Planet Linux Users' Group (Singapore)

Nintendo and Sony's portable gaming units may be all the rage these days, but the newest open source handheld called the Wiz is raising eyebrows. The specs look nice, and you can play classic games via emulation.

Read More...

Researchers demonstrate a serious eavesdropping risk in the internet's fundamental infrastructure, putting proof to a theory that's long been whispered about in national security circles.

The U.S. Computer Emergency Readiness Team (CERT) has issued a warning for what it calls "active attacks" against Linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as "phalanx2" is installed, US-CERT said in a note on its current activity site. From the advisory: Phalanx2 appears to be a derivative of an older rootkit named "phalanx". Phalanx2 and the support scripts within the rootkit, are configured to systematically steal SSH keys from the compromised system. These SSH keys are sent to the attackers, who then use them...

Mozilla released a new, experimental add-on for Firefox Tuesday which adds a human-language text interface to the web browser. Now users can manipulate web services by typing one line of text, setting a whole new paradigm for how we interact with applications on the open web.

A new security system devised by Carnegie Mellon researchers uses a distributed network of "notary" servers to independently validate public keys. This could protect users from man-in-the-middle attacks when they visit web sites with self-signed certificates.

Read More...

Periodically, there's a review of text editors for a particular platform. Linuxlinks' latest post is pretty thorough though, covering 21 different Linux/Unix text editors. "In many users' eyes, a text editor should be lean and mean, fast to start up and shut down, without fancy splash screens or a graphical user interface. The choice of editor has long stirred up strong emotions. [...] To provide an insight into the quality of software that is available, we have compiled a list of 21 high quality Linux text editors. There's a mix of graphical and console based applications included.

EasyTag is a graphical utility to edit the descriptive ID3 tags for your music files. One will think primarily of MP3 files, but it also does other formats, such as Ogg, FLAC, MP4/AAC, MusePack, Monkey’s Audio files and WavPack files (APE tag).<!--break-->

EasyTag’s screen real estate is divided into three windows. The left window shows you the directories of your file system. The middle window shows you the music files in your currently selected directory. The right window is further subdivided into top and bottom information boxes: the top shows you the technical information about the file (bit rate, frequency, mode, size, and time), and the bottom shows you the actual ID3 fields.

Full Story

The Book of IMAP: Building a Mail Server with Courier and Cyrus, by Peer Heinlein and Peer Hartleben, is a quality resource for any serious mail administrator. The approach taken is direct, but at the same time it's very expansive, setting this book apart from most others I have read. It's packed full of rich examples which are used to solidify the topic being covered. At several places the authors reach out to explain when the subject is addressing ambiguous or otherwise undocumented information which is to great advantage to the reader and worthy of recognition. Read more on this exclusive OSNews article...

Ottawa Canada Linux Users Group recently hosted another of its Kernel Walkthrough tutorials given by Bart Trojanowski. The screencast starts with a one-hour presentation on the components involved, and then dives into the code which bootstraps the kernel on the 32bit x86 platform. The first Kernel Walkthrough by the Ottawa Canada Linux Users Group covered Linux development background, file layout and data types.

Unknown attackers infiltrated Red Hat and Fedora servers but did not compromise the integrity of the Red Hat Network software deployment system. The Fedora project leader says that no source packages were modified.

Read More...

Available as free download for Firefox browser

Ari Shamir's new cube attack breaks a slew of stream ciphers––and sends cryptographers back to their keyboards.

Read More...

The bookmark tagging feature introduced in Firefox 3 is not particularly difficult in use: when bookmarking a Web page, enter the tags you like into the Tags field of the bookmarking dialog window and you are pretty much done. Tagging provides a more flexible way of keeping track of bookmarks than traditional folders. The folder-based system provides an "either/or"-solution to filing bookmarks. For example, you could place a bookmark for an article about installing OpenOffice.org on Puppy Linux in either a Linux or OpenOffice.org folder, but not in both. With tags, you don't have this problem: you can assign as many tags as you like, so the bookmark becomes filed under several categories at the same time.

Thanks to Alolita's post about a new tool from Google that allows transliteration from Tamlish, Hindlish, Teluguish, Kanadaish and Malayalamish into their respective Indian language. Just tested it out with the ever green song that almost all school kids in Singapore sing around National Day - Muneru Valiba - and it did do the transliteration correctly (or as correctly as my eyes and rusty Tamil can confirm). Kudos to Google for this tool.

The director of PR at Novell says that "customers drove" the need to continue with the farce that is the MS-Novell deal. My suggestion to both MS and Novell is to show who these customers are and exactly what it is that they needed. If there is indeed the "... IP peace of mind for organizations operating in mixed source environments", please enumerate exactly what areas are in infrigement and what are not. Stop the lying and deception. Be honest and acknowledge that without the MS monies, Novell would have nothing to show about it's Linux sales.

One of the coolest newer features of Wireshark is the ability to automatically generate firewall ACL rules based upon a packet you may be viewing. As an example of this, take a look at the following packet:

If you look at the data portion of this packet you can see that this is packet generated by the infamous blaster worm. Notice the destination port is 4444 which is the standard port used by blaster. In the case, let’s say we want to create a firewall ACL rule that blocks anything with a destination port of 4444 on an iptables firewall. If we select this packet, go to Analyze > Firewall ACL Rules on the standard toolbar, we will get a dialog that will let us build custom firewall rules based upon the contents of this packet. In our scenario here, we would select Netfilter (IPTABLES) from the vendor drop down box, and select TCP Port 4444 in the filter box. This will output the exact command you need to enter in your iptables configuration to enact this firewall rule. If you play around with this feature you will see that there is quite a bit you can do with it.

This feature is very new and doesn’t support a lot of different vendors, but this should develop over time.

Reader Otter points out in his journal a very neat use for the logic contained in Debian's package dependency resolver: solving sudoku puzzles. To me at least, this is much more interesting than the sudoku puzzles themselves. Update: 08/24 02:51 GMT by T : Hackaday just ran a story that might tickle the same parts of your brain on a game played entirely with MySQL database queries.

Read more of this story at Slashdot.

Ever wondered about the geographical popularity of Linux in a Windows dominated world? Data (by popular search terms) from Google collated by Royal Pingdom reveals that Linux is more popular in the East and developing countries (probably due to cost?). Surprisingly, the United States isn't top 5 for any of the ...

longacre writes "In his most extensive interview since the DefCon controversy emerged, MIT subway hacker Zack Anderson talks with Popular Mechanics about what's wrong with the Charlie Card, what happened at DefCon, and what it's like to tango with the FBI and the MBTA. The interview comes on the heels of Tuesday's court ruling denying motions by the MBTA to issue a preliminary injunction aimed at keeping the students quiet for a further five months."

Read more of this story at Slashdot.

An anonymous reader writes "In an email sent to the fedora-announce mailing list, it has been revealed that both Fedora and Red Hat servers have been compromised. As a result Fedora is changing their package signing key. Red Hat has released a security advisory and a script to detect potentially compromised openssh packages."

Read more of this story at Slashdot.

"I'd like to get a first round of review on my AXFS filesystem," began Jared Hulbert, describing his new Advanced XIP File System for Linux. XIP stands for eXecute-In-Place. The new filesystem received quite a bit of positive feedback. Jared offered the following description:

"This is a simple read only compressed filesystem like Squashfs and cramfs. AXFS is special because it also allows for execute-in-place of your applications. It is a major improvement over the cramfs XIP patches that have been floating around for ages. The biggest improvement is in the way AXFS allows for each page to be XIP or not. First, a user collects information about which pages are accessed on a compressed image for each mmap()ed region from /proc/axfs/volume0. That 'profile' is used as an input to the image builder. The resulting image has only the relevant pages uncompressed and XIP. The result is smaller memory sizes and faster launches."

read more

Digital Gadgets, the manufacturer and distributor of SYLVANIA brand computers, announced on August 19th that its shipping the SYLVANIA g netbook MESO with Ubuntu 8.04 Netbook Remix inside.<!--break-->

Ubuntu 8.04 Netbook Remix is based on standard Ubuntu. In addition it include a ‘Launcher’ that allows users to get on-line more quickly and have faster access to their favorite PC-based and online applications.

Full Story

Nominations are now open for the Antonio Pizzigati Prize for Software in the Public Interest. The winner could be someone you know, or someone whose work you admire, but don't mull over your recommendation too long -- entries must be submitted by September 30.

The nice people at Nokia/maemo.org are organizing a desktop search hackfest next month in Berlin. It would be a good opportunity to meet up some of the guys with whom I have (too infrequently) chatted online and exchanged ideas about desktop search, but unfortunately I won't make it. Hopefully there will be another one next year and I will be able to attend.

I am planning to go to Taipei on September 6th and celebrate Xapian's 9th birthday with the rest of the Xapian Asia Pacific Users Community, ie Yung-Chung Lin Interestingly, this will coincide with a couchsurfers picnic.

Pinot 0.88 should be out before the end of August with some minor new features and bug fixes. I haven't found much time to flesh out the Xesam client introduced in 0.87 so chances are it will still be quite basic in that new version.

Interesting: Preface The TCP/IP protocols were conceived during a time that was quite different from the hostile environment they operate in now. Yet a direct result of their effectiveness and widespread early adoption is that much of today's global economy remains dependent upon them. While many textbooks and articles have created the myth that the Internet Protocols (IP) were designed...

I just came across Adeona which allows you to track misplaced or stolen laptops without having to rely on third party providers. I think this make a lot of sense - you can have encrypted drives etc, but if you can also have your machine call home, that would make things all the more useful.

While I do not intend on loosing my laptops, I am wondering if there are other purposes this GPLed code can be used for? Ocassional call home with status check, discover nearby systems etc. Food for thought.

Google finally released a long-awaited update to the Android SDK. Ars takes a close look at the new platform and the API changes and comes away very impressed.

Read More...

This made me a laugh quite loudly: (not quite sure of the etiquette of 'reblogging', so you'll have to follow the link for the whole thing :) )

Vidya: So what are you cooking?
Charles: Oh, spaghetti with this tomato-and-stuff sauce.
Vidya: No, what is it called?
Charles: I don’t know, I never really looked. I could go get the book if you really want.
Vidya: Go on, I want to know.
Charles: OK, it's… er… spaghetti puttanesca.
Vidya: You realise what that means, right?

[From The Pasta of Ill Repute]

Fernando Cassia the Inquirer, Tuesday 19 August 2008. 12:30:00

Unboxing OSD 2.0 has plenty of room for expansion

THE FOLKS at Neuros Technology have introduced a 'developer version' of its upcoming next-generation Linux-based Digital Video Recorder and Media Centre, the OSD 2.0. And here we have our first look at this device which just arrived at our LatAm review lab....

A shift from multi-core power-gobbling monsters toward whisper-quiet systems with single-digit power consumption is rippling through the desktop market. This trend plays right into the hands of a Paris-based company called Linutop, which offers a miniature Linux-based desktop system. The latest version of the machine appeals to customers who are in the market for a machine with green credentials and low maintenance costs. After testing one myself, I found the tiny desktop has a lot going for it.

Last night I started installing Ubuntu-EEE, but it left me with unsuable network connections (same as the standard edition of Ubuntu did). Thanks to the information in their wiki those problems has now been resolved, and I hope that the fixes will be included in a future release of the EEE (there shouldn’t be a need to have a special EEE edition of Ubuntu, it should be supported out of the box).

I also installed the Ubuntu Netbook Remix, but I am not that impressed. It looks great, but has a serious performance problem which standard Gnome doesn’t have - and here I thought we got something specific to the UMPC community where most of them doesn’t have a speed monster of CPU under the hood (and my EEE901 is supposed to be top-of-the-line with its Atom CPU). I will however keep an eye on the Ubuntu Netbook Remix and hope that they will have resolved the performance problem in a near-future release.

Nokia and Mozilla have ported the Firefox web browser to Qt so that it will be able to run on a wide range of mobile devices. The port will also finally bring Firefox visual integration with KDE.

Read More...

It is exciting to see Firefox 3.1 getting ready to support natively, Ogg Vorbis and Theora support in all the platforms! As detailed in lwn, this will be a major tipping point on making the unencumbered audio and video codecs used by millions out there. This should also free up web developers and especially the mash up and RIA crowd, use and deploy audio and video without worrying if the audience has one of the myriad codecs.

Concepts, techniques, tricks, and traps

Can someone please explain this? I am very doubtful of the way this is being done. Were rules "added" or creatively interpreted so that the broken ooxml standard will be declared as ISO rubber stamped? I am hopeful that the ISO is not a Microsoft bought entity. I cannot but think it is.

It's been 16 months since this deal was announced. Has there been any governments around the world that bought into this? I do not think any honest government will fall for this trap.

"It is about time to take a step back and describe what I have been implementing," began Daniel Phillips, referring to his new Tux3 filesystem. He provided a simple ASCII diagram that detailed the filesystem's hierarchical structure, describing each of the elements. About one he noted, "the volume table is a new addition not central to the goals of Tux3, but a nice feature to have given that it comes nearly for free. One Tux3 volume can have an arbitrary number of separate filesystems tucked inside it, indexed by a simple integer parameter at mount time. People say they like this idea and it imposes no significant complexity, so it goes in." Daniel continued:

"Each volume has a metablock pointing at the forward log chain for the volume, a version table that describes the hierarchical relationship between versions (snapshots), an atime table to take care of that horrid legacy Unix feature, and an inode table containing files and attributes of files. [...] Versioning takes place in three places, versioned pointers in the atime btree, versioned extents in a file data btree and versioned attributes in the inode table. [...] Notice the absence of a journal, the functionality of which is provided by forward log elements that I described in the Hammer thread (and will eventually write a separate post about)."

read more

There’s a great book published over at the Linux Foundation that helps developers who are interested in participating in Linux kernel development and the process for contributing. This is a great resource and is probably one of the most difficult “cultural” and procedural issues for new, aspiring kernel hackers. I think it’s absolutely fantastic the kernel community itself has published a guide on how to participate. This will help significantly as the developer community has scaled already to a very large number of participants.

The LF should publish a PDF version… I’ll send them a suggestion. One other suggestion would be about how a developer should work with their internal legal team to get permission for submitting code. Perhaps we’ll see that in version 2.0.

Oh, and of course it’s free (as in beer) - until O’Reilly buys the rights ;-)

http://ldn.linuxfoundation.org/book/how-participate-linux-community

Despite all its advances, GNU/Linux remains weak in its support for proprietary audio and video codecs. Because these codecs are often encumbered by patents, distributions must choose either to include support of questionable legality or else exclude it altogether. In the middle of this controversy sits Fluendo, a Catalan company of about 50 employees that is a main contributor to projects like GStreamer, and supports open formats, but also offers licensed, proprietary codecs such as Windows Media Video and MPEG4. While many would argue that this dual position is necessary, it's one that sometimes creates an unasy balance for the company, says Muriel Moscardini, Fluendo's sale director.

A federal appeals court held Wednesday that copying free software without complying with its license is copyright infringement. The ruling, which will make such licenses much easier to enforce, is a key victory for the free software community.

Read More...

"I recently had the opportunity to interview Andrew S. Tanenbaum, creator of the extremely secure Unix-like operating sytem MINIX 3. Andrew is also the author of Operating Systems Design and Implementation, the must-have book on programming and designing operating systems, and the man whose work inspired Linus Torvalds to create Linux. He has published over 120 works on computers (that's including manuals, second and third editions, and translations), and his works are known all over the world, being translated into a variety of different languages for educational use universally. He is currently a professor of computer science at Vrije University in Amsterdam, the Netherlands."

You thought Tcl/Tk stands for 'obsolete GUI'? You define the looks of Tk as 'prehistoric'? Or do you visualize ugly interfaces when reading this? I certainly do. Mats Bengtsson writes: "Tcl's windowing toolkit, Tk, has been 'known' to be ugly and outdated. With the 8.5 release last December the tile package, now named ttk (Themed Tk), is included in the core which brings true native widgets on Windows (yes, Vista too) and Mac." But what about Linux? Mats points at tileqt and the new tilegtk and notes: "Imagine that you can switch theme, and toolkits, on the fly without any program restart." Finally, he mentions progresses in both tkpath and support for WebKit. He concludes: "When all this comes together it will make Tk a very competitive toolkit."

Good ol' Evert is at it again with another cool idea (following up on the excellent OCC BBQ is a tough one) with his latest idea for a Co-working/techhub/start-up center. It's a cool idea and I could see it working for lots of different types of companies, particularly sole-traders and small office setups. The benefits of mingling in this sort of environment seem to be many from basic social interaction and business networking to perhaps shared purchasing power even for those who just use it as a day office, once or twice a week.

mattmarlowe writes "Imagine if Red Hat released a version of Linux, and after it was deployed, customers noticed that any processes with a start date of today would refuse to run? Well, that's what happened to VMware... a company that wants nearly all server applications running in virtual machines within a matter of years." Supposedly a fix will be available... in 36 hours.

Read more of this story at Slashdot.

An anonymous reader writes "The latest proposed solution to the fact humans suck at using passwords properly is to let people use digital objects, like mp3s, photos or videos instead. A file is hashed into a unique, secure string that acts as the real password. A paper on the idea was put forward in a recent Usenix conference on hot topics in security, and a Firefox extension that implements the idea is available too."

Read more of this story at Slashdot.

The Free Software Foundation can cross off another item on its high priority list of applications that free software needs in order to compete. Version 0.6 of Marble, which ships with KDE 4.1, may not rival Google Earth just yet, but the underlying engine has the potential to do so in future versions. The main improvements needed to reach this stage are a lower level of detail and some additional views and integration into free online resources.

getdeb.net, a leading provider of new and updated programs for Ubuntu is announcing the start of a gaming repository for Ubuntu. The repository Playbuntu will provide all games available on getdeb.net in an easy to use repository format - enabling you to receive updates for your favourite game via the Update Manager tool. Additonally, if a game has several packages, installing them is quite easy as it’ll be automatically handled.

More here.

Full Story

It's funny to see how 'failwhale' has entered the lexicon of so many web users. I know it's harsh to put the boot in like this but the reality is that Twitter has some major issues that need to be taken seriously by those behind it but also by a number of its users. I remember when there were lots of people being vocal about ditching Jaiku in favour of Twitter. Now it seems like it was a mere veil to move to Twitter because they preferred it and just didn't know why! There's nothing wrong with that per se, as long as you can admit that it's personal bias. Anyway, the stability of Twitter has improved but there are still serious issues there and I can't see how buying Summize was a bright idea other than in a extend, embrace, extinguish kind of way. Twitter has inspired some fantastic apps though - look at Twitterfone.com so it's not a useless endeavour as there's a sound requirement for a site like Twitter. However, microblogging in a Twitter sense needs to be nimble and having the 'exchange' go down frequently just doesn't work.

That went surprisingly well which probably goes to show how idiot proof this cookie mix is. Brownies will be up next, though maybe not today as I think the sugar rush might be too much for me :) Heading over to http://www.spicendipity.com will get you a look at the various mixes.

Steve Friedl has a comprehensive guide to the Kaminsky DNS vulnerability. Lavishly illustrated with packet dumps and network traffic diagrams, it explains DNS and what Kaminsky found in great detail. "This has been an exceptionally serious vulnerability because it undermines the very faith in DNS: this is at the core of the internet. Most experts believe that if you can't trust DNS, all else is lost, and we're of this same mind."

Good overview on the current state of Linux wireless networking support

 Bookmark this on Delicious - Saved by SohKamYung to software LWN linux wireless hardware development - More about this bookmark

Red Hat's David Zeuthen blogged today about the huge patch he submitted to GTK+ that will allow the toolkit to achieve resolution independence - widget and font size adapting to your screen's real estate; no more tiny application lost in the corner of your high resolution screen. Although more work is obviously required, Zeuthen's idea is to use RI as the hot-new-feature selling point of the upcoming 3.0 GTK+ release. Discussion is going on in the gtk-devel mailing list and there is an ogg video of the feature in action.

These days alot of javascript libraries are released in packed format which is pretty much javascript compressed with Dean Edwards’ packer. It seems this trend combined with automated packing ends up with broken libraries. One of the errors I troubleshooted the other day affected the download manager at jquery ui using packed as the compression method. What you end up with when trying to use the packed library is the following error.

missing ; before statement

This is caused by people not following a core requirement of the packer.

Read more »

At the LinuxWorld conference, which is being held in San Francisco this week, the new LXDE Linux desktop environment has emerged as the belle of the ball. It has many of the same features as the heavyweight kings of Linux desktops (KDE and Gnome) but it's optimized for lighter hardware, like that found in the wildly popular "Netbook" class of ultra-portable sub-notebook computers.

"There are a ton of different paths that lead to doom," says Dan Kaminsky, who finally revealed the full details of a security hole that's rattled the net.

Openmoko has announced the forthcoming release ("under a Creative Commons License") of the schematics for its Neo 1973 and Neo FreeRunner phones. "Just as Free and Open Source Software provides source code information, open schematics provide vital information to engineers who may want to add functionality, external instruments or sensors, or assist the company in debugging problems, ultimately creating a better product for the entire mobile community."

Great work has been done by the Mozilla and Nokia mobile browser teams. As result we have a working Qt port based on the latest Mozilla trunk 1.9.x.

The port is fully compatible with the official Qt 4.4 release. It is also ready to run Firefox3.x and the TestQEmbed reference UI:

Qt Firefox3.x

TestQEmbed

You can download and try this X86 build

Sources are available for checkout and building from: hg:mozilla-qt branch.

Build instructions available in the Mozilla Wiki.

This port is not official yet, but we are working on it, see: bug 448989.

Additional information is available on Vlad's blog.

Feel free to build and test; if you have problems, please report them in Bugzilla.

Patches are welcome.

17 1

It is hilarious to read that MS is giving early access to patches to security vendors. Hmm. Let me understand this. There is a flaw. It can be exploited, but, hey, they want to sit around and chat about it. I seriously wonder how much of this is pure hype than of any value. I wonder when FOSS OSes will follow this model?

Canonical To Offer Alfresco Labs Pre-Packaged Within Ubuntu Distribution

Leading open source proponents take first steps to make enterprise solutions available to combined user base

Linux World EXPO, San Francisco — August 5, 2008 – Alfresco Software, Inc., the leader in open source enterprise content management (ECM), today announced that Canonical, the commercial sponsor of the highly regarded Linux distribution, Ubuntu, will offer Alfresco Labs 3 within a pre-built software download as part of its partner repository.  Using the simple apt-get command, end-users can execute a full installation, with all drivers and relevant dependencies pre-packaged.  This move provides Alfresco with a new platform from which to reach a rapidly expanding Ubuntu user-base.

Canonical To Offer Alfresco Labs Pre-Packaged Within Ubuntu Distribution

Leading open source proponents take first steps to make enterprise solutions available to combined user base

Linux World EXPO, San Francisco — August 5, 2008 – Alfresco Software, Inc., the leader in open source enterprise content management (ECM), today announced that Canonical, the commercial sponsor of the highly regarded Linux distribution, Ubuntu, will offer Alfresco Labs 3 within a pre-built software download as part of its partner repository.  Using the simple apt-get command, end-users can execute a full installation, with all drivers and relevant dependencies pre-packaged.  This move provides Alfresco with a new platform from which to reach a rapidly expanding Ubuntu user-base.

read more

Git Magic may not be exactly new, but some of us have stumbled across it later than others. It is a highly readable introduction to git with lots of examples of how to get things done. "As Arthur C. Clarke observed, any sufficiently advanced technology is indistinguishable from magic. This is a great way to approach Git: newbies can ignore its inner workings and view Git as a gizmo that can amaze friends and infuriate enemies with its wondrous abilities. Rather than go into details, we provide rough instructions for particular effects. After repeated use, gradually you will understand how each trick works, and how to tailor the recipes for your needs."