LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
Recent Features
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for April 26, 2007Looking back at ELCThe CELF Embedded Linux Conference is an interesting event, with a unique mixture of attendees. It is not a developer's conference, but plenty of free software developers could be found there. It's not a business conference, but business people were not in scarce supply either. There was far more representation from countries like Japan and Korea than can be found at many Linux-oriented conferences. All of these people came together to talk about the use and development of Linux in small, special-purpose systems.They have plenty to talk about. Predictions for Linux in the embedded market have always been rosy, and they are getting better all the time. As Motorola's Scott Preece noted in one session, it is now expected that there will be over 200 million Linux-based phones in circulation by 2012. Linux shows up in special-purpose applications on a daily basis - often in unexpected places. Increasingly, Linux is the operating system of choice for small systems. The royalty-free nature of Linux is certainly a reason for its success in the embedded field. If one is selling millions of gadgets, even a small per-unit royalty adds up in a hurry. But cost is not the real motivation here. The ways in which Linux can be modified for specific tasks and the general level of control it gives to vendors are both more important. Also, as Mr. Preece pointed out, there is a ready supply of Linux expertise out there for embedded companies to hire. On the other hand, very few developers go out and learn the Symbian platform on their own. There are advantages to going with a standard system. Given this situation, one would have expected the ELC to be a large event, but it is, instead, surprisingly small. Quite a few embedded systems vendors were present - telephone handset manufacturers were especially well represented - but others were notable in their absence. ELC was not a particularly well-promoted event, which might partially explain its small size. Whatever the reason, it would be nice to see wider participation in the future; this community, like any other, needs to get together occasionally and talk. Participation in the community was an ongoing theme of this conference, from Thomas Gleixner's opening keynote through to the end of the last day. Embedded vendors are famous for going their own way, neglecting to contribute their changes back, and generally pushing the GPL as far as they can. If there is one message which came out of this conference, it might be this: the embedded vendors are aware of their lack of participation and the problems it causes. Many of them - at least, those who came to this event - would like to make the situation better. But they often find themselves in a hard position. Working with the community requires patience, openness, and a willingness to let go of some control. The embedded market, for the most part, does not reward those characteristics. Products come and go after a few months, and, once a product is out the door, and an embedded vendor has little motivation to continue to work with it. So merging product-specific changes back into the projects upon which they were based looks like a cost with little associated benefit. There is little intent to maintain that product into the future, and there will almost certainly be no big software upgrades for it. So the code looks dead. The fact that getting their work into the upstream repositories will help those projects support the next product better is beginning to get through to some companies, but it is a slow process. Getting code into an upstream project - be it the kernel or higher-level software - goes best when that project is engaged from the beginning. A big after-release dump of previously unreviewed code tends to be hard to integrate at best. But the last thing a gadget maker wants to do is to release detailed internal information about its next product months before that product is announced. So late code dumps will likely be a best-case scenario for some time yet to come. Consumer electronics products also tend to be quite static once they are shipped. When Nokia released a major software upgrade for the 770 tablet, it was the first time it had upgraded the software for any product in the field. Openness and modifiability are somewhat strange concepts for this industry. Products like the Nokia tablets and the OpenMoko phone are blazing new trails; many vendors are likely to be watching to see how well these experiments go. Seen in this context, the announcement of the GNOME Mobile & Embedded Initiative fits right in. The GNOME developers, too, are looking to bring embedded vendors into their community and to get them to help make the platform better. They seem to be succeeding: the project claims that there are now more GNOME developers paid to work on embedded applications than on traditional desktop systems. GNOME is already a capable environment for embedded development, allowing developers to use the same software stack on all types of systems. If the project continues to be successful in getting embedded vendors to help build the platform, interesting things are certain to happen. Some vendors have GPLv3 on their minds as well. Many of the libraries being used by embedded systems are licensed under the LGPL; once version 3 comes around, the LGPL will be essentially a patch to the GPL giving some extra permissions. So the LGPL will continue to allow proprietary applications to be used with the libraries. The LGPL does not, however, waive the anti-DRM provisions of GPLv3, meaning that users will have to be able to replace any LGPLv3-licensed libraries on their gadgets. Such replacement could allow application behavior to be changed in interesting ways - and badly mess up any lockdown scheme. How that will play out remains to be seen; embedded vendors may gain a renewed interest in technologies like SELinux or AppArmor to keep embedded applications firmly sandboxed. These issues will certainly be worked out; the incentives to do so are strong. The embedded Linux community is on a roll, and rightly so. Linux has all of the right features and freedoms to be an attractive platform in that arena. If this industry can pull together into a true community - with the users as members too - there will be few limits on what it will be able to achieve.
The GNOME Mobile & Embedded InitiativeA few days ago, LWN looked at the discussion surrounding the GNOME project's mystery announcement at the 2007 Embedded Linux Conference. That announcement turns out to be the GNOME Mobile & Embedded Initiative, a determined push to bring about world domination in the embedded area.
In recent times, the shipments of desktop PC's are in decline. On the other hand, laptop shipments are growing, and the shipments of other mobile devices are growing rapidly. There are, says Jeff, more developers paid to work on the GNOME platform for embedded use than for the desktop. Mobile devices, it seems, are the future. This is the situation that the GNOME Mobile & Embedded Initiative was created to take advantage of. There is a long list of companies and projects which have signed on to this effort - see the obligatory collection of quotes for details. Much was made of the fact that the initiative is a cooperative effort including both companies and free projects. The initiative, says Jeff, is about writing code. All of that code will have the full GNOME platform available to it (if it needs it), and will be ABI-compatible with the desktop platform. This "is not toy GNOME," it's the full thing. The platform will carry the GNOME LGPL license, making it available to proprietary applications - royalty-free, of course. And it's shipping today, though the first official release will be with GNOME 2.20 in September. A wide variety of devices is covered by this platform. Examples given at the conference include the Nokia N800 (an Internet tablet device), the One Laptop Per Child XO system, the OpenMoko phone, and, at the novel end of the scale, the upcoming Vernier LabQuest, a handheld data acquisition and display device with a vast list of sensors available to it. The LabQuest was held up as an example of a device which was developed by a company with little software expertise; the Linux and GNOME platform made the whole thing relatively easy. All of these, says Jeff, are "beautiful new ideas" enabled by the open source stack. The initial code from the GMAE initiative is available now. Possible additions in the near future include display frameworks from a number of sources (examples include the OpenMoko framework and the Hildon desktop used on the N800), applications like TinyMail, integration of GeoClue, and more. There's also low-level initiatives like better touchscreen support in GTK, fixing the floating-point usage in Cairo, etc. Beyond that, time will tell; chances are it's going to be interesting.
Do free software projects need marketing teams?The announcement of the GNOME Mobility & Embedded Initiative was generally popular within the GNOME project itself. There was one complaint which could be heard in the right places, however: it seems that this whole initiative was conceived of and agreed to without the involvement of the GNOME marketing team. One might well ask: if the marketing team does not get involved in an agreement like this one, what does the project keep it around for?There's a couple of responses which are worth a read. Dave Neary, a member of this team, had some stark comments:
Here it is again: no-one cares about the marketing team. We produce
nothing. We have not shown ourselves to be useful. So no-one is
going to come and talk to us about anything until that changes.
Jeff Waugh, the driving force behind the embedded initiative, states:
We make things happen by taking the reins, establishing buy-in, and
kicking arse. Not by waiting to receive blessing or permission.
One might well argue that the GNOME marketing team has failed to live up to expectations. Some members of the team are doing so and beginning to think about ways to change that situation. As a result, we might well see a more active team in the future. But there is a question which is worth asking here: to what extent might the comments quoted above apply to any project's marketing team? It might just be that a project which is trying to grow its user and development community has little to gain from the formation of a marketing group. In the corporate environment, a marketing team takes a leading role in identifying potential customers, designing something that those customers might just want to buy, and finding ways to motivate customers to make that purchase. Once a marketing strategy has been worked out and adopted, the rest of the company is expected to work to execute that strategy. In successful companies, marketing tends to lead the way. Most free software projects are not amenable to this sort of leadership. What gets done in free software is what individual developers decide to do - or are told to do by their employers. Paid developers may well be working toward the execution of a marketing plan, but it's their employer's plan, not the project's plan. Free software hackers will be working to make a project better, but they are not marching to the project's drummer. They will not seek approval from a project's marketing team when they decide what to hack on. The same is true of project members who work to create initiatives or alliances in a specific area. GNOME's support of embedded applications comes as a result of work by interested developers and the companies which are operating in that area. It was a natural consequence of the way the embedded market is going; there was no need for a marketing team to foresee, plan for, or mandate a bigger role for GNOME in the embedded marketplace. If a GNOME marketing group were to call for such a role, it would have little effect on GNOME developers working on more traditional desktop applications. Free software projects are not corporations; free software users and developers will not wait for a marketing group to sign off on their plans. Some projects do have marketing organizations which appear to be effective. The push behind the Firefox browser is arguably one of the most prominent examples; the alliances and promotional campaigns which have been arranged have undoubtedly helped to increase adoption of the software. The marketing of packages like MySQL has also been effective. There is a pattern to be seen here: in almost all of the cases where a free software project has had an effective marketing operation, that project is owned and controlled by a single corporation. In such cases, the project's marketing plan is, in fact, a component of the company's plan; it's the company's control of the project which allows its marketing objectives to drive what the project does. In the absence of that sort of control, it's not clear what a free software project's marketing team can achieve. Certainly a marketing group can point out areas of opportunity in the hope that developers will choose to pursue those opportunities. Such pointing-out must be done carefully, though; free software hackers tend to be irritated by those who seem to be trying to tell them what to do. Marketing teams can also fulfill a useful sales role by, for example, organizing booths at trade shows, distributing live CDs, convincing distributors to package the software, etc. But it's not the marketing group which will bring about a project's success; that depends on the code, artwork, music, documentation, support, etc. provided by the project's members. A project is made by its community, not by a marketing plan. It's hard to imagine wanting that to change.
Security Two years of RHEL4 riskA recently released report on the security track record of Red Hat Enterprise Linux 4 (RHEL4) sets out to quantify the risks that an administrator would have faced when using the distribution. It takes a comprehensive look at all of the vulnerabilities that were classified as 'critical' in the two years since RHEL4 was released. A measure of pride is evident in the recognition that there were only three critical vulnerabilities in the default server install, a rather nice accomplishment; the study itself is an even better result and it should set the bar for other similar studies in the future. In stark contrast to almost daily studies that purport to 'prove' that Redmond's latest offering is vastly superior to Linux in the security arena, the RHEL study simply looks at the reported vulnerabilities in that distribution and leaves any comparisons for others. The study mainly focuses on the critical vulnerabilities, but it does look at the 'Vulnerability Workload Index' for a server install with all available packages. This index is meant to give a rough measure of the amount of work an administrator would need to do to keep a system free from all vulnerabilities. The most interesting conclusion that can be drawn from the graph is that the overall workload is pretty flat, there are certainly peaks, but it is neither increasing nor decreasing over time. Because the software released with RHEL4 is, of course, getting older and the upstream projects are likely to be releasing newer versions, a case could be made either way regarding increasing stability vs. more security issues found over time and it would appear that the two roughly balance each other. Flaws that get the 'critical' designation are those that can lead to a system compromise in an automatic way without any user action. These are the kinds of bugs that could be exploited by worms to invade and propagate. The critical designation has been stretched to cover web browser bugs that are exploited when a user visits a site with malicious code. The vast majority of critical bugs fall into the latter category and that difference leads to 60 flaws in a system with all packages installed, 50 of which can be traced to Mozilla products or the HelixPlayer plugin. The study goes into the 60 critical flaws in some depth, categorizing them by type and reporting on the so-called 'days of risk' (number of days after a vulnerability report before a fix is available). All critical flaws were fixed within two calendar days and 60% were fixed on the same day. The riskiest packages are also listed using a weighted score based on the number and severity of bugs in that package with various Mozilla projects coming out on top. Interestingly, the kernel dropped from #1 last year to #4 in the current report. The risk to a system is not only a function of the vulnerabilities in the packages it has installed; exploits 'in the wild' also factor into it. The report looks in detail at exploits for 37 vulnerabilities, many of which are, unsurprisingly, either browser or 'user complicit' exploits. Triggering a user complicit exploit requires convincing a user to perform some action with a malicious file; because administrators should be wary of such things or even of running a browser from a privileged account, the impact of those exploits are limited. The seven kernel and six server exploits represent a more dangerous class, with system compromise a distinct possibility. None of the kernel exploits were remote and all were either denial of service or privilege escalation bugs. Each of the server application exploits could lead to compromise of the non-root user that runs the service. It is interesting to note that SELinux and Exec-Shield are specifically mentioned as either eliminating or reducing the impact of eleven of these exploits. Both of these security tools are installed by default with RHEL4 and are targeted at stopping or reducing the effectiveness of just these kinds of attacks. Exec-Shield uses address space randomization and protection against executing code from the stack to avoid executing arbitrary code in the presence of a buffer overflow or similar flaw. The SELinux policy that ships with RHEL4 restricts users and processes to only that set of resources they need for their normal function and that can reduce the kinds of problems an exploited process can cause. While they are no substitute for correctly written code, these technologies are clearly helpful to reduce security threats; with luck other techniques will come along that continue this kind of work. This is the second report on RHEL4 security; the first covers the first year of release. Based on a comment on his original article, the author is planning a four year retrospective on RHEL3 in November which should be interesting as well. The comment indicates only six critical vulnerabilities in the RHEL3 default install in its three and a half years. It is difficult to put a label on the level of 'security risk' that a particular system has, but RHEL4 would seem to have a fairly low risk overall. If one keeps up with the patches and is reasonably cognizant of security practices, the chances for a system compromise are low. This is a real accomplishment by the Red Hat team and should be a feather in the cap for Linux in general. No software is perfect and an operating system or distribution is just a collection of software so vigilance is required. Without examining our track record, it is difficult to gauge progress and this kind of report is an excellent way to track that progress; hopefully other distributions will follow suit.
New vulnerabilities 3proxy: buffer overflow
aircrack-ng: remote execution of arbitrary code
blender: user-assisted remote execution of arbitrary code
clamav: several vulnerabilities
Courier-IMAP: remote execution of arbitrary code
opera: several vulnerabilities
postgresql: privilege escalation
sqlite: buffer overflow
webcalendar: cross-site scripting
Updated vulnerabilities acroread: multiple vulnerabilities
apache: cross-site scripting
Asterisk: two SIP denial of service vulnerabilities
bluez-utils: hidd vulnerability
bugzilla: multiple vulnerabilities
busybox: insecure password generation
cpio: arbitrary code execution
vixie-cron: privilege escalation
cscope: buffer overflows
cscope: buffer overflows
cups: denial of service
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
dokuwiki: cross-site scripting vulnerability
dovecot: index cache file handling error
dovecot: information exposure
elinks: arbitrary file access
evolution: format string error
fail2ban: denial of service
ffmpeg: buffer overflows
file: denial of service
file: arbitrary code execution
firefox: FTP PASV port-scanning
freeradius: memory leak
freeradius: several vulnerabilities
freetype: integer overflows
gcc: file overwrite vulnerability
gd: buffer overflow
gdb: buffer overflow
gdm: improper file permissions
gedit: format string vulnerability
grip: buffer overflow
gzip: multiple vulnerabilities
horde-kronolith: local file inclusion
ImageMagick: integer overflows
imlib2: arbitrary code execution
ipsec-tools: denial of service
java: multiple vulnerabilities
kdelibs: kate backup file permission leak
kdelibs: cross-site scripting
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
kernel: denial of service
kernel: denial of service
kernel: denial of service by memory consumption
kernel: denial of service
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
krb5: uninitialized pointers
krb5: local privilege escalation
krb5: multiple vulnerabilities
ktorrent: incorrect validation
libgadu: memory alignment bug
libgtop2: buffer overflow
libmodplug: boundary errors
libpng: buffer overflow
libpng: heap based buffer overflow
libtiff: buffer overflow
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lighttpd: denial of service
lookup-el: insecure temporary file
lynx: arbitrary command execution
madwifi: multiple vulnerabilities
mod_jk: stack overflow
mod_perl: denial of service
mplayer: buffer overflow
mysql: denial of service
mysql: format string bug
MySQL: privilege violations
MySQL: logging bypass
nas: code execution
nbd: arbitrary code execution
ncompress: buffer underflow
openldap: security bypass
OpenSSH: denial of service
openssh: remote denial of service
php: multiple vulnerabilities
php: several vulnerabilities
php: buffer overflows
phpbb2: missing input sanitizing
phpbb2: multiple vulnerabilities
postgresql: SQL injection
qt: "/../" injection
quake: buffer overflow
rpm: arbitrary code execution
Mozilla: multiple vulnerabilities
shadow-utils: mailbox creation vulnerability
slocate: information disclosure
snort: remote arbitrary code execution
sun-jdk: arbitrary code execution
tcpdump: denial of service
unzip: long file name buffer overflow
vixie-cron: weak permissions may cause errors
w3c-libwww: possible stack overflow
XFree86 X.org: integer overflows
xine: format string vulnerabilities
xine-lib: arbitrary code execution
xine-lib: buffer overflow
xine-lib: buffer overflow
xinit: race condition
xmms: BMP handling vulnerability
X.org: local privilege escalations
zziplib: buffer overflow
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThe current 2.6 prepatch is still 2.6.21-rc7; the expected final 2.6.21 release has not happened as of this writing. Patches to fix regressions continue to accumulate in the mainline git repository.There have been no -mm releases in the past week. For older kernels: 2.6.16.49 was released on April 23 with a handful of fixes. Users of the 2.4 kernel can choose between 2.4.34.3 (April 22, networking fixes), 2.4.34.4 (fixes a build problem in 2.4.34.3), or 2.4.35-pre4 (April 22, various fixes).
Kernel development news Quotes of the week
So while with other, heuristic approaches we always had the problem
of creating a "hyper-inflation" of an uneconomic virtual currency
that could be freely printed by certain tasks, in CFS the economy
of this is strict and the finegrained plus/minus balance is
strictly managed by a conservative and independent central bank.
-- Ingo Molnar brings fiscal discipline to
scheduling
We like it in the kernel, we find it to be warm and fuzzy. Whereas,
user space is a cold, dark, and rainy place, and we just don't want
to go there.
-- Matt Ranon
This week in the scheduling discussionIn last week's scheduler timeslice, Ingo Molnar had introduced his "completely fair scheduler" patch and Staircase Deadline scheduler author Con Kolivas had retreated in a bit of a sulk. Since then, Con has returned and posted several new revisions of the SD scheduler, but with little discussion. His intent, seemingly, is to raise the bar and ensure that whatever scheduler does eventually replace the current system is the best possible - a goal which few should be able to disagree with.Most of the discussion, though, has centered around the CFS scheduler. Several testers have reported good results, but others have noted some behavioral regressions. These problems, like most of the others over the years, involve the X Window System. So potential solutions are being discussed yet again. The classic response to X interactivity problems is to renice the X server. But this solution seems like a bit of a hack to many, so scheduler work has often been aimed at eliminating the need to run X at a higher priority. Con Kolivas questions this goal:
The one fly in the ointment for linux remains X. I am still, to
this moment, completely and utterly stunned at why everyone is
trying to find increasingly complex unique ways to manage X when
all it needs is more cpu. Now most of these are actually very good
ideas about _extra_ features that would be desirable in the long
run for linux, but given the ludicrous simplicity of renicing X I
cannot fathom why people keep promoting these alternatives.
Avoiding renicing remains a goal of CFS, but it's interesting to see that the v4 CFS patch does renice X - automatically. More specifically, the scheduler bumps the priority level of any process performing hardware I/O (as seen by calls to ioperm() or iopl(), the loop block device thread, and worker threads associated with workqueues. With the X server automatically boosted (as a result of its iopl() use), it does tend to be more responsive. While giving kernel threads a priority boost might make sense in the long term, Ingo sees renicing X as a temporary hack. The real solution to the problem seems to involve two different approaches: CPU credit transfers between processes and group scheduling. Remember that, with the CFS scheduler, each process accumulates a certain amount of CPU time which is "owed" to it; this time is earned by waiting while others use the processor. This mechanism can enforce basic fairness between processes, in that each one gets something very close to an equal share of the available CPU time. Whether this calculation is truly "fair" depends on how one judges fairness; if the X server is seen as performing work for other processes, then fairness would call for X to share in the credit accumulated by those other processes. Linus has been pushing for a solution along these lines:
The "perfect" situation would be that when somebody goes to sleep,
any extra points it had could be given to whoever it woke up
last. Note that for something like X, it means that the points are
100% ephemeral: it gets points when a client sends it a request,
but it would *lose* the points again when it sends the reply!
The CFS v5 patch has the beginnings of support for this mode of operation. Automatic transfers of credit are not there, but there is a new system call:
long sched_yield_to(pid_t pid);
This call gives up the processor much like sched_yield(), but it also gives half of the yielding process's credit (if it has any) to the process identified by pid. This system call could be used by (for example) the X libraries as a way to explicitly transfer credit to the X server. There is currently no way for the X server to give back the credit it didn't use; Ingo has mentioned the notion of a sched_pay() system call for that purpose. There's also no way to ensure that X uses the credit for work done on the yielding process's behalf; it could just as easily squander it on wobbly window effects. But it's a step in the right direction. A further step, in a highly prototypical form, is Ingo's scheduler economy patch. This mechanism allows kernel code to set up a scheduler "work account"; processes can then make deposits to and withdrawls from the account with:
void sched_pay(struct sched_account *account);
void sched_withdraw(struct sched_account *account);
At this point, deposits and withdrawls all involve a fixed amount of CPU time. The Unix-domain socket code has been modified to create one of these accounts associated with each socket. Any non-root process (X clients, for example) writing to a socket will also make a deposit into the work account; root-owned processes (the X server, in particular) reading messages also withdraw from the account. It's all a proof of concept; a real implementation would require a rather more sophisticated API. But the proof does show that X clients can convey some of their CPU credits to the server when processor time is scarce. The other idea in circulation is per-user or group scheduling. Here, the idea is to fairly split CPU time between users instead of between processes. If one user is running a single text editor process when another starts a kernel build with make -j 100, the scheduler will have 101 processes all contending for the CPU. The current crop of fair schedulers will divide the processor evenly between all of them, allowing the kernel build to take over while the text editor must make do with less than 1% of the available CPU time. This situation may be just fine with kernel developers, but one can easily argue that the right split here would be to confine the kernel build to half of the available time while allowing the text editor to use the other half. That is the essence of per-user scheduling. Among other things, it could ease the X interactivity problem: since X runs as a different user (root, normally), it will naturally end up in a separate scheduling group with its own fair share of the processor. Linus has been pushing hard for group scheduling as well (see the quote of last week). Ingo responds that group scheduling is on his mind - he just hasn't gotten around to it yet:
Firstly, i have not neglected the group scheduling related CFS
regressions at all, mainly because there _is_ already a quick hack
to check whether group scheduling would solve these regressions:
renice. And it was tried in both of the two CFS regression cases
i'm aware of: Mike's X starvation problem and Willy's "kevents
starvation with thousands of scheddos tasks running" problem. And
in both cases, applying the renice hack [which should be properly
and automatically implemented as uid group scheduling] fixed the
regression for them! So i was not worried at all, group scheduling
_provably solves_ these CFS regressions. I rather concentrated on
the CFS regressions that were much less clear.
In other words, the automatic renicing described above is not a permanent solution; instead, it's more of a proof of concept for group scheduling. Ingo goes on to say that there's a lot of other important factors in getting interactive scheduling right; in particular, nanosecond accounting and strict division of CPU time were needed. Once all of those details are right, one can start thinking about the group scheduling problem. So there would appear to be some work yet to be done on the CFS scheduler. That will doubtless happen; meanwhile, however, Linus has complained that some of this effort may be misdirected at the moment:
Anyway, I'd ask people to look a bit at the current *regressions*
instead of spending all their time on something that won't even be
merged before 2.6.21 is released, and we thus have some more
pressing issues. Please?
One might argue that any work which is intended for the upcoming 2.6.22 merge window needs to be pulled into shape now. But the replacement of the CPU scheduler is likely to take a little bit longer than that. Given the number of open questions - and the amount of confidence replacing the scheduler requires - any sort of movement for 2.6.22 seems unlikely.
Filesystems: chunkfs and reiser4One of the fundamental problems facing filesystem developers is that, while disks are getting both larger and faster, the rate at which they are growing exceeds the rate at which they are speeding up. As a result, the time required to read an entire disk is growing. There is little joy in waiting for a filesystem checker to do its thing during a system reboot, so the prospect of ever-longer fsck delays is understandably lacking in appeal. Unfortunately, that is the direction in which things are going. Journaling filesystems can help avoid fsck, but only in situations where the filesystem has not suffered any sort of corruption.Given that filesystem checks are something we have to deal with, it's worth thinking about how we might make them faster in the era of terabyte disks. One longstanding idea for improving the situation was recently posted in the form of chunkfs, "fs fission for faster fsck." The core idea is to take a filesystem and split it into several independent filesystems, each of which maintains its own clean/dirty state. Should things go wrong, only those sub-filesystems which were active at the time of failure need to be checked. Like many experimental filesystem developments, chunkfs is built upon ext2. Internally, it is a series of separate ext2 filesystems which look like a single system to the higher layers of the filesystem. Each chunk can be maintained independently by the filesystem code, but the individual chunks are not visible outside of the filesystem. The idea is relatively simple, though, as always, there are a few pesky details to work out. One is that inode numbers in the larger chunkfs filesystem must be unique. Each chunk, however, maintains its own list of inodes starting with number one, so inode numbers will be reused from one chunk to the next. Chunkfs makes these numbers unique by putting the chunk number in the upper eight bits of every inode number. As a result, there is a maximum of 256 chunks in any chunkfs filesystem. A trickier problem comes about when a file grows. The filesystem will try to allocate additional file blocks in the chunk where the file was originally created. Should that chunk fill up, however, something else needs to happen; it would not be good for the filesystem to return "no space" errors when free space does exist in other chunks. The answer here is the creation of a "continuation inode." These inodes track the allocation of blocks in a different chunk; they look much like files in their own right, but they are part of a larger array of block allocations. The "real" inode for a given file can have pointers to up to four continuation inodes in different chunks; if more are needed, each continuation inode can, itself, point to another four continuations. Thus, continuation inodes can be chained to create files of arbitrary length. This code is in a relatively early state; the text with the patch notes that "this is a preliminary implementation and lots of changes are expected before this code is even sanely usable." There is a set of tools which can be used by people who would like to test out chunkfs filesystems with well backed-up data. With some care and some testing, chunkfs may grow to the point that it's stable and shortening fsck times worldwide. Meanwhile, one of the longest stories in Linux filesystem development has to be the reiser4 filesystem. By the time Hans Reiser first asked for the merging of reiser4 in July, 2003, the filesystem had been under development for some years. Almost four years have passed since then, and reiser4 remains outside of the mainline kernel. Hans Reiser is now out of the picture, his company (Namesys) is in trouble, and, to a casual observer, reiser4 appears not to be going anywhere. There has been a recent increase in interest in this filesystem, though. It turns out that two Namesys employees are still working on the filesystem "mostly on enthusiasm." They have been feeding patches through to the -mm tree, and they are getting toward the end of their list of things to fix. So we might see a new push for inclusion of reiser4, perhaps as soon as 2.6.23. But, says Andrew Morton, some things would have to happen; in particular, there needs to be a new review of the reiser4 code.
To get it unstuck we'd need a general push, get people looking at
and testing the code, get the vendors to have a serious think about
it, etc. We could do that - it'd require that the namesys people
(and I) start making threatening noises about merging it, I guess.
Or we could move all the reiser4 code into kernel/sched.c - that seems to get people fired up. Your editor will go out on a limb and suggest that a mass move of the reiser4 code is unlikely. But a new round of talk on actually merging this filesystem is starting to look reasonably likely. There's enough work - and enough interesting ideas - in this code that people are unwilling to let it just fade away. Perhaps, soon, it will be heading for its long-sought spot in the mainline.
The suspend2 discussion resumesOne of the side discussions in the scheduler debate had to do with how the CFS scheduler broke the out-of-tree suspend2 suspend-to-disk code. Ingo Molnar, acting on the reports, found and fixed a bug in CFS. As a way of returning the favor, he then posted a review of the suspend2 code, noting that "the patch looks sane all around" and asking whether there were any plans to get suspend2 into the mainline kernel.Perhaps Ingo wasn't listening the past few times this topic has been brought up. His question was music to suspend2 author Nigel Cunningham's ears; Nigel promptly responded with a lengthy reasons to merge suspend2 document. Among many other things, he notes that the user-space software suspend implementation (uswsusp) is still running behind suspend2 in features. It is true that little has been heard from uswsusp in recent times; there has not been a release since last November. Uptake by distributors has been slow. But that didn't stop uswsusp hacker Pavel Machek from jumping in saying "Well, current uswsusp code can do most of stuff suspend2 can do, with 20% (or so) of kernel code." Those who followed the discussion one year ago when uswsusp was merged may remember that it triggered a debate on which functions can sensibly be moved out of the kernel to user space. Many developers thought that suspend-to-disk functionality was, perhaps, on the wrong side of that line. After this debate, the number of proposals for moving functionality out of the kernel fell significantly. People are still sensitive to the issue, though, as can be seen in this response from Linus:
This whole notion that "kernel lines of code" is somehow different
is a stupid and idiotic _disease_ that is spread by microkernel
people and people who have been brainwashed by them.
In a later, calmer moment he added:
This is why I don't believe in the whole kernel-line-counting
thing. I'm personally 100% convinced that it's better to have ten
times as many lines in the kernel, if it means that you can just
forget about version skew and bad user-space interfaces etc.
This discussion should help to keep a lid on future "move kernel code to user space" projects. While there are certainly times when such moves make sense, there are also situations where putting functionality in user space just makes things harder. That said, one should not expect the recently-posted Kcli patch, intended to help move entire applications into the kernel, to get into the mainline anytime soon. Meanwhile, what about suspend2? It is possible that the renewed discussion might provide some impetus for the merging of this longstanding development. Certainly suspend2 has a significant user community which would appreciate inclusion in the mainline. The amount of discussion has been relatively low, though. It may well be that enough systems now have working suspend-to-RAM support that the level of interest in suspend-to-disk is rather lower than it once was.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials A quick look at what's new in Fedora 7The Fedora Project wiki has some release highlights for the upcoming Fedora 7 release. Here's a quick look.Fedora 7 will have Spins with different combinations of software to meet the requirements of end users. Each spin contains a very small boot.iso image for network installation. Users will be able to add GNOME and KDE to create live CDs that will also work as a single disk install. Other users looking for an upgrade path may spin a regular image for desktops, workstations and servers. A third possibility is to create a set of DVD images that include all the software in the Fedora repository. For the desktop user Fedora 7 will have GNOME 2.18 and KDE 3.5.6. Fast User Switching has been integrated, display devices can be hot plugged and work automatically, thanks to the inclusion of Xorg Server 1.3, and NetworkManager presents a graphical interface that allows users to quickly switch between wireless and wired networks for increased mobility. Also Fedora 7 has a new "Flying High" theme, Firefox 2, improved I18N support, and the SELinux troubleshooting tool 'setroubleshoot' is enabled by default. The kernel has a new FireWire stack for more robust device handling and it implements dynamic ticks for improved power management. The experimental nouveau driver has been integrated within Xorg and the kernel for those with nVidia cards. The mac80211 (formerly Devicescape) wireless stack is also part of the Fedora kernel. Smolt is an opt-in hardware profiler used to get anonymous, automated hardware information from users. It has been integrated with firstboot in the installer and all data is available on the Smolt homepage. The profile information will be used to encourage cooperation from vendors in improving end user hardware experience, and to prioritize development and quality assurance on commonly used hardware. The Fedora Directory Server base is now part of the Fedora software repository. Also all of the Python software available in the repository uses Python 2.5. All in all, Fedora 7 is shaping up to be great release.
New Releases Announcing Foresight Linux 1.2.1Foresight Desktop Linux v1.2.1 has been released. This version provides some package updates, "...but mostly we have replaced firstboot with a more robust mechanism for configuring Xorg and creating the first user."
OpenPKG Enterprise 1 Pro for SMEs and ProfessionalsOpenPKG GmbH has released the OpenPKG Enterprise 1 Pro, an online variant of the resellable product OpenPKG Enterprise 1. "OpenPKG Enterprise 1 Pro is tailored for SMEs and professionals, replaces OpenPKG Community 2-STABLE and this way fills the gap between OpenPKG Community CURRENT and OpenPKG Enterprise 1." OpenPKG is revising its offerings to better balance the needs of enterprises, professionals and developers.
Ubuntu 7.04 releasedUbuntu 7.04 "Feisty Fawn" has been announced. "The Ubuntu team is proud to announce version 7.04 of the Ubuntu family of distributions. Ubuntu is a Linux distribution for your desktop or server, with a fast and easy install, regular releases, a tight selection of excellent software installed by default, an incredible variety of add-on software available with a few clicks, and professional technical support from Canonical Limited and hundreds of other companies around the world."
Distribution News Debian Project participates in Google's Summer of CodeThe Debian project has been accepted by Google as a mentor organization for this year's Summer of Code program, with nine tasks in total. "Google will fund the students mentioned below to work full time on these tasks during their summer vacation, from May 28th to August 20th. They will be guided and evaluated during this time by active Debian developers."
OpenSUSE to drop ZENworksThe openSUSE developers have sent out a brief note to the effect that Novell's ZENworks management suite will no longer be a part of the openSUSE distribution. Instead, openSUSE will be using YaST, zypper, and libzypp for its package management. Initial responses on the list (follow the thread here) suggest that this is a popular idea in the openSUSE community.
openSUSE ArtworkThe openSUSE project has a new mailing list, openSUSE Artwork. It's meant for discussing issues related to the distribution styling and branding.
Ubuntu Community Council nominations and confirmation pollsFive people have been nominated to expand the Ubuntu community council, and voting is underway. "The Community Council is our highest governing body of the project, and makes fundamental decisions around our community structure, and code of conduct. They serve to mediate disputes and also appoint the leaders of key community teams. We specifically have 5 independent candidates because we believe that it's important to have a broad coverage of timezones and areas of expertise on the CC."
Opening development for Gutsy Gibbon (Ubuntu)The Gutsy Gibbon archives are now accessible, and will be open for normal upload and syncs from Debian.
Xandros Linux Server First to Receive LSB Certification by Using New Automated TestkitXandros has announced that Xandros Server 2.0 is the first product to be certified by the Linux Foundation through use of the LSB Distribution Testkit (LSB DTK). "Xandros engineers worked closely with their Linux Foundation counterparts in perfecting the new, automated testing procedures that will facilitate broad application developer support to Xandros Server 2.0 and all other standards-based Linux operating systems."
New Distributions Bugnux, a live CD for software testersBugnux is a live CD Linux distribution made specifically for software testers. It is based on Mandriva and PCLinuxOS and runs entirely in RAM. Bugnux contains an extensive set of open source software testing tools that can be used for functional and performance testing. It also has standalone tools to test GUI applications and Mozilla Firefox extensions as well as a set of stress and load testing tools that can be used to assist in testing performance of web applications.
Polippix, the Political Linux Distribution of DenmarkPolippix is the Political Linux Distribution of Denmark. It was created to counter the increasing amount of surveillance in Denmark, where the ISP's will soon be required to log a lot of data. The CD has created quite a stir in Denmark recently. Read more in this MadPenguin review. (Thanks to pointwood)
XtreemOS, a Linux-based Operating System to support Virtual Organizations for next generation GridsXtreemOS is a 4-year European research project, which aims to develop a grid operating system based on Linux to simplify the usage, management and programming of grids. "An initial version of the XtreemOS operating system for PCs is planned to be distributed under open source licence after the first two years of the project (Spring 2008). The XtreemOS system will eventually be available for a wide range of hardware platforms: PCs, clusters and mobile devices (mobile phones, PDAs, etc.)."
Distribution Newsletters Fedora Weekly News Issue 84The Fedora Weekly News for April 21, 2007 looks at F7T4 and SATA/IDE Testing, Multi-Lingual Release Announcement, firstname.lastname@fedoraproject.org is going away, and much, much more.
Gentoo Weekly NewsletterThe Gentoo Weekly Newsletter for April 16, 2007 covers GWN seeking writers, April Gentoo Council meeting, Gentoo on AppleTV, and several other topics.
Ubuntu Weekly News: Issue #37The Ubuntu Weekly Newsletter for April 21, 2007 covers the release of Ubuntu 7.04 and related press coverage, a week long series of events to introduce the diverse Ubuntu community, and a friendly competition where individuals and Lo``Cos can win money and prizes.
DistroWatch Weekly, Issue 199The DistroWatch Weekly for April 23, 2007 is out. "The week belonged to Ubuntu, whose new version 7.04 was made available as planned despite the skipped release candidate a week earlier. The hype surrounding the new release of the popular operating system completely eclipsed that of another desktop-oriented distribution - Mandriva Linux 2007.1, which was also made available last week, but which generated little excitement in comparison. Also in the news: a new openSUSE-based live CD featuring the latest KDE 4 snapshot, a link to an interview with Novell's Nat Friedman, and an update on the development of PC-BSD. Finally, don't miss our fifth and final part of the overview of top ten distributions, featuring Gentoo Linux and FreeBSD."
Newsletters and articles of interest The Perfect Setup (HowtoForge)HowtoForge has been busy setting up servers with new releases of CentOS 5.0, Ubuntu 7.04 and Debian 4.0.
Distribution reviews CentOS 5: Linux for Grownups (Enterprise Networking Planet)Enterprise Networking Planet reviews CentOS 5.0. "CentOS is more than RHEL with the trademarks removed, which in itself is a big job as you'll see in the Release Notes. (The CentOS team are so paranoid about infringing on Red Hat's trademarks that you'll find hardly any mentions of "Red Hat" in the CentOS distribution or on the Web site. Instead, they refer to it as "UOP", or Upstream Operating system Provider.) They maintain their own package repositories, and apply security patches as they receive them from upstream. CentOS supports a range of hardware architectures as this matrix shows. They're always going to be behind RHEL; with security fixes they're right on top of things, and with things like new releases and support for multiple architectures, they sometimes lag a few weeks behind RHEL. It's free and it's binary-compatible with RHEL, so no complaining allowed."
A Linux for the rest of us? (Channel Register)The Channel Register covers a new live CD Linux distribution targeted at newbies and technophobes. "BabelLinux is tailored for simplicity, to give users access to the seven most common applications. It boots from the (free) CD, and once booted the OS can't write to the local hard drive or USB media. Instead, users can store their data online in the "BabelBank" - which is how the venture will get its revenue."
Page editor: Rebecca Sobol Development DisTract - the Distributed Bug TrackerMatthew Sackman recently announced the DisTract Distributed Bug Tracker project, which aims to decentralize bug tracking:
We're all now familiar with working with distributed software control
systems, such as Monotone, Git, Darcs, Mercurial and others, but bug
trackers still seem to be fully stuck in the centralised model:
Bugzilla and Trac both have single centralised servers. This is
clearly wrong, as if you're able to work on the Train, off the
network and still perform local commits of code then surely you should
also be able to locally close bugs too.
DisTract allows you to manage bugs in a distributed manner through
your web-browser.
The project is still in the early phases of its development, basic features are still being added: "Currently, there are two major features missing. The first is bug listings. The links to List Bugs at the top of each page will go nowhere. This should be implemented quite quickly. The other major feature is dealing with merging." DisTract is being released under the 3-clause BSD license. The software has been written in the Haskell language and takes advantage of several open-source packages. The movement of bugs across the net is handled by Monotone, a distributed version control system and the Markdown text-to-HTML conversion tool is used for working with bug descriptions and comments. DisTract defines bug information with its Bug Fields. Three field types have been defined: free form fields are for basic bug descriptions, simple lists are for keeping track of things like bug revision histories and graphs are for tracking the state of bugs. Release 0.1.1 of DisTract came out after the original announcement, it focuses on building the code: "This version has no new features other than the fact that it actually compiles in a sane way which no longer requires endless amounts of jiggery-pokery. This has been achieved by improving the hinstaller module which DisTract depends on. Thus for all of you who downloaded the source tarball of version 0.1 and were then deeply alarmed by the compilation instructions, fear not. The Compilation page is now, correspondingly, simpler!" DisTract is available for download here.
System Applications Database Software Building a Data Warehouse with MySQL and Perl (O'ReillyNet)Sam Tregar shows how to build a data warehouse with MySQL. "Most of us are at least somewhat familiar with the kind of relational database schemas that are created for e-commerce sites, among others. But there's another kind of database model out there: the data warehouse. Sam Tregar gives us the lowdown on this highly UNrelational database."
PostgreSQL Releases: 8.2.4, 8.1.9, 8.0.13, 7.4.17, and 7.3.19A whole pile of PostgreSQL releases has come out with a fix for a privilege escalation bug. "The frequency of security fixes recently is a result of increased scrutiny of the PostgreSQL code by government agencies and security-conscious companies."
PostgreSQL Weekly NewsThe April 22, 2007 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
SQLite 3.3.16 releasedVersion 3.3.16 of SQLite, a light weight DBMS, is out. Changes include: "Performance improvements added in 3.3.14 but mistakenly turned off in 3.3.15 have been reinstated. A bug has been fixed that prevented VACUUM from running if a NULL value was in a UNIQUE column."
Interoperability Samba 3.0.25rc3 announcedVersion 3.0.25rc3 of Samba is available for testing. "This is the third release candidate of the Samba 3.0.25 code base and is provided for testing only. An RC release means that we are close to the final release but the code may still have a few remaining minor bugs. This release is *not* intended for production servers. There has been a substantial amount of development since the 3.0.23/3.0.24 series of stable releases. We would like to ask the Samba community for help in testing these changes as we work towards the next significant production upgrade Samba 3.0 release."
Mail Software Hermes Antispam Proxy 1.0 releasedStable version 1.0 of Hermes Antispam Proxy has been announced. "Hermes is a generic, transparent, multi-platform anti-spam SMTP proxy that uses a combination of techniques (like greylisting, throttling, etc.) to stop spam from reaching your mailbox. It's compatible with most SMTP extensions like STARTTLS (for SSL security) and SMTP-AUTH (for user authentication)."
Networking Tools PowerDNS 2.9.21 releasedVersion 2.9.21 of the PowerDNS authoritative name server is out. "This is the first release the PowerDNS Authoritative Server since the Recursor was split off to a separate product, and also marks the transfer of the new technology developed specifically for the recursor, back to the authoritative server. This move has reduced the amount of code of the Authoritative server by over 2000 lines, while improving the quality of the program enormously."
Web Site Development Midgard 1.8.3 releasedVersion 1.8.3 of the Midgard web development platform is out. "Midgard 1.8.3 release includes major bugfixes and replication framework enchancements. "
mnoGoSearch 3.3.2 announcedVersion 3.3.2 of mnoGoSearch, a cross-platform web site search engine, is out. See the change log for a list of new features and bug fixes.
Desktop Applications Audio Applications Amarok Weekly News (KDE.News)KDE.News has announced the latest issue of the Amarok Weekly Newsletter. "A new issue of the Amarok newsletter is out. It talks about interesting new developments, Amarok's Summer of Code projects, the current events in the 1.4 stable branch, and continues to provide cool Amarok-related tips."
jack_mixer version 3 releasedVersion 3 of jack_mixer is out with some new capabilities and a number of bug fixes relating to NaNs.
jack_nuke 1 releasedVersion 1 of jack_nuke has been announced. "jack_nuke is a client for the Jack Audio Connection Kit used to generate "unwanted" data on jack ports (both midi and audio) to test the robustness of other jack client applications. For those who've heard of Jack demolition, jack_nuke proposes similar functionalities as far as audio is concerned (jack_nuke is based on its code)."
ofqf 0.1.1 releasedThe initial release of ofqf has been announced. "ofqf is a native OSC implementation in Qt4. Native means that ofqf doesn't depend on other external libs (except for QtCore and QtNetwork) and ofqf isn't just a wrapper around liblo or something."
Desktop Environments GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
Python Enters KDE with Guidance (KDE.News)KDE.News notes the arrival of the Python-based application Guidance to the KDE SVN repository. "The first non-C++ application in KDE's SVN has been moved from the playground module to Extragear. Guidance is a number of system configuration modules and a laptop power manager. The recent 0.8 release added a kcontrol module for setting up Wine and improvements to the power manager. One of the aims of KDE 4 is to increase the use of KDE bindings, such as Ruby's Korundum and PyKDE, which will make coding KDE easier for those who do not want to worry about pointers and compilers."
KDE Commit-Digest (KDE.News)The April 22, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "A week-long Phonon/Solid developer sprint redefines and strengthens their API's. The start of a command-line client for Strigi. Continued improvements in the Konsole refactoring work. More work on visual effects in the KWin window manager composite support branch. Experiments to utilise Solid for connection management in Mailody. Initial support for the Jamendo music service in Amarok. A KDE frontend for Marble is begun, to complement the Qt-based original interface..."
The Road to KDE 4: Solid Brings Hardware Configuration and Control to KDE (KDE.News)KDE.News looks at Solid, the hardware API for KDE 4. "One of the many new technologies for KDE 4 is the often mentioned, but seldom explained Solid Hardware API. Hardware has always been a bit of an annoying element of using Linux and other Unix [like] operating systems, but Solid hopes to fix that for KDE 4. In many ways, Solid is like Phonon, in that it's a Qt/KDE style API around already existing components at the lower level, such as freedesktop.org's HAL. It is already quite functional in the backend, and it's already affecting visible KDE components."
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Xorg Software AnnouncementsThe following new Xorg software has been announced this week:
Desktop Publishing Dockboard 0.2 releasedStable version 0.2 of Dockboard has been announced. "Dockboard is an outline editor created for authors writing books, articles, and other published works. It provides the ability to organize small to large documents."
LyX version 1.5.0 (beta 2) releasedVersion 1.5.0 (beta 2) of LyX, a GUI front-end to the TeX typesetting system, is out. "Compared with the previous beta release we have fixed several bugs and added some graphical improvements: A new math toolbar replaces the old (faithful) math panel. The converter file cache can be now configured in the graphical interface. The TOC dialog is now a dock widget, embedded in the main window."
Electronics gEDA code sprintThe gEDA electronic design and analysis project had a recent code sprint. "The 5th worldwide gEDA code sprint was held last Saturday (2007/[04]/10). This sprint was particularly successful (with at least ~20 different people hanging out in irc). The irc log from this code sprint has been posted."
Games Globulation 2 0.8.23 releasedThe Alpha 0.8.23 release of Globulation 2 has been announced. "Globulation 2 is an innovative Real-Time Strategy (RTS) game which reduces micro-management by automatically assigning tasks to units." See the Changes document for information on this release.
Mail Clients Claws Mail 2.9.1 releasedVersion 2.9.1 of Claws Mail, an email client, has been announced. "This release fixes a security bug (CVE-2007-1558) which affects APOP users. If you're using APOP for POP3 authentication you are strongly advised to upgrade."
Mozilla Thunderbird 2 released (MozillaZine)MozillaZine has an announcement for the Thunderbird 2 email client. "Scott MacGregor of Team Thunderbird writes in with news of the release of Mozilla Thunderbird 2: "Thunderbird 2 is now available for download on Windows, Mac and Linux in over 35 languages. Thunderbird 2 offers easy ways to manage and organize your email with message tags, advanced folder views, message history navigation, find as you type, and improved new mail alert notifications." See the Thunderbird 2 Features page for more information on this release.
Music Applications WhySynth DSSI softsynth 20070418 releasedRelease 20070418 of the WhySynth DSSI softsynth has been announced, it features new oscillator modes, GUI enhancements, improved envelope generators and more.
Office Suites Pentaho and OpenOffice.org announce partnershipA collaboration between Pentaho and OpenOffice.org has been announced. "The OpenOffice.org community is pleased to announce plans to extend the power of the database application, Base, with Report Designer, based on Pentaho's open-source reporting engine. Scheduled to be available in the next feature release of OpenOffice.org, Report Designer will particularly interest business users, as it will give them the ability to create sophisticated business intelligence reports from various sources, including OLAP and XML, and save them using the OASIS OpenDocument format, or ODF, the ISO-approved open standard for file format, among others."
Web Browsers Support for Mozilla Firefox 1.5 Extended Until Mid-May (MozillaZine)MozillaZine reports that support for Firefox 1.5 - which was supposed to end on April 24 - has been extended to mid-May. "This suggests that the Mozilla Corporation wants to extend support for Firefox 1.5 until after Firefox 2 has been pushed out to 1.5 users via the software update feature built in to the browser. To date, the update functionality in 1.5 has only offered 1.5.0.x patches to users, despite the Mozilla Corporation's stated intention to allow 1.5.0.x to 2.0.0.x upgrades."
Languages and Tools C GCC 4.2.0 Status ReportThe April 24, 2007 edition of the GCC 4.2.0 Status Report is online with the latest Gnu Compiler Collection news. "... I'm not going to consider any of these issues blockers after Sunday, April 29. At that point, I plan to freeze the branch and build a release candidate. Then, about a week later, I plan to release 4.2.0. There has been more than enough time for people to test and fix bugs."
GCC mini-summitIan Lance Taylor reports on the recent GCC mini-summit. "We held a GCC mini-summit at Google on Wednesday, April 18. About 40 people came. This is my very brief summary of what we talked about. Corrections and additions very welcome. The goal of the mini-summit was just to let gcc developers meet face to face and talk. There was no goal of actually making any decisions, and, indeed, no decisions were made."
C++ C++0x branch in GCC Subversion repositoryDoug Gregor has announced a new C++0x development branch for GCC, the Gnu Compiler Collection. C++0x is the next revision of the C++ standard. "I have just created a new branch for development of C++0x-specific features in the GNU C++ front end. The branch is branches/cxx0x-branch in Subversion, and information about this branch is available at http://gcc.gnu.org/projects/cxx0x.html."
Caml Caml Weekly NewsThe April 24, 2007 edition of the Caml Weekly News is out with new Caml language articles.
Java GNU Classpath 0.95 releasedRelease 0.95 of GNU Classpath, the essential libraries for Java, is out. Changes include: "Full merge of 1.5 generics work. Bootstrappable with OpenJDK javac compiler. URLConnection timeout support. TimeZone can use platform zoneinfo file when available. The Collection classes, lang.management and util.spi have been updated to 1.6. Addition of 1.6 ServiceLoader. Speedup for cairo and freetype Graphics2D support. The ASM library is now included. Better detection of browser plugin mechanisms for gcjwebplugin applet support in mozilla, iceweasel and firefox."
Designing Messaging Applications with Temporary Queues (O'Reilly)Thakur Thribhuvan works with JMS topics and queues on O'Reilly. "Most JMS destinations are created administratively and treated as static resources, but you can dynamically create your own topics and queues at runtime. In this article, Thribhuvan Thakur shows us how to create temporary JMS topics and queues, and discusses architectural reasons why we might want to do so."
Perl Weekly Perl 6 mailing list summary (O'Reilly)The April 22, 2007 edition of the Weekly Perl 6 mailing list summary is out with coverage of the latest Perl 6 developments.
PostScript GPL Ghostscript 8.56 releasedVersion 8.56 of GPL Ghostscript has been announced. "Artifex Software, Inc. and artofcode LLC are pleased to announce the release of GPL Ghostscript 8.65. This is the latest in our stable 8.5x series, and the first new release since we began developing under the GPL. In addition to numerous bug fixes, conformance with published test suites is much improved in this release."
Python Python 2.5.1 final releasedVersion 2.5.1 of Python has been released. "This is the first bugfix release of Python 2.5. Python 2.5 is now in bugfix-only mode; no new features are being added. According to the release notes, over 150 bugs and patches have been addressed since Python 2.5, including a fair number in the new AST compiler (an internal implementation detail of the Python interpreter). This is a production release of Python, and should be a painless upgrade from 2.5."
Python-URL! - weekly Python news and linksThe April 18, 2007 edition of the Python-URL! is online with a new collection of Python article links.
Python-URL! - weekly Python news and linksThe April 23, 2007 edition of the Python-URL! is online with a new collection of Python article links.
Tcl/Tk Tcl-URL! - weekly Tcl news and linksThe April 18, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.
XML Which XML Technologies Are Beautiful? (O'Reilly)Michael Day ponders beautiful XML design on O'Reilly. "Given that beauty is in the eye of the beholder, I had better define some criteria. To me, technology is beautiful when it achieves a balance between power and simplicity -- hitting a local maxima in the design space, if you will, such that it cannot be made any simpler without making it less powerful, and it cannot be made any more powerful without losing its simplicity."
Miscellaneous BIEW 5.6.4 releasedVersion 5.6.4 of BIEW has been announced. "BIEW (Binary vIEW) is a free, portable, advanced file viewer with built-in editor for binary, hexadecimal and disassembler modes."
Page editor: Forrest Cook Linux in the news Recommended Reading Show Us the Code (Linux Journal)Glyn Moody examines some FUD. "As I've noted before, I am something of a connoisseur of Microsoft's FUD against open source, in part because I believe each successive FUD-flavour of the month gives important hints about the evolution of the thinking and strategy within the company. The latest development in this area, which revolves around patents, is no exception -- not least because I think people are drawing the wrong conclusions from it."
Apple sued over vague user interface patent (ars technica)ars technica covers this week's bad software patent - one which could well come to bite the free software community as well. "The patent in question was originally filed by Xerox back in 1991. It referenced that company's earlier patents, dating back to 1984, that dealt with graphical user interfaces. This specific patent describes a 'workplace' that consists of multiple windows and 'other display objects' on the screen, and describes each window as potentially containing a 'linking data structure.' If a user clicks on one of the links in each window, it can cause the contents of said window to change, reflecting a different 'workplace.'"
Trade Shows and Conferences National FOSS conference scheduled for Romania in May (Linux.com)Linux.com looks forward to eLiberatica. "eLiberatica, the first national Romanian conference on free and open source software (FOSS), is scheduled for May 18-19 in the city of Braşov. The conference is the result of 18 months of planning by Lucian Savlac, a Romanian immigrant to Canada, assisted by FOSS licensing consultant Zak Greant. The goal is nothing less than unifying FOSS promotion throughout Romania and encouraging its adoption by business through grassroots organization. The goal, says Greant, "is to help build a broad, sustainable, effective free and open source movement in Romania that includes programmers, university students, and business people.""
OIN to tour Indian cities to discuss Linux (ChannelsIndia)According to This Channels India article, the Open Invention Network has started a road show in India. "'Many Indian software development companies and customers have found it challenging to understand and adhere to intellectual property IP and patent rules and regulations,' said Jerry Rosenthal, chief executive officer of Open Invention Network. 'Because Linux is based on openness and sharing of the software code base, it is ideally suited for Indian software developers, vendors, resellers and customers that want access to powerful IT technology without worrying about IP and patent issues.'"
Linux Ready For Real Time on Wall Street? (InternetNews.com)InternetNews.com covers the recent Linux on Wall St. conference. "Tim Burke, director of emerging technologies at Red Hat, took the stage at the Linux on Wall St. conference and provided the suit-and-tie audience with a real business case for Real Time Linux, the next evolution of Linux."
Companies IBM will support x86 Linux apps on System p servers (Linux.com)Linux.com looks at an IBM announcement. "Today, IBM announced a public beta trial of a virtual Linux environment that will let x86 applications run on its System p Unix servers without modification. The new IBM System p Application Virtual Environment (AVE) technology will allow x86 binaries to run as well without modification, removing the biggest barrier against effective virtualization for some companies. As a result, customers will be able to consolidate dozens, if not hundreds, of servers into one virtual environment."
Red Hat tries spreading open-source idea (News.com)News.com covers Red Hat's promotion of open-source science. "Red Hat is taking a second crack at trying to spread its open-source philosophy beyond the realm of software development. On Wednesday, the Raleigh, N.C.-based Linux seller announced a partnership with the nearby University of North Carolina to try to encourage use of the open, collaborative model in the fields of health care research, biotechnology, bioinformatics and public policy. "The history of open source has taught us that the more broadly and transparently information is shared and re-used, the faster and stronger the results," Joanne Rohde, Red Hat's executive vice president of operations, said in a statement."
Red Hat buys data integration firm MetaMatrix (ZDNet)ZDNet reports that Red Hat has acquired MetaMatrix. " Red Hat has reached an agreement to acquire privately held data management firm MetaMatrix, the companies announced Tuesday. Red Hat executives said MetaMatrix's software will be bundled in with its JBoss middleware as part of a services-oriented architecture package."
Linux Adoption Michael Dell's Linux choice? Ubuntu (DesktopLinux.com)DesktopLinux.com reports that Michael Dell is using Ubuntu Linux on his laptop. "What operating system do the heads of Fortune 500 companies run on their personal laptops? In the case of Michael S. Dell, president and CEO of Dell, it's Ubuntu 7.04 Feisty Fawn. Yes, the head of Dell Inc., with a market-capitalization of just south of $56-billion, isn't just saying that Dell will be selling Linux-equipped PCs in the near future -- he's already running Linux at home."
Interviews People Behind KDE: Volker Krause (KDE.News)KDE.News has announced the latest interview in the People Behind KDE series. "For the next interview in the fortnightly People Behind KDE series we travel over to Germany to talk to the key to your personal information storage, a highly dedicated KDE-PIM developer (though hide any small animals when visiting his apartment!) - tonight's star of People Behind KDE is Volker Krause."
Bob Metcalfe re-evaluates open source (Linux.com)Linux.com talks briefly with Bob Metcalfe. "It's the sustainability long-term of the open source model that I worry about. Who will take care of the software after the novelty wears off and the volunteers lose interest and get real jobs?" Mr. Metcalfe appears not to have noticed that an awful lot of those "volunteers" already have real jobs.
Resources Understanding ActiveRecord: A Gentle Introduction to the Heart of Rails (O'ReillyNet)Gregory Brown introduces Rails' ActiveRecord on O'Reilly. "ActiveRecord is one of the key elements that makes up Ruby on Rails. It is the crucial link between Rails and the underlying databases that fuel it. Gregory Brown, lead developer of Ruby Reports, begins a two-part exploration of what makes ActiveRecord tick."
Reviews Recoll: A search engine for the Linux desktop (Linux.com)Linux.com looks at Recoll. "Desktop search engines are all the rage these days. While Beagle may be the most popular desktop search engine for Linux, there are alternatives. If you are looking for a lightweight and easy-to-use yet powerful desktop search engine, you might want to try Recoll. Unlike Beagle, Recoll doesn't require Mono, it's fast, and it's highly configurable. Recoll is based on Xapian, a mature open source search engine library that supports advanced features such as phrase and proximity search, relevance feedback, document categorization, boolean queries, and wildcard search."
Get things done with ThinkingRockJoe 'Zonker' Brockmeier reviews ThinkingRock on News.com. "ThinkingRock is not released under a free software license, but it is freely distributable, and the creators have indicated that it may be relicensed when the 2.0 version is released. ThinkingRock is not your everyday task manager. If you're not into the Getting Things Done method of task management, ThinkingRock will feel more than a little awkward."
Linux reports the weather to truckers, travelers (LinuxDevices)LinuxDevices.com takes a look at ViziFrame. "A company specializing in weather reporting has used Linux to build an inexpensive digital sign capable of delivering custom weather channels to truckstops, private airports, marinas, and golf courses. ItWorks's ViziFrame runs Slackware Linux on an x86 processor, and supports TVs or computer displays."
Miscellaneous The GNOME Mobile and Embedded Initiative (GnomeDesktop)GnomeDesktop.org looks at the recently announced GNOME Mobile & Embedded Initiative (GMAE). "The GNOME Mobile & Embedded Initiative will advance the use, development and commercialization of GNOME components as a mobile and embedded user experience platform. It brings together industry leaders, expert consultants, key developers and the community and industry organizations they represent."
Page editor: Forrest Cook Announcements Non-Commercial announcements European Parliament passes IP enforcement directiveFFII has sent out a release on the passage of the intellectual property rights enforcement directive in the European Parliament. This directive turns a number of "intellectual property" infringements into criminal offenses, threatening ISPs and free software developers, among others. "The directive now goes to the Council for its first reading. Several Council members, such as the Dutch and UK governments, have already expressed serious concerns about the scope and nature of this directive."
EFF: Consumers, Librarians, and Innovators Tell EU 'We're Not Criminals'The Electronic Frontier Foundation has sent out a media release regarding proposed new European copyright crimes. "The Electronic Frontier Foundation's (EFF's) European Office today announced a broad coalition aimed at fixing a poorly drafted intellectual property enforcement proposal that could make criminals of thousands of people in the European Union. The Second Intellectual Property Rights Enforcement Directive (IPRED2) -- set for vote in the European Parliament early next week -- makes "aiding, abetting, or inciting" intellectual property infringement on a "commercial scale" a criminal offence. However, IPRED2 defines criminal offences so vaguely that creators of legitimate websites, Internet service providers, and even librarians could be investigated by the police and face criminal records as well as fines of hundreds of thousands of euros."
European Parliament must prevent criminalisation of software vendors and usersThe Free Software Foundation Europe has sent out a press release regarding proposed changes to the European patent and copyright law. "FSFE criticises the proposed "second Intellectual Property Enforcement Directive" (IPRED2) for sweeping criminalisation across various areas of law and loosely described areas of activity, including for 'attempting, aiding or abetting and inciting.' The proposed text criminalises these acts for infringement of many dissimilar laws including copyright, trademark, and patents. "This threatens" according to a press release of FSFE "to introduce intimidating degrees of punishment to activities which individuals, community-based projects, and other small to medium-sized groups participate in - groups that may not have sufficient money or lawyers to defend their rights in court.""
EFF challenges patent threatening consumer awareness productsThe Electronic Frontier Foundation is challenging a patent by NeoMedia Technologies, Inc. "The Electronic Frontier Foundation (EFF) took aim today at a bogus patent threatening innovative technologies that enhance consumer awareness, requesting a reexamination by the United States Patent and Trademark Office (PTO). NeoMedia Technologies, Inc., claims to own rights to all systems that provide information over computer networks using database-like lookup procedures that rely on scanned inputs, such as a barcode. NeoMedia has used these claims not only to threaten and sue innovators in the mobile information space, but also to intimidate projects focused on increasing awareness among consumers about the social and environmental impact of the products they buy."
Eben Moglen leaving the FSF boardEben Moglen has posted a weblog entry on what he will be doing once the GPLv3 process stops dominating his life. "As I return to teaching at Columbia I need to concentrate more of my remaining spare time and effort on the affairs of the Software Freedom Law Center, which is inevitably going to mean less involvement with the affairs of other organizations I care very much about. In particular, its time for me to leave the board of directors of the Free Software Foundation, where Ive been since 2000."
Open Solutions Alliance adds six members to its rosterThe Open Solutions Alliance has announced its six newest members. "The Open Solutions Alliance (OSA), a nonprofit, vendor-neutral consortium dedicated to driving interoperability and adoption of comprehensive open solutions, today announced that six new organizations have joined the Alliance. The new members include Black Duck, The Mambo Foundation, Onepoint, The Open Source Technology Alliance (TOSTA), Palamida and Project.net. The OSA today has 18 members."
Commercial announcements CollabNet buys SourceForge Enterprise EditionCollabNet and VA Software have announced a deal wherein CollabNet will be buying the SourceForge Enterprise Edition code and business from VA. The SourceForge site will apparently remain with VA. "With the addition of SourceForge Enterprise Edition business to CollabNet's product portfolio and team, we have become the standard for this new method of performing decentralized development. Unlike conventional software development systems, CollabNet's solutions are designed to promote and optimize the benefits of collaboration and distributed software development, based on open source principles" No mention of open-sourcing the newly-acquired code, however. (Thanks to Rick Moen, who has posted some history of the SourceForge code).
New version of Concurrent NightStar Tools for LinuxConcurrent has announced version 4.1 of its NightStar integrated software tool set. "The revamped tool set features a complete graphical user interface makeover making it more flexible and easy to customize. NightStar 4.1 is one of the most advanced, yet easy-to-use debugging environments for troubleshooting and tuning complex Linux software applications."
Samsung does a patent deal with MicrosoftMicrosoft and Samsung have announced a patent deal. "In these product lines, Samsung and its distributors and customers may utilize Microsoft's patents in Samsung's products with proprietary software, and Samsung will also obtain coverage from Microsoft for its customers' use of certain Linux-based products."
Sun Microsystems and Canonical announce Java for Ubuntu 7.04Sun Microsystems, Inc. has announced the availability of the Java technology stack and developer tools for Ubuntu 7.04. "This stack, which is comprised of key popular Java technologies such as GlassFish(TM) v1 (the open source Java Platform, Enterprise Edition 5 implementation), Java Platform, Standard Edition (JDK 6), Java DB 10.2 (built from Apache Derby) and NetBeans(TM) IDE 5.5 -- will be available in the Multiverse component of the Ubuntu repository on April 19."
Zenoss announces Global Partner Program and 8 new partnersZenoss, Inc. has announced the launch of the Zenoss Global Partner Program. "The new program brings expanded services and technology capabilities to Zenoss users worldwide and creates new business opportunities for systems integrators, hosters, managed service providers, ISVs and OEMs. The Zenoss Global Partner program provides a business and technology framework for partnering with Zenoss, Inc. to deliver professional services, managed services and technology solutions related to Zenoss Core, the highest ranking open source IT monitoring solution on Sourceforge.net."
New Books Linux System Administration - O'Reilly's Latest ReleaseO'Reilly has published the book Linux System Administration by Tom Adelstein and Bill Lubanovic.
Addison-Wesley Professional publishes SQL for MySQL DevelopersAddison-Wesley Professional has published the book SQL for MySQL Developers: A Comprehensive Tutorial and Reference by Rick F. van der Lans.
Understanding MySQL Internals - O'Reilly's Latest ReleaseO'Reilly has published the book Understanding MySQL Internals by Sasha Pachev.
XQuery - O'Reilly's Latest ReleaseO'Reilly has published the book XQuery by Priscilla Walmsley.
Contests and Awards Novell wins two CODiE awardsNovell, Inc. has announced the winning of CODiE awards by SUSE Linux Enterprise Desktop and ZENworks Asset Management. "Novell's Linux* and enterprise management services took home top honors for Best Open Source Solution and Best Asset Management Solution at the 2007 CODiE awards, the annual program led by the Software Industry and Information Association (SIIA) to recognize innovation in the software industry. SUSE(R) Linux Enterprise Desktop from Novell(R) won in the open source category, while Novell ZENworks(R) 7.5 Asset Management beat out the competition in the asset management category."
Education and Certification LPI announces new affiliates in Europe and AfricaThe Linux Professional Institute has announced its latest Linux certification affiliates. "The Linux Professional Institute, the world's premier Linux certification organization, announced new affiliates throughout Europe and Africa including LPI-Spain, LPI-France, LPI-Maghreb, LPI-Malta/Cyprus and a new partner in South Africa."
LPI Offers Discounted Certification Exams at IT 360The Linux Professional Institute will hold discounted Linux certification exams at the IT 360 conference in Toronto, Canada on May 1 and 2, 2007.
Event Reports LAC 2007 website updatesThe web site for the recent 2007 Linux Audio Conference (LAC) has been updated. "It took us a while, but finally (and hopefully) the last updates have been made to the LAC website."
Calls for Presentations CfP Hack.lu 2007A call for papers has gone out for Hack.lu 2007. The event will take place in Luxembourg on October 18-20, 2007, submissions are due by June 1.
Upcoming Events Akademy 2007 Edu and School Day (KDE.News)KDE.news has announced the Edu and School Day, which will take place in Glasgow, Scotland during the Akademy conference. "You are invited to aKademy Edu & School Day on Tuesday 3rd July. This day will focus on installing and running free educational software in schools, presenting software as well as getting feedback from teachers and community people."
DAM-4 - Google Mountain View CampusDAM-4 (desktop_architects mailing list) has been announced, the event will take place on June 13-15, 2007 (new dates) in Mountain View, CA. "DAM-4 is being held in conjunction with the Linux Foundation Collaboration Summit. The Linux Foundation Desktop Linux workgroup is planning and sponsoring this event for the desktop architects. Once again, the intent of this meeting is to bring desktop organizations together to address common problems and to create some working synergy across organizations."
GUADEC Core schedule announcedThe preliminary schedule for the GUADEC Core Days has been announced.
Linux Installfest workshop in Davis , CAThe Linux Users' Group of Davis will hold the next Linux Installfest on Saturday, April 28, 2007 in Davis, CA.
Registration opens for the 2007 O'Reilly Open Source ConventionO'Reilly has announced the program schedule and registration opening for the 2007 Open Source Convention. "This year's program will examine how open technologies are making breakthroughs in the mainstream IT community, and delve into the advances on the open source horizon. Now in its ninth year, OSCON is the annual gathering of developers, hackers, visionaries, and alpha geeks who are driving the open source movement. OSCON returns to the Oregon Convention Center in Portland, Oregon July 23-27, 2007."
The SugarCRM Global Developer ConferenceSugarCRM has announced the SugarCRM Global Developer Conference. "SugarCRM, the world's leading provider of commercial open source customer relationship management (CRM) software, today announced that it will host the first ever SugarCRM Global Developer Conference, May 3-5, 2007, at the Sainte Claire Hotel in San Jose, California. HP, Intel, Microsoft, MySQL, Novell, Pervasive, Oracle and Sun are among the industry leaders sponsoring the conference, which is designed for developers, administrators, users, and managers of CRM projects."
Events: May 3, 2007 to July 2, 2007The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it.
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Jeff
Waugh]](/images/conf/elc2007/JeffWaugh-sm.jpg)