LWN.net Weekly Edition for August 14, 2008
Chandler finally reaches a 1.0 release
The Chandler project has been around since 2001, periodically releasing new versions of its personal information management (PIM) tool, but never quite reaching the 1.0 milestone—until now. Over that time, Chandler has undergone various major revisions of both code and philosophy, while the rest of software industry has hardly been standing still. Whether Chandler is relevant or important going forward is an open question, but it does have some interesting ideas as well as potentially useful code.
Chandler is the brainchild of Mitch Kapor, of Lotus 1-2-3 fame, who started the project as part of his Open Source Applications Foundation (OSAF). Kapor and others have funded OSAF to work on Chandler over the last seven years, but in January all that changed. Kapor announced that he was leaving the board and only continuing to finance Chandler until the end of 2008. The 1.0 release is to some extent a "last gasp" attempt to build a community of users and developers to continue Chandler development down the road.
Since the time when Chandler was originally envisioned as a shareable calendar and information manager, many other, similar tools have come about. Evolution is a free software example, while Google Calendar is popular, but proprietary and closed. Neither of those cover the full feature spectrum that Chandler aspires to, but they have been available for quite some time.
![[Chandler Dashboard]](https://static.lwn.net/images/chandler_dash_sm.png)
The idea behind Chandler will be familiar to those who know about the Getting Things Done system. Organizing and integrating to-do lists, calendar events, email, and notes into a single system—and single application—is the driving force. These items (known as "notes") can be tagged into various collections (like Home, Work, etc.), assigned as events in the calendar, or mailed to others.
The calendar works like one would expect. Events have the standard fields: start/end time, frequency for recurring events, various alarm options, etc. Events get color-coded based on their collection and the calendar itself can be viewed at various granularities: day, week, or month. Based on their proximity in time, as well as user choice, events get "triaged" into categories of "Done", "Now", or "Later".
There are multiple synchronization options available with Chandler. Keeping calendars in sync amongst multiple different systems, with different import/export formats is clearly something that the Chandler team focused on. Because Chandler is cross-platform—written in Python and available on Linux, OS X, and Windows—it can interface both with tools that run on those platforms as well as with internet services like Google Calendar. As yet there is no Outlook/Exchange synchronization available which leaves out a rather large portion of the potential audience one would guess.
![[Chandler Calendar View]](https://static.lwn.net/images/chandler_cal_sm.png)
The Chandler desktop is only one of two pieces of the Chandler project; the other is the Chandler server. It is the means to share Chandler information, either with other users or just with other computers. Data can be synchronized to the server, then retrieved on another Chandler desktop elsewhere. For those that do not want to run their own server, the project runs a version of the server as the Chandler hub, which offers free accounts.
The 1.0 release looks like a solid tool. It has some enthusiastic users, but will that translate to a larger development community? Chandler development has always been directed—and funded—by the OSAF, so it suffers from a smaller development community than it might have otherwise.
Projects that start as proprietary, but then open their code, sometimes have difficulties allowing a community to influence or control the direction of that code thereafter. We have seen that with OpenSolaris and other projects. Chandler seems to suffer from some of those same problems, even though it came about differently. By removing the funding, Kapor may well have jump started Chandler development.
Seven years is a long time by any standard, but for software, it is an eternity. By keeping a relatively tight grip on the direction of the project, the OSAF may well have kept interested folks who were not on their payroll from getting involved. If the project can move to a more open style, with frequent releases, it may be able to regain some of that lost time. It is an intriguing tool, but it is way behind schedule.
GeekPAC to fight for information rights
There's little question that plenty of people are annoyed at how difficult it is to rip movies from legally purchased DVDs into formats readable by handheld devices or media players. The lack of consistency in document formats is an ongoing headache for anyone who receives files that are only readable with certain software. Information rights management has become enough of a frustration that a group has formed specifically to deal with the problem head on. GeekPAC is a political action committee made up of volunteers who are taking their complaints straight to Capitol Hill.
Last year California Assemblyman Mark Leno authored AB 1668, a bill designed to encourage the state to adopt the Open Document Format as the standard format for government documents. Not surprisingly, Microsoft came out against the bill and it was eventually struck down in committee. CollabNet Community Manager and longtime FOSS supporter John Mark Walker was angry. Realizing that the open source community had no voice during the hearings and no way to fight back against the opposition's lobbyists, Walker decided to mobilize support from within the ranks of the FOSS community and let them do what they do best — rally behind a cause and prove once again that there's strength in numbers. So he founded GeekPAC.
GeekPAC's goal is to pull together enough funding — a mere $2,200 — to file the necessary paperwork to be formally recognized by the Federal Elections Committee as a Political Action Committee (PAC). Then the group will locate politicians or candidates in the House and Senate who support hot-button technology issues like copyright reform and net neutrality. Once identified, GeekPAC will help support their campaigns and lobby together for change.
"If all we do is fund some campaigns, create a few attack ads, and do the occasional lobbying, I'll be pretty disappointed," says Walker. "The real goal here is to educate people as to why they should care. Frankly, those of us who care about our rights in the information age have done a really poor job of communicating the importance or relevance."
Indeed, Walker suggests that ambiguous verbiage and a lack of communication with people outside the tech industry has been the biggest hindrance to effecting large-scale change. "One of the problems is that we insist on using terms like 'digital rights,' the usage of which basically leaves out a large percentage of the population. Most people don't know what that means, and they assume that digital doesn't include them, because they don't work in the tech industry and have little contact with people who do. So lots of digerati swing around their proverbial phalli and talk 'digital rights' this and 'DRM' that, and it becomes a kind of high-tech circle jerk that is constraining and ultimately self-limiting."
A better approach, he says, would be to frame these important issues as "information rights." Once people realize that the bills politicians are voting on aren't about obscure concepts but rather affect human rights at a basic level, Walker is confident GeekPAC will make great strides toward changing minds at the national level.
"It's really about the free flow of information and letting free markets do their job. Once you start there, it's a quick hop and a skip down the path of the founding principles of this great country," explains Walker. He goes on to note that these issues affect people at every socio-economic level, from patents that limit free market trade, to "information restrictions that affect our ability to adequately educate the public."
Walker asserts that without a total overhaul of the United States patent and copyright laws, the information divide will never narrow, and ultimately lead to larger problems down the road. "It's really about education, innovation, and reducing the bar to entry so that America can remain competitive in the 21st century."
One of the overriding reasons Walker chose to launch GeekPAC now is because this is an important election year and political issues are on the minds of many. Though he acknowledges people have been discussing these topics for years, talking just isn't enough.
"In the 10 years that have passed since the DMCA, we still haven't been able to mount a credible reform effort, and countless horrible things have taken place on our watch that co-opt our so-called inalienable rights. We must do more, and I can't think of a better time to do more than an election year," he says.
GeekPAC is taking a multi-faceted approach to locating politicians to support. The group's supporters and volunteers are encouraged to recommend candidates who they know believe in GeekPAC's goals and direction. Politicians can also contact the group directly and asked to be considered for backing from GeekPAC. Once chosen, candidates are asked to sign a simple pledge promising to "protect my constituents' fair use rights to information [and] support the use of open standards in government for the storage and archiving of public data."
Walker says GeekPAC is most interested in helping candidates who take a strong stance on open standards and open access, copyright reform, patent reform, and net neutrality. "Obviously, we'll be most enthusiastic about candidates who support all of those, but we will help campaign for candidates who support at least one of those items."
The name GeekPAC may ring a bell for those who have been around the FOSS community for a while. A similar group was formed more than five years ago but never quite got off the ground. Though the two organizations don't share any common members, they do have the same goals — and an affection for the domain name. Before GeekPAC morphed into its current state, it was known as BytesFree — a similar group, but without the political slant. Walker says he originally planned to stay with that name, until he learned that the geek-pac.org domain was available, and then everything fell into place.
Walker formally launched GeekPAC at last week's LinuxWorld Expo by hosting a Birds of a Feather get-together at the end of a long day of sessions. While current and would-be volunteers strategized and planned, Walker took a few minutes to share the group's vision with notable columnist and FOSS supporter Doc Searls.
Though GeekPAC's premise is strong, not everyone is convinced of its viability. LinuxWorld community blogger Don Marti says the idea is likely to fail, in part, because of a poor choice of names. He claims the inclusion of the term "geek" is insulting and suggests it doesn't relay the true goals of the group.
"Creative Commons is a great name. Electronic Frontier Foundation is pretty good," Marti suggests. "You have to get in some words that imply that the people in the organization actually make something useful and that the organization's goals are public goods. Network Growth and Productivity Council?"
Marti also notes that GeekPAC should include singers, podcasters, and other sub-groups affected by information rights. Though the underlying commonality among the members of GeekPAC is an understanding of how these issues impact the FOSS community, Marti says that's not enough of a reason to form a splinter group of nothing but techies.
"There's a community that already exists around these issues — why split off the subset of EFF supporters who happen to be into free software?" asks Marti. "Of course EFF itself can't be involved because they're tax-exempt, but the target is clearly the same people, and their friends and colleagues. A 'free software users for DMCA reform' group would be like 'cat owners for a balanced budget'."
At the end of the day, it won't be the group's name or membership demographic that decides GeekPAC's success. Walker says it will be "When politicians and candidates start referencing us by name because our influence is large enough to matter."
Moving the Data Center, a LinuxWorld Keynote from Kevin Clark
Last week your author was in San Francisco attending LinuxWorld 2008. One keynote was from Kevin Clark, Director of IT Operations at Lucasfilm. Lucasfilm is the production company that brought us Star Wars, Indiana Jones and many other movies and related merchandise. As the Director of IT Operations, Kevin is responsible for the IT needs of four separate divisions in five locations. In 2005 the main data center was moved to a new facility; Kevin talked about the challenges and lessons learned in the process of moving a high availability data center, while making three movies and maintaining high security.The four divisions of Lucasfilm all have different needs; to meet those needs, the data center has machines running Linux, Unix, Windows and few Macs. Industrial Light and Magic (ILM) is the biggest user of Linux. This is the division that does the special effects for Lucasfilm and many other movies such as Disney's "Pirates of the Caribbean" series. Lucas Arts, Lucas Licensing and Lucas Animation are the other three. These three divisions handle the production of movie-based video games, action figures, official web sites, animated films and other related endeavors.
When Hollywood producers want special effects, they want something that hasn't been seen before, something amazing. With each new movie the producer strives to out-do other movies. ILM must be on the bleeding edge of special effects technology, while maintaining high availability and high security. ILM Linux clusters run around the clock, producing "some of the best special effects the industry has to offer." Downtime is not an option, even for a major move.
Kevin's talk was about moving the data center, and not particularly about Linux. He did have some nice, short films showing off some of ILM's work. Did you know that Pirates of the Caribbean was not filmed on a ship at sea? It's just rendered that way.
For the new data center, Kevin knew he wanted to consolidate systems such as email, databases, storage and backup/recovery. He knew he needed flexible power and cooling requirements and a flexible distribution design with lots of storage for the rendering clusters and the backups and also web hosting for movie sites and other related businesses. The center has high bandwidth requirements, both internally and externally. Also, there are always many people trying to get the scoop on the latest movies and games, so high security is paramount. He chose technologies from AMD, Foundry, NetApp, HP and Juniper to accomplish his goals.
The new data center has over 700 miles of fiber and over 2000 miles of copper with a global WAN for sites at the Telco depot, Letterman Digital Arts Center, Skywalker Ranch, Big Rock Ranch and Singapore Animation. There are 400 terabytes of storage. The AMD blades have 32 gigabytes of memory and they stack them 66 blades per rack. There are lots of racks and floor to ceiling airflow cools them. When filming, all shots are archived, so there is high volume at all times and complete disaster recovery is required.
Kevin had a few lessons that he learned from the data center move: DC power has limitations, equipment interoperability is key and should be built to scale following a network design. The center has needs outside of IT to consider. All the pieces must be fully redundant. You always think that it is fully redundant until it fails. Power and cooling requirements must be balanced. Run the computers hotter to save power, but not so hot that they fail. The data center is a continually moving target with constant pressure to be more energy efficient. More virtualization could help. Getting light to move faster would help.
We were left to wonder how one might overcome the limitations of DC power, or how to get light to move faster. Those points did get a laugh from the audience though. All in all, one might wish for something more Linux related at LinuxWorld, but it was an entertaining presentation.
Security
Details of the DNS flaw revealed
Dan Kaminsky spoke to a packed house at Black Hat on 6 August to outline the fundamental flaw he found in the Domain Name System (DNS). Contrary to his hopes, though, the flaw was discovered and publicized before his presentation. The vulnerability is interesting in its own right, but the implications of what can be done with it are staggering. In addition, the "fix" has well understood shortcomings that can still potentially be exploited to poison DNS caches.
We reported on the vulnerability in early July, including Kaminsky's request that security folks not publicly speculate about the flaw. As one might guess, that request was largely ignored. When security researcher Halvar Flake published his speculation, another researcher, who was known to have the details of the flaw, publicly confirmed it, but just as quickly removed the confirmation. While it sounds a bit like a security community soap opera, it was fairly clearly caused by the attempt to contain the vulnerability information.
An important part of DNS is the ability to delegate to another nameserver. When looking up example.net, first one of the root nameservers is consulted; it does not know the answer so it delegates to one of the nameservers that handles .net addresses. The delegation response includes the names of the servers being delegated to, but also helpfully includes the IP address of those servers as well. It is this helpful addition, which is meant to reduce DNS traffic, that can be exploited.
The key to DNS cache poisoning is that the first good answer wins. If an attacker can send a packet with all of the proper information, but with his own IP address substituted for the correct one, and that packet reaches the querying server first, the attacker wins. In order for that to happen, the attacker needs to arrange or know that the victim will be making a particular query as well as be able to create a response that will be considered "good".
Each DNS query has a 16-bit transaction ID; early implementations just had an incrementing counter, but since that time random transaction IDs have been used. In order for a DNS response to be accepted, it must have the same transaction ID as the request. Just over a year ago, we wrote about a cache poisoning vulnerability in BIND that was caused by a predictable random number generator. When an attacker can narrow down the possible values for transaction IDs, it reduces the number of responses they must generate commensurately.
Absent any method to predict transaction IDs, an attacker must send 32K responses on average before the correct response arrives—which is difficult, at best, to do. If the attacker can cause the victim to make multiple requests, though, they can increase their chances. Because DNS servers cache the results of their queries, repeated requests for the same host information will not generate additional lookups.
Kaminsky observed that if you make the victim request information about multiple, probably non-existent names in a domain, it will have to make a request to the nameserver responsible for that domain multiple times. If the victim queries for foo1.example.net, foo2.example.net, etc., it will use a different, random transaction ID for each request. The attacker can flood the victim with packets purporting to delegate the request to another server, ns.example.net say, but include an IP address under its control as the IP for that server.
The net result is that if one of the attacker's responses gets accepted, because it finally guessed the right transaction ID, the victim's nameserver cache has been poisoned. The attacker can control all lookups in the entire example.net domain because it has substituted its own server as the nameserver for that domain. Because of the birthday paradox, the attacker does not need to generate anywhere near 32K responses to have a high probability of having one with a correct transaction ID. In his testing, Kaminsky found that he could poison a cache like this in less than 10 seconds.
This technique works all the way up the hierarchy of DNS servers, potentially allowing top-level-domain or root nameservers to be poisoned. It is clearly a very serious flaw that can be exploited in a huge number of ways. Kaminsky's Black Hat slides [Powerpoint format, but viewable in OpenOffice], detail many different implications and are well worth a read. Also, for an excellent description of how DNS works as well as more details on the flaw Kaminsky found, see Steve Friedl's illustrated guide.
The "fix" that was rolled out in a coordinated fashion by many different vendors is to randomize the source UDP port for each query. This is a technique that was implemented years ago in Daniel Bernstein's djbdns and has been recommended by various cache poisoning researchers (notably Amit Klein) for some time. By doing this, an attacker must also guess the proper UDP port to send the response to, which can provide up to an additional 16 bits of randomness to the query. In the best case, where all possible UDP source ports are used, that increases the number of possible responses from 64K to over 4 billion.
That seems like it would take the attack out of the realm of possibility,
but that clearly isn't the case. Kaminsky and the vendors all knew that
adding source port randomization only made it harder—not impossible.
Linux kernel hacker Evgeniy Polyakov has done some experiments with the
patched version of BIND on a gigabit ethernet LAN, finding that he
could poison a
cache in under ten hours. As he points out: "So, if you have a GigE
lan, any trojaned machine can poison your DNS during one night.
"
Other solutions are actively being sought, but it is a difficult problem because backward compatibility with countless DNS installations needs to be maintained. As always when a DNS problem is publicized, DNSSEC is touted as the solution. There are numerous technical and political problems that have stood in the way of DNSSEC adoption; those seem unlikely to just disappear.
This DNS flaw is serious, but there are plenty of serious internet security issues as Kaminsky points out in his blog:
That, at the end of the day, is a far larger problem than this particular DNS issue.
While there may be bigger problems in our internet infrastructure, there are few things that are as pervasive as DNS. Kaminsky points out a number of non-obvious places where it is used—and could be abused—such as mailer lookups of HELO strings to try and decide whether to accept email or web servers doing reverse lookups for logfile messages. It is a little surprising that something so integral had such an obvious, in retrospect, flaw in its design that went undetected for around 25 years. It makes one wonder what else is lurking out there.
Brief items
EFF: MIT Students Gagged by Federal Court Judge
Three MIT students have been ordered by a US Federal judge to cancel their presentation at DEFCON in Las Vegas. The Massachusetts Bay Transit Authority (MBTA) sued the students to stop the presentation of security problems with MBTA fare cards. In a special Saturday court session, they were ordered not to disclose their findings for ten days. The Electronic Frontier Foundation represented the students, click below for their press release. "The court relied on a federal law aimed at computer intrusions in issuing its order, holding that even discussing the flaws at a public conference constituted a 'transmission' of a computer program that could harm the fare collection system."
Keyczar - simple cryptography
The Keyczar project, initially developed at Google, has announced its existence. "Cryptography is easy to get wrong. Developers can choose improper cipher modes, use obsolete algorithms, compose primitives in an unsafe manner, or fail to anticipate the need for key rotation. Keyczar abstracts some of these details by choosing safe defaults, automatically tagging outputs with key version information, and providing a simple programming interface." It is distributed under the Apache 2 license.
An Illustrated Guide to the Kaminsky DNS Vulnerability
Steve Friedl has a comprehensive guide to the Kaminsky DNS vulnerability. Lavishly illustrated with packet dumps and network traffic diagrams, it explains DNS and what Kaminsky found in great detail. "This has been an exceptionally serious vulnerability because it undermines the very faith in DNS: this is at the core of the internet. Most experts believe that if you can't trust DNS, all else is lost, and we're of this same mind."
New vulnerabilities
acroread: arbitrary code execution
| Package(s): | moodle, opera, libxcrypt, acroread, gnumeric | CVE #(s): | CVE-2008-2641 | ||||||||
| Created: | August 8, 2008 | Updated: | August 13, 2008 | ||||||||
| Description: | From the SUSE advisory: An unspecified vulnerability in acroread allowed remote attackers to cause a denial-of-service or possibly execute arbitrary code via unknown vectors. (CVE-2008-2641). | ||||||||||
| Alerts: |
| ||||||||||
clamav: denial of service
| Package(s): | clamav | CVE #(s): | CVE-2008-3215 | ||||||||
| Created: | August 8, 2008 | Updated: | August 13, 2008 | ||||||||
| Description: | From the CVE entry: libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713. | ||||||||||
| Alerts: |
| ||||||||||
condor: unauthorized access
| Package(s): | condor | CVE #(s): | CVE-2008-3424 | ||||||||||||
| Created: | August 11, 2008 | Updated: | October 8, 2008 | ||||||||||||
| Description: | From the Red Hat advisory: A flaw was found in the way Condor interpreted wildcards in authorization lists. Certain authorization lists using wildcards in DENY rules, such as DENY_WRITE or HOSTDENY_WRITE, that conflict with the definitions in ALLOW rules, could permit authenticated remote users to submit computation jobs, even when such access should have been denied. (CVE-2008-3424) | ||||||||||||||
| Alerts: |
| ||||||||||||||
git: denial of service
| Package(s): | git | CVE #(s): | CVE-2008-3546 | ||||||||||||||||||||||||
| Created: | August 13, 2008 | Updated: | February 23, 2009 | ||||||||||||||||||||||||
| Description: | From the rPath advisory: Previous versions of the git package are vulnerable to a Denial of Service in which repositories using long path-names may cause buffer overflows and application crashes on certain platforms. It has not been determined that this vulnerability can be exploited to execute malicious code. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
hplip: multiple vulnerabilties
| Package(s): | hplip | CVE #(s): | CVE-2008-2940 CVE-2008-2941 | ||||||||||||||||||||||||
| Created: | August 13, 2008 | Updated: | January 21, 2009 | ||||||||||||||||||||||||
| Description: | From the Red Hat advisory: A flaw was discovered in the hplip alert-mailing functionality. A local attacker could elevate their privileges by using specially-crafted packets to trigger alert mails, which are sent by the root account. (CVE-2008-2940) A flaw was discovered in the hpssd message parser. By sending specially-crafted packets, a local attacker could cause a denial of service, stopping the hpssd process. (CVE-2008-2941) | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
moodle: multiple vulnerabilities
| Package(s): | moodle, opera, libxcrypt, acroread, gnumeric | CVE #(s): | CVE-2008-3325 CVE-2008-3326 | ||||||||
| Created: | August 8, 2008 | Updated: | December 22, 2008 | ||||||||
| Description: | From the SUSE advisory: An incorrect input validation in moodle could be exploited by remote attackers to inject arbitrary script code or to forge HTTP requests (CVE-2008-3325, CVE-2008-3326). | ||||||||||
| Alerts: |
| ||||||||||
opera: information leak
| Package(s): | moodle, opera, libxcrypt, acroread, gnumeric | CVE #(s): | CVE-2008-3078 | ||||
| Created: | August 8, 2008 | Updated: | August 13, 2008 | ||||
| Description: | From the SUSE advisory: Opera did not properly manage memory within functions supporting the CANVAS element. This allowed attackers to read unintitialized memory contents using malicious JavaScript code (CVE-2008-3078). | ||||||
| Alerts: |
| ||||||
pdns: simpler spoofing attacks
| Package(s): | pdns | CVE #(s): | CVE-2008-3337 | ||||||||||||||||||||||||
| Created: | August 8, 2008 | Updated: | December 22, 2008 | ||||||||||||||||||||||||
| Description: | From the Red Hat bugzilla: PowerDNS does not respond to certain queries it considers malformed. This in itself is not a problem, and was even thought of as a security measure. Brian and Florian have discovered that not answering a query for an invalid DNS record within a valid domain allows for a larger spoofing window of the valid domain. Because of the Kaminsky-discovery, this has become bad. For a sophisticated attacker, this provides no benefit. However, such a long window allows unsophisticated hackers to achieve better results. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
uudeview: insecure temporary file creation
| Package(s): | uudeview | CVE #(s): | CVE-2008-2266 | ||||
| Created: | August 12, 2008 | Updated: | August 13, 2008 | ||||
| Description: | From the Gentoo advisory: UUdeview makes insecure usage of the tempnam() function when creating temporary files. NZBGet includes a copy of the vulnerable code. A local attacker could exploit this vulnerability to overwrite arbitrary files on the system. | ||||||
| Alerts: |
| ||||||
vim: arbitrary command execution
| Package(s): | gvim | CVE #(s): | CVE-2008-2712 | ||||||||||||||||||||||||||||||||||||||||||||
| Created: | August 12, 2008 | Updated: | March 24, 2009 | ||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the CVE entry: Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (2) zipplugin, (3) xpm.vim, (4) gzip_vim, and (5) netrw. | ||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||
xine-lib: buffer overflow
| Package(s): | xine-lib | CVE #(s): | CVE-2008-1110 | ||||||||
| Created: | August 7, 2008 | Updated: | August 21, 2008 | ||||||||
| Description: | xine-lib has a buffer overflow vulnerability. From the National Vulnerability Database entry: Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. | ||||||||||
| Alerts: |
| ||||||||||
Page editor: Jake Edge
Kernel development
Brief items
Kernel release status
The current 2.6 development kernel is 2.6.27-rc3, released on August 12. Along with the expected pile of fixes, this release includes a bunch of big kernel lock pushdown work in the watchdog subsystem, an SMSC SCH5027 i2c driver, an Analog Devices AD7414 temperature monitoring chip driver, and the new ath9k driver (for Atheros 802.11n devices) contributed by Atheros. See the short-form changelog for details, or the full changelog for lots of details.As of this writing, no changes have been committed to the mainline repository since the 2.6.27-rc3 release.
No stable kernel updates have been made over the last week.
Kernel development news
Quotes of the week
Linux kernel participation guide published by the Linux Foundation
The Linux Foundation has sent out a press release announcing the availability of How to participate in the Linux community, an extended guide written by LWN editor Jonathan Corbet. "'The Linux Foundation hears from developers all over the world who want to participate in the kernel community but sometimes struggle with exactly how,' said Amanda McPherson, vice president, marketing and developer programs. 'This new guide will make that process easier and bring new companies and developers into the Linux fold.'"
ACM Operating Systems Review issue on the Linux Kernel available
The Association for Computing Machinery (ACM) has released a special topics issue of Operating Systems Review that covers the Linux kernel. The issue has papers on various topics of interest to kernel hackers and watchers. "Included are 12 papers about the advances that have been merged or are candidates to be merged into the Linux kernel, as well as new idea papers discussing promising experimental work." Click below for more information including a table of contents.
Kernel-based checkpoint and restart
Your editor, who has carefully hidden several years of experience in Fortran-based scientific programming from this readership, encountered checkpoint and restart facilities a long time ago. In those days, programs which would run for days of hard-won CPU time on an unimaginably fast CDC or Cray mainframe would occasionally checkpoint themselves, minimizing the amount of compute time lost when (not if) the system went down at an inopportune time. It was a sort of insurance policy, with the premiums being paid in the form of regular checkpoint calls.Central processor time is no longer in such short supply, but there is still interest in the ability to checkpoint a running application and restore its state at some future time. One obvious application of this capability is to restore the application on a different machine; in this way, running applications can be moved from one host to another. If the "application" is an entire container full of tasks, you now have the ability to shift those containers around without the contained tasks even being aware of what is going on. That, in turn, can provide for load balancing, or just the ability to move containers off a machine which is being taken down.
Linux does not have this capability now. Anybody who thinks about adding it must certainly find the prospect daunting; applications have a lot of state hidden throughout the system. This state includes open files (and positions within the files), network sockets and pipes connected to remote peers, signal states, outstanding timers, special-purpose file descriptors (for epoll_wait(), for example), ptrace() status, CPU affinities, SYSV semaphores, futexes, SELinux state, and much more. Any failure to save and properly restore all of that state will result in a broken process. It is no wonder that Linux does not do checkpoint and restart; most rational developers would be driven away by the complexities involved in making it work in an even remotely robust manner.
But, then, there was a time when rational programmers would not have attempted the creation of Linux in the first place. So it should not be surprising to see that developers are working on the checkpoint and restart problem. The latest attempt can be seen in this patch set posted by Dave Hansen (but originally written by Oren Laadan). It is far from being ready for prime-time use, but it does show the sort of approach which is being taken.
For some time, the prevailing wisdom was that checkpoint and restart should be pushed as much into user space as possible. A user-space process could handle the marshaling of process state and writing it to a file; the kernel would only get involved when it was strictly necessary. It turns out, though, that this involvement is required fairly often, requiring the addition of "lots of new, little kernel interfaces" to make everything work. So, at a meeting at OLS, the checkpoint/restart developers decided to take a different approach and move the work into the kernel. The result is the creation of just two new system calls:
int checkpoint(pid_t pid, int fd, unsigned long flags);
int restart(int crid, int fd, unsigned long flags);
A call to checkpoint() will write an image of the current process to the given fd. The pid argument identifies the init process for the current process's container; it is saved to the image but not otherwise used in the current patch. If the operation succeeds, the return value will be a unique (until the system reboots) "checkpoint image identifier". restart() reverses the process; crid is the image identifier, which is not currently used. The flags argument is currently unused in both system calls. These interfaces seem likely to change; future enhancements to the interface are likely to include capabilities like checkpointing other processes and groups of processes.
The CAP_SYS_ADMIN capability is currently required for both checkpoint() and restart(). That is somewhat unfortunate, in that it would be nice if ordinary, unprivileged processes were able to checkpoint and restart themselves. There are some real security implications which must be kept in mind, though, especially when one considers the sort of damage that could result from an attempt to restart a carefully-manipulated checkpoint image. Making restart() secure for unprivileged use will not be a job for the faint of heart.
At this stage of development, the patch does not even attempt to solve the entire problem. It is able to save the current state of virtual memory (but only in the absence of non-private, shared mappings), current processor state, and the contents of the task structure. That is enough to checkpoint and restart a "hello, world" program, but not a whole lot more. But that is a reasonable place to start. Given the complexity of the problem, proceeding in careful baby steps seems like the right way to go. So we're probably not going to have a working checkpoint facility in the kernel in the near future, but, with luck and patience, we'll eventually have something that works.
Block layer discard requests
Solid-state, flash-based storage devices are getting larger and cheaper, to the point that they are starting to displace rotating disks in an increasing number of systems. While flash requires less power, makes less noise, and is faster (for random reads, at least), it has some peculiar quirks of its own. One of those is the need for wear leveling - trying to keep the number of erase/write cycles on each block about the same to avoid wearing out the device prematurely.Wear leveling forces the creation of an indirection layer mapping logical block numbers (as seen by the computer) to physical blocks on the media. Sometimes this mapping is done in a translation layer within the flash device itself; it can also be done within the kernel (in the UBI layer, for example) if the kernel has direct access to the flash array. Either way, this remapping comes into play anytime a block is written to the device; when that happens, a new block is chosen from a list of free blocks and the data is written there. The block which previously contained the data is then added to the free list.
If the device fills up with data, that list of free blocks can get quite short, making it difficult to deal with writes and compromising the wear leveling algorithm. This problem is compounded by the fact that the low-level device does not really know which blocks contain useful data. You may have deleted the several hundred pieces of spam backscatter from your mailbox this morning, but the flash mapping layer has no way of knowing that, so it carefully preserves that data while scrambling for free blocks to accommodate today's backscatter. It would be nice if the filesystem layer, which knows when the contents of files are no longer wanted, could communicate this information to the storage layer.
At the lower levels, groups like the T13 committee (which manages the ATA standards) have created protocol extensions to allow the host computer to indicate that certain sectors are no longer in use; T13 calls its new command "trim." Upon receipt of a trim command, an ATA device can immediately add the indicated sectors to its free list, discarding any data stored there. Filesystems, in turn, can cause these commands to be issued whenever a file is deleted (or truncated). That will allow the storage device to make full use of the space which is truly free, making the whole thing work better.
What Linux lacks now, though, is the ability for filesystems to tell low-level block drivers about unneeded sectors. David Woodhouse has posted a proposal to fill that gap in the form of the discard requests patch set. As one might expect, the patches are relatively simple - there's not much to communicate - though some subtleties remain.
At the block layer, there is a new request function which can be called by filesystems:
int blkdev_issue_discard(struct block_device *bdev, sector_t sector,
unsigned nr_sects, bio_end_io_t end_io);
This call will enqueue a request to bdev, saying that nr_sects sectors starting at the given sector are no longer needed and can be discarded. If the low-level block driver is unable to handle discard requests, -EOPNOTSUPP will be returned. Otherwise, the request goes onto the queue, and the end_io() function will be called when the discard request completes. Most of the time, though, the filesystem will not really care about completion - it's just passing advice to the driver, after all - so end_io() can be NULL and the right thing will happen.
At the driver level, a new function to set up discard requests must be provided:
typedef int (prepare_discard_fn) (struct request_queue *queue,
struct request *req);
void blk_queue_set_discard(struct request_queue *queue,
prepare_discard_fn *dfn);
To support discard requests, the driver should use blk_queue_set_discard() to register its prepare_discard_fn(). That function, in turn, will be called whenever a discard request is enqueued; it should do whatever setup work is needed to execute this request when it gets to the head of the queue.
Since discard requests go through the queue with all other block requests, they can be manipulated by the I/O scheduler code. In particular, they can be merged, reducing the total number of requests and, perhaps, pulling together enough sectors to free a full erase block. There is a danger here, though: the filesystem may well discard a set of sectors, then write new data to them once they are allocated to a new file. It would be a serious mistake to reorder the new writes ahead of the discard operation, causing the newly-written data to be lost. So discard operations will need to function as a sort of I/O barrier, preventing the reordering of writes before and after the discard. There may be an option to drop the barrier behavior, though, for filesystems which are able to perform their own request ordering.
Outside of filesystems, there may occasionally be a need for other programs to be able to issue discard requests; David's example is mkfs, which could discard the entire contents of the device before making a new filesystem. For these applications, there is a new ioctl() call (BLKDISCARD) which creates a discard request. Needless to say, applications using this feature should be rare and very carefully written.
David's patch includes tweaks for a number of filesystems, enabling them to issue discard requests when appropriate. Some of the low-level flash drivers have been updated as well. What's missing at this point is a fix to the generic ATA driver; this will be needed to make discard requests work with flash devices using built-in translation layers - which is most of the devices on the market, currently. That should be a relatively small piece of the puzzle, though; chances are good that this patch set will be in shape for inclusion into 2.6.28.
Udev rules and the management of the plumbing layer
Once upon a time, a Linux distribution would be installed with a /dev directory fully populated with device files. Most of them represented hardware which would never be present on the installed system, but they needed to be there just in case. Toward the end of this era, it was not uncommon to find systems with around 20,000 special files in /dev, and the number continued to grow. This scheme was unwieldy at best, and the growing number of hotpluggable devices (and devices in general) threatened to make the whole structure collapse under its own weight. Something, clearly, needed to be done.For a little while, it seemed like that something might be devfs, but that story did not end well. The real solution to the /dev mess turned out to be a tool called "udev," originally written by Greg Kroah-Hartman. Udev would respond to device addition and removal events from the kernel, creating and removing special files in /dev. Over time, udev gained more powerful features, such as the ability to run external programs which would help to create persistent names for transient devices. Udev is now a key component in almost all Linux systems. It's like the plumbing in a house; most people never notice it until it breaks. Then they realize how important a component it really is.
Udev is configured via a set of rules, found under /etc/udev/rules.d on most systems. These rules specify how devices should be named, what their ownership and permissions should be, which kernel modules should be loaded, which programs should be run, and so on. The udev rule set also allows distributors and system administrators to tweak the system's device-related behavior to match local needs and taste.
Or maybe not. Udev maintainer Kay Sievers has recently let it be known that he would like all distributors to be using the set of udev rules shipped with the program itself. Says Kay:
This request was surprising to some. A Linux system is full of utilities with configuration files under /etc; there is not normally a push for all distributions to use the same ones. So why should all distributors use the same udev rules? The reasoning here would appear to come down to these points:
- The udev rules files are not really configuration files - they are,
instead, code written in a domain-specific language. For a
distributor to change those files is akin to patching the underlying C
code; far from unheard of, but generally seen as being undesirable.
As a way of underscoring this point, the udev developers are moving
the udev rules out of /etc and into /lib.
- There is little reason for distributors to differentiate themselves
based on their device naming schemes, and every reason to have all
Linux systems use the same device names. For the situations where
reasonable distributions may still differ - which group should own a
device, for example - there is a mechanism to add distributor-specific
rules.
- Increasingly, other packages will depend on a specific udev setup for the underlying system. Distributors which use their own rules will have a harder time making these new tools work right.
That last point refers, in particular, to DeviceKit, a set of tools designed to make the management of devices easier. Between them, udev and DeviceKit are being positioned to replace most of the functionality in the much-maligned hal utility. See this posting from David Zeuthen for lots more information on DeviceKit and the migration away from hal in general.
The only problem is that some distributors aren't playing along. Marco
d'Itri, the Debian udev maintainer, responded that a common set of udev rules is
"not going to happen." The default rules, he says, do not meet Debian's
need to support older kernels, and, besides, "I consider my rules
much more readable and elegant than yours
". Ubuntu maintainer Scott
James Remnant is also reluctant to use the
default rules.
Scott appears to be willing to consider a change to the default rules if it can be made to work right; Marco, instead, seems determined to hold out. When encouraged to send patches to improve the default rules (and make them more elegant), he responded:
It appears likely that most of the distributors will come to see the udev rules as code which is to be maintained upstream; even Debian may come along eventually. As this happens, the layer of "plumbing" which sits just on top of the kernel should be worked into better shape. Kernel developers may find themselves involved in this process; David has posted a proposal that all new kernel subsystems, before being merged, must be provided with a set of udev rules. That would help the udev developers get a set of default rules into shape before the distributors feel the need to step in to make things work.
Increasingly, the operation of the kernel is being tied to a set of low-level user-space applications; there is not much which can be done with a bare kernel. How all of this low-level plumbing should work, and how it should interoperate with the kernel, is still being worked out. The management of udev policies is just one of the outstanding issues. So the upcoming Linux Plumbers Conference would seem to be well timed; there's a lot to talk about.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Security-related
Virtualization and containers
Benchmarks and bugs
Page editor: Jonathan Corbet
Distributions
News and Editorials
Distributions at LinuxWorld 2008
I went to LinuxWorld last week primarily to lead a Birds of a Feather discussion, the title of which was "Which Linux Distribution is Right for Me?" It seemed to be generally well received, though a few people left early after it became clear that there were no flashy slides, nor was I going to reveal the "One True Linux Distribution". I don't believe there is one true distribution, just as there is no one true use for Linux. So I pointed people to The List and we talked about a few distributions that might meet some specific needs that people had.
There was plenty of time left over to walk around the Expo, looking for
distribution booths on the show floor. Oracle had a big booth to the right
of the entrance. Access was on the other side. 
The Linux Garage was an interesting place, full of various embedded devices. Did you know that the Open Moko phones are currently available with three versions of its OS? Version 2007.2 is the oldest. It uses gtk and supports caller dialing contacts. The ASU 2008.8 OS is based on Qt. The latest and greatest Open Moko system is the FSO (FreeSmartphone.Org) which makes use of gtk, Qt and Python. Next up will be a version using Trolltech's Qtopia for the GreenPhone.
The NSLU2 comes with Debian or OpenWRT. OpenWRT is also used in the FON
wireless router and the Meraki wireless router. The later can be managed
via a web interface. OpenWRT will also run on ASUS WL520GU and the Gateway
Avila, but it is not installed by default.
Canonical had a large booth. In half they were showing off Netbooks, with the Ubuntu remix for the Netbook. The other half had various business partners showing off the software packages that were available on Ubuntu. Ubuntu was also the distribution of choice at the Installfest. Xubuntu was used on the really low memory machines. Untangle was a major sponsor of the Installfest.
Linpus and gOS has crowded booths, so I didn't get very close. I did find some pictures from the gOS booth. Fedora and openSUSE had booths in the .org pavilion, where I stopped for a quick chat but didn't get any pictures. Fedora had computers from Shuttle, with Fedora pre-installed. openSUSE's mlasars had this to say about LWE 2008. Linux Magazine's Joe Casad interviewed Fedora's Karsten Wade (video) and Karsten had some reflections on his blog. I also stopped at the Vyatta booth. I reviewed Vyatta briefly several years ago, but at that time the distribution didn't do DHCP protocol. The new version of Vyatta does DHCP, VPN and lots of other things. Vyatta recently announced a firewall/router product that they plan to start shipping in a few weeks.
Foresight joined up with Shuttle Computers at their booth. Small and quiet
Shuttle computers were also at the Fedora booth. Shuttle will install
Foresight or Fedora (and probably other distributions) if you like.
Foresight is based on rPath and has been known for closely following the
GNOME desktop. It seems that Foresight is now planning on a KDE
edition.
New Releases
BLFS-6.3-rc3 has been released!
Beyond Linux From Scratch has released the third release candidate of BLFS 6.3. The final release is due August 24th. See the release notes for more information.
Distribution News
Debian GNU/Linux
Bits from the GNU/kFreeBSD porters
Click below for a status update on the Debian GNU/FreeBSD port. This port consists of two architectures: kfreebsd-i386 and kfreebsd-amd64.Bits from the DPN editors
Alexander Reichle-Schmehl reports on the status of the Debian Project News. "It's more or less four months since I proposed to resurrect our newsletter. We already released eight issues of the "Debian Project News" and work for the ninth issue has already started. So I guess it's time for a small "state of the DPN" speech."
DebConf8 video streams available
Streaming video of talks from the 8th annual Debian conference (DebConf8) are now available. The conference is being held in Mar del Plata, Argentina, August 10-16.RFA: The Debian Jr. project
The Debian Jr. project is in such of a new leader. The current leader, Ben Armstrong writes: "The time has come for me to give up the Debian Jr. project for someone else to lead. While I still have a clear vision for it, my heart has not been in the work for some time. It has been in "maintenance mode" for some years with no forward motion."
Fedora
Fedora Board Recap 2008-AUG-05
The August 5th meeting of the Fedora Board looked at Codecs, Trademark Guidelines, board elections, Privacy Policy, Package Reviews and more.9 + 5 things you'll get with Fedora 10
Fabrizio Balliano lists nine accepted features, plus five proposed features in Fedora 10. "Fedora 10 will be released on 28th October 2008, let's take a look at what some of the upcoming features, 9 of them have been accepted by the team, 5 more are still in the "proposed" state. If you want you can check the whole list."
Gentoo Linux
Gentoo announces the final removal of php-4*
August 8th is the date of official discontinuation of any work on php-4 (even security-related) on the upstream side. On gentoo, =dev-lang/php-4* has already been masked for security reasons since Oct 19th 2007, along with everything which depends on it. "Removal from our tree was initially announced for Jan 1st 2008, but we decided to postpone it until today to give users even more time to migrate."
Ubuntu family
Minutes from the Ubuntu Technical Board, 2008-07-15
The minutes from the July 15 meeting of the Ubuntu Technical Board are available. Topics include cdrtools, DKMS, Filesystem checking / AutoFsck, Technical Board membership and more.Minutes from the Ubuntu Technical Board, 2008-07-29
The minutes from the July 29 meeting of the Ubuntu Technical Board are available. The discussion on cdrtools continues.network manager 0.7 bug reporting + 3G (hardware) testing
Alexander Sack reports on the addition of Network Manager 0.7 to the Ubuntu Intrepid repository, with a call for 3g testing. "Now that Network Manager 0.7 has entered the archive, I'd like to ask you to test your 3g hardware with it and report your findings to the 3G Hardware page on the wiki. We want to hear about all results - good and bad ones. Just remember to open a bug in launchpad and link it to your result on that wiki page."
Distribution Newsletters
Ubuntu Weekly Newsletter #103
The Ubuntu Weekly Newsletter for August 9, 2008 covers: Intrepid Alpha-4 ahead, Ubuntu Studio looking for help, SRU needs you, New Ubuntu Members, MOTU news, Ubuntu Kernel Next, BarCamp Chicago, Ubuntu Love Day Manila, Encrypted Private Directories, Yahoo! Zimbra Desktop, Unison, Alfresco Labs, Internet Labs in Ecuador, Linux Foundation AptChecker tool, Ubuntu and RepRap, and much more.PCLinuxOS Magazine August 2008
PCLinuxOS Magazine for August 2008 looks at Linux Media Players - Round up, Speed Up Firefox, Gnome User Guide, Chapter 5- Kde User Guide, and more. It's available in PDF or HTML.Fedora Weekly News #138
The Fedora Weekly News for August 11, 2008 has an article by Oisin Feeley titled =Solving the Unsynchronized Release of Package Dependencies=, plus Firefox Mouse Woes, Bugzilla Overhauled, Feature Proposal: Provers, rpmgrok Announced, and much more.DistroWatch Weekly, Issue 265
The DistroWatch Weekly for August 11, 2008 is out. "While interacting with the Linux user community through DistroWatch is an enjoyable activity, it can't beat face-to-face encounters with real Linux users and user groups. In this week's feature story, your DistroWatch maintainer meets the members of LoLiTa, a highly active free software user's group from French Polynesia. In the news section, the openSUSE community offers version 11.0 live CDs with KDE 3.5, Xandros announces the end of Linspire and a new Debian-based beginning for Freespire, PC-BSD continues rapid alpha testing of the upcoming version 7, and the OpenSolaris user and developer community is rocked by a "messy divorce" at Blastwave.org, a major repository of Solaris and OpenSolaris packages. Also in the news, an update on the upcoming Debian GNU/Linux 5.0 "Lenny" and a preliminary feature list of the forthcoming Fedora 10. Finally, we are pleased to announce that the recipient of the July 2008 DistroWatch donation is Linux Mint."
Distribution meetings
Announcing ENOS 2008
ENOS stands for "Encontro Nacional de openSUSE", a Portuguese expression which can be translated to "National openSUSE Meeting". ENOS 2008 will be held in Instituto Superior de Engenharia do Porto, Porto, Portugal on Saturday, September 6, 2008.
Page editor: Rebecca Sobol
Development
OLS: Audio Streaming over Bluetooth
On July 23 Marcel Holtmann delivered a presentation on the state of Audio Streaming over Bluetooth at the 2008 Linux Symposium in Ottawa. Holtmann's background involves working on improving Linux Bluetooth audio support for laptops and embedded systems such as cell phones.
Marcel expressed frustration with the complexity of the Bluetooth specifications which include approximately 20 protocols and 40 profiles. Profiles include things like mono headsets, in-car usage and high quality stereo headphones. There are protocols for serial device emulation, phone book access, caller ID information, text messaging and multiple options for audio and video.
Bluetooth defines separate protocols for streaming and control, such as skipping tracks, seeking within tracks, and displaying ID3 information. Having these aspects split into different protocols was called "messy" because they are always used together.
Mono headsets are supported by the Synchronous Connection Oriented link (SCO), while the Advanced Audio Distribution Profile (A2DP) is designed for high quality stereo audio. For audio compression Bluetooth defines a royalty-free SubBand-Codec (SBC) to avoid fees for use of common codecs like MP3 and AAC. All A2DP devices must support SBC, but many also support decoding MP3 and AAC as well. Linux's SBC support was initially very poor, but some developers from the Instituto Nokia de Tecnologia in Brazil stepped up to improve encoding and now the the LGPL SBC implementation rivals some of the best commercial implementations.
Early Bluetooth headset support in Linux involved copying all the audio data over sockets from the application to the Bluetooth daemon. The daemon would then copy the data again to the device, causing unnecessary CPU usage and increasing latency. The current design works by setting up channels and connecting external applications directly to the device sockets. Marcel also mentioned investigating a shared memory approach for better performance at the cost of some extra complexity.
Adding support for a Bluetooth audio device is quite different than for standard audio hardware — compressed data must be sent directly to the devices, possibly with ID3 and other information. If the audio being played is in a format that a device does not support it must be decoded and re-encoded first. Bluetooth devices will also appear and disappear while audio is being played.
Marcel on
ALSA:
"I won't touch it anymore.
" ALSA's primary failing is that it wasn't designed
to support virtual devices.
He is also not convinced that the current direction of PulseAudio is suitable for
Bluetooth audio, in particular there is no support for
changing codecs while audio is being sent to a device.
GStreamer,
however can support the concept of virtual devices, sending
out encoded data and sending ID3 information when required.
If a file format is supported by a Bluetooth device,
GStreamer can easily be told to send it as-is without re-encoding it.
It can also handle the passing off of the encoding and decoding tasks
to special hardware, which is commonly required for embedded systems.
Future work includes adding more intelligence to the handling of control signals. When the user presses Pause and there are multiple devices and streams active, which stream should be affected? The current implementation applies the action to all streams, but it may be better to be able to tell which control device is associated with which stream.
There is also ongoing work to support new hardware. Marcel has had some issues with headsets that are very sensitive to timing, but don't provide enough timing information to reliably fix. There have also been some problems supporting "Enhanced" Synchronous Connection-oriented (eSCO) Links due to vendors that are unwilling to cooperate with the developers.
For more information on Bluetooth development see Marcel's OLS Paper [pdf] and BlueZ.org, the site for the official Linux Bluetooth protocol stack.
System Applications
Database Software
MySQL Community Server 5.0.67 has been released
Version 5.0.67 of MySQL Community Server has been announced. "The following section lists important, incompatible and security changes since the previous MySQL Community Server 5.0.51b release..."
PostgreSQL Weekly News
The August 10, 2008 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.SQLite release 3.6.1 announced
Version 3.6.1 of SQLite, a light weight DBMS, has been announced. This version adds new features, improves performance and fixes some bugs.
Security
OpenVAS Stable Release
Version 1.0 of OpenVAS has been announced. "The OpenVAS project is proud to announce the release of the first stable version of the 'Open Vulnerability Assessment System'. OpenVAS is a fork of the Nessus security scanner; while Nessus switched to a proprietary license, OpenVAS will continue to improve the scanner and will provide all components as Free Software."
Virtualization Software
Announcing: Open OVF project source code availibility
The Open OVF project has been launched. "Hi folks, we are announcing the availability of source code for the open-ovf project. OVF is a standard packaging format for virtual machines and software appliances. The open-ovf project is seeking contributors and users to help establish OVF as a transparent and platform-neutral method for packaging virtual machine images. We anticipate being able to deploy a single OVF package to either Xen or KVM. Eventually expanding that list to include VMware, Hyper-V, and other platforms. Getting to that point will require community contributions."
Jikes RVM 3.0.0 released
Version 3.0.0 of Jikes RVM has been announced, it includes a number of new capabilities. "Jikes RVM (Research Virtual Machine) provides a flexible open testbed to prototype virtual machine technologies and experiment with a large variety of design alternatives. The system is licensed under an OSI approved license. Jikes RVM runs on many platforms and advances the state-of-the-art of virtual machine technologies for dynamic compilation, adaptive optimization, garbage collection, thread scheduling, and synchronization."
Web Site Development
Catacomb: 0.9.6 released (SourceForge)
Version 0.9.6 of Catacomb has been announced. "Catacomb is a WebDAV repository module for use with the Apache WebDAV module, mod_dav. Apache mod_dav parses WebDAV and DeltaV protocol requests into operations on a repository providing persistent storage of resources and their properties. The default repository for mod_dav is provided by a separate module, mod_dav_fs, which stores resource bodies as files in the filesystem, and stores properties in a (G)DBM database. The Catacomb team is happy to announce the newest version 0.9.6. The new version 0.9.6 is the first version which supports database abstraction using mod_dbd from Apache 2.2.X."
Django 1.0 alpha 2 released
Version 1.0 alpha 2 of the Django web development platform has been announced. "In accordance with the Django 1.0 release roadmap, tonight we've released the second "alpha" testing version of Django 1.0. To grab a copy of 1.0 alpha 2, head over to the Django downloads page, and be sure to read the release notes. Please keep in mind, though, that this release is not meant for production use, and is intended primarily for developers who are interested in checking out the new features in 1.0 and helping to identify and resolve bugs prior to the final release."
Miscellaneous
Genode OS Framework: release 8.08 (SourceForge)
Version 8.08 of Genode OS Framework has been announced. "The Genode operating-system framework extends existing kernels (e.g., microkernel or hypervisor) and provides a uniform API for applications. Currently, L4/Fiasco and Linux are supported. The initial version of the Genode OS Framework is available for download."
Desktop Applications
Business Applications
Chandler 1.0 released
Version 1.0 of Chandler has been announced. "The Chandler Project is pleased to announce the release of Chandler Desktop 1.0! The Chandler Project is an open source, standards-based information manager designed for personal use and small group collaboration. For more information on the Chandler Desktop 1.0, including the major changes we've made since the previous full release, 0.7, see the following blog post: http://blog.chandlerproject.org/2008/08/08/chandler-10/"
Release 0.70.2 of Task Coach
Version 0.70.2 of Task Coach, a hierarchical task manager, has been announced. "This release fixes some bugs and brings back the Fedora RPM."
Desktop Environments
GNOME 2.23.6 Released
Version 2.23.6 of the GNOME desktop environment has been announced. "FREEEEEEEZZZZZZZZZEEE! That's it. We're feature frozen now. This means what you have in 2.23.6 is a good approximation of what you'll get in 2.24.0."
GNOME Software Announcements
The following new GNOME software has been announced this week:- Brasero 0.8.1 (new features, bug fixes and translation work)
- cairo snapshot 1.7.2 (new features)
- cairo snapshot 1.7.4 (build fix)
- Evince 2.23.6 (code cleanup, bug fixes and translation work)
- GNOME Power Manager 2.23.6 (bug fixes and translation work)
- glibmm 2.17.2 (code cleanup and bug fixes)
- libspectre 0.2.1 (bug fixes)
- Pango-1.21.4 (new features and bug fixes)
- PyGtksourceview 2.3.0 (new features and code cleanup)
KDE Software Announcements
The following new KDE software has been announced this week:- ipodslave for KDE4 pre 0.01 (early release)
- Kalasnikof 1.5.2 (new features and bug fixes)
- KGRUBEditor 0.8 (new features and bug fixes)
- KGRUBEditor 0.8.1 (new feature and bug fixes)
- KleanSweep 0.2.9 (code cleanup and translation work)
- K Menu Gnome 0.7.3 (new features and code cleanup)
- KNDISWrapper 0.2.0 (unspecified)
- konqil.icio.us 3.0 (new feature)
- Konversation 1.1 for KDE 3.5 (new features and bug fixes)
- Kopete Log Sync Toolkit 0.1 (new features and bug fixes)
- Lithium Power Manager 0.1 (initial release)
- lrcShow-II 0.8.2 (new features and bug fixes)
- NetVideoEncoder 2r0alpha5 (new features)
- Open Yakuake here 1.0 (initial release)
- PeaZip 2.2 (UTF-8 support, new features and bug fixes)
- Ruby Lyric Parser 1.2 (new features and bug fix)
- SMILE 0.6.7 (new features, bug fixes and translation work)
- uRSSus 0.2.10 (new features and bug fixes)
- Valknut 0.3.19 / 0.4.5 (new features and bug fixes)
- Xt7-Player 0.6.3 (new features)
KDE Commit-Digest (KDE.News)
The July 27, 2008 edition of the KDE Commit-Digest has been announced. The content summary says: "In this week's KDE Commit-Digest: Support for hiding/showing system icons in Plasma, support for using the native Windows start menu where appropriate, with more work in the "Previewer" applet and "TabBar". Better filtering support in the "FolderView" applet. Various work toward Amarok 2, including visual changes, work on playlists, and initial support for MTP devices. Work on a welcome screen in Parley. Initial commit of a "Sky Calendar" tool in KStars. A Twitter plugin in Marble..."
Xorg Software Announcements
The following new Xorg software has been announced this week:- xf86-input-synaptics 0.15.0 (new features, bug fixes and documentation work)
Financial Applications
LedgerSMB 1.2.14 released
Version 1.2.14 of LedgerSMB, a web-based accounting system, has been announced. "This is a maintenance release which includes bugfixes only."
Games
pyglet 1.1 released
Version 1.1 of pyglet has been announced, it adds a number of new features. "pyglet provides an object-oriented programming interface for developing games and other visually-rich applications for Windows, Mac OS X and Linux."
Multimedia
Elisa Media Center 0.5.5 released
Version 0.5.5 of Elisa Media Center has been announced. "An accent has been put on stability during this release cycle which resulted in 18 bugs fixed. We have also introduced new features and re-introduced some that were in the 0.3.x series and had not been ported to the new architecture yet."
Music Applications
klick 0.8.0 and gtklick 0.1.0 announced
Version 0.8.0 of klick and version 0.1.0 of gtklick have been announced. "klick 0.8.0 is out, as well as the first release of its GUI frontend, gtklick. klick is an advanced command-line based metronome for JACK. Features include tempo maps, four built-in sounds to choose from, JACK transport support, and a lot more."
Mixxx 1.6.0 released
Version 1.6.0 of Mixxx has been announced. "Mixxx is currently the most popular open source djing software package, providing everything you need to make your mixes in a completely open source environment. The Mixxx development team is proud to announce the release of version 1.6.0, representing 16 months of development. It is available for Linux, Intel Mac and Windows."
Word Processors
Anaphraseus: 1.22 released (SourceForge)
Version 1.22 of Anaphraseus has been announced, it includes some new capabilities and bug fixes. "Anaphraseus is a CAT (Computer Aided Translation) tool, OpenOffice.org 2 macro set similar to famous Wordfast. Works with Wordfast Translation Memory format (*.TXT). Supports text segmentation. Features: Term Recognition. Fuzzy Search. Unicode support."
Miscellaneous
T-Rex: 0.3 released (SourceForge)
Version 0.3 (the initial release) of T-Rex has been announced. "T-Rex (Trainable Relation Extraction) is a highly configurable machine learning-based Information Extraction from Text framework, which includes tools for document classification, entity extraction and relation extraction."
Languages and Tools
C
GCC 4.3.2 Status Report
The August 8, 2008 edition of the GCC 4.3.2 Status Report has been published. "The GCC 4.3 branch is open for commits under normal release branch rules. We are trying to drive towards a 4.3.2 release, but there are still two P1s..."
GCC 4.4.0 Status Report
The August 8, 2008 edition of the GCC 4.4.0 Status Report has been published. "It's time to start moving GCC 4.4.0 towards a release, with a release target date in Q4 2008 or Q1 2009. We have had an extraordinarily long Stage 1 in order to allow development of a variety of important functionality, including the IRA register allocator, tuples, the Graphite loop optimization functionality, and many other important projects. Most of these are either done, or appear to be nearing conclusion. So, we've got plenty of new functionality, and it's time to start driving towards a release."
PHP
PHP 4.4.9 released
Version 4.4.9 of PHP has been announced. "The PHP development team would like to announce the immediate availability of PHP 4.4.9. It continues to improve the security and the stability of the 4.4 branch and all users are strongly encouraged to upgrade to it as soon as possible. This release wraps up all the outstanding patches for the PHP 4.4 series, and is therefore the last PHP 4.4 release." See the change log for more details on the bugs fixed in this release.
Python
pycairo release 1.6.4 now available
Version 1.6.4 of pycairo, a set of Python bindings for the Cairo multi-platform 2D graphics library, has been announced. It features a number of new methods and some bug fixes.Python-URL! - weekly Python news and links
The August 12, 2008 edition of the Python-URL! is online with a new collection of Python article links.
IDEs
eric 4.2.0 released
Version 4.2.0 of eric, an IDE for Python and Ruby, has been announced. Numerous enhancements have been made, click below for more information.
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Federal Circuit Says Open Source License Conditions are Enforceable as Copyright Condition (New Media and Technology)
The New Media & Technology weblog covers a new ruling in the model train case; it reaffirms that free software license terms are, in fact, license terms. "The central issue in the case is whether the conditions in the open source Artistic License limit the scope of the license (in which case a failure to comply with those conditions constitutes copyright infringement) or whether those conditions are in fact merely covenants, the breach of which gives rise only to a cause of action for damages.... The appeals court concluded that the Artistic License 'on its face ... creates conditions.' The court pointed to the literal language of the license, which expressly refers to 'conditions under which a Package may be copied,' and the use of traditional language to create conditions, i.e., the use of the term 'provided that,' which creates a condition under California law." (Via Groklaw).
Editor's Note: Open Source Is Not Going To Sue You (Linux Today)
Because of the scary article about open source licensing, that we reported on last week, Linux Today editor Carla Schroder tracked down Stormy Peters to get her side. As one would guess, Peters did not think she had been quoted quite correctly. Schroder looks at the five steps Peters outlines without seeing anything too terrifying. "See anything radical here? Seems pretty common-sense to me, and a lot friendlier than having to install a licensing server to calculate how much you will be bled for eleventeen different types of server, user, CPU, per-node, per-host, per-seat, per-core, and so on licenses. Or having software that phones home to the mothership, and is always looking for excuses to not work. Not to mention giving a green light to the BSA (Business Software Alliance) to audit you at any time, at your expense, to make sure you aren't in compliance so they can whack you with massive fines."
Trade Shows and Conferences
IBM To Linux Desktop Developers: 'Stop Copying Windows' (InformationWeek)
InformationWeek covers the LinuxWorld keynote by IBM's Bob Sutor. "Bob Sutor, VP of open source and standards at IBM, told attendees of the LinuxWorld Conference in San Francisco, that what the open source community needs to make Linux popular as a desktop OS used by consumers and businesses are "some really good graphic designers." "Stop copying 2001 Windows. That's not where the usability action is," Sutor said during his afternoon keynote."
From Lego robots to hammers and nails, Linux gets embedded (Network World)
Network World visited the "garage" at the LinuxWorld expo this week to look at various gadgets running Linux. Several different devices are highlighted including the Talking Book digital audio recorder, Linuxstamp and Tin Can Tools boards for embedded hobbyists (as well as developers), OpenMoko, and more. "The device, which will cost under $10 and is slated for production in mid-2009, is targeted at developing countries where aid workers must pass on critical and often life-saving information to local people who have no way of taking notes. The Talking Book provides a library of easily retrievable recordings on such topics as helping mothers recognize the symptoms of TB or explaining how best to treat dehydration in their children."
Outsider No More: Linux Critical In Many Data Centers (ChannelWeb)
ChannelWeb reports on the increase of IT applications for Linux at LinuxWorld. "In a sign of how much Linux has become a core element in many corporate data centers, many of the new products making their debut at this week's LinuxWorld show focus on such critical IT operations as data integration, disaster recovery and security management. That's a marked change from the past when a new Linux-related product was measured more by its "cool factor" than its utility."
The best news Linux could ever receive: LinuxWorld's a bust (C|Net)
C|Net's Charles Cooper reports from LinuxWorld. "The relatively sparse turnout reflects that change in perception. Some parts of the floor at San Francisco's cavernous Moscone convention center were so thinly populated that you could have run a pickup game of Frisbee football without risk of smacking into bystanders. Ubuntu's booth was the big exception to that generalization--and it was packing them in without needing to toss away any tchotchkes! Watching the scene from a less crowded vantage point, Cluster Resources President Michael Jackson found an inverse correlation between the dwindling number of people attending LinuxWorld and the spread of Linux into the mainstream."
Akademy 2008 - Day 1 (KDE.news)
KDE.news has a report of the first day of Akademy the annual KDE desktop summit. Akademy is being held August 9-15 in Sint-Katelijne-Waver, Belgium. The report covers various talks from day one, including the keynote by Frank Karlitschek: "After this history lesson, Frank started to talk about our project - KDE. And our community. He argued our community should be what makes us special - after all, it's what drives us. If you look at the default KDE desktop - you can't help but wonder: where is the community? Why isn't there a 'KDE users nearby' Plasmoid? Could the agenda in Kontact be filled with local KDE and F/OSS related events? Brainstorming further, Frank talked about many other parts of KDE which could be improved to facilitate involvement from the community."
Akademy 2008 - Day 2 and the Akademy Awards (KDE.News)
KDE.News covers day 2 at Akademy. "The NEPOMUK talk was given by Laura Josan, and she mentioned the recent improvements to NEPOMUK. Dolphin already had NEPOMUK integration, and Konqueror has followed, allowing you to tag and rate websites. Amarok and Gwenview also support NEPOMUK these days, and a KIO slave for NEPOMUK search has been implemented. This allows you to rate a music file in your file browser and see the changes in Amarok. Laura presented a compelling vision, talking about how Marble and Amarok could work with NEPOMUK to show artists from a certain area in the world using Last.FM information. If you want to know more about NEPOMUK and how to integrate it in your application, there is a website, a mailing list and an IRC channel: #nepomuk-kde."
Legal
Linux patent pool to push for 'defensive publication' (Network World)
Network World looks at a push from the Open Invention Network (OIN) to publish details of new and innovative techniques used in free software. The idea is to defensively publish the information so that patents will not be granted or can be invalidated. "In coming weeks, OIN will reveal more details of the site, which Bergelt described as 'a production environment where we educate and train people to do this. We'll work with them to make sure it's put in a form that is acceptable.'"
The Pitfalls of Open Source Litigation (InternetNews.com)
InternetNews.com attended a free software licensing talk by Stormy Peters at LinuxWorld; the result is a scary article hyping the threat of being sued. "Enterprises have no clear guidelines as to what constitutes violation of open source licenses because most actions are settled out of court, Peters said. That 'leaves a lot of ambiguities about open source because a lot of things haven't been settled in court, so your attorneys can't give you definitive advice,' she added."
Interviews
Interview: MarkMail Indexes KDE Mailinglist Archives (KDE.News)
KDE.News features an interview with Jason Hunter. "Several weeks ago MarkMail, a project sponsored and run by Mark Logic, started indexing the KDE mailinglist archives. After about a week of hard work, the KDE archives are now directly searchable from MarkMail. Besides interesting analytics, this brings some powerful search capabilities to the table. Read on for a short interview with Jason Hunter who was responsible for engineering on the project."
Interview: Qt Comes to Mozilla and Firefox (KDE.News)
KDE.News has an interview with Oleg Romaxa about porting Mozilla to Qt. "Developers from Nokia and Mozilla have been working hard to port the Mozilla Platform and Firefox to Qt and there are now some solid results available. An experimental build of Firefox Qt is available, and you can download the sources from Mozilla's mercurial repository. The plan is to merge the Qt branch into the central Mozilla branch to make the port official. KDE Dot News spoke to developer Oleg Romaxa from Nokia who came to Akademy 2008 from Finland."
IBM VP: Office OpenXML a dead end, Microsoft will back ODF (ars technica)
Over at ars technica, they talk with Bob Sutor, IBM's vice president of open source and standards about document formats. Sutor sees OOXML, Microsoft's standard, as being on the decline in favor of ODF. "Sutor acknowledges that ODF lacks support for some of Office's functionality, but he is convinced that the gaps can be filled if Microsoft is willing to collaborate with OASIS and propose improvements to the format. His chief concern is that suspicion and distrust of Microsoft could undermine any collaboration, so he strongly encourages ODF advocates to keep an open mind and give Microsoft the benefit of the doubt if the company makes a bona fide effort to participate in the evolution of the standard."
Resources
Building an Open Source Community (fossbazaar)
Fossbazaar is carrying a set of suggestions for those who seek to jump-start a community project. "Get ready to relinquish control of 'your' product. The most successful communities form around things they can influence and drive. The more control you hand over, the more chance your community will form, and the more chance someone will come up with an idea you haven't thought of." (Thanks to Martin Michlmayr).
Reviews
Linux Application Checker Brings Distro Help (Application Development Trends)
Application Development Trends takes a look at the Linux Application Checker (AppChecker). The tool, which has been beta released by the Linux Foundation, tests application compatibility with various distributions. "According to Amanda McPherson, vice president of the Linux Foundation, AppChecker is not meant to give a 'thumbs up' or 'thumbs down' on a particular distro. Instead, it provides information needed to get the program running on each Linux version. Packages are checked against the Linux Standard Base (LSB) for each distro, and if the check is successful, developers are able to apply for LSB certification."
At last -- native apps for Motorola Linux phones (LinuxDevices)
LinuxDevices takes a look at Motorola's release of Eclipse-based development tools for mobile phone applications. "In addition to native Linux applications, Motorola's next-generation MotoMagx Linux platform will also bring the first support for Web 'widgets' to the platform. Written using common web standards such as xhtml and css, and rendered via an integrated webkit engine, the widgets can put frequently updated information directly onto the phone's background. Because of the low barriers to development (lots of folks know how to develop web apps), community interest in Widgets has run high, Wyatt said. However, widgets could also enable operators to deliver new services to phones in the field without the risk of a firmware upgrade."
Sun's FOSS VirtualBox hits the sweet spot for Linux (ITWire)
ITWire reviews VirtualBox relative to VMWare and Xen. "VirtualBox was released in its 1.6.4 version just recently, on August 1st. It has the competition in sight and points out that it specifically will allow an unmodified operating system to run in its virtual machines. By contrast, Xen mandates the guest operating system be modified to suit. Where VirtualBox really comes into its own is that it is the only professional virtualisation solution that is freely available as open source software under the GNU General Public License (GPL.)"
Anyone can play guitar...or hack the Linux kernel (C|Net)
Matt Asay covers the Linux Foundation's publication of a guide to Linux kernel development. "Well, perhaps not anyone, but navigating kernel development just got easier thanks to the Linux Foundation's publication of a guide to Linux kernel development. I don't think this means that I'm going to become the Linux kernel's top contributor anytime soon (unless, of course, they start accepting blog entries as code submissions), but it hopefully will make Linux kernel development easier to understand."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
Open Health Tools accepts major code donation
Open Health Tools has announced receiving a code donation from the California HealthCare Foundation. "Open Health Tools (OHT) today announced it has accepted a donation from the California HealthCare Foundation (CHCF) of key software components from a $10 million health information data exchange project. CHCF provided the open source-format software code to OHT, a community of information technology and health care participants, to help accelerate establishment of regional health information exchanges, a critical but often missing piece of the health care delivery system."
OpenSAF Project announces general availability of version 2.0
Version 2.0 of OpenSAF has been announced. "The OpenSAF Project, an open source community developing high availability base platform middleware, today announced that Version 2.0 of its Open Service Availability Framework (OpenSAF) code base is now available for download, free of charge, under the LGPL 2.1 license. This is the first release of the OpenSAF code base, which was developed and tested entirely by the OpenSAF community since its formal inception with the release 1 code base in January 2008."
Commercial announcements
gOS Unveils gOS 3 Gadgets at LinuxWorld
gOS has announced the release of gOS 3 Gadgets, a Linux operating system bundled with Google Gadgets, Wine and LXDE. "gOS 3 Gadgets instantly launches Google Gadgets for Linux on startup, giving users access to more than 100,000 iGoogle and Google Gadgets that are small, graphically rich applications that can be added to the desktop in seconds over the Internet. gOS 3 Gadgets will also preload WINE, LXDE, and other Google software for Linux to improve the user experience."
NI and LEGO Education develop low-cost robotics platform
National Instruments has announced a cross-platform (including the OLPC) robotics platform that is aimed at the classroom. "National Instruments and LEGO Education continue their educational robotics collaboration with the new LEGO Education WeDo classroom robotics platform. Powered by NI LabVIEW graphical design software, LEGO Education WeDo Software is a drag-and-drop, icon-based environment that students ages 7 to 11 can use to easily program their own robotics inventions. Using WeDo software, students learn basic programming skills while designing their robotics applications."
OpenX announces major Ad Server update
OpenX Technologies has announced a new release of the OpenX 2.6 ad server. "(OpenX), the world's leading independent ad server for web publishers, today announced the launch of version 2.6, a major update to its free, open source software. The release contains dozens of new features, including a new application programming interface (API), a dashboard and a faster ad tag.
Contests and Awards
LinuxWorld Product Excellence Awards announced
The winners from the 2008 LinuxWorld Product Excellence Awards have been announced. "We saw a wide variety of products submitted for the Product Excellence Awards at this years LinuxWorld Conference & Expo, which demonstrates the high level of system administration productivity happening throughout the industry, said Don Marti, site editor, LinuxWorld.com, and Product Excellence Judge. We congratulate all the winners, as well as our finalists, for making the program so competitive. This years LinuxWorld Product Excellence Awards were divided into 12 product categories, including Best of Show, that represent major areas of innovation in the Linux and open source community."
Meeting Minutes
Minutes of GNOME Foundation Board of Directors Meeting
The minutes from the July 23rd, 2008 GNOME Foundation Board of Directors Meeting have been published.July PSF Board meeting minutes
The minutes from the July 14, 2008 Python Software Foundation board meeting have been published. "A regular meeting of the Python Software Foundation ("PSF") Board of Directors was held over Internet Relay Chat beginning at 16:00 UTC, 14 July 2008. Steve Holden presided at the meeting."
Calls for Presentations
CFP: Workshop on I/O Virtualization
The First Workshop on I/O Virtualization will take place on December 10-11, 2008 in San Diego, CA. A call for papers has been announced, submissions are due by September 15. "Over the past decade, the use of virtualization technology has grown rapidly. Moreover, it is being used in a variety of places, ranging from the data center to the desktop. Although this has spurred great advances in processor and memory virtualization in commodity hardware and virtualization software, I/O virtualization has received far less attention. However, both personal computers and servers may perform significant amounts of I/O. For example, efficient virtualization of graphics hardware has presented significant challenges on the desktop and efficient virtualization of network interfaces has limited server consolidation in the data center."
Upcoming Events
Announcing Hack Week III
The OpenSUSE Hack Week III has been announced. "Novell is once again sponsoring Hack Week -- and we want you to be in on it! Hack Week III (HW3) runs from August 25th through August 29th. What's Hack Week? Hack Week is a chance for Novell's developers to work on Innovation Time Off (ITO) projects, uninterrupted by normal hacking duties. This helps provide an opportunity for Novell's developers to work on innovative new projects they might not normally be able to work on."
Italian Perl Workshop 2008 guest speakers (use Perl)
use Perl has announced the speakers for the fourth Italian Perl Workshop. The event takes place in Pisa, Italy on September 18-19, 2008. "Thanks to the sponsors, this year we have invited several Perl "celebrities": Tim Bunce, Rafael Garcia-Suarez, Marcus Ramberg and Matt S Trout."
Ohio LinuxFest Announces Keynotes for 2008
The keynotes for the Ohio LinuxFest have been announced. "Columbus, Ohio - The Linux community continues to move in new and diverse directions while building a successful momentum each new year. Credit for some of that momentum goes to those community members that advocate about and to the community. Ohio LinuxFest is proud to recognize two such community members by announcing Joe 'Zonker' Brockmeier and Jono Bacon as keynote speakers for this year's Ohio LinuxFest occurring October 10th - 11th."
piksel08 - code dreams :: REMINDER
The piksel08 conference will take place on December 4-7, 2008 in Bergen, Norway. "Piksel08 examines the other side of code, an alternative side to a hard-coded reality of work and play. Open hardware and free software project a utopic vision, yet exist within economies of capital, the dream factory of mainstream technology. Within the chance meeting of sewing machine and umbrella on the dissecting table, hardware and software are flattened."
Events: August 21, 2008 to October 20, 2008
The following event listing is taken from the LWN.net Calendar.
| Date(s) | Event | Location |
|---|---|---|
| August 19 August 24 |
SciPy 2008 Conference | Pasadena, CA, USA |
| August 20 August 22 |
Jornadas Regionales de Software Libre | Buenos Aires, Argentina |
| August 23 August 24 |
FrOSCon 2008 | Saint Augustin, Germany |
| August 26 August 29 |
WebGUI Users Conference 2008 | Madison, WI, USA |
| August 27 August 30 |
Drupalcon Szeged 2008 | Szeged, Hungary |
| August 28 August 30 |
Utah Open Source Conference 2008 | Salt Lake City, UT, USA |
| September 2 September 4 |
RailsConf Europe 2008 | Berlin, Germany |
| September 5 September 7 |
FUDCon Brno 2008 | Brno, Czech Republic |
| September 6 September 7 |
DjangoCon 2008 | Mountain View, CA, USA |
| September 7 September 10 |
Workshop on Open Source Software for Computer and Network Forensics | Milan, Italy |
| September 7 September 14 |
Python Game Programming Challenge | Online |
| September 8 | Encontro Nacional de openSUSE | Porto, Portugal |
| September 9 September 11 |
EFMI STC 2008 | London, England |
| September 12 September 14 |
The UK Python Conference | Birmingham, England |
| September 15 September 18 |
ZendCon PHP 2008 | Santa Clara, CA, USA |
| September 15 September 16 |
Linux Kernel Summit 2008 | Portland, OR, USA |
| September 16 September 19 |
Web 2.0 Expo | New York, NY, USA |
| September 17 September 19 |
The Linux Plumbers Conference | Portland, OR, USA |
| September 18 September 19 |
Italian Perl Workshop | Pisa, Italy |
| September 19 September 20 |
Maemo Summit 2008 | Berlin, Germany |
| September 20 | Celebrating Software Freedom Day in Riga, Latvia | Riga, Latvia |
| September 22 September 25 |
Storage Developer Conference 2008 | Santa Clara, CA, USA |
| September 23 September 25 |
4th International Conference on IT Incident Management and IT Forensics | Manheim, Germany |
| September 24 September 25 |
OpenExpo 2008 Zürich | Winterthur, Switzerland |
| September 25 September 27 |
Firebird Conference 2008 | Bergamo, Italy |
| September 26 September 27 |
PGCon Brazil 2008 | Sao Paulo, Brazil |
| September 26 | Far East Perl Workshop 2008 | Vladivostok, Russia |
| September 26 September 28 |
ToorCon Information Security Conference | San Diego, CA, USA |
| September 27 September 28 |
WineConf 2008 | Bloomington, MN, USA |
| September 29 October 3 |
Netfilter Workshop 2008 | Paris, France |
| September 29 September 30 |
Conference on Software Language Engineering | Toulouse, France |
| September 30 October 1 |
BA-Con 2008 | Buenos Aires, Argentina |
| October 1 October 3 |
Vision 2008 Embedded Linux Developers Conference | San Francisco, USA |
| October 2 October 3 |
ekoparty Security Conference | Buenos Aires, Argentina |
| October 3 October 4 |
Open Source Days 2008 | Copenhagen, Denmark |
| October 4 | PyArkansas 2008 | Central Arkansas, USA |
| October 4 October 5 |
Texas Regional Python Unconference 2008 | Austin, TX, USA |
| October 7 October 10 |
OWASP NYC AppSec 2008 Conference | New York, NY, USA |
| October 7 | Openmind 2008 | Tampere, Finland |
| October 7 October 10 |
Linux-Kongress 2008 | Hamburg, Germany |
| October 7 | Red Hat Government Users and Developers Conference | Washington, DC, United States |
| October 10 October 12 |
Ohio LinuxFest 2008 | Columbus, Ohio, USA |
| October 10 October 12 |
PostgreSQL Conference West 08 | Portland, OR, USA |
| October 10 October 12 |
Skolelinux Developer Gathering | Oslo, Norway |
| October 11 October 12 |
Pittsburgh Perl Workshop | Pittsburgh, PA, USA |
| October 11 October 12 |
MerbCamp | San Diego, CA, USA |
| October 13 October 14 |
Linux Foundation End User Collaboration Summit | New York, USA |
| October 13 | Skolelinux User Conference | Oslo, Norway |
| October 15 October 16 |
OpenSAF Developer Days | Munich, Germany |
| October 17 October 18 |
European PGDay 2008 | Prato, Italy |
| October 18 October 19 |
Maker Faire Austin | Austin, TX, USA |
| October 19 October 24 |
Colorado Software Summit 2008 | Keystone, CO, USA |
If your event does not appear here, please tell us about it.
Event Reports
KDE e.V. Endorses Community Working Group, Code of Conduct (KDE.News)
Sebastian Kuegler covers the KDE e.V. general assembly on KDE.News. "On Monday at Akademy, KDE's yearly world summit, the KDE e.V. held its general assembly, covering a wide range hot topics, regarding licensing and community scalability. While part of the meeting is dictated by intricacies of German association law, the AGM also provides a way of effectively solving issues arising in the KDE community and deciding on ways to move forward as an organisation. This year's KDE e.V. General Assembly endorsed a Code of Conduct, the Community Working Group and a Fiduciary License Agreement for KDE contributors."
Proceedings from the 2008 LLVM Developers' meeting
The proceedings from the 2008 LLVM Developers' Meeting, held on August 1, have been posted. Videos of most of the talks (in various proprietary formats) are available as well. Some of the topics covered include register allocation, code generation, static analysis, compiling PHP, and more.Where 2.0: Geo's Explosive Future
O'Reilly has sent out coverage of the 2008 Where 2.0 Conference. "CA-Geospatial data at Google grew 300 percent in the past year, Google Earth & Maps director John Hanke said in his keynote address to more than 900 location pioneers at the O'Reilly Where 2.0 Conference May 12-14 this year in Burlingame, CA."
Audio and Video programs
OLS 2008 videos available
Michael Opdenacker and Thomas Petazzoni of Free Electrons have released 30 videos in Ogg Theora format of keynotes, talks, and BoFs from the recent Ottawa Linux Symposium. The videos mostly focus on their interests: kernel and embedded talks.
Page editor: Forrest Cook