Please submit your News Bytes items in plain text; other formats may be rejected without reading. (You have been warned!) A one- or two-paragraph summary plus a URL has a much higher chance of being published than an entire press release. Submit items to firstname.lastname@example.org.
News in General
Court upholds FOSS licences and community copyrights
In a decision with major implications for the validity of FOSS and community software licences, the U.S. Court of Appeals for the Federal Circuit upheld that FOSS licences are enforceable under the US legal system.
The new ruling reverses a lower court ruling that categorized FOSS licensing as merely a form of contract, without the enforcements associated with copyright and patent protections. A case with copyright infringement allows for statutory damages and stronger remedies, including the right to nullify the license. This is a major legal event.
The case stemmed from the distribution of Java software for Model Railroad buffs, where a user clearly violated the terms of a community license. The original case was called Jacobsen v. Katzer.
From Linux Foundation Legal posting, August 13, 2008 by Andy Updegrove:
"The underlying facts, and counsel, were hardly major figures on the commercial landscape: the open source software at issue had been developed for model train buffs under an infrequently used free and open source license, and the attorney was young and inexperienced. But as often happens, a small case between small parties can have huge implications. And decisions that may make good strategic sense to the parties can also have disastrous consequences for those that are not in the same situation."
Find a more detailed discussion in the standards blog:
Intel details Core i7 Architectures, Multi-core "Larrabee"
At the August Intel Developer Forum (IDF), Senior VP Pat Gelsinger detailed the roadmap for Intel's next generation chip architecture, Nehalem. Intel will also re-brand its future chips as "Core i7", with high performance chips slated for both the desktop and server arenas.
The Core i7 micro-architecture features better energy efficiency, refreshed hyper-threading technology delivering up to 8-threaded performance capability on 4 cores in the initial versions and best-in-class memory bandwidth thanks to the newQuickPath Interconnect technology that puts a memory controller in-chip and delivers up to three times the memory bandwidth of previous generation Core architecture chips.
The new Intel Xeon processor X7460 with 6 cores and 16MB L3 cache for servers launching in September has already broken multiple performance world records. An 8-socket IBM System x 3950 M2 server became the first platform to break the 1 million tpmC barrier on the TPC-C benchmark. New 4-Socket performance records include TPC-C on HP Proliant DL580 G5, TPC-E on Dell PowerEdge R900, SPECjbb2005 on Sun Fire X4450 and SPEC-int_rate2006 on Fujitsu-Siemens PRIMERGY RX600 S4.
IDF was also a showcase for new 'ultra mobile PCs' (UMPC) that OEM partners build around the Intel Atom processor, a simplified X86 chip core that can readily run Linux. In a central kiosk, 6 of 8 systems ran Linux and only two ran Windows Mobile. A mobile Linux pavilion had mini-booths from Ubuntu (featuring a slimmed down "Remix" OS), Xandros, and other Linux providers.
The Atom is very power efficient and also is in a 22 mm square package rather than the more common 35 mm square package, allowing for smaller and cooler devices. Intel also showed off new high-end laptops based on a mobile version of its quad-core chip that draws only 45 watts.
For more info, see:
AMD: Ready to Compete
AMD announced plans for its "Shanghai" next-generation architecture the week before the IDF conference. This will be based on 45 nm circuits and will feature 4-, 6-, and 8-core products. Follow-on plans for 2010 include 12-core processors using DDR3 memory.
AMD executives told the press that many of the features Intel touted for its new Nehalem architecture have been already incorporated into AMD chip architectures. The L3 cache became standard with the AMD Phenom line late last year and use of on-chip memory caches was part of the Opteron chip architecture over 3 years back.
Although AMD will be releasing an integrated CPU and GPU part in 2009, it will not be as integrated as Intel's Larabee, but it will be based on current working parts - separate CPU and GPU cores - and should be free of major errata.
AMD did acknowledge missteps with its quad-core products and that it was a little late getting to 45 nm parts. However, AMD expects to be shipping 45 nm parts before the end of 2008, and to transition to all 45 nm parts in 2009. AMD also expects to be competitive on price and performance as well as profitable. AMD and IBM have an on-going partnership to develop manufacturing processes for 22 nm parts, for products two generations ahead of current technology. AMD's current 45 nm process was co-developed with IBM.
Progress on DNS Vulnerabilities, IANA test tool shows gaps
It's been over a month since the industry-wide patching of DNS name servers began
and much progress has been made. The following links show an animation of
patching progress in the first 3 weeks:
http://www.doxpara.com/?p=1206 and http://www.youtube.com/profile?user=clarifiednetworks&feature=iv
The July work-around patches implement a scheme of port randomization to replace a more limited scheme of ID randomization currently implemented in the DNS protocol. The ID transaction field was only 16 bits wide, allowing for easier exploitation, especially with multiple requests allowed from the same client. The port scheme will now randomize using 27 to 30 bits.
One criteria for patching shows how general the flaw is: if your DNS system uses recursion, it needs to be patched. If an attack based on the DNS vulnerability is successful, an attacker could force any user to arbitrary IP addresses on the Internet.
ICANN has announced a test page, on the IANA site, to test if a domain is vulnerable to the Kaminsky DNS source port vulnerability. Click here to go to the test page: http://recursive.iana.org/
IANA also is providing a FAQ on the bug that has a lot of useful information without digressing into attack details, as so many other writeups do. This FAQ is focused on explanation and practical advice for IT. There is good advice in it, such as pointing out that authoritative name servers should never be configured also to provide recursive name service. This bug is a perfect example of why. See: http://www.iana.org/reports/2008/cross-pollination-faq.html
DNSstuff has also posted a vulnerability test on their page of free DNS tools: http://member.dnsstuff.com/pages/tools.php?ptype=free
"We tested a number of leading distro domains and major companies in the linux
space. Most, including sourceforge.org, were not vulnerable to the recusive DNS
bug. But there were notable exceptions, including :
-- opensuse.org and Novell.com -- most name servers vulnerable
-- CMP publications -- name severs are recursive but with source port randomization
-- For eWeek.com -- NS2.TECHDNS.COM is vulnerable but NS1.TECHDNS.COM is not - Go figure."
With the dust hardly clearing on DNS issues, the ICANN Board has declared that the U.S. government will not yield the control it now has over changes to the Internet's DNS root zone file.
Kaminsky has been blogging about progress on the vulnerability and the Black Hat conference. In his August 8th entry he notes:
"New attacks are already popping up, only a few days in. Ben Laurie just came out with a harrowing and beautiful advisory against some common OpenID deployments. I knew about the intersection of DNS and OpenID, and I knew about the intersection of DNS and Debian's badly generated certs (a problem which, I'd like to point out, is much harder to patch due to our continuing lack of an effective certificate revocation infrastructure). But it took Ben Laurie to attack 'Secure' OpenID providers using Debian Certs via DNS. Fantastic, excellent work."
Mozilla's Firefox Wins the "Who's the Next Open Source Idol" Crown at LinuxWorld
Mozilla's Firefox was successful in beating out the other three contestants, reigning champion "Tux" the Linux kernel penguin, "Beastie" the BSD demon and the GNU "Gnu" to become the world's favorite Open Source Idol. GroundWork Open Source (http://www.groundworkopensource.com), announced the results at the end of Linux World.
During the first ever "Who's the Next Open Source Idol?" contest held at LinuxWorld 2008 last week, Firefox proved he was the only mascot capable of bringing down the reigning champion - "Tux" the Linux penguin. After a three day neck and neck race of crazy dancing, bull riding, singing, rapping, and polling LinuxWorld attendees, Firefox left third place "Tux" out in the cold, winning with 48.5 percent of the final vote.
Tux the Linux Penguin - 6.6%
The Mozilla Firefox - 48.5%
Beastie the BSD Demon - 31.6%
The GNU Gnu - 2.3%
Conferences and Events
- Office 2.0 Conference 2008
September 3 - 5, St. Regis Hotel, San Francisco, CA
- JSFOne Conference / Rich Web Experience - East
September 4 - 6, Vienna, VA
- Digital ID World Conference 2008 (DIDW)
September 8 - 10, Hilton Hotel, Anaheim, CA
- Gartner Business Process Management Summit 2008
September 10 - 12, Washington, D.C.
- Summit on Virtualization and Security
September 14, Marriott Hotel, San Francisco, CA
- IT Security World 2008
September 15 - 17, Marriott Hotel, San Francisco, CA
Optional Workshops: September 13, 14, 17 & 18
- Zend / PHP Conference 2008
September 15 - 18, Santa Clara, CA
- Kernel Summit 2008
September 15-16, Portland, OR
- Linux Plumbers Conference - LPC
September 17 - 19, Portland, OR
- VMworld 2008
September 16 - 18, Las Vegas, NV
- Open Source in Mobile (OSiM) World
September 17 - 18. Hotel Palace, Berlin, Germany
- Oracle Develop and OpenWorld 2008
September 21 - 25, San Francisco, CA
- Backhaul Strategies for Mobile Operators - New York City
September 23, NYC
- Semantic Web Strategies Fall 2008
October 5 - 7, Marriott Hotel, San Jose, CA
- Mobile Content Strategies 2008
October 6 - 7, Marriott Hotel, San Jose, CA
- Optical Expo 2008
October 6-7, Westin Galleria, Dallas, TX
- Linux End User Collaboration Summit
October 13 - 14, 2008, Tutu Center, NYC
- LinkedData Planet Fall 2008
October 16 - 17, 2008, Hyatt, Santa Clara, CA
- Scrum Gathering 2008
October 20 - 22, Stockholm, Sweden
- EclipseWorld 2008
October 28 - 30, Reston, VA
- System-on-Chip (SoC) Conference 2008
November 5 - 6, Radisson Hotel, Newport Beach, CA
- OpenOffice.org Conference - OOoCon 2008
November 5 - 7, Beijing, China
- Usenix LISA 2008
November 9 - 14, San Diego, CA
- Agile Development Practices 2008
Nov. 10 - 13, Orlando, FL
- ISPcon Fall 2008
November 11 - 13, San Jose, CA
Debian "Lenny" Dev Tree Frozen
The Debian GNU/Linux 5.0 "Lenny" development tree has been frozen and the focus of the project has turned to bug fixes and infrastructure updates prior to the final release scheduled for next month.
Here are some of the new features in "Lenny": The next Debian is based on the 2.6.25 Linux kernel and supports both KDE 3.5.9 and GNOME 2.20 desktops. It doesn't support KDE 4.1 at this time.
"Lenny" includes recent versions of popular end-user software applications: Firefox 3.0.1, OpenOffice.org 2.4.1, and Evolution 184.108.40.206. It also includes developer and server programs and libs such as glibc 2.7 and Samba 3.2. "Lenny" includes full support for the IPv6 networking protocol and NFSv4 (Network File System). On the server side, Lenny will have LFS (Large File Support) which allows applications access to the largest files supported by the operating system and file system rather than an application-bound file size limits.
Freespire will go back to Debian
Xandros has announced the next version of Freespire will be based on the Debian "Lenny" release, arriving 4th quarter 2008. Xandros says it plans to consolidate its various offerings on Debian. Freespire 5 will be followed by Xandros Desktop Professional 5, built on the same open source code base with additional commercial elements primarily for enterprise customers.
Xandros acquired Linspire last month and Freespire has been the free version of Linspire, most recently based on Ubuntu.
Scientific Linux Live CD/DVD 5.2 released for i386 and x86_64
The principal new feature for this release: changes can be stored persistently on a removable storage device. Together with the ability to run the LiveCD from a USB stick, this feature allows you to carry around your own portable Scientific Linux Live System in your pocket.
The SLL CD/DVD runs Scientific Linux directly from
CD/DVD without installing. It can be downloaded from:
A list of public mirrors can be found at the Scientificlinux.org download page: https://www.scientificlinux.org/download
gOS 3 Gadgets announced
gOS, the Linux distribution that shipped with the famous $199 Wal-Mart gPCs and notebooks announced its latest version, called gOS 3 Gadgets. Google Gadgets is launched on boot, giving the user direct access to more than 100,000 iGoogle and Google gadgets. These Google Gadgets are small, graphically rich applications that can be added directly to the user's desktop in seconds over the Internet.
gOS 3 Gadgets will also come pre-loaded with WINE 1.0 for Windows applications compatibility, and with other Google Linux software to give the user more options.
David Liu, founder and CEO of gOS, says that "With this version of gOS, we are delivering a Linux that is ready for consumers -- a Linux for the rest of us!".
More information can be found here: http://www.thinkgos.com/press-release2.php.
Software and Product News
Sun Launches openSSO Express
Sun Microsystems announced OpenSSO Express, a new offering that provides enterprise support and indemnification for the technologies available in the OpenSSO project. OpenSSO is the world's largest open source identity management project, providing highly scalable single sign-on, access management, federation, and secure web services capabilities.
New versions of Sun OpenSSO Express will be released approximately every three months to provide fast moving organizations with early access to the latest technologies available in the OpenSSO community. New or existing customers with a Sun Java System Access Manager, Sun Java Identity Management Suite, or Java Enterprise System license or subscription will receive OpenSSO Express at no additional charge. Support from Sun's technical team is available in three different levels: standard, premium, and premium plus.
With more than 700 members, the OpenSSO project is attracting large enterprises with extensive identity infrastructures, who want an open source, identity management solution with Sun's support and indemnification. Founded 18 months ago, theOpenSSO community provides core identity functionality in a single Java technology-based distribution. The community also bases their development on enterprise-focused standards, including SAML 2.0, XACML, and WS-Federation, in addition to creating extensions to OpenSSO through sub-projects around other protocols like OpenID and Information Cards.
For more information and to download OpenSSO, visit: http://wiki.opensso.org.
To access Sun OpenSSO Express, visit: http://www.sun.com/software/products/access_mgr/get.jsp.
Sun Unveils AMP Stack for Solaris and Linux
At OScon, Sun announced the availability of Sun Web Stack, a fully supported and integrated AMP (Apache/MySQL/Perl or PHP) stack for Solaris and Linux operating systems. The Web Stack software includes the open source software most commonly used for Web-tier application development and services.
The Web stack consists of Web and proxy servers, scripting languages, and a database that enables developers to deploy Web applications quickly and easily. The primary components in the Web Stack include the Apache HTTP Web server version 2.2.8, Apache Modules Memcached 1.2.5 (distributed memory object system), MySQL 5.1 Database, lighttpd Web server v 1.4.18, Tomcat Servlet engine 6.0.16, PHP 5.2.5, Ruby 1.8.6, Rails 1.2.3, RubyGems 0.9.0, Mongrel 1.0.1, fcgi package, RedCloth (text parsing), Perl 5.8.8 and extensions, and Squid proxy server 2.16.x.
Download the Web Stack at http://www.sun.com/webstack.
"Sun's release of their Web and Proxy server code with a BSD license is proof of their involvement and commitment to open source," said Jim Jagielski, co-founder and director of The Apache Software Foundation and a core developer on several ASF projects, including the Apache HTTP Server.
Sun will provide product version control for its supported Web Stack across multiple operating systems so that applications developed for one operating system can be deployed on another with minimal changes. Enterprise support is planned to be available for Solaris in CY08Q3, Linux LAMP support in CY08Q4 with Windows and other OS support to follow.
While still under heavy development, TraceMonkey already supports the x86, x86-64, and ARM platforms, meaning it is ready for desktop and mobile use right out of the box.
Deividson Luiz Okopnik
Deividson was born in União da Vitória, PR, Brazil, on 14/04/1984. He became interested in computing when he was still a kid, and started to code when he was 12 years old. He is a graduate in Information Systems and is finishing his specialization in Networks and Web Development. He codes in several languages, including C/C++/C#, PHP, Visual Basic, Object Pascal and others.
Deividson works in Porto União's Town Hall as a Computer Technician, and specializes in Web and Desktop system development, and Database/Network Maintenance.
Howard Dyckoff is a long term IT professional with primary experience at
Fortune 100 and 200 firms. Before his IT career, he worked for Aviation
Week and Space Technology magazine and before that used to edit SkyCom, a
newsletter for astronomers and rocketeers. He hails from the Republic of
Brooklyn [and Polytechnic Institute] and now, after several trips to
Himalayan mountain tops, resides in the SF Bay Area with a large book
collection and several pet rocks.
Howard maintains the Technology-Events blog at
blogspot.com from which he contributes the Events listing for Linux
Gazette. Visit the blog to preview some of the next month's NewsBytes
Howard Dyckoff is a long term IT professional with primary experience at Fortune 100 and 200 firms. Before his IT career, he worked for Aviation Week and Space Technology magazine and before that used to edit SkyCom, a newsletter for astronomers and rocketeers. He hails from the Republic of Brooklyn [and Polytechnic Institute] and now, after several trips to Himalayan mountain tops, resides in the SF Bay Area with a large book collection and several pet rocks.
Howard maintains the Technology-Events blog at blogspot.com from which he contributes the Events listing for Linux Gazette. Visit the blog to preview some of the next month's NewsBytes Events.