Cliff’s List Filter – July 20-28

Open source is always on the go, so we aim to be here each week with news from the usual Linux Kernel, GNOME, KDE and Mozilla sources. Up this week: tools to avoid the need for suid root; more performance enhancements to the kernel; Gnumeric without CUPS; an Evolution Simulator for KDE; DINO, as in Delphi/Kylix in Gecko and certificate resources for those of you developing self-signed Mozilla applications.

Linux Kernel

• In the name of adding better tools for partitioning system resources, Olaf Dietsche announced his access
  permission filesystem on July 22. It is a /proc-based filesystem that, among other things, allows you to set users and groups who are allowed to access specific network ports and capabilities. Along with accessfs, Olaf has also released a companion enhancement: filesystem capabilities which can be used to assign capabilities to a binary and then run that binary as a specific user and group on a protected port. Both accessfs enhancement and the filesystem capabilities enhancement can provide you with workarounds for using suid-root programs, thereby minimizing the chance of a system-level vulnerabilities.

• This week saw several more updates a result of preempting issues, including the latest round of preempt fixes from Ingo Molnar.
• Version 1.1.7 of the JFSutils was released on July 22. JFSutils is a GPL’d suite of utilities for use on IBM’s journaled file system.
• Those of you who missed the recent Kernel Summit might be interested in some real-world examples on LTT and how it can be used by developers.

• A recent problem was discovered in recent 2.6.8 kernels that caused data that was intended to be randomized to be constant, instead. A small
  fix to add more randomness to the system is now available.

• Robert Love released his Kernel Events Layer (note: (latest version, with fixes) patch on July 23 . It provides an asynchronous communication line fron kernel to userspace of events like errors, logging and other bits of information. Other types of events that may be implemented in the future include filesystem mounts and driver errors.

• Matt Mackall released a new version of his kernel patching script on July 23. ketchup
  is now up to v0.8.1.

• A system with heavy disk writing activity will have file allocators waiting for kswapd to free memory, however if kswapd is freeing memory via a remote file system like NFS a deadlock can occur causing the system to hang immediately. Avi Kivity has released updates
  that will allow an application to remove its dependency on kswapd, thus preventing such lockups.

• On July 28, Alan Cox posted a small patch which adds support for the Innovision DM-8401H PCI-based IDE controller.

• Finally, Jari Ruusu released the loop-AES file/swap crypto package, also on July 28.

GNOME

• First off from the Gnome circles, a bit of sad news: magicdev is dead. Magicdev was a user-space device watching daemon for the GNOME desktop.

• News for non-CUPS folk: Gnumeric v2.7.1 will support non-CUPS printcap files.

• Two weeks ago Jamie McCracken made a large patch against Nautilus to address what he thought were severe usability problems. If you would prefer to take your UI changes with small steps and would like to sample some of the proposed changes, maybe smaller tidbits might be better for you? Laaurent Belmonte probably felt the same way which is why he separated out the pathbar enhancements and is providing them in a smaller patch.
• More new software from the GNOME vaults, released this week:
• GCalcTool v4.4.14 was released on July 28.
• GStreamer v0.8.4 (the “Paella” release) was set loose on July 20.
• The first ever version of Blogfish (v0.1) was released on July 20. Blogfish is a panel applet that allows weblog users to pass along their URL to others. Darwinism rules apply: only the good memes and weblog entries will survive.

KDE

• KDE v3.3 Beta 2, the “Kollege” release, was announced on July 22.
• The G-System, an Evolution Simulator for KDE, was released on July 27.

• TagLib 1.2, a library for accessing audiofile meta-data, was released on July 28.

Mozilla

• If you are trying to use the certutil utility with the intent to sign your own Mozilla scripts you may find this chapter in the online Mozilla book helpful, as well as this page on CAs and digital signatures. Be careful you don’t fall into common pitfalls when you go to test your signatures.

• Finding Mozilla profiles a hassle to keep track of? Maybe this discussion on managing profiles can offer you some helpful ideas.

• DINO (the Gecko Delphi Framework) was released on July 25. Dino allows you to develop one codebase and deploy it on both Linux and Windows, allows you the ability of developing native widgets for use in your XUL forms, and supports some Java and Delphi/Kylix code. Along with DINO comes the HelpExplorer, a document viewer that supports CHM and WinHelp files which can be run on Windows and Linux.