Gobuntu: A Truly Free Linux Distro or a Free Drivers Experiment?

Gobuntu: A Truly Free Linux Distro or a Free Drivers Experiment?
November 8, 2007
By Roy Schestowitz

"It has nothing whatsoever to do with Freedom," argues one of Gobuntu’s contributors. The contributor, Keith G. Robertson-Turner, is a longtime, passionate advocate of free software. Before joining Gobuntu, he was among the first package maintainers on the Fedora project. Yet recently he opted to leave the Gobuntu project after what he sees as continued disappointment.

"In fact, [Mark] Shuttleworth has just confirmed on-list that his only interest is the kernel (i.e., disable as much of the contentious drivers as possible) ... and see what still works," he continues.

In contrast, Mark Shuttleworth, the founder of Ubuntu, disagrees with Robertson-Turner. The developer's complaints "reflect one person's recollection of a vigorous discussion on the Gobuntu development mailing lists," Shuttleworth replied in an email response to Robertson-Turner's claims. Indeed, in Shuttleworth's view, "Gobuntu is about building a platform that expresses freedom in software and in content." He urges those interested to read key parts of the Gobuntu mailing list (linked to below).

Before examining Robertson-Turner's experiences and findings, let's delve into a little background. Later on, internal problems will be explained and ways to improve Gobuntu's direction will be suggested.

What Makes a Linux Distribution Truly Free

A truly free GNU/Linux distribution is one that honors the idea that full access to and control over program source code is both valuable and necessary. Such a distribution should avoid software and hardware drivers that cannot be controlled by the user. Moreover, all expressions of creativity, including artwork, should permit derivative work. All in all, this ensures that there is no restriction that ties the user to the software and hardware vendors.

Continue...

Low Cost PC Server Device for Google Apps

An anonymous reader writes to mention that hardware hacking enthusiasts can now get their hands on the guts of the Everex TC2502 Linux PC for just $60 (USD). The compact x86-compatible "gOS Dev Board" offers a lightweight Linux-based OS designed for use with Google Apps.

" Along with a Firefox browser supporting the Google toolbar, gOS includes local productivity applications, such as OpenOffice.org. However, its main goal is "coherently packaging Google Apps to give users the idea that they can use Google as their main environment," explained Paul Kim, of Everex. "

Source: http://hardware.slashdot.org/article.pl?sid=07/11/07/2036249

Red Hat expands Linux server partners with Amazon

5.1 upgrade supports broader virtualization, software appliances and computing in the cloud

By Robert Mullins, Network World, 11/07/07



Red Hat is updating its Linux-based server operating system and offering a number of other related improvements aimed at helping the company assume a leadership role in enterprise computing. The enhancements include support for software appliances, improved virtualization, and a partnership with Amazon’s compute “in the cloud” service that lets companies tap additional computing capacity on demand via the Web and access software-as-a service offerings.

The strategy should “more than double our market share to power more than 50% of the world’s servers by 2015. That’s our goal,” said Paul Cormier, vice president of worldwide engineering for Red Hat.

Red Hat launched Red Hat Enterprise Linux 5.1 Wednesday, the first significant upgrade of its RHEL 5 operating system introduced in March. The upgrade and other related initiatives comprise Red Hat’s Linux Automation strategy. Key features include the following:

• Broader deployment of RHEL to virtual and physical servers and across a broad array of server platforms, including x86, x86-64, POWER, Itanium and mainframe servers.
• The ability for independent software vendors to deliver appliance-based solutions through the Red Hat Appliance Operating System to be certified for deployment on RHEL.
• A beta release of RHEL through the Amazon Elastic Compute Cloud (EC2) on-demand utility computing service. Amazon provides additional computing capacity to enterprises on a pay-per-minute use basis and now enterprises can access RHEL through the service.

The RHEL upgrades are designed to address the challenges CIOs face from their companies to expand network capability with a flat IT budget, said Scott Crenshaw, vice president of Enterprise Linux for Red Hat.

“We believe [this] will provide answers to the challenges CIOs face today by providing an infrastructure designed at its core for automation, where you can run any application anywhere at any time,” Crenshaw said on a Webcast devoted to the news.

Thousands of software applications are certified to run on RHEL, but hundreds more are offered each day, and the goal of Red Hat’s Linux Automation strategy is to certify them once to run on physical or virtual servers or on Amazon, Crenshaw said. “It’s our road map to extend the open source platform to eliminate the discontinuities that exist today in infrastructure silos,” he said.

Continued ...

Gentoo Linux Security User assisted execution of arbitrary code GLSA 200711-12

Gentoo Linux Security Advisory - Tomboy: User-assisted execution of arbitrary code (GLSA 200711-12)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Tomboy: User-assisted execution of arbitrary code
Date: November 08, 2007
Bugs: #189249
ID: 200711-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Tomboy doesn't properly handle environment variables, potentially
allowing a local attacker to execute arbitrary code.

Background
==========

Tomboy is a GTK-based desktop note-taking application written in C# and
the Mono C#.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-misc/tomboy < 0.8.1-r1 >= 0.8.1-r1

Description
===========

Jan Oravec reported that the "/usr/bin/tomboy" script sets the
"LD_LIBRARY_PATH" environment variable incorrectly, which might result
in the current working directory (.) to be included when searching for
dynamically linked libraries of the Mono Runtime application.

Impact
======

A local attacker could entice a user into running Tomboy in a directory
containing a specially crafted library file to execute arbitrary code
with the privileges of the user running Tomboy.

Workaround
==========

Do not run Tomboy from an untrusted working directory.

Resolution
==========

All Tomboy users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-misc/tomboy-0.8.1-r1"

References
==========

[ 1 ] CVE-2005-4790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4790

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200711-12.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHM2ejuhJ+ozIKI5gRArn0AKCHGvQMfReygx+CNJswcgHC5ZLT/QCdGyyf
HMULjLPDCYXxaJG4YGh5hU8=
=SZnY
-----END PGP SIGNATURE-----

Skype releases 2.0 for Linux with video calling and some bugfixes

The big takeaway from this Beta rev is video calling, as well as lots of related options.

Actually, the release version is 2.0.0.13, which can be downloaded from http://www.Skype.com/download

Here’s Skype’s take on what ’s new:

* feature: Video.
* feature: Option to automatically answer incoming calls (under Options -> Privacy).
* feature: Use user’s desktop locale if a locale hasn’t been set in client.
* video feature: Video Devices options dialog.
* video feature: Video Accept/Decline dialog.
* video feature: Full-screen video.
* video feature: Double-clicking on video window toggles full-screen video.
* video feature: Double-clicking on video preview in Options dialog will reveal full-screen myself preview.
* improvement: Add missing translation for Sign in window title.
* improvement: Change Calls Forwarded icon.
* improvement: Clean up button spacings in myself/credit bar.
* improvement: Don’t render Contact popups together.
* improvement: Fix call window minimum contact card height to match design specification more closely.
* improvement: Remove dependency on libsigc++.

This version also comes with some bug fixes from previous version:

* bugfix: API: OPEN ADDAFRIEND skypename should open Auth widget for skypename if they are not on the list.
* bugfix: API: Send CONTACTS FOCUSED properly.
* bugfix: API: Support ‘IN’ parameter for OPEN FILETRANSFER.
* bugfix: Add support for temporary and permanent API authorisation.
* bugfix: Allow language file to load before login screen.
* bugfix: Skype crashed sometimes when entering invalid Skypename in quickfilter
* bugfix: Capture SIGTERM for clean shutdown.
* bugfix: Catch exception when marking call events as read.
* bugfix: Change login window minimum height to 450 pixels.
* bugfix: Crash when Viewing Profile.
* bugfix: Don’t activate contact list and event history items based on stray ‘Enter’ signal from other applications.
* bugfix: Fix a crash on Sign out.
* bugfix: Fix for right-click contact menu not being updated in some circumstances.
* bugfix: Hide Create Conference Call and Change Password options when offline.
* bugfix: Make drag-and-drop file operations work on expanded contact cards.
* bugfix: Possibility to temporarily hide contacts completely.
* bugfix: Properly enable/disable Voicemail sub-options based on master option.
* bugfix: Purge logs if older than 30 days.
* bugfix: Pushing Enter on contact list now performs an action.
* bugfix: Trying to send/receive files with foreign characters fails sometimes.
* bugfix: Voicemail options dialog plays a bit nicer now.

Copyright © 2007 CNET Networks, Inc. All Rights Reserved