The LWN.net Weekly Edition for July 29, 2010 is available.

The openSUSE project has announced that Jos Poortvliet will be its new community manager. "Jos commented, 'The opportunity to become part of the international openSUSE community is very exciting. There are a great number of interesting developments going on in the free software world, and openSUSE plays a major role in many of them. I look forward to working with the community on these, helping it grow, finding new directions and ways of developing, and delivering its innovative technologies to users and developers around the world.'"

The KDE software collection has a new BlueTooth stack called "BlueDevil." "This release should be stable enough to be used by everybody, but we’re looking specially for advanced users with 'compiling skills' so we can get quick feedback and fix as many bugs as possible."

Debian has updated xulrunner (multiple vulnerabilities) and gnupg2 (potential remote code execution).

Red Hat has updated lvm2-cluster (RHEL5: local privilege escalation).

The WordPress community witnessed the end of a high-profile war of words last week when the distributor of a popular commercial theme for the blogging platform agreed to license some of his work under the GPL. But was that relicensing really necessary? This article looks at the nature of WordPress themes and why they are considered to be derived works based on WordPress itself.

Dave Neary has posted the highlights of his work to determine where contributions to GNOME come from. "While over 70% of GNOME developers identify themselves as volunteers, over 70% of the commits to the GNOME releases are made by paid contributors. Red Hat are the biggest contributor to the GNOME project and its core dependencies. Red Hat employees have made almost 17% of all commits we measured, and 11 of the top 20 GNOME committers of all time are current or past Red Hat employees. Novell and Collabora are also on the podium."

The much-anticipated release of GNOME 3.0—scheduled for September—has been pushed back to March 2011 due to quality issues in the code. The announcement was made at GUADEC (GNOME users' and developers' European conference), which is being held July 26-30 in The Hague, Netherlands. There will be a GNOME 2.32 release in September along with GNOME 3 beta. GNOME 2.32 will have the usual performance enhancements and bug fixes along with a new control center design, UPnP, and color management support. The extra time will be used to improve GNOME Accessibility support, GNOME Shell, and documentation for GNOME 3.0. There should be a press release on the GNOME web site before too long, stay tuned.

Channel Register reports that Novell is launching the SUSE Gallery. "It has been a year since Novell launched its SUSE Appliance Program, which offers a set of online tools, dubbed SUSE Studio, for spinning up software appliances based on its SUSE Linux distro. The appliance tools were aimed at software developers who wanted to code appliances for their own purposes - perhaps as a means of more easily supporting and redistributing their own application software to their customers - not for distributing software appliances to the general public. But that is precisely what some software developers want to be able to do, according to Joanna Rosenberg, ISV marketing manager at Novell, and so on the first birthday of the SUSE Appliance Program, Novell is opening up what it calls the SUSE Gallery."

Free Software Magazine looks at the use of MediaWiki by the Morevna Project. "Putting together a collaborative film production involves a lot of bits and pieces. Workflow is unclear at the beginning, and has to be developed organically. That argues against putting too much structure into the software that you use - otherwise it would straightjacket you. Furthermore, when you're working on an artistic project, you don't want to waste time developing (or fixing) software that doesn't work like you need it to. So it makes sense to use something that is well-tested. So, really, MediaWiki is a no-brainer." (LWN covered the Morevna Project last March.) (Thanks to Paul Wise)

CentOS has updated C5: firefox (arbitrary code execution), C4: seamonkey (arbitrary code execution), and C5: w3m (man-in-the-middle attack).

Fedora has updated horde (F13, F12: privacy compromise), imp (F13, F12: privacy compromise), openttd (F13, F12: denial of service), mingw32-libpng (F13, F12: buffer overflow and memory leak), turba (F13, F12: cross-site scripting), xulrunner (F13, F12: arbitrary code execution), libvirt (F13, F12: multiple vulnerabilities), F13: pidgin (denial of service), F13: mysql (denial of service), and F12: cups (multiple vulnerabilities).

Mandriva has updated php (2008.0, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0, 2010.0, 2010.1: multiple vulnerabilities) and samba (multiple vulnerabilities).

openSUSE has updated bogofilter (denial of service) and thunderbird (multiple vulnerabilities).

Red Hat has updated w3m (man-in-the-middle attack).

Ubuntu has updated likewise-open (unauthorized local access).

The media has been buzzing about a prototype tablet from India. This article in NetworkWorld is one of many covering a device that may be available in 2011. "The $35 tablet prototype from India will run a variation of the open source Linux operating system. It has 2Gb of RAM, but no internal storage--relying on a removable memory card. The device has a USB port, and built-in Wi-Fi connectivity. Seems like reasonable enough specs--especially for $35. On the software side, the $35 tablet has a PDF reader, multimedia player, video conferencing, Web browser, and word processor."

Gemini Mobile Technologies has sent out a press release announcing the availability (under the Apache license) of "Hibari," a non-relational database, implemented in Erlang. "Hibari is a database optimized for the highly reliable, highly available storage of massive data, so-called 'Big Data.' Hibari can be used in Cloud Computing Applications such as web mail, Social Networking Services (SNS), and other services requiring storage of tera-bytes and peta-bytes of new daily data."

Thomas Gleixner was recently invited to give the opening keynote at the 20th Euromicro Conference on Real-Time Systems, recently held in Brussels. He used this opportunity to talk about the disconnect between Linux kernel development and the academic research community as demonstrated by the history of realtime extensions to Linux. Now Thomas has written up his talk, along with some supplemental material and impressions from the conference, and contributed it to LWN. Click below (subscribers only) for a detailed look at how practical and academic realtime come together in Linux as only Thomas can tell it.

The 2010 Kernel Summit will be held in Cambridge, Massachusetts, on November 1 and 2, immediately prior to the Linux Plumbers Conference. The planning process for this year's summit has begun, and the program committee is looking for ideas on what should be discussed and who should be there. "The kernel summit is organized by a program committee, but it could just as easily said that it is organized by the whole Linux Kernel development community. Which is to say, its goals are to make Linux kernel development flow more smoothly, and what we talk about is driven by the work that is going on in the development community at large. So to that end, we need your help!"

The Diary Of An x264 Developer has an introduction to ffvp8. "Back when I originally reviewed VP8, I noted that the official decoder, libvpx, was rather slow. While there was no particular reason that it should be much faster than a good H.264 decoder, it shouldn't have been that much slower either! So, I set out with Ronald Bultje and David Conrad to make a better one in FFmpeg. This one would be community-developed and free from the beginning, rather than the proprietary code-dump that was libvpx. A few weeks ago the decoder was complete enough to be bit-exact with libvpx, making it the first independent free implementation of a VP8 decoder. Now, with the first round of optimizations complete, it should be ready for primetime. I'll go into some detail about the development process, but first, let's get to the real meat of this post: the benchmarks."

openSUSE has updated openldap (denial of service), rpm (privilege escalation), and seamonkey (multiple vulnerabilities).

Red Hat has updated firefox (RHEL 5, RHEL 4: arbitrary code execution) and RHEL 3&4: seamonkey (arbitrary code execution).

Slackware has updated firefox (arbitrary code execution).

Ubuntu has updated thunderbird (multiple vulnerabilities) and firefox (8.04 LTS, 10.04 LTS, 9.04, 9.10: arbitrary code execution).

The Electronic Frontier Foundation has announced that it has won three exemptions to the DMCA's anti-circumvention rules as part of the regular, three-year process. These include cellphone unlocking, fair use of DVD content, and, happily, liberating locked-down phones. "In its reasoning in favor of EFF's jailbreaking exemption, the Copyright Office rejected Apple's claim that copyright law prevents people from installing unapproved programs on iPhones: 'When one jailbreaks a smartphone in order to make the operating system on that phone interoperable with an independently created application that has not been approved by the maker of the smartphone or the maker of its operating system, the modifications that are made purely for the purpose of such interoperability are fair uses.'"

There are some interesting changes coming for Rawhide users, starting with the fact that systemd is now the default init system. The early reports are mostly about dependency issues; it's not clear that all that many users have gotten as far as running the new system yet. "I have tested all this quite extensibly on my machines, but of course, I am not sure how this will break on other people's machines. I sincerely hope I didn't break anything major with this transition. So please report bugs and don't rip off my head because I might have broken your boot... I didn't do it on purpose, promised!"

Meanwhile, the Fedora 14 branch is coming on July 27, with the added twist that the project is switching its CVS-based system over to git at the same time. For now, they will be mostly focused on just making it work, but there's some interesting ideas for the future: "Later on we will start to explore more interesting advancements such as automatic patch management with exploded sources, linking to upstream source repositories, automatic %changelog generation from git changelogs, or things I haven't even thought about."

Here is the text of a ruling by the US Court of Appeals in a suit by MGE UPS Systems against General Electric. The court has ruled that simply circumventing technical measures is not, by itself, a violation of the Digital Millennium Copyright Act. "However, MGE advocates too broad a definition of "access;" their interpretation would permit liability under § 1201(a) for accessing a work simply to view it or to use it within the purview of 'fair use' permitted under the Copyright Act. Merely bypassing a technological protection that restricts a user from viewing or using a work is insufficient to trigger the DMCA's anti-circumvention provision. The DMCA prohibits only forms of access that would violate or impinge on the protections that the Copyright Act otherwise affords copyright owners." What this ruling means in the long term - especially for defendants who are not GE - remains to be seen, but it is a step in the right direction.

The LiMo and GNOME Foundations have announced a new partnership. "Starting immediately, LiMo Foundation will become a member of GNOME Foundation's Advisory Board and GNOME Foundation will become an Industry Liaison Partner for LiMo Foundation. This development represents a natural formalization founded upon the significant use of GNOME Mobile software components within Release 2 and Release 3 of the LiMo Platform."