TechTarget reports on plans for the release of the System Center Operations Manager (SCOM) by Microsoft and Novell. "Microsoft and Novell Inc. said the two-year-old collaboration to better manage Windows and SUSE Linux will produce its first fruit in the first half of 2009. Novell will make available the Advanced Management Pack for SUSE Linux Enterprise for Microsoft System Center Operations Manager 2007 R2 in the first half of 2009 to coincide with the release of Operations Manager 2007 R2. Novell has not yet set a price. The management pack will supplement the monitoring assessment and deployment features in Operations Manager and let managers view information using one console, said Sanjay Sidhu, director of marketing and business development at Microsoft."

CentOS has updated kernel (multiple vulnerabilities). Debian has updated thunderbird (multiple vulnerabilities) and python (multiple vulnerabilities). Mandriva has updated dovecot (multiple vulnerabilities) and kernel (multiple vulnerabilities). Slackware has updated libxml2 (multiple vulnerabilities). Ubuntu has updated hplip (multiple vulnerabilities).

Wired covers the latest twist in the Hans Reiser murder trial. "Hans Reiser wants a trial do-over. Reiser is the Linux guru who in April was convicted of the first-degree murder of his estranged wife. He's the same defendant who, in exchange for a 15-to-life term instead of a 25-to-life term, brought authorities to the Oakland hills where he buried Nina Reiser's body. He even apologized for killing her. But in a handwritten appellate motion, he is appealing his conviction. Yet there's a glaring problem with this appeal, in which he claims he thought the deal would have only sent him away for three years, not 15-to-life."

The LWN.net Weekly Edition for November 20, 2008 is available.

rPath has announced that its rBuilder and the rPath Lifecycle Management Platform will now support Ubuntu and CentOS, SUSE Linux is already supported. "rBuilder is the category-defining build and release management system for creating virtual appliances and application images. The rPath Lifecycle Management Platform extends rBuilder with a comprehensive system for controlling the cost, complexity and risk of deploying, managing and maintaining application images in virtualized and cloud-based environments. The rPath approach assembles and binds application functionality with an operating system, creating a self-contained application image that can be easily deployed, managed and maintained."

Mitchell Baker reports on the state of Mozilla. Income continues to rise, and continues to come mostly from Google. Beyond that: "Our community remains healthy and vibrant. The percentage of code contributed to Firefox by people not employed by Mozilla remained steady at about 40% of the product we ship. This is true despite a significant amount of new employees in 2007."

The folks over at the Royal Pingdom blog have a comparison of uptimes and home page load times for the web sites of multiple Linux distributions along with Microsoft and Apple. Overall, the results of this month-long monitoring effort reflect quite well on Linux, but the authors are quick to caution that these numbers only reflect a particular point in time. Longer term monitoring is ongoing as well. "It is interesting to see that even with limited resources, many of the teams behind the various Linux distributions are managing a better homepage uptime and load time than Microsoft does, at least during this time period."

Fedora has updated geda-gnetlist (F8, F9: insecure tmp file usage), roundup (F8, F9: permissions bypass), cobbler (F8, F9: arbitrary code execution), libxml2 (F8, F9: multiple vulnerabilities), grip (F8, F9: arbitrary code execution), htop (F8, F9: process name sanitizing). Mandriva has updated libxml2 (multiple vulnerabilities). Red Hat has updated kernel (multiple vulnerabilities). rPath has updated libxml2 (multiple vulnerabilities). Ubuntu has updated libxml2 (multiple vulnerabilities).

Linux Journal takes a look at the E-Stewards certification program for electronic waste recyclers. "That old CRT monitor the size of a small fridge. The original Apple Newton that kicked the bucket and never woke up. The early-vintage musty VA Linux box - what happens to all of this e-junk after it, if ever, leaves your basement? Ideally e-junk lands at a reputable e-recycler with the equipment to safely recycle and/or dispose of these items that are very difficult to process. What happens frequently is that a less-than-reputable outfit will pack your e-junk onto a container and ship it off to a developing country with lax environmental and labor laws, where it will wreak havoc on the environment and poor people."

The Minimalist GNU for Windows (MinGW) project is a way to get GCC and tools like binutils working to build software for the Windows environment—something that might not sound very interesting to Linux users or developers. But there are a number of advantages to porting and regularly testing free software on Windows, as Red Hat's Richard Jones and Dan Berrange explain. Richard and Dan also describe Red Hat's involvement, how developers can participate, as well as how it all helps the free software cause. Click below, subscribers only, for the interview.

InfoWorld takes a look the Novell-Microsoft deal. "Whatever the implications for the greater Linux and open source worlds, Novell says the Microsoft deal has been good for its Suse Linux and for IT shops that use both Suse and Windows. Customers wanted a "bridge between Microsoft Windows and Linux," says Microsoft's Hauser. Customers also wanted peace of mind over potential intellectual property disputes, since those can take products off the market or result in additional licensing fees. About 100 customers are covered by the Novell-Microsoft agreement, she notes."

Mandriva has reported its financial and operating results for the 3rd quarter 2008. "Turnover for the quarter is 0.83 million Euros, trading revenue is 1.04 million Euros, costs are 1.67 million Euros and the operating loss is 0.64 million Euros. Turnover and operating results, compared with the 3rd quarter 2007, were 29 per cent down, costs fell by 5 per cent."

Cray has announced the availability of the Cray CX1 deskside supercomputer preloaded with Rocks+ 5, the commercial version of the Rocks Cluster Distribution for Linux users. "Rocks+ is the commercial version of the Rocks Cluster Distribution -- an end-to-end HPCC software stack, which includes the operating system, cluster management middleware, libraries, and compilers; with enterprise class commercial support from Clustercorp, which was founded by the leaders in the Rocks community. Available Rocks+Rolls include the Intel(R) Roll, PGI(R) Roll, OFED Roll, TotalView(R) Roll and Moab(R) Roll (Rocks+MOAB). Clustercorp also supports open source Rolls including the Torque Roll and SGE (Sun Grid Engine) Roll."

Ubuntu has updated mysql (denial of service), firefox and xulrunner (multiple vulnerabilities), clamav (arbitrary code execution). rPath has updated gnutls (man in the middle attacks). Mandriva has updated gnutls (man in the middle attacks), firefox (multiple vulnerabilities). Debian has updated libxml2 (multiple vulnerabilities). CentOS has updated libxml2 (multiple vulnerabilities).

The folks over at One Laptop Per Child News have information on this year's edition of the Give One Get One program. For $399, one can get an XO for some lucky child as well as donate one to a child in the developing world. This year, Amazon is handling the fulfillment which will hopefully alleviate many of the problems seen last year. Interested people should visit Amazon's XO site.

CentOS has updated firefox (multiple vulnerabilities). Gentoo has updated php (multiple vulnerabilities). Mandriva has updated clamav (arbitrary code execution). Red Hat has updated libxml2 (multiple vulnerabilities). rPath has updated enscript (multiple vulnerabilities). Slackware has updated gnutls (identity spoofing), net-snmp (denial of service), firefox (multiple vulnerabilities), seamonkey (multiple vulnerabilities).

Arjan van de Ven reports that kerneloops.org has recorded oops #100,000, just shy of its first birthday. The site gathers the output of kernel oops messages, which are the crash signatures from the kernel. The intent is to find out which are the most common in order to find and fix the underlying bugs. "Other than the top 2 items, which have patches, we've done a pretty good job of fixing the high occurrence bugs (excluding the binary drivers which we obviously cannot fix)" Click below for his full report.

Adobe has released an alpha version of a 64-bit Flash player 10 for Linux, ahead of either Windows or OS X versions. Users of 64-bit systems have had to deal with various workarounds for Flash support, so this is welcome news for some. More info can be found in the FAQ. (Thanks to Adam Gundy.)

pcc, the portable C compiler, has teamed up with the BSD Fund to try to attract donations to fund the completion of a "usable" 1.0 release. The BSD folks have long been dissatisfied with GCC, but Linux developers have eyed pcc (and others) as well. LWN looked at pcc a little over a year ago. (Thanks to Brian Plummer).

On November 12, the OpenMoko project announced that all of its system images had been removed from the download server. When users asked about what was going on, the answer that came back was: "The short story is that we are in a protracted battle with some patent trolls. Google for Sisvel. In order to get ourselves in a stronger position, we want to make sure no copies/instances/whatever of patent-infested technologies like MP2 and MP3 exist on our servers. Our phones never shipped with end-user MP3 playback features, but we want to use this opportunity to make sure it's not even in some remote place somewhere." The OpenMoko project did not need to run into this particular hassle.

The 2.6.28 process continues with the release of 2.6.28-rc5. Lots more fixes have been merged, as one would expect. The long-format changelog has the details.

The CE Linux Forum is sponsoring the Embedded Linux Conference to be held in San Francisco, April 6-8, 2009. The conference will be held in conjunction with the Linux Foundation Spring Collaboration Summit and is looking for interested folks to submit a presentation proposal. The deadline for submissions is January 16, 2009. More information including topic areas of interest can be found by clicking below.

Microsoft's Technet Magazine has a lengthy article on authenticating Linux clients with Active Directory. "Originally, Linux (and the GNU tools and libraries that run on it) was not built with a single authentication mechanism in mind. As a result of this, Linux application developers generally took to creating their own authentication scheme. They managed to accomplish this by either looking up names and password hashes in /etc/passwd (the traditional text file containing Linux user credentials) or providing an entirely different (and separate) mechanism."

Ubuntu has updated vm-builder (privilege escalation). SUSE has updated apache2, ipsec-tools, kernel-bigsmp, flash-player, mysql, ktorrent (various issues). Mandriva has updated firefox (multiple vulnerabilities). Fedora has updated clamav (F9, F8: multiple vulnerabilities), quassel (F9: issue with CTCP handling). The following packages and updates address multiple Mozilla related vulnerabilities: epiphany-extensions (F8, F9), devhelp (F8, F9), epiphany (F8, F9), cairo-dock (F8, F9), chmsee (F8, F9), firefox (F8, F9), blam (F8), evolution-rss (F8, F9), gnome-web-photo (F8, F9), galeon (F8, F9), gnome-python2-extras (F8, F9), liferea (F8), yelp (F8, F9), openvrml (F8), ruby-gnome (F8, F9), kazehakase (F8, F9), miro (F8, F9), seamonkey (F8, F9), xulrunner (F9), gtkmozembedmm (F9), totem (F9), google-gadgets (F9), mugshot (F9), mozoikko (F9).

The Linux Foundation has posted a set of photos from the 2008 Kernel Summit. If these pictures are to be believed, the Summit involved a lot of time spent consuming alcoholic beverages. But it was a more serious event than that, honest.

The LWN.net Weekly Edition for November 13, 2008 is available.

Here's a look at the LLVM 2.4 release on ars technica. "One very significant part of the LLVM effort is the Clang project, which aims to build a completely new LLVM front-end - one that can be used in place of the current GCC-based front-ends - for C-like languages. Clang is progressing rapidly and is already capable of compiling some C applications. Clang offers a lot of really compelling advantages over GCC. Some early benchmarks show that it delivers insanely fast compilation and much lower memory overhead. In some real-world tests, Clang is 2.5 times faster than GCC and uses five times less memory. It also uses less disk space during the compilation process."

MozillaZine reports on release of new versions of Mozilla Firefox and SeaMonkey. "Mozilla Firefox 3.0.4, Mozilla Firefox 2.0.0.18 and SeaMonkey 1.1.13 have been released. These releases contain several critical security updates, which include patches for crashes and remote code execution. All users are encouraged to update to the latest versions."

The 2.6.27.6 stable kernel update is out, a little sooner than expected. It contains yet another long list of fixes, one of which has a CVE number attached.

Dave Phillips introduces OpenSound Control (OSC) in a Linux Journal article. "The history of OSC begins with the history of MIDI. When the major hardware synthesizer manufacturers adopted MIDI as a standard for interdevice communications it was widely and justly hailed as a breakthrough in music technology. Armed with a computer, the appropriate software, and a few synthesizers a single musician could write, record, and produce an entire piece with no other assistance. MIDI revolutionized the music industry, and its continued use is a good measure of the success of the standard. However, MIDI is far from perfect, and many musical purposes are not served well or at all by MIDI software and hardware. As a result, alternative protocols have been advanced."

CentOS has updated seamonkey (multiple vulnerabilities). Debian has updated libcdaudio (arbitrary code execution). Fedora 8 has updated optipng (buffer overflow) and libpng (denial of service). Fedora 9 has updated optipng (buffer overflow) and libpng (denial of service). Mandriva has updated gnutls (certificate spoofing). Red Hat Enterprise Linux has updated seamonkey (multiple vulnerabilities) and firefox (multiple vulnerabilities). rPath has updated initscripts (multiple vulnerabilities), kernel (multiple vulnerabilities) and net-snmp (denial of service).

Canonical has announced a plan to put Ubuntu onto the ARM architecture. "ARM and Canonical Ltd, the commercial sponsor of Ubuntu, today announced that they will bring the full Ubuntu® Desktop operating system to the ARMv7 processor architecture to address demand from device manufacturers. The addition of the new operating system will enable new netbooks and hybrid computers, targeting energy-efficient ARM® technology-based SoCs, to deliver a rich, always-connected, mobile computing experience, without compromising battery life."

A blog series from user planetbeing describes an ongoing effort to put Linux on the iPhone. The Why iPhone Linux? posting explains: "Porting Linux to the iPhone is an arduous project. We will be trying to develop an entire suite of device drivers for undocumented hardware and then attempt to run a full-fledged operating system on it. This thread speculates "10 days" or "3 hours" as the amount of time it'd take to get Linux up and running on the iPhone. Perhaps this figure would be accurate on a x86 platform, or other platforms with hardware for which device drivers are already written or for which at least documentation is available, but we have no such luck on the iPhone." (Thanks to Mattias Mattsson).

Novell has announced a transition program to help companies move to SUSE Linux. "The new program is in response to growing customer demand for help as they make the strategic decision to transition their data center Linux infrastructure from existing third-party distributions, such as Red Hat Enterprise Linux and CentOS, to SUSE Linux Enterprise Server." Once upon a time, distributors competed mostly against Unix and Windows; now they are starting to compete more strongly against each other.

Debian has updated ekg (denial of service). Red Hat has updated httpd (multiple vulnerabilities), gnutls (man in the middle attacks). Slackware has updated gnutls (man in the middle attacks).

KDE.News covers the KOffice Sprint, held in Berlin. "Talking to developers revealed the status of several of the applications. The many changes in the core of KOfficelibs but also further down the stack, like KDELibs and Qt 4 forced Kexi to rewrite large parts of the application. This means despite the fact the KDE 3 version was very mature and stable, Kexi won't be joining the 2.0 release. Nonetheless, the developers stress that version 1.6.x is still ahead of the competition, at least in the Free Software world."

Groklaw continues an analysis of the Bilski case, which is about the patentability of business methods. "I know. It takes us into OMG territory. It's what Bilski was trying to address. The AT&T decision built on and depended on State Street, and Judge Mayer is saying that State Street came out of the blue, contradicting prior common law and the patent statutes, and it really needs to be clearly killed off and buried, along with any of its children, because it was a mistake, one that launched what he calls "a legal tsunami" of regrettable patents on what ought to be the unpatentable."

Debian-Administration.org has made an attempt to reproduce the five-second Linux boot experiment using Debian. "Inspired by this work, and because I have the same laptop, I decided to try to reproduce their results. So far I have not come very close to their 5 seconds, but I have made some significant improvements compared to the default boot time for Debian on that machine; this article describes what I've done."

At the recent co-located NLUUG and Embedded Linux conferences, Harald Welte gave a keynote presentation regarding how companies could do better in supporting Linux and free software. His talk, entitled "How chipmakers should (not) support free software" looked at many reasons why chip vendors should provide better support for free software, as well as how they should go about doing that. Click below, subscribers only, for a report on Welte's keynote.

CentOS has updated httpd (denial of service) and gnutls (identity spoofing). Fedora has updated blender (F8, F9: local code execution), gnutls (F8, F9: identity spoofing), and kvm (F8: heap overflow). Red Hat has updated two proprietary packages: acroread (multiple vulnerabilities) and flash-plugin (ten different CVEs addressed). Ubuntu has updated gnome-screensaver (information disclosure and authentication bypass).

Timothy Lee has posted a lengthy paper on the network neutrality debate. One can guess its conclusions simply by noting that it is hosted at the Cato Institute, but those conclusions are backed up by substantial research and reasoning. "Yet many deregulationists underestimate the importance of the Internet's end-to-end architecture and are too cavalier about abandoning the neutral network for a tiered, filtered, more centrally managed one. The decentralization made possible by the Internet's open architecture is the key to its astonishing growth, and there is little reason to think that it would be improvement for the Internet's decentralized 'dumb' architecture to be replaced by a more centralized 'smart' one." Worth a read for those who are interested in this subject.

InfoWorld reviews several small Linux distributions. "SliTaz Linux is a unique Linux breed created from scratch by Christophe Lincoln. Heavy application of gzip and lzma compression, plus removal of everything but 'the minimum necessary to make it work' (in the estimation of SliTaz's creator) have reduced its boot image to a remarkable 30MB."

Terra Soft Solutions, home of Yellow Dog Linux, has been acquired by Fixstars Corporation. "The new subsidiary "Fixstars Solutions, Inc.", of San Jose, California, maintains the entire Terra Soft staff, product line, and regional offices in Loveland, Colorado." Former Terra Soft CEO Kai Staats is now COO of Fixstars Solutions.

The three-year-long story of the em28xx video acquisition driver is, in some ways, a classic tale of a developer's inability to work with the kernel community. But it also has the potential to become a lost opportunity for Linux developers and users. This article (from this week's Kernel Page, subscribers only) looks at the history of this driver and the decision which must now be made on its inclusion.

Debian has updated net-snmp (multiple vulnerabilities). Fedora has updated moodle (F8, F9: remote command execution). Gentoo has updated Gallery (multiple vulnerabilities), faad2 (buffer overflow), and graphviz (buffer overflow). Slackware has updated cups (multiple vulnerabilities). Ubuntu has updated dovecot (denial of service).

Version 2.4 of the LLVM compiler is out. "LLVM 2.4 includes many bug fixes, much faster compile times at -O0, substantially better code generation in various cases, a new PIC16 target, new IR features, and numerous other improvements and features." Lots of details can be found in the release notes.

The Debian Project has announced "Debian Pure Blends" - essentially a rebranding of the concept formerly known as "custom Debian distributions." "We realised that the old name Custom Debian Distributions just sended the wrong message to outsiders: The conclusion that CDDs are something else than Debian was too 'obvious' if people did not read the relevant documentation." It looks a lot like Fedora's "Spins," but without the worry about what deserves to be called a "Pure Blend" and what does not. More information can be found on the wiki and in this detailed paper.

The 2.6.25.20 and 2.6.26.8 stable kernel updates are available. They both contain a long list of fixes, and both are intended to be the last in the series. Users who are dependent on these updates will want to consider moving to 2.6.27 in the near future.

Linus has released the 2.6.28-rc4 prepatch. "Nothing hugely exciting here. Various small fixes all over. There's a delayed FAT update which includes some movement of files around, and there's two fixes for some really long-standing problems (not really regressions, but nasty bugs) in Unix domain file descriptor passing." See the long-format changelog for all the details.

The 2.6.27.5 stable kernel update is available. "It contains a wide range of bugfixes, and all users of the 2.6.27 kernel series are strongly encouraged to upgrade. Very strongly. Did I mention that you all should upgrade? Seriously, what are you waiting for? Running those old kernel trees prior to .27? Are you crazy? You really want to run this one. It's all shiny new and has that lovely new-kernel smell that we all know and love." For people running those older kernels, the 2.6.26.8 and 2.6.25.20 updates are currently in the review process with a likely release on Monday, November 10.