Please submit your News Bytes items in plain text; other formats may be rejected. A one- or two-paragraph summary plus a URL has a much higher chance of being published than an entire press release. Submit items to firstname.lastname@example.org.
News in General
FSFe Introduces Fiduciary License Agreement
The Free Software Foundation Europe is trying to reduce problems inherent in managing copyrights in large projects by launching a Fiduciary License Agreement. This is essentially a way for a free software project to place its collective copyright under the control of a single entity, the FSFe. This has two main benefits. When contributors to a project become difficult to track down, for a variety of reasons, the future of the project gets threatened. If a single organization holds the copyright, it is that much easier to deal with any legal issues, even in the absence of the original authors. The second benefit is that different copyright regimes across the world can be reconciled. With Open Source software development being extremely geographically distributed, and getting more so, this is an very important.
Sun Looks to GPL v3 for Java, Solaris
As reported earlier, Sun Microsystems is considering switching OpenSolaris to GPL v3. Java might also be licensed under GPL v3. Sun wants to switch to the GPL so that it can appeal to developers who favor this license. Also, GPL v3 is expected to have strong protection from patenting issues. Sun is working closely with the Free Software Foundation on this.
For Solaris, Sun will probably stick with a dual-licensing model, using both the CDDL and GPL v3. This is possible since Sun owns all the copyright to Solaris. ZDNet UK has more details on this issue.
Solaris Zero-Day Vulnerability Found
The Solaris community was rocked by the news of a zero-day vulnerability in Solaris 10. The telnet daemon has a security hole that allows root access to be gained in a trivial manner. This was rather embarrassing for Sun, since Solaris is supposed to be one of the most secure server operating systems. More information on this is available from Sun, US-CERT, and CVE.
OpenSSL Revalidated After Arduous Battle
OpenSSL has finally regained its FIPS 140-2 validation, and is available for download. The Federal Information Processing Standard (FIPS) coordinates the requirements and standards for cryptographic modules, for use by federal departments and agencies in the United States. Usually, this process takes a few months, but in this case it took five years. This was due to the entirely new approach that was followed to test OpenSSL.
Certain commercial software vendors also questioned the viability of an Open Source SSL toolkit. The complaints included some interesting questions, including one about the source code being "Communist", since a Russian developer worked on it. There were valid questions as well, and the OpenSSL developers state that their product is more secure now, after going through such an extensive review process.
Linux.com has a detailed report available.
Linus Torvalds takes on GNOME
Linus Torvalds does not like the GNOME graphical environment, and he recently said so in no uncertain terms. This led to an ugly flame war on various mailing lists. GNOME developer Christian F.K. Schaller invited Linus to use GNOME for a month, and make constructive suggestions, instead of "mudslinging".
Linus responded by submitting a string of patches that would "improve the code", and add new features. These were subsequently added to Bugzilla, and are currently undergoing peer review. Linux.com has more, including the entire text of the emails.
Russian Schools To Switch to Linux After Microsoft Piracy Case
After Russian authorities tossed a headmaster who bought pirated Windows software in jail, schools in the Perm region have decided that it might be safer to learn to use Linux. Nikolay Karpushin, the region's Education Minister, has stated that schools will soon stop buying commercial software, in order to ensure license purity.
Schools will use a localized version of Linux, as well as OpenOffice.org. Some teachers have reservations, though, since they will be the ones bearing the brunt of the change.
Mosnews.com has more.
Stallman Convinces Cuba to Switch to Open Source
The Communist government of Cuba is trying to move away from proprietary software. Cuba sees this move as one way of ensuring ideological purity, besides cost and technical issues. Richard Stallman, speaking at a technology conference in Cuba, laid out the benefits of free software. He specified the security benefits, and also spoke about how copyrights violate basic morality.
Cuba's Cabinet has urged a shift from proprietary software. Cuban students are developing a customized version of Linux called Nova, based on Gentoo distribution. The ministry of higher education is developing a distribution as well.
iWon news has more.
50,000 Brazilian Desktops Blessed With Linux
The Brazilian government's "Computers for All" project is well underway, with 50,000 desktops loaded with a Linux OS already having been delivered to the Brazilian people. Three companies, BitWay Computadores, EnabledPeople, and IMTECH are deploying about 10,000 desktops per month.The Computers for All project is part of the Brazilian federal government's "Program of Digital Inclusion," initiated in 2003.
DesktopLinux.com has more details on the project.
Ballmer Confirms Novell Deal Is About Patents
ZDNet's Mary Jo Foley posted a blog entry where she makes it clear that to Steve Ballmer, the Novell-Microsoft deal is all about MS enforcing intellectual property pressure (IP) on Novell. According to Ballmer, Open Source is not free, and will have to respect IP rights, just as other competitors do.
Foley also links to an interview with Jeremy Allison where he states that Microsoft is threatening people in the open source world with patent violation suits. All in all, an interesting read, available here.
Novell, Microsoft Staff up Interoperability Lab
In a nice counterpoint, Microsoft and Novell announced the opening of a Joint Interoperability Lab. In a post on Port 25, Microsoft's Open Source website, Sam Ramji, Director of Platform Technology Strategy, stated that MS and Novell are looking for a "few good people".
The lab will apparently be around for the long term, and shall focus on interoperable virtualization between Windows and SLES. Both MS and Novell want to qualify their respective virtual machine solutions on Windows and SLES. Conspiracy theorists will be pleased to know that the lab will be located in an "intermediate location".
LinuxWatch has more.
Is Reuters Spreading FUD About Novell?
Reuter's, the venerable news service, recently published a story that led with the headline, "Novell could be banned from selling Linux". Many in the Open Source community were angered by what they saw as an attempt to spread FUD about Novell.
The article stated that the Free Software Foundation is "reviewing Novell Inc.'s right to sell new versions of Linux operating system software." It quoted Eben Moglen, the FSF's general counsel, as saying that "...the community wants to do anything it can to interfere with this deal". Unfortunately, Eben was apparently misquoted. Also, Linux.com, ITWire.au, and LinuxWatch published detailed rebuttals of the story. Most people are now calling this a case of sloppy reporting.
Red Hat Endorses KVM Virtualization
After being merged into the Linux kernel, KVM Virtualization is gaining traction. Red Hat announced that the next version of Fedora will include KVM. Red Hat Enterprise Linux 5 will still use Xen, however, since RH feels that KVM lags Xen by at least a year's worth of development.
Still, the news is bound to spur KVM's development, especially since the Chief Technical Officer of Red Hat praised KVM in no uncertain terms. Cnet News has the whole story.
Conferences and Events
- AJAXWorld 2007 (East)
- March 19 - 21, 2007, New York City (http://www.ajaxworldexpo.com)
- Software Development West
- March 19-23, 2007, Santa Clara, Ca (www.sdexpo.com)
- Web 2.0 Expo
- April 15-18, 2007, San Francisco, CA (http://www.web2expo.com)
- The RoboBusiness Conference
- May 15-16, 2007, Hynes Convention Center, Boston, MA (http://www.roboevent.com.)
- SEMANTIC Technology Conference
- May 20-24, 2007, Fairmont Hotel, San Jose, California
- CardTech-SecurTech Conference
- May 15-17, at the Moscone Center, San Francisco, CA
- Gartner IT Security Summit
- June 4-6, 2007, Washington, DC (www.gartner.com/us/itsecurity )
Debian Gets Win32 Installer
"Debian-Installer Loader", a win32 loader for Debian Installer was released in February. This makes it simple to install Debian from a system that has Microsoft Windows installed. According to the developers, "D-I-L runs on the users' win32 system, auto-detects whether the CPU supports 64-bits, picks the appropriate linux and initrd.gz images for netboot, and uses GRUB for DOS to chainload into it."
Inspired by a similar project for Ubuntu, it is hoped that this will make it easier to migrate to Debian from Windows. It will also make it easy to install Debian on systems that lack a CD-ROM drive, and it cuts out the need for a user to burn an ISO image. The website http://goodbye-microsoft.com/ has more information.
OpenSUSE 10.2 Live DVD Released
The Live DVD for OpenSUSE rounds off the OpenSUSE product line. The ISO image weighs in at 1.7 GB, and contains a base desktop system (KDE and Gnome) with applications for office, multimedia and internet usage. A minimum of 512 MB of RAM is required to run the Live DVD, and it only works on the x86 architecture.
More information here.
Linspire, Canonical, Freespire, Ubuntu Join Forces
Canonical Ltd., the sponsor of Ubuntu, and Linspire Inc., the developer of Linspire and Freespire, announced a technology partnership to integrate with each other's Linux distributions. Linspire/Freespire will now be based on Ubuntu, rather than Debian, and Ubuntu will integrate with Linspire's CNR package installer/updater. This is good news for users, since the Click 'N Run system is acknowledged to be simple, and effective.
The next version of Ubuntu, Feisty Fawn, will feature integration with CNR. Ubuntu users will be able to use the CNR client to easily download and install commercial programs and proprietary media drivers and codecs. If it lives up to the hype, it should be a refreshing alternative to either manually hunting down the various programs, or using scripts like Automatix2 and EasyUbuntu.
DesktopLinux.com has more.
Ubuntu Refuses to Activate Binary Drivers, and Reduces Support for PowerPC
The Ubuntu Technical Board has decided to forego activating binary only drivers by default in the next version of Ubuntu. The Board feels that there is a need for wider testing of the alternatives available, and that some of the relevant software is not fully mature yet.
However, Ubuntu 7.04 will make it "trivially easy" to enable both enhanced desktop effects and the necessary driver support. This is a best-of-both-worlds approach, which will be appreciated by many users.
In related news, the Technical Board also decided to reclassify the PowerPC version of Ubuntu as "unofficial". A lack of resources was cited as the reason.
The complete text is available here.
Software and Product News
Xfce Linux desktop arrives at v4.4.0
After two years of development, version 4.4.0 of the Xfce desktop environment was released. Xfce 4.4 includes new tools, such as the Thunar file manager, as well as several significant improvements to its core components, according to the release announcement.
Xfce is a lightweight desktop environment for Linux and other UNIX systems. Xfce is modular, consisting of various components packaged separately, so that users can configure their desired desktop environment. More here.
Red Hat updates its Red Hat Certificate System
Red Hat announced the worldwide availability of Red Hat Certificate System 7.2 at the RSA conference in San Francisco. Besides the usual features of such a system, this release includes enhancements that simplify deployment, management, and integration of certificates as a core part of the security architecture in the enterprise.
Net-security.org has a detailed report.
Linux Kernel 2.6.20 Released
This release includes two different virtualization implementations: KVM: full-virtualization capabilities using Intel/AMD virtualization extensions and a paravirtualization implementation usable by different hypervisors. Additionally, 2.6.20 includes PS3 support, a fault injection debugging feature, UDP-lite support, better per-process IO accounting, relative atime, relocatable x86 kernel, some x86 microoptimizations, lockless radix-tree readside, shared pagetables for hugetbl, and many other things.
Besides these technical niceties, the release announcement is rather hilarious, coming as it did on "Super Kernel Sunday". Well worth a read, even if you don't really care about kernels.
Linux on Mobiles gets the big guns behind it.
Six big names in mobile telephone are hoping to challenge the Windows Mobiles and Symbians of the world. The backers of the LiMo Foundation include handset makers Motorola, NEC, Panasonic and Samsung, plus two big operators - NTT DoCoMo and Vodafone. The Foundation will be looking for more people to join, with membership fees starting at a reasonable $40,000 a year.
According to The Register, the Foundation's stated aims include delivering a mobile software platform reference implementation comprising an API specification, reference code modules, and a test suite to test and demonstrate product conformance."For us, the idea is that a common set of APIs will reduce the time to create applications," said Vodafone spokesman Mark Street. He added though that Vodafone is backing Windows Mobile and Nokia S60 too.
The full story from El Reg is here.
Big Blue helps businesses run Linux
IBM has released its new Open Client Solution for business, a package of office software applications that supports several operating systems, including Linux and Windows. The Linux business desktop runs on both Red Hat's Enterprise Linux Workstation and Novell's SLED (SUSE Linux Enterprise Desktop).
The Open Client package includes IBM Productivity Tools, which is a server-based office software suite. The usual collection of word processing, spreadsheet, and presentation capabilities, all using the Open Document Format, is present. In addition, Open Client includes the Firefox Web browser, the Lotus Notes client software, the Lotus Sametime IM client, and IBM WebSphere Portal v6, as well as Lotus Expeditor, an Eclipse-based client development platform for composite applications.
DesktopLinux.com has a detailed report on this.
KACE Launches KBOX 1000 Series Upgrade
On February 20th KACE released an upgraded version of their KBOX 1000 Series
Systems Management Appliances, which allows IT departments to track and manage
network equipment (computers, cellphones, PDAs, etc.). In their press release
KACE quoted their two largest changes as the new KBOX Asset Management Module
and support for Red Hat Enterprise Linux 5.0. The Asset Management Module will
allow IT departments to track licenses and assess compliance with vendor
licensing policies, asset tracking and records of equipment configurations, and
an alert engine that will notify users based on hooks set for license and asset
changes. To quote from their press release, "As one of the easiest-to-use,
comprehensive, and affordable IT automation solutions, the KBOX system allows
companies to increase IT efficiency, enable compliance, and significantly
improve security without interruption."
Full press release: http://www.kace.com/about/releases/02_20_07.php
Company web page: www.KACE.com
VisualComplexity Compares Windows and Linux Web Servers
VisualComplexity hosts graphical
representations of complex networks, reaching to a range of disciplines
including biology, social networks, and computer science.
On April 14th, 2006, VisualComplexity posted maps of system calls that occur from loading a simple web page with one image on a Linux server running Apache and a Windows Server running IIS. The original article, posted on ZDNet and written by Richard Stiennon, explained that, "A system call is an opportunity to address memory. A hacker investigates each memory access to see if it is vulnerable to a buffer overflow attack. The developer must do QA on each of these entry points. The more system calls, the greater potential for vulnerability, the more effort needed to create secure applications." The maps were originaly generated by Sana Security.
The maps can be found at http://www.visualcomplexity.com/vc/project.cfm?id=392
Original ZDNet article: http://blogs.zdnet.com/threatchaos/?p=311
OpenChange Releases MAPI Library
On February 8th, 2007, OpenChange, an
open source, transparent alternative to Microsoft Exchange Server 2000/2003
released under the GPL, released their experimental, but functional MAPI
Library under Linux for MAILOOK. Aimed to allow the easy development of MAPI
messaging applications under Linux, the library currently allows the fetching
of user inboxes from an Exchange 2000 server, sending mail and attachments,
deleting mails from a user inbox, and resolving partial usernames from the
Windows Address Book. The development team is planning to have a stable MAILOOK
release ready for SambaXP 2007 with a
fully documented API and code examples.
Full press release: http://www.openchange.org/index.php?option=com_content&task=view&id=59&Itemid=48
Aditya was bored one day in 1997 and decided to take a look at this "linux thing". After installing Red Hat 5, and looking at the blinking cursor, he promptly removed it and went back to Windows. And then reinstalled a few days later, determined to figure it out. So far, he's figured some stuff out, but he's still trying, and he's still having fun.
Samuel Kotel Bisbee-vonKaufmann
Sam was born ('87) and raised in the Boston, MA area. His interest in all things electronic was established early by his electrician father and database designer mother. Teaching himself HTML and basic web design at the age of 10, Sam has spiraled deeper into the confusion that is computer science and the FOSS community. His first Linux install was Red Hat, which he installed on a Pentium 233GHz i686 when he was about 13. He found his way into the computer club in high school at Northfield Mount Hermon, a New England boarding school, which was lovingly named GEECS for Electronics, Engineering, Computers, and Science. This venue allowed him to share in and teach the Linux experience to fellow students and teachers alike. Late in high school Sam was abducted into the Open and Free Technology Community, had his first article published, and became more involved in the FOSS community as a whole. After a year at Boston University he decided the experience was not for him, striking out on his own as a software developer and contractor.