Showing posts with label linux. Show all posts
Showing posts with label linux. Show all posts

Monday, April 30, 2007

Gnome 2.19.1 Released

Gnome desktop screenshot
Enlarge picture

On the road to 2.20.0 Gnome has just reached the 2.19.1 release. What does it bring new compared to 2.18? Well, first of all it brings new documentation and translations (maybe just in case the previous were not enough), new features and new bug-fixes. This is a development release though; so many modules still need improvements. The Gnome developers encourage Linux lovers to compile and test this new release and offer some for download and for some compiling tools. For example for compiling Gnome 2.19.1 you can use Garnome, which can be found here and the release should be found here along with the release notes.



The Gnome 2.19.1 developers announced this release as a snapshot of development code that is mainly intended for testing and hacking purposes. The release is though buildable and usable. You can join the Gnome project too. Any Linux fan willing to help with the Gnome development is more than welcomed here. You do not have to be a programmer to join this project, as there are also a lot of things to be improved that do not require programming knowledge.

The Gnome project aims to create an easy-to-use computing platform out of completely free software. The Gnome project gathers a lot of software and it is used in conjunction with an operating system such as Linux or Solaris. It is also part of the GNU operating system, being its official desktop environment.

Gnome was set-up in August 1997 by the GNU project as an alternative to the KDE software desktop environment that relied on the Qt widget toolkit, which did not use a free software license at that time. Gnome was intended to create a new desktop without making use of the Qt libraries. Thus, instead of Qt Gnome uses GTK+ toolkit under the GNU Lesser Public License (LPGL).

Linux Kernel 2.6.21 Released

Tux
Enlarge picture

After two and a half months from the last release, Linus Torvalds has just announced today the final and stable release of the Linux kernel, version 2.6.21. The biggest change in 2.6.21 is all the timer changes to support a tickless system:


"If the goal for 2.6.20 was to be a stable release (and it was), the goal for 2.6.21 is to have just survived the big timer-related changes and some of the other surprises (just as an example: we were apparently unlucky enough to hit what looks like a previously unknown hardware errata in one of the ethernet drivers that got updated etc). [...] So the big change during 2.6.21 is all the timer changes to support a tickless system (and even with ticks, more varied time sources). Thanks (when it no longer broke for lots of people ;) go to Thomas Gleixner and Ingo Molnar and a cadre of testers and coders." - says Linus Torvalds.

Highlights of this release include:

• VMI (Virtual Machine Interface)
• KVM updates
• Dynticks and Clockevents
• ALSA System on Chip (ASoC) layer
• Dynamic kernel command-line
• Optional ZONE_DMA
• devres (optional subsystem for drivers)
• GPIO API

Here come the new drivers:

Graphics:

• Add fbdev driver for the old S3 Trio/Virge
• Driver for the Silicon Motion SM501 multifunction device framebuffer subsystem,

Storage devices:

• Add two drivers for the it8213 IDE device, one using the old IDE stack, and other using libata
• Add IDE Driver for Delkin/Lexar/etc.. cardbus CF adapter
• Add IDE driver for Toshiba TC86C001 (old IDE stack)
• Add SCSI driver for SNI RM 53c710
• Add driver for Initio 162x SATA devices

Networking devices

• Add driver for the latest 1G/10G Chelsio adapter, T3,
• Add driver for the Attansic L1 ethernet device
• Add driver for the Gigaset M101 wireless ISDN device
• Add PC300too alternative WAN driver
• Add driver for Silan SC92031 device
• Add driver for the Davicom DM9601 USB 1.1 ethernet device

Various

• Add driver to charge USB blackberry devices
• Add driver for iowarrior USB devices.
• Add support for the GTCO CalComp/InterWrite USB tablet
• New driver for the Analog Devices ADM1029 hardware monitoring driver

For a full change-log with all the new features, drivers and improvements, please visit this website.

The Linux Kernel is the essential part of all Linux Distributions, responsible for resource allocation, low-level hardware interfaces, security, simple communications, and basic file system management.

Linux is a clone of the operating system Unix, initially written from scratch by Linus Torvalds with assistance from a loosely-knit team of hackers across the Net. It aims towards POSIX and Single UNIX Specification compliance.

You can download the Linux kernel now from Softpedia.

Friday, March 16, 2007

Remote Exploit Discovered for OpenBSD

"OpenBSD is known for its security policies, and for its boast of "only one remote exploit in over 10 years". Well, make that two, because Core Security has found a remotely exploitable buffer overflow in the OpenBSD kernel. Upgrade your firewalls as soon as possible."

OpenBSD's IPv6 mbufs remote kernel buffer overflow



Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Date Published: 2007-03-13

Last Update: 2007-03-13

Advisory ID: CORE-2007-0219

Bugtraq ID: 22901

CVE Name: CVE-2007-1365

Title: OpenBSD's IPv6 mbufs remote kernel buffer overflow

Class: Buffer Overflow

Remotely Exploitable: Yes

Locally Exploitable: No

Advisory URL:
http://www.coresecurity.com/?action=item&id=1703

Vendors contacted:

OpenBSD.org

  • 2007-02-20: First notification sent by Core.

  • 2007-02-20: Acknowledgement of first notification received from the OpenBSD team.

  • 2007-02-21: Core sends draft advisory and proof of concept code that demonstrates remote kernel panic.

  • 2007-02-26: OpenBSD team develops a fix and commits it to the HEAD branch of source tree.

  • 2007-02-26: OpenBSD team communicates that the issue is specific to OpenBSD. OpenBSD no longer uses the term "vulnerability" when referring to bugs that lead to a remote denial of service attack, as opposed to bugs that lead to remote control of vulnerable systems to avoid oversimplifying ("pablumfication") the use of the term.

  • 2007-02-26: Core email sent to OpenBSD team explaining that Core considers a remote denial of service a security issue and therefore does use the term "vulnerability" to refer to it and that although remote code execution could not be proved in this specific case, the possibility should not be discarded. Core requests details about the bug and if possible an analysis of why the OpenBSD team may or may not consider the bug exploitable for remote code execution.

  • 2007-02-28: OpenBSD team indicates that the bug results in corruption of mbuf chains and that only IPv6 code uses that mbuf code, there is no user data in the mbuf header fields that become corrupted and it would be surprising to be able to run arbitrary code using a bug so deep in the mbuf code. The bug simply leads to corruption of the mbuf chain.

  • 2007-03-05: Core develops proof of concept code that demonstrates remote code execution in the kernel context by exploiting the mbuf overflow.

  • 2007-03-05: OpenBSD team notified of PoC availability.

  • 2007-03-07: OpenBSD team commits fix to OpenBSD 4.0 and 3.9 source tree branches and releases a "reliability fix" notice on the project's website.

  • 2007-03-08: Core sends final draft advisory to OpenBSD requesting comments and official vendor fix/patch information.


  • 2007-03-09: OpenBSD team changes notice on the project's website to "security fix" and indicates that Core's advisory should reflect the requirement of IPv6 connectivity for a successful attack from outside of the local network.

  • 2007-03-12: Advisory updates with fix and workaround information and with IPv6 connectivity comments from OpenBSD team. The "vendors contacted" section of the advisory is adjusted to reflect more accurately the nature of the communications with the OpenBSD team regarding this issue.

  • 2007-03-12: Workaround recommendations revisited. It is not yet conclusive that the "scrub in inet6" directive will prevent exploitation. It effectively stops the bug from triggering according to Core's tests but OpenBSD's source code inspection does not provide a clear understanding of why that happens. It could just be that the attack traffic is malformed in some other way that is not meaningful for exploiting the vulnerability (an error in the exploit code rather than an effective workaround?). The "scrub" workaround recommendation is removed from the advisory as precaution.

  • 2007-03-13: Core releases this advisory.


Release Mode: FORCED RELEASE
Vulnerability Description
The OpenBSD kernel contains a memory corruption vulnerability in the code that handles IPv6 packets. Exploitation of this vulnerability can result in:

1) Remote execution of arbitrary code at the kernel level on the vulnerable systems (complete system compromise), or;

2) Remote denial of service attacks against vulnerable systems (system crash due to a kernel panic)

The issue can be triggered by sending a specially crafted IPv6 fragmented packet.

OpenBSD systems using default installations are vulnerable because the default pre-compiled kernel binary (GENERIC) has IPv6 enabled and OpenBSD's firewall does not filter inbound IPv6 packets in its default configuration.

However, in order to exploit a vulnerable system an attacker needs to be able to inject fragmented IPv6 packets on the target system's local network. This requires direct physical/logical access to the target's local network -in which case the attacking system does not need to have a working IPv6 stack- or the ability to route or tunnel IPv6 packets to the target from a remote network.
Vulnerable Packages

OpenBSD 4.1 prior to Feb. 26th, 2006.
OpenBSD 4.0 Current
OpenBSD 4.0 Stable
OpenBSD 3.9
OpenBSD 3.8
OpenBSD 3.6
OpenBSD 3.1

All other releases that implement the IPv6 protocol stack may be vulnerable.
Solution/Vendor Information/Workaround
The OpenBSD team has released a "security fix" to correct the mbuf problem, it is available as a source code patch for
OpenBSD 4.0 and 3.9 here

The patch can also be applied to previous versions of OpenBSD.
OpenBSD-current, 4.1, 4.0 and 3.9 have the fix incorporated in their source code tree and kernel binaries for those versions and the upcoming version 4.1 include the fix.

As a work around, users that do not need to process or route IPv6 traffic on their systems can block all inbound IPv6 packets using OpenBSD's firewall. This can be accomplished by adding the following line to /etc/pf.conf:

block in quick inet6 all

After adding the desired rules to pf.conf it is necessary to load them to the running PF using:

pfctl -f /etc/pf.conf

To enable PF use:
pfctl -e -f /etc/pf.conf

To check the status of PF and list all loaded rules use:
pfctl -s rules

Refer to the pf.conf(5) and pfctl(8) manpages for proper configuration and use of OpenBSD's firewall capabilities.
Credits
This vulnerability was found and researched by Alfredo Ortega from Core Security Technologies. The proof-of-concept code included in the advisory was developed by Alfredo Ortega with assistance from Mario Vilas and Gerardo Richarte.
Technical Description - Exploit/Concept Code
The vulnerability is due to improper handling of kernel memory buffers using mbuf structures. The vulnerability is triggered by OpenBSD-specific code at the mbuf layer and developed to accommodate the processing of IPv6 protocol packets.

By sending fragmented ICMPv6 packets an attacker can trigger an overflow of mbuf kernel memory structures resulting either in remote execution of arbitrary code in kernel mode or a kernel panic and subsequent system crash (a remote denial of service). Exploitation is accomplished by either:
1) Gaining control of execution flow by overwriting a function pointer, or;
2) Performing a mirrored 4 byte arbitrary memory overwrite similar to a user-space heap overflow.

The overflowed structure is an mbuf, the structure used to store network packets in kernel memory.

This is the definition (/sys/mbuf.h):


We can see that the mbuf contains another structure of type m_ext (/sys/mbuf.h):


This second structure contains the variable ext_free, a pointer to a function called when the mbuf is freed. Overwriting a mbuf with a crafted ICMP v6 packet (or any type of IPv6 packet), an attacker can control the flow of execution of the OpenBSD Kernel when the m_freem() function is called on the overflowed packet from any place on the network stack.

Also, since the mbufs are stored on a linked list, another variant of the attack is to overwrite the ext_nextref and ext_prevref pointers to cause a 32 bit write on a controlled area of the kernel memory, like a user-mode heap overflow exploit.

The following is a simple working proof-of-concept program in Python that demonstrates remote code execution on vulnerable systems.
It is necessary to set the target's system Ethernet address in the program to use it.

The PoC executes the shellcode (int 3) and returns. It overwrites the ext_free() function pointer on the mbuf and forces a m_freem() on the overflowed packet.

The Impacket library is used to craft and send packets (http://oss.coresecurity.com/projects/impacket.html or download from Debian repositories)

Currently, only systems supporting raw sockets and the PF_PACKET family can run the included proof-of-concept code.

Tested against a system running "OpenBSD 4.0 CURRENT (GENERIC) Mon Oct 30"

To use the code to test a custom machine you will need to:
1) Adjust the MACADDRESS variable
2) Find the right trampoline value for your system and replace it in the code. To find a proper trampoline value use the following command:
"objdump -d /bsd | grep esi | grep jmp"
3) Adjust the ICMP checksum

The exploit should stop on an int 3 and pressing "c" in ddb the kernel will continue normally.


About CoreLabs

CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies.

We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies.

CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/


About Core Security Technologies

Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide. The company’s flagship product, CORE IMPACT, is the first automated penetration testing product for assessing specific information security threats to an organization. Penetration testing evaluates overall network security and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks.

Core augments its leading technology solution with world-class security consulting services, including penetration testing, software security auditing and related training.

Based in Boston, MA. and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com.

Gnome 2.18 Released

GNOME 2.18


GNOME 2.18 is the latest version of the popular, multi-platform free desktop environment, providing all the tools a user needs for everyday work, and a platform for developers to write new software.

GNOME's focus is ease of use, stability, and first class internationalization and accessibility support, so that GNOME and its applications are usable by anyone, anywhere. GNOME runs on a variety of platforms, including GNU/Linux (commonly called Linux), Solaris, HP-UX, BSD and Apple's Darwin. Work has been done in this release to make it easier to port GNOME tools to Windows as well.

GNOME is part of The GNU Project, and is Free Software.

GNOME 2.18 Release Notes


The Release Notes explain the contents of this release, showing what GNOME is, what's new, and how to get it, with links to further information.

The Release Notes are available in other languages: Arabic, Catalan, German, French, Lithuanian, Macedonian, Panjabi, Portuguese (Brazilian), Russian, Serbian, Spanish, Swedish, Thai.

We encourage you to submit screenshots of GNOME 2.18 to our gallery. You can check out the great screenshots submitted by our intrepid community. These shots demonstrate our users' beautiful desktops, as well as some of the new features in this version of GNOME.

Getting GNOME 2.18


LiveCD and Disk Images for Virtual Machines


To download and preview the latest version of GNOME, try our easy LiveCD. Download, burn, and reboot - Without touching your current system, it just shows you the latest and greatest in GNOME and beyond.

You can alternatively download a disk image, and launch GNOME in a virtual machine using your favorite virtualization software. You don't even have to leave your current system to try out GNOME!

The LiveCD and the disk images contain all of our supported languages.



GNOME in Distributions


Although Linux distributions and other flavors of UNIX do not immediately integrate new GNOME versions, in the next few months many of the biggest distributions will package and ship GNOME 2.18. To see the latest information about who is shipping GNOME 2.18, visit our Get Footware page.

Building From Source


Of course, our sources are always available so you can build GNOME from scratch. To ease the build, we recommend that you use GARNOME or jhbuild.

Source Tarballs:

Other Announcements


The Community Announcement is the official email announcing the release to the people who actually did the work.


Users




Developers







About GNOME · Download · Support · Community · Developers · Foundation · Contact




GNOME 2.18 (Simply Beautiful)


GNOME 2.18 is out, on time as usual. The top-class free desktop for the masses looks and feels better than ever. This is another progressive release in our road to perfection. It integrates another load of improvements done in the visual design, the performance of the desktop components, and the growing collection of integrated applications. The web browser and the themeable window manager are two good examples to check.








Personal security is now fully integrated into the desktop, allowing digitally signed communications, encryption of emails and local files, and user-friendly management of personal keys. Internationalization records progress in all directions, with support for vertical text layout and a full Arabic localization matching the quality standards. The official release incorporates essential tools for developers, which hopefully will contribute to get more and better software for the GNOME users.

What's more important, for the first time we ship online games, chess with a 3D look, and endless Sudoku entertainment.

The GNOME desktop is distributed through free and commercial operating systems including Debian, Fedora, Mandriva, OpenSolaris, RedHat, SLED and Ubuntu. GNOME is also present inside XO (the One Laptop Per Child device) and an increasing collection of mobile devices. Users can already get their hands on GNOME 2.18 trying our official live demos or the testing versions released by some distributions. Check the Get Footware page and give it a try.



In More Detail



Everyone




  • Tomboy, the note-taking applet, helps you to keep better track of your most important notes by pinning them, making sure they will always easier to find.

  • Using Tomboy to create lists is now as simple as adding a * or a -.

  • Never lose track of your work and pick up where you left off by finding the recently opened files, or just search for new distractions with the new Deskbar applet.

  • Find out where all your disk space is going with the new ring chart view in GNOME's Disk Usage Analyzer.

  • Save battery power with GNOME Power Manager's control over your processor.

  • Whether you have two monitors or not, the GNOME Document Viewer now supports opening multiple instances of a document at the same time.

  • Use the new history feature to navigate your documents like a web page.

  • Hand out better printed slide notes and keep your audience engaged with Evince's new presentation mode.

  • Digitally sign or authenticate your documents using Seahorse, the new front-end to GNU Privacy Guard.

  • Use Seahorse to manage the security of your desktop and your OpenPGP and SSH keys.










Developers




  • Create applications faster using the new Glade graphical interface builder.

  • Display all your reference documentation using the new integrated help system.

  • Improved bug reporting ensures that GNOME just keeps getting better.











Fun




  • Encode your audio in more formats including OGG, MP3 or even AAC!

  • Turn up the volume on your music and movies with the new and improved volume control that now supports advanced sound cards including the Audigy 2.

  • Take a break and try our two new games: Chess with glChess, where you can play either against a friend; or try to master the computer opponent or try yourself in solving a Sudoku with GNOME Sudoku, the Japanese crossword puzzle.

  • Challenge a friend to an online game of Nibbles, Iagno, or Four-in-a-Row.











Share Your Desktop




  • Connect to your desktop from anywhere in the world.

  • If you rotate your photos in the camera, they stay that way when you view them with the Eye of GNOME Image Viewer.

  • Show your friends how you customized your desktop from the login screen to the appearance of your favorite GNOME applications.











Universal Access




  • Added support for vertical text layouts in Chinese and Japanese.

  • Added New text-to-speech drivers including Loquendo, Cepstral Swift, and eSpeak.

  • Improved support for Orca.

  • Improved support for Chinese using the IBMTTS engine.

  • Improved support for Gnome Magnifier.

  • Added Thai dictionary to GNOME Dictionary.

  • Improved results display in GNOME Dictionary.











About GNOME


We produce free software that makes computers friendly, useful, and fun. We provide a graphical environment that is easy to use, a set of integrated programs, and tools to develop and maintain your own applications.

GNOME is available in dozens of languages. It is compatible with multiple operating systems. It works on home computers, laptops, mobile devices, supercomputers, and small embedded appliances. You can find GNOME across the world in homes, schools, offices, and probably also in your neighborhood.

GNOME has won a reputation for its simplicity and ease of use. We love software that just works: logical, clean, intuitive, and full of sense. Attention to detail is always appreciated: we polish interfaces as well as internal processes, in a constant search for beauty and integration.

The coordination of this large project relies on the GNOME Foundation, an open organization formed by volunteers, professionals and companies.

Learn more about GNOME's best assets at www.gnome.org.

Monday, March 05, 2007

Eric Raymond: Yes, "open source" is still meaningful

Mar. 01, 2007

Writing in O'Reilly's Radar, Nat Torkington argues that the term "open source" is becoming meaningless. He points to SugarCRM's badgeware, through which, he claims, only two-thirds of their code is downloadable, and rPath and MontaVista, which "sell software that works on Linux but the software itself isn't actually open source."

Open-source leader Eric S. Raymond replied to Torkington's essay in a letter to O'Reilly and several journalists, in which he asserted that the open source "label is still valid and important. I'm a pragmatist, so I'm not going to wave any flags or sing any anthems to argue this, just point out what has worked and continues to work."

"First of all, let's be clear about what 'open source' means," Raymond writes. "Software is 'open source' when it is issued under a license compliant with the Open Source Definition (OSD). Nothing any clueless or malevolent corporate marketer does can change that, because the term originated in the open-source developer community and only we have the authority to redefine it.

"If this seems excessively prescriptive to some readers, consider what would happen if a marketer tried to redefine the term 'electron' to mean 'proton', or 'big lump of green cheese', or something. This would instantly be recognized as absurd -- physicists own that term, and only they have the authority to redefine it," continues Raymond.

"Many of you know I'm a lexicographer as well as a hacker," Raymond has for many years been the maintainer of The New Hacker's Dictionary, which is available both online and from MIT Press. "I can tell you what people who make dictionaries think about controversies like this -- that technical terms of art belong to the expert communities that define them. Only *we*, the open-source community, get to redefine 'open source'," continued Raymond.

"And, occasionally, we do redefine it. OSI, the Open Source Initiative, added a tenth clause to the OSD a few years back to deal with click-wrap licensing. Right now, OSI is contemplating changes to deal with badgeware licenses of the kind Nat complains about. In doing so, OSI serves our entire community, and anyone get involved in the process through its license-discuss list."

Some companies, such as Alfresco Software, are already moving away from badgeware versions of the MPL (Mozilla Public License). In its case, Alfresco is going to the GPLv2.

"Normal evolution of the term within its defining community is one thing," explained Raymond. "Accidental or deliberate abuse of the term is another, and should be recognized and treated as such through education and persuasion and the occasional smack upside the head. Abuse is not a reason to abandon the term 'open source' any more than some fool babbling about big lumps of green cheese would be a reason to abandon the term 'electron'."

"Rather, abuse is a reason to *defend* and *explain* the term, so that it will continue to have a useful meaning. OSI does that. Nat's post amounts to asking if the community should give up the effort. I say certainly not. The only reason to abandon the term 'open source' would be if it no longer served a useful purpose, and there are at least two very large useful purposes that it does serve," said Raymond.

The OSI, which has been rather quiet lately, is becoming more active in attacking those who misuse the term.

According to Intel's senior director of open-source strategy and the OSI's secretary/treasurer, Danese Cooper, the OSI is aware that "Open Source is a big buzzword again now, and yes there are those (as there have been from the beginning) who are trying to understand how they can embroider over the edges of Open Source to achieve business goals nearly but perhaps not perfectly aligned with the spirit of the Open Source Definition."

Raymond continued: "Do we really need a reminder of why lots of people jumped on it in 1998? We had an image problem with people outside our community, especially businesses and governments. 'Free software' frightened them away; I thought 'open source' might attract them. Those of us who originally took the initiative in pushing it promoted 'open source' as a cold-blooded exercise in rebranding, and that worked; our community has ridden the label to levels of acceptance we barely could have dreamed of nine years ago."

"And guess what -- 'free software' *still* has an image problem, if only because the Free Software Foundation (FSF) has responded to the success of the 'open source' label by taking a position that is more purist, more territorial, *and thus more frightening*. By doing this FSF has ironically ensured that 'open source' would remain a necessary marketing hack in our community's relations with the rest of the world," declared Raymond.

Raymond isn't the only one who sees the FSF in this way. Some of the Linux kernel core developers strongly object to the FSF's proposed GPLv3. Others, such as Linux observer Bill Weinberg, believe that the GPLv3 threatens to fork GNU projects and marginalize the FSF.

Raymond continued, "But I think the more important purpose of the term 'open source' is not as a marketing hack but as a deliberately inclusive term for the entirety of a history and a culture that transcends any of our narrow internecine disputes about licensing and propaganda. Neither the FSF nor the OSI is the axis of that history."

"Our community didn't spring full-blown from Linus Torvalds's head, nor from Richard Stallman's, nor (perish the thought!) from mine," added Raymond. It includes 'free software' developers, but also tribes like those around BSD and X that are not centered on the GPL and rejected the term 'free software' with all its ideological baggage. And it includes many more to whom the GPL/anti-GPL dispute matters only a little if at all."

"'Open source' also properly includes a lot of pre-FSF history like the early IETF [Internet Engineering Task Force] and the Tech Model Railroad Club," continued Raymond. "It's now used retrospectively by people who lived that history. I have gradually come to understand that year zero of our movement wasn't 1985, the year FSF was founded. I now think perhaps it was 1961, the year MIT took delivery of the first PDP-1 and the earliest group of self-described 'hackers' coalesced around it."

Steven Levy's Hackers: Heroes of the Computer Revolution, is the best history of this period. It covers from those early days of the Tech Model Railroad Club to the first hackers, to Stallman, who Levy called the last of the true hackers.

"Adopting a more inclusive term for all this was good magic; it pulled people together, helping them recognize common ground and a common way of thinking and working," Raymond added. "I think this (unanticipated) effect on the hacker community's conception of itself turned out to be as important as the rebranding effects on the rest of the world, if not more so."

Raymond concluded, "The flip side is that if not for 'open source', the community we cherish would be a significantly poorer, smaller, and more fractured place today. That's reason enough to keep it."


-- Steven J. Vaughan-Nichols

Monday, February 26, 2007

Building A Linux Router

By Janne Nurminen
Expert Author
Article Date: 2003-08-06

Building a reliable, full-featured broadband router can be very easy and cost-efficient. This article is about building one for routing a LAN to the Internet with NAT (Network Address Translation -- Linux users also call it as IP Masquerading) using an old computer and a Linux micro-distribution designed to have very low hardware requirements. We'll end up having a very simple and stable system, yet featuring e.g. iptables based stateful firewalling and remote administration.

My brother had this old IBM Aptiva (which he had found from a trash can nearby his home) which happened to be just a suitable piece of hardware for the purpose:


  • Pentium 150 Mhz

  • 14 Megs of RAM

  • 1,6 GB Harddrive

  • Disk Drive

  • CD-ROM

  • 10 Mbps Network Interface Controller

  • Soundcard

  • Keyboard

  • Mouse

  • Video Card with 2 MB Memory, integrated to motherboard

  • IBM G50 14" Monitor


Choosing a suitable Linux Distribution

The basic idea was to build a router which would also provide firewall services to protect the internal network, and which could be administrated remotely. After doing a quick search, I found Coyote Linux which turned out to be just the perfect solution.

Basically, Coyote Linux is a single floppy distribution of Linux that is designed for the sole purpose of sharing an Internet connection. Being a single floppy distribution, it runs off of a single floppy disk and loads itself to RAM. The floppy itself can be created using either a Microsoft Windows wizard (!), or by using a set of Linux shell scripts. I created mine using the latter method.

Since the floppy was all that was needed, I decided to remove all unnecessary parts from the computer. This makes the machine a bit more silent and less heat-productive. I removed the hardrive, cd-rom and souncard, and replaced the old 10 Mbps NIC with two 100 Mbps NICs (the old one did have a Realtek chip on it, so it would've been supported, too). Luckily it had just the two needed PCI slots for the two network cards.

Creating a bootable floppy disk

The next thing to do was to create the boot diskette. I downloaded the Coyote Linux Floppy Creator Scripts (v1.32) and ran them on my laptop which runs Linux (yes, indeed do note that to run scripts on Linux you need a functioning Linux system ;-). The process itself is very straight-forward. But before you go, you need to know what modules need to be loaded in order to use your network cards. I used two identical D-Link cards which use the rtl8139 module. To find out which module you need, CoyoteLinux has provided a very good documentation, available in PDF format. Generally, more information can be found from the Linux Ethernet-Howto and Vendor/Manufacturer/Model Specific Information.

The script asks to make some trivial choices:

  • Please choose the desired capacity for the created floppy (3 choices)

  • Please select the processor type in the destination Coyote Linux system (2 choices)

  • Please select the type of Internet connection that your system uses (1. Standard Ethernet Connection, 2. PPP over Ethernet Connection, 3. PPP Dialup Connection, 4. ISDN Connection)

  • Does your Internet connection get its IP via DHCP? [y/n]

  • Install the Road Runner DEC protocol login software) [y/n]

  • Install the Big Pond login software? [y/n]

  • Do you want to enable the coyote DHCP server) [y/n]

  • Would you like to install sshd for secure remote access? [y/n]

  • Would you like to install Webadmin for system admin via a web interface? [y/n]

  • Would you like to create another copy of this disk [y/n]?


By default Coyote uses the following settings for the local network interface:
IP Address: 192.168.0.1
Netmask: 255.255.255.0
Broadcast: 192.168.0.255
Network: 192.168.0.0

These don't need to be changed (unless you need a whole lot of internal IPs, or want to to change the router's internal ip address).

Building the network

The next thing to do was to build the network. I attached a cable from the modem to the router's Internet network card, and from the router's local network card to the switch. All other computers were directly connected to the switch. The result is shown in the fine picture on the right. After that I booted the new Linux Router with the newly made boot disk. Then I adjusted the network settings accordingly for all the computers connected (c1 - c4).

On Windows: Control Panel -->
Network and Dial-Up Connections
--> Local Area Connection
--> Internet Protocol (TCP/IP)
:











IP address: 192.168.0.n
Subnet mask: 255.255.255.0

Default gateway: 192.168.0.1

DNS servers: ...



... where n of course needs to be a unique number for each machine (IP addresses could be obtained also automatically by enabling Coyote Linux DHCP server for internal network, if needed). On Linux netconf is a good tool for changing network settings.

http://koti.mbnet.fi/~keiky/misc/linux/router/imgs/ethernet_lan.png

After that I pinged other computers and - being in Finland - Nokia:











[jn@karelia docs]$ ping nokia.com

PING nokia.com (147.243.3.73) 56(84) bytes of data.

64 bytes from www.nokia.com (147.243.3.73): icmp_seq=1 ttl=246 time=48.7 ms

64 bytes from www.nokia.com (147.243.3.73): icmp_seq=2 ttl=246 time=98.9 ms

64 bytes from www.nokia.com (147.243.3.73): icmp_seq=3 ttl=246 time=19.8 ms

--- nokia.com ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2014ms

rtt min/avg/max/mdev = 19.825/55.839/98.974/32.702 ms



and hua! It worked! Next I unplugged the monitor and keyboard from the router and placed it in its final place.(1

Conclusion

Building a broadband router can be very easy and cost-efficient, and Coyote Linux Router is a very easy solution for the purpose.

Btw, becase the whole file system is just a RAM disk, the machine can be shutdown by just pressing the power switch like in the good(?) old DOS times..

References

1) Next time when booting the router it hung up because of a keyboard failure (of course I had to remove the router from its Final Place to be able to plug the monitor back and see what was going on). That was resolved by changing the proper BIOS setting.

First appeared at http://koti.mbnet.fi/~keiky/misc/linux/router/lnx_router.html

13 Things to do immediately after installing Ubuntu

1. Enabling/Adding Extra Repositories
Ubuntu comes by default with only some of the repositories enabled because of licensing issue since downloading certain codecs and apps may be illegal in some countries so you have to enable these repositories/add new repositories to enable installation of these packages.

To enable new repositories go to (System -> Administration -> Synaptic Package Manager ) , type in the root password .Then Go to (Settings -> Repositories ), there enable all the check-boxes to enable all the repositories you need .


Also for installing some apps extra repositories are needed since they are not in the default repositories so go to third Party and add the following there


deb http://givre.cabspace.com/ubuntu/ edgy main main-all
deb http://ntfs-3g.sitesweetsite.info/ubuntu/ edgy main main-all
deb http://flomertens.keo.in/ubuntu/ edgy main main-all




deb http://mirror.ubuntulinux.nl edgy-seveas all









After doing this exit Synaptic Package Manager Fire up Console and type the following command to import GPG keys .


wget http://flomertens.keo.in/ubuntu/givre_key.asc -O- | sudo apt-key add -

wget http://mirror.ubuntulinux.nl/1135D466.gpg -O- | sudo apt-key add -



After doing this your system should be ready for installing extra application.

2. Installing ntfs-3g

ntfs-3g this is necessary if you have a ntfs drive in your computer ( Usually Windows XP installs on NTFS drive) and you want to read and write data to the drive you have to install this .

This can be installed as following type the following at the command prompt

sudo apt-get update
sudo apt-get upgrade

sudo apt-get install ntfs-config

Then type the following command
gksu ntfs-config

This is automatic configuration of ntfs-3g , enable read , write support and it should be configured.


these commands would back up fstab file if configuration goes wrong.


sudo cp /etc/fstab /etc/fstab.bak
gksu gedit /etc/fstab


Now one more thing you want your windows (NTFS) drive to be mounted automatically add the following entries to /etc/fstab

/dev/
/media/ ntfs-3g defaults,locale=en_US.utf8 0 0



Where /dev/partition is the partition which is NTFS drive , in my case /dev/hda1
/media/ this is just the directory you want to use as a mount point where windows drive would be mounted , you can very well use any drive you like.

now Restart ubuntu your windows partition should be working well.

3. Making Windows see your Linux partition


Windows XP lacks support for reading and writing files to Linux file system however external utilities like free Ext2 File system for windows allows Windows XP to read and write files to a Ext2 , Ext3 file system however ReiserFS file system is not supported .

You can get Ext2 file system for windows at the following link : -
(www.fs-driver.org/download.htm)



4. Installing flash-plugin

Macromedia Flash player is not installed by default but since we would be surely needing it while browing the net , installing it is necessary
it can be installed by following command


sudo apt-get install -y flashplugin-nonfree

5. Installing Microsoft True Type Fonts

If you are making a jump from windows to ubuntu you would surely miss the true type fonts that Windows uses , since Microsoft has released them free so they can be installed without a hitch in ubuntu (Though not distributed with Ubuntu) .

sudo apt-get install -y msttcorefonts

6. Installing unrar

RAR is one of the very widely used archives on Windows , however unrar tool to decompress RAR is not shipped with distribution and has ti be installed manually.

sudo apt-get -y install unrar

7. Installing mpg123

mpg123 is a very nice command line based mp3 player that can play mp3 files even on a slow processor based computer , further installing this provides a way of playing mp3 files from within the nautilus file manager . Hence i recommend installing mpg123

sudo apt-get install -y mpg123

8. Installing Adobe Reader

Though ubuntu comes with default evince reader for viewing pdf files , but i am sure you would like to use more complete version of pdf reader Adobe Reader 7.0 which is quiet professional and
more robust , the Linux version of Adobe Reader 8.0 has not been released but the version 7.0 is available and could be downloaded from the following website : -

http://www.adobe.com/support/downloads/product.jsp?product=10&platform=unix


9. Installing DVD playback support

Now this is a contentious issue , in some countries playing DVD files through DEcss is illegal so use it at your own will , anyways to enable dvd playback issue the following command at the command line : -

sudo aptitude install libdvdcss2

Note : the above commands would only work if you have added the repositories i had mentioned before the Seveas repositories.

However if you do not have these Repositories installed issue the following command to install the DVD playback support : -

sudo /usr/share/doc/libdvdread3/./install-css.sh

10 . Installing the extra multimedia codecs,players

Now you would surely want to install all the codecs for playing various media files and the players primarily xine,vlc,mplayer issue the following commands to install the multimedia codecs.

sudo apt-get install gstreamer0.10-pitfdll gstreamer0.10-ffmpeg gstreamer0.10-gl gstreamer0.10-plugins-base gstreamer0.10-plugins-good gstreamer0.10-plugins-bad gstreamer0.10-plugins-bad-multiverse gstreamer0.10-plugins-ugly gstreamer0.10-plugins-ugly-multiverse libxine-extracodecs w32codecs
vlc mplayer

This command would install most of the codecs for gstreamer multimedia architecture and vlc media player and Mplayer , as well as the dll files codec (w32codecs) for decoding various files whoose open source decoder are not available.

11. Updating the system

After installing Ubuntu you would surely like to update the system so that all the packages on the system are up to date to new version of the software .
It can be done by following steps , go to (System > Administration > Update Manager)
Now press the Check button and then Install updates to start the installation of updates to the ubuntu system.


12 . Installing beagle

Now Ubuntu does not come with beagle pre-installed maybe because it is still not a final 1.0 release still it is very nice and efficient for searching files and directories on Linux providing features similar to Google Desktop Search and Mac OS Spotlight anyways to install beagle issue the following command at command line :

sudo apt-get install -y beagle


13. Installing gdesklets

gdesklets gives user a collection of impressive widgets that can be placed on desktop this is similar to feature available on Windows Vista and Mac OS X , it does provide quite a good look to the desktop.

To install gdesklets issue the following command at the command line

sudo apt-get install -y gdesklets

after installation go to (System -> Preferences -> Sessions) There go to Start up program and add gdesklets shell , now every time gnome loads up you should see your gdesklets on the desktop.

This is how my desktop looked like with all the desklets (Widgets )

Article written by : -
Ambuj Varshney
For Linux On Desktop (http://linuxondesktop.blogspot.com)
(C) 2007 Linux on Desktop

Saturday, February 10, 2007

Stand-alone controller runs Linux


 


United Electronic Industries has introduced the UEIPAC line of programmable automation controllers. These stand-alone modules contain an embedded computer running a standard Linux operating system, two Ethernet ports, a serial port, an SD card interface, an inter-PAC sync interface, and either three or six I/O card slots.

I/O boards add up to 150 analog inputs and 288 digital I/O channels. Other I/O boards add analog outputs, counter/timer channels, quadrature encoders, serial ports, CAN bus ports, and ARINC-429 interfaces. You can write your application on a PC and download it to the controller, which can then operate as a stand-alone unit. The modules operate in harsh environments from –40°C to +85°C, at 5g vibration, 50g shock, and up to 70,000 ft in altitude (for aerospace testing).

Prices: UEIPAC 300 (3 I/O board slots)—$1495; UEIPAC 600 (6 I/O boardslots)—$1795. United Electronic Industries, www.ueidaq.com/PAC.

Linux to power super-router

By Matthew Broersma, Techworld



A group of networking experts has launched a project designed to give Cisco's routers some open source competition.

The project, called the Open Linux Router, joins some other efforts at bringing open source into the world of routers, notably the Extensible Open Router Platform (XORP) sponsored by Vyatta, but aims to add features such as a file-sharing server and a firewall.

It is the brainchild of four Michigan university students, who acknowledged Vyatta as an inspiration but saw the need for a more expandable, easier-to-use system. The system, like XORP, is intended to run on off-the-shelf hardware, with enough modularity to allow it to run on anything from an embedded device to an enterprise server.

"These tools are wrapped up in such a way that the user does not need to know or fully understand their inner workings, only how to implement them," the developers said on the project's site.

Core to the project, announced late last month, is a simple interface that allows users to configure the device and add new features without extensive technical knowledge. One criticism of devices like the XORP or Asterisk's open source PBX is that the companies buying them don't necessarily have the technical knowledge to deal with maintenance.

While the Open Linux Router project is at an early stage, it is part of a growing interest in using open source to compete with companies such as Cisco in the realms of routers and PBXs.

For now, the movement is largely limited to small and midsize organizations and is focused around the Asterisk open-source private branch exchange and Vyatta open-source routers. Cisco and other old-time networking vendors certainly aren't yet shaking in their boots over it. But it's a growing movement that they ignore at their own peril; lower-cost, higher-function technologies have a way of replacing existing architecture far faster than vendors realize, open-source vendors say.

A tentative feature list for the Linux router includes SSL web interface, serial console, wireless support, VLAN support, packet filtering and other features. It is based on the Webmin configuration tool and initial code is available via Google Code.

The first substantial release of the project is scheduled for May or June, developers said.

Other Linux-based projects targeting firewall and network server include ClarkConnect, IPCop, m0n0wall, and Smoothwall.

Computerworld's Phillip Britt contributed to this report.

Monday, February 05, 2007

Linux Kernel 2.6.20 Released

"After two months of development, Linux 2.6.20 has been released. This release includes two different virtualization implementations: KVM: full-virtualization capabilities using Intel/AMD virtualization extensions and a paravirtualization implementation usable by different hypervisors. Additionally, 2.6.20 includes PS3 support, a fault injection debugging feature, UDP-lite support, better per-process IO accounting, relative atime, relocatable x86 kernel, some x86 microoptimizations, lockless radix-tree readside, shared pagetables for hugetbl, and many other things. Read the list of changes for more details."
In a widely anticipated move, Linux "headcase" Torvalds today announced
the immediate availability of the most advanced Linux kernel to date,
version 2.6.20.

Before downloading the actual new kernel, most avid kernel hackers have
been involved in a 2-hour pre-kernel-compilation count-down, with some
even spending the preceding week doing typing exercises and reciting PI
to a thousand decimal places.

The half-time entertainment is provided by randomly inserted trivial
syntax errors that nerds are expected to fix at home before completing
the compile, but most people actually seem to mostly enjoy watching the
compile warnings, sponsored by Anheuser-Busch, scroll past.

As ICD head analyst Walter Dickweed put it: "Releasing a new kernel on
Superbowl Sunday means that the important 'pasty white nerd'
constituency finally has something to do while the rest of the country
sits comatose in front of their 65" plasma screens".

Walter was immediately attacked for his racist and insensitive remarks
by Geeks without Borders representative Marilyn vos Savant, who pointed
out that not all of their members are either pasty nor white. "Some of
them even shower!" she added, claiming that the constant stereotyping
hurts nerds' standing in society.

Geeks outside the US were just confused about the whole issue, and were
heard wondering what the big hoopla was all about. Some of the more
culturally aware of them were heard snickering about balls that weren't
even round.

Linus

---
Shortlog since 2.6.20-rc7. Fixes, fixes.

There's a full ChangeLog together with the tar-ball and patches, but let
me just summarize it as: "A lot of stuff. All over. And KVM."

I tried rather hard to make 2.6.20 largely a "stabilization release".
Unlike a lot of kernels lately, there aren't really any big fundamental
changes to some core infrastructure area, and while we always have bugs, I
really am hoping that we fixed many more than we introduced.

Have fun. And remember: the thousandth decimal is, of course, 9. There
*will* be a test on this afterwards.

Adrian Bunk (1):
[NETFILTER]: nf_conntrack_h323: fix compile error with CONFIG_IPV6=m, CONFIG_NF_CONNTRACK_H323=y

Al Viro (12):
netxen patches
fix frv headers_check
mca_nmi_hook() can be called at any point
ide section fixes
endianness bug: ntohl() misspelled as >> 24 in fh_verify().
fork_idle() should be __cpuinit, not __devinit
__crc_... is intended to be absolute
efi_set_rtc_mmss() is not __init
sanitize sections for sparc32 smp
radio modems sitting on serial port are not for s390
uml-i386: fix build breakage with CONFIG_HIGHMEM
fix rtl8150

Alan (3):
pata_atiixp: propogate cable detection hack from drivers/ide to the new driver
pata_via: Correct missing comments
libata: Fix ata_busy_wait() kernel docs

Andrew Morton (2):
pci: remove warning messages
revert blockdev direct io back to 2.6.19 version

Auke Kok (1):
e100: fix napi ifdefs removing needed code

Avi Kivity (1):
KVM: fix lockup on 32-bit intel hosts with nx disabled in the bios

Bartlomiej Zolnierkiewicz (1):
via82cxxx: fix typo ("cx7000" should be corrected to "cx700")

Bob Breuer (1):
[SPARC32]: Fix over-optimization by GCC near ip_fast_csum.

Brian King (1):
libata: Initialize nbytes for internal sg commands

David C Somayajulu (1):
[SCSI] qla4xxx: bug fixes

Evgeniy Dushistov (1):
MAINTAINERS: ufs entry

Frédéric Riss (1):
EFI x86: pass firmware call parameters on the stack

Guillaume Chazarain (1):
procfs: Fix listing of /proc/NOT_A_TGID/task

Haavard Skinnemoen (1):
Remove avr32@atmel.com from MAINTAINERS

Jean Delvare (1):
via quirk update

Jeff Garzik (1):
x86-64: define dma noncoherent API functions

Jens Osterkamp (1):
spidernet : fix memory leak in spider_net_stop

John Keller (1):
Altix: more ACPI PRT support

Kai Makisara (1):
[SCSI] st: A MTIOCTOP/MTWEOF within the early warning will cause the file number to be incorrect

Ken Chen (1):
aio: fix buggy put_ioctx call in aio_complete - v2

Lars Immisch (1):
[NETFILTER]: SIP conntrack: fix skipping over user info in SIP headers

Li Yewang (1):
[IPV6]: fix BUG of ndisc_send_redirect()

Linus Torvalds (3):
Revert "[PATCH] mm: micro optimise zone_watermark_ok"
Revert "[PATCH] fix typo in geode_configre()@cyrix.c"
Linux 2.6.20

Magnus Damm (1):
kexec: Avoid migration of already disabled irqs (ia64)

Matthew Wilcox (1):
[SCSI] Fix scsi_add_device() for async scanning

Michael Chan (1):
[BNX2]: PHY workaround for 5709 A0.

Mike Frysinger (1):
alpha: fix epoll syscall enumerations

Nagendra Singh Tomar (1):
[SCSI] sd: udev accessing an uninitialized scsi_disk field results in a crash

Neil Horman (1):
[IPV6]: Fix up some CONFIG typos

Patrick McHardy (5):
[NETFILTER]: xt_connbytes: fix division by zero
[NETFILTER]: SIP conntrack: fix out of bounds memory access
[NETFILTER]: xt_hashlimit: fix ip6tables dependency
[NET_SCHED]: act_ipt: fix regression in ipt action
[NETFILTER]: ctnetlink: fix compile failure with NF_CONNTRACK_MARK=n

Peter Korsgaard (1):
net/smc911x: match up spin lock/unlock

Randy Dunlap (2):
[MAINTAINERS]: netfilter@ is subscribers-only
sysrq: showBlockedTasks is sysrq-W

Tejun Heo (1):
ahci/pata_jmicron: fix JMicron quirk

Vlad Yasevich (1):
[SCTP]: Force update of the rto when processing HB-ACK

Open Source Advocacy Group Quiet About Launch

"Yet another open source advocacy group is in the offing, but trying to keep the lid on until its official launch at LinuxWorld OpenSolutions Summit. Robin 'Roblimo' Miller ferrets out a few details of the nascent Open Solutions Alliance on Linux.com: 'Our anonymous interviewee says 'at least 10' companies have signed up, and that they are 'talking to dozens more.' While he refused to name any participants, Linux.com has confirmed that SpikeSource and JasperSoft are both involved.'" Linux.com and Slashdot are both owned by OSTG.

Friday, February 02, 2007

Fedora Core 7 Test 1 Released



Fedora Core 7 Test 1 has started appearing today on the mirrors worldwide, just as I am writing this:

"Just a quick blurb. Fedora 7 Test 1 has been released today. For this particular release, we only did a Desktop spin of the package collection. We are still fine tuning targetted spins of the collection as part of the merger of Core and Extras. We also produced a LiveCD that has the ability to install to your harddrive should you wish."

Fedora Core 7 is promising new features like:

• Rock solid wireless networking support;
• Wireless firmware;
• Pungi will be used for tree building;
• Fast user switching;
• RandR 1.2;
• KVM virtualization support;
• Boot and shutdown speed-up;
• New init system;
• rpm and yum enhancements;



libata will be used for PATA support;
• syslog to be replaced with syslog-ng;
• Improved firewire support;
• Real-time kernel;
• Tickless kernel support;
• Fix wakeups across the distribution;
• Encrypted file systems.

The Fedora Core 7 Schedule:

• 23 January 2007 - F7 Test1 development freeze
• 1 February 2007 - F7 Test1 Release
• 20 February 2007 - F7 FEATURE freeze / F7 string freeze / F7 Test2 development freeze
• 27 February 2007 - F7 Test2 release
• 19 March 2007 - F7 translation freeze / F7 Test3 development freeze
• 27 March 2007 - F7 Test 3 Release / Continual freeze. Only critical bugs fixed
• 5 April 2007 - Final devel freeze.
• 26 April 2007 - F7 General Availability

About Fedora Core:

The Fedora Project is a Red-Hat-sponsored and community-supported open source project. It is also a proving ground for new technology that may eventually make its way into Red Hat products. It is not a supported product of Red Hat, Inc.

The goal of The Fedora Project is to work with the Linux community in order to build a complete, general purpose operating system exclusively from free software. Development will be done in a public forum. The project will produce time-based releases of Fedora Core about 2-3 times a year with a public release schedule.

You can download Fedora Core 7 Test 1 now from Softpedia.

You can download Fedora Core 6 now from Softpedia.

10 Years of Pushing For Linux — and Giving Up

boyko.at.netqos writes "Jim Sampson at Network Performance Daily writes about his attempts over a decade to get Linux working in a business/enterprise environment, but each time, he says, something critical just didn't work, and eventually, he just gave up. The article caps with his attempts to use Ubuntu Edgy Eft — only to find a bug that still prevented him from doing work." Quoting: "For the next ten years, I would go off and on back to this thought: I wanted to support the Open Source community, and to use Linux, but every time, the reality was that Linux just was not ready... Over the last six years, I've tried periodically to get Linux working in the enterprise, thinking, logically, that things must have improved. But every time, something — sometimes something very basic — prevented me from doing what I needed to do in Linux."

Wednesday, January 31, 2007

The Road to KDE 4: Kalzium and KmPlot

Since not all of the development for KDE 4 is in base technologies, this week features two of applications from the KDE-Edu team: Kalzium, a feature-filled chemistry reference tool, and KmPlot, a powerful equation graphing and visualization program. Read on for the details.
These educational tools have received a lot of work for KDE 4. In particular, Kalzium and KmPlot developments are happening at an amazing rate.
Kalzium (the German word for Calcium) has been a part of KDE since version 3.1 and is now one of the most useful applications developed by the KDE-Edu team. Initially it was just a program that displayed the periodic table, alongside some useful numbers like atomic weights, boiling points, etc. It was later extended to include a lot of background information on the elements, and more detailed chemistry information (such as emission spectra) which made it a very useful chemistry reference.

In KDE 3.5.5 (which I used for these screenshots, even though 3.5.6 was released last week), Kalzium looks something like this when first loaded:

Kalzium in KDE 3.5.5
Click for fullsize.

You can see that the interface is pretty simple, and presents a lot of information. If you click on an element it brings up even more information on its properties.

The main user interface in KDE 4 does not look that different, except for the fact that Qt 4 introduces some appearance changes, and there are some more icons (some that haven't been drawn yet) in the toolbar. Here's a peek at Kalzium in the KDE 4 development series:

Kalzium in KDE 4x devel
Click for fullsize.

So Kalzium is visually quite similar between versions at this point. However, the important thing to note in the KDE 4 screenshot is the tools menu. In KDE 3.5.5, this menu contains only Plot Data and Glossary.

Plot Data shows the elements plotted in a variety of useful ways, such as mass, radius, electronegativity, etc. while the Glossary shows definitions for many of the more common chemical terms. It is apparently missing the above mentioned electronegativity, so evidently there is still room for improvement here. Making improvements to the Glossary would be a great opportunity for a chemistry-inclined person to contribute to Kalzium in KDE 4 without having to be a programmer.

Anyway, back to the new tools. I'll focus on a few of the newly developed tools that will make Kalzium even more useful in KDE 4:

The isotope table will display a list of isotopes and their decay methods - as a geologist for example, it is important for me to know that Potassium-40 usually decays by electron capture.

The new equation solver is also quite useful, as seen in the following screenshot provided by Kalzium lead developer Carsten Niehaus:

Kalzium Equation Solver in KDE 4x devel


You basically just punch in a chemical equation leaving letters in place of the numbers you are looking for, and it spits out a response. In high school chemistry, students are expected to be able to solve these sorts of equations manually, but like most equations, once you solve enough of them, it simply becomes tedious. This equation solver can save a lot of time for complex equations.

And finally, the most visible change to Kalzium is the inclusion of the Kalzium 3D work, which turns the program into a 3D molecule viewer. Initially, it was developed by the Kalzium developers for use in this application only, but some collaboration has since happened and it will now be using libavogadro a library jointly developed by the Kalzium and Avogadro developers.

According to the Kalzium developers work is progressing on porting the 3D modeller to use libavagadro, an effort led by Donald Curtis, providing a more general/powerful framework for rendering/manipulating molecules with Qt and OpenGL library. It is shared between Kalzium and Avogadro (and more). Avogadro is a much more advanced molecular modelling programs, useful for creating the actual molecule files, and doing quantum chemistry. Kalzium 3D will simply act as a viewer for files constructed using these programs.

Kalzium developer Benoît Jacob submits the following screenshot showing the 3D molecule viewer in action using the new Kalzium 3D functionality. This functionality is already SVN as this article goes to press, however work continues with libavogadro integration.

Kalzium 3d in KDE 4x devel
Click for fullsize.

Kalzium will likely ship with a library of common molecules ready to view provided by the BlueObelisk project. Thanks to the OpenBabel library, it should also be able to open molecule files in a huge variety of formats (I counted 62 file formats that it already supports).
On to our next KDE-Edu feature: KmPlot. For a while already, this application has had the ability to plot regular functions, parametric functions, and polar functions, as well as show derivatives (or regular functions) and a few other goodies. It has been useful as an equation visualization tool, but the interface has been awkward, with many little cluttered dialogs to fight with.

Below is KmPlot in KDE 3.5.5 with it's default settings, and three functions plotted, one of each type:

KmPlot in KDE 3.5.5


The dialogs used to plot these equations look something like this, except there is one unique dialog for each type of plot:

KmPlot dialog in KDE 3.5.5


Here's a quick look of the new KmPlot interface with the same three functions plotted. No more dialogs to mess with, and the plots can be in shapes other than square! Plus Qt 4 gives everything a nice anti-aliased touch.

KmPlot in KDE 4x devel
Click for fullsize.

KmPlot has received a huge amount of work, and should be one of the KDE 4's killer apps for students, engineers, and more. It plots differential equations now, has a new equation editor, and (as seen in the above screenshot) gives tips as to how to correct your equations.

The new equation editor is shown below with a differential equation being edited:

KmPlot equation editor in KDE 4x devel


As you can see, it's much easier to enter an equation when you can design the functions in a nice syntax checking editor like this one. There is a lot more work going into KmPlot than I can describe in just this article, so if you are interested in more information, check out its development status page.
KDE-Edu is a growing project, with many great applications being developed for a wide variety of age groups. They will have support for Windows and Mac as well, thanks to the improved QT 4 and KDE 4 libraries, and should become more popular programs as a result. Since there is so much great work happening here, expect some other KDE-Edu applications to show up in future articles.