LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for March 1, 2007Codifying the meritocracyFree software communities are often described as being meritocracies - those who do the most, best work rise to positions of relative power and influence. The truth tends to be a bit more complicated than that; though. Politics and social "coolness" play a role in any community; free software is not exempt from the forces which act on any group of people. Projects dominated by a single company can also have a tendency to prioritize corporate control over merit. Even so, in a project of any size and independence, at least a shadow of the meritocratic ideal can be seen. Solid contributions lead to respect and influence.That does not keep people from wanting to tweak the system, however. A number of projects, for example, would like to find ways to broaden the definition of merit beyond simple contributions of code. Finding ways to motivate documentation writers, artists, and reviewers is a common topic of discussion, for example. There is also interest in making the meritocracy more fair; that, in turn, can lead to an attempt to codify the merit system into a formally-described system. The Debian Developer gauntlet is one longstanding example of a formal system; nobody can reach developer status without having gone through the seven-step process of convincing the project of their skills, commitment to free software, and more. This process is not perfect; in particular, it can take a very long time for a prospective new package maintainer to be accredited by the project. But it does help ensure that Debian maintainers are committed and able to do the job. Now the Fedora Project is considering a formal system of its own - but this project, it seems, is not satisfied with just approving maintainers. Instead, the proposal currently under discussion would create a full seven levels of developer "merit." These levels would be:
Developers who just want to maintain a few packages but who are not otherwise interested in influencing the direction of the project are likely to operate at the FD1 or FD2 levels. The proposal suggests that many Red Hat engineers would find their homes at those levels. There is a rough set of proposed rules on how promotion through the ranks would be handled. Some criteria would be established:
Example: FD3 requires 17 quality reviews or 9 owned packages and
shows clear competence in package guidelines. FD4 requires a
history of giving opinions or helping others when needed in
addition to other technical requirements...
Sponsor-level developers would have the power to promote anybody, possibly with a requirement that a certain number of other high-level developers agree. There is an interesting suggestion that promotion to the top level could require votes from a relatively large number of lower-level developers - promotion from below, in other words. There is a brief mention of a demotion process as well, though it is short on details. This whole system may seem rather bureaucratic, and perhaps it is. The proposal is clear on why the project might want to impose this on itself:
As the project grows, you can't possibly know all contributors on
the other side of the project. Viewing that member's stat page
gives you a convenient snapshot of what they are working on, who
they work with, who sponsored, who promoted, etc.
Fedora is a project which is trying to open itself up in a hurry. Its developers want to let outsiders come in and take responsibility for pieces of the distribution, but they are understandably reluctant to throw the doors open wide. So they need a process; the proposal discussed here is a starting point for the development of that process. By taking this approach, Fedora would appear to be breaking new ground in an attempt to formalize how the meritocracy works. It will be interesting to see how this experiment works out.
Major systems vendors and LinuxIt would seem that the folks at Dell recently asked their customers for ideas on how to sell them more systems. The most popular idea: sell laptops and desktop systems with Linux installed. Dell's response, so far, seems half-hearted. The company will "certify" SUSE Linux (and, perhaps, some other distributions) on some of their systems, but still will not offer pre-installed systems. That is a shame; one assumes that many of the people asking for Linux are not, necessarily, asking for the character-building experience of installing it themselves. Still, a "certification" that Linux should work on a given system has its value.Companies like Dell will start selling Linux-installed systems when they see that there is money to be made by doing so. Or, if they fail to serve a real market, other companies will certainly jump in. Helping these companies see an opportunity in Linux-installed systems requires that those of us with an interest in such systems let the vendor know that we would buy them - and that we follow through when the products are made available. Pre-installed systems have a number of advantages, starting with the fact that they are an existence proof that Linux will run properly on the hardware. Even if the user eventually upgrades the system or installs another distribution altogether, the software mix and configuration files which came with the original system can be invaluable. Not having to put together a working X configuration, for example, can save a lot of time and pain. This remains true even in 2007, when distributors have been working for a decade (or more) to eliminate as much installation pain as possible. By eliminating the installation uncertainties, pre-installed systems lower the barrier to entry for those who would like to give Linux a try. When pre-installed, desktop-oriented systems are readily available, it stands to reason that the overall usage share of Linux in desktop environments will grow. In time, that growth will bring us greater mindshare - and more developers. The biggest advantage of all, however, is likely to come from a different direction. It is well known that certain vendors are not particularly concerned about whether their offerings work with free software. No amount of pressure from individual customers is likely to have much effect in changing their point of view. Should a company like Dell get into the desktop Linux business, however, that company will have a great interest in working with Linux-compatible hardware. When large systems vendors start telling the hardware manufacturers that they need to make Linux-compatible devices, those manufacturers will tend to listen. To this end, when we ask for systems with Linux installed, it is good to be specific: we want systems which work with 100% free software. A system with binary-only drivers is not the pre-installed "Linux system" that many or most of us have in mind. If a company like Dell starts shipping proprietary modules, chances are good that it will discover the associated hassles (supporting an undebuggable kernel, potential legal issues, etc.) in a hurry and change its ways. But it would be better if that discovery phase could be shorted out altogether. Making sure that the vendors know what we have in mind when we ask for "Linux systems" can only help make things happen that way. The plan for World Domination is sometimes a little vague on the details. Widespread availability of Linux-installed systems is certainly an important milestone on that plan, one which many of us expected to see some years ago. The fact that Dell's customers are calling for pre-installed systems in greater numbers suggests that we may be getting closer to achieving that objective at last. Perhaps one of these years, sometime soon, really will be the year of desktop Linux.
Another attempt at DMCA reform - sort ofThe Electronic Frontier Foundation has sent out an action alert urging U.S. citizens to support the passage of the FAIR USE act [PDF]. This bill is congressman Rick Boucher's latest attempt to curb some of the worst excesses of the Digital Millennium Copyright Act. It may well be worth supporting, but this bill falls far short of what is really needed - especially from the free software community's point of view.There are some steps in the right direction. One bit of text added to the DMCA by the FAIR USE act would be:
CERTAIN HARDWARE DEVICES.--No person shall be liable for copyright
infringement based on the design, manufacture, or distribution of
a hardware device that is capable of substantial, commercially
significant noninfringing use.
This is a legal codification of the "Betamax decision" which made it legal to sell videocassette recorders in the US. It makes obvious sense: just like knives and cars can be sold despite their obvious potential illegal uses, gadgets are legal even if somebody can do Something Bad with them. The text only applies to hardware, though; software gets no similar protection. And we have already seen how the "commercially significant" language can bite us; some courts have been happy to see free software as not being "commercially significant." The bill puts limits on damages which can be imposed for "secondary infringement," which, again, should reduce worries for gadget makers who are afraid of being sued. Finally, the bill would codify the exemptions to the DMCA's anti-circumvention provisions which have been approved by the Librarian of Congress to date. There are six of them, allowing for limited circumvention for classroom use, to get at obsolete software, to enable reading ebooks aloud, to bypass the SonyBMG CD rootkit, and a couple of others. In addition, the bill would create exemptions for those creating compilations of audiovisual works, skipping commercials or "personally objectionable content," transmitting content over a home network (sometimes), getting at public domain works, or performing research, criticism, or news reporting. In each case, the exemption is for people "solely" engaging in the exempt activity, so the law will not legalize DeCSS on the basis that it can be used to skip the leading commercials on DVDs - something your editor finds highly "personally objectionable." More to the point, however: this bill does not make any fundamental changes to the anti-circumvention provisions of the DMCA. It would make the next Jon Johansen or Dmitry Sklyarov no safer in the U.S. Anybody writing free software which can be seen as a circumvention tool would be just as threatened by the DMCA after passage of this law as before. It is nice that, say, manufacturers of garage door openers would not be subject to silly lawsuits, and it is nice that some exemptions would be codified into law. Perhaps there is enough merit in those changes to make the FAIR USE act worth passing. But it is not a DMCA reform, it does not make it legal to distribute a free DVD player in the U.S., and it does not remove the legal threat against free software developers. That sort of reform, it seems, is not on the agenda this year.
Security Hunting for RootkitsAdministrators like to know what processes are running on their machines, with good reason as they are responsible for ensuring that no unwanted or malicious software is present. Rootkits are a means of evading administrators, hiding the presence and the execution of certain programs. Probably the most famous rootkit is the one that Sony so helpfully installed on Windows boxes when their owners tried to play a copy-protected audio CD, but they exist for Linux as well. It is critical for administrators to understand what rootkits can do and how they do it in order to protect their systems against this kind of attack. Rootkits come in multiple flavors, depending on what level of the system they subvert. The simplest just replace binaries of various programs to hide; for example, running a backdoor shell server masquerading as a standard long-running service (like httpd or ntpd) and patching netstat and other tools so that the listening socket is not reported. System libraries are another likely place for rootkits.. If a rootkit can replace glibc, it can intercept system calls made by any of the standard tools allowing it to hide anything that it chooses from those tools. Kernel and boot rootkits are the most difficult to detect. Loadable kernel modules can change the kernel's behavior in very intrusive ways and allow all manner of malware to run undetected. The lowest level rootkit changes the Master Boot Record (MBR) of the system to load itself before the kernel at boot time. After that the rootkit can run the kernel in a virtual machine and intercept every instruction that it executes. This is the ultimate in rootkits and can be made undetectable from within the running kernel. Trying to detect a rootkit installation while running the potentially infected system is a dodgy prospect at best. Because the rootkit is specifically designed to avoid detection it could be subverting any technique used to look for it. The important thing to notice is that in order to operate, the rootkit must change things about the system and in order to persist across reboots, it must write those changes to the disk. This provides the means to detect them. To avoid running afoul of the rootkit while trying to detect it, one should boot from a live CD and run a rootkit detector from there. There are a number of distributions specifically targeted for this kind of analysis; Helix and Aghesa for example. Both of those distributions contain the two leading Linux rootkit detecting programs: chkrootkit and Rootkit Hunter. These programs look for things in the filesystem that correspond to rootkit signatures: hidden files and directories, logfile changes, non-standard kernel modules, etc. In addition they look for the signature of various 'in the wild' rootkits. Another helpful tool in recognizing the presence of rootkits are programs that track changes to critical files and directories. The most well known is probably Tripwire, but others such as AIDE and Samhain are available as well. These programs keep a record of each file in the system (using a digest like MD5 or SHA-1) and can alert the administrator when one of them changes. They also keep track of files and directories that get added or deleted. Prudent administrators will, of course, keep the records on a separate machine or on read-only media so that they cannot be tampered with by rootkits that infect the machine. The biggest problem with these kinds of programs is false positives each time a new package is installed, but for relatively static systems, an alert email from those checkers is an enormous red flag. A very interesting sounding rootkit detection toolkit called Rootkit Profiler LX was recently announced on the Bugtraq mailing list. It is a linux kernel module that gets loaded into the running kernel of a machine suspected of harboring a rootkit and has an impressive sounding list of capabilities. It is not available in source form which makes it of dubious utility; it could after all, be a rootkit itself. One could argue that using binaries from the live CDs is no different, and in some ways that is true, but one could in principle inspect the code and build their own version rather than trusting the distributor (of course they have to trust their compiler and other components; security paranoia can run deep). Once a rootkit has been detected, it is probably a waste of time to try and remove it. Reinstalling the operating system is the safest course. The time spent trying to remove every last piece of the rootkit and the malware it hides would be better spent determining how the rootkit was installed to begin with. If there is a vulnerability in one of the programs that run on that machine, it is pretty likely the rootkit (or some other) will return. Of course, the rootkit, in and of itself, is not a huge problem; it is the malware that it hides that makes all the trouble.
New vulnerabilities chmlib: remote execution of arbitrary code
enigmail: memory allocation errors
kernel: denial of service
Mozilla: multiple vulnerabilities
nexuiz: arbitrary code execution, denial of service
slocate: information disclosure
ufo2000: multiple vulnerabilities
Updated vulnerabilities acroread: multiple vulnerabilities
apache: cross-site scripting
bind: denial of service
bluez-utils: hidd vulnerability
bugzilla: multiple vulnerabilities
busybox: insecure password generation
clamav: directory traversal, denial of service
cpio: arbitrary code execution
vixie-cron: privilege escalation
cscope: buffer overflows
cscope: buffer overflows
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
dovecot: index cache file handling error
ekiga: format string vulnerability
elinks: arbitrary file access
fail2ban: denial of service
fetchmail: password disclosure and DOS
ffmpeg: buffer overflows
Mozilla stuff: multiple vulnerabilities
freeradius: several vulnerabilities
freetype: integer overflows
gcc: file overwrite vulnerability
gd: buffer overflow
gdb: buffer overflow
gdm: improper file permissions
gedit: format string vulnerability
gnomemeeting: format string flaw
gnucash: temporary file vulnerability
gnupg: stack overwrite
grip: buffer overflow
gv: stack-based buffer overflow
gzip: multiple vulnerabilities
horde-kronolith: local file inclusion
ImageMagick: buffer overflows
imlib2: arbitrary code execution
java: multiple vulnerabilities
kdelibs: integer overflow
kdelibs: kate backup file permission leak
kdelibs: cross-site scripting
kernel: denial of service
kernel: denial of service
kernel: denial of service
kernel: denial of service by memory consumption
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
krb5: uninitialized pointers
krb5: local privilege escalation
libgadu: memory alignment bug
libgtop2: buffer overflow
libmodplug: boundary errors
libpng: buffer overflow
libpng: heap based buffer overflow
libtiff: buffer overflow
libvncserver: authentication bypass
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lynx: arbitrary command execution
MoinMoin: cross-site scripting and information leak
mysql: format string bug
MySQL: privilege violations
MySQL: logging bypass
nbd: arbitrary code execution
ncompress: buffer underflow
openldap: security bypass
OpenSSH: denial of service
openssh: privilege separation issue
openssh: remote denial of service
php: several vulnerabilities
php: multiple vulnerabilities
php: buffer overflows
phpbb2: missing input sanitizing
phpbb2: multiple vulnerabilities
postgresql: insufficient verification
postgresql: SQL injection
quake: buffer overflow
rpm: arbitrary code execution
samba: several vulnerabilities
shadow-utils: mailbox creation vulnerability
smb4k: multiple vulnerabilities
snort: denial of service
spamassassin: denial of service
sun-jdk: arbitrary code execution
ulogd: buffer overflow
unzip: long file name buffer overflow
w3c-libwww: possible stack overflow
wireshark: multiple vulnerabilities
xine: format string vulnerabilities
xine-lib: buffer overflow
xine-lib: buffer overflow
xinit: race condition
X.org: local privilege escalations
X.org: integer overflows
xpdf: buffer overflow
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch is 2.6.21-rc2, released by Linus on February 27. This prepatch contains a big Video4Linux update, a big PA-RISC architecture update, the beginning of "SMARTMIPS" support, a driver for Davicom DM9601 USB ethernet adapters, a driver for Code Mercenaries "IO Warrior" devices, and HID support in the Bluetooth subsystem. Several patches were also reverted in -rc2 as a result of regressions. Says Linus: "This is not how an -rc2 should look. Need to really calm things down!" See the changelog for the details.As of this writing, there have been no commits to the mainline repository since -rc2 was released. There have been no -mm releases over the last week. On the stable front: 2.6.19.5 and 2.6.18.8 were both released on February 23. They contain a fair number of fixes. Further updates to 2.6.18 are unlikely; there will probably be one more 2.6.19 release in the near future. 2.6.16.42 was released on February 26 with several fixes, some of which are security-related.
Kernel development news Quote of the week
Because if you don't see why I'm complaining, I can't pull from
you. You can send me patches, but for me to pull a git patch from
you, I need to know that you know what you're doing, and I need to
be able to trust things *without* then having to go and check every
individual change by hand.
KVM 15Progress in the virtualization world sometimes seems slow. Xen has been the hot topic in the paravirtualization area for some years now - the first "stable" release was announced in 2003 - but the code remains outside of the mainline Linux kernel. News from that project has been relatively scarce as of late - though the Xen hackers are certainly still out there working on the code.On the other hand, KVM appears to be to be on the fast path. This project first surfaced in October, 2006; it found its way into the 2.6.20 kernel a few months later. On February 25, KVM 15 was announced; this release has an interesting new feature: live migration. The speed with which the KVM developers have been able to add relatively advanced features is impressive; equally impressive is just how simple the code which implements live migration is. KVM starts with a big advantage over other virtualization projects: it relies on support from the hardware, which is only available in recent processors. As a result, KVM will not work on the bulk of currently-deployed systems. On the other hand, designing for future hardware is often a good idea - the future tends to come quickly in the technology world. By focusing on hardware-supported virtualization, KVM is able to concentrate on developing interesting features to run on the systems that companies are buying now. The migration code is built into the QEMU emulator; the relevant source file is less than 800 lines long. The live migration task comes down to the following steps:
As it happens, guest systems can be moved between Intel and AMD processors with no problems at all. Moving a 64-bit guest to a 32-bit host remains impossible; the KVM developers appear uninterested in fixing this particular limitation anytime soon. A little more information can be found on the KVM migration page. The other feature of note is the announced plan to freeze the KVM interface for 2.6.21. This interface has been evolving quickly, despite the fact that it is a user-space API; this flexibility has been allowed because KVM is new, experimental, and has no real user base yet. The freezing of the API suggests that the KVM developers think things are reaching a stable point where KVM can be put to work in production systems. Perhaps that means that, soon, we'll find out how Qumranet, the company which has been funding the KVM work, plans to make its living.
ThreadletsRemember fibrils? The memory may be dim, seeing as the fibril concept was posted way back in January, but the work inspired by this idea continues. The latest syslet patch from Ingo Molnar was posted on February 24; it brings some interesting changes to this approach to asynchronous system call execution.The concept of "atoms" which was part of the first syslet patch remains; an atom is a unit of work which is executed in kernel space. Atoms can be chained together with some simple flow control operations, with the entire sequence being executed without leaving the kernel. A sequence of atoms will be executed synchronously if possible; if an atom blocks, however, a new thread will be created to return to user space. As a result, asynchronous code can be executed in parallel, but the overhead of thread creation is only incurred when there is a need for it. The syslet API has changed, however, in response to some concerns about how completion events were handled. User space must now create create a structure to go along with the atom sequence:
struct async_head_user {
unsigned long kernel_ring_idx;
unsigned long user_ring_idx;
struct syslet_uatom __user **completion_ring;
unsigned long ring_size_bytes;
/* There is other stuff here too */
};
This structure defines the completion ring - a circular buffer which is filled (by the kernel) with pointers to atoms which have completed execution. There is no longer a need to register this buffer with the kernel; instead, the structure is passed in when the atoms are passed to the kernel for execution:
struct syslet_uatom *async_exec (struct syslet_uatom *atom,
struct async_head_user *ahu);
An implication of this new interface is that each chain of atoms can, if desired, have its own completion ring. These rings are no longer pinned into memory, so there can be an arbitrary number of them. The return value from async_exec() will be a pointer to the last atom to execute if the chain runs without blocking, or NULL if the chain blocked and user space is running in a new thread. Jens Axboe, Suparna Bhattacharya, and others have been doing some benchmarking with the current syslet code. Many (but not all) of the benchmark runs show that syslets perform better than the current asynchronous I/O implementation. The causes for the divergence between results are still being investigated; one thing that has come out is that the CFQ I/O scheduler does not work properly with syslets. CFQ takes a process-oriented approach to scheduling, so it is not entirely surprising that changes to the process model could prove confusing there. Nonetheless, Ingo is confident that syslets are a performance win:
[I]n my own (FIO based) measurements syslets beat the native KAIO
interfaces both in the cached and in the non-cached [== many
threads] case. I did not expect the latter at all: the non-cached
syslet codepath is not optimized at all yet, so i expected it to
have (much) higher CPU overhead than KAIO.
This means that KAIO is in worse shape than i thought - there's just way too much context KAIO has to build up to submit parallel IO contexts. Many years of optimizations went into KAIO already, so it's probably at its outer edge of performance capabilities. Perhaps the biggest change in the new patch set, however, is the creation of a new concept known as "threadlets." The threadlet idea brings the on-demand thread creation idea to user space. Threadlets are ordinary user-space code which will be run synchronously if possible; should this code block, however, a new thread will be created to allow user space to continue while the threadlet waits. The API as described by Ingo requires the application to define a function to run as a threadlet:
long threadlet_fn(void *data)
{
/* Almost anything can go here */
return complete_threadlet_fn(event, ahu);
}
About the only thing which is different here is that the call to complete_threadlet_fn() is required:
long complete_threadlet_fn(void *event, struct async_head_user *ahu);
The event parameter is stored in the completion ring - since there is no atom structure here, user-space must provide a value to identify which threadlet completed. The async_head_user structure describes the completion ring, as before. The application can fire off a threadlet with:
long threadlet_exec(long threadlet_fn(void *),
unsigned long stack,
struct async_user_head *ahu);
Besides the threadlet_fn() described above, this call requires that the application provide stack space for the new threadlet. The stack argument is thus a pointer (despite its unsigned long type) to a few pages of ordinary user-space memory set aside for this purpose. There is also an async_user_head structure to provide for the reporting of threadlet completion. If threadlet_fn() runs to completion without blocking, the return value of threadlet_exec() will be 1; otherwise zero is returned. As it happens, threadlet_exec() is a user-space wrapper which hides much of the complexity of the real interface. This function switches over to the given stack immediately, then calls threadlet_on(), which is a true system call, passing it the original stack address as a parameter. This call saves that stack address, ensures that a "cache miss thread" will be available if needed, and marks the process as running in an asynchronous mode. It then returns to user space, which executes the user's threadlet_fn(). Should that function block, the kernel will grab a new thread, set it up with the original stack, and send it back to user space. The threadlet function will then continue to execute in the original thread once the condition which blocked it is resolved. Unsurprisingly, complete_threadlet_fn() is also a wrapper. It calls threadlet_off() to indicate that the execution of the threadlet is complete. If threadlet_off() returns 1, the threadlet ran synchronously and there is no more to do. Otherwise, a call is made to:
long async_thread(void *event, struct async_head_user *ahu);
This system call will store event in the completion ring. Since this thread is running asynchronously, returning to user space is not in the cards - user space went its own way when things first blocked. So async_thread() puts the current thread onto the list of threads available the next time one is needed for asynchronous execution. The above description has left out a couple of details, mostly related to the management of user-space stacks. It's worth noting that there appears to be no guard page put at the end of a threadlet stack, meaning that, if the stack is too small, user space could easily overflow it. The result would likely be some truly obscure bugs which would not be fun to find. This API could also change a bit; Ingo apparently has plans for turning threadlet_on() and threadlet_off() into vsyscalls which could execute without going into the kernel at all. That, of course, would improve the performance of threadlets further. While the syslet interface provided interesting functionality, it was immediately seen as being hard to work with. The new threadlet API was designed to get around those objections by getting away from the whole "atom" concept and making it possible to run user-space code asynchronously with a minimum of fuss. The syslet mechanism is likely to remain, as it will still be the fastest way to get a task done. But syslets may see little use outside of special-purpose libraries which hide their complexity. For everything else, threadlets could prove to be the way to go.
Thread-based or event-based?The ongoing discussion of threadlets (or fibrils, or whatever they will be called next week) has considered the addition of a major new API to the kernel. This discussion has, however, studiously ignored an important question: what about the longstanding kevent patch which, at some level, solves the same problems? The motivation for the first fibril patch was to make it easier to provide comprehensive asynchronous I/O in the kernel - and that was one of the reasons for kevents as well. So it has been surprising that kevents have not figured into this conversation.Kevents have finally become part of the discussion, however, resulting in an interesting exchange between kevent hacker Evgeniy Polyakov, threadlet (and everything else) hacker Ingo Molnar, and several others as well. Benchmarks have been thrown around to illustrate the performance characteristics of both approaches, but the real question is this: what is the best way to allow user-space applications to juggle multiple simultaneous operations in a scalable manner? Evgeniy's core claim appears to be that an event-oriented approach is inherently more scalable than using threads. He says:
If things decreases performance noticeably, it is a bad things, but
it is matter of taste. Anyway, kevents are very small, threads are
very big, and both are the way they are exactly on purpose -
threads serve for processing of any generic code, kevents are used
for event waiting - IO is such an event, it does not require a lot
of infrastructure to handle, it only needs some simple bits, so it
can be optimized to be extremely fast, with huge infrastructure
behind each IO (like in case when it is a separated thread) it can
not be done effectively.
In other words, using threads for event management is simply too slow. David Miller has also argued that threads are inherently wrong for network-oriented tasks. One of the big advantages behind the threadlet approach is that it is very fast in the non-blocking case, which is expected to be the situation much of the time. In networking, however, one normally expects to block. As a result, a highly multi-threaded networking application could create massive numbers of threads in short order. Networking is inherently an event-oriented activity. Ingo challenges the notion that using threads and the scheduler will be slower than maintaining lists of jobs which turn into events:
To me the picture is this: conceptually the scheduler runqueue is a
queue of work. You get items queued upon certain events, and they
can unqueue themselves. (there is also register context but that is
already optimized to death by hardware) So whatever scheduling
overhead we have, it's a pure software thing...
Now look at kevents as the queueing model. It does not queue 'tasks', it lets user-space queue requests in essence, in various states. But it's still the same conceptual thing: a memory buffer with some state associated to it. Yes, it has no legacies, it has no priorities and other queueing concepts attached to it ... yet. If kevents got mainstream, it would get the same kind of pressure to grow 'more advanced' event queueing and event scheduling capabilities. Prioritization would be needed, etc. The point here is that the scheduler has been brutally optimized over the course of many years. The actual overhead of switching contexts is quite small - perhaps less than that of a system call to manage events. The only real difference is that the memory overhead of maintaining threads is quite a bit higher than the overhead of kevents. But, says Ingo, with proper programming that should not be an insurmountable problem. The real issue, though, tends to be one of ease of programming - on both the kernel and the user sides. In user space, the classic pattern for an event-based application involves a central loop which only blocks when it is waiting for events. Any actual work done within the loop must happen in a non-blocking manner; should the loop block, events will pile up while the application is doing nothing. Blocking in the wrong place can kill performance. But avoiding blocking in all situations is tricky at best, and sometimes impossible. The threadlet model lets the application developer stop worrying about blocking; if an operation blocks, the application simply continues to run in a newly-created thread. More generally, programs written as state machines - the style necessitated by event-driven models - tend to be hard for people to understand. And there are a number of kernel operations (opening a file, for example) which can block in any of a number of places, and which are just about impossible to code in a state-machine style. Multi-threaded programs present their own challenges for developers who are not prepared to think about concurrency issues, but they still tend to be easier for most to understand. Threadlets, by making any sequence of calls easily implementable in a threaded model, should be relatively easy to program. At least, that's how the argument goes. That argument applies to kernel space as well. The struggle to bring event-based asynchronous I/O to Linux has occupied a number of highly-capable kernel developers for years - and the job is still far from complete. It requires the addition of an entirely new infrastructure and the application of state-machine techniques to inherently sequential series of events. The complexity of the retry-based asynchronous buffered file I/O patch set is a case in point: this code has seen work (on and off) for years, and it still hasn't found its way into the mainline. It still depends on worker threads for some of its operation as well. Threadlets, it is argued, allow for any system call to be invoked asynchronously, with almost no added complexity or overhead at all. Eventually the discussion reached a point where Linus jumped in to express a bit of frustration. His position is that it's not a matter of choosing between event-based and thread-based mechanisms, since there is a place for both:
Use select/poll/epoll/kevent/whatever for event mechanisms. STOP
CLAIMING that you'd use threadlets/syslets/aio for that.... Event
mechanisms are *superior* for events. But they *suck* for things
that aren't events, but are actual code execution with random
places that can block.
In this view, it's not a matter of picking one or the other, but providing both so that the right tool can be used for each job. It seems likely that this opinion is fairly widespread, meaning that some sort of thread-based asynchronous mechanism will probably find its way into the mainline before too long. Event-based interfaces will continue to be supported as well; the big question there is whether the existing interfaces (epoll in particular) are sufficient, or whether the addition of kevents is called for.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials A first look at the Debian Project Leader candidatesA record number of nine candidates have been nominated for this year's Debian Project Leader elections and the campaigning period has started. The platform statements were not posted in time for this article, but a few questions to the candidates have been posted to the debian-vote mailing list. Here's a look at what the candidates are saying.We have quotes from Wouter Verhelst, Gustavo Franco, Sam Hocevar, Raphaël Hertzog and Anthony Towns. Aigars Mahinovs, Sven Luther, Steve McIntyre and Simon Richter have not responded to any questions so far. Curt Larson asked:
As kind of a follow-up to the basic 'what would you do as DPL that you
could not do as DD?' I would like to know more about how you would
handle marketing Debian. The very hot topic this week is Dell's move
to offer open source alternatives. Buried several clicks away from
Dells 'Ideas in Action' page is a vague reference to Debian pertaining
to 8G servers. Would you as DPL make it a primary goal to attract as
many DD's as you could to work specifically on eliminating the gotchas
of installing Debian on Dell Desktops, Laptops and Servers working
towards putting Debian at the top of Dells (and maybe others to
follow) list of approved and pre-installed OS's?
First of all, I would like to make clear that I do not view marketing as
the DPL's primary job. It's one of the DPL's responsibilities to be a
central point of contact to non-Debian folks, which does indeed involve
marketing, but there are other, more important, jobs the DPL has.
I don't think there's very much a DPL by himself could do to help Dell in this regard. However, I do think Debian as a whole could do much, and someone to guide Dell and its employees in our community, to bring them into contact with the right Debian Developers and/or contributors would most likely be very helpful. This someone could very well be the DPL or one of his delegates.
I would promote more the debian-publicity@lists.debian.org mailing list
that we started after the last Debconf.
People started submitting stuff to improve our marketing, now we needs some more volunteers who start playing a more active role and actually organize this group. The problem is reversed, once Dell understands that people are asking for Linux, they will start checking how they can properly support it and then we need to make sure they understand that Debian is one of the most important distribution out there (given that the Ubuntu distribution that is so popular on www.dellideastorm.com is a Debian derivative) and that they should work with us to ensure their hardware is properly supported.
This is a great question. I've a chapter in my platform that covers
the Debian relationship with major hardware vendors and their approach
handling server and desktop support. Based on HP results, i'll do my
best to push more vendors to support us, even hiring developers to
make sure that Debian works well over their hardware.
I also want to push more ideas out of the paper in terms of marketing. There is a chapter on my platform about this too. You will be able to read soon.
No -- I think that's a great thing to do, but it's not something I could
work on myself. If someone else were to, I'd be happy to provide support
for them to do so -- whether that just be being able to call themself
"Debian's representative", or funds to ship donated machines to someone
who can work on checking them, or similar.
However I see no reason to make it a primary goal. I have little
knowledge of what the gotchas could be, but my feeling is that the major
ones are not Debian-specific at all anyway (ACPI woes, 3D drivers,
wireless firmware...) and the NM process does not train us into
low-level hacking, so I wouldn't see how to attract DDs anyway.
If the DPL approaching Dell as the project representative and asking for specification documents, test laptops or a privileged communication channel with Dell engineers qualifies as "attracting DDs", then I'd happily do that or appoint someone. Anthony Towns is the current DPL, running for a second term. He was asked, "Is there anything you regret doing in the past year (as DPL of course)?" Anthony replied:
I'd prefer a bunch of things to have worked out differently; but I can't
say there's much I regretted *doing*. I certainly regret *not* doing more
on the "maintainers" thing after debconf, not proposing the constitutional
amendment to shorten the DPL nominations/voting period, and not getting
anywhere with regular, semi-automatic beta releases of testing.
As far as doing things goes, mostly that ends up being at worst a learning experience, and as far as I can see, you should be spending your time learning from it, not regretting it. So the only thing I can come up with on the regret score is going overboard with John on -legal, but ultimately that's ended up okay anyway.
New Releases OpenPKG Community distribution OpenPKG 2-STABLE-20070221 availableOpenPKG Community 2-STABLE-20070221 is a Snapshot from 2-STABLE. "Snapshots enable Community Users creating reproducible setups. In addition, CORE binary packages have been made available for 20 Unix platforms."
Distribution News Daniel Robbins returns to GentooThe Gentoo project has just welcomed a new developer: Daniel Robbins. From the introduction: "Daniel doesn't have much experience with Gentoo so let's give him a helping hand in the start." The truth of the matter, of course, is that Daniel is the founder of the project, returning after some time spent in the proprietary world.
KDE-Live-Spin for Fedora Core 6Sebastian Vahl is working on a KDE-centric Fedora Core 6 live CD. "I don't know if somebody is working on this but I've created a live cd with KDE for fc6-i386 with the livecd-tools. So far it seems to work quite fine."
Minutes from Ubuntu Technical Board meetingHere are the minutes from the Ubuntu Technical Board meeting on February 27, 2007. Topics include MOTU Council administrivia and nominations for Board membership.
Ubuntu's Masters Of The UniverseUbuntu's Masters of the Universe has a new council. Meetings have been scheduled for the Council and the MOTU team.The Universe Feisty Feature Freeze is in effect. "The goal of Feature Freeze is to allow developers and contributors time to work out an bugs and quality control issues on the existing set of packages in Universe."
Expected development releasesUbuntu's Feisty Fawn herd 5 CD is expected to be released on March 1.Also expect to see Fedora 7 Test 2 at a mirror near you by March 1.
Distribution Newsletters Fedora Weekly News Issue 78The Fedora Weekly News for February 26, 2007 covers Announcing Desktop User Guide, Wiki is now upgraded!, FudCon Videos are now available, Live from FOSDEM, ESR and Fedora, and several other topics.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for February 19, 2007 looks at upcoming ALSA changes, Gentoo in the press, and much more.
DistroWatch Weekly, Issue 191The DistroWatch Weekly for February 26, 2007 is out. "This week's issue starts with a first look at VectorLinux 5.8 SOHO, an enhanced edition of the Slackware-based distribution designed for small businesses and home users. The news section then covers a variety of topics, including a couple of recent "distro wars" between Ubuntu and its competitors, reasons for the longer than expected delay of Debian GNU/Linux 4.0, an announcement about the upcoming Community edition of Puppy Linux, and a surprise merge between two Slackware-based projects. Information about the upcoming releases of SabayonLinux 3.3 and Pardus Linux 2007.1, followed by the usual list of new distributions, concludes this week's issue of DistroWatch Weekly."
Newsletters and articles of interest Securing Linux by breaking it with Damn Vulnerable Linux (Linux.com)Linux.com has published a review of Damn Vulnerable Linux - a distribution most of us are unlikely to want to run in a production setting. "It's based on the popular mini-Linux distribution Damn Small Linux (DSL), not only for its minimal size, but also for the fact that DSL uses a 2.4 kernel, which makes it easier to offer vulnerable elements that might not work under the 2.6 kernel. It contains older, easily breakable versions of Apache, MySQL, PHP, and FTP and SSH daemons, as well as several tools available to help you compile, debug, and break applications running on these services, including GCC, GDB, NASM, strace, ELF Shell, DDD, LDasm, LIDa, and more."
Distribution reviews Edubuntu: Linux for education (Linux.com)Linux.com reviews Edubuntu. "Edubuntu is the Ubuntu distribution's educational variant. It provides a software platform that allows educators to spend more time teaching with computers and less time managing them. In addition to Linux and the typical productivity software, Edubuntu provides the organisational package SchoolTool and educational programs for children between preschool and high school, with three age groups within this demographic, each with their own relevant settings."
Community Linux router distro goes Debian (LinuxDevices)LinuxDevices reviews the Vyatta Community Edition 2. "A commercial supplier of open-source routing and firewall software has transitioned its community-supported firewall/router Linux distribution to a Debian base. Vyatta Community Edition 2 (VC2) is based on Debian, runs on commodity x86 hardware, includes excellent documentation, and supports numerous enterprise features, including serial T1/E1 cards, VLANs, RIP, and OSPF."
Page editor: Rebecca Sobol Development Nexuiz - a first-person shooter that lasts"Bringing deathmatch back to the basics" is the slogan of Nexuiz, one of the most promising free first-person shooters (FPS). It rejects the ongoing trend for more realistic tactical shooters, emphasis has been placed on fast action game play.Indeed, Nexuiz is a deathmatch-centered game, even in singleplayer mode. There, all opponents are computer-controlled bots. Besides (team) deathmatch there are other playing modes which not only include the usual Capture the Flag and one-on-one tournaments, but some other variants as well:
Nevertheless, the singleplayer campaign mode is quite entertaining.
Besides playing alternately in a set of around twenty maps, there are
often modifications to the game rules that add another twist.
For example, one level includes reduced gravity and only sniping weapons.
You die when you run out of ammo.
The only downside of the campaign mode is that you cannot adjust the difficulty. So, while it is very challenging for beginners, an FPS expert will find it far too easy.
Spectacular lighting effectsThe game is based on DarkPlaces, which is a significantly improved version of the original Quake engine. In particular, it adds realtime lighting and shadowing effects, bump mapping and other eye candy. The map format, however, is taken from Quake III Arena. The downside of this is that Nexuiz has pretty hefty hardware requirements. Even with all advanced visual effects switched off, a decent 3D graphics accelerator is a must.Nexuiz offers a total of nine weapons. Some are very straightforward to use, but the more powerful ones require a fair amount of training. It might be debatable whether the rocket launcher is too powerful, since missing rockets may be detonated remotely, inflicting splash damage. Players in the explosion radius will also be catapulted away, this can be used as a tactical move. So, if you like first-person shooters and have the proper hardware, you must have a look at Nexuiz. All others should buy a new graphics card and reconsider.
System Applications Database Software PostgreSQL Weekly NewsThe February 25, 2007 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
Filesystem Utilities NTFS-3G 1.0 releasedStable version 1.0 of NTFS-3G has been announced. "The NTFS-3G driver is an open source, freely available NTFS driver for Linux with read and write support. It provides safe and fast handling of the Windows XP, Windows Server 2003, Windows 2000 and Windows Vista file systems. Most POSIX file system operations are supported, with the exception of full file ownership and access right support. The purpose of the project is to develop, continuously quality test and support a trustable, feature rich and high performance solution for hardware platforms and operating systems whose users need to reliably interoperate with NTFS. Besides this practical goal, the project also aims to explore the limits of a hybrid, kernel/user space file system driver approach."
Security Sussen 0.35 announcedVersion 0.35 of Sussen, a vulnerability and configuration checker, is out with better i18n support, support for OVAL 5.1 and 5.2, improved Ubuntu definitions and bug fixes.
Web Site Development CherryPy 3.0.1 releasedStable version 3.0.1 of CherryPy, a pythonic, object-oriented HTTP framework, has been announced. "We just released CherryPy 3.0.1. It is mainly a bug-fix release but there are also some performance tweaks and other changes as well."
Midgard Weekly SummaryThe February 23, 2007 edition of the Midgard Weekly Summary is online with coverage of the Midgard content management system. "Welcome to the first issue of the resurrected Midgard Weekly Summaries! The 66 issues released before this were edited by Henri Bergius and Ken Pooley between 1999 and 2002, after which MWS went on hiatus. The new MWS editions are edited collaboratively to make the editing burden easier."
Desktop Applications Audio Applications Audacity 1.2.6 releasedVersion 1.2.6 of the Audacity sound editor is out with improved FLAC support and bug fixes. See the See the release notes for details.
FLAC 1.1.4 releasedVersion 1.1.4 of FLAC, the Free Lossless Audio Codec, is out with the following changes: "Increased compression and dramatic speedups for both encoding and decoding are the big improvements in FLAC 1.1.4. There are also several new options and bugfixes." See the changelog entry for the complete list of changes.
gjacktransport 0.2.6 releasedVersion 0.2.6 of gjacktransport is out. "gjacktransport is a standalone application that provides access to the JACK transport mechanism via a dynamic graphical slider. This version adds configurable key-binding support to control JACK's transport state (play, pause, skip, rewind). - the prefs. dialog is rather basic, and the config changes are yet only stored via LASH."
Rhythmbox 0.9.8 releasedVersion 0.9.8 of Rhythmbox, a music management application, is out. "This release includes several new features such as visualisations, the ability to transfer tracks to "generic" MP3 players (including transcoding to supported formats) and support for the Jamendo online catalogue of free music."
Desktop Environments GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
Third KDE 4 Development Snapshot Released: 'Kludge' (KDE.News)KDE.News looks at the release of "Kludge", the third development snapshot for KDE 4. "After "Krash", the first development snapshot, this is another milestone towards KDE 4.0 which will be released later this year. The KDE developers aim at a release in summer 2007."
KDE4 Porting Guide announcedA new KDE4 Porting Guide is available. "An effort of the KDE4 Release Team is to have a real nice KDE3 -> KDE4 Application Porting Tutorial. In future release announcements we'd like to point to a newly updated document to include all the porting bits floating around, no longer relying on http://edu.kde.org/development/port2kde4.php"
KDE Commit-Digest (KDE.News)The February 25, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "Solid gets support for NetworkManager. Support for changing the font colour of the taskbar. File format import work in KVocTrain. More KDE 4 porting takes place in KTorrent. Noatun now uses Phonon as its only backend. Work is begun on refactoring the user interface of Amarok 2.0. The Codeine video player is imported into KDE SVN and ported to CMake, Phonon and KDE 4. Progress in the 'krunner' element of Plasma. KAlgebra is imported into KDE SVN into the playground/edu module. Search improvements in Kate, with a move to the kdesvn module."
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Xorg Software AnnouncementsThe following new Xorg software has been announced this week:
Desktop Publishing LyX version 1.5.0 beta 1 releasedVersion 1.5.0 beta 1 of the LyX typesetting system is out. "It is the culmination of 1 year of hard work, and we sincerely hope you will enjoy the results. The changes are too numerous to summarize in a few words, with initial unicode support as the flagship of new features."
Electronics Gadgetboard 1.3.1 releasedVersion 1.3.1 of the Gadgetboard driver software is out with a bug fix. "The Gadgetboard is a Free, low cost, user friendly microcontroller experimentation board on steroids. The Atmel microcontroller comes programmed with a command-line interface which runs over the serial port, allowing the user to read the 8 analog inputs and set the 8 outputs during prototyping. Four of the high current outputs optionally drive 15-amp relays, while the other 4 outputs are driven by the Atmel's 4 onboard PWM channels."
PCB development snapshot 20070208 releasedDevelopment snapshot 20070208 of PCB, an electronic printed circuit CAD application, is out with many new features. See the release notes for more information.
Financial Applications SQL-Ledger 2.6.24 releasedVersion 2.6.24 of SQL-Ledger, a web-based double entry accounting/ERP system, is out. Here are the changes: "Fixed bug in parts requirements report, added rounding for multiple taxes on orders, updated French translation, removed detailed tax report option. The tax report was not designed for reporting taxes to the tax authorities but some people used it anyways. Added missing curly brace in purchase order tex template."
Games freedroidRPG 0.10.1 releasedVersion 0.10.1 of freedroidRPG, a clone of the Commodore 64 game Paradroid, is out with bug fixes, feature improvements and more.
Interoperability Wine Weekly NewsletterThe February 26, 2007 edition of the Wine Weekly Newsletter is online with coverage of the Wine project. Topics include: Short Article, Direct3D Breakage in 0.9.31, Screenshots, Message Spy Viewer, Theming Performance, Winetest Executable and WineConf '07 $$$.
Medical Applications Medsphere releases community editions of OpenVista® EHR platform (LinuxMedNews)LinuxMedNews reports on the availability of OpenVista under the GPL. "Medsphere Systems Corporation today announced the release of the source code for its OpenVista® electronic health record (EHR) platform in new server and client-side community editions. OpenVista is a commercial implementation of the highly regarded VistA EHR system developed by the U.S. Department of Veteran Affairs."
Mirth (LinuxMedNews)osproponent experiments with the Mirth Project on LinuxMedNews. "Mirth is shaping up as an 'Open Source HL7 Integration Engine'. After recently downloading the product I was extremely pleased to successfully read an HL7 message from disk, manipulate it and send the output XML to a file. I then repeated the process inserting selected fields into a database table."
OpenSource medical spelling word list released (LinuxMedNews)LinuxMedNews has announced the OpenMedSpel spelling list. "OpenMedSpel is a open source medical spelling word list that is released under a GPL license. OpenMedSpel was derived from the word lists complied for MedSpel, a shareware medical spelling tool for Microsoft Word. OpenMedSpel is currently available in USA English. Other languages and localizations may be released in the future. OpenMedSpel has been adapted to work on the Mozilla Tunderbird email client and the OpenOffice.org office suite. OpenMedSpel can be adapted for many other programs as well."
Multimedia Freevo release 1.7.0 (SourceForge)Version 1.7.0 of Freevo has been announced. "Freevo is a Linux application that turns a PC with a TV capture card and/or TV-out into a standalone multimedia jukebox/VCR/PVR/HTPC. It uses MPlayer or Xine to play and record audio and video. It is optimized for use with a TV+remote. Freevo 1.7.0 release contains quite a few major new features. Including a great web interface to the media on your freevo machine, a web remote, an encodeserver to compress recordings in the background, an rss feedserver so you can download your favourite podcasts in the background, support for Linux event devices, support anamorphic skins and colour in the tv guide to show overlapping recording, currently showing and already shown, a commercial detection and duplicate recording additions to the record server."
Office Suites KOffice 1.6.2 released (KDE.News)KDE.News mentions the release of the KOffice 1.6.2 office suite. "Although this is a maintenance release, there are some new features in Krita (new filters and a smudge paint operation) and Kexi (a new User Mode to deploy Kexi applications). Many bugs were fixed, thanks to the helpful input of our users. We also have updated languages packs with no less than 4 new languages."
OpenOffice.org NewsletterThe February 27, 2007 edition of the OpenOffice.org Newsletter is out with the latest OO.o office suite articles and events.
Video Applications xajdeo 0.4.0 releasedVersion 0.4.0 of xjadeo, the X Jack Video Monitor, is out. "Xjadeo is a simple movie player that synchronizes video to an external time source such as jack transport or MTC. There has been little [direct] feedback, since rc3 so we assume xjadeo-0.4 to work as intended! - on the contrary: xjadeo has been included in the PlanetCCRMA (~Luis yells~: Yippie!) and managed to sneak into more gnu/Linux distributions of which we start to loose track. - a mighty thanks to all the packagers, patient users and contributors out there!"
Web Browsers Mozilla Firefox 2.0.0.2 and 1.5.0.10 released (MozillaZine)MozillaZine has announced the availability of new security and stability releases of the Mozilla Firefox browser. "Mozilla Firefox 2.0.0.2, a security and stability update for Firefox 2 addresses several security issues. All users are encouraged to upgrade to this release. For more information, refer to the Mozilla Firefox 2.0.0.2 Release Notes. Mozilla Firefox 1.5.0.10, a security and stability update for Firefox 1.5 addresses several security issues. Users of Firefox 1.5 are encouraged to update to Firefox 2. Security updates for Firefox 1.5 will be discontinued on April 24, 2007."
Miscellaneous Métamorphose 1.0.2 releasedStable version 1.0.2 of Métamorphose is available. "Métamorphose is a free, open source mass file and folder renaming program that combines great flexibility with an intuitive interface. Allows many different renaming operations in a single utility, perfect for those of us that need to rename large numbers of files and/or folders on a regular basis."
Languages and Tools Caml Caml Weekly NewsThe February 27, 2007 edition of the Caml Weekly News is out with new Caml language articles.
Perl Weekly Perl 6 mailing list summary (O'Reilly)The February 25, 2007 edition of the Weekly Perl 6 mailing list summary is out with coverage of the latest Perl 6 developments.
Python java2python 0.2 releasedVersion 0.2 of java2python has been announced. "java2python is a simple but effective tool to translate Java source code into Python source code. It's not perfect, and does not aspire to be."
The Python Papers Volume 2 Issue 1 now availableVolume 2 Issue 1 of The Python Papers has been announced. "This is the complete issue containing Python User Group highlights, interviews, more on coding idioms, and an academic paper on the Firebird Database. (Revision 2)"
Python Software Foundation Board Meeting MinutesThe Minutes of the January 8, 2007 Python Software Foundation Meeting of the Board of Directors has been posted. "A regular meeting of the Python Software Foundation ("PSF") Board of Directors was held over Internet Relay Chat beginning at 18:02 UTC, 8 January 2007. Stephan Deibel presided at the meeting. David Goodger prepared these minutes."
Ruby Ruby Weekly NewsThe February 25th, 2007 edition of the Ruby Weekly News looks at the latest discussions on the ruby-talk mailing list and comp.lang.ruby newsgroup.
XML OOAXAL: Open Architecture for XML Authoring and Localization (O'Reilly)Andrzej Zydron introduces OAXAL on O'Reilly. "XML, thanks to its extensible nature and rigorous syntax, has also spawned many standards that allow the exchange of information between different systems and organizations, as well as new ways of organizing, transforming, and reusing existing assets. For publishing and translation, this has created a new way of using and exploiting existing documentation assets, known as Open Architecture for XML Authoring and Localization (OAXAL)."
Build Tools The Road to KDE 4: CMake, a New Build System for KDE (KDE.News)KDE.News continues its KDE4 series with this look at the CMake-based build system. "Our working relationship aside, CMake has greatly improved the process of building KDE. Projects using CMake take less time to get started, since there is less time spent fighting with the build system. One KDE developer says, 'CMake doesn't make you want to shoot yourself with a nailgun when building your project anymore.'"
Miscellaneous Pygments 0.7 releasedVersion 0.7 of Pygments, a multi-language highlighting tool, has been announced. "Pygments is a syntax highlighting package written in Python. It is a generic syntax highlighter for general use in all kinds of software such as forum systems, wikis or other applications that need to prettify source code."
Page editor: Forrest Cook Linux in the news Recommended Reading How an Accident of Hardware Design Encouraged Open Source (O'ReillyNet)O'ReillyNet delves into computing history. "Back in the early 1970s, the hardware engineers at Digital Equipment Corporation made a decision about how their new computer, the PDP-11, would address memory. I believe their decision had the unintended, butterfly-effect consequence of helping to bring the open source software movement into existence."
Mitchell Baker and the Firefox Paradox (Inc)Inc. magazine has published a lengthy look at the Mozilla project. "Unlike other open-source ventures, which tend to be niche products embraced by techies who become fiercely loyal to and dependent on the software, Firefox is a mass-market, consumer-oriented product that can easily be replaced should it fail to offer distinct advantages over the competition. That means Mozilla has to move faster and be more innovative and marketing-oriented than its open-source cousins."
Trade Shows and Conferences KDE Storms First Day of FOSDEM 2007 (KDE.News)KDE.News reports on the KDE project at FOSDEM. "The first day of the annual Free and Open Source Developers' European Meeting in Bruss[]els was very busy for the KDE team: attending talks by other talented hackers, hosting KDE related talks in the developer room, representing KDE at the booth, mingling with other hackers, bug hunting and work on new features. KDE had a strong presence this year, at least twice as many KDE people attended including a very strong showing from the Amarok developers. Speakers in the KDE developer room included Jos van den Oever, Stephan Laurient, Flavio and Sander Koning."
A Wonderful Second FOSDEM Day (KDE.News)KDE.News covers day 2 at FOSDEM. "The second day of FOSDEM 2007 was as busy, if not more, as the first day. Many face-to-face interactions, of great benefit to cooperation between developers and projects, and time spend on hacking on and promoting KDE. The KDE developer room was well used, first by an Educational workshop, well led by Anne-Marie Mahfouf, followed by some more talks. Topics included Krita's present and future by Bart Coppens, a KDE 4 talk by Jos Poortvliet and a KDE e.V. talk by Sebastian Kügler. Read on for a report on day two."
Companies Google revamps Summer of Code for 2007 (NewsForge)NewsForge looks at the 2007 Google Summer of Code. "According to Leslie Hawthorn, open source program coordinator at Google, the biggest change for 2007 is the increased preparation time. While in previous years the program has started taking applications in April and started in late May, this year the program was announced in February, with mentor organizations applying to participate from March 5-12 and students from March 14-23. Successful applicants will be announced on April 9, and the program will officially begin on May 28."
Big Debian Linux Payday For HP (InternetNews)InternetNews reports that HP is making money with its Debian support offerings. "HP is making $25 million by supporting the free Debian GNU/Linux distribution in what may ultimately turn out to be a challenge to commercial distributions from Novell and Red Hat."
Ten Leading Open Source Innovators (Earthweb)Earthweb has an article on ten open source companies which it finds interesting. "Although still in stealth-mode, Qumranet has generated enough buzz in the open-source community that its future product offering is already coming into focus. The company will deliver virtualization solutions developed around a kernel-based approach that allows the software to be smaller and more efficient than competing solutions." The site could benefit from a severe Greasemonkey script, however.
Red Hat and McKesson Offer 'Enterprise Healthcare Platform' (LinuxMedNews)LinuxMedNews notes that Red Hat, Inc. is branching into the health care business. "More signs of legitimacy of FOSS in medicine with this press release: 'McKesson has joined with Red Hat (NYSE:RHT), the world's leading provider of open source solutions, to introduce the Red Hat Enterprise Healthcare Platform, a cost-effective open source information technology (IT) solution with services designed to meet the mission-critical demands of healthcare."
Interviews Etherboot's leaders are breaking new ground (Linux.com)Linux.com features an interview with two Etherboot developers. "Etherboot is an open source project that gets little public notice, but is essential to almost any other open source project that relies on thin clients or network booting. Here's a lightly edited log of an IRC conversation with Etherboot project leader Marty Connor and primary Etherboot developer Michael Brown."
The Faces of KDE 4 (Canllaith.org)Canllaith.org talks with some KDE4 developers. "It's been close to 2 years since the gargantuan task of porting KDE3 to Qt4 started in May 2005, with SVN commit number 411284 by Stephan Kulow. Many thousands of commits later, we're still a long way from any kind of user-accessible preview of KDE4 - but that doesn't mean a lot of work hasn't gone into the code base as it now stands. In this stage of development it's a lot of pain for very little glory, re-designing the next generation KDE from the ground up. It's a task that separates the core developers from the hangers on, and the architects of the new desktop are a pretty dedicated group. There are far too many developers currently active in KDE for me to introduce them all, but here's a quick glance at what a small handful of them are working on for the next major version of KDE." (Found on KDE.News)
Resources Make your own packages for Debian-based systems (Linux.com)Joe 'Zonker' Brockmeier details the process of making Debian packages in a Linux.com article. "For the uninitiated, creating Debian packages is a mysterious process that looks much harder than it really is. To make it a little less mysterious, let's take a look at two methods of building Debian packages: using standard Debian packaging tools and the CheckInstall utility. I've used the tools described in this article to create packages on Debian and Ubuntu systems, but they should be suitable for other Debian-derived distros, such as MEPIS, Xandros, Linspire, and Freespire."
Ruby Performance (Linux Journal)Pat Eyler looks at Ruby performance. "Antonio Cangiano posted a Ruby Implementation Shootout on his blog last week. While it's an interesting piece (and will likely be more interesting over time), it's still very premature."
A Vista vs. Linux Matchup - Part 4 (DesktopLinux.com)Steven J. Vaughan-Nichols compares the MEPIS distribution to Microsoft Vista in part four of an article series. "In the last episode, the question was how each operating system would work, or not, with the hardware on my HP Pavilion Media Center TV m7360n PC. The answer was that neither OS worked perfectly with the computer, but Ubuntu/MEPIS -- yes, the Linux system -- actually worked better with the PC than did Vista. In no small part, that was because Vista's built-in DRM (digital rights management) gets in the way of viewing or listening to high-quality video or music." Dare we say: "Hasta la Vista®, Baby"?
Reviews Next Fedora release delayed, new design theme selected (Linux.com)Linux.com looks at the upcoming Fedora 7 release. "The Fedora Project Board met this week to discuss issues surrounding the upcoming release of Fedora 7 (F7). Though originally scheduled for release on April 26, that date has now been moved back to May 24, dashing the development team's plan to debut the final release at this year's Red Hat Summit. One thing that Summit attendees will see, though, is the artwork that has been selected as Fedora 7's new theme."
Recent GNOME panel apps (Linux Journal)Linux Journal takes a look at some GNOME panel applications. "The basic set of GNOME panel apps ranges from the practical, such as clocks and system monitors, to the mildly amusing, but apparently too traditional to dispense with, such as Fish. However, in the last few years, an increasing number of GNOME applications are being designed to fit into the panel. Since many of these recent apps are interesting but too minor to rate a full-length review, here's a roundup of some that have caught my attention. Although all of them are in early release, each hints at new functionality and levels of customization that might soon be available on the desktop."
New KDE 4 preview shows progress (Linux.com)Linux.com reviews the latest KDE 4 snapshot. "On Friday, the KDE Project released the third in a series of development previews for the upcoming KDE 4.0 release. Dubbed "Kludge," the 3.80.3 release includes the Sonnet language library, the new Dolphin file manager, and the Solid hardware library."
Krugle offers code search engine for open source, with open source (Linux.com)Linux.com looks at Krugle. "With the rise in popularity of open source software, developers don't need to start from scratch when coding new software. Instead, they can use specialized search engines that crawl repositories to find the perfect code snippet. Now, one entrepreneurial open source developer has built a business that expands on the basic code search engine, and in true hacker recursive style, finds his company relying on the very tool it exists to create. Krugle is a combination code search engine and developer community."
KVM steals virtualization spotlight (ZDNet)ZDNet looks at KVM. "Four months ago, almost nobody had heard of an open-source virtualization software called KVM. But that was then. The project, backed by a stealth-mode start-up called Qumranet, uses a technical and cultural approach that has quickly drawn powerful allies--including Red Hat and Linux founder Linus Torvalds."
Multimedia freedom with Linux (WhatPC)WhatPC has a review of Mandriva Linux with an emphasis on (often proprietary) multimedia. "Another hassle is that Apple's iTunes will not run on Linux, though it is possible to connect an iPod and manage its music library. In some ways Linux users get the best deal, since free software such as Amarok lets you copy music from and to the iPod, which iTunes does not. Some things in Linux take a little more work, but the outcome may be better than the alternatives."
Miscellaneous Doesn't the Social Web Realize that People Talk? (O'ReillyNet)Trevor Baca discusses the need for voice connectivity on the web. "We're telecom innovators. We think about people and communications and technology a lot. And we look at Myspace and can't help but wonder how all that happened without us. Put another way, just how did social computing get so social without voice? First, let's check the observation. Tens of millions of messages, perhaps, pass through Myspace daily. Those messages are text, images, or both. But not voice. And yet voice seems so obvious. Friend online? Click here to ring both your phones. But no."
Page editor: Forrest Cook Announcements Non-Commercial announcements EFF: Fight Over Google's 'Sponsored Links' threatens Internet free speechThe Electronic Frontier Foundation has sent out a press release concerning Rescuecom's lawsuit over Google's "sponsored links" feature. "The Electronic Frontier Foundation (EFF) asked the U.S. 2nd Circuit Court of Appeals today to uphold an important ruling allowing anyone to purchase Google's "sponsored links" tied to trademarks, arguing that the practice is legal under trademark law and provides a vital means for online speakers to connect with audiences on the Internet. Google's "sponsored links" feature allows customers to buy advertisements attached to certain search terms."
mozillaZine Folding@Home Team Completes 20 million Points (MozillaZine)MozillaZine reports on the MozillaZine forum's Folding@Home team. "Folding@Home is a project at Stanford University, based on the distributed computing model. When installed, it runs in the background, using idle CPU cycles to compute protein folding. The project aims to find cure for diseases related to mis-folding of proteins. Two years ago, mozillaZine forum members formed a team. Today, the team has completed over 20 million points, and is ranked among the top 100 folding teams."
openEMR successfully completes IHE Connectathon testing (LinuxMedNews)LinuxMedNews reports on the testing of openEMR at the 2007 IHE Connectathon. "The Possibility Forge and Mandriva, using OHF, represent openEMR, the first open source electronic medical record system to participate, and successfully complete the interoperability standards at the IHE Connectathon. The IHE Connectathon is a health care industry collaboration event, where the IHE constructs independent testing to validate and verify vendors claims of interoperability."
Software patents in the UKThe UK Government has responded to a petition regarding software patents. "The Government remains committed to its policy that no patents should exist for inventions which make advances lying solely in the field of software. Although certain jurisdictions, such as the US, allow more liberal patenting of software-based inventions, these patents cannot be enforced in the UK." (Thanks to dave)
Commercial announcements Alfresco expands base with move to GPLAlfresco Software, Inc. has announced its plans to license its enterprise content management software under the GNU General Public License (GPL). "While the GPL has been widely adopted by Linux distributors and open source infrastructure companies, Alfresco is leading what is expected to be an increasing number of open source application companies to adopt the GPL. Alfresco previously licensed its software under the Mozilla Public License with a clause requiring attribution. The move, which further grows and strengthens Alfresco's developer and OEM community, puts the company on a collision course with proprietary content management vendors and sets off what is expected to be a trend for open source application developers."
Mandriva opens office in LagosMandriva has announced the opening of its subsidiary company Mandriva West Africa in Lagos, Nigeria. "Mandriva West Africa to start operations in February 2007 to offer the Mandriva Linux operating system and open source applications and solutions to individuals, educational institutions, public and private organizations, ISVs and OEMs all over West Africa."
Motorola launches open-source High Availability Operating EnvironmentMotorola, Inc. has announced the launch of the OpenSAF project. "Motorola, Inc. today announced it is initiating a new open source project to develop a complete high availability operating environment based on Service Availability Forum(TM) (SA Forum) standards. The objective of the new "OpenSAF" project is to accelerate broad adoption of an SA Forum compliant operating environment."
Trolltech becomes the first corporate patron of KDE (KDE.News)KDE.News announces that Trolltech has become a corporate patron of the KDE project. "Being a Patron of KDE is an ideal way to both support the KDE project and become a more active member of the KDE community. After the inaugural membership of Mark Shuttleworth, Trolltech is the first corporate Patron of KDE."
Resources Linux Foundation Releases New Carrier Grade Linux 4.0 SpecificationThe Linux Foundation has announced the availability of its Carrier Grade Linux 4.0 Specification. "In existence since 2002 and now in its fourth version, the Carrier Grade Linux (CGL) Specification consists of over 250 individual requirements that cover seven categories of Performance, Hardware, Standards, Serviceability, Availability, Security and Clustering. The primary changes to the new CGL 4.0 Specification are alignment with the SCOPE Alliance's Carrier Grade Profile and tighter requirements around compliance."
Contests and Awards Fellowship Raffle 2007 at FOSDEMThe Free Software Foundation Europe will hold a benefit raffle for itself at the FOSDEM meeting in Brussels, Belgium on April 1, 2007. "Maffulli continues: "Companies support FSFE to show that they appreciate our work, and in turn we like to show that we appreciate our fellows. This year we're delighted to do that through sharing gadgets that were provided by companies who support Free Software: Welcome to the 2007 Fellowship Raffle!""
Education and Certification LPI offers discounted certification exams at CeBIT 2007The Linux Professional Institute has announced the offering of discounted certification exams and a competitive Linux computer game at the CeBIT 2007 conference in Hannover, Germany on March 15-21, 2007.
Upcoming Events First ADempiere conference in Berlin, Germany (SourceForge)The first ADempiere developers conference has been announced. "Adempiere is an ERP Bazaar for Open Source Developers that contribute improvements of Compiere, CRM, Shopfloor, POS, Helpdesk, Financials Accounting, Supply Chain, Knowledge and Business apps in an open and unabated fashion. Focus is on the Community. An invitation for all interested parties to attend The first ADempiere conference in Berlin, Germany on May 29 to 31 has been issued by the ADempiere project. Although focus of the conference will be on the development of the ERP solution, discussions will be of interest for all parties interested in ADempiere implementation."
O'Reilly Tools of Change for Publishing registrationRegistration is open for the 2007 O'Reilly Tools of Change for Publishing Conference. The event will take place on June 18-20, 2007 at the Fairmont Hotel in San Jose, California. "As a media company closely connected with the leading innovators in technology, O'Reilly is in a unique position to recognize the new trends in publishing and identify emerging business models in publishing products and services. In this regard, the O'Reilly team is launching the TOC Conference to raise the level of technology knowledge among book publishers and to spark conversation and creativity that will help to shape the future of publishing."
Events: March 8, 2007 to May 7, 2007The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it. Audio and Video programs TimeSys starts an embedded Linux podcastTimeSys has sent out a press release proclaiming the existence of a new podcast series on embedded Linux. "LinuxLink Radio is hosted by Gene Sally and Maciej Halasz from TimeSys, who have over 15 years of combined experience in embedded Linux. New episodes of LinuxLink Radio will be available every two weeks, with each being around 30 minutes in length. Topics of conversation during the podcast will cover a wide range of embedded Linux topics, with content available for experienced developers, as well as those new to embedded Linux." Three episodes are available now.
Page editor: Forrest Cook
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Nexuiz]](/images/ns/nexuiz-small.jpg)