...making Linux just a little more fun!

NewsBytes

By Howard Dyckoff

News in General

First Linux Collaboration Summit Held at Google

Linux superstars, corporate heavyweights, and major customers all converged on the Mountain View Googleplex for the first of many Collaboration Summits. Hosted by the new Linux Foundation, the 3-day event focused on developer issues and, as Linux Foundation CEO Jim Zemlin stated, the sausage-making aspects of the open source ecosystem.

Although it started just after the announcement of Linspire partnering with Microsoft on multimedia support and patent IP (see below), conference organizers steered away from discussing the new Microsoft partnerships and potentially polarizing headlines. Instead, the focus was on working together on common goals. "They're projecting fear, uncertainty, and doubt. Let's come up with the things to move this platform ahead," Zemlin told attendees on the first day, which was open to journalists. After a public day with keynotes and press statements, the Collaboration Summit continued behind closed doors, and with blog silence.

The Linux Foundation hosted the Summit to bring together the diverse elements of the Linux community, and encourage face-to-face dialog. Among the aims behind the creation of the Linux Foundation was to foster innovation and act as a catalyst in the development of the open source software ecosystem. To some extent, the rapid acceptance of Linux and the diversity of projects has greatly enlarged what used to be a tight group of people, and better means of coordination and problem solving needs to be encouraged

Here's a link to the completed Summit schedule:
https://www.linux-foundation.org/en/Agenda_and_Schedule

The conference wiki is still bare, but here are a few of the Summit highlights:

Here is a small PDF showing Google's wish list of development enhancements:
https://www.linux-foundation.org/images/f/fd/Dam4-google-santa-monica.pdf

http://www.informationweek.com/shared/printableArticle.jhtml?articleID=199904052
http://www.linux-watch.com/news/NS1996530724.html

Canonical Provides Details for Ubuntu for Mobile Internet Devices

Canonical Ltd., the commercial sponsor of Ubuntu, announced more details on Ubuntu Mobile and Embedded Edition, at Computex 2007 in Taipei. Following discussions at the Ubuntu Developer Summit in Seville, Spain, and a great response from its developer community generally, the target specifications and technical milestones for the project have been agreed. (With recent patches that support real-time processing in the kernel, some 50-60% of new mobile phones will be based on embedded Linux.)

Ubuntu Mobile and Embedded Edition will provide a rich Internet experience for users of Intel's 2008 Mobile Internet Device (MID) platform. To achieve this, Ubuntu Mobile and Embedded will run video, support sound, and offer fast and rich browsing experiences to the MID target user. Optimized for MIDs based on Intel's low power processors and chipsets, Ubuntu Mobile and Embedded edition is expected to deliver fast boot and resume times, and reside in a small memory and disk footprint.

"We are delighted with the progress of the Ubuntu Mobile and Embedded Edition", commented Jane Silber, Director of Operations at Canonical. "We have had a great response to our first announcement, with many developers showing interest in the project. With a clear roadmap, an active developer community, and a date for release, we look forward to bringing Ubuntu to Mobile Internet Devices."

The first full release of the software will be available in October 2007. Working collaboratively with Intel, Canonical is working to deliver software on actual devices in 2008.

(While this is, independently, good for Ubuntu and many mobile developers, large companies and ISPs continue to be concerned about the large number of Linux mobility platforms and lack of overarching standards. This is being noted increasingly at analyst events, and by companies such as Gartner and the 451 Group.)

Massive Multi-Web Site Attack Sweeps Europe, Enters US

Over 10,000 Web sites have been compromised by the "Mpack" hacker kit, and upwards of 100,000 user systems have had malware installed. The majority of compromised Web sites are in Italy, but the US has the third highest number of infected Web sites.

The multiexploit "Mpack" is a Russian collection of PHP script exploits that also collects statistics on the individual exploits. The hacked sites usually have additional IFRAME code embedded within the HTML source code, referencing the exploit server. Users are redirected to Web pages that download keyloggers, and other malware and exploits are selected based on the user's OS and browser.

Details on Mpack and its management console are reported at the Websense and Symantec Web sites:
http://www.websense.com/securitylabs/alerts/alert.php?AlertID=782
http://www.symantec.com/enterprise/security_response/weblog/2007/05/mpack_packed_full_of_badness.html
http://www.symantec.com/enterprise/security_response/weblog/upload/2007/06/Italy%20pic2.html

In the same timeframe, US Senator Mark Pryor (D-Arkansas) recently introduced legislation making it a crime to install spyware on systems without users' consent. Called The Counter Spy Act of 2007, it gives enforcement power to the Federal Trade Commission (FTC). Violators could face both fines and prison.
http://pryor.senate.gov/newsroom/details.cfm?id=276980

JavaOne: OpenJDK.org Formed for Future Java Implementations

Fulfilling its promise to the world last year, Sun is releasing a fully buildable implementation of the JDK to the new OpenJDK community. In front of a cheering developer audience at May's JavaOne, Sun's CEO Jonathon Schwartz announced the OpenJDK project, which will be tasked with implementing future releases of Java.

The project was seeded with Sun's May 6th JDK source bundle, which includes 25,169 source files. Almost all of the JDK - 6.5 million lines of code - is now available under the GPL, making it one of the largest contributions to the free software community in history. Of these, 4% or 894 cannot be shipped in source form: there are no rights for Sun to release the files, currently. An additional 1,885 files (8%) are not under GPLv2: These are mostly Apache-derived code, according to Sun.

Most of this exception code includes font and graphics rasterizers, sound engine code, and some crypto algorithms. There is also a little SNMP code, and some code for the Imaging APIs. (Richard Stallman of the Free Software Foundation has subsequently written that FOSSw developers should focus on this small subset of the JDK, and set Java completely free.) The encumbered code for the current JDK resides in the ALT_CLOSED_JDK, mostly in binaries. These are fully redistributable.

To help develop the community around OpenJDK, Sun launched a developer Web site: http://openjdk.java.net/

The site allows developers to download a full source-code bundle, or use Subversion to check out the code from the repository. Developers can contribute a patch to fix a bug, enhance an existing component, or define a new feature. Beside on-going blogs, the site also has links to live conversation via IRC on irc.oftc.net (#openjdk).

On the OpenJDK Web site, the founding engineers write: "With the community's help, we hope that encumbered code can be re-implemented over the next 6 to 12 months, balancing this critical engineering task with other priorities, and depending on the level of community participation in speeding this effort."

See FAQ at http://www.sun.com/software/opensource/java/faq.jsp.

Also: Sun announced a one-year roadmap for the OpenJDK initiative, including clearing the remaining encumbrances, open-sourcing an implementation of Java SE 6 and associated deployment code, implementation of the compatibility testing and branding program, and establishment of the governance and contribution model for the community. At JavaOne, Sun announced the formation of the OpenJDK Interim Governance Board, with the charter to write and gain ratification for a constitution for the OpenJDK Community, based on transparency and an open, meritocratic process. Initially, this is viewed as separate from the Java Community Process (JCP), where specifications are thrashed out, mostly with vendor input.

As part of the NetBeans 6 preview release, Sun has created pre-built Netbeans projects to make it easy and intuitive to dive into the OpenJDK code base.

MS rattles its patent sabers

[with major contributions from LG copy editor Rick Moen]

Microsoft ignited a firestorm of controversy in the open source community, when its lawyers used the medium of a Fortune magazine article to specify an exact number of (alleged) MS patent infringements in Linux and other FOSSw. The count was 235, including 42 violations for the kernel.

"Microsoft General Counsel Brad Smith and licensing chief Horacio Gutierrez sat down with Fortune recently to map out their strategy for getting FOSSw users to pay royalties."

It may be that Microsoft is creating FUD to slow the increasing speed of adoption of FOSSw at major corporations and many governments worldwide -- all current and former MS clients. It may be that MS sees the recent Supreme Court decision on software patents as weakening the value of its own patent portfolio, and thus needs to act quickly to maximize its advantage. Either way, the patent showdown will probably get worse, over the next few months. Microsoft expects royalties or cross-licensing deals, and maybe renewed customer loyalty. That seems to be the bottom line.

Microsoft has been asserting its patents recently, and has received royalty payments from Novell and other companies like Samsung. To prevent this trend, on March 28, the Free Software Foundation made public a revised GPLv3 draft. That may have set the stage for a confrontation with Microsoft, and perhaps between Microsoft and companies championing open source, like IBM and Sun.

For an alternative take, several Groklaw commentators have pointed out that:

  1. Microsoft may have torpedoed their own case in advance by shipping a vast number of the usual GPLed and other open source codebases as part of Microsoft Services for Unix (nee Interix), creating a defence of equitable estoppel.

  2. They will also face the defence of "laches" (impermissible delay), which becomes a bigger bar to litigation with each day that passes since both the Fortune magazine piece and their shipment of Interix.

  3. If Microsoft ever sues anyone for patent infringement concerning a GPLed codebase, then both Microsoft (i.e., Interix) and patent-licensee Novell will immediately lose the right to distribute that codebase, per GPLv2 clause 7.

Complicating the already volatile situation, Dell became the first major systems provider to join the business collaboration that was formed by Microsoft and Novell for intellectual property (IP) assurance. As part of the agreement, Dell will purchase SUSE Linux Enterprise Server certificates from Microsoft, and establish a services and marketing program to migrate existing Linux users who are not Dell Linux customers to SUSE Linux Enterprise Server. Under this extended agreement, Dell will establish a customer marketing team for migrating Linux users who are not Dell Linux customers to SUSE Linux Enterprise Server.

"We're focused on delivering solutions that help simplify customers IT operations," said Rick Becker, vice-president of solutions at Dell Product Group. "Our customers have told us they want interoperability, and expect technology vendors to work better together. Dell is the first major systems provider to align with Microsoft and Novell in this collaboration, and we intend to lead in this space. This move is a huge success for the industry and, more specifically, for customers who haven't purchased Linux through Dell and who want to migrate to SUSE Linux Enterprise Server for the IP assurance and interoperability benefits."

From our editor Rick Moen, commenting via the Linux Users of Victoria mailing list:

"The Fortune piece that set off the patent debate contains embarrassing factual gaffes such as this one:

Lawyers for the Free Software Foundation have been able to force developers who incorporated free software into proprietary products to open up their source code, for instance."

"This is a notorious bit of misinformation often promoted by various opponents of copyleft licensing: In fact, copyright law provides no mechanism whatsoever to compel such a disclosure, and no such event has ever occurred (nor could it)."

Rick separately adds:

"You are advised to not hold your breath waiting for Microsoft Corp. to state patent numbers and clarify what specific open source / free-software codebases it believes are encumbered by its patents. For one thing, that would -- as you suggest -- enable anyone and everyone to assess those claims' merits. Also, it would assist open-source coders in, where necessary, rewriting their code with (probably) breathtaking speed to use other, equivalent techniques. The Redmondians know -- from watching the dismal fate of the few SCO infringement claims that SCO bothered to detail usefully -- that they cannot compete in a fair match of programming or analytical skill, so they instead make only vague claims that their better-staffed and more-energetic competition cannot address."

From Matt Asay, GM of Alfresco, who will be presenting at the Open Source Business Conference in late May: "If we could have referenced the MS 'patent threat' earlier [for our conference], it would have doubled our attendance, I'm sure."

"Microsoft Takes on the Free World"
http://money.cnn.com/magazines/fortune/fortune_archive/2007/05/28/100033867/

Also see: "Three Scenarios for How Microsoft's Open Source Threat Could End"
http://www.informationweek.com/news/showArticle.jhtml?articleID=199602086

Events

Ubuntu Live
July 22-24, 2007, Portland, Oregon

Security '07 / HotSec '07
August 6-10, Boston, MA

MetriCon 2.0, Workshop on Security Metrics
August 7, Boston, MA

Linux Kernel '07 Developers Summit
September 4-6, Cambridge, U.K.

RailsConf Europe 2007
September 17-19, Berlin, Germany

Storage Networking World
October 15-18, Dallas, Texas

Distros

OpenSUSE 10.3 Alpha four now out

The openSUSE community announced the fourth public alpha release of openSUSE 10.3. Highlights include the YaST meta packages handler; InstLux allows users to start the Linux installation from Windows; TeX Live replaces teTeX; first parts of KDE4svn entered Factory; OpenOffice.org 2.2; GNOME 2.18.1; improvements to the init script starter ('startpar') to reduce boot time; first changes to support Sony PS3; Linux 2.6.21 with an updated AppArmor patchset; initial support for installation in Afrikaans, Gurajati, Hindi, Marathi, Tamil, Xhosa, and Zulu."

Quick link to the DVD torrent files:
openSUSE-10.3-Alpha4-DVD-i386.iso

Kernel 2.6.22 release candidate 5 available

Mid-June also saw the release of kernel 2.6.22-rc5. Said Linus: "On a more serious note, I have to admit that I'm a bit unhappy with the pure volume of changes this late in the game. I was really wanting to stop some of the merges, but, while not all of it really fixed regressions, there really are a lot of bugfixes in there."

Fedora Core 7 is out

Among the updates in Fedora 7 are user installation tools that allow for several different "spins", which are variations of Fedora built from a specific set of software packages. Each spin can be a combination of software to meet requirements of specific end users. In addition to a very small boot.iso image for network installation, users have the following spin choices:

This release provides for enhanced wireless networking. The NetworkManager presents a graphical interface that allows user to quickly switch between wireless and wired networks for increased mobility. NetworkManager is installed by default in both GNOME and KDE Live CDs.

Additionally, Fedora Core 7 uses Python 2.5, and all of the Python software available in the repository uses it.
http://docs.python.org/whatsnew/whatsnew25.html

Fedora 7 includes Liberation fonts, which are metric equivalents for several well-known proprietary fonts found throughout the Internet, and give better results when viewing and printing shared documents.

SUSE Linux Enterprise 10 SP1 now available

SUSE 10 SP1 is out now, and provides enhancements in the areas from the desktop to the data center, including:

On the desktop, SP1 delivers updates to the desktop effects engine, a re-designed main menu, and the ability to play embedded video in OpenOffice.org presentation files. It also provides improved integration with enterprise technologies such as Microsoft Active Directory and Microsoft Office, including the new OpenXML/ODF translator to convert Microsoft Word 2007 documents to OpenOffice.org. (That Novell-Microsoft patent deal, again!)

And... SUSE Linux 9.3 is now officially discontinued, and out of support.

See: http://www.novell.com/linux/sp1highlights.html

Skype for Linux 1.4 Beta

Skype Version 1.4.0.74 for Linux was released June 14. "The big news of this release is the support of glibc 2.3 systems. What this means is that Skype 1.4 will now run on some older systems without upgrading the base system."

Skype for Linux previously required glibc 2.3.3 or greater and Qt 3.2 or greater. If you do not have Qt 3.2 or greater, you are still able to use Skype for Linux by downloading its static version that has Qt 3.2 compiled in.

Besides substantial bugfixes, this update includes Skype's own audio codec and an improved conference call mixer.
http://www.skype.com/download/skype/linux/

Bugzilla 3.0

As a present to its community, instead of releasing Bugzilla 2.24, the Bugzilla Project has released Bugzilla 3.0. Earlier development snapshots named 2.23.x have become the new Bugzilla 3.0. This is the first major upgrade to the popular tool in almost a decade. Among the Bugzilla changes are mod_perl support and a Web Services interface using the XML-RPC protocol.

Download the new Bugzilla here: http://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-3.0.tar.gz

Products

JavaOne and NASA's World Wind

At the JavaOne conference in San Francisco, Robert Brewin, Sun's CTO of software, and NASA's Patrick Hogan showed off a new open-source geospatial browser plugin that implements Java GL and incorporates NASA's visualization technology. The new software also allows developers to create mashups and detailed geo-spatial simulations.

One demonstration was the DiSTI F-16 Flight Simulator, a Web plugin based on Java GL Studio. It allowed a user to 'fly' an F-16 with external and cockpit views, as it maneuvers over the Earth's terrain. A collaboration between Sun Microsystems, NASA Ames, and DiSTI, the simulator links Sun's Java Open GL platform, NASA's World Wind, which provides actual satellite imagery and radar topography from Shuttle missions, with GL Studio for Java - to enable Java developers to create 3D, real time visualizations of the Earth, using cost-effective, high fidelity imagery.

DiSTI's GL Studio package lets an instructional designer integrate photo-realistic objects into simulations that react just like the real parts. Such parts affect the performance of the systems, and accurately reproduce real behaviors (i.e., unscrew an important connector from a simulated jet engine, and it will stop running.)

The NASA World Wind Java SDK is platform independent, and current demos run under Fedora Core 6, Ubuntu, Microsoft Windows, and Mac OS X.

There were some problems with the World Wind download from NASA, but these seem to have been fixed by mid-May. Check out the FAQ on WorldWind Central: http://www.worldwindcentral.com/wiki/WWJava_FAQ

Primary Download Site : http://www.simulation.com/products/glstudio/content/JDJ/index.html

Red Hat Adds Business Solutions to Open Source RHX

In May, at Red Hat Summit 2007 in SAN DIEGO, Red Hat announced the availability of Red Hat Exchange (RHX). RHX extends Red Hat's Open Source Architecture to include integrated business application solutions from fourteen open source partners built on Red Hat Enterprise Linux and JBoss platform software.

All solutions are purchased, delivered, and supported via a single, standardized Red Hat subscription agreement with consolidated billing covering the complete application stack. At the RHX Web site, customers have access to application profiles, user ratings and reviews, free trials, and online purchase options for all applications. Red Hat will provide customers with a single point of contact for all support issues throughout the application stack. In addition, RHX may be purchased through select Red Hat Value-Added Reseller Channel partners.

RHX launch partners include Alfresco, CentricCRM, Compiere, EnterpriseDB, Groundwork, Jaspersoft, Jive, MySQL, Pentaho, Scalix, SugarCRM, Zenoss, Zimbra, and Zmanda.

"When customers can minimize the number of number of vendors they are dealing with and the associated number of support contracts, they can reduce the complexity and often the cost associated with managing workloads," said Al Gillen, Research Vice President, System Software at IDC.

For more information about RHX, visit http://www.redhat.com/rhx and http://rhx.redhat.com.

Red Hat Virtual Appliance OS to Manage Intel vPro-based Desktops

At its Red Hat Summit, Red Hat announced a joint program with Intel to bring hardware-assisted virtualization to desktop PCs with Intel vPro technology. Using Intel vPro PCs, IT departments will be able to deploy appliances in a virtual machine that bring enterprise-class management and security to the PC.

"The legacy desktop falls short in its ability to provide a secure, reliable and manageable environment," said Brian Stevens, CTO at Red Hat. "Intel vPro technology combined with a Red Hat Virtual Appliance OS will allow customers to create a rock-solid foundation that can then provision, manage and secure the PC. This technology will reduce operational costs and increase operational flexibility."

The Appliance OS from Red Hat will support pluggable Virtual Appliances to deliver functions such as network security, provisioning, monitoring and asset management, regardless of the state of the desktop OS. In collaboration with Intel, Red Hat plans to develop, productize, and support software components, including the hypervisor, the Service OS, and the Software Development Kit (SDK).

Active development on the project is underway today, with beta software expected later this year and general release planned for 2008.

Linspire, Freespire Add Desktop Virtualization

Linspire, Inc., developer of the Linspire commercial and Freespire community desktop Linux operating systems, and Parallels, Inc., maker of desktop virtualization solutions for Windows, Linux, and Mac OS X, have announced the Parallels Workstation 2.2 desktop virtualization solution for Linspire and Freespire users via CNR, a one-click delivery service for desktop Linux software. The companies also announced a technology partnership where Linspire will make a Freespire Virtual Appliance available using Parallels.

"Virtualization continues to impact the industry," said Randy Linnell, Vice-President of Business Development of Linspire. "We're excited about expanding our relationship with one of the leaders."

Parallels Workstation for Linux is a virtualization solution allowing Linux users to simultaneously run any version of Windows, including Windows Vista, any Linux distribution, Solaris, FreeBSD, NetBSD, OpenBSD, OS/2, eComStation, or DOS, in a stable, secure virtual machine on any Linux-powered PC. No re-booting or partitioning is required, and users never need to shut down or leave their home desktop to access a virtual machine.

Parallels Workstation is available immediately to Linspire and Freespire users for $49.99. Linspire and Freespire users can download and buy Parallels Workstation via CNR at http://www.linspire.com/parallels

FiveRuns Introduces Industry-First Enterprise Management Suite for Rails

FiveRuns, a vendor of enterprise-class management for Rails and other popular open source and commercial systems, has released RM-Manage, the first product from the FiveRuns Enterprise Management Suite for Rails.

The Management Suite for Rails will manage the full Rails application lifecycle, from automating the setup and maintenance of an integrated Rails development environment to ensuring Rails applications perform well in production. Following the release of the RM-Manage, RM-Install will ship in June. FiveRuns will complete the Management Suite for Rails with three additional products to help in the pre-production performance testing, deployment, and end-to-end visibility of Rails applications.

RM-Install, a free, multi-platform, enterprise-ready Rails stack, supports developing and deploying Rails applications without manually installing, configuring, or maintaining various integrated software components. RM-Install includes: a single integrated and tested Rails stack with pre-compiled binaries for Ruby, Rails, MySQL, Apache, Lighttpd and other important libraries, a stack management update component, and a demo application showing Rails and AJAX functions.


Magical Realism

Lt. Cmdr. Data Added to CMU's Robot Hall of Fame

Data, the inquisitive and evolving robot of Star Trek NG, was among the four 2007 inductees announced for Carnegie Mellon University's Robot Hall of Fame.

The four inductees - the one-legged Raibert Hopper, the NavLab 5 self-steering vehicle, the LEGO(R) Mindstorms kit, and Data - were announced in May at the fourth annual RoboBusiness Conference in Boston. Some robots from the first three induction classes include the Mars Pathfinder Rover; Honda's ASIMO robot; the HAL 9000 computer from "2001: A Space Odyssey"; the "Star Wars" duo of R2-D2 and C-3PO; and Gort, the metallic giant from "The Day the Earth Stood Still." (Klaatu Barata Nikto -- http://en.wikipedia.org/wiki/Klaatu_barada_nikto)

The one-legged Hopper was ideal for studying dynamic balance because it could not stand still, but had to keep moving to stay upright. The lessons learned with the Hopper proved central for biped, quadruped, and even hexapod running. NavLab 5's crowning achievement was "No Hands Across America," a 1995 cross-country tour on which it did 98 percent of the driving.

CMU plans a formal induction ceremony for the four robots in the fall. http://www.cmu.edu/news/archive/2007/May/may15_rhof.shtml

Reinventing the Mag Stripe

QSecure, Inc., a SV startup with multiple patents in credit card authentication technology, has announced new technology that significantly reduces fraud resulting from stolen card data. The company's SmartStripe technology protects against counterfeit fraud without requiring changes in retail systems or card holder behavior.

SmartStripe technology incorporates dynamic cryptography on the card's magnetic stripe, augmenting the static data on the magnetic stripe. Each time a consumer uses a SmartStripe card, a proprietary magnetic media chip embedded in the magnetic stripe programs a unique cryptographic number on the stripe that is valid for only one transaction. If the payment card's data is compromised, and criminals attempt to re-use the data from the stripe, card issuers will be able to stop the transaction in real time.

Unlike other solutions which require changes to the existing credit card infrastructure, QSecure's technology works seamlessly within the existing retail system, requiring no modifications to merchants' card readers. Further, its usage is transparent to the card holder, so no changes to buying behavior are necessary. Future versions of QSecure solutions will incorporate a small, flexible display to secure online and other card-not-present transactions. The company is now working on programs with major card issuers.

Talkback: Discuss this article with The Answer Gang


Bio picture Howard Dyckoff is a long term IT professional with primary experience at Fortune 100 and 200 firms. Before his IT career, he worked for Aviation Week and Space Technology magazine and before that used to edit SkyCom, a newsletter for astronomers and rocketeers. He hails from the Republic of Brooklyn [and Polytechnic Institute] and now, after several trips to Himalayan mountain tops, resides in the SF Bay Area with a large book collection and several pet rocks.

Copyright © 2007, Howard Dyckoff. Released under the Open Publication License unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 140 of Linux Gazette, July 2007

Tux