Smartango

MySQL founder Michael Widenius announces the launch of the Drizzle project. "Drizzle is a smaller, slimmer and (hopefully) faster version of MySQL; Features that the broad Drizzle community does not want or need are now removed or in the process of being removed (This includes stored procedures, views, triggers, grants, some non-pluggable storage engines and more)." It also, apparently, is intended to be developed in a more community-oriented manner, "A bit like Fedora does to RedHat."

The Fedora Project has announced the launch of Fedora Talk, an Asterisk-based telephony system. "Fedora contributors can set up ad hoc conferences, further deepening social connections and creating a more efficient method for communication when working on certain projects. In the future, we hope to add web conference capabilites for anyone with VoIP access. There are other possibilities to explore with Fedora Talk as well. What if, in the future, a Fedora volunteer could claim an hour of time to run a VoIP phone and answer user or contributor questions?"

The Patently-O weblog has a detailed look at a couple of US Patent and Trade Office rulings which could change the software patent game significantly. "If the PTO's test is followed, the crucial question for the vitality of patents on computer implemented inventions is whether a general purpose computer qualifies as a 'particular' machine within the meaning of the agency's test. In two recent decisions announced after the oral arguments in the Bilski case, Ex parte Langemyr (May 28, 2008) and Ex parte Wasynczuk (June 2, 2008), the PTO Board of Patent Appeals and Interferences has now supplied an answer to that question: A general purpose computer is not a particular machine, and thus innovative software processes are unpatentable if they are tied only to a general purpose computer." (Thanks to Duncan).

Even a casual reader of the kernel mailing list will have noticed that there are a lot of tracing-related patches in circulation at the moment. There are so many, in fact, that it is hard to keep track of them all. So this article (from this week's Kernel Page) will take a quick look at the code which has been posted in an attempt to make the various options a bit clearer. Click below (subscribers only) for the full text.

Debian has updated ruby (multiple vulnerabilities) and libgd2 (multiple vulnerabilities).

Gentoo has updated bacula (information disclosure - problem not actually fixed), peercast (buffer overflow), and bitchx (multiple vulnerabilities).

Mandriva has updated libxslt (buffer overflow).

Red Hat has updated php (multiple vulnerabilities).

SUSE has updated the kernel (multiple vulnerabilities).

The Linux Plumbers Conference (September 17 to 19, Portland) is still looking for a few speakers for the event, so the proposal deadline has been extended to the end of this month. "We are looking for proposals from knowledgeable speakers on timely technical topics related to core Linux software - kernel, utilities, graphics, libraries, etc. The ideal proposal will address a specific technical problem or opportunity and suggest solutions. Proposals targeting issues which cross sub-system boundaries - such as power management and suspend/resume - are especially encouraged."

The Dragonfly BSD 2.0 release is available. The big change would appear to be the HAMMER filesystem, which supports snapshots, no-fsck crash recovery, mirroring, and more.

Fortify Software, a vendor of security scanning solutions, has put out a press release saying that open source software poses security risks for businesses, partly as a result of the lack of use of security scanning solutions. There is an associated report available for those who register. "The survey, sponsored by Fortify Software and completed by leading application security consultant Larry Suto, examined 11 of the most common Java open source packages. In order to evaluate the security expertise offered to users and to measure the secure development processes in place in OSS communities, Fortify interacted with open source maintainers and examined documented open source security practices."

The whole thing may be self-serving, but there is also a real point: anybody contemplating putting software into a security-relevant setting should look at how the project handles security issues.

OpenSSH 5.1 is out. There's a long list of new features in this release, including an experimental mechanism for displaying host keys as ASCII art. A new SSH usage survey has also been posted; interestingly, it shows OpenSSH usage dropping slightly over the last couple of years.

The Software Freedom Law Center has announced the filing of a GPL-infringement lawsuit against Extreme Networks Inc. "According to the complaint, SFLC contacted Extreme Networks in February, but the company continues to distribute BusyBox in violation of the GPL. The complaint requests that an injunction be issued against the defendant and that damages and litigation costs be awarded to the plaintiffs."

Once one of free software's fiercest critics, today Wind River is a cheerleader for the benefits of open source, of sharing, and of giving back to the community. John Bruggeman is Wind River's Chief Marketing Officer. Here he talks to Glyn Moody about why you can't use any old Linux for embedded systems, the respective strengths and weaknesses of the Linux-based mobile platforms from the LiMo Foundation and Google's Android, and what effect Nokia's announcement that it would be open-sourcing the Symbian operating system will have on the sector.

Mandriva has updated mysql (2008.0 and prior, 2008.1: privilege escalation).

Red Hat has updated acroread (input validation and temporary file vulnerabilities).

rPath has updated bind (cache poisoning).

SUSE has updated the kernel (multiple vulnerabilities) and libxcrypt (incorrect hash algorithm used; read the notice before applying).

A lot of code has found its way into the mainline during the 2.6.27 merge window. One of the more notable, user-visible changes is the long-awaited merging of the gspca family of video drivers. These drivers support a large number of video devices; as of 2.6.27, Linux will support most of the webcam devices available on the market.

A new version of the Fedora 9 respin has been released by the Fedora Unity Project. "Fedora Unity has taken up the Re-Spin task to provide the community with the chance to install Fedora with recent updates already included. These updates might otherwise comprise more than 1.91 GByte of downloads for a full install, and an additional 265.69 MByte for pulled in dependencies."

The following Fedora advisories are all cascading changes caused by the Firefox fixes: epiphany-extensions (F8, F9), epiphany (F8, F9), devhelp (F8, F9), xulrunner (F9), yelp (F8, F9), liferea (F8), cairo-dock (F8), ruby-gnome2 (F8), galeon (F8), kazehakase (F8), chmsee (F8), Miro (F8), openvrml (F8), gnome-python2-extras (F8), gnome-web-photo (F8), blam (F8), gtkmozembedmm (F8)

fancyLWNComments is a Greasemonkey script that makes comment threads a bit more pleasant. It has been updated to work with the recent site changes at LWN.

Fedora has updated firefox (F9, F8: multiple vulnerabilities), seamonkey (F9, F8: multiple vulnerabilities).

Mandriva has updated firefox (multiple vulnerabilities).

rPath has updated bind (DNS cache poisoning).

SUSE has updated moodle, clamav, zypper, mercurial, poppler (various issues).

It is with some trepidation that your editor points out this OpenSource Magazine article, which might better be titled "Maureen O'Gara is back." But it is bizarrely different view of the ruling in SCO v. Novell; it's worth knowing that this kind of thought is out there. "The court also said Novell couldn't run interference for Linux and stop SCO from seeking royalty payments for alleged UnixWare and OpenServer infringement by Linux users under its infamous SCOsource licensing program. Armed with that decision, it's merely a matter of time before SCO starts seeking those payments."

Simple-talk has an interview with Linus Torvalds. "But what can make a big deal to what is the best way of doing things is simply hardware changes or changes in what users do and how they interact with their computers. And while I don't see any big fundamental shift in how things are done, I think that is ultimately what may make Linux obsolete. -not in the near future, though. Software and hardware have an amazing inertia, and ways of doing things tend to stay around for decades. So I'm not exactly worried."

IT Pro considers whether Linux or the GPL is more of a disruptive technology. "Linux itself does not represent any great departures from previous technologies, but has led a technological revolution that is predicated on free software licensing. The open source development model, which is facilitated by the GNU General Public License (GPL), represents a challenge and an opportunity to industry to rethink the way that information and technology is used and shared between individuals and organisations, and in some sectors - notably the financial services sector - the challenge appears to have been accepted. The disruptive technology is the license and its distinctive inversion of copyright law."