LWN.net Weekly Edition for October 30, 2008
Directions for GNOME 3.0
Earlier this year at the Gnome Users and Developers Conference, it was announced that there would be a Gnome 3.0 and discussions about how to make the transition are now open. Since then, there has been another gathering of Gnome developers, discussing and making plans about how they would like to modernize the interface. Over the past few days, a number of blog posts have appeared on Planet Gnome discussing some of the happenings at this five day event, and I felt a summary of the ideas so far might be useful to everyone concerned.
The Journal
The idea that has perhaps received the clearest exposition, along with some concrete work on beginning to make it a reality, is a refreshed way to handle day to day file management based on the OLPC's journal concept. Federico Mena-Quintero posted to his blog reporting his teams brainstorming session. What's wrong with how we handle file management today? Federico says:
So, programs contribute to having files scattered around everywhere, and there is no easy way to look at everything together.
To solve this problem, they began from the premise that humans are
fairly good at knowing when they did things: "I started typing my
homework last Monday, because I knew it was due on my Thursday class"
and "I mailed you that photo two weeks ago, right after my birthday
party" were the examples given. From here, the argument is that if we
can present users with a journal view of what they did, they can
forget about where they put a file and just browse through a time line
to find what they were looking for.
The journal would not only keep track of files you created, but websites you visited, IM conversations you had, and even allow you to make notes about particular entries. An example of this final kind of functionality might be noting down reference numbers from receipts or customer service representatives.The other two major features of the journal would be the ability to star important items, so they're kept in a separate section, along with the ability to create files from directly within the journal, allowing it to act as a kind of scrap book.
As well as Federico's own proof of concept implementation, you can also find similar ideas in Mayanna's timeline, a fork of Gimmie, and the Nemo file manager.
Task Orientation
This post didn't arise out of the User Experience Hackfest, but from GUADEC earlier in the year. Karl Lattimer has posited that the application centric workflow is broken, and that people don't use a computer with the intention of using a particular application, but with the intention of completing a particular task. Obviously tasks rarely stand on their own, but often form part of a larger project.
Karl comments that he believes Federico is making moves in the right direction with the journal, providing users with the capacity to track what they did and when - perhaps a kind of project management framework - but he believes that we also need to provide users with the ability to track why things were done, gathering metadata about the tasks and building a picture of the relationships between them. The example he uses is that of an email received from a colleague asking us to update a file by a certain deadline: from this we could extract the file, the deadline, who sent it to us, and possibly even what needs doing to the file, all of which could be fed into the journal or other interface. This obviously has some practical challenges when it comes to considering how it could be implemented, but if realized could deliver an automated task list that's closely linked with templates for commonly performed tasks, doing away with the idea of static workspaces and applications for ever.
Karl sums up his thoughts nicely in this paragraph:
The Desktop Shell
During this hackfest session, the team tried to forget about the current Gnome interface and focus on what makes sense for users; ironically, Vincent Untz decided to start his post, about how the team forgot about the current Gnome interface, with some observations of the current Gnome interface. The problems he identified in the current interface were four-fold. Firstly, finding the window you want can be difficult when using the default applet, particularly if you have more than a few windows open, and particularly if you have a smaller screen. Secondly, few people make use of the multiple workspaces idea, largely because they were just unaware of their existence. Thirdly, application menus are a slow and inefficient way to open up new applications; some take advantage of launchers or the run dialog to improve on this, but most don't know how to do this. And finally, the current panel is certainly very powerful, but its power is wasted in unneeded flexibility such as being able to position the panel in the middle of the screen.
Perhaps the most controversial proposal to fix these problems so far is to restrict Gnome to a single static panel: by removing one panel we'd be saving valuable screen real estate, and by having a layout we can depend on we'd be able to use "hot corners" more effectively, allowing users to easily set their presence, as well as to launch a new "activities overlay mode". While the idea of a single panel hasn't raised too much concern, the static point has: Mathias Hasselmann responds with "Static Panel Nonsense", suggesting that many Gnome users, himself included, as well as Mac OS and Windows users, heavily customize the layout of their panels with custom launchers, and to improve something by removing existing functionality is not a good approach.
The most promising proposal from my point of view, and what seems to be a common OLPC inspired train of thought amongst Gnome's community, is the notion of activities. An activity is essentially what Karl Lattimer described as a project, made up of individual tasks, and what many Gnome users organize into separate work spaces in the current environment. In the current Gnome environment, Vincent argues, activities and work spaces are static: a user configures 8 desktops and sticks with them. His proposal is that activities should be far more flexible, and if a user wants to start a new one then we should help them by creating a new desktop automatically.
Where Next
Reportedly the release team are busy preparing a plan for how we can move from Gnome 2.x to 3.0, with the current plan appearing to be that what would have been called 2.30 will become 3.0. In this time frame, the very least of what we can expect to see is a revamped Gtk+, but what changes the user can expect to see is far harder to tell as there are no known plans for a radical interface overhaul like that seen during the development of KDE 4. Instead, it appears that the Gnome release team are planning on sticking to their current principles with regard to what features will become a core part of the desktop stack: adoption by popular distributions, stability, and a proven track record will all be required for features to make it in. This may seem like it rules out huge amounts of innovation, but there are a number of existing frameworks in Gnome that are very exciting (PolicyKit, PackageKit, Clutter, GVFS, desktop search, D-Conf, online desktop), and perhaps the 3.0 development cycle will see these mature and finally deliver on their promise of revolutionizing the user experience, with many of these technologies forming the backbone of the ideas discussed in this article.
Debian's election season: old firmware and new contributors
Longtime LWN readers will be aware of your editor's tendency toward the publishing of wild predictions at the beginning of each year. The 2007 predictions irritated some Debian developers and users by suggesting that, after getting the Etch release out the door, the project would go back to arguing about firmware issues. At the end of the year, it became necessary to acknowledge that this prediction, like so many others, had failed to come to pass. In retrospect, the error in this prediction was obvious: the Debian Project traditionally saves the firmware argument for the end of the release process. After all, they need to find some way to delay a release once it's looking close to ready.The problem with firmware, of course, is that it is a binary blob lacking the corresponding source, and, sometimes, even a license allowing its distribution. Many developers and users see that blob as being part of the hardware; as long as the blob is distributable, it does not bother them. Others, though, regard firmware blobs as proprietary software and their incorporation into the kernel as a GPL violation. The Debian Project, which promises to deliver a 100% free distribution to its users, houses many developers from the latter camp. These developers, who see firmware distribution as a violation of the project's social contract, can be counted upon to raise the issue each release cycle.
In 2004, the project responded by passing a general resolution suspending some social contract provisions through September 1 of that year on the reasoning that it would be long enough to get the Sarge release done. Putting a date on a Debian release tends to be a mistake, though; Sarge was not finished until June, 2005. By unspoken consensus, that date was somehow deemed to have fallen before September 1, 2004. In 2006, the project voted again on firmware. Having learned from experience, the exception they allowed this time lacked a date, simply saying that the presence of binary-only firmware in the Etch release was something the project was willing to tolerate.
The 2008 discussion started when Ben Finney pointed out that a number of firmware-related entries in the Debian bug tracking system had been quietly marked "lenny-ignore" - not relevant to the upcoming Lenny release. This action, many have subsequently argued, runs counter to the social contract and constitution, which do not allow the shipping of non-free software to be swept under the carpet in this way. They would, instead, like to see the kernel team remove the (relatively few) firmware blobs remaining in the kernel. Such a change, it is said, should be relatively easy; recent changes within the kernel are helpful in this regard - though said changes became available in 2.6.27, which is not the kernel expected to be shipped with the Lenny release. For the 2.6.26 kernel used by Lenny, Ben Hutchings reports that he has done the necessary work to excise the remaining firmware.
On the other side, there are developers who are more concerned about (1) getting the Lenny release out as quickly as possible, and (2) making sure that hardware Just Works for Lenny users. They would rather that the process of removing firmware continue independently of (and without delaying) the Lenny release.
This is Debian that we're talking about, so the issue will probably be decided by way of a general resolution. There are currently two sets of resolutions being circulated, though neither has reached a final state for voting. The first set addresses the Lenny question, providing two options: either delay Lenny until the firmware removal work is complete, or accept that - just once more, really this time, honest - a major Debian release will include some firmware in its kernel. (The "ship Lenny" option is actually two options, one allowing firmware and one allowing Debian Free Software Guidelines violations in general). What the project will decide once this resolution comes to a vote is unclear - but Debian's developers have always voted to get the release out in the past.
The second proposal addresses what happens after the Lenny release; it says that any package which violates the Debian Free Software Guidelines for more than 180 days will be forced into the non-free repository. The clear hope here is to ensure that this tiresome discussion doesn't happen yet again in the next release cycle. By the time the next release is getting close to ready, any non-compliant packages will have long since been banished to the non-free wasteland. If it ever comes down to moving the kernel to non-free, though, one can assume that the discussion will resume with a vengeance.
Developers, Members, Maintainers, and Contributors
Meanwhile, a different disagreement is headed toward - you guessed it - a general resolution. Long-time Debian watchers have noted that another recurring topic of debate is the acceptance of new developers. The new maintainer process involves long delays, tests of ideological purity, and more. Even when it works smoothly (which seems to generally be the case in recent years) it requires a certain amount of patience and determination on the part of an aspiring Debian Developer.
The difficulty of the process is a design feature; Debian developers occupy a position of some trust, and the project wants to make sure that applicants are serious. Over time, though, it has become clear that this process is costing the project the time and energy of talented contributors who do not wish to jump through all the hoops. In response, the project created a "Debian maintainer" designation which allows the uploading of packages, but withholds many of the other privileges enjoyed by full developers. This change appears to have been successful in enabling a larger group of developers to contribute to Debian.
More recently, Joerg Jaspert has proposed lowering the bar to certain types of contribution even further. The proposal reads:
To that end, Joerg would create a new "Debian Contributor" classification. Contributors would be those doing translations or documentation; the proposal doesn't say that contributors don't touch code, but one gets that sense. Contributors would still have to jump through some hoops, but they would be fewer. They would not be able to upload packages on their own. The proposal also changes the Debian Maintainer standards, making that designation a little bit harder to get. Finally, the proposal states that all new applicants to the project would become Contributors or Maintainers. Only after a six-month period would they be able to apply for full Debian Developer or Debian Member status -- "Debian Member" being another new category that, while being equivalent to Debian Developer in almost all respects, would not have package upload privileges.
Interestingly, there has not been much discussion of the substance of this proposal. But there has been a fair amount of debate over how it is being done. It would appear that some developers see this change as being imposed by a single project official without the debate that Debian changes normally require. Martin Krafft has further asserted that this kind of change goes beyond Joerg's authority as Debian account manager, a claim that Joerg denies.
So now there are proposed general resolutions being circulated. An early version simply decreed that the proposed changes were "suspended" in favor of changes to be made through a more consensus-oriented process. Later versions soften the language somewhat, and thank Joerg for his effort in this area - but still require a "consensus or general resolution" before changes are adopted. In any form, the clear point of the resolution is to slow down the process and open it up for a wider discussion.
Again, voting has not begun on any specific resolution, so we don't yet know what will even be voted on, much less how it will come out. But we can expect that, as a certain presidential election process finally (thankfully) comes to a close, activity will be picking up on a different set of votes.
Networking change causes distribution headaches
A seemingly innocuous change to the networking code that went into the 2.6.27 kernel is now causing trouble for various distributions. Ubuntu, Fedora, and openSUSE are all buttoning up their packages for a release in the near future—with Ubuntu's due this week—so kernel changes are not particularly welcome. Unfortunately, if the problem is not addressed, some users may never be able to download a fix because their TCP/IP won't interoperate with some broken equipment on the internet.
The problem stems from changes that were made to clean up the TCP option code that were merged back in July as part of the 2.6.27 merge window. TCP options are a mechanism to expand the functionality of the protocol as conditions change. There are a handful of commonly used options that the two endpoints of a connection can agree to use, for things like maximum segment size (MSS), window scaling, selective acknowledgment (SACK), and timestamps. Options have been added over time to provide more internet robustness and performance as well as to support higher-bandwidth physical connections.
A perfectly reasonable, if unintended, consequence of the code change was that the the options were put into the header in a slightly different order. According to the relevant RFCs, options can appear in any order in the option section of the TCP header. But, some home and/or internet routers seem to expect a fixed order; refusing to make connections if the order is "wrong". In particular, it would seem that the MSS option needs to appear before the SACK option.
The bug was reported to Ubuntu Launchpad in early September, but not a lot of progress was made until it was added to the kernel.org bugzilla in early October. It seems to have only affected a relatively small number of users—Red Hat's Dave Jones said that there were no reports from users of the rawhide 2.6.27 kernel—as it was rather hardware-specific. This made it difficult to track down for the majority of folks who couldn't reproduce it. Ubuntu user Aldo Maggi, who filed the kernel bug, sets a marvelous example of how to work with the kernel hackers to track down the problem as can be seen in the bugzilla entry.
Eventually, the option re-ordering problem was discovered and a patch was submitted by Ilpo Järvinen that restored the order of the options. Along the way, with help from Mandriva, it was discovered that turning off TCP timestamps by way of:
sysctl -w net.ipv4.tcp_timestamps=0worked around the problem without changing the kernel—at the cost of losing the TCP timestamp functionality.
So it would seem that the problem has been solved—the patch has been merged into Linus Torvalds's tree for 2.6.28—but there are still a few unresolved issues. The three distributions that are preparing new releases are all based on 2.6.27, but as yet, there has not been a -stable kernel release that picks up the patch, though it is likely to come fairly soon.
In the meantime, Fedora has added the patch to its kernel in rawhide, so
Fedora 10 (and eventually Fedora 9 when it gets rebased on 2.6.27) will
have the fix. openSUSE is waiting a bit to see what gets submitted by the
kernel networking developers to the
-stable team. As Novell/SUSE kernel hacker Greg Kroah-Hartman puts it:
"We still have a while to go before the final 11.1
kernel is released, so we feel no pressure here.
" Unfortunately,
Ubuntu got caught very late in its release cycle as 8.10 (or Intrepid Ibex)
is due on October 30.
The original plan as outlined by Debian/Ubuntu hacker Steve Langasek was to note the problem in the release notes for 8.10, but not address the underlying problem until after the release:
That led many in the Launchpad bug thread to note that it was going to be a real mess, especially for the least technical of users. Nick Lowe sums up the problem:
RC shouldn't mean Release ComeHellOrHighWater
The users who are most likely to hit this are home users behind their aged/unmaintained consumer routers who are highly unlikely to understand why they can't access the Web and will just go elsewhere...
Certainly, the release notes are not the first place an affected user would go if they ran into the problem. More than likely, they would just decide that Ubuntu—by extension Linux—is simply broken, so it is a relief to see that Ubuntu eventually relented. For 8.10, the procps package has been changed to work around the problem by turning off timestamps. Once a new kernel package is released with the re-ordering patch included, timestamps can presumably be restored.
This kind of problem—where affected users may not be able to retrieve an update to fix it—should really be part of the definition of a show-stopping (i.e. release date slipping) problem. It was rather galling to some that Ubuntu would consider shipping with this known issue, simply to make its 8.10 release in the 10th month of 2008 (which is how Ubuntu releases are numbered).
Ubuntu is justifiably proud of its record of shipping releases on time, but it cannot do that at the expense of its users. While the workaround that was implemented was suboptimal, perhaps, it does ensure that users—especially non-technical users—won't find that web surfing doesn't work in Linux. It should also allow Ubuntu to release on schedule.
[ Thanks to Nick Lowe for giving us a heads-up about this issue. ]
Security
Another kind of cookie
It has become increasingly difficult to use the web without some kind of Flash player, but a little-known "feature" of Flash is causing some privacy concerns. In some ways, Local Shared Objects (LSOs aka Flash cookies) are similar to browser cookies, but there are a number of significant differences as well. In addition, because the dominant Flash player is closed-source, one must depend on Adobe's ability to faithfully implement the security model. In all, Flash cookies are something that web users should be cognizant of.
At its core, an LSO is a chunk of data that is stored on a user's disk based on the domain that the Flash program was downloaded from. Only Flash programs from that domain should have access to the data and, unlike browser cookies, much more data can be stored. By default, 100K bytes can be used per domain, which is a sizable increase from the 4K available for browser cookies. The amount of storage for a Flash cookie can be increased with the assent of the user, or decreased via the management interface.
Another major difference from the now-familiar browser cookies is that the interface for managing them is less-than-obvious. From a given Flash application, there is a "Settings" menu that allows control of the LSOs from that site. To see the sites that have stored Flash cookies or to have more global control over them, one must visit Adobe's site. There are also third-party applications and browser add-ons that will allow more control. A user can also resort to the ultimate control—removing them from the filesystem (~/.macromedia/Flash_Player/#SharedObjects).
There are many benign things that a Flash application might do with a bit of local storage—caching data, storing preferences, etc.—but they can also be used to track users in much the same way that browser cookies are used. Because Flash cookies are less well-known, and harder to manage, though, they may be more effective because they are removed or restricted less often.
Another important thing to note is that there is no requirement that there be a visible Flash application on the web site. A site could embed a Flash application with no visible elements simply to store a cookie. Unless the user has a browser add-on like NoScript, they will get no indication that anything has happened.
Assuming that there aren't any holes in Adobe's implementation of the Flash security model, Flash cookies aren't much different—or more dangerous—than browser cookies. But that assumption is a bit worrisome. For Firefox or other free software browsers, the code can be inspected to verify correct behavior. Either Flash or Firefox could have some flaw that allowed cross-site cookie access (which would be a rather nasty information disclosure vulnerability), but for Flash, we can only take Adobe's word.
Privacy advocates have been successful in getting the idea of deleting browser cookies into the consciousness of concerned users, but Flash cookies seem to have flown below the radar. A recent blog posting that was widely reported has helped to raise the profile of Flash cookies so that users will, hopefully, know that they exist. Those with a desire to strictly control their privacy will be better able to do so. With luck, it may also lead Adobe to provide an easier and more visible interface to manage them as well.
New vulnerabilities
cman: insecure temp file
Package(s): | cman | CVE #(s): | CVE-2008-4192 | ||||||||||||||||||||||||
Created: | October 23, 2008 | Updated: | February 16, 2011 | ||||||||||||||||||||||||
Description: | cman has an insecure temp file vulnerability. From the Red Hat
bug report:
A malicious user could precreate a symlink, pointing to the file /tmp/eglog, Subsequent run of the '/sbin/egenera' command would destroy / truncate the target of this link to zero length. | ||||||||||||||||||||||||||
Alerts: |
|
cman: insecure temp file
Package(s): | cman | CVE #(s): | CVE-2008-4579 | ||||||||||||||||||||||||||||||||||||
Created: | October 23, 2008 | Updated: | February 16, 2011 | ||||||||||||||||||||||||||||||||||||
Description: | cman has an insecure temp file vulnerability. From the Red Hat
bug report:
The fence_apc and fence_apc_snmp programs, as used in fence 2.02.00-r1 and possibly cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file. | ||||||||||||||||||||||||||||||||||||||
Alerts: |
|
emacs: arbitrary code execution
Package(s): | emacs | CVE #(s): | CVE-2008-3949 | ||||||||
Created: | October 28, 2008 | Updated: | February 24, 2009 | ||||||||
Description: | From the CVE entry: Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file. | ||||||||||
Alerts: |
|
flash-plugin: several vulnerabilities
Package(s): | flash-plugin | CVE #(s): | CVE-2008-3873 CVE-2008-4401 CVE-2008-4503 | ||||||||||||
Created: | October 28, 2008 | Updated: | November 14, 2008 | ||||||||||||
Description: | From the Red Hat advisory:
A flaw was found in the way Adobe Flash Player wrote content to the clipboard. A malicious SWF file could populate the clipboard with a URL that could cause the user to mistakenly load an attacker-controlled URL. (CVE-2008-3873) A flaw was found which allowed Adobe Flash Player's ActionScript to initiate file uploads and downloads without user interaction. FileReference.browse and FileReference.download calls can now only be initiated via user interaction, such as mouse-clicks or key-presses on the keyboard. (CVE-2008-4401) A flaw was found in Adobe Flash Player's display of the Settings Manager content. A malicious SWF file could trick the user into unknowingly clicking a link or dialog. This could then give the malicious SWF file permission to access the local machine's camera or microphone. (CVE-2008-4503) | ||||||||||||||
Alerts: |
|
kernel: restriction bypass
Package(s): | kernel | CVE #(s): | CVE-2008-4554 | ||||||||||||||||||||||||||||||||||||||||||||||||
Created: | October 23, 2008 | Updated: | June 8, 2009 | ||||||||||||||||||||||||||||||||||||||||||||||||
Description: | The kernel has a restriction bypass vulnerability.
From the Red Hat
bug report:
Miklos Szeredi reported that splice() to files opened with O_APPEND are ignored, which allows users to bypass the append-only restriction. | ||||||||||||||||||||||||||||||||||||||||||||||||||
Alerts: |
|
kernel: denial of service
Package(s): | kernel | CVE #(s): | CVE-2008-4410 | ||||||||||||
Created: | October 23, 2008 | Updated: | October 29, 2008 | ||||||||||||
Description: | The kernel has a denial of service vulnerability. From the
CVE description:
The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) in the Linux kernel 2.6.26.5 invokes write_idt_entry where write_ldt_entry was intended, which allows local users to cause a denial of service (persistent application failure) via crafted function calls, related to the Java Runtime Environment (JRE) experiencing improper LDT selector state, a different vulnerability than CVE-2008-3247. | ||||||||||||||
Alerts: |
|
kernel: multiple vulnerabilities
Package(s): | kernel | CVE #(s): | CVE-2008-3911 CVE-2008-4618 | ||||||||||||||||
Created: | October 27, 2008 | Updated: | January 22, 2009 | ||||||||||||||||
Description: | From the SUSE advisory: CVE-2008-3911: The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from user space, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file. CVE-2008-4618: Fixed a kernel panic in SCTP while process protocol violation parameter. | ||||||||||||||||||
Alerts: |
|
ktorrent: multiple vulnerabilities
Package(s): | ktorrent | CVE #(s): | |||||||||
Created: | October 27, 2008 | Updated: | November 6, 2008 | ||||||||
Description: | From the Fedora advisory: Another bugfix release for the 3.1 series is out. This fixes several bugs : * A crash caused by a SIGBUS, when diskspace preallocation is disabled * High CPU usage when DNS lookups fail in the UDP tracker code * Several security issues in the webinterface plugin | ||||||||||
Alerts: |
|
libspf2: buffer overflow
Package(s): | libspf2 | CVE #(s): | CVE-2008-2469 | ||||||||
Created: | October 24, 2008 | Updated: | October 31, 2008 | ||||||||
Description: | From the Debian advisory: Dan Kaminsky discovered that libspf2, an implementation of the Sender Policy Framework (SPF) used by mail servers for mail filtering, handles malformed TXT records incorrectly, leading to a buffer overflow condition | ||||||||||
Alerts: |
|
lynx: multiple vulnerabilities
Package(s): | lynx | CVE #(s): | CVE-2008-4690 CVE-2006-7234 | ||||||||||||||||||||||||||||||||
Created: | October 27, 2008 | Updated: | September 14, 2009 | ||||||||||||||||||||||||||||||||
Description: | From the Red Hat advisory: An arbitrary command execution flaw was found in the Lynx "lynxcgi:" URI handler. An attacker could create a web page redirecting to a malicious URL that could execute arbitrary code as the user running Lynx in the non-default "Advanced" user mode. (CVE-2008-4690) A flaw was found in a way Lynx handled ".mailcap" and ".mime.types" configuration files. Files in the browser's current working directory were opened before those in the user's home directory. A local attacker, able to convince a user to run Lynx in a directory under their control, could possibly execute arbitrary commands as the user running Lynx. (CVE-2006-7234) | ||||||||||||||||||||||||||||||||||
Alerts: |
|
squirrelmail: session hijacking vulnerability
Package(s): | squirrelmail | CVE #(s): | CVE-2008-3663 | ||||||||||||||||||||||||||||
Created: | October 23, 2008 | Updated: | May 13, 2009 | ||||||||||||||||||||||||||||
Description: | squirrelmail is vulnerable to session hijacking.
From the Red Hat
bug report:
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | ||||||||||||||||||||||||||||||
Alerts: |
|
wireshark: multiple vulnerabilities
Package(s): | wireshark | CVE #(s): | CVE-2008-4680 CVE-2008-4681 CVE-2008-4682 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685 | ||||||||||||||||||||||||||||
Created: | October 27, 2008 | Updated: | June 30, 2009 | ||||||||||||||||||||||||||||
Description: | From the CVE entries: CVE-2008-4680: packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). CVE-2008-4681: Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. CVE-2008-4682: wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. CVE-2008-4683: The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. CVE-2008-4684: packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector. CVE-2008-4685: Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. | ||||||||||||||||||||||||||||||
Alerts: |
|
Page editor: Jake Edge
Kernel development
Brief items
Kernel release status
The current 2.6 development kernel is 2.6.28-rc2, released by Linus on October 26. It adds a mere 22 changesets to 2.6.28-rc1, which came out on the 23rd. This kernel is now known as the "Killer Bat of Doom."
As of this writing, almost 200 changesets have been merged into the mainline since 2.6.28-rc2. They are mostly fixes, but there is also a driver for Elantech (EeePC) touchpads, support for MIPS-based NXP Semiconductors STB220 development boards, and a number of large ftrace changes.
The current stable 2.6 kernel is 2.6.27.4, released with a number of important fixes on October 25. Previously, 2.6.25.19, 2.6.26.7, and 2.6.27.3 were released on October 22. There will probably only be one more stable update for the 2.6.25 and 2.6.26 kernels, so users who are dependent on those updates may want to start thinking about moving to 2.6.27.
Kernel development news
Quotes of the week
In the end, to what good is Linux in those devices? Definitely not to any benefit of the user. It's to the benefit of the handset maker, who can skip a pretty expensive Windows Mobile licensing fee. Oh and, yes, they get better memory management than on Symbian ;)
That's the brave new world. It makes me sick.
Interview videos from the Kernel Summit
The Linux Foundation has produced a whole pile of video interviews with kernel developers from this year's Kernel Summit. Short 5-10 minute interviews with 15 different kernel developers are available. You can watch interviews with Linus Torvalds, Ted Ts'o, Greg Kroah-Hartman, and many others including LWN Executive Editor Jonathan Corbet. Videos are available in both Ogg and Flash formats.Closing out the 2.6.28 merge window
About 1000 changesets were merged after the previous summary was posted here. Much of those came from architecture-specific trees. Other changes merged this time around include:
- There are new drivers for
Mellanox ConnectX 10GbE network adapters,
PowerPC PPC40x and PPC44x GPIO controllers,
Panasonic "Let's Note" laptop special keys,
Sharp SL-6000 backlight and LCD devices,
Dialog Semiconductor DA9030/DA9034 backlight devices,
Tabletkiosk Sahara Touch-iT backlight devices, and
Toshiba TX4939 SoC ATA controllers.
- One more not-ready-for-prime-time driver was merged via the staging
tree; this one supports Redrapids Pocket Change cardbus devices. The
staging tree also brought an extensive set of fixes to the drivers
added earlier in the merge window.
- The kernel has gained support for ultra-wideband
protocol stacks. UWB can be used for normal networking, but the
immediate application is wireless USB, which will be
supported in 2.6.28.
- The ACPI docking station code has gained support for bay and battery
hotplug events.
- The IA64 architecture now supports Xen. Also added to IA64 is support
for DMA remapping devices (IOMMUs).
- Support for kdump has
been added to the PowerPC architecture.
- The 9P (Plan9) filesystem now has RDMA support.
Changes visible to kernel developers include:
- There is a new core_param() macro:
core_param(name, var, type, perm);
Its purpose is to define "core" parameters and let them be represented in /sys/module/kernel/parameters.
- It is now possible to create a workqueue running at realtime priority
with:
struct workqueue_struct *create_rt_workqueue(const char *name);
- The block driver API has changed considerably, with the inode
and file parameters being removed from most block device
operations. The new API looks like this:
struct block_device_operations { int (*open) (struct block_device *bdev, fmode_t mode); int (*release) (struct gendisk *gd, fmode_t mode); int (*locked_ioctl) (struct block_device *bdev, fmode_t mode, unsigned cmd, unsigned long arg); int (*ioctl) (struct block_device *bdev, fmode_t mode, unsigned cmd, unsigned long arg); int (*compat_ioctl) (struct block_device *bdev, fmode_t mode, unsigned cmd, unsigned long arg); int (*direct_access) (struct block_device *bdev, sector_t sector, void **kaddr, unsigned long *pfn); int (*media_changed) (struct gendisk *gd); int (*revalidate_disk) (struct gendisk *gd); int (*getgeo)(struct block_device *bdev, struct hd_geometry *geo); struct module *owner; };
The new prototypes do away with the file and inode structure pointers which were passed in previous kernels. Note that the ioctl() method is now called without the big kernel lock; code needing BKL protection must explicitly define a locked_ioctl() function instead.
- The range timer API has been merged; callers can now specify a time period in which they would like the timeout to be delivered. The kernel can then take advantage of the range to coalesce wakeups and keep the processor idle for longer periods.
This time around, linux-next maintainer Stephen Rothwell has put together a list of linux-next patches which did not get into 2.6.28. Perhaps the biggest omission was the credentials work, which seemed poised to go in this time around. Other changes which failed to get merged include the message catalog code (which looks like it will need a change of approach) and TOMOYO Linux (which seems to be caught up in the same old "new security module with pathname-based rules" swamp).
Now the stabilization period starts. Linus, perhaps, was trying to set the tone for this development cycle when he released a much smaller and earlier 2.6.28-rc2 than would have normally been expected. By way of comparison: 2.6.25-rc2 had 359 patches applied since 2.6.25-rc1. For 2.6.26-rc2, 446 changesets were merged, and, for 2.6.27-rc2, the count was 780. For 2.6.28-rc2, instead, a total of 22 changes went in. Says Linus:
Should this pattern hold, it may well be that 2.6.28 will stabilize more quickly and successfully than its predecessors. It will, in any case, be interesting to watch.
Tracking tbench troubles
Kernel developers tend to have a mixed view of benchmarks. A benchmarking tool can do an effective job of quantifying specific aspects of system performance. But benchmarks are not real workloads; optimizing for a benchmark can often distort a system in ways which are detrimental to real applications. Since kernel hackers do not always see benchmark optimization as their top priority, they can sometimes assign a lower priority to benchmark regressions as well. But, sometimes, benchmark problems indicate a real problem in the kernel.The tbench benchmark is meant to measure networking performance; it consists of a collection of processes quickly making lots of small requests from a server process. Since the requests are small, there is not much time spent actually moving data; it's all a matter of shifting small packets around - and scheduling between the processes. Back in August, Christoph Lameter reported that tbench performance in the mainline kernel had been declining for some time. His system was able to move 3208 MB/sec with a 2.6.22 kernel, but only 2571 MB/sec with a 2.6.27-rc kernel. Each of the releases in between showed a decline from the one which came before, with 2.6.25 showing an especially big hit. Others were able to reproduce the results, and they engaged in various rounds of speculation on where the problem might be, but it seems that, initially, nobody actually dug into the system to see what was going on.
At linux.conf.au 2007, Andi Kleen gave a talk describing various types of kernel hackers. One of those was the "Russian mathematician" who, he suspected, was often a room full of talented developers operating under a single name. Evgeniy Polyakov can only have reinforced that view when, in early October, he tracked down the biggest offending commit through a process which, he says, involved "just [a] couple of hundreds of compilations." In the process, he put together a plot of tbench performance which, he says, is suitable for scaring children. Through a massive amount of work, he was able to point the finger at a scheduler patch - not something in the networking stack at all.
In particular, Evgeniy found that the patch adding high-resolution preemption ticks was the problem. The idea behind this patch was to make time slices more accurate by scheduling preemption at just the right time. It makes sense; once the regular clock tick has been eliminated, there is no reason not to arrange for preemption to happen when the scheduling algorithm says it should. Unfortunately, it seems that this change also adds sufficient overhead to slow down tbench performance considerably; when Evgeniy backed it out, his performance went from 373 MB/sec to 455 MB/sec. That would seem to be a pretty clear indication that something is amiss with high-resolution preemption ticks.
At this point, the public discussion went quiet, though it appears that a number of developers were working on it off-list. David Miller eventually tracked down the worst of the trouble to the wakeup code, something he was rather vocally unhappy about having had to do. Eventually a patch was merged (for 2.6.28-rc2) disabling the high-resolution preemption tick feature. Since the discussion is private, it's not quite clear why this change took as long as it did. But there's a couple of plausible reasons. One is that this particular feature is disabled by default anyway, so most users will not encounter the performance problem it creates.
But there is also the question of weighing the benchmark result against the effects on other, "real" workloads. Ingo Molnar said:
So, by this view, performance on scheduler-intensive benchmarks must be weighed against the wider value of other scheduler enhancements. David Miller has a different view of the situation, though:
In David's view, scheduler performance has been getting consistently worse since the switch to the completely fair scheduler in 2.6.23. He would like to see some energy put into recovering some of the performance of the pre-CFS scheduler; in particular, he thinks that Ingo and company should work to fix (what he sees as) a regression that they caused.
For the time being, the worst performance regression has been "fixed" by disabling the high-resolution preemption tick feature; Ingo says that the feature will not come back until it can be supported without slowing things down. But the scheduler seems to have gotten slower in a number of other ways as well. Your editor will make a prediction here: now that the issue has been called out in such clear terms, somebody will find the time to fix these problems to the point that the CFS scheduler will be faster than the O(1) scheduler which preceded it.
Beyond that, there are suggestions that the scheduler cannot take the blame for all of the observed regressions in tbench results. So developers will have to look at the rest of the system to figure out what's going on. The good news is that this is a clear challenge with an objective way to measure success. Once a problem reaches that level of clarity, it's usually just a matter of some hacking.
Squashfs submitted for the mainline
The Squashfs compressed
filesystem is
used in everything from Live CDs to embedded devices. Many or most
distributions ship it in such situations, but squashfs has been
maintained outside of the mainline kernel for years. That appears to be changing as
it was recently submitted for inclusion in the mainline by Phillip Lougher. The reaction has
been generally favorable, with Andrew Morton requesting that Lougher move it forward:
"Please prepare a tree for linux-next
inclusion and unless serious problems are pointed out I'd suggest
shooting for a 2.6.29 merge.
"
So it seems like a good time to take a look at some of the
features and capabilities of Squashfs.
The basic idea behind Squashfs is to generate a compressed image of a filesystem or directory hierarchy that can be mounted as a read-only filesystem. This can be done to archive a set of directories or to store them on a smaller capacity device than would normally be required. The latter is used by both Live CDs and embedded devices to squeeze more into less.
It has been nearly four years since Squashfs was last submitted to linux-kernel. Since that time, it has been almost completely rewritten based on comments from that attempt. In addition, it has gone through two filesystem layout revisions in part to allow for 64-bit sizes for files and filesystems. Another major change is to make the filesystem little-endian, so that it can be read on any architecture, regardless of endian-ness.
The mksquashfs utility is used to create the image, which can then be mounted either via loopback (from a file) or from a regular block device. One of the features added since the original attempt to mainline Squashfs—to address complaints made at that time—is the ability to export a Squashfs filesystem via NFS.
Squashfs uses gzip compression on filesystem data and metadata, achieving sizes roughly one-third that of an ext3 filesystem with the same data. The performance is quite good as well, even when compared with the simpler cramfs—a compressed read-only filesystem already available with the kernel. According to Lougher, these performance numbers were gathered a number of years ago, with older versions of the code; newer numbers should be even better.
Previously, some kernel developers were resistant to adding another compressed filesystem to the kernel, so Lougher outlines a number of reasons that Squashfs is superior to cramfs. Certainly support for larger files and filesystems is compelling, but the fact that cramfs is orphaned and unmaintained will likely also play a role. In addition, Squashfs supports many more "normal" Linux filesystem features like real inode numbers, hard links, and exportability.
Morton had a laundry list of overall suggestions for making Squashfs better in the email referenced above, but documentation is certainly one of the areas that is somewhat lacking. In particular, Squashfs maintains its own cache, which puzzles Morton:
The real bug here is that this rather obvious question wasn't answered anywhere in the patch submission (afaict). How to fix that?
Methinks we need a squashfs.txt which covers these things.
One of the reasons that Squashfs doesn't use the page cache is that it
allows for multiple block sizes, from 4K up to 1M, with a default of 128K.
Better compression ratios can be achieved with a larger block size, but that
doesn't work well with the page cache as Jörn Engel
notes: "One of the problems seems to
be that your blocksize
can exceed page size and there really isn't any infrastructure to deal
with such cases yet.
"
Lougher has moved the code into a git repository, presumably in preparation to get it into linux-next. He notes that the CE Linux Forum has been instrumental in providing funding over the last four months to allow him to work on getting Squashfs into the mainline. With the additional testing that will come from being included in linux-next, it seems quite possible we could see Squashfs in 2.6.29.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Networking
Security-related
Virtualization and containers
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
DebXO for the XO laptop
The XO laptop was developed for the One Laptop Per Child (OLPC) project. Two weeks ago the XO Software Release 8.2.0 was announced. This week the DebXO project has taken off, with the goal of providing a Debian-based alternative for the XO laptop. Work has been in progress for at least a couple of months, but versions 0.2 and 0.3 were announced this week.As of this writing, Andres "dilinger" Salomon has released three versions, the debxo-latest symlink points to the latest release. According to the version 0.2 announcement DebXO has EXT3 images for booting from USB and/or SD; and while DebXO 0.1 only had a GNOME desktop, 0.2 includes KDE, LXDE, Sugar, Awesome and GNOME desktops. Version 0.3 provides some important bug fixes for problems found in 0.2.
This project is obviously still in its infancy, but it seems like a good start on an alternative for the XO laptop. If you have an XO and are interested in helping out you could start by testing the current versions. There is a git repository with the code, which has a web interface, or just use git clone to grab the code.
New Releases
Debian GNU/Linux 4.0 updated
The Debian project has announced the fifth update of it's stable distribution Debian GNU/Linux 4.0 (codename etch). "This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems. Please note that this update does not constitute a new version of Debian GNU/Linux 4.0 but only updates some of the packages included. There is no need to throw away 4.0 CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated."
Fedora 10 Snapshot 3
Fedora has released the final snapshot before the devel freeze and subsequent preview release. It's available by torrent with only one known bug listed in the announcement (click below). Check it out and report any bugs you find.Ubuntu 8.10 release candidate available
The release candidate for the Ubuntu 8.10 "Intrepid Ibex" release is available. "We consider this release candidate to be complete, stable, and suitable for testing by any user." Final release is scheduled for October 30, so now would be a good time to try things out and find the remaining bugs.
Distribution News
Fedora
Fedora moves the X server
Testers of the Fedora 10 beta (or Rawhide) have recently noticed that the X server has been moved from its traditional home on virtual terminal 7 to VT1. This move, which has spawned a lengthy flame war (OK, two lengthy flame wars) is motivated by a desire to speed the boot process by avoiding the VT switch. It seems like a relatively small change, but our community has a strong sense of tradition, apparently.
Gentoo Linux
Gentoo Council meeting summary
Click below for a summary of the Gentoo Council meeting for October 23, 2008. There's a look at open bugs included in the summary.
Mandriva Linux
International Mandriva Linux 2009 Install Fest
Mandriva is co-ordinating an international Install Fest for the new Mandriva Linux 2009 release, on November 22, 2008. If you are involved with a LUG or other community group and would be interested in running a local event as part of the Install Fest, Mandriva will provide professionally pressed One CDs and other material. Visit the Wiki page for details of how to organize an event in your area. There is also a list of confirmed events, so look for one in your area.
SUSE Linux and openSUSE
Results of the 1st openSUSE Board Election
The results are in for the first community election of the openSUSE board. "The new board members are, from the Non-Novell side of the community Pascal Bleser and Bryen Yunashko and from the Novell side we have Henne Vogelsang and Federico Mena-Quintero. We are proud to announce that Michael Loeffler has been appointed by Novell as chairman of the new board." Click below for more information on the election, including the turnout (178 of 237 or 75%).
Distribution Newsletters
Ubuntu Weekly Newsletter #114
The Ubuntu Weekly Newsletter for October 25, 2008 covers: Ubuntu 8.10 RC released, Intrepid Release Parties, Intrepid bug fixes, Pre-order Intrepid CDs, Spread Ubuntu Alpha 0.1, MOTU News, German UbuCon 2008, Ubuntu Maryland: New team website, BugJam Berlin, Interview with Dustin Kirkland, Ubuntu Podcast #10, Firefox removes license agreement from Ubuntu, Dell's Mini Issues Getting Bigger?, Interview with Jon Ramvi of the Ubuntu Eee project, Obama Ubuntu? Or a Hoax?, Team Meeting Summaries, Club-Ubuntu, and much more.OpenSUSE Weekly News/43
This issue of the OpenSUSE Weekly News looks at openSUSE Build Service Webclient Survey Started, Development Release: openSUSE 11.1 Beta 3 Now Available, We want YOU - for openSUSE Weekly Newsletter, People of openSUSE: Henne Vogelsang, and much more.Fedora Weekly News #149
This issue of the Fedora Weekly News covers Fedora 10: Features & Final Development Freeze, Planet Fedora articles Events & Trip Reports and Tech Tidbits, developments in R, libtool, the Livna migration to RPM Fusion, and much more.DistroWatch Weekly, Issue 276
The DistroWatch Weekly for October 27, 2008 is out. "One of the busiest and most exciting periods of the year for most Linux distribution watchers is here. Yes, it's the Ubuntu release week! For many, this will likely mean unreachable web sites, busy download servers, overworked BitTorrent clients, and hundreds of first-look reviews and screenshot tours all over the Internet. Stay tuned as we bring you all the exciting announcements. In the news section, Fedora finalises the feature list for the upcoming release of version 10, openSUSE explains the complexities of its distribution's release process, Mandriva announces plans for a worldwide install party, and DesktopBSD ponders an upgrade to KDE 4. And speaking about KDE 4, what is your opinion about the quality, stability and features of the popular desktop's latest version? Some people love it, while others can't stand it, but one thing is sure - thanks to the variety of distributions on the market, we can always find that perfect solution for our needs."
Interviews
Interview: Fedora 10's Better Startup (Fedora Magazine)
Fedora Magazine has an interview with Adam Jackson and Ray Strode about the cleaner graphical booting that is coming in Fedora 10. "Not only is X not especially fast to initialize on its own (although better now than it was), but due to the design of rhgb, all of init would pause until X came up. For F9 we tried to fix this by launching X sort of in parallel with the rest of init and queueing up console messages until the vte widget was ready. This never really worked right either, partly because it's just too hard to get all the corner cases right, fsck failing and so forth. We also kept running into race conditions with the tty layer where the kernel would deadlock between the rhgb X server coming down and the gdm X server coming up. Eventually we just punted, reverted back to more or less the rhgb we shipped in F8, and resolved to drop it from F10." (Thanks to Rahul Sundaram).
Distribution reviews
First look: OpenSUSE 11.1 beta 3 very promising (Ars Technica)
Ars Technica has a review of openSUSE 11.1 beta 3. "Although OpenSUSE doesn't provide quite the same level of polish and simplicity as Ubuntu, it does offer some compelling advantages. OpenSUSE's unbeatable Mono integration is a big win for many software developers, and the distribution also has great support for desktop search integration via the Beagle indexing system. The OpenSUSE KDE environment is among the best, which is why we have typically used OpenSUSE as our reference platform for KDE testing. The 11.1 release is looking really sharp and continues to play to those strengths."
Page editor: Rebecca Sobol
Development
Digitizing Vinyl Records with Audacity
The Audacity sound editor is an excellent application with many uses. Your author recently started working on a long-term project to convert the better parts of his ancient vinyl phonograph record collection to FLAC files so that they could be added to his digital audio library. Audacity was chosen to do the audio recording and processing work.
Prior to undertaking such a project, one must first assemble the appropriate equipment. An older desktop computer with an Athlon 2500 processor and 500MB of RAM was used for the computing platform. Besides a sufficiently powerful CPU, the second most important piece of hardware is a decent sound card. An M-AUDIO Delta 44 was chosen. Standard sound cards should also work, but the Delta 44 has higher quality A-D converters that are mounted external to the computer for lower noise. The Ubuntu Studio distribution was used on the machine, although any current Linux distribution should work.
The turntable is an ancient Technics SL-D3 and a Pioneer SX-780 receiver is used as the phono preamp. One of the Tape Record Outputs from the Pioneer receiver is fed into the Delta 44 sound card with an appropriate set of adapter cables. The turntable's tracking weight, anti-skid settings and platter speed should all be adjusted appropriately. One of the new USB turntables could probably be used here if you don't already have access to the legacy hardware.
The Audacity sound editor needs to be set up by entering the Edit->Preferences menu, the audio quality was set to 44,100 Hz sampling at 16 bits (standard CD quality). Depending on your needs, other sample rates can be used. One of the more important configuration steps involves making sure the Software Playthrough button in the Audio I/O preference window is deselected. On this particular machine, enabling Software Playthrough results in audible sample loss on the recording. Audio monitoring is done through the Pioneer receiver. The audio meter should be enabled on the main Audacity window and the GNOME ALSA sound mixer is used to set the sound card input levels. The machine is now ready to record.
![[Audacity]](https://static.lwn.net/images/ns/audacity.png)
It is a good idea to make a few test recordings on various album tracks to set the sound card's input level adjustment. A loud track should be played and the input level should be adjusted to achieve fairly high readings on the meter without any clipping.
Unless you only need to extract one track, it is best to record an entire album side in one pass. Recording should be enabled prior to setting the needle on the record, and disabled after the needle has been lifted. Be sure to use an appropriate record cleaner on the disc to get rid of any dust particles.
When an album side has been successfully recorded and the levels look reasonable, it is time to do some trimming. Listen to the beginning of the recording with the volume up a bit, At some point the sound will probably begin with a fade in. Select the audio from the beginning of the recording, past the initial pop from the needle landing in the groove, and ending a few seconds before the first track starts. Delete the selection with Edit->Delete. Next, select from the new beginning to where the sound begins. Use Effect->Fade In to make a smooth transition from quiet to the beginning of the audio. Perform a similar edit at the end of the album side. Delete everything from a few seconds beyond the last sound to the end of the recording and put a Fade Out at the end of the side.
If your album has a few clicks and pops, now is the time to remove them. Select the entire recording with Edit->Select->All and de-click with Effect->Click Removal. The default click filter settings seem to work fairly well.
The next step involves putting labels at the beginning of each song, assuming the album's material is not one long track. First, create a label track with Tracks->Add New->Label Track. Hit the << rewind button and type Control-B, this puts a label at the beginning of the recording. Move through the album side and put more labels at the middle of each song transition. It is a good idea to zoom in and put the label on a wave zero-crossing point to prevent clicks at the beginnings of individual tracks. If you zoom in, you can often see a change in wave patterns that is left over from the master tape splice. The recording should now look something like the first frame of the Audacity Images.
It is a good idea to listen carefully to the entire recorded album side. If the recording has any obnoxiously loud clicks and pops that weren't removed with the Click Removal step, Audacity can smooth them out. To smooth out a click, locate the offending waveform by playing and pausing, then zoom in multiple times until the click is visible. Select a small region around the click (< 128 samples) and use Effect->Repair to smooth out the waveform. Zoom out and play the area where the click removal was performed to verify the operation. Audacity is very forgiving, if you don't like the results of the click removal or make another type of mistake, Edit->Undo will reverse most operations. An example Repair operation is shown in the Audacity Images.
At this point, it is time to split the album side into individual audio files. Select File->Export Multiple, chose the desired export format such as WAV, select Split files: based on labels and Name files: Numbering consecutively. Click the Export button and click Audacity will render the individual track files. Audacity can create .mp3 and .flac files at this point, or that can be done at a later time. At this point, you exit Audacity and save any edit information if you think you will need to work on the recording later.
The same operations are performed on the B-side of the record. Your author likes to use a short BASH script to rename the Audacity-generated file names to his own name scheme. The track files are all grouped together in one directory, converted to FLAC format with the command FLAC *.wav. A meta-data text file is created with digitizing notes, track titles and any other information that you wish to save. Lastly, all of the files are played one more time to verify that there are no problems. The original album side tracks can now be safely deleted to reclaim some disk space.
With enough editing effort, it is possible to make a digital copy of a vinyl record that sounds better than the original. Performing all of the above steps on a large collection of albums is a big undertaking, but the reward comes in turning a hard to play discrete music library into an easy to play digital library.
For furthur information on this topic, see the followup article.
System Applications
Audio Projects
Rivendell 1.1.0 released
Version 1.1.0 of Rivendell has been announced. "Rivendell is a full-featured radio automation system targeted for use in professional broadcast environments. It is available under the GNU General Public License." Several new capabilities have been added in this release.
Database Software
MySQL 5.1.29-rc has been released
Version 5.1.29-rc of the MySQL DBMS has been announced. "We are proud to present to you the MySQL Server 5.1.29-rc release, a new "release candidate" version of the popular open source database. Bear in mind that this is still a "candidate" release, and as with any other pre-production release, caution should be taken when installing on production level systems or systems with critical data."
MySQL 6.0.7 Alpha has been released
Version 6.0.7 Alpha of the MySQL DBMS has been announced. "MySQL 6.0 includes two new storage engines: the transactional Falcon engine, and the crash-safe Maria engine."
PostgreSQL Weekly News
The October 26, 2008 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.sqlmap: 0.6.1 released (SourceForge)
Version 0.6.1 of sqlmap has been announced, it includes new features and bug fixes. "sqlmap is an automatic SQL injection tool. Once it detects a SQL injection on the target host you can perform an extensive back-end DBMS fingerprint, enumerate users, password hashes, privileges, databases, dump DBMS tables/columns and much more."
Networking Tools
IPtables-tng version 2.1 for kernel-2.6.25.* released (SourceForge)
Version 2.1 of IPtables-tng has been announced. "iptables-TNG (The Next Generation of iptables) An environment that can use from different packet classification algorithm (eg. tuple) to support large rulesets (more than 10,000 rules) for high bandwidth networks. New release of iptables-tng for kernel-2.6.25 and iptables-1.4.1 is ready."
Printing
CUPS 1.4b1 released
Version 1.4b1 of CUPS, the Common Unix Printing System, has been announced. "The first beta release of CUPS 1.4 is now available from: http://www.cups.org/software.php The new release adds over 65 changes and new features to CUPS 1.3.x."
Web Site Development
Upcoming Django releases
The Django web development platform project has announced the upcoming release schedule. "With Django 1.0 out the door and a successful inaugural DjangoCon behind us, it's time to look ahead to the future, which includes two releases: * Django 1.1, currently targeted for release in March 2009. * Django 1.0.1, currently targeted for release next month."
Miscellaneous
DebXO 0.3 released
Version 0.3 of DebXO, a Gnome/Debian distribution for the OLPC XO laptop, has been announced. "Here's a (mostly) bugfix release of DebXO. There was a nasty bug related to JFFS2 and kernel upgrades in 0.2; this release fixes it."
Desktop Applications
Animation Software
PySwfdec 0.8.0 announced
Version 0.8.0 of PySwfdec has been announced, it features an API update and improved documentation. "Swfdec is the library for decoding and rendering Flash animations. It is still in heavy development. The intended audience are developers or people using it for pretested Flash animations (think embedded here). If you use it on unknown content, expect it to have issues and don't be surprised if it crashes. If you encounter such a crash however, make sure to file a bug immediately. PySwfdec is a wrapper which exposes the Swfdec API to the python world."
synfig 0.61.09 released
Version 0.61.09 of synfig, a vector-based 2D animation package, has been announced. "Synfig version 0.61.09 was released on October 21st 2008. It is the result of several months of contributions by the free software community. It has security fixes, far fewer bugs, several usability enhancements, a few new features and other improvements."
Audio Applications
Ardour 2.6.1 released
Version 2.6.1 of the Ardour multi-track audio workstation system has been announced. "A bit sooner than expected, we have a fix for one very notable and ugly bug that was still affecting 2.6 (plugin automation tracks would be drawn in the wrong place on the screen). As a result, Ardour 2.6.1 is now available."
Audacity 1.3.6 released
Version 1.3.6 of the Audacity audio editor has been announced. "This release highlights exciting new capabilities developed by our students in Google Summer of Code (GSoC) 2008: * FFmpeg support (downloadable separately) permits import and export of a much wider range of file formats, including WMA, M4A and AC3, plus import of audio from video files * On-demand loading of uncompressed files eliminates the wait before files can be played or edited * Linked audio and label tracks allow labels to move with their corresponding audio when cutting, pasting or changing speed or tempo * Hierarchical plug-in grouping for built-in plug-ins".
Business Applications
Announcing Sarasvati Workflow
The Sarasvati project has been announced. "Sarasvati is an open source workflow/business process management engine for Java and Haskell. It is currently in beta, and is already suitable for use in many projects."
Desktop Environments
GNOME Software Announcements
The following new GNOME software has been announced this week:- cairomm 1.7.0 (unstable testing release)
- CrunchyFrog 0.3.0 (new features, bug fixes and translation work)
- metacity 2.25.5 (bug fixes and translation work)
- Swfdec 0.8.2 (bug and build fixes)
- Sysprof Linux Profiler 1.0.11 (support for newer kernels)
KDE Software Announcements
The following new KDE software has been announced this week:- cpdu 0.3.0b (unspecified)
- Gimper 1.0 (new features and code rewrite)
- Kid3 1.1 (new features, bug fixes and translation work)
- qsfm Quick Soundfont Manager 1.0.0.1 (new features)
- QtiPlot 0.9.7.3 (new features and bug fixes)
- netgo_ng 0.2.0 (bug fixes)
- NWC 0.0.0 (initial testing release)
- TorK 0.30 (new features and bug fixes)
- Zhu3D 4.1.4 (new features, documentation work and code cleanup)
Xorg Software Announcements
The following new Xorg software has been announced this week:- xf86-input-evdev 2.0.99.2 (new features and bug fixes)
- xf86-input-vmmouse 12.6.0 (new feature)
- xf86-input-vmmouse 12.6.1 (code cleanup)
- xf86-video-intel 2.4.98 (bug fixes, code cleanup and documentation work)
- xf86-video-intel 2.5.0 (new features and bug fixes)
- xproto 7.0.14 (new features and bug fixes)
Desktop Publishing
LyX version 1.6.0 RC4 and RC5 released
Versions 1.6.0 RC4 and RC5 of LyX, a GUI front-end for the TeX typesetter, have been announced. "LyX 1.6.0 will be the culmination of 14 months of hard work since the release of the LyX 1.5 series. We sincerely hope you will enjoy the result. As usual with a major release, a lot of work that is not directly visible has taken place. The core of LyX has seen more cleanups and some of the new features are the direct results of this work."
Electronics
Announcing the GECKO3 System-on-Chip Co-Design Environment
OpenCollector.org has announced the GECKO3 System-on-Chip Co-Design Environment. "The GECKO system is a general purpose hardware/software co-design environment for real-time information processing or for system-on-chip (SoC) solutions. The GECKO system supports a new design methodology for system-on-chips, which necessitates co-design of software, fast hardware and dedicated real-time signal processing hardware."
GUI Packages
pyFltk 1.1.3 has been released.
Version 1.1.3 of pyFltk has been announced. "This is a maintenance release of pyFltk, supporting fltk-1.1.9 and Python2.6. Changes include various bug fixes, and added wrappers for add_fd and remove_fd. PyFltk is a Python wrapper for the fltk GUI toolkit, allowing for the simple and easy creation of GUIs from Python. Supported platforms include Windows, Unix, Mac."
Interoperability
Wine 1.1.7 announced
Version 1.1.7 of Wine has been announced. Changes include: "Improved device management for DOS drives, Many Richedit fixes, Various installer fixes, particularly for IE 7, First steps of Direct3D 10 implementation and Various bug fixes."
Multimedia
Elisa Media Center 0.5.16 released
Version 0.5.16 of Elisa Media Center has been announced. "This release brings its usual lot of bug fixes and introduces new features, some of which were long awaited. Here are the main highlights: - Search videos in Youtube - Same level of support for subtitles in Linux and Windows - Updated Polish and Italian translations."
Office Suites
KOffice 2.0 Beta 2 released (KDE.News)
Version 2.0 Beta 2 of KOffice has been announced. "The KOffice Team has announced the release of KOffice version 2.0 Beta 2, the second beta version of the upcoming version 2.0. The goal for the second beta is to show progress made since beta 1, as well as to gather feedback from both users and developers on the new UI and underlying infrastructure."
Digital Photography
Caliph and Emir: Lire 07 released (SourceForge)
Version 0.7 of Lire has been announced. Lire is part of Caliph and Emir: "Java & MPEG-7 based tools for annotation and retrieval of digital photos and images, supporting semantic annotation and content based, meta-data based and semantic image retrieval. The sub project Lire offers a library for content based image retrieval. Lire 0.7 is a major release fixing a lot of bugs and introducing several new features including new descriptor, a simplified way to use descriptors by introducing new generic searchers and indexers as well as an generalized interface for image descriptors."
Video Applications
Theora 1.0 RC2 announced
Version 1.0 RC2 of Theora, a video CODEC, has been announced. "Apologies are in order for the delay in getting 1.0 Final out, but the big word in the 1.0 release is STABILITY. The core team has found some last minute bugs that needed ironing out and they are being taken care of. In spite of this, we are close to see a proper release very soon and, as a stop-gap, all the latest developments have been collected into a new Release Candidate which you are invited to try."
Languages and Tools
Perl
Parrot 0.8.0 released
Version 0.8.0 of Parrot has been announced, it includes some new features and bug fixes. "On behalf of the Parrot team, I'm proud to announce Parrot 0.8.0 "Pareto Principle." Parrot is a virtual machine aimed at running all dynamic languages."
Python
NumPy 1.2.1 released
Version 1.2.1 of NumPy, a package for scientific computing with Python, has been announced. "This bugfix release comes almost one month after the 1.2.0 release. Please note that NumPy 1.2.1 requires Python 2.4 or greater."
Python-URL! - weekly Python news and links
The October 27, 2008 edition of the Python-URL! is online with a new collection of Python article links.
IDEs
Pydev 1.3.23 released
Version 1.3.23 of Pydev has been announced, it adds new capabilities and bug fixes. "PyDev is a plugin that enables users to use Eclipse for Python and Jython development -- making Eclipse a first class Python IDE -- It comes with many goodies such as code completion, syntax highlighting, syntax analysis, refactor, debug and many others."
Pydev 1.3.24 Released
Version 1.3.24 of Pydev and Pydev Extensions have been announced. "This is a high-priority release to fix some blocker bugs (that's why it was released in such a short time from the last release)".
Version Control
Announcing repo - the multiple Git repository tool
Shawn O. Pearce has announced the release of repo, the multiple Git repository tool. "repo is a Python application to bind together Git repositories, something like "git submodule", except it can track a project's branch rather than a specific Git commit. repo is also able to natively import a tarball or zip file and use it to initialize a repository from an upstream source, then apply git based changes on top of that tarball. In other words, repo is (more or less) built to manage an OS distribution, in Git."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Debunking Google's security vulnerability disclosure propaganda (CNet)
Chris Soghoian takes Google to task for its security policy in this CNet article. "Question: You're a multibillion dollar tech giant, and you've launched a new phone platform after much media fanfare. Then a security researcher finds a flaw in your product within days of its release. Worse, the vulnerability is due to the fact that you shipped old (and known to be flawed) software on the phones. What should you do? Issue an emergency update, warn users, or perhaps even issue a recall? If you're Google, the answer is simple. Attack the researcher."
Trade Shows and Conferences
GNOME usability hackfest (here be dragons)
Mark Shuttleworth covers the GNOME usability hackfest. "The GNOME user experience hackfest in Boston was a great way to spend the worst week in Wall St history! Though there wasn't a lot of hacking, there was a LOT of discussion, and we covered a lot of ground. There were at least 7 Canonical folks there, so it was a bit of a mini-sprint and a nice opportunity to meet the team at the same time. We had great participation from a number of organisations and free spirits, there's a widespread desire to see GNOME stay on the forefront of usability."
A year since Microsoft's EU appeal failed
Samba's Andrew Bartlett has written a report on recent Samba/Microsoft interoperability events. "Over the 2 weeks at the end of September 2008, I attended two interoperability events in the US, one in Santa Clara and another on Microsoft's campus in Redmond. This has been an amazing year of changes for those of us with an interest in interoperability with Microsoft, and these two events are an excellent example of the change in practice. In short, Microsoft organised an industry plug fest for CIFS and AD technologies and then invited the Samba Team to it's home campus for a week of hands on testing with their engineers. This follows up on documentation of over 100 protocols delivered, well over 100 requests for clarification answered, Samba code debugged and fortnightly conference calls held." (Thanks to Rahul Sundaram).
Companies
Amazon's Linux cloud computing out of beta, joined by Windows (cnet)
cnet reports on the latest Elastic Compute Cloud developments from Amazon. "The Elastic Compute Cloud, a service that gives customers on-demand access to Linux servers, is now out of beta testing, said Jeff Barr, evangelist for the collection of online options collectively called Amazon Web Services. "Amazon EC2 is now in full production," Barr said in a blog post Thursday. And as promised, EC2 now offers Windows in a beta test, joining Sun Microsystems' OpenSolaris and Solaris Express Community Edition. Along with those moves, EC2 now comes with a service level agreement, a formal commitment that the service will be available at least 99.95 percent of the time."
Mac Clone Maker Psystar Offers $299 Linux PC (Information Week)
Information Week reports that Psystar is now selling an Ubuntu-loaded PC. "Mac clone manufacturer Psystar, which has been sued by Apple for copyright violation, isn't putting all its eggs in the Mac OS market. The Miami-based system integrator has introduced a Linux-based personal computer that sells for just $299. Psystar's OpenLite system ships with the Ubuntu Linux desktop preinstalled, running on a 1.8-GHz Intel Celeron chip with integrated graphics support. Upgrading to a dual-core Pentium chip costs an additional $40. "With unparalleled affordability, this computer can bring Windows computing into every home and office," Psystar boasts on its Web site, even though the system runs Linux, not Microsoft Windows."
Interviews
Fellowship interview with Rolf Camps (Fellowship of FSFE)
The Free Software Foundation Europe has an interview with Rolf Camps about translating, volunteering, and awareness of Free Software in Belgium. "COR: I see the homepage is in 25 languages, but most of the rest of the pages are in 5 or 10. So how can we get more translators involved? Rolf Camps: The visible banner is good. That's how I got the idea to volunteer. But one problem is that after I translate a page, the banner disappears. We're still looking for Dutch translators, but the more work I do, the less chance we have to find new translators. There's a mention in the left-hand menu, but maybe we can think of more ways to publicise this need."
Resources
Shut down idle computers on your network automatically (IBM developerWorks)
Nathan Harrington discusses. automating remote shutdowns for power savings on IBM developerWorks. "Recent pushes for "green" technology focus mostly on talk, with little action for the typical home- or small-office environment. Many users leave their systems online continuously through laziness or ignorance, resulting in a significant source of power consumption, as well as an additional vector for malware propagation. The tools and code presented here allow you to find those inactive systems and securely start the shutdown process. With a Linux® box monitoring your network connections using Argus and some custom Perl code, any system that supports Perl can be set to be remotely shut down when a centralized set of inactivity rules are met."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
EFF Marks 10th Anniversary of DMCA with Report on Law's Unintended Consequences
The Electronic Frontier Foundation has announced the availability of Unintended Consequences: Ten Years under the DMCA. From the announcement (click below): "Ten years ago Tuesday, the Digital Millennium Copyright Act (DMCA) was signed into law. In a report released to mark the anniversary, the Electronic Frontier Foundation (EFF) documents the ways in which this controversial law has harmed fair use, free speech, scientific research, and legitimate competition."
Commercial announcements
CadSoft releases Eagle 5.3
CadSoft has released version 5.3 of their Eagle printed circuit CAD application. This release adds some new capabilities and bug fixes. See the What's new document for details.CodeWeavers announces CrossOver Linux 7.1 and CrossOver Mac 7.1
CodeWeavers has announced the availability of version 7.1 of CrossOver Linux and CrossOver Mac. "This version is largely a bug fix version; it particularly has a range of fixes for Microsoft Office, notably Outlook 2007."
Gumstix announces the miniature Overo Earth Linux platform
Gumstix, Inc. has announced the availability of its $149 miniature Overo Earth motherboard. "At only 17mm x 58mm x 4.2mm in size, the Overo(TM) Earth motherboard gives open source innovators access to the industry's highest performance, generally available ARM(R)-based platform in the tiniest, lowest cost Linux computer available. Gumstix, Inc. today announced the general availability of its Overo Earth motherboard that is based on the Texas Instruments (TI) OMAP3503 applications processor."
IBM launches System z10 Business Class mainframe
IBM has announced the Linux-based IBM System z10 Business Class server. "This is the technology for any business that wants to ramp up innovation, boost efficiencies and lower costspretty much any enterprise, any size, any location. This is a new mainframe technology for a new kind of data centerresilient, responsive, energy efficientthe new enterprise data center."
Open-Xchange introduces new collaboration server appliance
Open-Xchange has announced a new collaboration server appliance, the Open-Xchange Appliance Edition. "Open-Xchange, the leading provider of open source groupware, today announced a new offering for small- and medium-size businesses (SMBs) seeking easy-to-use, easy-to-deploy e-mail and collaboration software that is a cost-effective alternative to Microsoft Exchange -- with an initial cost of less than $70 per user annually."
rPath helps close the application deployment gap
rPath has announced a new initiative: "rPath today launched its initiative to close the application deployment gap, proposing a lifecycle management approach for enterprise application virtualization that combines deployment speed and control. The rPath initiative is detailed in the just-released white paper, "Closing the Gap Between Apps and Ops: Leveraging Application Virtualization and Cloud Computing to Accelerate Business Value," available for download at http://www.rpath.com/corp/closing-the-gap."
Silicon Graphics launches EventVUE
Silicon Graphics, Inc. has announced the launch of EventVUE. "Silicon Graphics, Inc. today announced the availability of EventVUE(TM), its new real-time visual solution for Complex Event Processing (CEP). EventVUE software blends the company's uniquely scalable Intel(R)- and Linux(R)-based servers, storage, and visualization solutions with its real-time software extensions to Linux and years of professional services expertise in creating immersive Reality Center(R) visual environments."
WIN announces desktop networking platforms
WIN has announced some new desktop networking platforms. Win... "announces the PL-10540 and PL-10550 desktop platforms that feature the Intel EP80579 Integrated Processor with Intel QuickAssist Technology. The EP80579 is the Intel system-on-chip (SoC) purpose-built for the embedded and communications market with highly-integrated security features. The new WIN Enterprises platforms are designed for SOHO/SMB network management and network security applications, such as firewall, VPN, anti-spam, anti-virus, and intrusion detection & prevention."
New Books
Advanced Software Testing, Vol. 1--New from Rocky Nook
Rocky Nook has published the book Advanced Software Testing, Vol. 1 by Rex Black.Algorithms in a Nutshell - New from O'Reilly
O'Reilly has published the book Algorithms in a Nutshell by George T. Heineman, Gary Pollice, and Stanley Selkow.The Best of Instructables--New from O'Reilly
O'Reilly has published the book The Best of Instructables by the Editors of MAKE magazine.MediaWiki - New from O'Reilly
O'Reilly has published the book MediaWiki by Daniel J. Barrett.
Resources
FSFE Newsletter
The October 27, 2008 edition of the FSFE Newsletter is online with the latest Free Software Foundation Europe news. Topics include: "The GNU's 25th Birthday in Berlin, Germany, The smallest unit of freedom: A Fellow - Sean Daly, Reach the people - Software Freedom Day in Berlin, Vienna and Utrecht, Fellowship events throughout Europe, Free Software for World Bank financed projects, Freedom Task Force activites - GPLv3 in The Netherlands, panels in Italy and speeches in Berlin and Winterthur, and European Legal Network special interest group meetings in London and Brussels."
ODBMS.ORG publishes more user reports and the Blaha paper.
ODBMS.ORG has announced the publication of more user reports and the Blaha paper. "ODBMS.ORG, a vendor-independent non-profit group of high-profile software experts lead by Prof. Roberto Zicari, today announced the exclusive publication of a third series of new user reports on using technologies for storing and handling persistent objects and a new paper by ODBMS.ORG panel member Michael Blaha."
Meeting Minutes
Perl 6 Design Minutes (use Perl)
The minutes from the October 22, 2008 Perl 6 Design Meeting have been published. "The Perl 6 design team met by phone on 22 October 2008. Larry, Patrick, Allison, Will, Jerry, Jesse, Nicholas, and chromatic attended."
Calls for Presentations
Camp KDE 2009: Call for Presentations and Sponsorship (KDE.News)
Camp KDE 2009, to be held January 17-23 in Negril, Jamaica, has released it's calls for sponsorship and presentations as described by KDE.news. "We are excited to continue the momentum of KDE interest shown at the 2008 KDE 4.0 Release Event in California." A description of Camp KDE from it's website: "
This event is not designed to compete with Akademy , which usually takes place in Europe, but is designed to complement it by being 6-months opposite on the calendar, and on the other side of the globe. There will be some overlap between those that attend this event and Akademy, but hopefully this event will allow people from the Americas to attend that don't normally get the chance to go to Akademy."
PyCon 2009 - Call for tutorials nearing the end
The PyCon 2009 Call for tutorials closes soon. "The period for submitting tutorial proposals for Pycon 2009 (US) is open and will continue through Friday, October 31th. This year features two "pre-conference" days devoted to tutorials on Wednesday March 25 & Thursday March 26 in Chicago."
Upcoming Events
LAC 2009 announced
The Linux Audio Conference 2009 will take place on April 16-19 2009 in Parma, Italy. "The LAC will go outside Germany for the first time, but we will keep close to the familiar four-day format with paper presentations, workshops, electro-acoustic music concerts, and the Linux Sound Night. The website is being created, and 'calls for everything' will be issued before the end of this week."
OSDC 2008 Earlybird registration closing this Friday
Early Bird registration for OSDC 2008 closes on October 31. "Book by THIS FRIDAY to take advantage of earlybird pricing and be part of the "best" open source developers conference of the year." OSDC 2008 takes place in Sydney, Australia on December 2-5.
Events: November 6, 2008 to January 5, 2009
The following event listing is taken from the LWN.net Calendar.
Date(s) | Event | Location |
---|---|---|
November 3 November 7 |
ApacheCon US 2008 | New Orleans, LA, USA |
November 5 November 7 |
OpenOffice.org Conference 2008 | Beijing, China |
November 6 | NLUUG autumn conference: Mobile Applications | Ede, Netherlands |
November 6 November 7 |
Embedded Linux Conference Europe 2008 | Ede, Netherlands |
November 7 November 8 |
TwinCity Perl Workshop 2008 | Vienna, Austria |
November 7 November 9 |
UKUUG linux conference | Manchester, UK |
November 8 November 9 |
Hackers to Hackers Conference 05' | Sao Paulo, Brazil |
November 8 November 9 |
FOSS.my | Kuala Lumpur, Malaysia |
November 10 November 14 |
Python Bootcamp with Dave Beazley | Atlanta, GA, USA |
November 11 November 14 |
DeepSec IDSC 2008 | Vienna, Austria |
November 12 November 14 |
php|works 2008 | Atlanta, GA, USA |
November 12 November 13 |
PacSec Applied Security Conference | Tokyo, Japan |
November 13 November 14 |
International Hacking and Security Conference | Seoul, Korea |
November 14 November 16 |
OpenSQL Camp 2008 | Charlottesville, VA, USA |
November 16 November 20 |
Middle East IT Security Conference | Dubai, UAE |
November 19 November 20 |
Linux Foundation Japan Symposium | Tokyo, Japan |
November 20 November 21 |
FreedomHEC Taipei 2008 | Taipei, Taiwan |
November 22 | The phpnw08 conference | Manchester, UK |
November 22 | PGDay Rio de la Plata | Buenos Aires, Argentina |
November 22 | Mandriva 2009 Installfest | Everywhere, World |
November 25 November 29 |
FOSS.IN 2008 | Bangalore, India |
November 25 November 30 |
make art 2008 | Poitiers, France |
November 28 | Informazione geografica aperta e libera | Pontedera (PI), Italy |
November 28 November 29 |
WhyFLOSS La Plata - Argentina | La Plata, Argentina |
November 29 | LinuxDay in Vorarlberg (Deutschland, Schweiz, Liechtenstein und Österreich) | Dornbirn, Austria |
December 1 | First Nuxeo Developer Day | Paris, France |
December 1 December 2 |
Open World Forum | Paris, France |
December 2 December 5 |
Open Source Developers' Conference 2008 | Sydney, NSW, Australia |
December 4 December 7 |
PIKSEL08 - code dreams | Bergen, Norway |
December 5 December 6 |
FOSSCamp | Mountain View, CA, USA |
December 5 December 13 |
International Joint Conferences on Computer, Information, and Systems Sciences, and Engineering | Online |
December 7 December 12 |
Computer Measurement Group Conference 2008 | Las Vegas, NV, USA |
December 8 December 12 |
Ubuntu Developer Summit | Mountain View, CA, USA |
December 8 | Forum PHP Paris 2008 | Paris, France |
December 10 December 11 |
First Workshop on I/O Virtualization | San Diego, CA, USA |
December 13 | NLLGG meeting/BSD Community Day | Utrecht, The Netherlands |
December 27 December 30 |
Chaos Communication Congress | Berlin, Germany |
If your event does not appear here, please tell us about it.
Mailing Lists
fedora-wiki list for wiki users and contributors
The Fedora project has announced the fedora-wiki mailing list. "A new moderate-traffic mailing list for users and contributors of the Fedora Project Wiki has been set up. Among the discussions will be policy, announcements, and editing tips. The list has been created to bring together the wider wiki community split apart between different sub-projects of Fedora."
Audio and Video programs
EnterpriseDB announces "Database Radio" podcast series
EnterpriseDB has announced its "Database Radio" podcast series. "Today, EnterpriseDB, the leading enterprise open source database company, announced Database Radio, its new podcast series featuring interviews with industry experts covering a variety of contemporary database topics, including open source database strategies, information scalability and reliability, online transaction processing, and database replication."
Page editor: Forrest Cook