)

openldap: denial of service

Package(s):openldap CVE #(s):CVE-2007-5708
Created:November 23, 2007 Updated:April 9, 2008
Description: slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated.
Alerts:
Debian DSA-1541-1 openldap2.3 2008-04-08
Gentoo 200803-28 openldap 2008-03-19
Mandriva MDVSA-2008:058 openldap 2007-03-05
Ubuntu USN-551-1 openldap 2007-12-04
Fedora FEDORA-2007-3124 openldap 2007-11-20
SuSE SUSE-SR:2007:024 cacti, openldap2, phpPgAdmin, ruby, perl, rubygem-activesupport, yast2-core, librpcsecgss, liblcms 2007-11-22

Comments (none posted)

pcre: buffer overflows in library

Package(s):pcre CVE #(s):CVE-2006-7228 CVE-2006-7230 CVE-2007-1661 CVE-2007-4766 CVE-2007-4767
Created:November 23, 2007 Updated:July 16, 2008
Description: Specially crafted regular expressions could lead to buffer overflows in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code as the user running the application.
Alerts:
Red Hat RHSA-2008:0546-01 PHP 2008-07-16
Debian DSA-1570-1 kazehakase 2008-05-06
Fedora FEDORA-2008-1842 pcre 2008-03-06
Gentoo 200802-10 python 2008-02-23
Mandriva MDVSA-2008:030 pcre 2008-01-31
SuSE SUSE-SA:2008:004 php4, php5 2008-01-29
Mandriva MDVSA-2008:012 python 2008-01-14
Red Hat RHSA-2007:1077-01 python 2007-12-10
Debian DSA-1399-1 pcre3 2007-11-05
Red Hat RHSA-2007:1076-02 python 2007-12-10
Red Hat RHSA-2007:1065-01 pcre 2007-11-29
Red Hat RHSA-2007:1068-01 pcre 2007-11-29
Red Hat RHSA-2007:1063-01 pcre 2007-11-29
Red Hat RHSA-2007:1059-01 pcre 2007-11-29
Ubuntu USN-547-1 pcre3 2007-11-27
SuSE SUSE-SA:2007:062 pcre 2007-11-23
Gentoo 200711-30 libpcre 2007-11-20

Comments (1 posted)

pcre: buffer overflows

Package(s):pcre3 CVE #(s):CVE-2007-1662 CVE-2007-4768
Created:November 27, 2007 Updated:May 7, 2008
Description: Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. (CVE-2007-1662)

Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. (CVE-2007-4768)

Alerts:
Debian DSA-1570-1 kazehakase 2008-05-06
Fedora FEDORA-2008-1842 pcre 2008-03-06
Debian DSA-1399-1 pcre3 2007-11-05
Gentoo 200711-30 libpcre 2007-11-20
Ubuntu USN-547-1 pcre3 2007-11-27

Comments (none posted)

phpMyAdmin: SQL injection

Package(s):phpMyAdmin CVE #(s):CVE-2007-5976 CVE-2007-5977
Created:November 22, 2007 Updated:March 19, 2009
Description: phpMyAdmin prior to version 2.11.2.1 has an SQL injection vulnerability in db_create.php. Remote authenticated users with CREATE DATABASE privileges can use this to execute arbitrary SQL commands via the db parameter.

db_create.php also has a related cross-site scripting vulnerability. Remote authenticated users can inject arbitrary web scripts or HTML using a hex-encoded IMG element in the db parameter in a POST request.

Alerts:
Gentoo 200903-32 phpmyadmin 2009-03-18
Mandriva MDKSA-2007:229 phpMyAdmin 2007-11-20
Fedora FEDORA-2007-3639 phpMyAdmin 2007-11-22
Fedora FEDORA-2007-3636 phpMyAdmin 2007-11-22
Fedora FEDORA-2007-3666 phpMyAdmin 2007-11-22
Fedora FEDORA-2007-3627 phpMyAdmin 2007-11-22

Comments (none posted)

Tk: buffer overflow

Package(s):tk8.3 CVE #(s):CVE-2007-5378
Created:November 28, 2007 Updated:March 17, 2009
Description: The Tk toolkit's GIF-reading code contains a buffer overflow which could be exploited via a malicious image file. Fixes may be found in versions 8.4.12 and 8.3.5.
Alerts:
Debian DSA-1743-1 libtk-img 2009-03-17
Red Hat RHSA-2008:0134-01 tcltk 2008-02-21
Red Hat RHSA-2008:0135-02 tk 2008-02-22
Red Hat RHSA-2008:0135-01 tk 2008-02-21
Debian DSA-1415-1 tk8.4 2007-11-27
Debian DSA-1416-1 tk8.3 2007-11-27

Comments (none posted)

wireshark: multiple vulnerabilities

Package(s):wireshark CVE #(s):CVE-2007-6114 CVE-2007-6117 CVE-2007-6118 CVE-2007-6120 CVE-2007-6121
Created:November 27, 2007 Updated:December 24, 2007
Description: Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service or the execution of arbitrary code.
Alerts:
Fedora FEDORA-2007-4690 wireshark 2007-12-21
Fedora FEDORA-2007-4590 wireshark 2007-12-20
Debian DSA-1414-1 wireshark 2007-11-27

Comments (none posted)

zaptel: possible privilege escalation

Package(s):zaptel CVE #(s):CVE-2007-5690
Created:November 28, 2007 Updated:November 28, 2007
Description: Asterisk Zaptel 1.4.5.1 contains a buffer overflow which might be exploitable by local users - though the actual exploitability of this problem is disputed.
Alerts:
Fedora FEDORA-2007-2860 zaptel 2007-11-20
Fedora FEDORA-2007-3094 zaptel 2007-11-20

Comments (none posted)

Page editor: Jake Edge

Kernel development

Brief items

Kernel release status

The current 2.6 prepatch remains 2.6.24-rc3. Fixes continue to flow into the mainline git repository at a relatively high rate; 2.6.24-rc4 must be due sometime in the very near future.

The current -mm tree is 2.6.24-rc3-mm2. Recent changes to -mm include the new timerfd API (see below), a number of driver core changes, a per-process capability bounding set feature, and an updated version of the SMACK security module.

The current stable 2.6 kernel is 2.6.23.9, released on November 26. There are a couple dozen or so important fixes in this update.

For older kernels: 2.6.22.14 was released on November 21.

Comments (none posted)

Kernel development news

Quote of the week

The Linux kernel requires that any needed documentation accompany all changes requiring said documentation -- part of the source-code patch must apply to the Documentation/ directory.
-- Donnie Berkholz engages in some wishful thinking

Comments (none posted)

Tightening symbol exports

By Jonathan Corbet
November 27, 2007
The kernel's loadable module mechanism does not give modules access to all parts of the kernel. Instead, any kernel symbol which is intended to be usable by loadable modules must be explicitly exported to them via one of the variants of the EXPORT_SYMBOL() macro. The idea behind this restriction is to place limits on the reach of modules and to provide a relatively well-defined module API. In practice, there have been few limits placed on the exporting of symbols, with the result that many thousands of symbols are available to modules. Loadable modules can access many of the obviously useful symbols (printk(), say, or kmalloc()), but they can also get at generic symbols like edd, tpm_pm_suspend(), vr41xx_set_irq_trigger(), or flexcop_dump_reg().

There are reasons for the concern over excessive symbol exports felt by some developers. Wrongly exported symbols can lead module authors to use incorrect interfaces; for example, the exporting of sys_open() is an active inducement for developers to open files directly inside the kernel, which is almost never a good idea. But such symbols, once exported, can prove hard to unexport. While the official line says that the internal kernel API can change at any time, the truth of the matter is that at least some developers are reluctant to break external modules when that can be avoided.

A more timely example would be init_level4_pgt, a low-level symbol exported only by the x86_64 architecture. The current -mm tree removes that export, breaking the proprietary NVIDIA module in the process. Andrew Morton describes this removal as "our clever way of reducing the tester base so we don't get so many bug reports." While many developers make a show of not caring about binary-only modules, there is still a good chance that this particular export removal (of a symbol which should not really be available globally) may not make it into the mainline as a result of this breakage.

The end result of all this is that there has long been interest in somehow cleaning up the modular API, though there have not been a whole lot of people who have put a lot of time toward that end. Occasionally somebody has remarked upon one piece of low-hanging fruit: symbols which are exported only to make it possible to modularize other bits of mainline kernel code. One example is a whole set of TCP stack symbols (things like __tcp_put_md5sig_pool()) which have exactly one user: the IPv6 module. Restricting these special-purpose exports has the potential to significantly narrow the modular API without making it harder to modularize the mainline.

Andi Kleen's module symbol namespace patch is meant to enable just this sort of narrowing of the API. With this patch, symbols can be exported into specific "namespaces" which are only available to modules appearing on an associated whitelist. In a sense, the term "namespace" is a poor fit here; there is still a single, global namespace within which all exported symbols must be unique. These "namespaces" are more like special exclusion zones containing symbols which are not globally accessible. They work like GPL-only exports, which also restrict the availability of symbols to a subset of modules.

To create a restricted export, an ordinary EXPORT_SYMBOL() declaration is changed to: 

    EXPORT_SYMBOL_NS(namespace, symbol);

Where namespace is the name of a restricted symbol namespace. So, going back to the TCP example, Andi's patch contains a number of changes like: 

    -EXPORT_SYMBOL(__tcp_put_md5sig_pool);
    +EXPORT_SYMBOL_NS(tcp, __tcp_put_md5sig_pool);

Note that there is no _GPL version; any symbol which is exported into a specific namespace is treated as GPL-only by default.

The other part of the equation is to enable access to a namespace. That is done with: 

    MODULE_NAMESPACE_ALLOW(namespace, module);

Such a declaration (which must appear in a module exporting symbols into the namespace) says that the given module can access symbols in that namespace. Andi's patch creates three namespaces (tcp, tcpcong for congestion control modules, and udp), removing about 30 symbols from the global namespace.

A number of developers welcomed this patch, seeing it as a step forward in the rationalization of the loadable module API. It is seen as a way to prevent out-of-tree modules from using symbols which they should not be using. It also reduces the number of interfaces which must be kept stable in situations (enterprise kernels, for example) where changes are not allowed. And, finally, the symbol namespaces offer the ability to organize exports somewhat and document who the intended users are.

There is a bit of dissent, though. In particular, Rusty Russell fears that the patch adds unneeded complexity and threatens to make life harder for out-of-tree developers for little (if any) gain. Says Rusty:

For example, you put all the udp functions in the "udp" namespace. But what have we gained? What has become easier to maintain? All those function start with "udp_": are people having trouble telling what they're for?

If you really want to reduce "public interfaces" then it's much simpler to mark explicitly what out-of-tree modules can use.

Herbert Xu has similar concerns:

These symbols are exported because they're needed by protocols. If they weren't available to everyone then it would be difficult to start writing new protocols....

So based on the network code at least I'm kind of starting to agree with Rusty now: if a symbol is needed by more than one in-tree module chances are we want it to be exported for all.

While these voices seem to be in the minority, they still carry quite a bit of weight. So your editor is unwilling to make any sort of guess as to whether this patch will be merged, or in what form. The desire to clean up the modular API is unlikely to go away, though, so, sooner or later, something is likely to happen.

Comments (12 posted)

kmemcheck

By Jonathan Corbet
November 27, 2007
Using uninitialized memory can lead to some seriously annoying bugs. If you are lucky, the kernel will crash with the telltale slab poisoning pattern (0x5a5a5a5a or similar) in the traceback. Other times, though, something more subtly wrong happens, forcing a long hunt for the stupid mistake. Wouldn't it be nicer if the kernel could simply detect references to uninitialized memory and scream loudly at the time?

The kmemcheck patch recently posted by Vegard Nossum offers just that functionality, though, perhaps, in a somewhat heavy-handed manner. A kernel with kmemcheck enabled is unlikely to be suitable for production use, but it should, indeed, do a good job at finding code using memory which has not yet been set to a useful value.

Kmemcheck is a relatively simple patch; the approach used is, essentially, this:

  • Every memory allocation is trapped at the page-allocator level. For each allocation, the requested order is increased by one, doubling the size of the allocation. The additional ("shadow") pages are initialized to zero and kept hidden.

  • The allocated memory is returned to the caller, but with the "present" bit cleared in the page tables. As a result, every attempt to access that memory will cause a page fault.

  • Once the fault happens, kmemcheck (through some ugly, architecture-specific code) determines the exact address and size of the attempted access. If the access is a write, the corresponding bytes in the shadow page are set to 0xff and the operation is allowed to complete.

  • For read accesses, the corresponding shadow page bytes are tested; if any of them are zero, the code concludes that the read is trying to access uninitialized data. A stack traceback is printed to enable the developer to find the location where this access is happening.

As should be evident, running with kmemcheck enabled will have certain performance impacts. Taking a page fault on every access to slab memory just cannot be fast. Doubling the size of every allocation will impose costs of its own, including the cache effects of simply working with twice as much memory. But that is a cost which can be paid when the kernel is being run in a debugging mode.

Vegard has posted some sample output which shows how the system responds to reads from uninitialized memory. If this output is to be believed, access to unset memory is not an especially uncommon occurrence in current kernels. If some of references flagged here, once tracked down, turn out to be real bugs, the kmemcheck patch will have earned its keep, even if it never finds its way into the mainline.

Comments (8 posted)

System call updates: indirect(), timerfd(), and hijack()

By Jonathan Corbet
November 28, 2007
Last week's discussion of the proposed indirect() system call ended with some complaints from developers on the ugliness of the interface. Since then there has been some talk about system call interfaces in general, but not a whole lot of ideas for how indirect() could be done better.

The leading alternative would be that pushed by H. Peter Anvin: rather than use indirect() to extend a system call, simply make a new system call with the desired additional parameters. Then, usually, the old implementation can be replaced with a simple stub which calls the new version with the default values for the new parameters. It is a simple approach which easily maintains binary compatibility with very little runtime cost. Since there is no particular shortage of system call numbers, this is a process which could go on for a long time.

The management of increasing numbers of system calls does impose a cost, though; each one of those system calls is a user-space API which cannot ever be broken. The indirect() approach, instead, does not add more system calls. As long as the addition of parameters (with default values of zero) is done with care, avoiding API problems should be relatively easy to do.

There are also limits on how many parameters can be easily passed to system calls; on most systems, that limit is around six. Any system call requiring more arguments must already do uncomfortable things with indirect blocks. Creating new system calls with additional parameters will create more cases where this sort of indirect parameter handling is required. So the approach used by indirect() will find itself being used, in some form, anyway.

The key argument, though, still appears to be the syslet/threadlet mechanism. The ability to make any system call asynchronous has a lot of appeal, but doing so requires some additional information - a place to store the result of the call, if nothing else. Asynchronous system calls, in Linux, are, for all practical purposes, a type of indirect call. The proposed indirect() interface looks like it should be able to accommodate asynchronous calls nicely - though the precise API has not, yet, been nailed down.

As a result of all this, chances are that some form of indirect() will find its way into the mainline - though there is still time for somebody to come up with a better idea.

Meanwhile, the last time timerfd() was discussed here, it had been disabled in the 2.6.23 kernel as a result of complaints about its interface. Since then, little has happened with timerfd(), with the result that it will almost certainly not be present in 2.6.24 either. Some work has been done with this system call, though, and a new API proposal has been posted. This version has three system calls, the first of which is timerfd_create(): 

    int timerfd_create(int clockid, int flags);

The clockid argument tells the system which clock should be used: CLOCK_MONOTONIC or CLOCK_REALTIME. The flags argument is a recent addition; it is currently unused and must be zero. It was added on the assumption that somebody, somewhere, will always want some sort of behavior modification and one might as well avoid the need for an indirect version while it's easy. The return value from timerfd_create() is a file descriptor which can be passed to read() or any of the poll() variants. But, first, the timer should probably be programmed with: 

    int timerfd_settime(int fd, 
                        int flags,
		        const struct itimerspec *timer,
		    	struct itimerspec *old_timer);

Here, fd is a file descriptor obtained from timerfd_create(), flags contains TFD_TIMER_ABSTIME if the timer is being set to an absolute time, and timer is the expiration time for the timer. If old_timer is not NULL, the location pointed to will be set to the previous value of the timer.

It is also possible to query the value of the timer with: 

    int timerfd_gettime(int fd, struct itimerspec *timer);

The value returned in *timer will be the current setting of the timer associated with fd.

There's not been a whole lot of comments on this version of the API, so something very similar to it will probably be merged. It would normally be considered to be too late to put a change like this into 2.6.24, but the 2.6.24-rc3-mm2 patch log says "Probably 2.6.24?". So one never knows. If this change is not merged soon, it will almost certainly become available for 2.6.25.

Finally, the hijack() system call continues to be developed on relatively quiet kernel subsystem lists. This call (described here in October) behaves much like clone() in that it creates a new process. Unlike clone(), however, hijack() causes the new process to share resources with a specified third process rather than with the parent. Its main reason for existence is to make it easy to enter different namespaces.

The hijack() interface remains almost unchanged: 

    int hijack(unsigned long clone_flags, int which, int id);

The specified id value is interpreted according to which, which now has three possible values:

  • HIJACK_PID says that id is a process ID; the newly-created process will share resources (including namespaces) with the indicated process.

  • HIJACK_CG says that id is an open file descriptor for the tasks file in a target control group. In this case, the kernel will find a process within that control group and use it as the source for resources and namespaces.

  • HIJACK_NS is the newest option; like HIJACK_CG, it is an open file descriptor indicating a control group. In this case, though, only the control group itself and any associated namespaces will be inherited by the new process. This version is intended for use when entry into an empty control group (where there are no processes to inherit from) is desired.

This new system call still has not seen any exposure on linux-kernel; it may well not survive its first experience there in its current form. If nothing else, a name change (to something which is more descriptive of the real function and, preferably, which does not put users onto intelligence agency watch lists) may well be called for. But a full container implementation on Linux will clearly need some sort of enter_container() system call at some point.

Comments (1 posted)

Patches and updates

Kernel trees

Andrew Morton 2.6.24-rc3-mm1 ?
Andrew Morton 2.6.24-rc3-mm2 ?
Greg Kroah-Hartman Linux 2.6.23.9 ?
Steven Rostedt 2.6.23.9-rt12 ?
Greg Kroah-Hartman Linux 2.6.22.14 ?

Architecture-specific

Roland McGrath ptrace: arch_has_single_step ?
Christoph Lameter Per cpu code simplification ?
Paul Mundt nommu: Add new vmalloc_user() and remap_vmalloc_range() interfaces. ?
Geert Uytterhoeven PS3 notification device patches for 2.6.25 ?

Core kernel code

Ulrich Drepper sys_indirect system call ?
Davide Libenzi Timerfd v2 - new timerfd API ?
Davide Libenzi Timerfd v3 - new timerfd API ?
Steven Rostedt New RT Balancing version 4 ?
Andi Kleen [1/9] Core module symbol namespaces code and intro. ?
Srivatsa Vaddagiri sched: group scheduler related patches (V3) ?

Development tools

Mathieu Desnoyers Linux Kernel Markers - Support Multiple Probes ?
Vegard Nossum kmemcheck: trap uses of uninitialized memory (v2) ?

Device drivers

ian Support for Toshiba TMIO multifunction devices ?
Haavard Skinnemoen dmaengine: Slave DMA interface and example users ?
Anton Vorontsov OF-platform PATA driver ?
Konrad Rzeszutek Add iSCSI IBFT Support (v0.3) ?
Love, Robert W Open-FCoE - Fibre Channel over Ethernet Project ?

Documentation

Pavel Emelyanov [PATCH (resend)][DOCUMENTATION] The namespaces compatibility list doc ?
Michael Kerrisk man-pages-2.68 is released ?
Daniel Drake Documentation about unaligned memory access ?
Greg KH New kobject/kset/ktype documentation and example code ?

Memory management

Mel Gorman Use two zonelists per node instead of multiple zonelists v10 ?

Networking

Templin, Fred L ipv6: RFC4214 Support (v2.4) ?
Ryousei Takano NET_SCHED: PSPacer qdisc module ?
Phil Oester Per-conntrack timeout target v3 ?
Hideo AOKI UDP memory accounting and limitation (take 9) ?

Security-related

Tetsuo Handa Add packet filtering based on process's security context. ?
Serge E. Hallyn [PATCH 1/1] capabilities: introduce per-process capability bounding set (v8) ?

Virtualization and containers

Pavel Emelyanov Sysctl shadow management ?
KAMEZAWA Hiroyuki [PATCH][for -mm] per-zone and reclaim enhancements for memory controller take 3 [0/10] introduction ?
Mark Nelson namespaces: introduce sys_hijack (v10) ?

Miscellaneous

Zoltan Sogor Add LZO compression support to cryptoapi ?

Page editor: Jonathan Corbet

Distributions

News and Editorials

openSUSE seeks new design for the YaST Control Center

By Rebecca Sobol
November 28, 2007
The openSUSE project has announced that it is seeking a radical new design for the YaST Control Center. This announcement was followed by a long discussion of ways to completely redesign YaST (Yet another Setup Tool), rather than just the Control Center. openSUSE Stefan Hundhammer posted a second try:

The first thread was not meant to be about generic wishes about YaST and related. It was not about a complete rewrite of everything. It was not about what could be improved in various individual YaST modules. It was not about bugs that could be reported with Bugzilla. It was not about dropping the ncurses text mode (we don't plan to do anything like that).

Rather, it was about

The YaST Control Center

in particular the Qt version. This is the small, very basic, Qt-only (very little dependencies, in particular not to the entire YaST engine) application that starts YaST modules. Some people call it the YaST shell.

Ideas are being collected in this new control center page, which includes the goals for the new design and the perceived problems with the old design.

In particular, the old design, seen on this page, is very crowded and not intuitive for a non-geek user.

A study was conducted, in which thirty experienced users were asked to sort the modules in the Control Center. A quick glance at the results identified the following issues (in no particular order):

  • Better sort criteria, though the subjects had no clear preference.

  • New tab with favorites. Of all the subjects, only three chose the full 20 modules which are allowed here; the average was closer to eleven.

  • Merge related modules (e.g. AppArmor becomes a single icon in "Security" that will start the AppArmor Manager Module)

  • Enhance the startup speed of the modules.

  • A better search function

  • YaST should use the desktop theme.

The new control center page has several mockups of what the YaST Control Center might look like. If you are a SUSE user you probably use the Control Center, and may have some good ideas on how to improve it. Now is the time to be heard.

Comments (4 posted)

New Releases

MontaVista presents Carrier Grade Linux 5.0 (Heise Online)

Heise Online has a release announcement for MontaVista Carrier Grade Linux 5.0. "Linux Carrier Grade Edition (CGE) 5.0 uses version 2.6.21 of the kernel and supports Multicore and SMP processors. New features include the Run-Time Application Patcher, which makes it possible to install patches on a live system without rebooting, and the Flight Recorder, which, by analogy to a plane's black box, logs system events to make identification of the cause in the event of a system crash easier and more accurate."

Comments (none posted)

Pie Box Enterprise Linux 4AS U6 now available

Update 6 of Pie Box Enterprise Linux 4 has been released. Click below for a list of enhancements included in this release.

Full Story (comments: none)

SUSE Linux Enterprise Real Time 10 released

Novell has announced the availability of SUSE Linux Enterprise Real Time 10, "the only open source, enterprise-class real-time operating system available in the market today." "Enhancements to SUSE Linux Enterprise Real Time 10 include the latest enterprise-hardened open source technologies that reduce system latency or delay and improve predictability, such as CPU shielding, priority inheritance, sleeping spinlocks, interrupt threads, high-resolution timers and the latest OpenFabrics Enterprise Distribution for commodity high-speed interconnects, OFED 1.2.5. As a result, customers gain time advantage over competitors to make more money or avoid financial losses."

Comments (21 posted)

Launchpad 1.1.11 released!

Launchpad, Ubuntu's suite of development tools, has released 1.1.11. Click below for a look at what's new in this version.

Full Story (comments: none)

Distribution News

Debian GNU/Linux

Status of GCC 4.3 on SPARC and IA64 (Debian)

Martin Michlmayr reports on the status of GCC 4.3 on SPARC. "I recently compiled the entire Debian archive (around 6500 packages that need to be compiled) on SPARC using trunk to identify new issues before GCC 4.3 is released. I compiled the archive twice, once with default optimization levels specified by packages and once with optimization set to -O3. I only found two new ICEs that were not reported already: PR33993, which has since been fixed, and PR34005, for which a patch has been suggested." The IA64 port has also been tested and a few issues found.

Full Story (comments: none)

Fedora

Fedora Astronomy SIG

Fedora has a new Astronomy Special Interest Group (SIG) for people interested in improving support for astronomers and astrophysicists on Fedora.

Full Story (comments: none)

Fedora Board Elections

The Fedora Board consists of 9 seats, only one is up for election this time around. Nominations are open until December 6th.

Full Story (comments: none)

Notice of Fedora rawhide doom

KDE 4 will be landing in Fedora rawhide the week of December 1 - 7, 2007. Rawhide testers should expect some breakage during this process.

Full Story (comments: none)

Red Hat Enterprise Linux

Red Hat Opens Public Beta for Red Hat Enterprise Linux on Amazon Elastic Compute Cloud

Red Hat has announced the public beta availability of Red Hat Enterprise Linux on Amazon Elastic Compute Cloud (Amazon EC2), a web service that provides resizeable compute capacity in the cloud and changes the economics of computing by allowing customers to pay only for the infrastructure software services and capacity that they actually use. "Subscriptions to the beta are $19 per month, per account for access to support and services. Once subscribed, customers may instantiate small, large or extra-large server instances on the Amazon EC2 cloud computing environment at $0.21, $0.53 and $0.94 per hour respectively. Any bandwidth usage or additional storage will be billed at additional per GB rates."

Comments (none posted)

SUSE Linux and openSUSE

openSUSE Testing Updates - Looking for Heros

openSUSE has made its testing repositories open to the public. All new pending updates will first land into one of these test-update repositories before being transferred directly to the standard and official respective update repository. Test updates are available for openSUSE 10.3, openSUSE 10.2, SUSE Linux 10.1 and SUSE Linux 10.0. "Note, however, that these repositories will _always_ be in a highly experimental state, and hence are not for the faint-hearted. The updates contained in these repositories might well be broken at different times."

Full Story (comments: none)

Ubuntu family

Upcoming Hardy Alpha 1

The first alpha release of Ubuntu's Hardy Heron is scheduled for a November 29, 2007 release.

Full Story (comments: none)

Other distributions

CentOS on your laptop

Dag Wieers would like CentOS to be more laptop friendly. The new CentOS on Laptops wiki page is the place to share your experiences with CentOS on the laptop. "This page brings together all information regarding CentOS on Laptops. If you own a laptop and you consider putting CentOS on it, please write down your experience and add it to this list."

Comments (none posted)

Happy birthday sidux

sidux, a distribution dedicated to creating a stable desktop from Debian sid (unstable), has announced it's first birthday. "I remember well the time about 15 months ago. We were all working with and for this other distribution and we were all frustrated. Some had already left the project. No release in sight, nobody knew what was going to happen, communication between team and project leader was more or less non existant. We all saw a basically good project going down the drain, for some of us after 3 years of work invested and we could not do much about it."

Comments (none posted)

Distribution Newsletters

Ubuntu Weekly Newsletter #67

The Ubuntu Weekly Newsletter for November 24, 2007 covers: Macedonia Students Use Ubuntu, New MOTU's, Azureaus Gets Fix, Launchpad News, Ubuntu Forum News, and much more.

Full Story (comments: none)

DistroWatch Weekly, Issue 230

The DistroWatch Weekly for November 26, 2007 is out. "We don't often get a chance to report about the BSD part of our open source world, but last week brought an unusual number of interesting developments: a new beta release of FreeBSD 7.0, new live DVDs from RoFreeSBIE and TrueBSD, and even a promise of a real print BSD magazine! Is this increased activity among the BSD developers a sign of greater acceptance of their preferred operating system? In other news: openSUSE releases new bleeding-edge software packages for beta testing, KDE 4.0 RC1 draws mixed reaction in the developer community, sidux celebrates its first birthday, and Linux Mint branches out to develop user-friendly solutions for Debian GNU/Linux and Fedora. Finally, don't miss our lead story - a first look at the newly released Linux Mint 4.0."

Comments (none posted)

Interviews

Fedora 8 and IcedTea

Jonathan Roberts interviews Thomas Fitzsimmons, the lead developer of Fedora's IcedTea package. "Java is a popular programming language used both on the desktop and the net. Until recently users who wanted to use just free software have had to struggle with partial support for Java, but now that Sun have begun freeing their Java implementation the way has opened for free software developers to create an entirely free implementation. This free Java, IcedTea, was shipped by default with Fedora 8, and so we talked to Thomas Fitzsimmons, the lead developer behind this feature."

Comments (none posted)

Eric Sandall Interview (Mage Power)

Mage Power talks with Eric Sandall, Grimoire Lead at Source Mage GNU/Linux. "Would you please explain what the Grimoire is? A grimoire is a complete container of spells, their sections, and supporting scripts (such as account management) necessary for the spells to function. We have multiple official grimoires: z-rejected for binary-only and non-OSI licenses, games for the majority of games, test is the up-to-date grimoire where packages are first released for wide testing, stable-rc is where we have a snapshot of test to prepare for a new stable release, and the stable grimoire has some testing done to it to verify packages work and is the most bug-free release. There is no one grimoire, but rather multiple grimoires each providing a different selection. A few unofficial grimoires are maintained by various developers with packages they are working on and one hosted on the SMGL servers is xorg-modular, where we're working on integrating the newest X.org release process into our main grimoire."

Comments (1 posted)

Page editor: Rebecca Sobol

Development

How The Backup Process Has Changed

By Forrest Cook
November 28, 2007

Backing up data stored on computers is one of the most important jobs of a systems administrator. A regular backup routine can save large amounts of heartache and frustration when a disk drive or system fails. Disk failure should be treated as something that is guaranteed to happen in the life (and death) of every disk drive. And, disk failures always seem to happen at the worst possible moment. Typical failures happen on Friday afternoon before a vacation is about to start or when the boss comes into your office demanding that critical report that lives on the machine with the smoke curling out of the power supply.

Over the years, your author has lived through many backup technologies. In the early days of home computing and CP/M systems, floppy to floppy transfer was the only method to save data. Floppies were unreliable and multiple copies were important. When hard drives became normal hardware on DOS-based microprocessor systems, backups were performed on piles of floppy disks or short-lived tape technologies. It was a bad day when floppy disk 29 of a batch of 30 encountered a read error during the restoration of a disk.

Mainframe systems in the early 1980s required copying the contents of washing machine sized disk drives to piles of 9 track open reel tapes. As drives were added, the piles of tapes became larger. Large storage areas were required for storing racks of tapes. The 1990s brought larger disk drives and the capabilities of the mainframes and PCs were converging. Single filesystems could be copied to DC100 serpentine tape cartridges, if one had a lot patience. Helical scan SCSI tape drives such as Exabyte 8mm and DDS 4mm were able to store the contents of multiple filesystems on one tape. For a brief while, tape capacity surpassed filesystem size. Robotic tape library machines could be programmed to automate the backup process and allow large numbers of filesystems to be copied to stacks of tapes.

Disk capacities continued to expand rapidly. AIT tapes were good for larger backups, but the media was pricey. RAID arrays became a good way to increase storage capacity and improve reliability, but downtime could be long in the event of a controller failure. RAID backups are still critically important. Disk drive prices continued to fall. At some point after the year 2000, the price/performance of disks versus tapes made it more economical to buy another disk drive to copy data to. For the moment, it appears that the disk/tape competition is over and disks won.

With a removable drive sled or a USB drive, a hard drive can now be treated as a high speed random access data cartridge. With multiple online machines, it is possible to use one machine as a backup repository for another's data. Today, it is possible to buy a 300GB disk drive for just over $100. Larger drives can be had for a slightly higher cost per byte.

On a Linux platform, two of the oldest and most common backup utilities are dump and tar. Both work with tape and disk-based archives. Dump has the advantage of being able to dig through the contents of an archive and pick individual files to restore before reading the entire media. Unfortunately, the dump archive format has gone through a lot of changes. This means, for example, that a dump archive that was created on a Red Hat 7.3 system may be unreadable on a Ubuntu 7.04 system. Reading old tar files is more likely to result in success across systems of different vintages. Your author decided to standardize on tar-based backups.

Now for some current real-world examples for performing disk-to-disk backups: Here's how to use dump to copy the local / filesystem to a compressed and datestamped file on the same machine's /backup filesystem: 

cd /backup
/sbin/dump 0ufa - / | bzip2 > ./localslash`date +%Y%m%d`.bz2
Here's how to use tar to do the same type of local to local backup: 
cd /backup
/bin/tar cf - / | bzip2' > ./localslash`date +%Y%m%d`.tar.bz2
Here's how dump is used to backup the / filesystem on a machine called remote to the local machine's /backup partition: 
cd /backup
ssh remote '/sbin/dump 0ufa - / | bzip2' > ./remoteslash`date +%Y%m%d`.bz2
Here's how to use tar to do the remote to local backup: 
cd /backup
ssh remote '/bin/tar cf - / | bzip2' > ./remoteslash`date +%Y%m%d`.tar.bz2
The above commands should be run from the root account and the remote backups can work without passwords if ssh is setup correctly. Ssh and the ssh server should be installed and configured on the machines. The dump and/or tar manual pages should be consulted for more information on the various command options. Restoration of the filesystems involves using bunzip2 to uncompress the archive, then restore (for dump) or tar (for tar) to split out the contents to a local disk. Restoration across the network is possible with the use of ssh.

A good backup scheme should be devised. Your author has a dedicated machine with a large disk drive and an old DDS3 tape drive that is used to backup all of the rest of his machines to. Variations on the above examples are used in several machine-specific scripts to backup one machine at a time. The backups are performed several times a month. Backups can be copied from the backup machine's disk to tape for offsite storage. The entire backup set is occasionally copied to another machine's large disk for redundancy. Datasets can simply be copied with cp to removable media. A 100GB+ audio archive is managed differently than standard filesystems, the rsync command is used to clone the data from one machine to another.

In the early 1990s, your author couldn't imagine ever getting close to filling up a 9GB disk drive. Then came audio archives, digital cameras with movie modes and other large data sources. Several hard drive failures and machine meltdowns have occurred, but no data has been lost. With a little planning, your data can be kept safe.

Comments (60 posted)

System Applications

Database Software

PostgreSQL 8.3 Beta3 released

Version 8.3 Beta3 of the PostgreSQL DBMS has been announced. "Thanks to all the testing, feedback and bug reports the community has performed with the first and second betas, we now have our third beta of 8.3. We hope that this will be our last beta before release candidate so please download and continue testing to ensure that any issues you raised have have been resolved. As always, our community is the first line of defense to help us find any "corner cases" of possible issues."

Full Story (comments: none)

Postgres Weekly News

The November 25, 2007 edition of the Postgres Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

Embedded Systems

BusyBox 1.7.4 and 1.8.2 released

Stable versions 1.8.2 and 1.7.4 of BusyBox, a collection of command line utilities for embedded systems, have been announced. "These are bugfix-only releases. 1.8.2 contains fixes for inetd, lash, tar, tr, and build system. 1.7.4 contains a fix for inetd."

Comments (none posted)

Interoperability

Samba 3.0.27a available

Version 3.0.27a of Samba has been announced. "This is a bug fix release of the Samba 3.0.27 code base and is the version that servers should be run for for all current Samba 3.0 bug fixes."

Full Story (comments: none)

Package Management

GooPackage: Initial Release (SourceForge)

The first version of GooPackage has been announced. "The open source package manager for Google applications, GooPackage, officially announces its initial release (0.1). GooPackage is a apt-like package manager that offers the ability to install Google web programs onto a desktop using Mozilla Prism."

Comments (none posted)

Security

OSsonar 2.4 released (SourceForge)

Version 2.4 of OSsonar has been announced. "OSsonar monitors systems. It continually audits by managing a collection of auditors called sensors. If a sensor becomes concerned, it can launch countermeasure to handle the concern. Helpful with SOX compliance, remote monitoring - CYOA for Sys Admins. OSsonar 2.4 has been released. New remote monitoring sensors added for Linux and Unix servers."

Comments (none posted)

Web Site Development

2step plug-in for Eclipse 3.x v2.0.0 released (SourceForge)

Version 2.0.0 of 2step plug-in for Eclipse 3.x has been announced. "2step is a development framework written in Java for developing complete web applications (including web services). As a servlet framework features access control, logging, I18N, database access, deploy, XML/XSL, etc, and uses Jetty, FOP and jCharts. A new version of the 2step plug-in for Eclipse (v2.0.0) has been released. It has been testes with latest Eclipse release (Europa, v3.3), and also v3.2, but it might work with any 3.x Eclipse version. The main new feature of the plug-in is a shiny new content assistant for the 2step language."

Comments (none posted)

mnoGoSearch 3.3.6 released

Version 3.3.6 of mnoGoSearch, a web site search engine, has been announced. See the changelog file for more information.

Comments (none posted)

Quixote 2.5 announced

Version 2.5 of the Quixote web development platform is out with a bug fix and support for Python 2.5.

Full Story (comments: none)

Desktop Applications

Data Visualization

Graphviewer 1.1.0 released

Version 1.1.0 of Graphviewer, a data visualizer tool, has been announced. "Graphviewer is a generic data visualization tool written in FLTK 1.1 that reads input from a command line data source on the standard input and renders that into a scrolling graph, similarly to perfmeter-like applications." Graphviewer is based on FLTK.

Comments (none posted)

Desktop Environments

GNOME Software Announcements

The following new GNOME software has been announced this week: You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

Test Latest Builds with KDE4Daily (KDE.News)

KDE.News has a call for testing on the daily builds of KDE4. "We are now on the home stretch of the road to KDE 4.0, but KDE still needs extensive user testing to make sure everything arrives in the best possible shape for the release."

Comments (none posted)

KDE Commit-Digest (KDE.News)

The November 18, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "A Calculator and Show Desktop Plasmoid, units conversion and contacts "runners", enhanced composite-based effects, a "dashboard" view and applet hover handles in Plasma. Updated artwork for "about" pages (like the one present in Konqueror upon application startup). Support for quick user switching in Kickoff. Continued development progress in KDevelop 4. Work begins on resurrecting KEduca for the KDE 4.1 timeframe..."

Comments (none posted)

KDE Commit-Digest (KDE.News)

The November 25, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "A Trash applet, various general improvements, and support for sharing configuration layouts in Plasma. "Undo close tab" feature in Konqueror. Development continues towards Amarok 2.0, with services becoming plugins and support for the Amapche music server. Continued progress in KDevelop and KEduca. More work on album display and improved thumbnails (with RAW format support) in Digikam. A BitTorrent plugin for KGet, based on the recently created libktorrent..."

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week: You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

Electronics

gnucap development snapshot 2007-11-21

Development snapshot 2007-11-21 of gnucap, a circuit analysis package, has been announced. "This snapshot provides (over the old one) ... 1. Bug fix .. "build" exits properly now. This bug was introduced in the 2007-11-02 snapshot as a result of fixing another bug. 2. Plugins should work on MS-Windows, compiled with mingw."

Comments (none posted)

Updated Unofficial Gnuradio Documentation (Simple User Manual)

New documentation is available for the Gnuradio software controlled radio development platform. "Thanks to feedback, comparing with the old version, the new document corrected tens (may be more!) mistakes, and a new documentation was added for the blocks that were not documented in the first published documents. The most important enhancement in the new version is the adding of an alphabetical index to all gnuradio functions and blocks."

Full Story (comments: 1)

Icarus Verilog 0.8.6 released

Version 0.8.6 of Icarus Verilog, an electronic simulation language compiler, has been announced. According to the changelog: "This is a bug fix update of the 0.8 stable version of Icarus Verilog. The v0.8 series tries to remain as stable as possible while still fixing bugs that are safe to fix."

Comments (none posted)

Kicad 2007-11-19-RC announced

Release 2007-11-19-RC of Kicad, a schematic capture and printed circuit CAD application, is out. See the release notes for details.

Comments (none posted)

Games

Atlas-C++ 0.6.1 released

Version 0.6.1 of Atlas-C++ has been announced by the WorldForge game project. "Atlas-C++ is the standard implementation of the WorldForge Atlas protocol. This release is primarilly aimed at developers and users who want to build the WorldForge system for themselves. Major changes in this version: * The codec and negotiation parsers are now more efficient. * A small addition has been made to the objects interface for testability."

Comments (none posted)

Music Applications

FluidSynth 1.0.8 released

Version 1.0.8 of FluidSynth is out with numerous new features and bug fixes. "I'm pleased to announce the release of FluidSynth 1.0.8. Dubbed "Its about funky time!", since it was almost 2 years ago since the last release."

Full Story (comments: none)

Office Applications

HylaFAX 4.4.3/4.3.7 releases

Versions 4.4.3 and 4.3.7 of HylaFAX, a FAX modem interface application, has been announced. "These releases are maintenance releases, and do not contain any new features or functionality, but only contain bugfixes".

Comments (none posted)

Office Suites

KOffice 2 Alpha 5 Released (KDE.News)

KDE.News covers the latest alpha release of KOffice 2. "Immediately after the release of KDE 4.0 RC1, the KDE office suite KOffice today announced the release of version 2.0 Alpha 5. As with the previous alpha versions of 2.0, this is a technology preview more than a version for users to test out. Nonetheless there are some exciting new features and developments here."

Comments (none posted)

Web Browsers

Mozilla Firefox 2.0.0.10 Released (MozillaZine)

MozillaZine takes a look at the latest security holes to be patched with the release of Firefox 2.0.0.10. LWN is tracking vendor updates here.

Comments (1 posted)

Languages and Tools

C

GCC 4.3.0 Status Report

The November 27, 2007 edition of the GCC 4.3.0 Status Report has been published. "We are in Stage 3. When we reach 100 open regressions, we will go to regression-only mode. When we approach the 4.3.0 release, we will create a branch, and open Stage 1 for 4.4.0."

Full Story (comments: none)

Caml

Caml Weekly News

The November 27, 2007 edition of the Caml Weekly News is out with new articles about the Caml language.

Full Story (comments: none)

JSP

Myna Javascript Application Server 1.0 alpha 6 released (SourceForge)

Version 1.0 alpha 6 of Myna has been announced, it features an API change among other things. "Myna is a Java web development platform based on Mozilla's Rhino JavaScript engine. It allows developers to access the full power of Java with the development speed of JavaScript."

Comments (none posted)

Perl

Perl 6 on Parrot Roadmap (use Perl)

brian_d_foy has announced a new Perl 6 on Parrot Roadmap. "On Friday I wrote up a brief ROADMAP for Perl 6 on Parrot development, and rather than repeat it all as a journal post I'll just link to it. It really does describe where we've been, and where we're going in the next couple of months as far as Perl 6 development."

Comments (1 posted)

Python

Python-URL! - weekly Python news and links

The November 28, 2007 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Tcl/Tk

Tcl-URL! - weekly Tcl news and links

The November 23, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Bug Trackers

zenTrack 2.6.3 released (SourceForge)

Version 2.6.3 of zenTrack has been announced. The software is a: "Highly configurable bug tracking, project management, and help desk solution. Project focus is on configurability, usability, and clean code. We're putting the finishing touches on the 2.6.3 release and we'll be rolling it into production some time tonight."

Comments (none posted)

Miscellaneous

xMarkup 2.1.0 released (SourceForge)

Version 2.1.0 of xMarkup, a Text Transformation Utility, has been announced. "xMarkup is a text transformation utility for processing of a set of ASCII files. All Win-32 and POSIX/UNIX platforms. The transformations performed by utility can be extremely complicated comparing to ordinal search & replace procedures. Actually the utility uses a procedural language, with help of which any algorithms of text transformations can be implemented."

Comments (none posted)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

Desktop Linux on the rise, Linux Foundation reports (DesktopLinux)

DesktopLinux reports on the Linux Foundation's third annual desktop Linux survey, which runs until the end of November. "For starters, almost 20,000 self-selected users filled out this year's survey compared to fewer than 10,000 in 2006's survey. The survey, which drew primarily from European users (51.5 percent) followed by North Americans (35.8 percent), found that the vast majority of Linux desktops (68.4 percent) are deployed in SOHOs (small office / home office) and small business settings having one to a hundred PCs running Linux. Medium-sized businesses with user bases of 101 to 500 (9.7 percent) and 1,001 to 5,000 (6.2 percent) Linux desktops came next."

Comments (1 posted)

Microsoft FUDwatch: Windows vs. Linux security (CNET)

Matt Asay takes a look at yet another Microsoft security article that compares the security of Windows to that of Linux and other free software. "Boiled down, Microsoft is effectively saying, 'Trust us to help you be secure' and open source responds, 'Trust us, but also trust yourself.' Open source doesn't force its adopters to give up security to the hands of a vendor, though there are certainly open-source vendors who are happy to enhance security and stand behind it for a fee."

Comments (4 posted)

Trade Shows and Conferences

Akademy-es 2007 in Zaragoza Spain (KDE.News)

KDE.News covers Akademy-es 2007. "This past weekend, November 16th through the 18th, Zaragoza Spain was the home of Akademy-es 2007. The conference began early Saturday morning and finished Monday with a Hackathon. Akademy-es 2007, hosted by Hispalinux, Wireless Zaragoza, and the Zaragoza council, was a conference specifically for KDE developers and users from around Spain."

Comments (none posted)

28 papers on real-time and embedded Linux (LinuxDevices)

LinuxDevices.com has a report from the Realtime Linux Workshop recently held in Linz, Austria. There's pictures and most of the accepted papers.

Comments (11 posted)

The SCO Problem

Novell's Motion to Lift Stay Granted! (Groklaw)

Groklaw reports that SCO's bankruptcy court has given the green light for the Novell case to go forward, contrary to SCO's wishes. "As Novell has pointed out in its papers, the Debtors simply cannot file a confirmable plan of reorganization until they know what liability they have to Novell. The resolution of the issues remaining in the District Court litigation will assist the Debtors, not burden them." The bankruptcy court reserves the right to decide whether Novell will be able to get any damages from SCO put into a trust, though.

Comments (none posted)

Linux Adoption

Real answers to the question “Can you run your business on Linux and open source?” (iTWire)

iTWire's David M. Williams tries to answer a common question about using Linux to run a business. Using information from companies who have switched from Windows to Linux, his answer is mostly affirmative. "He reported they had solved authentication issues using LDAP with replication to all servers and using Samba 3.0.24. This, he said, had slick integration with XP clients and Windows 2003 servers in both directions. Additionally, his company enhanced their mail platform by using 'Postfix for the MTA with amavis and spamassassin.' This, he advised, took a little tuning to stop spamassassin giving false positives but was do-able."

Comments (5 posted)

Interviews

Android maker talks mashups and mobiles (ZDNet)

ZDNet interviews Andy Rubin from Google's Android mobile phone software platform. "Q: Why don't you join an existing Linux phone effort, such as the LiMo Foundation, or the Lips (Linux Phone Standards) Forum? A: One of the key differences in the Open Handset Alliance with some of the existing consortiums is that we're actually building a product. Every member of the alliance has contributed something to the effort, and it's very product-focused."

Comments (none posted)

Torvalds On Where Linux Is Headed In 2008 (Information Week)

InformationWeek has an interview with Linus Torvalds covering a variety of topics: Linux development vs. proprietary software, what he foresees being added in 2008, and a brief response about patent threats. "This is actually the biggest strength of Linux. When you buy an OS from Microsoft, not only you can't fix it, but it has had years of being skewed by one single entity's sense of the market. It doesn't matter how competent Microsoft -- or any individual company -- is, it's going to reflect that fact."

Comments (none posted)

Reviews

Firefox 3 Beta 1 Arrives in Fighting Shape (Wired)

Wired reviews the Firefox 3 beta. "In fact the Location bar isn't just a window to display the URL anymore -- it's also a full-text-search bar for finding bookmarks or pages stored in your browsing history. Rather than just searching for page titles and URLs, the way Firefox 2 does, the new version looks for keywords within the page text itself. That makes it much easier to find what you're looking for, even when you don't know where you saw it."

Comments (18 posted)

Linux Audio Editors: An Overview (O'ReillyNet)

O'ReillyNet takes a look at some audio editors. "If you're not familiar with the area of Linux audio editors, you might be totally amazed at just how many there are. Clearly, writing these has scratched more than a few itches and more than one has earned grades as a class project. It's not too hard to figure out why the area has been popular. For one thing, mangling sounds is fun, and for another, there is endless scope for playing with DSP algorithms. You can do that these days without writing a whole editor, but we'll get to that in a moment."

Comments (none posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

EFF: Friday Court Battle Over Telecom Lobbying Records

The Electronic Frontier Foundation has sent out a press release regarding telecom lobbying records. "San Francisco - On Friday, November 30, at 9am, the Electronic Frontier Foundation (EFF) will urge a federal judge to speed the release of lobbying records that could shed light on the congressional debate over granting amnesty for telecommunications companies taking part in illegal electronic surveillance."

Full Story (comments: none)

GNOME Foundation Elections 2007 launched (GnomeDesktop)

GnomeDesktop.org has announced the 2007 GNOME Foundation Elections. "The candidates were announced. This year, to make life easier for the candidates, the Membership Committee formulated the questions which will be answered on the GNOME Foundation mail list."

Comments (none posted)

The GNOME Foundation on OOXML

Rather belatedly, the GNOME Foundation has sent out a statement regarding its participation in the OOXML standardization process. "We are deeply concerned that abuse of the standards process is eroding public trust in the value and independence of international standards. Both ODF and OOXML are very heavily influenced by their implementation heritage, neither are likely to deliver the 'one true office format', and both communities have - in their own way - played a role in this erosion of trust."

Comments (40 posted)

OLPC sued for patent infringement in Nigeria

A company called Lagos Analysis Corporation has sent out a press release announcing a patent infringement lawsuit against the One Laptop Per Child project. "The patent infringement lawsuit was filed on November 22nd, 2007 as a result of OLPC's willful infringement of LANCOR's Nigeria Registered Design Patent #RD8489 and illegal reverse engineering of its keyboard driver source codes for use in the XO Laptops." The patent text is hard to find, but it seems to relate to the design of keyboards which facilitate the typing of text in multiple languages.

Comments (16 posted)

Commercial announcements

BitNami.org packages open-source web applications

BitNami has announced the launch of BitNami.org. "The BitNami team has just announced the launch of www.bitnami.org, built to help spread the adoption of freely available, high quality open source web applications. BitNami Stacks are downloadable, ready-to-run packages that make it easy to get started with open source applications by automating the installation and configuration process. This allows even non-technical users to be up and running with the software in under five minutes. BitNami currently hosts Stacks for blogging, bug-tracking, ECM, forums, portals, wikis and more."

Full Story (comments: none)

NComputing releases products for Ubuntu

NComputing has announced the availability of its products on the Ubuntu distribution of Linux. "Joining its Windows-based offerings, the NComputing open-source solution allows schools and businesses worldwide to deploy full virtual PC stations, complete with hardware, software, the Ubuntu operating system and the OpenOffice.org productivity suite, at unprecedented low costs by leveraging the excess power of their PCs and open-source license-free software."

Full Story (comments: none)

New Books

Linux Networking Cookbook--New from O'Reilly Media

O'Reilly has published the book Linux Networking Cookbook by Carla Schroder.

Full Story (comments: none)

New Mobile Python Book

Wiley has published the book Mobile Python: Rapid Prototyping of Applications on the Mobile Platform by Jürgen Scheible and Ville Tuulos.

Comments (none posted)

Using Moodle, 2nd Edition--New from O'Reilly Media

O'Reilly has published the book Using Moodle, 2nd Edition by Jason Cole and Helen Foster.

Full Story (comments: none)

Resources

"What every programmer should know about memory" - the PDF version

Ulrich Drepper has posted the full text of "What every programmer should know about memory" (recently serialized here on LWN) in PDF format. It's a 114 page, 900KB download full of good information.

Comments (6 posted)

Contests and Awards

The Google Highly Open Participation Contest

Google has launched a new project - the "Google Highly Open Participation Contest" - aimed at getting pre-university students into free software development. "Google will work with ten open source organizations -- Apache Software Foundation, Drupal, GNOME, Joomla!, MoinMoin, Mono, Moodle, Plone, Python Software Foundation, and SilverStripe CMS -- for this pilot effort, each of which will provide a list of tasks to be completed by the student participants." See the GHOP page for more information.

Full Story (comments: 7)

Calls for Presentations

Call for Contributions - Haskell Communities and Activities Report

A call for contributions has gone out for the December, 2007 edition of the Haskell Communities and Activities Report. "Dear Haskellers, so much has happened in the Haskell world in the past months. Therefore, although later than usual, I would very much like to collect contributions for the 13th edition of the Haskell Communities & Activities Report". Submissions are due by December 7.

Comments (none posted)

Call for Papers - Linux Clusters Institute Conference on High-Performance Computing

The Linux Clusters Institute Conference has announced (PDF) the call for papers for the 9th LCI International Conference on High-performance Clustered Computing. "This year's gathering will focus on the technical challenges facing the clustered computing community as we move into the petascale era. We will examine the promise of new technologies such as multi-core processors, acceleration coprocessors, advanced interconnects and high-performance I/O solutions. We will also explore the potential scaling and performance modifications necessary for systems, data and applications to achieve petascale class performance." The deadline for submissions is December 13, 2007. The conference runs April 28 - May 1, 2008, in Urbana Illinois, USA.

Comments (none posted)

National Computer and Information Security Conferences CFP

A call for papers has gone out for the National Computer and Information Security Conferences ACIS 2008. The event takes place in Bogotá, D.C, Columbia on June 18-20, 2008. Submissions are due by March 28.

Full Story (comments: none)

NLUUG spring conference call for papers

A call for papers has gone out for the NLUUG spring conference. "NLUUG (formerly the Unix User Group, the Netherlands) will organize a conference about security on May 15 in Ede, the Netherlands. The program committee is looking for speakers with an interesting story to tell."

Full Story (comments: none)

Reminder: So Cal Linux Exp Call For Papers closes Friday

The Southern California Linux Expo (SCALE) call for papers closes on Friday, November 30. "If you're contemplating submitting a paper for any of these session, don't delay - there are only a few speaker slots left."

Full Story (comments: none)

Upcoming Events

FOSS.IN/2007 Talk Schedules

The schedule for talks at FOSS.IN is out. The conference starts on 4 December in Bangalore, India and features many technical talks from some of the most well-known free software community members.

Full Story (comments: none)

The next LF Collaboration Summit

The next Linux Foundation Collaboration Summit will be held in Austin, Texas on April 8-10, 2008. "The Summit will be April 8 - 10, 2008. The format will be similar to last year: April 8th will be a general day with panels and general discussion and the inclusion of press and analysts. (And a social event!) Days two and three will hold workgroup meetings (such as DAM, LSB, CGL, etc) and collaboration sessions."

Full Story (comments: none)

Events: December 6, 2007 to February 4, 2008

The following event listing is taken from the LWN.net Calendar.

Date(s)EventLocation
December 4
December 8		 FOSS.IN 2007 Bangalore, India
December 7
December 8		 Free Software Conference Scandinavia Gotherburg, Sweden
December 7
December 8		 PGCon Brazil Sao Paulo, Brazil
December 10 Paris on Rails (2nd Edition) Paris, France
December 11
December 12		 3rd DoD Open Conference: Deployment of Open Technologies and Architectures within Military Systems Vienna, VA, USA
December 15
December 22		 Unix Meeting 2007 IRC, Worldwide
December 27
December 30		 24th Chaos Communication Congress Berlin, Germany
December 31 Israeli Perl Workshop Ramat Efal, Israel
January 11
January 13		 FUDCon Raleigh 2008 Raleigh, NC, USA
January 16
January 17		 QualiPSo Conference 2008 Rome, Italy
January 17
January 19		 KDE 4 release event Mountain View, CA, USA
January 24 Federal DBA Day Washington DC, USA
January 28
February 2		 Linux.conf.au 2008 Melbourne, Australia
January 28
February 1		 Ruby on Rails Bootcamp with Charles B. Quinn Atlanta, Georgia, USA
January 29
January 31		 Solution Linux 2008 Paris, France
February 1 Open Island Belfast, United Kingdom

If your event does not appear here, please tell us about it.

Web sites

Announcing the OpenOffice.org Community Forum

The OpenOffice.org Community Forum has been launched. "This new Forum goes beyond being simply a knowledge base of questions and answers and is rather a place for OpenOffice.org users to interact freely with each other. The Forum has been established by a team of enthusiasts who bring a wealth of expertise gained in providing OpenOffice.org forum-based support. Initially launched in English, the new platform has the capability to support multiple languages in future."

Full Story (comments: none)

Audio and Video programs

LugRadio Season 5 Episode 5 - 'A Quality Production'

LugRadio fans can now download LugRadio Season 5 Episode 5 - "A Quality Production" "Jono Bacon, Stuart Langridge, Chris Proctor and Adam Sweet talk about Linux, open source, and all manner of associated things." This show includes an interview with Havoc Pennington and Colin Walters from Red Hat about the Gnome Online Desktop project, a discussion on the need for rockstar programmers, and much more.

Comments (none posted)

PyCon 2007 audio podcasts announced

A series of audio podcasts from the 2007 PyCon conference are being made available. "After many delays, we've begun posting recordings of talks from PyCon 2007 as a podcast, roughly one talk per week."

Full Story (comments: none)

Page editor: Forrest Cook


Copyright © 2007, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds