User: Password:
Subscribe / Log in / New account Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

By Jake Edge
October 1, 2008

Ubuntu has taken some heat over the years for its relationship with upstream projects, but the distribution seems determined to change that impression. To that end, Ubuntu has started by looking at bugs and bug reporting between the distribution and upstream projects. The visible result is the beta release of the Ubuntu Upstream Report, which displays the progress of getting bugs upstream.

Users of Ubuntu report lots of bugs in the software they use but, for the most part, those bugs aren't in any way specific to Ubuntu; they tend to also exist in the upstream project. Ubuntu collects its bugs at Canonical's Launchpad web site which allows linking those bugs to bugs in the bug tracking system of an upstream project. Once the link—or watch as it is called in Launchpad—is established, updates to the upstream bug's status will be reflected in the Ubuntu bug as well.

[upstream report screenshot]

That capability has been available for some time, but as Ubuntu looked at ways to improve how well their bugs were flowing upstream, they needed a way to measure how well watches were being used. Canonical's Ubuntu community manager Jono Bacon describes the idea behind the report:

In terms of this project, I was keen to see graphs that show the number of upstream bug linkages going on, the total number of open vs. upstream bugs and how many bugs are fixed elsewhere. We could use these graphs to determine our progress in improving our bug workflow, but this was not enough - we also needed raw data about which projects needed the most focus. Which projects were struggling the most with bug figures? Which projects were not forwarding bugs upstream? Which projects didn't have an upstream bug tracker registered in Launchpad? We had all the answers to these questions in Launchpad, but no means of gathering them. To fix this, we created the Ubuntu Upstream Report.

The report ranks Ubuntu projects by the number of open bugs, while also showing how many have progressed towards upstream. Bugs in Ubuntu get triaged by the Ubuntu bug team, with some of them getting classified as "upstream"—meaning that they exist in the project itself, rather than just Ubuntu's build. Upstream bugs that are linked to a bug in the projects bug tracker are considered "watch" bugs. Each successive stage shows the difference between the previous, both as a number and a percentage so that it is easy to see how bugs are being handled as well as where the bottlenecks are. This dashboard-style interface also allows sorting by column and retrieving lists of bugs by following the numeric links.

The report was created by Jorge Castro, who is in charge of external project developer relations for Canonical. The tool has multiple uses, as Castro explains:

We wanted to provide a tool that not only shows upstreams how well we're linking and forwarding bugs, but a day-to-day tool for maintainers to see where there are targets of opportunity to forward to upstream. And lastly, for triagers we wanted to provide real-time working "bug lists" that you can work through if you want to help be the bridge that connects the downstream Ubuntu Package to the upstream project.

Part of the idea is for the report to be used by participants in Ubuntu's 5-A-Day initiative. 5-A-Day is an effort to make the Ubuntu bug list better by encouraging users and developers to work on five bugs each day. Users can do things like try to reproduce the bug, cleaning up and adding more information to the report; while developers can triage bugs or look at patches to the upstream project to see if they are needed for Ubuntu. The report will also help those who are running or participating in Bug Jams—focused efforts to gather people together to move Ubuntu bugs along.

Linking to existing upstream bugs or creating new ones for problems that Ubuntu users find can be helpful for projects. Some projects will find it more helpful than others, as Bacon notes:

If we do link a bug upstream, we had no firm idea how useful an upstream actually find our bug data. Our discussions suggested very mixed reactions - a small project is likely to have a very different perspective on bugs than a large project. Just think about this in purely quantitative states - a small project will likely get fewer bugs, and these bugs can probably be dealt with by a small collection of volunteers. This is unlikely to scale to something like the Linux kernel or

One of the problems, of course, is the one-way nature of the watch link—Ubuntu sees changes to the upstream bug, but the reverse is not true—as projects have to come looking in Launchpad for updates. There is also resistance to using Launchpad because it is not free software, though that is slated to change by mid-2009. Overall, this new report and the focus on improving upstream relations are very welcome, but tracking bugs only goes so far; fixing upstream bugs is an important, but missing, piece.

In order to not be seen as just a consumer of upstream software, one needs to not only report bugs, but fix them as well. For all of the various bug-related efforts that Ubuntu is sponsoring, there is very little mention of actually fixing problems and sending patches upstream. There are tools like Harvest that make it easier to find upstream patches—bug fixes and enhancements for possible inclusion in the Ubuntu packages—but the focus is clearly on improving Ubuntu, as opposed to improving the software ecosystem that makes up the distribution.

It is important to remember that the efforts so far are just a start; Ubuntu is working on additional projects to improve its upstream relations. One gets the sense that they have heard the criticisms and are working to address them. Like it or no, Ubuntu has its own way of doing things which may mean it takes longer than some would like, but it certainly looks to be headed in the right direction.

Comments (67 posted)

openSUSE and the distribution of proprietary software

By Jonathan Corbet
September 29, 2008
Every Linux distributor must find its own peace when it comes to the issue of proprietary software. Some distributors will avoid anything non-free to the point of tearing firmware out of the kernel. Others, like Fedora or Debian, will not include any non-free code. Distributors like Ubuntu are rather more willing to facilitate the use of non-free software, but even they are, perhaps, not 100% comfortable with it. And distributions like Xandros positively embrace proprietary code.

OpenSUSE (like SuSE Linux before it) has traditionally taken a position which is relatively friendly toward proprietary software. It was only in 2006 that Novell announced its intention to stop shipping non-GPL kernel modules, but it never made any such promises with regard to user space. So a typical openSUSE installation disk includes a number of proprietary goodies, including the Adobe Flash player, a number of fonts, ARCAD, the Acrobat PDF reader, the Opera web browser, RealPlayer, and more.

The presence of all this proprietary code is unwelcome to some users, of course, but it has another interesting effect: it requires that openSUSE be distributed with an end-user license agreement which has some very un-free-software-like terms. Among other things, it reads:

Novell reserves all rights not expressly granted to You. You may not: (1) reverse engineer, decompile, or disassemble the Software except and only to the extent it is expressly permitted by applicable law or the license terms accompanying a component of the Software; or (2) transfer the Software or Your license rights under this Agreement, in whole or in part.

In other words, redistribution of the openSUSE DVD is not permitted. Members of the openSUSE mirror network are, technically, in violation of the EULA, though nobody appears to be in a hurry to call them on that. But the EULA raises eyebrows and makes some users uncomfortable; many people got into free software to avoid dealing with agreements like that.

The need for the EULA, rather than problems with proprietary software in general, is causing developers at Novell to reconsider which packages should go onto an openSUSE DVD. To that end, Novell product manager Michael Löffler has proposed a new scheme whereby the DVD would only contain redistributable software (including proprietary software, such as firmware, which allows redistribution). The openSUSE project would set up a network-based repository from which other proprietary applications could be installed; the installer would then install a couple of packages (the Adobe Flash player and Fluendo's MP3 codec) by default.

The end result for most users would be the same: an openSUSE installation with both free and proprietary software. At least, that would be the case for users with a decent network connection. But those users would also gain a DVD with a much less restrictive EULA allowing the DVD to be redistributed at will. (The current plan is to still have an agreement for trademark control and warranty disclaimer reasons, even though other software distributors have managed to eliminate EULAs for those purposes). At this point, it would also be easy to add an option to simply skip the configuration of the non-free repository for users who want a "clean" installation.

Most responses to this proposal have been positive. The happiness is not universal, though; one user complained:

I don't think Novell, openSUSE and us should be influenced by "bad press" of doubt quality and change what is a key point of openSUSE: offering also proprietary software ready to go on the DVD. Moving these packages to an online repository makes no difference from downloading and installing them by hand.

It is true that one-stop shopping has long been a feature of the SUSE distribution. And a recent survey [PDF] suggests that a significant portion of the openSUSE user base makes use of at least a few of the proprietary tools included there. If the presence of this code is truly a "key point" of openSUSE, then taking it out could risk upsetting users at a time when, by some accounts, the visibility of this distribution is already dropping.

This risk would be mitigated by a couple of factors, though. One is that the need to download those packages over the net is not much of a stopping point for most users. After all, people installing Linux from a CD or DVD have usually resigned themselves to a massive download of package updates after the first boot anyway. Tossing a few more packages into that download - assuming they weren't set to be updated by then anyway - is not going to change the experience in any significant way.

But the other relevant point is that the need for much of this proprietary code is decreasing. Java used to be a big part of the openSUSE proprietary software load, but Java is now free. Your editor cannot remember when he last encountered a PDF file which could not be managed by at least one free viewer - though, evidently, such files do still exist. Perhaps the biggest remaining problem is Flash; progress is being made there, but Flash is most certainly not a solved problem. Beyond that, though, there are few situations indeed where a proprietary application is really needed for ordinary tasks.

The openSUSE distribution is not distancing itself from proprietary software at this time; it is just reorganizing its management of that software to address one of the problems it brings. But it is still hard to avoid the temptation to read between lines and look forward to a day when openSUSE, too, distributes only free software - not as a result of any sort of push for purity, but just because its users no longer have any need for anything else.

Comments (26 posted)

The CME Group sees a future with the Linux Foundation

October 1, 2008

This article was contributed by Lisa Hoover

The Linux Foundation has another new organization on the membership roster this week. The CME Group announced it has joined the nonprofit organization, and its associate director, Vinod Kutty, will chair the Foundation's End User Council. The CME Group is made up of three derivatives, or futures, exchanges: the Chicago Board of Trade, and the New York and Chicago Mercantile Exchanges. Linux has played a major part of the financial services industry for many years, and representatives of the CME Group say it's time to become more involved in the evolution of open source technology.

In a prepared statement Kevin Kometer, Managing Director and Chief Information Officer of CME Group, says, "Our Linux Foundation membership allows us to move beyond just being users of Linux to being participants in the direction of this important technology. Joining the Linux Foundation and being deeply involved in Linux will also help the exchange determine the future use of our own technology."

Practically speaking, the move will increase the Group's input into the development of software developed for the financial industry, thereby giving them a boost in a very competitive global marketplace.

Kutty explains, "By most accounts, derivatives exchanges around the world do not compete with one another. Unlike the securities markets that compete for listings, the majority of derivatives products are created with intellectual capital or they are licensed products. Our main competition comes in the form of the over-the-counter (OTC) marketplace where 80% of the world's derivatives trade; only 20% of derivatives globally trade on an exchange. The OTC products often are similar or lookalike products to what an exchange would trade."

That competitive threat is a chief reason the CME Group chose to join the Linux Foundation.

"We're excited to see CME join, but not surprised at its intent," says Amanda McPherson, the Linux Foundation's VP of marketing and developer programs. "CME realizes that direct collaboration with the Linux community gives them a competitive advantage. They have bet their business on Linux to very good effect. We're seeing the innovators and leaders understand that to get the most of Linux it's important to collaborate with the community directly. Through our end user council and the yearly Collaboration Summits, companies like CME can collaborate closely with the brightest minds in Linux."

While it's unusual for large financial exchanges to sit down with kernel developers, it's not unheard of. Head Bubba, IT manager for international financial services group, Credit Suisse, was part of a panel that met with developers at last year's Kernel Summit to talk about the challenges companies face when using Linux.

Kutty will be picking up where Bubba left off. After attending this year's Kernel Summit, Kutty is slated to speak on behalf of the CME Group at October's Linux Foundation's End User Summit in New York, where he'll be talking about how the exchange has deployed Linux and where he hopes to see it go in the future.

Historically, financial transactions have taken place on an exchange's trading floor in a process known as "open outcry." This method is increasingly being replaced by electronic trading, however, and the financial industry appears to be ready to embrace open source technology in the process.

McPherson says, "the NYSE and most bank's trading systems are based on Linux. We're entering a third phase of adoption by financial services and Linux. At first it was just small, skunk works projects. Then it moved into broad-based adoption through vendors. Now we're seeing companies getting the most out of their investment by partnering directly with the community."

As a means to that end, Kutty, will work with members of the End User Council, Linux vendors, and also leaders within the Linux community to collaborate on technical and legal issues that affect FOSS. The CME Group has relied on Linux since 2003 and though it employs a variety of commercial and open source tools, Linux remains the dominant technology in use today. Kutty describes what they hope to accomplish:

The open source solutions tend to address some niches at the web tier as well as scripting tools, performance monitoring tools, log file analysis, development tools and simple document/content management.

Additionally, many of the GNU tools that are bundled with our Linux distribution are taken for granted as being available for use on any system we deploy, typically by our sysadmins as part of day-to-day operations. Some pre-date our migration to Linux because it was and is possible to use GNU tools on commercial UNIX. As open source alternatives to commercial products mature, we evaluate them and select them if they make sense. We're trying to play a more active role in the evolution of these products higher up the stack than the OS, but our initial priority is to focus on Linux improvements.

Given the current state of the economy in the US, any small advantage for the financial industry is welcome. McPherson says Linux and open source technology can certainly help play a role in fixing what's broken. "The great thing about Linux is it's open and gives customers a great deal of flexibility in working with their vendors. It runs on multiple architectures and you can get support from various vendors (or not pay for support at all). This will become more and more appealing in our current economic environment. But given the collaborative development model, Linux thrives in any economic environment because of the choice it provides."

Comments (6 posted)

Page editor: Jonathan Corbet


ParanoidLinux: from fiction to reality

By Jake Edge
October 1, 2008

A novel for young adults by Cory Doctorow has inspired the creation of a new Linux distribution focused on privacy. ParanoidLinux is still in the planning stages, but it adopts some interesting ideas from Doctorow's book to place atop a Debian Testing base. It is targeted at those who have a very strict need to disguise their documents and network traffic because of a repressive regime.

Doctorow is familiar to many in the free software world, for his work as a science fiction author as well as a digital rights activist and blogger. His recent novel, Little Brother is set in the US after another devastating terrorist attack. Because of the attack, most civil liberties have been suspended leading some characters to use an alternative operating system:

ParanoidLinux is an operating system that assumes that its operator is under assault from the government (it was intended for use by Chinese and Syrian dissidents), and it does everything it can to keep your communications and documents a secret. It even throws up a bunch of "chaff" communications that are supposed to disguise the fact that you're doing anything covert. So while you're receiving a political message one character at a time, ParanoidLinux is pretending to surf the Web and fill in questionnaires and flirt in chat-rooms. Meanwhile, one in every five hundred characters you receive is your real message, a needle buried in a huge haystack.

It is that description, along with others in the book, that is guiding the development of the "real" ParanoidLinux. While it is relatively easy to come up with a fictional privacy-oriented operating system, the reality of building one is rather challenging. The project has only existed since May, so the current focus is to get some kind of alpha system put together as a starting point.

The idea of "chaff" is one that has been taken up on the ParanoidLinux wiki. There are several facets to the problem: how does one generate normal-looking traffic while somehow transferring encrypted data as part of that traffic. There are existing techniques that could be used. Chaff combines the ideas of steganography—hiding even the existence of a message—with cryptographic techniques.

The discussion about chaff makes it clear that the ParanoidLinux developers are looking at Doctorow's ideas carefully before implementing them. Chaff is certainly not a panacea, as it won't hide the traffic from an adversary that has specifically targeted someone. It is, instead, a means to fly under the radar, to appear to be a "normal" internet user with standard traffic patterns.

Using Tor (i.e. The Onion Router) is one way to anonymously use the internet—within limits—but traffic bound for a TOR node would be very suspicious to any monitoring agency. Another privacy-enhancing feature would be full-disk encryption, but that would be yet another red flag for an agency that was inspecting the computer. These are kinds of trade-offs that are being discussed by the project as they try to narrow their focus to something that can be implemented in the near term.

Hiding, or at least obfuscating, the existence of ParanoidLinux on the computer is another piece of the puzzle. It could be very dangerous to be required by the authorities to boot one's ParanoidLinux laptop. But, if it appears to be a "regular" system—perhaps looking much like Windows—it may escape scrutiny. Encrypted data might then be stored on partitions that are not directly accessible from the desktop.

This is an interesting project for those who worry about government crackdowns or perhaps already live under a repressive regime. Even if the ParanoidLinux distribution does not meet one's needs, the various discussions on options and different ways to approach a privacy-oriented operating system will be useful. One hopes not to ever need such a system, but knowing that people are thinking about the problem—while generating a working version—is certainly reassuring. For that, we can thank Doctorow for popularizing the idea.

Comments (11 posted)

New vulnerabilities

emacspeak: temporary file vulnerability

Package(s):emacspeak CVE #(s):CVE-2008-4191
Created:October 1, 2008 Updated:October 1, 2008
Description: The emacspeak script (in versions 26 and 28) suffers from a temporary file vulnerability.
Fedora FEDORA-2008-8379 emacspeak 2008-10-01
Fedora FEDORA-2008-8423 emacspeak 2008-10-01

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):mozilla-firefox CVE #(s):CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-4059 CVE-2008-4066 CVE-2008-4069
Created:September 26, 2008 Updated:January 8, 2009
Description: Multiple vulnerabilities have been discovered in Mozilla-Firefox.
openSUSE openSUSE-SU-2014:1100-1 Firefox 2014-09-09
Gentoo 201301-01 firefox 2013-01-07
Slackware SSA:2008-366-01 mozilla 2009-01-02
Slackware SSA:2008-353-01 mozilla 2008-12-19
Debian DSA-1669-1 xulrunner 2008-11-23
Fedora FEDORA-2008-9859 thunderbird 2008-11-21
Fedora FEDORA-2008-9807 thunderbird 2008-11-21
Debian DSA-1697-1 iceape 2009-01-07
Debian DSA-1696-1 icedove 2009-01-07
Debian DSA-1649-1 iceweasel 2008-10-08
SuSE SUSE-SA:2008:050 MozillaFirefox,MozillaThunderbird,seamonkey,mozilla 2008-10-08
CentOS CESA-2008:0908 thunderbird 2008-10-06
Red Hat RHSA-2008:0908-01 thunderbird 2008-10-01
Fedora FEDORA-2008-8429 seamonkey 2008-09-27
Fedora FEDORA-2008-8401 seamonkey 2008-09-27
Mandriva MDVSA-2008:206 mozilla-thunderbird 2008-09-26
Ubuntu USN-647-1 mozilla-thunderbird, thunderbird 2008-09-26
Ubuntu USN-645-3 firefox, xulrunner 2008-09-25
Slackware SSA:2008-269-02 seamonkey 2008-09-26
Slackware SSA:2008-269-01 mozilla 2008-09-26
Mandriva MDVSA-2008:205 mozilla-firefox 2008-09-25

Comments (1 posted)

initscripts: local system file removal vulnerability

Package(s):initscripts CVE #(s):CVE-2008-3524
Created:September 25, 2008 Updated:November 13, 2008
Description: From the Fedora 9 update: This update fixes an issue (CVE-2008-3524) where a malicious user could cause system files to be removed on startup.
rPath rPSA-2008-0318-1 initscripts 2008-11-12
Fedora FEDORA-2008-7667 initscripts 2008-09-24

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-6716
Created:September 25, 2008 Updated:December 3, 2008
Description: From the Red Hat Enterprise Linux alert: a flaw was found in the Linux kernel Direct-IO implementation. This could allow a local unprivileged user to cause a denial of service.
SuSE SUSE-SA:2008:056 kernel 2008-12-03
Mandriva MDVSA-2008:220-1 kernel 2008-11-19
CentOS CESA-2008:0972 kernel 2008-11-20
Red Hat RHSA-2008:0972-01 kernel 2008-11-19
SuSE SUSE-SR:2008:025 apache2, ipsec-tools, kernel-bigsmp, flash-player, mysql, ktorrent 2008-11-14
Mandriva MDVSA-2008:220 kernel 2008-10-29
Ubuntu USN-659-1 linux, linux-source-2.6.15/22 2008-10-27
SuSE SUSE-SA:2008:052 kernel 2008-10-21
SuSE SUSE-SA:2008:051 kernel 2008-10-21
Debian DSA-1653-1 linux-2.6 2008-10-13
SuSE SUSE-SA:2008:047 kernel 2008-10-01
CentOS CESA-2008:0885 kernel 2008-09-25
Red Hat RHSA-2008:0885-01 kernel 2008-09-24

Comments (none posted)

kernel: privilege escalation

Package(s):kernel CVE #(s):CVE-2008-3525
Created:October 1, 2008 Updated:June 25, 2009
Description: Linux kernels through lack a capability check in the sbni WAN driver which could allow unauthorized users to perform privileged actions.
Fedora FEDORA-2009-6846 kernel 2009-06-23
Fedora FEDORA-2009-5383 kernel 2009-05-25
Red Hat RHSA-2008:0787-01 kernel 2009-01-05
CentOS CESA-2008:0973 kernel 2008-12-17
Red Hat RHSA-2008:0973-03 kernel 2008-12-16
Mandriva MDVSA-2008:220-1 kernel 2008-11-19
SuSE SUSE-SR:2008:025 apache2, ipsec-tools, kernel-bigsmp, flash-player, mysql, ktorrent 2008-11-14
Red Hat RHSA-2009:0001-01 kernel 2009-01-08
Mandriva MDVSA-2008:223 kernel 2008-10-31
Mandriva MDVSA-2008:220 kernel 2008-10-29
Ubuntu USN-659-1 linux, linux-source-2.6.15/22 2008-10-27
SuSE SUSE-SA:2008:053 kernel 2008-10-27
Fedora FEDORA-2008-8929 kernel 2008-10-23
Fedora FEDORA-2008-8980 kernel 2008-10-23
SuSE SUSE-SA:2008:052 kernel 2008-10-21
SuSE SUSE-SA:2008:051 kernel 2008-10-21
Debian DSA-1655-1 linux-2.6.24 2008-10-16
Debian DSA-1653-1 linux-2.6 2008-10-13
SuSE SUSE-SA:2008:049 kernel 2008-10-02
SuSE SUSE-SA:2008:047 kernel 2008-10-01

Comments (none posted)

mono: CRLF injection

Package(s):mono CVE #(s):CVE-2008-3906
Created:September 30, 2008 Updated:December 7, 2009
Description: From the CVE entry: CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
Mandriva MDVSA-2009:322 mono 2009-12-07
Ubuntu USN-826-1 mono 2009-08-26
Mandriva MDVSA-2008:210-1 mono 2008-10-11
Mandriva MDVSA-2008:210 mono 2007-10-03
rPath rPSA-2008-0286-1 mono 2008-09-29

Comments (none posted)

openafs: denial of service

Package(s):openafs CVE #(s):CVE-2007-6559
Created:September 30, 2008 Updated:October 1, 2008
Description: From the Mandriva advisory: A race condition in OpenAFS 1.3.40 through 1.4.5 allowed remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks.
Mandriva MDVSA-2008:207 openafs 2007-09-29

Comments (none posted)

pam_mount: restriction bypass

Package(s):pam_mount CVE #(s):CVE-2008-3970
Created:September 30, 2008 Updated:October 22, 2008
Description: From the Mandriva advisory: pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount.
Mandriva MDVSA-2008:208-1 pam_mount 2008-10-18
Mandriva MDVSA-2008:208 pam_mount 2007-09-29

Comments (none posted)

phpMyAdmin: code execution vulnerability

Package(s):phpMyAdmin CVE #(s):
Created:September 25, 2008 Updated:October 1, 2008
Description: From the Fedora 9 update: This update by upstream to phpMyAdmin solves a not yet clearly specified code execution vulnerability.
Fedora FEDORA-2008-8269 phpMyAdmin 2008-09-24
Fedora FEDORA-2008-8370 phpMyAdmin 2008-09-24

Comments (none posted)

phpMyAdmin: cross-site scripting vulnerability

Package(s):phpMyAdmin CVE #(s):
Created:September 25, 2008 Updated:October 1, 2008
Description: From the Fedora 8 advisory: This update by upstream to phpMyAdmin solves a not yet clearly specified XSS in MSIE using NUL byte vulnerability.
Fedora FEDORA-2008-8286 phpMyAdmin 2008-09-24
Fedora FEDORA-2008-8335 phpMyAdmin 2008-09-24

Comments (none posted)

rkhunter: insecure temp file

Package(s):rkhunter CVE #(s):
Created:September 25, 2008 Updated:October 1, 2008
Description: The rkhunter root kit checker has an insecure auxiliary tmp file usage issue that may lead to a symlink attack.
Fedora FEDORA-2008-8314 rkhunter 2008-09-24
Fedora FEDORA-2008-8364 rkhunter 2008-09-24

Comments (none posted)

rubygem-rails: SQL injection

Package(s):rubygem-rails CVE #(s):CVE-2008-4094
Created:September 29, 2008 Updated:December 21, 2009

From Ruby on Rails Security Project:

An SQL Injection vulnerability has been found in Rails. The issue affects Rails < 2.1.1, namely the :limit and :offset parameters that are not correctly sanitized:

    Person.find(:all, :limit => "10; DROP TABLE users;")
A possible attack will work only if you allow the user control these two values as in User.find(:all, :limit => 10, :offset => params[:offset]). Note that will_paginate is not affected, it escapes the values before.
Gentoo 200912-02 rails 2009-12-20
SuSE SUSE-SR:2008:027 squirrelmail, gnutls, rubygem-activerecord, rubygem-actionpack, samba, dbus-1, pdns, php5, pam_krb5 2008-12-09
rPath rPSA-2008-0295-1 rails 2008-10-16
Fedora FEDORA-2008-8282 rubygem-activesupport 2008-10-16
Fedora FEDORA-2008-8322 rubygem-activerecord 2008-09-27
Fedora FEDORA-2008-8322 rubygems 2008-09-27
Fedora FEDORA-2008-8322 rubygem-actionpack 2008-09-27
Fedora FEDORA-2008-8322 rubygem-actionmailer 2008-09-27
Fedora FEDORA-2008-8322 rubygem-activeresource 2008-09-27
Fedora FEDORA-2008-8322 rubygem-activesupport 2008-09-27
Fedora FEDORA-2008-8322 rubygem-rails 2008-09-27

Comments (none posted)

thunderbird: buffer overflow

Package(s):mozilla-thunderbird, thunderbird CVE #(s):CVE-2008-4070
Created:September 26, 2008 Updated:January 8, 2009
Description: From the Ubuntu advisory: Georgi Guninski discovered that Thunderbird improperly handled canceled newsgroup messages. If a user opened a crafted newsgroup message, an attacker could cause a buffer overrun and potentially execute arbitrary code with the privileges of the user invoking the program.
openSUSE openSUSE-SU-2014:1100-1 Firefox 2014-09-09
Gentoo 201301-01 firefox 2013-01-07
Fedora FEDORA-2008-9859 thunderbird 2008-11-21
Fedora FEDORA-2008-9807 thunderbird 2008-11-21
Debian DSA-1697-1 iceape 2009-01-07
SuSE SUSE-SA:2008:050 MozillaFirefox,MozillaThunderbird,seamonkey,mozilla 2008-10-08
CentOS CESA-2008:0908 thunderbird 2008-10-06
Red Hat RHSA-2008:0908-01 thunderbird 2008-10-01
Debian DSA-1696-1 icedove 2009-01-07
Slackware SSA:2008-270-01 thunderbird 2008-09-29
Mandriva MDVSA-2008:206 mozilla-thunderbird 2008-09-26
Ubuntu USN-647-1 mozilla-thunderbird, thunderbird 2008-09-26

Comments (none posted)

viewvc: ignore user-provided MIME types

Package(s):viewvc CVE #(s):
Created:September 25, 2008 Updated:October 1, 2008
Description: ViewVC ignores arbitrary user-provided MIME types, see ViewVC issue #354 for more details.
Fedora FEDORA-2008-8252 viewvc 2008-09-24
Fedora FEDORA-2008-8270 viewvc 2008-09-24

Comments (none posted)

Page editor: Jake Edge

Kernel development

Brief items

Kernel release status

The current 2.6 development kernel is 2.6.27-rc8, released by Linus on September 29. It is, he says, likely to be the last -rc release before the 2.6.27 final, but it is not clear that he was thinking about the e1000e problem (see below) at the time.

A handful of fixes have gone into the mainline repository since the 2.6.27-rc8 release.

There have been no stable 2.6 releases over the last week; in fact, the last such was on September 8.

Comments (none posted)

Kernel development news

Quotes of the week

The userspace API you propose should however be taken out and shot, then buried with a stake through its heart, holy water in its mouth and its head cut off, at midnight in a pentacle at a crossroads in the presence of a priest.
-- Alan Cox, who seems strangely appropriate for the priest role.

Btw, the _real_ bug is clearly in the hardware design that allows you to brick those things without apparently even having a lock bit.

I'm hoping Intel doesn't treat this as just a software bug. Some hw designer should be thinking hard about which orifice they put their head up in.

-- Linus Torvalds

What a low-rent cheeseball freshman maneuver. Too bad I don't drink, or some kernel hackers would get an earful of fresh rumors about the mental acuity of stap hackers at the bar tonight! Ok, staprun, let me get a baby wipe there, I'm feeling parental.
-- Roland McGrath has fun with SystemTap

But I also have a UI that the kids can run to _see_ how much time they have left, so that getting thrown off the machine doesn't come as a total surprise. And yesterday Patricia asked why it has to be that ugly. And I had to admit that her dad is just not very good at UI's...
-- Linus Torvalds fails to impress his kids (Thanks to Nicolas Pitre).

Comments (4 posted)

The state of the e1000e bug

By Jonathan Corbet
October 1, 2008
Linus Torvalds sent out the 2.6.27-rc8 release on September 29 with this comment:

This one should be the last one: we're certainly not running out of regressions, but at the same time, at some point I just have to pick some point, and on the whole the regressions don't look _too_ scary.

This assertion raised a few eyebrows among those who are nervously watching the e1000e corruption bug. While the development community disagrees on all kinds of issues, there is a reasonably strong consensus that hardware-destroying bugs can be seen as "scary."

Given that, it would be nice to say that this particular regression has been tracked down and fixed, but that is not the case. As of this writing, nobody knows what is causing systems with 2.6.27-rc kernels to occasionally overwrite the EEPROM on e1000e network adapters. The progress which had been made, while discouragingly small, does narrow down the problem a bit:

  • There was an early hypothesis that the GEM graphical memory manager code might be responsible for the problem. There have been reports of corruption on distributions which do not package GEM, though, so GEM is no longer a suspect.

  • For similar reasons, the idea that the page attribute table (PAT) work could somehow be responsible has been discarded.

  • There has been a strong correlation between corrupted hardware and the presence of Intel graphics hardware. That has led to a lot of speculation that the Intel driver may somehow be doing the actual corruption, though a separate bug in the e1000e driver may be enabling that to happen. But there is now a report of corruption with a system running NVIDIA graphics. If that report is truly the same problem, then the hypothesis will be substantially weakened. (As an aside, it's worth pondering what would have happened if NVIDIA users had reported the problem first; the temptation to blame the proprietary NVIDIA driver could have been strong enough to delay action on the bug for some time).

So the signs point toward a problem localized within the e1000e driver, but it is too early to make that conclusion. This bug remains mysterious, and it could turn out to have surprising origins.

The nature of this bug makes it harder than usual to track down. It seems to be dependent on some sort of race condition, so it is hard to reproduce. But the way in which the bug makes itself known has the effect of greatly reducing the number of testers trying to reproduce it. People who can avoid that combination of software are doing so, and distributors shipping development kernels have disabled the e1000e driver. Dave Airlie's approach:

But I'm leaving this up to Intel, I don't think HP will take it too kindly if I keep returning my laptop.

must be fairly typical.

One gets the sense that a fairly hot fire has been ignited underneath a number of posteriors at Intel; its developers are active in the discussion and clearly wanting to get this one solved. One objective has been the creation of a utility which would return corrupted hardware to a functioning state, but that tool has been slow in coming. Restoring trashed e1000e adapters appears to be a hard problem, but this is one that Intel has to get right. If more testers are to be encouraged to risk corruption with the idea that the recovery tool will fix them up again, that tool needs to actually work when the time comes. So it is hard to blame Intel for taking the time to ensure that the recovery tool will do its job, but, in the mean time, its absence is making testing harder.

Frans Pop raised an interesting long-term concern: even if this bug is fixed tomorrow, it will be present in most of the 2.6.27 history. Anybody bisecting the kernel in an attempt to track down an unrelated bug risks being bitten by a zombie version of the e1000e bug. There may be no way to deal with that threat other than the posting of some big warnings. Rewriting the bug out of the mainline repository's history is possible with git, but it would create disruption for everybody working from a clone of the repository.

Meanwhile, there could be some interesting consequences if the resolution of this problem takes much more time. It is hard to imagine that the 2.6.27 kernel could be released with a regression of this magnitude; let us say that the reaction in the mainstream press would not be kind. A 2.6.27 delay could force delays in a number of upcoming distribution releases. This kind of cascading delay would not look good; it would, instead, be reminiscent of the troubles encountered by certain proprietary software companies.

That said, the system is clearly working. Testers found the problem before the code was released in anything resembling a stable form. Developers are now chasing after the bug as quickly as they can. There will be no stable kernel or distribution releases which corrupt hardware. This situation is a pain, but it will be soon resolved and forgotten.

Comments (8 posted)

Low-level tracing plumbing

By Jonathan Corbet
September 30, 2008
Kernel and user-space tracing were heavily discussed at both the kernel summit and the Linux Plumbers Conference. Attendees did not emerge from those discussions with any sort of comprehensive vision of how the tracing problem will be solved; there is not, yet, a consensus on that point. But one clear message did come out: we may end up with several different tracing mechanisms in the kernel, but there is no patience for redundant low-level tracing buffer implementations. All of the potential tracing frameworks are going to have to find a way to live with a single mechanism for collecting trace data and getting it to user space.

This conclusion may look like a way of diverting attention from the intractable problems at the higher levels and, instead, focusing everybody on something so low-level that the real issues disappear. There may be some truth to that. It is also true, though, that there is no call for duplicating the same sort of machinery across several different tracing frameworks; coming up with a common solution to this part of the problem can only lead to a better kernel in the long run. But there is another objective here which is just as important: having all the tracing frameworks using a single buffer allows them to be used together. It is not hard to imagine a future tracing tool integrating information gathered with simultaneous use of ftrace, LTTng, SystemTap, and other tracing tools that have not been written yet. Having all of those tools using the same low-level plumbing should make that integration easier.

With that in mind, Steven Rostedt set out to create a new, unified tracing buffer; as of this writing, that patch was already up to its tenth iteration. A casual perusal of the patch might well leave a reader confused; 2000 lines of relatively complex code to implement what is, in the end, just a circular buffer. This circular buffer is not even suitable for use by tracing frameworks yet; a separate "tracing" layer is to be added for that. The key point here is that, with tracing code, efficiency is crucially important. One of the main use cases for tracing is to debug performance problems in highly stressed production environments. A heavyweight tracing mechanism will create an observer effect which can obscure the situation which called for tracing in the first place, disrupt the production use of the system, or both. To be accepted, a tracing framework must have the smallest possible impact on the system.

So the unified trace buffer patch applies just about every known trick to limit its runtime cost. The circular buffer is actually a set of per-CPU buffers, each of which allows lockless addition and consumption of events. The event format is highly compact, and every effort is made to avoid copying it, ever. Rather than maintain a separate structure to track the contents of an individual page in the buffer, the patch employs yet another overloaded variant of struct page in the system memory map. (Your editor would not want to be the next luckless developer who has to modify struct page and, in the process, track down and fix all of the tricky not-really-struct-page uses throughout the kernel). And so on.

The patch itself does a fairly good job of describing the trace buffer API; that discussion will not be repeated here. It is worth taking a quick look at the low-level event format, though:

    struct ring_buffer_event {
	u32		type:2, len:3, time_delta:27;
	u32		array[];

This format was driven by the desire to keep the per-event overhead as small as possible, so there is a single 32-bit word of header information. Here, type is the type of the event, len is its length (except when it's not, see below), time_delta is a time offset value, and array contains the actual event data.

There are four types of events; one of them (RINGBUF_TYPE_PADDING) is just a way of filling out empty space at the end of a page. Normal events generated by the tracing system (RINGBUF_TYPE_DATA) have a length given by the len field, which is right-shifted by two bits. So the maximum event length is 28 bytes (32 bytes minus four for the header word), which is not very long. For longer events, len is set to zero and the first word of the array field contains the real length.

The other two event types have to do with time stamps. Over the course of the discussion, it became clear that high-resolution timing information is needed with all events, for two reasons. The recording of events into per-CPU arrays, while essential for performance, does have the effect of separating events which are related in time; the addition of precise timekeeping will allow events to be collated in the proper order. That collation could be handled through some sort of serial counter, but some performance issues can only be understood by looking closely at the precise timing of specific events. So events need to have real time data, at the highest resolution which is practical.

Just how that data will be recorded is still unclear, and may end up being architecture dependent. Some systems may use timestamp counter data directly, while others may be able to provide real times in nanoseconds. Whatever format turns out to be used, there is no doubt that it will require 64 bits of storage. But most of the time data is redundant between any two events, so there is no real desire to add a full 64-bit time stamp to every event in the stream. The compromise which was reached was to store the amount of time which passes between one event and the next in the 27 bits allotted. Should the time delta be too large to fit in that space, the trace buffer code will insert an artificial event (of type RINGBUF_TYPE_TIME_EXTENT) to provide the necessary storage space.

The final event type (RINGBUF_TYPE_TIME_STAMP) "will hold data to help keep the buffer timestamps in sync." This little bit of functionality has not yet been implemented, though.

The rate of change of the trace buffer code appears to be slowing somewhat as comments from various directions are addressed; it may be getting close to its final form. Then it will be a matter of implementing the higher-level protocols on top of it. In the mean time, though, the attentive reader may be wondering: what about relayfs? The relay code has been in the kernel for years, and it was intended to solve just this kind of problem.

The most direct (if not most politic) answer to that question was probably posted by Peter Zijlstra:

Dude, relayfs is such a bad performing mess that extending it seems like a bad idea. Better to write something new and delete everything relayfs related.

Deleting relayfs would not be that hard; there are only a couple of users, currently. But relayfs developer Tom Zanussi is not convinced that the problems with relayfs are severe enough to justify tossing it out and starting over. He has posted a series of patches cleaning up the relayfs API and addressing some of its performance problems. At this point, though, it is not clear that anybody is really looking at that work; it has not received much in the way of comments.

One way or the other, the kernel seems set to have a low-level trace buffer implementation in place soon. That just leaves a few other little problems to solve, including making dynamic tracing work, instrumenting the kernel with static trace points, implementing user-space tracing, etc. Working those issues out is likely to take a while, and it is likely to result in a few different tracing solutions aimed at different needs. But we'll have the low-level plumbing, and that's a start.

Comments (13 posted)

Moving the -staging tree

By Jake Edge
October 1, 2008

Greg Kroah-Hartman was tagged as the "maintainer of crap" at this year's Kernel Summit for his willingness to shepherd drivers of lower quality into the mainline. He has not shrunk from that label, when introducing a patch set that would merge some of those drivers. In fact, he has embraced the label: as part of his patch, he introduced the TAINT_CRAP flag for use in tainting kernels that load these, well, crappy drivers.

There has been an ongoing struggle between those who want to see drivers get included as quickly as possible versus those who want to see them approach or attain normal kernel quality levels first. Kroah-Hartman started the -staging tree last June as a way to increase the visibility, thus testing and bug fixing, of out-of-tree drivers. Because drivers in that tree have been steadily improving—to the point where several have graduated to the mainline—the belief is that moving -staging itself into the mainline kernel will result in even faster progress.

So, Kroah-Hartman has introduced a new directory (drivers/staging) to hold these drivers, as well as a mechanism to automatically taint the kernel if any of them get loaded. That will warn users when loading the module—at least if they check their logs—and include that info in any oops message that kernel might produce. Kernel hackers can then filter out problems depending on what the taint is—problems in kernels tainted with binary-only drivers are generally actively ignored.

Getting those drivers into the mainline, though, will make it much easier for folks who want to test them. In addition, clean-ups and fixes for the drivers will go in as mainline patches, raising the visibility of the developers working on them. The change should have very minimal impact on other kernel users and developers. In particular, developers will not have to worry about reflecting API changes into drivers/staging as Kroah-Hartman will keep them up-to-date.

The main complaint about the proposal has been that it duplicates the functionality or intent of the EXPERIMENTAL flag. There was also some belief that tainting the kernel was unduly harsh, but as Kroah-Hartman points out: "It isn't costing anything, and if a developer doesn't want to debug the kernel if such a driver is loaded, this allows them to do this."

As part of the thread, Paul Mundt explains why EXPERIMENTAL has no meaning in the kernel today:

EXPERIMENTAL today is pretty damn meaningless. What it tends to mean in practice is that somethings needs some more testing, someone wants to be able to pull out the EXPERIMENTAL card when someone enables their option and their kernel blows up, the option/feature hasn't been around in the kernel for that long, or someone has just been too lazy to remove the flag (this last one probably covers about 90% of in-tree cases today). Stuff that is actively broken (in case of your kernel blowing up, not building, etc.) tends to be shoved under BROKEN instead.

Mundt goes on to show the default configurations almost all enable CONFIG_EXPERIMENTAL, further reducing its meaning. It would be nice to audit all of the uses and restore the meaning of the flag, but that is beyond the scope of what Kroah-Hartman has set out to do. There still would be a difference, though, even if EXPERIMENTAL were meaningful. Mundt continues:

The other key difference is that even with experimental stuff in the kernel, you will still get support, so it's not really a taintable offense. Stuff in staging/ on the other hand while potentially not actively hostile against the rest of the system, is still very much an unknown, and therefore the only safe thing to do is to taint the system and allow individual developers to make a choice regarding whether any resulting oopses are worth looking at or not.

There are still some who are concerned about adding less-than-kernel-quality code. Randy Dunlap puts it this way: "I think that we have enough quality problems without adding crap." But, Linus Torvalds has always been solidly in the "merge early" camp, so this proposal seems likely to go in for 2.6.28. Besides, as Stefan Richter notes:

OTOH many if not most of the -staging drivers are ones which are already in use. Their users already deal with whatever quality problems these drivers have, in addition to having to fight with the installation hassles that are inherent to out-of-tree drivers.

In a fairly short span of time, merging drivers into the mainline has gotten a whole lot easier. At one time, developers might have to work on a driver for several development cycles before it reached a quality level that would allow it to be merged. In the interim, the -staging tree made things easier and more visible for testers and developers; soon that visibility will rise substantially again.

Comments (1 posted)

Patches and updates

Kernel trees


Core kernel code

Development tools

Device drivers

Filesystems and block I/O

Memory management



Virtualization and containers

Benchmarks and bugs


Page editor: Jonathan Corbet


News and Editorials

The Optimistic Contributor Returns - Parted Magic Part 2

September 30, 2008

This article was contributed by Robert R Boerner Jr

About eleven months ago, I wrote an article for LWN about the Parted Magic Linux Live CD distribution, a distribution with the elemental purpose of partitioning hard drives. At that time, the primary developer, Patrick Verner, had announced his intention to stop work on the distribution due to lack of support from the community. I lamented the fate of the project and wondered how many other promising projects had died under similar circumstances. I vowed to try and do better to support open software myself and called upon the community at large to do the same. Fast forward to today, and your Optimistic Contributor feels vindicated in his self-appointed choice of title.

Why, you may ask? Well, to put it simply, the project did not die. To find out what happened, I spoke again with Verner on September 14th, 2008.

OC - When we last spoke in October of 2007, you had posted on your website that development of Parted Magic would cease after version 1.9 was released. Since that time, you have released many more versions up to 3.0 (with 3.1 on deck). What motivated you to continue the project?

PV - There were very little donations, help with code, or users giving me at least a pat on the back. Between 1.8 and 1.9 was by far the lowest point in this project. To this day I still think your article saved the project, well, sort of. After your LWN article I received the best month of donations and offers for help. The worse mistake I made was not asking for help in the first place. Once I started asking for help and starting directly asking for small donations the project turned around at a rapid pace. The best advice I could give anybody working on OSS projects is to ask. People assume you like doing it for free and don't need any help. The project makes about $400 a month now and it's nice because I can take the family out bowling a few times a week, buy some new computer hardware, or buy something for the house.

OC - Since development has continued, the distro seems to have evolved at a steady pace. What features would you like to highlight, or rather, what feature(s) are you most proud of?

PV - The best thing about Parted Magic is the fact it's not based on another distribution. Parted Magic is it's own entity and has the flexibility to go where ever it needs to go and add whatever may be required to perform needed tasks. There really isn't any comparison between Parted Magic and any other distro. It's really off the wall compared to the rest. Original thinking and process is what makes Parted Magic different and it's what I'm most proud of.

OC - You have started what appears to be a project within a project with MiniPM (aka Beef Drapes). What itch were you trying to scratch with this new project?

PV - MiniPM is a small project designed to run partimage over PXE. It really wasn't too hard to create and won't be heavily maintained. It fills a small niche and so far it seems to do what it's supposed to and nothing more. It's not much of a diversion. is my test directory. It's not a separate project or fork.

OC - What do you believe will drive you to continue development on both projects for the foreseeable future?

PV - When this project is no longer useful or donations starting declining back to 1.8 levels I'm out. I don't want to do this for free. It's fun to work on and I really enjoy it, but how can I justify the hours spent to my wife if I'm getting nothing tangible in return? It was always a goal of mine to do this for a living and I'm still hopeful it could happen. All it would take is $2 from every person that finds this project useful. I work 50+ hours a week at my day job so things happen pretty slow here. I couldn't even imagine how fast things would happen and the quality this project could provide if I just had more time.

OC - If you could give advice to any open source programmer on how to keep a project going, what would you say?

PV - Enjoy what you are doing, grow a thick skin, and find motivation to do it.

OC - How has your opinion open source community changed in the last 10 months?

PV - Not at all. I failed to ask, that was my problem. If you want anything from the open source community you need to ask and give back what was given to you.

OC - Is there anything you would like to add?

PV - Sure. Use and tell me what needs to be fixed before the next release. This is a big benefit to all Parted Magic users.

Now, your Optimistic Contributor would like to take credit for helping to save the project, but all I did was inform the community of the situation. It was the community itself that did the actual saving. The donations, the offers of help, just the notes of thanks were enough to keep Verner going. Verner's response to one of my questions really resonated: "If you want anything from the open source community you need to ask and give back what was given to you."

I read that statement several times. After letting it sink in, I realized how effectively Verner got straight to the point. In my previous article I made the common statement that freedom isn't free. Verner has taken that one step further in saying that a community isn't a community without communication and give and take. That sounds obvious after the fact, but I am glad Verner put the idea so clearly in my head. I can only hope (as I am ever the Optimist) that others within the open source community receive the same level of clarity as I have.

So what about version 3.0 itself? Just like the motivation of the project maintainer, the project itself has undergone a bit of a revolution. Almost the entire underpinnings have been updated or redesigned. The user interface still looks very similar to what 1.9 was, but everything just seems smoother and more polished than before. It is actually hard to believe that the project is put together by a handful of individuals. The best way to experience what the distribution is capable of (besides reading my original article) is to take Verner's last answer to heart: "Use and tell me what needs to be fixed before the next release. This is a big benefit to all Parted Magic users."

Comments (none posted)

New Releases

The Fedora 10 beta is out

The Fedora 10 beta release is available. "There is also a Beta contest! Test five things in the Beta that are important to you as a user. If you find a bug *and* report it, you get the free attention of a package maintainer on a problem personally important to you!" See the announcement for a list of interesting new features in Fedora 10.

Full Story (comments: 9)

Mandriva Linux 2009 RC2 released

Mandriva Linux 2009.1 RC2 has been announced. This is the final release candidate for Mandriva Linux 2009, code named sophie. "As of RC 2, we now encourage the testing of 2009 as an upgrade from 2008 Spring or 2008. Of course, we emphasize testing: as always, you should not use a pre-release on important production systems. However, there is one important thing to be aware of. The physical media - the Free or (for final release) Powerpack DVDs and CDs - will not include KDE 3, due to insufficient space. This means that it is not recommended to upgrade from an earlier stable release to 2009 using the Free or Powerpack CDs or DVDs if you use KDE 3, as it will not correctly handle your KDE configuration. The recommended ways to upgrade from a previous stable release to 2009 if you use KDE 3 are either to upgrade using urpmi or by doing a network installation (which will make KDE 3 available to the installer). Either of these methods will result in a 2009 installation with KDE 3 still available, and your KDE 3 configuration preserved."

Comments (none posted)

Omega 10 beta released

A beta version of a new distribution ("roughly similar to the upcoming Fedora 10 Beta release") called Omega 10 has been released. "It is a Live CD for regular PC (i686 architecture) systems that includes a variety of free and open source software from Fedora and Livna repository." It would appear to be a version of Fedora with the "make multimedia just work" problem addressed.

Full Story (comments: 5)

Distribution News

Debian GNU/Linux

Bits from the DPL

In these latest bits, Debian Project Leader Steve McIntyre covers Debconf, some press coverage, team updates, Google Summer of Code 2008, and other things that are going on in Debian.

Full Story (comments: none)


Updated Beta images for x86_64 Live KDE and x86_64 Live XFCE

There was a small problem with the image creation for the live KDE x86_64 images, where the content was for the x86_64 Live XFCE. These images have been recreated. Click below for the correct SHA1SUMs for both the KDE and XFCE images.

Full Story (comments: none)

Fedora Board Recap 2008-SEP-23

Here's the recap of the Fedora Board meeting held September 23, 2008. Topics include Codecs and a Trademark update.

Full Story (comments: none)

Gentoo Linux

Gentoo 2008.1 canceled

The Gentoo Project has announced that it is canceling the 2008.1 release and rethinking its release process in general. "In future releases, Gentoo will focus on a more back-to-basics approach that will give you up-to-date install media on a regular basis and make much better use of our human resources. We're looking into automated weekly builds of the minimal CDs and stage tarballs as well as maybe an annual LiveCD release."

Comments (17 posted)

Daniel Robbins on Gentoo release solutions

Daniel Robbins, founder of Gentoo, has a blog post about his redesigned build tool called "Metro". "This is the tool that I use to build my daily Funtoo stages and supports building both stable and unstable (~) stages. It is much more capable than catalyst and has a much better architecture. Metro is a full recipe-based build engine that will allow the larger Gentoo community to build Gentoo (and even non-Gentoo - it is not Gentoo-specific) releases and stages easily and share their build recipes with others." (Funtoo is not officially associated with the Gentoo project.)

Comments (none posted)

Gentoo Council meeting summaries for August & September

The complete summaries & logs for the August and September Gentoo Council meeting have been posted. Click below for a summary of the "most important bits".

Full Story (comments: none)

Mandriva Linux

Improving boot time on a general Linux distribution, not an easy task

Mandriva's Frederic Crozat has a blog entry describing their efforts to reduce Linux boot time. "I thought it would be interesting to explain the various things we tried to save some seconds when booting, since it is a hot topic these days, with impressive results from various people, including Arjan Van de Ven 5s boot on a EEE 901 PC, even if I don't agree with all Arjan conclusions, mostly because it is not always possible to achieve the same kind of tuning with a flexible distribution which can run on many hardware platform, in contrast of a stripped installation and on a single (and now underpowered) hardware platform."

Comments (31 posted)

SUSE Linux and openSUSE

openSUSE election status update

The candidates for the upcoming openSUSE board election have been announced. There are 10 candidates, six non-Novell and four Novell contributors (click below for the list). There will be two weeks of campaigning before the election begins.

Full Story (comments: none)

openSUSE factory changes

The openSUSE Factory distribution is the development branch of openSUSE. There will be some Factory changes. "We are currently in the process of adjusting some things due to the move from SUSE internal AutoBuild to openSUSE Build Service: We are getting rid of all the historical names. Factory from SUSE internal AutoBuild is currently in the directories "SL-OSS-factory", "SL-OSS-factory-debug" and "SL-Factory-non-oss" inside of the distribution directory. These names are inconsistent and have lost their meaning to some degree." There are quite a few other changes which will be implemented soon.

Comments (none posted)

openSUSE-Education 1.0 for 11.0

The The openSUSE-Education Add On for openSUSE 11.0 is ready. This release features better LTSP integration, many package updates and much more.

Comments (none posted)

Ubuntu family

Ubuntu 7.04 reaches end-of-life on October 19, 2008

Ubuntu 7.04, aka Feisty Fawn, will reach its end-of-life on October 19, 2008. "Ubuntu announced the release of 7.04 almost 18 months ago, on April 19, 2007. As with the earlier releases, Ubuntu committed to ongoing security and critical fixes for a period of 18 months. The support period is now nearing its end and Ubuntu 7.04 will reach end of life on Sunday, October 19th, 2008. At that time, Ubuntu Security Notices will no longer include information or updated packages for Ubuntu 7.04."

Full Story (comments: 1)

Other distributions

MEPIS Community

The MEPIS Community has a new website. "This web site is developed and maintained by the community of Mepis users. Its purpose is to tell you who we are, show you what we do, provide you with relevant news, and point you to where you can get help on using MEPIS Linux. That user-friendly operating system is pre-configured for simplicity and ease of use, and is well supported--by us! Please check the official site to find out how to get MEPIS!"

Comments (none posted)

What's new in the next OpenSolaris release (2008.11)

Alfred Peng takes a look at new features in the upcoming OpenSolaris 2008.11. "Besides Songbird, a big bunch of great applications including the GNOME 2.24 desktop have been delivered into b99(then 2008.11 release). I'll list some of them here."

Comments (none posted)

New Distributions

FREEEEE - 100% Free Software GNU/Linux for EeePC

FREEEEE is a 100% Free Software GNU/Linux distribution for the EeePC. It's a live USB image, brought to you by BLAG and dyne.

Comments (6 posted)

Distribution Newsletters

Ubuntu Weekly Newsletter #110

The Ubuntu Weekly Newsletter for September 27, 2008 covers: Potential hardware-damaging e1000e driver: Intrepid, Ubuntu 8.10 beta freeze now in effect, Ubuntu 8.10 beta approaching, Ubuntu 7.04 reaches end-of-life on October 19, 2008, Intrepid Release Parties, Ubuntu Upstream Report, Ubuntu Server Survey launched, Introducing the Ubuntu Wanted project, Progress of Romanian Translation Team, Regular Bug Jams in Berlin kicked off, ABLEconf co-hosted by Ubuntu Arizona LoCo, Mark Shuttleworth named "IT Community Hero of the Year", Full Circle Magazine #17, Ubuntu-UK Podcast #15, Ubuntu Community interview with John Crawford(johnc4510), Linux Foundation opening doors to individual participation, and much more.

Full Story (comments: none)

OpenSUSE Weekly News/40

This issue of the OpenSUSE Weekly News covers: openSUSE 11.1 Beta 1 Now Available, Serious e1000e Driver Issue in SLE 11 Beta 1 and openSUSE 11.1 Beta 1, openSUSE Build Service Did It!, Board Election Phase 1 Started, openSUSE Homepage Redesigned, and much more.

Comments (none posted)

Gentoo Monthly Newsletter: 30 September 2008

The Gentoo Monthly Newsletter for September 2008 looks at Gentoo news, Release strategy changes, Trustees Meeting Summary, Council Meeting Summary, what's coming up, Gentoo-Quebec training, highlights from Planet Gentoo, tips and tricks, and much more.

Full Story (comments: none)

Fedora Weekly News #145

The Fedora Weekly News for September 28, 2008 is out. "This week's issue brings plenty of insights into the Fedora 10 theme decisions, as covered by longtime FWN writer, Nicu Buculei. Max Spevak reports on several recent linux events and the Fedora acivity there, as well as relays final Fedora 10 schedule changes and other announcements. Oisin Feeley updates us on Fedora development activity with deactivation of some dormant services and discussion of PackageKit. Jason Taylor highlights the many release notes completed for the upcoming Fedora 10 release. Dale Bewley brings us up to date on activity with four separate discussion lists in Fedora virtualization. Svetoslav Chukov, in the marketing beat, celebrates Fedora's fifth birthday with a wonderful, generous reflection of the project by OpenSUSE's community manager, Joe Brockmeier, and Runa Bhattacharjee covers the freeze activities surrounding translation and internationalization for Fedora 10."

Full Story (comments: none)

DistroWatch Weekly, Issue 272

The DistroWatch Weekly for September 29, 2008 is out. "A second attempt at creating a comprehensive package management cheatsheet is the main topic of this week's edition of DistroWatch Weekly. While still far from perfect, the table lists more package management tasks and utilities than the first version, but as always, corrections and suggestions are always welcome. In the news section, Linux distributions warn over a hardware damaging kernel bug, Debian publishes a list of supported languages in "Lenny", Fedora announces a further delay of its upcoming version 10, and Linux Mint unveils its first-ever 64-bit edition. Also, plenty of Gentoo-related news, including an upcoming distribution build tool called "Metro" and an alternative package management utility named "Paludis". Finally, check out Klikit-Linux, a community project based on Kubuntu, which was added to the DistroWatch database last week."

Comments (none posted)

Distribution meetings

Debian-Edu Skolelinux Developer Gathering and User Conference

Skolelinux, aka Debian-Edu, is having a Developer Gathering (October 10 - 12) followed by a User Conference (October 13, 2008) in Oslo, Norway.

Full Story (comments: none)

Newsletters and articles of interest

Lessons learned from five years of Fedora (ZDNet Blog)

Joe Brockmeier, community manager of the openSUSE project, finds lessons from Fedora. "The most valuable thing I've learned watching Fedora is this: Patience. It takes time and steady, incremental growth to build a solid community. If you'd asked me two years into Fedora's development whether the project would succeed, I'd have been somewhat skeptical, but looking at the project five years down the road, I'm convinced."

Comments (none posted)

Distribution reviews

Devil-Linux distro bundles router/firewall and server in one live CD ( has a review of Devil-Linux. "Devil-Linux uses the Linux From Scratch (LFS) build system, which means you can customize the distribution easily. The latest version is 1.2.15, which runs on an old kernel, but with mostly updated router, firewall, and server services. Devil-Linux uses the usual iptables and Netfilter firewalls to create rules and open source services that can support routing protocols such as Routing Information Protocol (RIP), Border Gateway Protocol (BGP), and Open Shortest Path First (OSPF). It supports Internet Protocol version 6 (IPv6) by including the necessary services, and it features a firewall builder tool to aid in setting up the firewall policies. For improved security, it also includes the grsecurity patch to protect the distribution's kernel."

Comments (none posted)

Page editor: Rebecca Sobol


LPC: What's happening with webcams

September 25, 2008

This article was contributed by Don Marti

Christmas is coming early for webcam users. Support for hundreds of popular webcams, available from Michel Xhaard's GSPCA project, is merged for inclusion in the upcoming 2.6.27 kernel. The amount of tweaking required from the user, the distribution, or both, has been cut, and it's likely that a random webcam will now just work out of the box.

Even with the much-wanted drivers becoming part of mainstream Linux, a small matter of plumbing remains. Webcams, Hans de Goede pointed out at the Linux Plumbers Conference, produce a variety of compressed video data. "They all came up with interesting proprietary compressed video formats," he says. The out-of-tree version of GSPCA did some decoding in kernel space, but the decoding of many camera-specific custom video formats had to be ripped out, as doing that kind of work in-kernel is a Linux faux pas. That's where Hans's libv4l comes in. Announced in June, the new library (actually a set of three) does the format conversion.

While not a Red Hat employee at the time (he is now) Hans posted a "BetterWebcamSupport" feature idea on the Fedora wiki, writing, "Currently many webcams do not work with Fedora out of the box even though a Linux driver exists for them." The problem was partly fixed with the GSPCA cleanup and inclusion upstream, and partly became the rationale for libv4l. Besides the core libv4lconvert library, the package includes libv4l2, to emulate a /dev/videoX device which, transparently to the application, will deliver "sane" video formats. There's also a libv4l1 to do the same thing but for the V4L1 API.

An audience member asked why the library is separate from gstreamer, which is already set up for video transcoding. V4L2 developer Hans Verkuil responded from the audience that "it's something that you do not want to have in the kernel, but it has to be small and fast." That leaves out gstreamer as a general solution, since some webcam applications don't need gstreamer or can't afford the space it takes. Therefore, a separate library. It needs one more feature, too: vendors install camera chips however they'll fit, which means the same camera module could be right side up on one product and upside down on another. Therefore, libv4l has software support for flipping images, but it still needs the data to know when to flip: a table identifying which hardware has the camera module in which orientation.

Brandon Philips at SUSE has another piece of the puzzle, a "frame server" that lets multiple applications share the webcam—doing for the webcam what PulseAudio does for the sound hardware. You can't shoot a photo with Cheese while another app has the webcam open, as he showed in a screenshot.

You can always rely on the computer hardware industry to figure out ways to save a little money on something if it's possible to solve the problem in software. Many new webcams have motorized focus but no hardware autofocus. Autofocus is up to the host system—which means a focusing daemon needs to see the video at the same time as an end-user application. So providing access for the autofocus daemon is another reason for the frame server. Someone on the mailing list has the autofocus math that will form the guts of the daemon figured out, but it's a fairly intensive calculation and will need to be done on an occasional frame of video, not each frame.

While the original frame server idea would have one shared memory segment per system, with access for multiple users, PulseAudio developer Lennart Poettering pointed out the potential security risks of that idea from the audience. "Memory mapping across privileges is a really bad idea," he said. He suggested putting the frame server in the user session to prevent users from, at least, killing each other's webcam applications.

The webcam market is one where Linux is an afterthought if it's a thought at all. The Linux conferences aren't teeming with employees of webcam manufacturers. The support Linux does have shows that the community can still support hardware on its own when it has to.

Comments (19 posted)

LAME ain't lame no more

By Forrest Cook
September 30, 2008

LAME (Lame Ain't an MP3 Encoder) is a long running open-source MP3 encoder project. From the About LAME document: "...LAME is the source code for a fully LGPL'd MP3 encoder, with speed and quality to rival and often surpass all commercial competitors. LAME is an educational tool to be used for learning about MP3 encoding. The goal of the LAME project is to use the open source model to improve the psycho acoustics, noise shaping and speed of MP3. LAME is not for everyone - it is distributed as source code only and requires the ability to use a C compiler. However, many popular ripping and encoding programs include the LAME encoding engine..."

The LAME project has announced the first release in several years: "After rough[ly] two years of development, the LAME project has released a new version (3.98.2) of the best-known Open Source MP3 encoder. All users are encouraged to use it, see new improvements regarding the previous releases and send feedback for the project."

LAME has a long and interesting development history. From the LAME home page: "LAME development started around mid-1998. Mike Cheng started it as a patch against the 8hz-MP3 encoder sources. After some quality concerns raised by others, he decided to start from scratch based on the dist10 sources. His goal was only to speed up the dist10 sources, and leave its quality untouched. That branch (a patch against the reference sources) became Lame 2.0, and only on Lame 3.81 did we replaced of all dist10 code, making LAME no more only a patch. The project quickly became a team project. Mike Cheng eventually left leadership and started working on tooLame, an MP2 encoder. Mark Taylor became leader and started pursuing increased quality in addition to better speed. He can be considered the initiator of the LAME project in its current form. He released version 3.0 featuring gpsycho, a new psychoacoustic model he developed. In early 2003 Mark left project leadership, and since then the project has been lead through the cooperation of the active developers (currently 4 individuals)." Numerous additional developers have contributed to the project.

[LAME logo]

The slightly out of date project version history documents the changes to the code since September 1998. Improvements added to version 3.98 (started in May, 2007) include:

  • Numerous bug fixes were implemented.
  • A lot of code cleanup was done.
  • Support was added for newer versions of various libraries.
  • Many build system improvements were done.
  • The RPM specification was updated.
  • Numerous changes were made to the lame front end switches.
  • New VBR code, derived from the NSPSY psymodel, was added.
  • There were changes to the new VBR psymodel.
  • The out of bits strategy for the newer VBR code was overhauled.
  • PCM WAVE_FORMAT_EXTENSIBLE support was added.
  • Support for ID3v2 total track count was added.
  • ID3v2 TLEN support was added.
  • The ATH adjustment was improved for low volume cases.
  • A new SSE version of the FFT code was used.
  • A flush option was added for flushing the output stream in lame.exe.
  • The FFTSSE and FFT3DNOW assembler code was back ported from the Lame4 branch.

Building the newest version of LAME on an Ubuntu 8.04.1 LTS (Hardy Heron) i386 system was straightforward. An older Ubuntu package of LAME was first removed from the system using the Synaptic package manager. The LAME version 3.98.2 source code was downloaded, unzipped and untared. The configure script was run, no missing dependencies were found. The usual make and make install steps were done. A few test case .wav files were encoded with the command lame file.wav file.mp3 and the files were played with the SoX play command as well as the closed-source RealPlayer application. Everything worked as expected, and sounded as good as one can expect for an MP3 file.

Overall, the latest changes to LAME fall into the category of maintenance or the addition of mostly user-transparent features. It is good news that this important piece of software is going into another phase of active development.

Comments (1 posted)

System Applications

Database Software

PostgreSQL 8.3.4 released

Version 8.3.4 of PostgreSQL has been announced. "This release contains a variety of fixes from 8.3.3." See the release notes for more information.

Comments (none posted)

PostgreSQL Weekly News

The September 28, 2008 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

SchemaSpy: 4.0.0 released (SourceForge)

Version 4.0.0 of SchemaSpy has been announced, several new capabilities have been added. "SchemaSpy analyzes schema metadata, letting you click through the hierarchy of your tables' parent/child relationships either via entity-relationship diagrams or through HTML tables. It works with just about any RDBMS given an appropriate JDBC driver. SchemaSpy also identifies several common schema anomalies."

Comments (none posted)

Embedded Systems

BusyBox 1.12.1 (stable), BusyBox 1.11.3 (stable) released

Versions 1.12.1 (stable) and 1.11.3 of BusyBox, a collection of command line utilities for embedded systems, has been announced: "Bugfix-only releases for 1.11.x and 1.12.x branches."

Comments (none posted)


Samba 3.2.4 is available

Version 3.2.4 of Samba has been announced. "This is the latest bug fix release for Samba 3.2 and is the version recommended for all production Samba servers running this release series."

Comments (none posted)

Mail Software

SquirrelMail 1.4.16 released

Version 1.4.16 of SquirrelMail, a standards-based webmail package written in PHP, has been announced. "The SquirrelMail team is happy to announce the release 1.4.16. The most notable change is that cookies are now sent with the secure attribute set for HTTPS-connections, meaning that they cannot leak to an HTTP-connection on the same SquirrelMail installation."

Full Story (comments: none)

Networking Tools

OpenNMS: 1.5.94 Released (SourceForge)

Version 1.5.94 of OpenNMS has been announced. "A Java/XML-based Distributed Network & Systems Management platform The fifth release candidate for the next stable release of OpenNMS, 1.5.94, is now available. This release fixes over 120 bugs and adds a number of new features. It is pretty close to what 1.6.0 will be, and expect a 1.5.95 release candidate in mid October with a stable release by Halloween."

Comments (none posted)

Vuurmuur 0.6 released

Version 0.6 of Vuurmuur, a firewall application, has been announced. "Finally, after more than a year, a new stable release! This release primarily adds support for traffic shaping to Vuurmuur."

Full Story (comments: none)

Zenoss Core: 2.2.4 is Now Available (SourceForge)

Version 2.2.4 of Zenoss Core has been announced. "Zenoss Core is an enterprise network and systems management application written in Python/Zope. Zenoss provides an integrated product for monitoring availability, performance, events and configuration across layers and across platforms. The latest stable packaged version of Zenoss Core, version 2.2.4, is now available for download. A wide variety of defects were addressed and installing and upgrading from earlier versions is documented here". [pdf]

Comments (none posted)

Virtualization Software

oVirt 0.93-1 released

Version 0.93-1 of oVirt has been announced. "New features in this release include: * Addition of 'Smart Pools' in the Web user interface for organizing pools on a per user basis. * Additions to the Edit VM screen to allow re-provisioning of a guest as well editing other guest settings. * oVirt Appliance manages VMs directly on the host it is running on. This eliminates the 'fake nodes' used in previous versions. * oVirt API (Ruby Bindings) * Support for configuring more than one NIC per Node. UI support for this will be integrated shortly. * Support for bonding/failover of NICs. UI support for this will be integrated shortly. * SELinux support on oVirt Node * Rewrite of performance graphing visualization".

Full Story (comments: none)

Web Site Development

CommSy: 6.2.0 released (SourceForge)

Version 6.2.0 of CommSy has been announced. "CommSy is a webbased community system, originally developed at the University of Hamburg, Germany, to support learning/working communities. For a more indepth description see the project home page. For questions or comments contact finck(at) The CommSy-Team is proud to announce the feature release of CommSy 6.2.0. Some minor bugs were fixed."

Comments (none posted)

lighttpd 1.4.20 announced

Version 1.4.20 of lighttpd, a light weight web server, has been announced. "After two prereleases and a lot of bugfixing, we are proud to announce a new release of the 1.4 branch: 1.4.20 is finally out. We would like to thank everybody who tested the prereleases and/or reported bugs in our ticket system. Please pay special attention to the security announcements".

Comments (none posted)

Midgard 8.09.0RC released

Version 8.09.0RC of the Midgard web development platform has been announced. "Midgard 8.09.0RC "Ragnaroek LTS" release is the third release of Midgard following the new time-based release process. Because of this, versioning numbering of both Midgard and MidCOM have been synchronized to follow a date-based pattern. Using old version numbering the software included in this release would have been Midgard 1.9 and MidCOM 2.9. The new release process has been created to align Midgard with the release synchronicity model followed by free software projects like GNOME and Ubuntu."

Full Story (comments: none)

notmm is not a monolithic mashup 0.2.10 released

Version 0.2.10 of notmm has been announced. "notmm is a open, non-monolithic, and Python written web toolkit, mostly influenced by Django and Pylons development. Imho, its simple design makes it a clever and remarquable choice from a security perspective, and in particular for building extendable mashups/web APIs."

Full Story (comments: none)

Desktop Applications

Audio Applications

A Guide Through The Linux Sound API Jungle

Lennart Poettering has put together a guide to Linux sound APIs, with emphasis on helping developers choose the right one. "At the Audio MC at the Linux Plumbers Conference one thing became very clear: it is very difficult for programmers to figure out which audio API to use for which purpose and which API not to use when doing audio programming on Linux. So here's my try to guide you through this jungle."

Comments (28 posted)

Data Visualization

python-graph 1.3.0 released

Version 1.3.0 of python-graph has been announced. "python-graph is a library for working with graphs in Python. This software provides a suitable data structure for representing graphs and a whole set of important algorithms."

Full Story (comments: none)

Desktop Environments

GNOME Software Announcements

The following new GNOME software has been announced this week: You can find more new GNOME software releases at

Comments (none posted)

KDE Commit-Digest (KDE.News)

The September 21, 2008 edition of the KDE Commit-Digest has been announced. The content summary says: "Various work across Plasma, including improved applet handles with monochrome icons, work on the Weather Plasmoid and the start of an extender-based notification applet. Continued development in PowerDevil, including support for suspend. Long-standing "slow deletion of many files" bug is finally fixed. A System Settings module for choosing the default file manager. Basic implementation of red eye reduction in Gwenview..."

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week: You can find more new KDE software releases at

Comments (none posted)

Xorg Software Announcements

The following new Xorg software has been announced this week: More information can be found on the X.Org Foundation wiki.

Comments (none posted)

Desktop Publishing

LyX 1.6.0 release candidate 3 is released

Version 1.6.0 release candidate 3 of LyX, a GUI front end to the TeX typesetter, has been announced. "We are pleased to announce the third release candidate of LyX 1.6.0. LyX 1.6.0 will be the culmination of 14 months of hard work since the release of the LyX 1.5 series. We sincerely hope you will enjoy the result. As usual with a major release, a lot of work that is not directly visible has taken place. The core of LyX has seen more cleanups and some of the new features are the direct results of this work."

Full Story (comments: none)

StorYBook: Version 2.1.4 released (SourceForge)

Version 2.1.4 of StorYBook has been announced. "Are you novelist, writer or author? StorYBook is a scene-based software for all creative writers that helps to organize your story. StorYBook assists you in structuring your book."

Comments (none posted)


gEDA/gaf 1.4.1-20080929 released

Stable version 1.4.1-20080929 of gEDA/gaf, a collection of electronic CAD utilities, has been announced. "I have released a roll up of bug fixes: gEDA/gaf 1.4.1-20080929 today. Many thanks to all the people who fixed bugs for this stable release and to Peter Brett for doing all the heavy lifting for this release (getting all the relavent bug fixes on the stable-1.4 branch). NOTE: this will be the last release that explicitly works with gtk+ 2.4.x and guile 1.6.x (unless I need to do another 1.4.x release)."

Comments (none posted)

Magic VLSI 7.5 released

Version 7.5 of Magic, a VLSI layout tool, has been announced. "Magic is a venerable VLSI layout tool, written in the 1980's at Berkeley by John Ousterhout, now famous primarily for writing the scripting interpreter language Tcl. Due largely in part to its liberal Berkeley open-source license, magic has remained popular with universities and small companies. The open-source license has allowed VLSI engineers with a bent toward programming to implement clever ideas and help magic stay abreast of fabrication technology."

Comments (none posted)

Financial Applications

GnuCash 2.2.7 released

Stable release 2.2.7 of GnuCash is out with a pile of bug fixes and some translation improvements.

Full Story (comments: none)


cairo release 1.8.0 now available

Version 1.8.0 of cairo has been announced. "The cairo community is happy (and relieved) to announce the 1.8.0 release of the cairo graphics library. This is a major update to cairo, with new features and enhanced functionality which maintains compatibility for applications written using any previous major cairo release, (1.6, 1.4, 1.2, or 1.0). We recommend that anybody using a previous version of cairo upgrade to cairo 1.8.0. The dominant theme of this release is improvements to cairo's ability to handle text."

Full Story (comments: none)

GUI Packages

wxPython released

Version of wxPython is out with a bug fix. "wxPython is a GUI toolkit for the Python programming language. It allows Python programmers to create programs with a robust, highly functional graphical user interface, simply and easily. It is implemented as a Python extension module that wraps the GUI components of the popular wxWidgets cross platform library, which is written in C++."

Full Story (comments: none)

Imaging Applications

GIMP 2.6 released

Version 2.6 of the GIMP is out. "GIMP 2.6 is an important release from a development point of view. It features changes to the user interface addressing some often received complaints, and a tentative integration of GEGL, the graph based image processing library that will eventually bring high bit-depth and non-destructive editing to GIMP." See the release notes for details.

Comments (3 posted)

Mail Clients

Sylpheed 2.6.0beta1 (development) released

Development version 2.6.0beta1 of Sylpheed, a mail client, has been announced. Changes include: "* The remote POP3 mailbox feature which can view/download/delete messages on POP3 servers directly was added. * Enchant (with GtkSpell 2.0.13) was supported. * When creating filter rule automatically, the target header field is used as a default filter name now. * The progress column was added to the progress dialog. * The parser of IMAP4 was fixed. * Unix: SIGHUP/SIGINT/SIGTERM/SIGQUIT signals are handled now. * Win32: system shutdown event is also handled on debug mode now."

Comments (none posted)

Medical Applications

GDCM: 2.0.9 is out (SourceForge)

Version 2.0.9 of GDCM has been announced. "Grassroots DiCoM is a C++ library for DICOM medical files. It is automatically wrapped to python (using swig). It supports RAW,JPEG (lossy/lossless),J2K,JPEG-LS,RLE and deflated. It also comes with DICOM Part 3,6 & 7 of the standard as XML files."

Comments (none posted)


Elisa Media Center 0.5.12 released

Version 0.5.12 of Elisa Media Center has been announced. "This release fixes a handful of bugs and enhances the current user experience with the following new features: - the Flickr plugin has been improved in very important ways adding notably allowing the user to login and access his, her personal content, contact list and friends' photos - an animated buffering bar was introduced in the player user interface giving better feedback and a slicked look and feel - a more appropriate, nicer looking volume bar is now part of the player user interface - plugins can now be branded in the user interface to provide the user with a more immersive experience; only the Flickr plugin has been updated so far".

Full Story (comments: none)

Music Applications

Virtual MIDI Piano Keyboard 0.2.0

Version 0.2.0 of Virtual MIDI Piano Keyboard has been announced. "This release includes, among other features, enhanced mouse handling requested by Hermann Meyer, and a fix for the bug reported by Salvatore Di Pietro regarding MIDI channel numbering."

Full Story (comments: none)

Office Applications

TakeNote 0.4.2 announced

Version 0.4.2 of TakeNote has been announced. "In this release: * faster loading * bullet point lists * more customization * bug fixes TakeNote is a simple cross-platform note taking program implemented in Python. I have been using it for my research and class notes, but it should be applicable to many note taking situations."

Full Story (comments: none)

Release 0.70.4 of Task Coach

Version 0.70.4 of Task Coach, a hierarchical task manager, has been announced. "This release fixes some bugs."

Full Story (comments: none)

Office Suites

KOffice 2.0 beta 1 released

The first KOffice 2.0 beta has been released. "KOffice 2 will be a much more flexible application suite than KOffice 1 ever was. The integration between the components is much stronger, with the revolutionary Flake Shapes as the central concept."

Comments (4 posted)

OpenCards: 1.0 released (SourceForge)

Version 1.0 of OpenCards has been announced. "It is with extraordinary great pleasure for me to release OpenCards 1.0, which is a free flashcard learning extension for OpenOffice Impress. OpenCards comes along with all you need to memorize all the things you ever wanted to know but never kept in mind. It follows an intuitive and natural approach: Just create flashcards as you're used to create Impress-slides. With OpenCards you can use any Impress/Powerpoint-file as flashcard-set without any conversion."

Comments (none posted)

PDA Software

Opie 1.2.4 released

Version 1.2.4 of the Open Palmtop Integrated Environment has been announced. "The Opie Project is pleased to announce the immediate availability of version 1.2.4 of the Open Palmtop Integrated Environment, a comprehensive user environment and application suite for portable devices running Linux. Version 1.2.4 builds upon the last stable version (1.2.3, released July 2007), and provides a rich graphical user environment and comprehensive selection of applications. Applications include personal information management (PIM), media players for many different audio and video formats, viewers for images and electronic documents, games and many utilities for file transfer, connectivity with other computers, etc. As with previous versions, Opie continues to provide binary compatibility with applications developed for Trolltech's Qtopia environment."

Full Story (comments: none)


Stellarium: 0.10.0 has been released (SourceForge)

Version 0.10.0 of Stellarium has been announced. "Stellarium renders 3D photo-realistic skies in real time with OpenGL. It displays stars, constellations, planets, nebulas and others things like ground, landscape, atmosphere, etc. The Stellarium team is proud to announce the release of version 0.10.0 (beta). This major release is the result of 8 months of efforts totalizing almost 1000 commits from all team members. The most important changes are the new redesigned GUI, an important performance and memory usage improvement, a faster start-up, as well as new features such as dynamic eye adaptation to bright objects, improved rendering, light pollution simulation or improved location selector. The source code was also massively cleaned and refactored."

Comments (none posted)

Web Browsers

Firefox 3.0.3 now available for download

Version 3.0.3 of Firefox has been announced. "In order to repair a problem experienced by some users with the Password Manager feature in Firefox 3.0.2, and as part of Mozilla Corporation's ongoing stability and security update process, Firefox 3.0.3 is now available for Windows, Mac, and Linux as free downloads at We strongly recommend that all Firefox users upgrade to this latest release."

Full Story (comments: none)

Mozilla Firefox 3.0.3 fixes Password Manager regression (MozillaZine)

MozillaZine explains the security fix in Mozilla Firefox 3.0.3. "This upgrade has been rushed out to fix a regression introduced in Firefox 3.0.2, which caused issues with retrieving saved passwords and saving new passwords (bug 454708)."

Comments (none posted)

Languages and Tools


Caml Weekly News

The September 30, 2008 edition of the Caml Weekly News is out with new articles about the Caml language.

Full Story (comments: none)


NumPy 1.2.0 released

Version 1.2.0 of NumPy, a Python scientific computing package, has been announced. "This minor release comes almost four months after the 1.1.0 release. The major features of this release are a new testing framework and huge amount of documentation work. It also includes a some minor API breakage scheduled in the 1.1 release."

Full Story (comments: none)

Shed Skin (restricted) Python-to-C++ compiler 0.0.29 announced

Version 0.0.29 of Shed Skin, an experimental restricted Python-to-C++ compiler, has been announced, many new capabilities and bug fixes have been added. "This has been a significant release, with many important improvements."

Full Story (comments: none)

Python-URL! - weekly Python news and links

The September 30, 2008 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)


Tcl-URL! - weekly Tcl news and links

The September 24, 2008 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Version Control

TopGit v0.4 announced

Version 0.4 of TopGit has been announced. "TopGit is meant as a fresh start in the steps of StGIT, quilt-in-git and others, of course in an attempt to Get It Right this time around. TopGit is absolutely minimal porcelain layer that will manage your patch queue for you using topic branches, one patch per branch, never rewriting the history in order to enable fully distributed workflow."

Full Story (comments: none)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

How PowerTOP, LatencyTOP, and Five-Second Boot Improve Desktop Linux (O'Reilly)

O'Reilly has put up an interview with Arjan van de Ven, available as (MP3) audio or a transcript. "A lot of users were helping because if you give people more battery life, that's what people care about a lot. Distributions also use it because they compete almost on battery life. They compete on usability and battery life is just part of usability; that's the thing that PowerTOP has done is put that more on the radar--that software matters for battery life."

Comments (5 posted)

Trade Shows and Conferences

Firebird Conference 2008 blog coverage

Blog coverage from the recent Firebird DBMS Conference 2008 is online.

Comments (none posted)


Red Hat Q2 earnings beat Street (Reuters)

Reuters looks at Red Hat's Q2 earnings report "Red Hat Inc., the world's largest publicly traded provider of Linux software, posted a quarterly profit that beat Wall Street targets, helped by strong growth in its subscriptions business. Net income for the second quarter rose to $22 million, or 10 cents a share, from $19.1 million, or 9 cents a share, in the year-ago quarter. Excluding special items, earnings were 20 cents a share."

Comments (none posted)

Is Sun Solaris on its deathbed? (New York Times)

The New York Times suggests that Sun's Solaris operating system may be falling out of favor. "Sun officials believe the 16-year-old Solaris platform remains a pivotal, innovative platform. But at the Linux Foundation, there is a no-conciliatory stance; the attitude there is to tell Solaris and Sun to move out of the way. "The future is Linux and Microsoft Windows," says foundation Executive Director Jim Zemlin. "It is not Unix or Solaris." Solaris, he said, has almost no new deployments and is a legacy operating environment offered by a company with financial difficulties."

Comments (51 posted)

Zen and the Art of the Six-Figure Linux Job (IT Management)

James Maguire covers an open source recruiting firm called Hot Linux Jobs. ""Most of the positions that we work on are going to [pay] at least high five-figure and up to the $150k base type area, Marinaccio [director of Hot Linux Jobs] says. Companies pay Hot Linux Jobs a fee to find open source experts, so the openings tend to be mid- and senior-level posts. (Of course most entry-level open source jobs pay nowhere near these salaries. Companies often recruit at universities for their lower paying jobs, he says.)"

Comments (19 posted)


Fellowship interview with Sean Daly (Fellowship of FSFE)

The Free Software Foundation Europe (FSFE) has started a monthly interview series with a Fellow of the FSFE. For the first interview Ciarán O'Riordan talks with Seán Daly. "In Europe, Microsoft's foot-dragging in complying with the 2004 Monti Decision concerned me, and I saw that with very few exceptions, the mainstream and tech media seemed not to cover fully all that was going on, in particular the important role of the intervenors like Samba and the FSFE. I felt that since traditional journalists were missing a vital part of the story, perhaps it was time for a nontraditional journalist to step up and report on that part."

Comments (none posted)


GNU Toolchain Update: September 2008

Nick Clifton, a Red Hat employee, has started a series of blogs describing monthly changes in the GNU Toolchain. "This is the first in what I hope will be a continuing series of blogs describing monthly changes in the GNU Toolchain (gcc, binutils, newlib and possibly gdb as well). One of my jobs at Red Hat is to take the changes in the public versions of the toolchain sources and copy them into our internal repository. I do this on a monthly basis and I produce a short report each time detailing what has happened. One of my friends here suggested that people outside of Red Hat might be interested in these monthly reports and so that is why I have started this blog." (Thanks to Mark Wielaard)

Comments (13 posted)

Java Sound & Music Software for Linux, Part 3 (Linux Journal)

Dave Phillips completes his look at Java sound and music applications. In the article, he looks at applications for MIDI, music instruction, music notation, and more. "During the research phase I discovered many applications that I had not known previously, and I now have a batch of Java audio/MIDI programs that I intend to explore more fully. I've already gone further into some of those applications, so there's a good chance that some of the programs I've presented will be reviewed more completely in future articles."

Comments (none posted)

Telecoms networks - Carrier Grade Linux comes of age (ElectronicsWeekly)

ElectronicsWeekly looks forward to the upcoming release of v5.0 of the Carrier Grade Linux specification. "Before starting to work on version 5.0, the CGL working group analysed how accepted the specification had become, what works and what doesn't. It worked closely with the Linux Foundation, members of the Linux community, the SCOPE Alliance and other NEPs in order to determine new requirements from these parties and document the requirements of NEPs that are not currently implemented in any stable or mature open source project. By working closely with the Linux community and Linux Foundation to get more requirements implemented and submitted upstream, these requirements may eventually become a part of the mainline kernel."

Comments (none posted)


Ease Linux Deployments With Cobbler (enterprise networking planet)

Enterprise Networking Planet reviews Cobbler. "The kickstart tool set is widely supported by a number of Linux distributions including Red Hat and its derivatives and, more recently, Ubuntu. Previously there was not a commonly used system to manage this installation environment and most sysadmins relied on homebrew scripts. Cobbler is a new project from Red Hat that aims to provide turnkey support for provisioning kickstart installs and setting up the needed services to load your systems. Cobbler supports new installations — both physical and virtual — and reinstalls of existing systems."

Comments (13 posted)


Fedora @5: How a Community Approach Works (

InternetNews looks at Fedora's fifth anniversary. "Seeing the Fedora Project pass its five year milestone got me thinking about the early days of the community-based Linux distribution and how far it's come. At the time of its launch, I was plenty worried. Red Hat was effectively killing off its namesake Linux distribution -- Red Hat Linux -- and turning over the development into a community-based Linux distribution called Fedora Core."

Comments (none posted)

Page editor: Forrest Cook


Non-Commercial announcements

DESC releases CHASERS software for Homeless Service Management

Downtown Emergency Service Center has announced the release of its CHASERS application as open-source software. "Created by DESC, CHASERS is both proven and a work-in-progress, and has been under in-house development for approximately five years. During this time, CHASERS has been in continuous use, and now contains information on over 70,000 clients served by DESC. Key features include web-based access, client and staff management, reporting, permission and access control, electronic logs, collaborative caseloads and real-time notifications."

Comments (none posted)

FSFE to make legal consolidation tool available in 10 languages

The Free Software Foundation Europe has announced plans for making the Fiduciary License Agreement (FLA) available in ten languages. "The selected languages are English, German, French, Italian, Swedish, Serbian, Polish, Dutch, Spanish and Portuguese. The FLA assists projects with re-licensing and license enforcement by consolidating copyright into a single organization, and is effective in jurisdictions based on both civil law and common law. It also transfers a full set of rights back to the author, ensuring that both parties maintain the maximum freedom possible. The translation of the FLA will help provide the benefits of copyright consolidation to local projects across Europe."

Full Story (comments: none)

FSFE: Happy Birthday To GNU!

September 27 marked the GNU Project's 25th birthday. "Today marks the twenty-fifth anniversary of the initial announcement of the GNU Project, a pioneering initiative to develop an operating system that gives all users the freedom to modify it and publish modified versions, individually or working together. The Free Software Foundation Europe (FSFE) commends the substantial achievements of GNU's first quarter-century and look forward to furthering their shared goal of facilitating software freedoms."

Full Story (comments: none)

Celebrating the release of GNOME 2.24

The GNOME Project is celebrating the release of GNOME 2.24. "... the latest version of the popular, multi-platform free desktop environment and of its developer platform. Released on schedule, to the day, GNOME 2.24 builds on top of a long series of successful six months releases to offer the best experience to users and developers. For more than 10 years now, the project has been seeing a tremendous amount of work. And as usual, it's hard to come back to a previous version of GNOME once you've tried GNOME 2.24, which is probably the best compliment the project can receive."

Full Story (comments: none)

Open Source Census Tracks Enterprise Use of Open Source Globally

The Open Source Census, a global, collaborative project to collect and share quantitative data on the use of open source software, has announced in just six months more than 300,000 open source package/project installations have been discovered.

Comments (none posted)

OSU Open Source Lab announces Advisory Council

The Oregon State University's Open Source Lab has announced a new advisory council. "Featuring leaders from global open source projects and vendors such as Apache, Perl, Drupal, the Linux operating system, Google, Novell, Acquia and Joost, the advisors will assist the Open Source Lab with its overall strategy, service development and outreach to industry partners."

Comments (none posted)

Commercial announcements

Atheros releases ath5k HAL code

Atheros has announced the release of the hardware abstraction layer code for its older adapters. "This can be used as a source of documentation to help ath5k move forward to support our 802.11abg chipsets as best as possible in the Linux kernel. We look forward to keep working strongly with the community on advancing support of all our Atheros chipsets under Linux." Since reproducing this HAL code was what necessitated the reverse engineering effort in the first place, this code will be useful for the ath5k developers. It's another sign that Atheros truly appears to have changed its ways.

Full Story (comments: 41)

Qt Software Introduces a New Release of Qt Extended

Qt Software has announced that Qtopia, a platform for creating user interfaces and applications for advanced consumer electronics based on Linux, has been renamed and launched as Qt Extended 4.4. ""Qt Extended is designed to accelerate software development for a wide range of consumer devices, such as video IP phones, media players and other advanced devices," said Sebastian Nystrom, Vice President of Qt Software, Nokia. "With the new release of Qt Extended, we are making it easier to differentiate the user experience and the feature set.""

Comments (9 posted)

VMware Workstation 6.5 announced

VMware has announced version 6.5 of VMware Workstation. "VMware Workstation 6.5 makes it simple to create and run multiple virtual machines on your desktop or laptop computer. You can convert an existing physical PC into a VMware virtual machine, or create a new virtual machine from scratch. Each virtual machine represents a complete PC, including the processor, memory, network connections and peripheral ports."

Comments (none posted)

New Books

A new book about Python

Association AfPy has published the book Expert Python Programming by Tarek Ziadé.

Full Story (comments: none)

Event Reports

The Italian Perl Workshop 2008 has ended (use Perl)

use Perl has coverage of The Italian Perl Workshop 2008. "On September 18 and 19, 2008, the Italian Perl Workshop 2008 took place at the Computer Science Department of the University of Pisa. It was a huge success; here are some numbers: 2 days of conference, 2 parallel tracks, more than 30 talks, 120 attendees, 20 sponsors, 3 patrons (Comune di Pisa, YAPC::Europe Foundation, Perl Foundation), and many international guests, including: Tim Bunce, Rafaël Garcia-Suarez, Marcus Ramberg and Matt S Trout."

Comments (none posted)

Meeting Minutes

Perl 6 Design Minutes (use Perl)

The minutes from the September 3, 2008 Perl 6 Design Meeting have been published. "The Perl 6 design team met by phone on 03 September 2008. Larry, Allison, Patrick, Jerry, Jesse, Nicholas, and chromatic attended."

Comments (none posted)

Calls for Presentations

CeBIT Open Source: Linux Magazine and Linux Foundation Announce Call for Projects

Linux Magazine has the call for projects for CeBIT 2009. "Open Source is emerging for the first time as a central theme at the CeBIT 2009 conference. Linux Magazine, together with the conference organizers and the Linux Foundation, is now encouraging Open Source projects to bid for free booths at the conference. CeBIT 2009, the largest global IT trade show opens March 3-8 in Hannover, Germany."

Comments (none posted)

PyCon 2009 Call for Proposals

The PyCon 2009 Call for Proposals has been announced. "Want to share your experience and expertise? PyCon 2009 is looking for proposals to fill the formal presentation tracks. The PyCon conference days will be March 27-29, 2009 in Chicago, Illinois, preceded by the tutorial days (March 25-26), and followed by four days of development sprints (March 30-April 2)." Proposals are due by November 3.

Full Story (comments: none)

PyCon 2009 - Call for Tutorials

A call for tutorials has gone out for PyCon 2009. "The period for submitting tutorial proposals for Pycon 2009 (US) is open and will continue through Friday, October 31th. This year features two "pre-conference" days devoted to tutorials on Wednesday March 25 & Thursday March 26 in Chicago. This allows for more classes than ever."

Full Story (comments: none)

Upcoming Events

Beijing Perl Workshop - Nov 08, 2008 (use Perl)

use Perl has announced the Beijing Perl Workshop. "Qiang writes "just a quick announcement that PerlChina is going to host a Beijing Perl Workshop on Nov 08, 2008. It is jointly organized with the postgresql china that means there will be some postgresql talks as well. We have also secured few sponsorships to fly Jesse Vincent and two other postgresql hackers to the workshop."

Comments (none posted)

International Hacking and Security Conference 'POC2008'

POC2008, the 3rd international hacking and security conference will take place in Seoul, Korea on November 13 and 14, 2008. "'POC' means 'Power of Community'. We believe that the power of community can make the world safer. POC doesn't pursue money. So we are free to show real hacking and security. POC2008 hates just theoretical discussion. POC2008 concentrates on technical and creative discussion and will show real hacking. POC2008 believes that showing talks much more than just speaking."

Full Story (comments: none)

LinuxCon to be held in Portland, September, 2009

The Linux Foundation has announced that it will be organizing the new "LinuxCon" conference in Portland, Oregon in September, 2009; it will be co-located with the Linux Plumbers Conference. "LinuxCon will include paper-based technical conference sessions, tutorials, keynotes, a technology showcase and targeted mini-summits on topics such as mobile, desktop and embedded, and much more. The Linux Foundation will work with community and industry groups to provide a place for mini-summits and other collaboration vehicles." The release also notes that the Foundation has hired Ottawa Linux Symposium co-founder Craig Ross to work on events like LinuxCon.

Comments (1 posted)

OSDC 2008 Earlybird Registration is now open

Earlybird Registration for The Open Source Developers' Conference 2008 has been opened. The event takes place in Sydney, Australia on December 2-5. "OSDC 2008 is a conference run by open source developers, for developers and business people. It covers numerous programming languages across a range of operating systems, and related topics such as business processes, licensing, and strategy. Talks vary from introductory pieces through to the deeply technical."

Full Story (comments: none)

VMware Announces VMworld Europe 2008

VMworld Europe 2008 has been announced. "VMware, Inc., the global leader in virtualization solutions from the desktop to the datacenter, announced details of the second annual VMworld Europe 2009 conference to be held on 24-26 February 2009 at the Palais des Festivals et des Congrès, Cannes, France."

Comments (1 posted)

Events: October 9, 2008 to December 8, 2008

The following event listing is taken from the Calendar.

October 7
October 10
OWASP NYC AppSec 2008 Conference New York, NY, USA
October 7
October 10
Linux-Kongress 2008 Hamburg, Germany
October 10
October 12
Ohio LinuxFest 2008 Columbus, Ohio, USA
October 10
October 12
PostgreSQL Conference West 08 Portland, OR, USA
October 10
October 12
Skolelinux Developer Gathering Oslo, Norway
October 11
October 12
Pittsburgh Perl Workshop Pittsburgh, PA, USA
October 11
October 12
MerbCamp San Diego, CA, USA
October 13
October 14
Linux Foundation End User Collaboration Summit New York, USA
October 13 Skolelinux User Conference Oslo, Norway
October 15
October 16
OpenSAF Developer Days Munich, Germany
October 17
October 18
European PGDay 2008 Prato, Italy
October 18
October 19
Maker Faire Austin Austin, TX, USA
October 19
October 24
Colorado Software Summit 2008 Keystone, CO, USA
October 20
October 24
15th Annual Tcl/Tk Conference Manassas, VA, USA
October 21
October 23
Web 2.0 Expo Europe Berlin, Germany
October 21
October 24
Systems Munich, Germany
October 22
October 24 2008 Parc Hotel Alvisse, Luxembourg
October 22
October 24
Encuentro Linux Concepción, Chile
October 24
October 26
Free Society Conference and Nordic Summit Gothenburg, Sweden
October 25
October 26
T-DOSE 2008 Eindhoven, the Netherlands
October 25 Ontario Linux Fest 2008 Toronto, Canada
October 26
October 31
IBM Information On Demand 2008 Mandalay Bay - Las Vegas, Nevada, USA
October 27
October 30
Embedded Systems Conference - Boston Boston, USA
October 29
November 1
10th Real-Time Linux Workshop Colotlán, Jalisco, Mexico
November 3
November 7
ApacheCon US 2008 New Orleans, LA, USA
November 5
November 7 Conference 2008 Beijing, China
November 6 NLUUG autumn conference: Mobile Applications Ede, Netherlands
November 6
November 7
Embedded Linux Conference Europe 2008 Ede, Netherlands
November 7
November 8
TwinCity Perl Workshop 2008 Vienna, Austria
November 7
November 9
UKUUG linux conference Manchester, UK
November 8
November 9
Hackers to Hackers Conference 05' Sao Paulo, Brazil
November 8
November 9 Kuala Lumpur, Malaysia
November 10
November 14
Python Bootcamp with Dave Beazley Atlanta, GA, USA
November 11
November 14
DeepSec IDSC 2008 Vienna, Austria
November 12
November 14
php|works 2008 Atlanta, GA, USA
November 12
November 13
PacSec Applied Security Conference Tokyo, Japan
November 13
November 14
International Hacking and Security Conference Seoul, Korea
November 14
November 16
OpenSQL Camp 2008 Charlottesville, VA, USA
November 16
November 20
Middle East IT Security Conference Dubai, UAE
November 19
November 20
Linux Foundation Japan Symposium Tokyo, Japan
November 20
November 21
FreedomHEC Taipei 2008 Taipei, Taiwan
November 22 The phpnw08 conference Manchester, UK
November 22 PGDay Rio de la Plata Buenos Aires, Argentina
November 22 Mandriva 2009 Installfest Everywhere, World
November 25
November 29
FOSS.IN 2008 Bangalore, India
November 25
November 30
make art 2008 Poitiers, France
November 28 Informazione geografica aperta e libera Pontedera (PI), Italy
November 28
November 29
WhyFLOSS La Plata - Argentina La Plata, Argentina
November 29 LinuxDay in Vorarlberg (Deutschland, Schweiz, Liechtenstein und Österreich) Dornbirn, Austria
December 1 First Nuxeo Developer Day Paris, France
December 1
December 2
Open World Forum Paris, France
December 2
December 5
Open Source Developers' Conference 2008 Sydney, NSW, Australia
December 4
December 7
PIKSEL08 - code dreams Bergen, Norway
December 5
December 6
FOSSCamp Mountain View, CA, USA
December 5
December 13
International Joint Conferences on Computer, Information, and Systems Sciences, and Engineering Online
December 7
December 12
Computer Measurement Group Conference 2008 Las Vegas, NV, USA

If your event does not appear here, please tell us about it.

Page editor: Forrest Cook

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds