|
|
Subscribe / Log in / New account

LWN.net Weekly Edition for October 30, 2008

Directions for GNOME 3.0

October 29, 2008

This article was contributed by Jonathan Roberts

Earlier this year at the Gnome Users and Developers Conference, it was announced that there would be a Gnome 3.0 and discussions about how to make the transition are now open. Since then, there has been another gathering of Gnome developers, discussing and making plans about how they would like to modernize the interface. Over the past few days, a number of blog posts have appeared on Planet Gnome discussing some of the happenings at this five day event, and I felt a summary of the ideas so far might be useful to everyone concerned.

The Journal

The idea that has perhaps received the clearest exposition, along with some concrete work on beginning to make it a reality, is a refreshed way to handle day to day file management based on the OLPC's journal concept. Federico Mena-Quintero posted to his blog reporting his teams brainstorming session. What's wrong with how we handle file management today? Federico says:

Let's consider a very common workflow: download an image from a web site, make some modifications to it, and attach it to an e-mail. When you do "save image as" in your web browser, it will default to ~/Downloads or even ~/Desktop. When you do "file/open" in the GIMP, it will default to the last directory you used in the GIMP, even if it was from days ago (on my machine right now, the GIMP defaulted to look at files from ~/src/some-random-directory) ... The end result is that your workflow gets shattered to pieces, as programs try to be helpful within themselves, but they totally fail at being helpful within your workflow.

So, programs contribute to having files scattered around everywhere, and there is no easy way to look at everything together.

To solve this problem, they began from the premise that humans are fairly good at knowing when they did things: "I started typing my homework last Monday, because I knew it was due on my Thursday class" and "I mailed you that photo two weeks ago, right after my birthday [Journal mockup] party" were the examples given. From here, the argument is that if we can present users with a journal view of what they did, they can forget about where they put a file and just browse through a time line to find what they were looking for.

The journal would not only keep track of files you created, but websites you visited, IM conversations you had, and even allow you to make notes about particular entries. An example of this final kind of functionality might be noting down reference numbers from receipts or customer service representatives.The other two major features of the journal would be the ability to star important items, so they're kept in a separate section, along with the ability to create files from directly within the journal, allowing it to act as a kind of scrap book.

As well as Federico's own proof of concept implementation, you can also find similar ideas in Mayanna's timeline, a fork of Gimmie, and the Nemo file manager.

Task Orientation

This post didn't arise out of the User Experience Hackfest, but from GUADEC earlier in the year. Karl Lattimer has posited that the application centric workflow is broken, and that people don't use a computer with the intention of using a particular application, but with the intention of completing a particular task. Obviously tasks rarely stand on their own, but often form part of a larger project.

Karl comments that he believes Federico is making moves in the right direction with the journal, providing users with the capacity to track what they did and when - perhaps a kind of project management framework - but he believes that we also need to provide users with the ability to track why things were done, gathering metadata about the tasks and building a picture of the relationships between them. The example he uses is that of an email received from a colleague asking us to update a file by a certain deadline: from this we could extract the file, the deadline, who sent it to us, and possibly even what needs doing to the file, all of which could be fed into the journal or other interface. This obviously has some practical challenges when it comes to considering how it could be implemented, but if realized could deliver an automated task list that's closely linked with templates for commonly performed tasks, doing away with the idea of static workspaces and applications for ever.

Karl sums up his thoughts nicely in this paragraph:

For us to get there we need to invent some cool stuff, semantics is one part, organising the data by what it is rather than where it is, especially when the user has a tendency to loose things in the jungle of file systems. Journals and revision control are another part of it, remembering what we've been doing and when, but also templates and schema's are part of it too, hiding the notion of an application behind the tasks you want to achieve and the things you want to get done.

The Desktop Shell

During this hackfest session, the team tried to forget about the current Gnome interface and focus on what makes sense for users; ironically, Vincent Untz decided to start his post, about how the team forgot about the current Gnome interface, with some observations of the current Gnome interface. The problems he identified in the current interface were four-fold. Firstly, finding the window you want can be difficult when using the default applet, particularly if you have more than a few windows open, and particularly if you have a smaller screen. Secondly, few people make use of the multiple workspaces idea, largely because they were just unaware of their existence. Thirdly, application menus are a slow and inefficient way to open up new applications; some take advantage of launchers or the run dialog to improve on this, but most don't know how to do this. And finally, the current panel is certainly very powerful, but its power is wasted in unneeded flexibility such as being able to position the panel in the middle of the screen.

Perhaps the most controversial proposal to fix these problems so far is to restrict Gnome to a single static panel: by removing one panel we'd be saving valuable screen real estate, and by having a layout we can depend on we'd be able to use "hot corners" more effectively, allowing users to easily set their presence, as well as to launch a new "activities overlay mode". While the idea of a single panel hasn't raised too much concern, the static point has: Mathias Hasselmann responds with "Static Panel Nonsense", suggesting that many Gnome users, himself included, as well as Mac OS and Windows users, heavily customize the layout of their panels with custom launchers, and to improve something by removing existing functionality is not a good approach.

The most promising proposal from my point of view, and what seems to be a common OLPC inspired train of thought amongst Gnome's community, is the notion of activities. An activity is essentially what Karl Lattimer described as a project, made up of individual tasks, and what many Gnome users organize into separate work spaces in the current environment. In the current Gnome environment, Vincent argues, activities and work spaces are static: a user configures 8 desktops and sticks with them. His proposal is that activities should be far more flexible, and if a user wants to start a new one then we should help them by creating a new desktop automatically.

Where Next

Reportedly the release team are busy preparing a plan for how we can move from Gnome 2.x to 3.0, with the current plan appearing to be that what would have been called 2.30 will become 3.0. In this time frame, the very least of what we can expect to see is a revamped Gtk+, but what changes the user can expect to see is far harder to tell as there are no known plans for a radical interface overhaul like that seen during the development of KDE 4. Instead, it appears that the Gnome release team are planning on sticking to their current principles with regard to what features will become a core part of the desktop stack: adoption by popular distributions, stability, and a proven track record will all be required for features to make it in. This may seem like it rules out huge amounts of innovation, but there are a number of existing frameworks in Gnome that are very exciting (PolicyKit, PackageKit, Clutter, GVFS, desktop search, D-Conf, online desktop), and perhaps the 3.0 development cycle will see these mature and finally deliver on their promise of revolutionizing the user experience, with many of these technologies forming the backbone of the ideas discussed in this article.

Comments (45 posted)

Debian's election season: old firmware and new contributors

By Jonathan Corbet
October 29, 2008
Longtime LWN readers will be aware of your editor's tendency toward the publishing of wild predictions at the beginning of each year. The 2007 predictions irritated some Debian developers and users by suggesting that, after getting the Etch release out the door, the project would go back to arguing about firmware issues. At the end of the year, it became necessary to acknowledge that this prediction, like so many others, had failed to come to pass. In retrospect, the error in this prediction was obvious: the Debian Project traditionally saves the firmware argument for the end of the release process. After all, they need to find some way to delay a release once it's looking close to ready.

The problem with firmware, of course, is that it is a binary blob lacking the corresponding source, and, sometimes, even a license allowing its distribution. Many developers and users see that blob as being part of the hardware; as long as the blob is distributable, it does not bother them. Others, though, regard firmware blobs as proprietary software and their incorporation into the kernel as a GPL violation. The Debian Project, which promises to deliver a 100% free distribution to its users, houses many developers from the latter camp. These developers, who see firmware distribution as a violation of the project's social contract, can be counted upon to raise the issue each release cycle.

In 2004, the project responded by passing a general resolution suspending some social contract provisions through September 1 of that year on the reasoning that it would be long enough to get the Sarge release done. Putting a date on a Debian release tends to be a mistake, though; Sarge was not finished until June, 2005. By unspoken consensus, that date was somehow deemed to have fallen before September 1, 2004. In 2006, the project voted again on firmware. Having learned from experience, the exception they allowed this time lacked a date, simply saying that the presence of binary-only firmware in the Etch release was something the project was willing to tolerate.

The 2008 discussion started when Ben Finney pointed out that a number of firmware-related entries in the Debian bug tracking system had been quietly marked "lenny-ignore" - not relevant to the upcoming Lenny release. This action, many have subsequently argued, runs counter to the social contract and constitution, which do not allow the shipping of non-free software to be swept under the carpet in this way. They would, instead, like to see the kernel team remove the (relatively few) firmware blobs remaining in the kernel. Such a change, it is said, should be relatively easy; recent changes within the kernel are helpful in this regard - though said changes became available in 2.6.27, which is not the kernel expected to be shipped with the Lenny release. For the 2.6.26 kernel used by Lenny, Ben Hutchings reports that he has done the necessary work to excise the remaining firmware.

On the other side, there are developers who are more concerned about (1) getting the Lenny release out as quickly as possible, and (2) making sure that hardware Just Works for Lenny users. They would rather that the process of removing firmware continue independently of (and without delaying) the Lenny release.

This is Debian that we're talking about, so the issue will probably be decided by way of a general resolution. There are currently two sets of resolutions being circulated, though neither has reached a final state for voting. The first set addresses the Lenny question, providing two options: either delay Lenny until the firmware removal work is complete, or accept that - just once more, really this time, honest - a major Debian release will include some firmware in its kernel. (The "ship Lenny" option is actually two options, one allowing firmware and one allowing Debian Free Software Guidelines violations in general). What the project will decide once this resolution comes to a vote is unclear - but Debian's developers have always voted to get the release out in the past.

The second proposal addresses what happens after the Lenny release; it says that any package which violates the Debian Free Software Guidelines for more than 180 days will be forced into the non-free repository. The clear hope here is to ensure that this tiresome discussion doesn't happen yet again in the next release cycle. By the time the next release is getting close to ready, any non-compliant packages will have long since been banished to the non-free wasteland. If it ever comes down to moving the kernel to non-free, though, one can assume that the discussion will resume with a vengeance.

Developers, Members, Maintainers, and Contributors

Meanwhile, a different disagreement is headed toward - you guessed it - a general resolution. Long-time Debian watchers have noted that another recurring topic of debate is the acceptance of new developers. The new maintainer process involves long delays, tests of ideological purity, and more. Even when it works smoothly (which seems to generally be the case in recent years) it requires a certain amount of patience and determination on the part of an aspiring Debian Developer.

The difficulty of the process is a design feature; Debian developers occupy a position of some trust, and the project wants to make sure that applicants are serious. Over time, though, it has become clear that this process is costing the project the time and energy of talented contributors who do not wish to jump through all the hoops. In response, the project created a "Debian maintainer" designation which allows the uploading of packages, but withholds many of the other privileges enjoyed by full developers. This change appears to have been successful in enabling a larger group of developers to contribute to Debian.

More recently, Joerg Jaspert has proposed lowering the bar to certain types of contribution even further. The proposal reads:

Debian is about developing a free operating system, but there's more in an operating system than just software and packages. If we want translators, documentation writers, artists, free software advocates, et al. to get endorsed by the project and feel proud for it, we need some way to acknowledge that.

To that end, Joerg would create a new "Debian Contributor" classification. Contributors would be those doing translations or documentation; the proposal doesn't say that contributors don't touch code, but one gets that sense. Contributors would still have to jump through some hoops, but they would be fewer. They would not be able to upload packages on their own. The proposal also changes the Debian Maintainer standards, making that designation a little bit harder to get. Finally, the proposal states that all new applicants to the project would become Contributors or Maintainers. Only after a six-month period would they be able to apply for full Debian Developer or Debian Member status -- "Debian Member" being another new category that, while being equivalent to Debian Developer in almost all respects, would not have package upload privileges.

Interestingly, there has not been much discussion of the substance of this proposal. But there has been a fair amount of debate over how it is being done. It would appear that some developers see this change as being imposed by a single project official without the debate that Debian changes normally require. Martin Krafft has further asserted that this kind of change goes beyond Joerg's authority as Debian account manager, a claim that Joerg denies.

So now there are proposed general resolutions being circulated. An early version simply decreed that the proposed changes were "suspended" in favor of changes to be made through a more consensus-oriented process. Later versions soften the language somewhat, and thank Joerg for his effort in this area - but still require a "consensus or general resolution" before changes are adopted. In any form, the clear point of the resolution is to slow down the process and open it up for a wider discussion.

Again, voting has not begun on any specific resolution, so we don't yet know what will even be voted on, much less how it will come out. But we can expect that, as a certain presidential election process finally (thankfully) comes to a close, activity will be picking up on a different set of votes.

Comments (11 posted)

Networking change causes distribution headaches

By Jake Edge
October 28, 2008

A seemingly innocuous change to the networking code that went into the 2.6.27 kernel is now causing trouble for various distributions. Ubuntu, Fedora, and openSUSE are all buttoning up their packages for a release in the near future—with Ubuntu's due this week—so kernel changes are not particularly welcome. Unfortunately, if the problem is not addressed, some users may never be able to download a fix because their TCP/IP won't interoperate with some broken equipment on the internet.

The problem stems from changes that were made to clean up the TCP option code that were merged back in July as part of the 2.6.27 merge window. TCP options are a mechanism to expand the functionality of the protocol as conditions change. There are a handful of commonly used options that the two endpoints of a connection can agree to use, for things like maximum segment size (MSS), window scaling, selective acknowledgment (SACK), and timestamps. Options have been added over time to provide more internet robustness and performance as well as to support higher-bandwidth physical connections.

A perfectly reasonable, if unintended, consequence of the code change was that the the options were put into the header in a slightly different order. According to the relevant RFCs, options can appear in any order in the option section of the TCP header. But, some home and/or internet routers seem to expect a fixed order; refusing to make connections if the order is "wrong". In particular, it would seem that the MSS option needs to appear before the SACK option.

The bug was reported to Ubuntu Launchpad in early September, but not a lot of progress was made until it was added to the kernel.org bugzilla in early October. It seems to have only affected a relatively small number of users—Red Hat's Dave Jones said that there were no reports from users of the rawhide 2.6.27 kernel—as it was rather hardware-specific. This made it difficult to track down for the majority of folks who couldn't reproduce it. Ubuntu user Aldo Maggi, who filed the kernel bug, sets a marvelous example of how to work with the kernel hackers to track down the problem as can be seen in the bugzilla entry.

Eventually, the option re-ordering problem was discovered and a patch was submitted by Ilpo Järvinen that restored the order of the options. Along the way, with help from Mandriva, it was discovered that turning off TCP timestamps by way of: 

    sysctl -w net.ipv4.tcp_timestamps=0
worked around the problem without changing the kernel—at the cost of losing the TCP timestamp functionality.

So it would seem that the problem has been solved—the patch has been merged into Linus Torvalds's tree for 2.6.28—but there are still a few unresolved issues. The three distributions that are preparing new releases are all based on 2.6.27, but as yet, there has not been a -stable kernel release that picks up the patch, though it is likely to come fairly soon.

In the meantime, Fedora has added the patch to its kernel in rawhide, so Fedora 10 (and eventually Fedora 9 when it gets rebased on 2.6.27) will have the fix. openSUSE is waiting a bit to see what gets submitted by the kernel networking developers to the -stable team. As Novell/SUSE kernel hacker Greg Kroah-Hartman puts it: "We still have a while to go before the final 11.1 kernel is released, so we feel no pressure here." Unfortunately, Ubuntu got caught very late in its release cycle as 8.10 (or Intrepid Ibex) is due on October 30.

The original plan as outlined by Debian/Ubuntu hacker Steve Langasek was to note the problem in the release notes for 8.10, but not address the underlying problem until after the release:

The kernel fix is known upstream; implementing it requires kernel uploads and installer rebuilds, which it's just not possible to fit in between the release candidate and the release. We will certainly want to include this fix in a kernel update as soon as possible after the release, but this is unfortunately in a class of bugs that we can't fix the week of release (even turning timestamps off requires a kernel upload, unless we want to permanently disable tcp timestamp support for Ubuntu 8.10).

That led many in the Launchpad bug thread to note that it was going to be a real mess, especially for the least technical of users. Nick Lowe sums up the problem:

[...] You should really delay for this if you need more time...

RC shouldn't mean Release ComeHellOrHighWater

The users who are most likely to hit this are home users behind their aged/unmaintained consumer routers who are highly unlikely to understand why they can't access the Web and will just go elsewhere...

Certainly, the release notes are not the first place an affected user would go if they ran into the problem. More than likely, they would just decide that Ubuntu—by extension Linux—is simply broken, so it is a relief to see that Ubuntu eventually relented. For 8.10, the procps package has been changed to work around the problem by turning off timestamps. Once a new kernel package is released with the re-ordering patch included, timestamps can presumably be restored.

This kind of problem—where affected users may not be able to retrieve an update to fix it—should really be part of the definition of a show-stopping (i.e. release date slipping) problem. It was rather galling to some that Ubuntu would consider shipping with this known issue, simply to make its 8.10 release in the 10th month of 2008 (which is how Ubuntu releases are numbered).

Ubuntu is justifiably proud of its record of shipping releases on time, but it cannot do that at the expense of its users. While the workaround that was implemented was suboptimal, perhaps, it does ensure that users—especially non-technical users—won't find that web surfing doesn't work in Linux. It should also allow Ubuntu to release on schedule.

[ Thanks to Nick Lowe for giving us a heads-up about this issue. ]

Comments (62 posted)

Page editor: Jonathan Corbet

Security

Another kind of cookie

By Jake Edge
October 29, 2008

It has become increasingly difficult to use the web without some kind of Flash player, but a little-known "feature" of Flash is causing some privacy concerns. In some ways, Local Shared Objects (LSOs aka Flash cookies) are similar to browser cookies, but there are a number of significant differences as well. In addition, because the dominant Flash player is closed-source, one must depend on Adobe's ability to faithfully implement the security model. In all, Flash cookies are something that web users should be cognizant of.

At its core, an LSO is a chunk of data that is stored on a user's disk based on the domain that the Flash program was downloaded from. Only Flash programs from that domain should have access to the data and, unlike browser cookies, much more data can be stored. By default, 100K bytes can be used per domain, which is a sizable increase from the 4K available for browser cookies. The amount of storage for a Flash cookie can be increased with the assent of the user, or decreased via the management interface.

Another major difference from the now-familiar browser cookies is that the interface for managing them is less-than-obvious. From a given Flash application, there is a "Settings" menu that allows control of the LSOs from that site. To see the sites that have stored Flash cookies or to have more global control over them, one must visit Adobe's site. There are also third-party applications and browser add-ons that will allow more control. A user can also resort to the ultimate control—removing them from the filesystem (~/.macromedia/Flash_Player/#SharedObjects).

There are many benign things that a Flash application might do with a bit of local storage—caching data, storing preferences, etc.—but they can also be used to track users in much the same way that browser cookies are used. Because Flash cookies are less well-known, and harder to manage, though, they may be more effective because they are removed or restricted less often.

Another important thing to note is that there is no requirement that there be a visible Flash application on the web site. A site could embed a Flash application with no visible elements simply to store a cookie. Unless the user has a browser add-on like NoScript, they will get no indication that anything has happened.

Assuming that there aren't any holes in Adobe's implementation of the Flash security model, Flash cookies aren't much different—or more dangerous—than browser cookies. But that assumption is a bit worrisome. For Firefox or other free software browsers, the code can be inspected to verify correct behavior. Either Flash or Firefox could have some flaw that allowed cross-site cookie access (which would be a rather nasty information disclosure vulnerability), but for Flash, we can only take Adobe's word.

Privacy advocates have been successful in getting the idea of deleting browser cookies into the consciousness of concerned users, but Flash cookies seem to have flown below the radar. A recent blog posting that was widely reported has helped to raise the profile of Flash cookies so that users will, hopefully, know that they exist. Those with a desire to strictly control their privacy will be better able to do so. With luck, it may also lead Adobe to provide an easier and more visible interface to manage them as well.

Comments (6 posted)

New vulnerabilities

cman: insecure temp file

Package(s):cman CVE #(s):CVE-2008-4192
Created:October 23, 2008 Updated:February 16, 2011
Description: cman has an insecure temp file vulnerability. From the Red Hat bug report:

A malicious user could precreate a symlink, pointing to the file /tmp/eglog, Subsequent run of the '/sbin/egenera' command would destroy / truncate the target of this link to zero length.

Alerts:
Red Hat RHSA-2011:0266-01 fence 2011-02-16
Ubuntu USN-875-1 redhat-cluster, redhat-cluster-suite 2009-12-18
Fedora FEDORA-2008-9458 gfs2-utils 2008-11-07
Fedora FEDORA-2008-9458 rgmanager 2008-11-07
Fedora FEDORA-2008-9458 cman 2008-11-07
Fedora FEDORA-2008-9042 cman 2008-10-23

Comments (none posted)

cman: insecure temp file

Package(s):cman CVE #(s):CVE-2008-4579
Created:October 23, 2008 Updated:February 16, 2011
Description: cman has an insecure temp file vulnerability. From the Red Hat bug report:

The fence_apc and fence_apc_snmp programs, as used in fence 2.02.00-r1 and possibly cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file.

Alerts:
Red Hat RHSA-2011:0266-01 fence 2011-02-16
Gentoo 201009-09 fence 2010-09-29
Ubuntu USN-875-1 redhat-cluster, redhat-cluster-suite 2009-12-18
CentOS CESA-2009:1341 cman 2009-09-15
Red Hat RHSA-2009:1341-02 cman 2009-09-02
Fedora FEDORA-2008-9458 gfs2-utils 2008-11-07
Fedora FEDORA-2008-9458 rgmanager 2008-11-07
Fedora FEDORA-2008-9458 cman 2008-11-07
Fedora FEDORA-2008-9042 cman 2008-10-23

Comments (none posted)

emacs: arbitrary code execution

Package(s):emacs CVE #(s):CVE-2008-3949
Created:October 28, 2008 Updated:February 24, 2009
Description: From the CVE entry: Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.
Alerts:
Gentoo 200902-06 emacs 2009-02-23
Mandriva MDVSA-2008:216 emacs 2008-10-27

Comments (none posted)

flash-plugin: several vulnerabilities

Package(s):flash-plugin CVE #(s):CVE-2008-3873 CVE-2008-4401 CVE-2008-4503
Created:October 28, 2008 Updated:November 14, 2008
Description: From the Red Hat advisory:

A flaw was found in the way Adobe Flash Player wrote content to the clipboard. A malicious SWF file could populate the clipboard with a URL that could cause the user to mistakenly load an attacker-controlled URL. (CVE-2008-3873)

A flaw was found which allowed Adobe Flash Player's ActionScript to initiate file uploads and downloads without user interaction. FileReference.browse and FileReference.download calls can now only be initiated via user interaction, such as mouse-clicks or key-presses on the keyboard. (CVE-2008-4401)

A flaw was found in Adobe Flash Player's display of the Settings Manager content. A malicious SWF file could trick the user into unknowingly clicking a link or dialog. This could then give the malicious SWF file permission to access the local machine's camera or microphone. (CVE-2008-4503)

Alerts:
SuSE SUSE-SR:2008:025 apache2, ipsec-tools, kernel-bigsmp, flash-player, mysql, ktorrent 2008-11-14
Red Hat RHSA-2008:0980-02 flash-plugin 2008-11-12
Red Hat RHSA-2008:0945-01 flash-plugin 2008-10-28

Comments (none posted)

kernel: restriction bypass

Package(s):kernel CVE #(s):CVE-2008-4554
Created:October 23, 2008 Updated:June 8, 2009
Description: The kernel has a restriction bypass vulnerability. From the Red Hat bug report:

Miklos Szeredi reported that splice() to files opened with O_APPEND are ignored, which allows users to bypass the append-only restriction.

Alerts:
SuSE SUSE-SA:2009:030 kernel 2009-06-08
CentOS CESA-2008:1017 kernel 2008-12-17
Red Hat RHSA-2008:1017-01 kernel 2008-12-16
Debian DSA-1687-1 linux-2.6 2008-12-15
Debian DSA-1681-1 linux-2.6.24 2008-12-04
Ubuntu USN-679-1 linux, linux-source-2.6.15/22 2008-11-27
Mandriva MDVSA-2008:224-1 kernel 2008-11-07
Mandriva MDVSA-2008:224 kernel 2008-11-04
Fedora FEDORA-2008-8929 kernel 2008-10-23
Fedora FEDORA-2008-8980 kernel 2008-10-23
Red Hat RHSA-2009:0009-02 kernel 2009-01-22
SuSE SUSE-SA:2009:003 kernel-debug 2009-01-20

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2008-4410
Created:October 23, 2008 Updated:October 29, 2008
Description: The kernel has a denial of service vulnerability. From the CVE description:

The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) in the Linux kernel 2.6.26.5 invokes write_idt_entry where write_ldt_entry was intended, which allows local users to cause a denial of service (persistent application failure) via crafted function calls, related to the Java Runtime Environment (JRE) experiencing improper LDT selector state, a different vulnerability than CVE-2008-3247.

Alerts:
SuSE SUSE-SA:2008:053 kernel 2008-10-27
Fedora FEDORA-2008-8929 kernel 2008-10-23
Fedora FEDORA-2008-8980 kernel 2008-10-23

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2008-3911 CVE-2008-4618
Created:October 27, 2008 Updated:January 22, 2009
Description:

From the SUSE advisory:

CVE-2008-3911: The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from user space, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file.

CVE-2008-4618: Fixed a kernel panic in SCTP while process protocol violation parameter.

Alerts:
Debian DSA-1681-1 linux-2.6.24 2008-12-04
Ubuntu USN-679-1 linux, linux-source-2.6.15/22 2008-11-27
SuSE SUSE-SA:2008:053 kernel 2008-10-27
Red Hat RHSA-2009:0009-02 kernel 2009-01-22

Comments (none posted)

ktorrent: multiple vulnerabilities

Package(s):ktorrent CVE #(s):
Created:October 27, 2008 Updated:November 6, 2008
Description:

From the Fedora advisory:

Another bugfix release for the 3.1 series is out. This fixes several bugs : * A crash caused by a SIGBUS, when diskspace preallocation is disabled * High CPU usage when DNS lookups fail in the UDP tracker code * Several security issues in the webinterface plugin

Alerts:
Fedora FEDORA-2008-9267 ktorrent 2008-11-06
Fedora FEDORA-2008-9167 ktorrent 2008-10-24

Comments (none posted)

libspf2: buffer overflow

Package(s):libspf2 CVE #(s):CVE-2008-2469
Created:October 24, 2008 Updated:October 31, 2008
Description: From the Debian advisory: Dan Kaminsky discovered that libspf2, an implementation of the Sender Policy Framework (SPF) used by mail servers for mail filtering, handles malformed TXT records incorrectly, leading to a buffer overflow condition
Alerts:
Gentoo 200810-03 libspf2 2008-10-30
Debian DSA-1659-1 libspf2 2008-10-23

Comments (none posted)

lynx: multiple vulnerabilities

Package(s):lynx CVE #(s):CVE-2008-4690 CVE-2006-7234
Created:October 27, 2008 Updated:September 14, 2009
Description:

From the Red Hat advisory:

An arbitrary command execution flaw was found in the Lynx "lynxcgi:" URI handler. An attacker could create a web page redirecting to a malicious URL that could execute arbitrary code as the user running Lynx in the non-default "Advanced" user mode. (CVE-2008-4690)

A flaw was found in a way Lynx handled ".mailcap" and ".mime.types" configuration files. Files in the browser's current working directory were opened before those in the user's home directory. A local attacker, able to convince a user to run Lynx in a directory under their control, could possibly execute arbitrary commands as the user running Lynx. (CVE-2006-7234)

Alerts:
Gentoo 200909-15 lynx 2009-09-12
Fedora FEDORA-2008-9952 lynx 2008-12-03
Fedora FEDORA-2008-9550 lynx 2008-12-03
Fedora FEDORA-2008-9597 lynx 2008-12-03
Mandriva MDVSA-2008:217 lynx 2008-10-28
CentOS CESA-2008:0965 lynx 2008-10-27
Red Hat RHSA-2008:0965-01 lynx 2008-10-27
SuSE SUSE-SR:2009:002 imlib2, valgrind, kvm, cups, lynx, xterm 2009-01-19

Comments (none posted)

squirrelmail: session hijacking vulnerability

Package(s):squirrelmail CVE #(s):CVE-2008-3663
Created:October 23, 2008 Updated:May 13, 2009
Description: squirrelmail is vulnerable to session hijacking. From the Red Hat bug report:

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Alerts:
Mandriva MDVSA-2009:053 squirrelmail 2009-02-24
SuSE SUSE-SR:2009:004 apache, audacity, dovecot, libtiff-devel, libvirt, mediawiki, netatalk, novell-ipsec-tools,opensc, perl, phpPgAdmin, sbl, sblim-sfcb, squirrelmail, swfdec, tomcat5, virtualbox, websphere-as_ce, wine, xine-devel 2009-02-17
CentOS CESA-2009:0010 squirrelmail 2009-01-12
Red Hat RHSA-2009:0010-01 squirrelmail 2009-01-12
SuSE SUSE-SR:2008:028 clamav, IBM Java, freeradius, squirrelmail 2008-12-16
Fedora FEDORA-2008-9071 squirrelmail 2008-10-24
Fedora FEDORA-2008-8559 squirrelmail 2008-10-23

Comments (none posted)

wireshark: multiple vulnerabilities

Package(s):wireshark CVE #(s):CVE-2008-4680 CVE-2008-4681 CVE-2008-4682 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685
Created:October 27, 2008 Updated:June 30, 2009
Description:

From the CVE entries:

CVE-2008-4680: packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB).

CVE-2008-4681: Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.

CVE-2008-4682: wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.

CVE-2008-4683: The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call.

CVE-2008-4684: packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector.

CVE-2008-4685: Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.

Alerts:
Gentoo 200906-05 wireshark 2009-06-30
CentOS CESA-2009:0313 wireshark 2009-03-05
Red Hat RHSA-2009:0313-01 wireshark 2009-03-04
rPath rPSA-2008-0336-1 tshark 2008-12-11
Debian DSA-1673-1 wireshark 2008-11-29
SuSE SUSE-SR:2009:001 ethereal/wireshark, mysql, imap, rsyslog, courier-authlib, nfs-utils, libxml2, python, jhead, git, samba, vinagre, opera 2009-01-12
Mandriva MDVSA-2008:215 wireshark 2008-10-27

Comments (none posted)

Page editor: Jake Edge

Kernel development

Brief items

Kernel release status

The current 2.6 development kernel is 2.6.28-rc2, released by Linus on October 26. It adds a mere 22 changesets to 2.6.28-rc1, which came out on the 23rd. This kernel is now known as the "Killer Bat of Doom."

As of this writing, almost 200 changesets have been merged into the mainline since 2.6.28-rc2. They are mostly fixes, but there is also a driver for Elantech (EeePC) touchpads, support for MIPS-based NXP Semiconductors STB220 development boards, and a number of large ftrace changes.

The current stable 2.6 kernel is 2.6.27.4, released with a number of important fixes on October 25. Previously, 2.6.25.19, 2.6.26.7, and 2.6.27.3 were released on October 22. There will probably only be one more stable update for the 2.6.25 and 2.6.26 kernels, so users who are dependent on those updates may want to start thinking about moving to 2.6.27.

Comments (none posted)

Kernel development news

Quotes of the week

I look at Linux VT's and their kernel complexity with a mixture of awe and stupefaction that so much effort has gone in that direction....
-- Jim Gettys

I actually think it's a bit of an insult if people think of Motorola's EZX or MAGX (and now Android) phones as "Linux phones". Because all the freedoms of Linux (writing native applications against native Linux APIs that Linux developers know and love, being able to do Linux [kernel] development) are stripped.

In the end, to what good is Linux in those devices? Definitely not to any benefit of the user. It's to the benefit of the handset maker, who can skip a pretty expensive Windows Mobile licensing fee. Oh and, yes, they get better memory management than on Symbian ;)

That's the brave new world. It makes me sick.

-- Harald Welte

The actual problem is that if the kernel grows by 12k every time a developer says "what's the big deal?" the kernel will become very large indeed.
-- Matt Mackall

So it had sat in the mainline kernel for 4 years. During those years _nobody_ had ever tried to compile it. Nonetheless, there had been patches affecting it - including such exciting stuff as removal of trailing whitespaces, which had certainly greatly improved the damn thing.
-- Al Viro

Comments (17 posted)

Interview videos from the Kernel Summit

The Linux Foundation has produced a whole pile of video interviews with kernel developers from this year's Kernel Summit. Short 5-10 minute interviews with 15 different kernel developers are available. You can watch interviews with Linus Torvalds, Ted Ts'o, Greg Kroah-Hartman, and many others including LWN Executive Editor Jonathan Corbet. Videos are available in both Ogg and Flash formats.

Comments (6 posted)

Closing out the 2.6.28 merge window

By Jonathan Corbet
October 27, 2008
About 1000 changesets were merged after the previous summary was posted here. Much of those came from architecture-specific trees. Other changes merged this time around include:

  • There are new drivers for Mellanox ConnectX 10GbE network adapters, PowerPC PPC40x and PPC44x GPIO controllers, Panasonic "Let's Note" laptop special keys, Sharp SL-6000 backlight and LCD devices, Dialog Semiconductor DA9030/DA9034 backlight devices, Tabletkiosk Sahara Touch-iT backlight devices, and Toshiba TX4939 SoC ATA controllers.

  • One more not-ready-for-prime-time driver was merged via the staging tree; this one supports Redrapids Pocket Change cardbus devices. The staging tree also brought an extensive set of fixes to the drivers added earlier in the merge window.

  • The kernel has gained support for ultra-wideband protocol stacks. UWB can be used for normal networking, but the immediate application is wireless USB, which will be supported in 2.6.28.

  • The ACPI docking station code has gained support for bay and battery hotplug events.

  • The IA64 architecture now supports Xen. Also added to IA64 is support for DMA remapping devices (IOMMUs).

  • Support for kdump has been added to the PowerPC architecture.

  • The 9P (Plan9) filesystem now has RDMA support.

Changes visible to kernel developers include:

  • There is a new core_param() macro: 

        core_param(name, var, type, perm);

    Its purpose is to define "core" parameters and let them be represented in /sys/module/kernel/parameters.

  • It is now possible to create a workqueue running at realtime priority with: 

        struct workqueue_struct *create_rt_workqueue(const char *name);

  • The block driver API has changed considerably, with the inode and file parameters being removed from most block device operations. The new API looks like this: 

        struct block_device_operations {
	int (*open) (struct block_device *bdev, fmode_t mode);
	int (*release) (struct gendisk *gd, fmode_t mode);
	int (*locked_ioctl) (struct block_device *bdev, fmode_t mode, 
	    		     unsigned cmd, unsigned long arg);
	int (*ioctl) (struct block_device *bdev, fmode_t mode, 
	    	      unsigned cmd, unsigned long arg);
	int (*compat_ioctl) (struct block_device *bdev, fmode_t mode, 
	    		     unsigned cmd, unsigned long arg);
	int (*direct_access) (struct block_device *bdev, sector_t sector,
			      void **kaddr, unsigned long *pfn);
	int (*media_changed) (struct gendisk *gd);
	int (*revalidate_disk) (struct gendisk *gd);
	int (*getgeo)(struct block_device *bdev, struct hd_geometry *geo);
	struct module *owner;
    };

    The new prototypes do away with the file and inode structure pointers which were passed in previous kernels. Note that the ioctl() method is now called without the big kernel lock; code needing BKL protection must explicitly define a locked_ioctl() function instead.

  • The range timer API has been merged; callers can now specify a time period in which they would like the timeout to be delivered. The kernel can then take advantage of the range to coalesce wakeups and keep the processor idle for longer periods.

This time around, linux-next maintainer Stephen Rothwell has put together a list of linux-next patches which did not get into 2.6.28. Perhaps the biggest omission was the credentials work, which seemed poised to go in this time around. Other changes which failed to get merged include the message catalog code (which looks like it will need a change of approach) and TOMOYO Linux (which seems to be caught up in the same old "new security module with pathname-based rules" swamp).

Now the stabilization period starts. Linus, perhaps, was trying to set the tone for this development cycle when he released a much smaller and earlier 2.6.28-rc2 than would have normally been expected. By way of comparison: 2.6.25-rc2 had 359 patches applied since 2.6.25-rc1. For 2.6.26-rc2, 446 changesets were merged, and, for 2.6.27-rc2, the count was 780. For 2.6.28-rc2, instead, a total of 22 changes went in. Says Linus:

And hey, maybe we can even _continue_ the nice model of "just small fixes after -rc1". I know, it sounds insane, but it's a real pleasure to do an -rc2 with just a handful of fixes for real problems that real people see. What a concept!

Should this pattern hold, it may well be that 2.6.28 will stabilize more quickly and successfully than its predecessors. It will, in any case, be interesting to watch.

Comments (1 posted)

Tracking tbench troubles

By Jonathan Corbet
October 29, 2008
Kernel developers tend to have a mixed view of benchmarks. A benchmarking tool can do an effective job of quantifying specific aspects of system performance. But benchmarks are not real workloads; optimizing for a benchmark can often distort a system in ways which are detrimental to real applications. Since kernel hackers do not always see benchmark optimization as their top priority, they can sometimes assign a lower priority to benchmark regressions as well. But, sometimes, benchmark problems indicate a real problem in the kernel.

The tbench benchmark is meant to measure networking performance; it consists of a collection of processes quickly making lots of small requests from a server process. Since the requests are small, there is not much time spent actually moving data; it's all a matter of shifting small packets around - and scheduling between the processes. Back in August, Christoph Lameter reported that tbench performance in the mainline kernel had been declining for some time. His system was able to move 3208 MB/sec with a 2.6.22 kernel, but only 2571 MB/sec with a 2.6.27-rc kernel. Each of the releases in between showed a decline from the one which came before, with 2.6.25 showing an especially big hit. Others were able to reproduce the results, and they engaged in various rounds of speculation on where the problem might be, but it seems that, initially, nobody actually dug into the system to see what was going on.

At linux.conf.au 2007, Andi Kleen gave a talk describing various types of kernel hackers. One of those was the "Russian mathematician" who, he suspected, was often a room full of talented developers operating under a single name. Evgeniy Polyakov can only have reinforced that view when, in early October, he tracked down the biggest offending commit through a process which, he says, involved "just [a] couple of hundreds of compilations." In the process, he put together a plot of tbench performance which, he says, is suitable for scaring children. Through a massive amount of work, he was able to point the finger at a scheduler patch - not something in the networking stack at all.

In particular, Evgeniy found that the patch adding high-resolution preemption ticks was the problem. The idea behind this patch was to make time slices more accurate by scheduling preemption at just the right time. It makes sense; once the regular clock tick has been eliminated, there is no reason not to arrange for preemption to happen when the scheduling algorithm says it should. Unfortunately, it seems that this change also adds sufficient overhead to slow down tbench performance considerably; when Evgeniy backed it out, his performance went from 373 MB/sec to 455 MB/sec. That would seem to be a pretty clear indication that something is amiss with high-resolution preemption ticks.

At this point, the public discussion went quiet, though it appears that a number of developers were working on it off-list. David Miller eventually tracked down the worst of the trouble to the wakeup code, something he was rather vocally unhappy about having had to do. Eventually a patch was merged (for 2.6.28-rc2) disabling the high-resolution preemption tick feature. Since the discussion is private, it's not quite clear why this change took as long as it did. But there's a couple of plausible reasons. One is that this particular feature is disabled by default anyway, so most users will not encounter the performance problem it creates.

But there is also the question of weighing the benchmark result against the effects on other, "real" workloads. Ingo Molnar said:

But it's a difficult call with no silver bullets. On one hand we have folks putting more and more stuff into the context-switching hotpath on the (mostly valid) point that the scheduler is a slowpath compared to most other things. On the other hand we've got folks doing high-context-switch ratio benchmarks and complaining about the overhead whenever something goes in that improves the quality of scheduling of a workload that does not context-switch as massively as tbench. It's a difficult balance and we cannot satisfy both camps.

So, by this view, performance on scheduler-intensive benchmarks must be weighed against the wider value of other scheduler enhancements. David Miller has a different view of the situation, though:

If we now think it's ok that picking which task to run is more expensive than writing 64 bytes over a TCP socket and then blocking on a read, I'd like to stop using Linux. :-) That's "real work" and if the scheduler is more expensive than "real work" we lose.

In David's view, scheduler performance has been getting consistently worse since the switch to the completely fair scheduler in 2.6.23. He would like to see some energy put into recovering some of the performance of the pre-CFS scheduler; in particular, he thinks that Ingo and company should work to fix (what he sees as) a regression that they caused.

For the time being, the worst performance regression has been "fixed" by disabling the high-resolution preemption tick feature; Ingo says that the feature will not come back until it can be supported without slowing things down. But the scheduler seems to have gotten slower in a number of other ways as well. Your editor will make a prediction here: now that the issue has been called out in such clear terms, somebody will find the time to fix these problems to the point that the CFS scheduler will be faster than the O(1) scheduler which preceded it.

Beyond that, there are suggestions that the scheduler cannot take the blame for all of the observed regressions in tbench results. So developers will have to look at the rest of the system to figure out what's going on. The good news is that this is a clear challenge with an objective way to measure success. Once a problem reaches that level of clarity, it's usually just a matter of some hacking.

Comments (6 posted)

Squashfs submitted for the mainline

By Jake Edge
October 29, 2008

The Squashfs compressed filesystem is used in everything from Live CDs to embedded devices. Many or most distributions ship it in such situations, but squashfs has been maintained outside of the mainline kernel for years. That appears to be changing as it was recently submitted for inclusion in the mainline by Phillip Lougher. The reaction has been generally favorable, with Andrew Morton requesting that Lougher move it forward: "Please prepare a tree for linux-next inclusion and unless serious problems are pointed out I'd suggest shooting for a 2.6.29 merge." So it seems like a good time to take a look at some of the features and capabilities of Squashfs.

The basic idea behind Squashfs is to generate a compressed image of a filesystem or directory hierarchy that can be mounted as a read-only filesystem. This can be done to archive a set of directories or to store them on a smaller capacity device than would normally be required. The latter is used by both Live CDs and embedded devices to squeeze more into less.

It has been nearly four years since Squashfs was last submitted to linux-kernel. Since that time, it has been almost completely rewritten based on comments from that attempt. In addition, it has gone through two filesystem layout revisions in part to allow for 64-bit sizes for files and filesystems. Another major change is to make the filesystem little-endian, so that it can be read on any architecture, regardless of endian-ness.

The mksquashfs utility is used to create the image, which can then be mounted either via loopback (from a file) or from a regular block device. One of the features added since the original attempt to mainline Squashfs—to address complaints made at that time—is the ability to export a Squashfs filesystem via NFS.

Squashfs uses gzip compression on filesystem data and metadata, achieving sizes roughly one-third that of an ext3 filesystem with the same data. The performance is quite good as well, even when compared with the simpler cramfs—a compressed read-only filesystem already available with the kernel. According to Lougher, these performance numbers were gathered a number of years ago, with older versions of the code; newer numbers should be even better.

Previously, some kernel developers were resistant to adding another compressed filesystem to the kernel, so Lougher outlines a number of reasons that Squashfs is superior to cramfs. Certainly support for larger files and filesystems is compelling, but the fact that cramfs is orphaned and unmaintained will likely also play a role. In addition, Squashfs supports many more "normal" Linux filesystem features like real inode numbers, hard links, and exportability.

Morton had a laundry list of overall suggestions for making Squashfs better in the email referenced above, but documentation is certainly one of the areas that is somewhat lacking. In particular, Squashfs maintains its own cache, which puzzles Morton:

Why not just decompress these blocks into pagecache and let the VFS handle the caching??

The real bug here is that this rather obvious question wasn't answered anywhere in the patch submission (afaict). How to fix that?

Methinks we need a squashfs.txt which covers these things.

One of the reasons that Squashfs doesn't use the page cache is that it allows for multiple block sizes, from 4K up to 1M, with a default of 128K. Better compression ratios can be achieved with a larger block size, but that doesn't work well with the page cache as Jörn Engel notes: "One of the problems seems to be that your blocksize can exceed page size and there really isn't any infrastructure to deal with such cases yet."

Lougher has moved the code into a git repository, presumably in preparation to get it into linux-next. He notes that the CE Linux Forum has been instrumental in providing funding over the last four months to allow him to work on getting Squashfs into the mainline. With the additional testing that will come from being included in linux-next, it seems quite possible we could see Squashfs in 2.6.29.

Comments (13 posted)

Patches and updates

Kernel trees

Linus Torvalds Linux 2.6.28-rc2 ?
Andrew Morton 2.6.28-rc2-mm1 ?
Linus Torvalds Linux 2.6.28-rc1 ?
Greg KH Linux 2.6.27.4 ?
Greg KH Linux 2.6.27.3 ?
Greg KH Linux 2.6.26.7 ?
Greg KH Linux 2.6.25.19 ?

Architecture-specific

David Daney Add Cavium OCTEON processor support (v2). ?

Core kernel code

Keith Packard Adding kmap_atomic_prot_pfn (was: [git pull] drm patches for 2.6.27-rc1) ?
Joern Engel B+Tree library ?
Ulrich Drepper reintroduce accept4 ?
Rusty Russell work_on_cpu: helper for doing task on a CPU. ?
Mike Travis cpumask: Replace cpumask_t with struct cpumask ?
Manfred Spraul rcu-state ?
Dave Hansen Filesystem-based checkpoint ?

Development tools

Lai Jiangshan new probes manager ?
Johannes Berg Timer sync lock checking ?
Mathieu Desnoyers LTTng 0.44 and LTTV 0.11.3 ?
Steven Rostedt ftrace: function oprofiler ?
Steven Rostedt trace: profile likely and unlikely annotations ?
Tom Zanussi relay revamp v8 ?
Andy Whitcroft checkpatch: update to versoin 0.25 ?
Arnaldo Carvalho de Melo blktrace: conversion to tracepoints ?

Device drivers

Keith Packard Add io-mapping functions to dynamically map large device apertures ?
Jesse Barnes GTT mapping support for GEM ?
Ira Snyder net: add PCINet driver ?
John Linn [powerpc] GPIO: Adding new Xilinx driver ?
Trent Piepho OpenFirmware GPIO LED driver ?
Arjan van de Ven RFC: [PATCH] resource: ensure MMIO exclusivity for device drivers ?
Kuninori Morimoto Add ov772x driver ?
=?iso-8859-2?Q?Micha=B3_Miros=B3aw?= RFC: Driver for CB710/720 memory card reader (MMC part) - v3 ?

Filesystems and block I/O

Al Viro vfs patches ?
Al Viro bdev API series ?
Evgeniy Polyakov POHMELFS: the new release. Extended attributes. ?
Jan Kara 64-bit quotas and preparations for OCFS2 quotas ?
ngupta@google.com Priorities in Anticipatory I/O scheduler ?
npiggin@suse.de writeback data integrity and other fixes (take 3) ?
Theodore Ts'o ext4: Add support for non-native signed/unsigned htree hash algorithms ?
Phillip Lougher Squashfs: compressed read-only filesystem ?

Janitorial

Arjan van de Ven getting rid of __cpuinit ?
Marcin Slusarz Rename DECLARE_MUTEX to DEFINE_SEMAPHORE ?

Networking

Harvey Harrison printk: add %pM format specifier for MAC addresses ?

Security-related

Jari Ruusu Announce loop-AES-v3.2d file/swap crypto package ?
Eric Paris SECURITY: new capable_noaudit interface ?

Virtualization and containers

Eric W. Biederman netns: Coexist with the sysfs limitations ?
Bharata B Rao Add hierarchical accounting to cpu accounting controller ?
Serge E. Hallyn User namespaces: set of cleanups (v2) ?

Benchmarks and bugs

Rafael J. Wysocki 2.6.28-rc1-git1: Reported regressions from 2.6.27 ?
Rafael J. Wysocki 2.6.28-rc1-git1: Reported regressions 2.6.26 -> 2.6.27 ?

Miscellaneous

Frank Ch. Eigler notes for linux plumbers conference talk on systemtap ?
Stephen Rothwell linux-next: left over things in linux-next after 2.6.28-c1 ?
Pablo Neira Ayuso conntrack-tools 0.9.8 released ?
Jozsef Kadlecsik ipset-2.4.3 released ?
Hans de Goede libv4l release: 0.5.3 ?
Jackson Yee Testing Requested: Python Bindings for Video4linux2 ?
Daniel Lezcano New version 0.4.0 of the Linux Container ?

Page editor: Jonathan Corbet

Distributions

News and Editorials

DebXO for the XO laptop

By Rebecca Sobol
October 29, 2008
The XO laptop was developed for the One Laptop Per Child (OLPC) project. Two weeks ago the XO Software Release 8.2.0 was announced. This week the DebXO project has taken off, with the goal of providing a Debian-based alternative for the XO laptop. Work has been in progress for at least a couple of months, but versions 0.2 and 0.3 were announced this week.

As of this writing, Andres "dilinger" Salomon has released three versions, the debxo-latest symlink points to the latest release. According to the version 0.2 announcement DebXO has EXT3 images for booting from USB and/or SD; and while DebXO 0.1 only had a GNOME desktop, 0.2 includes KDE, LXDE, Sugar, Awesome and GNOME desktops. Version 0.3 provides some important bug fixes for problems found in 0.2.

This project is obviously still in its infancy, but it seems like a good start on an alternative for the XO laptop. If you have an XO and are interested in helping out you could start by testing the current versions. There is a git repository with the code, which has a web interface, or just use git clone to grab the code.

Comments (1 posted)

New Releases

Debian GNU/Linux 4.0 updated

The Debian project has announced the fifth update of it's stable distribution Debian GNU/Linux 4.0 (codename etch). "This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems. Please note that this update does not constitute a new version of Debian GNU/Linux 4.0 but only updates some of the packages included. There is no need to throw away 4.0 CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated."

Comments (none posted)

Fedora 10 Snapshot 3

Fedora has released the final snapshot before the devel freeze and subsequent preview release. It's available by torrent with only one known bug listed in the announcement (click below). Check it out and report any bugs you find.

Full Story (comments: none)

Ubuntu 8.10 release candidate available

The release candidate for the Ubuntu 8.10 "Intrepid Ibex" release is available. "We consider this release candidate to be complete, stable, and suitable for testing by any user." Final release is scheduled for October 30, so now would be a good time to try things out and find the remaining bugs.

Full Story (comments: 23)

Distribution News

Fedora

Fedora moves the X server

Testers of the Fedora 10 beta (or Rawhide) have recently noticed that the X server has been moved from its traditional home on virtual terminal 7 to VT1. This move, which has spawned a lengthy flame war (OK, two lengthy flame wars) is motivated by a desire to speed the boot process by avoiding the VT switch. It seems like a relatively small change, but our community has a strong sense of tradition, apparently.

Comments (49 posted)

Gentoo Linux

Gentoo Council meeting summary

Click below for a summary of the Gentoo Council meeting for October 23, 2008. There's a look at open bugs included in the summary.

Full Story (comments: none)

Mandriva Linux

International Mandriva Linux 2009 Install Fest

Mandriva is co-ordinating an international Install Fest for the new Mandriva Linux 2009 release, on November 22, 2008. If you are involved with a LUG or other community group and would be interested in running a local event as part of the Install Fest, Mandriva will provide professionally pressed One CDs and other material. Visit the Wiki page for details of how to organize an event in your area. There is also a list of confirmed events, so look for one in your area.

Comments (none posted)

SUSE Linux and openSUSE

Results of the 1st openSUSE Board Election

The results are in for the first community election of the openSUSE board. "The new board members are, from the Non-Novell side of the community Pascal Bleser and Bryen Yunashko and from the Novell side we have Henne Vogelsang and Federico Mena-Quintero. We are proud to announce that Michael Loeffler has been appointed by Novell as chairman of the new board." Click below for more information on the election, including the turnout (178 of 237 or 75%).

Full Story (comments: none)

Distribution Newsletters

Ubuntu Weekly Newsletter #114

The Ubuntu Weekly Newsletter for October 25, 2008 covers: Ubuntu 8.10 RC released, Intrepid Release Parties, Intrepid bug fixes, Pre-order Intrepid CDs, Spread Ubuntu Alpha 0.1, MOTU News, German UbuCon 2008, Ubuntu Maryland: New team website, BugJam Berlin, Interview with Dustin Kirkland, Ubuntu Podcast #10, Firefox removes license agreement from Ubuntu, Dell's Mini Issues Getting Bigger?, Interview with Jon Ramvi of the Ubuntu Eee project, Obama Ubuntu? Or a Hoax?, Team Meeting Summaries, Club-Ubuntu, and much more.

Full Story (comments: none)

OpenSUSE Weekly News/43

This issue of the OpenSUSE Weekly News looks at openSUSE Build Service Webclient Survey Started, Development Release: openSUSE 11.1 Beta 3 Now Available, We want YOU - for openSUSE Weekly Newsletter, People of openSUSE: Henne Vogelsang, and much more.

Comments (none posted)

Fedora Weekly News #149

This issue of the Fedora Weekly News covers Fedora 10: Features & Final Development Freeze, Planet Fedora articles Events & Trip Reports and Tech Tidbits, developments in R, libtool, the Livna migration to RPM Fusion, and much more.

Full Story (comments: none)

DistroWatch Weekly, Issue 276

The DistroWatch Weekly for October 27, 2008 is out. "One of the busiest and most exciting periods of the year for most Linux distribution watchers is here. Yes, it's the Ubuntu release week! For many, this will likely mean unreachable web sites, busy download servers, overworked BitTorrent clients, and hundreds of first-look reviews and screenshot tours all over the Internet. Stay tuned as we bring you all the exciting announcements. In the news section, Fedora finalises the feature list for the upcoming release of version 10, openSUSE explains the complexities of its distribution's release process, Mandriva announces plans for a worldwide install party, and DesktopBSD ponders an upgrade to KDE 4. And speaking about KDE 4, what is your opinion about the quality, stability and features of the popular desktop's latest version? Some people love it, while others can't stand it, but one thing is sure - thanks to the variety of distributions on the market, we can always find that perfect solution for our needs."

Comments (none posted)

Interviews

Interview: Fedora 10's Better Startup (Fedora Magazine)

Fedora Magazine has an interview with Adam Jackson and Ray Strode about the cleaner graphical booting that is coming in Fedora 10. "Not only is X not especially fast to initialize on its own (although better now than it was), but due to the design of rhgb, all of init would pause until X came up. For F9 we tried to fix this by launching X sort of in parallel with the rest of init and queueing up console messages until the vte widget was ready. This never really worked right either, partly because it's just too hard to get all the corner cases right, fsck failing and so forth. We also kept running into race conditions with the tty layer where the kernel would deadlock between the rhgb X server coming down and the gdm X server coming up. Eventually we just punted, reverted back to more or less the rhgb we shipped in F8, and resolved to drop it from F10." (Thanks to Rahul Sundaram).

Comments (13 posted)

Distribution reviews

First look: OpenSUSE 11.1 beta 3 very promising (Ars Technica)

Ars Technica has a review of openSUSE 11.1 beta 3. "Although OpenSUSE doesn't provide quite the same level of polish and simplicity as Ubuntu, it does offer some compelling advantages. OpenSUSE's unbeatable Mono integration is a big win for many software developers, and the distribution also has great support for desktop search integration via the Beagle indexing system. The OpenSUSE KDE environment is among the best, which is why we have typically used OpenSUSE as our reference platform for KDE testing. The 11.1 release is looking really sharp and continues to play to those strengths."

Comments (none posted)

Page editor: Rebecca Sobol

Development

Digitizing Vinyl Records with Audacity

By Forrest Cook
October 28, 2008

The Audacity sound editor is an excellent application with many uses. Your author recently started working on a long-term project to convert the better parts of his ancient vinyl phonograph record collection to FLAC files so that they could be added to his digital audio library. Audacity was chosen to do the audio recording and processing work.

Prior to undertaking such a project, one must first assemble the appropriate equipment. An older desktop computer with an Athlon 2500 processor and 500MB of RAM was used for the computing platform. Besides a sufficiently powerful CPU, the second most important piece of hardware is a decent sound card. An M-AUDIO Delta 44 was chosen. Standard sound cards should also work, but the Delta 44 has higher quality A-D converters that are mounted external to the computer for lower noise. The Ubuntu Studio distribution was used on the machine, although any current Linux distribution should work.

The turntable is an ancient Technics SL-D3 and a Pioneer SX-780 receiver is used as the phono preamp. One of the Tape Record Outputs from the Pioneer receiver is fed into the Delta 44 sound card with an appropriate set of adapter cables. The turntable's tracking weight, anti-skid settings and platter speed should all be adjusted appropriately. One of the new USB turntables could probably be used here if you don't already have access to the legacy hardware.

The Audacity sound editor needs to be set up by entering the Edit->Preferences menu, the audio quality was set to 44,100 Hz sampling at 16 bits (standard CD quality). Depending on your needs, other sample rates can be used. One of the more important configuration steps involves making sure the Software Playthrough button in the Audio I/O preference window is deselected. On this particular machine, enabling Software Playthrough results in audible sample loss on the recording. Audio monitoring is done through the Pioneer receiver. The audio meter should be enabled on the main Audacity window and the GNOME ALSA sound mixer is used to set the sound card input levels. The machine is now ready to record.

[Audacity]

It is a good idea to make a few test recordings on various album tracks to set the sound card's input level adjustment. A loud track should be played and the input level should be adjusted to achieve fairly high readings on the meter without any clipping.

Unless you only need to extract one track, it is best to record an entire album side in one pass. Recording should be enabled prior to setting the needle on the record, and disabled after the needle has been lifted. Be sure to use an appropriate record cleaner on the disc to get rid of any dust particles.

When an album side has been successfully recorded and the levels look reasonable, it is time to do some trimming. Listen to the beginning of the recording with the volume up a bit, At some point the sound will probably begin with a fade in. Select the audio from the beginning of the recording, past the initial pop from the needle landing in the groove, and ending a few seconds before the first track starts. Delete the selection with Edit->Delete. Next, select from the new beginning to where the sound begins. Use Effect->Fade In to make a smooth transition from quiet to the beginning of the audio. Perform a similar edit at the end of the album side. Delete everything from a few seconds beyond the last sound to the end of the recording and put a Fade Out at the end of the side.

If your album has a few clicks and pops, now is the time to remove them. Select the entire recording with Edit->Select->All and de-click with Effect->Click Removal. The default click filter settings seem to work fairly well.

The next step involves putting labels at the beginning of each song, assuming the album's material is not one long track. First, create a label track with Tracks->Add New->Label Track. Hit the << rewind button and type Control-B, this puts a label at the beginning of the recording. Move through the album side and put more labels at the middle of each song transition. It is a good idea to zoom in and put the label on a wave zero-crossing point to prevent clicks at the beginnings of individual tracks. If you zoom in, you can often see a change in wave patterns that is left over from the master tape splice. The recording should now look something like the first frame of the Audacity Images.

It is a good idea to listen carefully to the entire recorded album side. If the recording has any obnoxiously loud clicks and pops that weren't removed with the Click Removal step, Audacity can smooth them out. To smooth out a click, locate the offending waveform by playing and pausing, then zoom in multiple times until the click is visible. Select a small region around the click (< 128 samples) and use Effect->Repair to smooth out the waveform. Zoom out and play the area where the click removal was performed to verify the operation. Audacity is very forgiving, if you don't like the results of the click removal or make another type of mistake, Edit->Undo will reverse most operations. An example Repair operation is shown in the Audacity Images.

At this point, it is time to split the album side into individual audio files. Select File->Export Multiple, chose the desired export format such as WAV, select Split files: based on labels and Name files: Numbering consecutively. Click the Export button and click Audacity will render the individual track files. Audacity can create .mp3 and .flac files at this point, or that can be done at a later time. At this point, you exit Audacity and save any edit information if you think you will need to work on the recording later.

The same operations are performed on the B-side of the record. Your author likes to use a short BASH script to rename the Audacity-generated file names to his own name scheme. The track files are all grouped together in one directory, converted to FLAC format with the command FLAC *.wav. A meta-data text file is created with digitizing notes, track titles and any other information that you wish to save. Lastly, all of the files are played one more time to verify that there are no problems. The original album side tracks can now be safely deleted to reclaim some disk space.

With enough editing effort, it is possible to make a digital copy of a vinyl record that sounds better than the original. Performing all of the above steps on a large collection of albums is a big undertaking, but the reward comes in turning a hard to play discrete music library into an easy to play digital library.

For furthur information on this topic, see the followup article.

Comments (9 posted)

System Applications

Audio Projects

Rivendell 1.1.0 released

Version 1.1.0 of Rivendell has been announced. "Rivendell is a full-featured radio automation system targeted for use in professional broadcast environments. It is available under the GNU General Public License." Several new capabilities have been added in this release.

Full Story (comments: none)

Database Software

MySQL 5.1.29-rc has been released

Version 5.1.29-rc of the MySQL DBMS has been announced. "We are proud to present to you the MySQL Server 5.1.29-rc release, a new "release candidate" version of the popular open source database. Bear in mind that this is still a "candidate" release, and as with any other pre-production release, caution should be taken when installing on production level systems or systems with critical data."

Full Story (comments: none)

MySQL 6.0.7 Alpha has been released

Version 6.0.7 Alpha of the MySQL DBMS has been announced. "MySQL 6.0 includes two new storage engines: the transactional Falcon engine, and the crash-safe Maria engine."

Full Story (comments: none)

PostgreSQL Weekly News

The October 26, 2008 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

sqlmap: 0.6.1 released (SourceForge)

Version 0.6.1 of sqlmap has been announced, it includes new features and bug fixes. "sqlmap is an automatic SQL injection tool. Once it detects a SQL injection on the target host you can perform an extensive back-end DBMS fingerprint, enumerate users, password hashes, privileges, databases, dump DBMS tables/columns and much more."

Comments (none posted)

Networking Tools

IPtables-tng version 2.1 for kernel-2.6.25.* released (SourceForge)

Version 2.1 of IPtables-tng has been announced. "iptables-TNG (The Next Generation of iptables) An environment that can use from different packet classification algorithm (eg. tuple) to support large rulesets (more than 10,000 rules) for high bandwidth networks. New release of iptables-tng for kernel-2.6.25 and iptables-1.4.1 is ready."

Comments (none posted)

Printing

CUPS 1.4b1 released

Version 1.4b1 of CUPS, the Common Unix Printing System, has been announced. "The first beta release of CUPS 1.4 is now available from: http://www.cups.org/software.php The new release adds over 65 changes and new features to CUPS 1.3.x."

Comments (none posted)

Web Site Development

Upcoming Django releases

The Django web development platform project has announced the upcoming release schedule. "With Django 1.0 out the door and a successful inaugural DjangoCon behind us, it's time to look ahead to the future, which includes two releases: * Django 1.1, currently targeted for release in March 2009. * Django 1.0.1, currently targeted for release next month."

Comments (none posted)

Miscellaneous

DebXO 0.3 released

Version 0.3 of DebXO, a Gnome/Debian distribution for the OLPC XO laptop, has been announced. "Here's a (mostly) bugfix release of DebXO. There was a nasty bug related to JFFS2 and kernel upgrades in 0.2; this release fixes it."

Full Story (comments: none)

Desktop Applications

Animation Software

PySwfdec 0.8.0 announced

Version 0.8.0 of PySwfdec has been announced, it features an API update and improved documentation. "Swfdec is the library for decoding and rendering Flash animations. It is still in heavy development. The intended audience are developers or people using it for pretested Flash animations (think embedded here). If you use it on unknown content, expect it to have issues and don't be surprised if it crashes. If you encounter such a crash however, make sure to file a bug immediately. PySwfdec is a wrapper which exposes the Swfdec API to the python world."

Full Story (comments: none)

synfig 0.61.09 released

Version 0.61.09 of synfig, a vector-based 2D animation package, has been announced. "Synfig version 0.61.09 was released on October 21st 2008. It is the result of several months of contributions by the free software community. It has security fixes, far fewer bugs, several usability enhancements, a few new features and other improvements."

Full Story (comments: none)

Audio Applications

Ardour 2.6.1 released

Version 2.6.1 of the Ardour multi-track audio workstation system has been announced. "A bit sooner than expected, we have a fix for one very notable and ugly bug that was still affecting 2.6 (plugin automation tracks would be drawn in the wrong place on the screen). As a result, Ardour 2.6.1 is now available."

Comments (none posted)

Audacity 1.3.6 released

Version 1.3.6 of the Audacity audio editor has been announced. "This release highlights exciting new capabilities developed by our students in Google Summer of Code (GSoC) 2008: * FFmpeg support (downloadable separately) permits import and export of a much wider range of file formats, including WMA, M4A and AC3, plus import of audio from video files * On-demand loading of uncompressed files eliminates the wait before files can be played or edited * Linked audio and label tracks allow labels to move with their corresponding audio when cutting, pasting or changing speed or tempo * Hierarchical plug-in grouping for built-in plug-ins".

Comments (none posted)

Business Applications

Announcing Sarasvati Workflow

The Sarasvati project has been announced. "Sarasvati is an open source workflow/business process management engine for Java and Haskell. It is currently in beta, and is already suitable for use in many projects."

Full Story (comments: none)

Desktop Environments

GNOME Software Announcements

The following new GNOME software has been announced this week: You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week: You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

Xorg Software Announcements

The following new Xorg software has been announced this week: More information can be found on the X.Org Foundation wiki.

Comments (none posted)

Desktop Publishing

LyX version 1.6.0 RC4 and RC5 released

Versions 1.6.0 RC4 and RC5 of LyX, a GUI front-end for the TeX typesetter, have been announced. "LyX 1.6.0 will be the culmination of 14 months of hard work since the release of the LyX 1.5 series. We sincerely hope you will enjoy the result. As usual with a major release, a lot of work that is not directly visible has taken place. The core of LyX has seen more cleanups and some of the new features are the direct results of this work."

Full Story (comments: 1)

Electronics

Announcing the GECKO3 System-on-Chip Co-Design Environment

OpenCollector.org has announced the GECKO3 System-on-Chip Co-Design Environment. "The GECKO system is a general purpose hardware/software co-design environment for real-time information processing or for system-on-chip (SoC) solutions. The GECKO system supports a new design methodology for system-on-chips, which necessitates co-design of software, fast hardware and dedicated real-time signal processing hardware."

Comments (none posted)

GUI Packages

pyFltk 1.1.3 has been released.

Version 1.1.3 of pyFltk has been announced. "This is a maintenance release of pyFltk, supporting fltk-1.1.9 and Python2.6. Changes include various bug fixes, and added wrappers for add_fd and remove_fd. PyFltk is a Python wrapper for the fltk GUI toolkit, allowing for the simple and easy creation of GUIs from Python. Supported platforms include Windows, Unix, Mac."

Full Story (comments: none)

Interoperability

Wine 1.1.7 announced

Version 1.1.7 of Wine has been announced. Changes include: "Improved device management for DOS drives, Many Richedit fixes, Various installer fixes, particularly for IE 7, First steps of Direct3D 10 implementation and Various bug fixes."

Comments (none posted)

Multimedia

Elisa Media Center 0.5.16 released

Version 0.5.16 of Elisa Media Center has been announced. "This release brings its usual lot of bug fixes and introduces new features, some of which were long awaited. Here are the main highlights: - Search videos in Youtube - Same level of support for subtitles in Linux and Windows - Updated Polish and Italian translations."

Full Story (comments: none)

Office Suites

KOffice 2.0 Beta 2 released (KDE.News)

Version 2.0 Beta 2 of KOffice has been announced. "The KOffice Team has announced the release of KOffice version 2.0 Beta 2, the second beta version of the upcoming version 2.0. The goal for the second beta is to show progress made since beta 1, as well as to gather feedback from both users and developers on the new UI and underlying infrastructure."

Comments (none posted)

Digital Photography

Caliph and Emir: Lire 07 released (SourceForge)

Version 0.7 of Lire has been announced. Lire is part of Caliph and Emir: "Java & MPEG-7 based tools for annotation and retrieval of digital photos and images, supporting semantic annotation and content based, meta-data based and semantic image retrieval. The sub project Lire offers a library for content based image retrieval. Lire 0.7 is a major release fixing a lot of bugs and introducing several new features including new descriptor, a simplified way to use descriptors by introducing new generic searchers and indexers as well as an generalized interface for image descriptors."

Comments (none posted)

Video Applications

Theora 1.0 RC2 announced

Version 1.0 RC2 of Theora, a video CODEC, has been announced. "Apologies are in order for the delay in getting 1.0 Final out, but the big word in the 1.0 release is STABILITY. The core team has found some last minute bugs that needed ironing out and they are being taken care of. In spite of this, we are close to see a proper release very soon and, as a stop-gap, all the latest developments have been collected into a new Release Candidate which you are invited to try."

Full Story (comments: 2)

Languages and Tools

Perl

Parrot 0.8.0 released

Version 0.8.0 of Parrot has been announced, it includes some new features and bug fixes. "On behalf of the Parrot team, I'm proud to announce Parrot 0.8.0 "Pareto Principle." Parrot is a virtual machine aimed at running all dynamic languages."

Full Story (comments: none)

Python

NumPy 1.2.1 released

Version 1.2.1 of NumPy, a package for scientific computing with Python, has been announced. "This bugfix release comes almost one month after the 1.2.0 release. Please note that NumPy 1.2.1 requires Python 2.4 or greater."

Full Story (comments: none)

Python-URL! - weekly Python news and links

The October 27, 2008 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

IDEs

Pydev 1.3.23 released

Version 1.3.23 of Pydev has been announced, it adds new capabilities and bug fixes. "PyDev is a plugin that enables users to use Eclipse for Python and Jython development -- making Eclipse a first class Python IDE -- It comes with many goodies such as code completion, syntax highlighting, syntax analysis, refactor, debug and many others."

Full Story (comments: none)

Pydev 1.3.24 Released

Version 1.3.24 of Pydev and Pydev Extensions have been announced. "This is a high-priority release to fix some blocker bugs (that's why it was released in such a short time from the last release)".

Full Story (comments: none)

Version Control

Announcing repo - the multiple Git repository tool

Shawn O. Pearce has announced the release of repo, the multiple Git repository tool. "repo is a Python application to bind together Git repositories, something like "git submodule", except it can track a project's branch rather than a specific Git commit. repo is also able to natively import a tarball or zip file and use it to initialize a repository from an upstream source, then apply git based changes on top of that tarball. In other words, repo is (more or less) built to manage an OS distribution, in Git."

Full Story (comments: none)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

Debunking Google's security vulnerability disclosure propaganda (CNet)

Chris Soghoian takes Google to task for its security policy in this CNet article. "Question: You're a multibillion dollar tech giant, and you've launched a new phone platform after much media fanfare. Then a security researcher finds a flaw in your product within days of its release. Worse, the vulnerability is due to the fact that you shipped old (and known to be flawed) software on the phones. What should you do? Issue an emergency update, warn users, or perhaps even issue a recall? If you're Google, the answer is simple. Attack the researcher."

Comments (2 posted)

Trade Shows and Conferences

GNOME usability hackfest (here be dragons)

Mark Shuttleworth covers the GNOME usability hackfest. "The GNOME user experience hackfest in Boston was a great way to spend the worst week in Wall St history! Though there wasn't a lot of hacking, there was a LOT of discussion, and we covered a lot of ground. There were at least 7 Canonical folks there, so it was a bit of a mini-sprint and a nice opportunity to meet the team at the same time. We had great participation from a number of organisations and free spirits, there's a widespread desire to see GNOME stay on the forefront of usability."

Comments (4 posted)

A year since Microsoft's EU appeal failed

Samba's Andrew Bartlett has written a report on recent Samba/Microsoft interoperability events. "Over the 2 weeks at the end of September 2008, I attended two interoperability events in the US, one in Santa Clara and another on Microsoft's campus in Redmond. This has been an amazing year of changes for those of us with an interest in interoperability with Microsoft, and these two events are an excellent example of the change in practice. In short, Microsoft organised an industry plug fest for CIFS and AD technologies and then invited the Samba Team to it's home campus for a week of hands on testing with their engineers. This follows up on documentation of over 100 protocols delivered, well over 100 requests for clarification answered, Samba code debugged and fortnightly conference calls held." (Thanks to Rahul Sundaram).

Comments (5 posted)

Companies

Amazon's Linux cloud computing out of beta, joined by Windows (cnet)

cnet reports on the latest Elastic Compute Cloud developments from Amazon. "The Elastic Compute Cloud, a service that gives customers on-demand access to Linux servers, is now out of beta testing, said Jeff Barr, evangelist for the collection of online options collectively called Amazon Web Services. "Amazon EC2 is now in full production," Barr said in a blog post Thursday. And as promised, EC2 now offers Windows in a beta test, joining Sun Microsystems' OpenSolaris and Solaris Express Community Edition. Along with those moves, EC2 now comes with a service level agreement, a formal commitment that the service will be available at least 99.95 percent of the time."

Comments (2 posted)

Mac Clone Maker Psystar Offers $299 Linux PC (Information Week)

Information Week reports that Psystar is now selling an Ubuntu-loaded PC. "Mac clone manufacturer Psystar, which has been sued by Apple for copyright violation, isn't putting all its eggs in the Mac OS market. The Miami-based system integrator has introduced a Linux-based personal computer that sells for just $299. Psystar's OpenLite system ships with the Ubuntu Linux desktop preinstalled, running on a 1.8-GHz Intel Celeron chip with integrated graphics support. Upgrading to a dual-core Pentium chip costs an additional $40. "With unparalleled affordability, this computer can bring Windows computing into every home and office," Psystar boasts on its Web site, even though the system runs Linux, not Microsoft Windows."

Comments (9 posted)

Interviews

Fellowship interview with Rolf Camps (Fellowship of FSFE)

The Free Software Foundation Europe has an interview with Rolf Camps about translating, volunteering, and awareness of Free Software in Belgium. "COR: I see the homepage is in 25 languages, but most of the rest of the pages are in 5 or 10. So how can we get more translators involved? Rolf Camps: The visible banner is good. That's how I got the idea to volunteer. But one problem is that after I translate a page, the banner disappears. We're still looking for Dutch translators, but the more work I do, the less chance we have to find new translators. There's a mention in the left-hand menu, but maybe we can think of more ways to publicise this need."

Comments (none posted)

Resources

Shut down idle computers on your network automatically (IBM developerWorks)

Nathan Harrington discusses. automating remote shutdowns for power savings on IBM developerWorks. "Recent pushes for "green" technology focus mostly on talk, with little action for the typical home- or small-office environment. Many users leave their systems online continuously through laziness or ignorance, resulting in a significant source of power consumption, as well as an additional vector for malware propagation. The tools and code presented here allow you to find those inactive systems and securely start the shutdown process. With a Linux® box monitoring your network connections using Argus and some custom Perl code, any system that supports Perl can be set to be remotely shut down when a centralized set of inactivity rules are met."

Comments (13 posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

EFF Marks 10th Anniversary of DMCA with Report on Law's Unintended Consequences

The Electronic Frontier Foundation has announced the availability of Unintended Consequences: Ten Years under the DMCA. From the announcement (click below): "Ten years ago Tuesday, the Digital Millennium Copyright Act (DMCA) was signed into law. In a report released to mark the anniversary, the Electronic Frontier Foundation (EFF) documents the ways in which this controversial law has harmed fair use, free speech, scientific research, and legitimate competition."

Full Story (comments: none)

Commercial announcements

CadSoft releases Eagle 5.3

CadSoft has released version 5.3 of their Eagle printed circuit CAD application. This release adds some new capabilities and bug fixes. See the What's new document for details.

Comments (none posted)

CodeWeavers announces CrossOver Linux 7.1 and CrossOver Mac 7.1

CodeWeavers has announced the availability of version 7.1 of CrossOver Linux and CrossOver Mac. "This version is largely a bug fix version; it particularly has a range of fixes for Microsoft Office, notably Outlook 2007."

Full Story (comments: none)

Gumstix announces the miniature Overo Earth Linux platform

Gumstix, Inc. has announced the availability of its $149 miniature Overo Earth motherboard. "At only 17mm x 58mm x 4.2mm in size, the Overo(TM) Earth motherboard gives open source innovators access to the industry's highest performance, generally available ARM(R)-based platform in the tiniest, lowest cost Linux computer available. Gumstix, Inc. today announced the general availability of its Overo Earth motherboard that is based on the Texas Instruments (TI) OMAP3503 applications processor."

Comments (2 posted)

IBM launches System z10 Business Class mainframe

IBM has announced the Linux-based IBM System z10 Business Class server. "This is the technology for any business that wants to ramp up innovation, boost efficiencies and lower costs—pretty much any enterprise, any size, any location. This is a new mainframe technology for a new kind of data center—resilient, responsive, energy efficient—the new enterprise data center."

Comments (none posted)

Open-Xchange introduces new collaboration server appliance

Open-Xchange has announced a new collaboration server appliance, the Open-Xchange Appliance Edition. "Open-Xchange, the leading provider of open source groupware, today announced a new offering for small- and medium-size businesses (SMBs) seeking easy-to-use, easy-to-deploy e-mail and collaboration software that is a cost-effective alternative to Microsoft Exchange -- with an initial cost of less than $70 per user annually."

Full Story (comments: none)

rPath helps close the application deployment gap

rPath has announced a new initiative: "rPath today launched its initiative to close the application deployment gap, proposing a lifecycle management approach for enterprise application virtualization that combines deployment speed and control. The rPath initiative is detailed in the just-released white paper, "Closing the Gap Between Apps and Ops: Leveraging Application Virtualization and Cloud Computing to Accelerate Business Value," available for download at http://www.rpath.com/corp/closing-the-gap."

Full Story (comments: none)

Silicon Graphics launches EventVUE

Silicon Graphics, Inc. has announced the launch of EventVUE. "Silicon Graphics, Inc. today announced the availability of EventVUE(TM), its new real-time visual solution for Complex Event Processing (CEP). EventVUE software blends the company's uniquely scalable Intel(R)- and Linux(R)-based servers, storage, and visualization solutions with its real-time software extensions to Linux and years of professional services expertise in creating immersive Reality Center(R) visual environments."

Comments (none posted)

WIN announces desktop networking platforms

WIN has announced some new desktop networking platforms. Win... "announces the PL-10540 and PL-10550 desktop platforms that feature the Intel EP80579 Integrated Processor with Intel QuickAssist Technology. The EP80579 is the Intel system-on-chip (SoC) purpose-built for the embedded and communications market with highly-integrated security features. The new WIN Enterprises platforms are designed for SOHO/SMB network management and network security applications, such as firewall, VPN, anti-spam, anti-virus, and intrusion detection & prevention."

Full Story (comments: none)

New Books

Advanced Software Testing, Vol. 1--New from Rocky Nook

Rocky Nook has published the book Advanced Software Testing, Vol. 1 by Rex Black.

Full Story (comments: none)

Algorithms in a Nutshell - New from O'Reilly

O'Reilly has published the book Algorithms in a Nutshell by George T. Heineman, Gary Pollice, and Stanley Selkow.

Full Story (comments: none)

The Best of Instructables--New from O'Reilly

O'Reilly has published the book The Best of Instructables by the Editors of MAKE magazine.

Full Story (comments: none)

MediaWiki - New from O'Reilly

O'Reilly has published the book MediaWiki by Daniel J. Barrett.

Full Story (comments: none)

Resources

FSFE Newsletter

The October 27, 2008 edition of the FSFE Newsletter is online with the latest Free Software Foundation Europe news. Topics include: "The GNU's 25th Birthday in Berlin, Germany, The smallest unit of freedom: A Fellow - Sean Daly, Reach the people - Software Freedom Day in Berlin, Vienna and Utrecht, Fellowship events throughout Europe, Free Software for World Bank financed projects, Freedom Task Force activites - GPLv3 in The Netherlands, panels in Italy and speeches in Berlin and Winterthur, and European Legal Network special interest group meetings in London and Brussels."

Full Story (comments: none)

ODBMS.ORG publishes more user reports and the Blaha paper.

ODBMS.ORG has announced the publication of more user reports and the Blaha paper. "ODBMS.ORG, a vendor-independent non-profit group of high-profile software experts lead by Prof. Roberto Zicari, today announced the exclusive publication of a third series of new user reports on using technologies for storing and handling persistent objects and a new paper by ODBMS.ORG panel member Michael Blaha."

Full Story (comments: none)

Meeting Minutes

Perl 6 Design Minutes (use Perl)

The minutes from the October 22, 2008 Perl 6 Design Meeting have been published. "The Perl 6 design team met by phone on 22 October 2008. Larry, Patrick, Allison, Will, Jerry, Jesse, Nicholas, and chromatic attended."

Comments (none posted)

Calls for Presentations

Camp KDE 2009: Call for Presentations and Sponsorship (KDE.News)

Camp KDE 2009, to be held January 17-23 in Negril, Jamaica, has released it's calls for sponsorship and presentations as described by KDE.news. "We are excited to continue the momentum of KDE interest shown at the 2008 KDE 4.0 Release Event in California." A description of Camp KDE from it's website: "This event is not designed to compete with Akademy , which usually takes place in Europe, but is designed to complement it by being 6-months opposite on the calendar, and on the other side of the globe. There will be some overlap between those that attend this event and Akademy, but hopefully this event will allow people from the Americas to attend that don't normally get the chance to go to Akademy."

Comments (none posted)

PyCon 2009 - Call for tutorials nearing the end

The PyCon 2009 Call for tutorials closes soon. "The period for submitting tutorial proposals for Pycon 2009 (US) is open and will continue through Friday, October 31th. This year features two "pre-conference" days devoted to tutorials on Wednesday March 25 & Thursday March 26 in Chicago."

Full Story (comments: none)

Upcoming Events

LAC 2009 announced

The Linux Audio Conference 2009 will take place on April 16-19 2009 in Parma, Italy. "The LAC will go outside Germany for the first time, but we will keep close to the familiar four-day format with paper presentations, workshops, electro-acoustic music concerts, and the Linux Sound Night. The website is being created, and 'calls for everything' will be issued before the end of this week."

Full Story (comments: none)

OSDC 2008 Earlybird registration closing this Friday

Early Bird registration for OSDC 2008 closes on October 31. "Book by THIS FRIDAY to take advantage of earlybird pricing and be part of the "best" open source developers conference of the year." OSDC 2008 takes place in Sydney, Australia on December 2-5.

Full Story (comments: none)

Events: November 6, 2008 to January 5, 2009

The following event listing is taken from the LWN.net Calendar.

Date(s)EventLocation
November 3
November 7		 ApacheCon US 2008 New Orleans, LA, USA
November 5
November 7		 OpenOffice.org Conference 2008 Beijing, China
November 6 NLUUG autumn conference: Mobile Applications Ede, Netherlands
November 6
November 7		 Embedded Linux Conference Europe 2008 Ede, Netherlands
November 7
November 8		 TwinCity Perl Workshop 2008 Vienna, Austria
November 7
November 9		 UKUUG linux conference Manchester, UK
November 8
November 9		 Hackers to Hackers Conference 05' Sao Paulo, Brazil
November 8
November 9		 FOSS.my Kuala Lumpur, Malaysia
November 10
November 14		 Python Bootcamp with Dave Beazley Atlanta, GA, USA
November 11
November 14		 DeepSec IDSC 2008 Vienna, Austria
November 12
November 14		 php|works 2008 Atlanta, GA, USA
November 12
November 13		 PacSec Applied Security Conference Tokyo, Japan
November 13
November 14		 International Hacking and Security Conference Seoul, Korea
November 14
November 16		 OpenSQL Camp 2008 Charlottesville, VA, USA
November 16
November 20		 Middle East IT Security Conference Dubai, UAE
November 19
November 20		 Linux Foundation Japan Symposium Tokyo, Japan
November 20
November 21		 FreedomHEC Taipei 2008 Taipei, Taiwan
November 22 The phpnw08 conference Manchester, UK
November 22 PGDay Rio de la Plata Buenos Aires, Argentina
November 22 Mandriva 2009 Installfest Everywhere, World
November 25
November 29		 FOSS.IN 2008 Bangalore, India
November 25
November 30		 make art 2008 Poitiers, France
November 28 Informazione geografica aperta e libera Pontedera (PI), Italy
November 28
November 29		 WhyFLOSS La Plata - Argentina La Plata, Argentina
November 29 LinuxDay in Vorarlberg (Deutschland, Schweiz, Liechtenstein und Österreich) Dornbirn, Austria
December 1 First Nuxeo Developer Day Paris, France
December 1
December 2		 Open World Forum Paris, France
December 2
December 5		 Open Source Developers' Conference 2008 Sydney, NSW, Australia
December 4
December 7		 PIKSEL08 - code dreams Bergen, Norway
December 5
December 6		 FOSSCamp Mountain View, CA, USA
December 5
December 13		 International Joint Conferences on Computer, Information, and Systems Sciences, and Engineering Online
December 7
December 12		 Computer Measurement Group Conference 2008 Las Vegas, NV, USA
December 8
December 12		 Ubuntu Developer Summit Mountain View, CA, USA
December 8 Forum PHP Paris 2008 Paris, France
December 10
December 11		 First Workshop on I/O Virtualization San Diego, CA, USA
December 13 NLLGG meeting/BSD Community Day Utrecht, The Netherlands
December 27
December 30		 Chaos Communication Congress Berlin, Germany

If your event does not appear here, please tell us about it.

Mailing Lists

fedora-wiki list for wiki users and contributors

The Fedora project has announced the fedora-wiki mailing list. "A new moderate-traffic mailing list for users and contributors of the Fedora Project Wiki has been set up. Among the discussions will be policy, announcements, and editing tips. The list has been created to bring together the wider wiki community split apart between different sub-projects of Fedora."

Full Story (comments: none)

Audio and Video programs

EnterpriseDB announces "Database Radio" podcast series

EnterpriseDB has announced its "Database Radio" podcast series. "Today, EnterpriseDB, the leading enterprise open source database company, announced Database Radio, its new podcast series featuring interviews with industry experts covering a variety of contemporary database topics, including open source database strategies, information scalability and reliability, online transaction processing, and database replication."

Comments (none posted)

Page editor: Forrest Cook


Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds