LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for May 3, 2007A tale of two release cyclesAs most LWN readers will be aware, the 2.6.21 kernel has been released. The 2.6.21 process was relatively difficult, mostly as a result of the core timer changes which went in. These changes were necessary - they are the path forward to a kernel which works better on all types of hardware - but they caused some significant delays in the release of the final 2.6.21 kernel. Even at release time, this kernel was known not to be perfect; there were a dozen or so known regressions which had not been fixed.The reason we know about these regressions is that Adrian Bunk has been tracking them for the past few development cycles. Mr. Bunk has let it be known that he will not be doing this tracking for future kernels. From his point of view, the fact that the kernel was released with known regressions means that the time spent tracking them was wasted. Why bother doing that work if it doesn't result in the tracked problems being fixed? What Mr. Bunk would like to see is a longer stabilization period:
There is a conflict between Linus trying to release kernels every 2
months and releasing with few regressions. Trying to avoid
regressions might in the worst case result in an -rc12 and 4 months
between releases. If the focus is on avoiding regressions this has
to be accepted.
Here is where one finds the fundamental point of disagreement. The kernel used to operate with long release cycles, but the "stable" kernels which emerged at the end were not particularly well known for being regression free. Downloading and running an early 2.4.x kernel should prove that point to anybody who doubts it. The reasoning behind the current development process (and the timing of the 2.6.21 release in particular), as stated by Linus Torvalds is:
Regressions _increase_ with longer release cycles. They don't get
fewer.. This simply *does*not*work*. You might want it to work,
but it's against human psychology. People get bored, and start
wasting their time discussing esoteric scheduler issues which
weren't regressions at all.
In other words, holding up a release for a small number of known bugs prevents a much larger set of fixes, updates, new features, additional support, and so on from getting to the user base. Meanwhile, the developers do not stop developing, and the pile of code to be merged in the next cycle just gets larger, leading to even more problems when the floodgates open. It would appear that most kernel developers believe that it is better to leave the final problems for the stable tree and let the development process move on. The 2.6.21 experience might encourage a few small changes; in particular, Linus has suggested that truly disruptive changes should maybe have an entire development cycle to themselves. As a whole, however, the process is not seen as being broken and is unlikely to see any big "fixes." For an entirely different example, let us examine the process leading to the Emacs 22 release. Projects managed by the Free Software Foundation have never been known for rapid or timely releases, but, even with the right expectations in place, this Emacs cycle has been a long one: the previous major release (version 21) was announced in October, 2001. In those days, LWN was talking about the 2.4.11 kernel, incorporation of patented technology into W3C standards, the upcoming Mozilla 1.0 release, and the Gartner Group's characterization of Linux as a convenient way for companies to negotiate lower prices from proprietary software vendors. Things have moved on a bit since those days, but Emacs 21 is still the current version. The new Emacs major release was recently scheduled for April 23, but it has not yet happened. There is one significant issue in the way of this release: it seems that there is a cloud over some of the code which was merged into the Emacs Python editing mode. Until this code is either cleared or removed, releasing Emacs would not be a particularly good idea. It also appears that the wisdom of shipping a game called "Tetris" has been questioned anew and is being run past the FSF's lawyers. Before this issue came up, however, the natives in the Emacs development community were getting a little restless. Richard Stallman may not do a great deal of software development anymore, but he is still heavily involved in the Emacs process. Emacs is still his baby. And this baby, it seems, will not be released until it is free of known bugs. This approach is distressing for Emacs developers who would like to make a release and get more than five years' worth of development work out to the user community. This message From Emacs hacker Chong Yidong is worth quoting at length:
To be fair, I think RMS' style of maintaining software, with long
release cycles and insistence on fixing all reported bugs, was
probably a good approach back in the 80s, when there was only a
handful of users with access to email to report bugs.
Nowadays, of course, the increase in the number of users with email and the fact that Emacs CVS is now publicly available means that there will always be a constant trickle of bug reports giving you something to fix. Insisting---as RMS does---on fixing all reported bugs, even those that are not serious and not regressions, now means that you will probably never make a release. It has often been said that "perfect" is the enemy of "good." That saying does seem to hold true when applied to software release cycles; an attempt to create a truly perfect release results in no release at all. Users do not get the code, which does not seem like a "perfect" outcome to them. Mr. Yidong has another observation which mirrors what was said in the kernel discussion:
There is also a positive feedback loop: RMS' style for maintaining
Emacs drives away valuable contributors who feel their effects will
never be rewarded with a release (and a release is, after all, the
only reward you get from contributing to Emacs).
It's not only users who get frustrated by long development cycles; the developers, too, find them tiresome. Projects which adopt shorter, time-based release cycles rarely seem to regret the change. It appears that there really are advantages to getting the code out there in a released form. Your editor is not taking bets on when Emacs might move to a bounded-time release process, though.
The embedded Linux nightmare - an epilogueThe usage of proprietary operating systems in companies over the last 25 years has established a set of constraints which are not really applicable to the way open source development - and Linux kernel development in particular - works. My keynote talk ("The Embedded Linux Nightmare") at the Embedded Linux Conference in Santa Clara addressed this mismatch; it created quite a bit of discussion. I would like to follow up and add some more details and thoughts about this topic.
Why follow mainline development?The version cycles of proprietary operating systems are completely different than the Linux kernel version cycles. Proprietary operating systems have release cycles measured in years; the Linux kernel, instead, is released about every three months with major updates to the functionality and feature set and changes to internal APIs. This fundamental difference is one of the hardest problems to handle for the corporate mindset. One can easily understand that companies try to apply the same mechanisms which they applied to their formerly- (and still-) used operating systems in order not to change procedures of development and quality assurance. Jamming Linux into these existing procedures seems to be somehow possible, but it is one of the main contributions to the embedded Linux nightmare, preventing companies from tapping the full potential of open source software. Embedded distribution vendors are equally guilty as they try to keep up the illusion of the one-to-one replacement of proprietary operating systems by creating heavily patched Linux Kernel variants. It is undisputed that kernel versions need to be frozen for product releases, but it can be observed that those freezes are typically done very early in the development cycle and are kept across multiple versions of the product or product family. These freezes, which are the vain attempt to keep the existing procedures alive, lead to backports of features found in newer kernel versions and create monsters which put the companies into the isolated situation of maintaining their unique fork forever, without the help of the community. I was asked recently whether a backport of the new upcoming wireless network stack into Linux 2.6.10 would be possible. Of course it is possible, but it does not make any sense at all. Backporting such a feature requires backporting other changes in the network stack and many other places of the kernel as well, making it even more complex to verify and maintain. Each update and bug fix in the mainline code needs to be tracked and carefully considered for backporting. Bugfixes which are made in the backported code are unlikely to apply to later versions and are therefore useless for others. During another discussion about backporting a large feature into an old kernel, I asked why a company would want to do that. The answer was: the quality assurance procedures would require a full verification when the kernel would be upgraded to a newer version. This is ridiculous. What level of quality does such a process assure when there is a difference between moving to a newer kernel version and patching a heavy feature set into an old kernel? The risk of adding subtle breakage into the old kernel with a backport is orders of magnitudes higher than the risk of breakage from an up-to-date kernel release. Up-to-date kernels go through the community quality assurance process; unique forks, instead, are excluded from this free of charge service. There is a fundamental difference between adding a feature to a proprietary operating system and backporting a feature from a new Linux kernel to an old one. A new feature of a proprietary operating system is written for exactly the version which is enhanced by the feature. A new feature for the Linux kernel is written for the newest version of the kernel and builds upon the enhancements and features which have been developed between the release of the old kernel and now. New Linux kernel features are simply not designed for backporting. I only can discourage companies from even thinking about such things. The time spent doing backports and the maintenance of the resulting unique kernel fork is better spent on adjusting the internal development and quality assurance procedures to the way in which the Linux kernel development process is done. Otherwise it would be just another great example of a useless waste of resources.
Benefits to companies from working with the kernel processThere are a lot of arguments made why mainlining code is not practicable in the embedded world. One of the most commonly used arguments is that embedded projects are one-shot developments and therefore mainlining is useless and without value. My experience in the embedded area tells me, instead, that most projects are built on previous projects and a lot of products are part of a product series with different feature sets. Most special-function semiconductors are parts of a product family and development happens on top of existing parts. The IP blocks, which are the base of most ASIC designs, are reused all over the place, so the code to support those building blocks can be reused as well. The one-shot project argument is a strawman for me. The real reasons are the reluctance to give up control over a piece of code, the already discussed usage of ancient kernel versions, the work which is related to mainlining, and to some degree the fear of the unknown. The reluctance to give up control over code is an understandable but nevertheless misplaced relic of the proprietary closed source model. Companies have to open up their modifications and extensions to the Linux kernel and other open source software anyway when they ship their product. So handing it over to the community in the first place should be just a small step. Of course mainlining of code is a fair amount of work and it forces changes to the way how the development in companies works. There are companies which have been through this change and they confirm that there are benefits in it. According to Andrew Morton, we change approximately 9000 lines of kernel code per day, every day. That means that we touch something in the range of 3000 lines of code, when we take comments, blank lines and simple reshuffling into account. The COCOMO estimate of the value of 3000 lines of code is about $100k. So we have a total investment of $36 million per year which flows into the kernel development. That's with all the relevant factors set to 1. Taking David Wheelers factors into account would cause this figure to go up to $127 million. This estimate does not take other efforts around the kernel into account, like the test farms, the testing and documentation projects and the immense number of (in)voluntary testers and bug reporters who "staff" the QA department of the kernel. Some companies realize the value of this huge cooperative investment and add their own stake for the long term benefit. We recently had a customer who asked if we could write a driver for an yet-unsupported flash chip. His second question was whether we would try to feed it back into the mainline. He was even willing to pay for the extra hours, simply because he understood that it was helpful for him. This is a small company with less than 100 employees and a definitely limited budget. But they cannot afford the waste of maintaining even such small drivers out of tree. I have seen such efforts of smaller companies quite often in recent years and I really hold those folks in great respect. Bigger players in the embedded market apparently have budgets large enough to ignore the benefits of working with the community and just concentrate on their private forks. This is unwise with respect to their own investments, not to talk about the total disrespect for the values which are given them by the community. It is understandable that companies want to open the code for new products very late in the product cycle, but there are ways to get this done nevertheless. One is to work through a community proxy, such as consultants or service providers, who know how kernel development works and can help to make the code ready for inclusion from the very beginning. The value of community-style development is in avoiding mistakes and the benefit of the experience of other developers. Posting an early draft of code for comment can be helpful for both code quality and development time. The largest benefit of mainlining code is the automatic updates when the kernel internal interfaces are changed and the enhancements and bugfixes which are provided by users of the code. Mainlining code allows easy kernel upgrades later in a product cycle when new features and technologies have to be added. This is also true for security fixes, which are eventually hard to backport.
Benefits to developersI personally know developers who are not interested in working in the open at all for a very dubious reason: as long as they have control over their own private kernel fork, they are the undisputed experts for code on which their company depends. If forced to hand over their code to the community, they fear losing control and making themselves easier to replace. Of course this is a short-sighted view, but it happens. These developers miss the beneficial effect of gaining knowledge and expertise by working together with others. One of my own employees went through a ten-round review-update-review cycle which ended with satisfaction for both sides:
> Other than that I am very happy with this latest version. Great > job! Thanks for your patience, I know it's always a bit > frustrating when your code works well enough for yourself and you > are still told to make many changes before it is acceptable > upstream. Well, I really appreciate good code quality. If this is the price, I'm willing to pay it. Actually, I thank you for helping me so much. Over the course of this review cycle the code quality of the driver improved; it also led to some general discussion about the affected sensors framework and the improvement of it on the fly. The developer improved his skills and he got an improved insight into the framework with the result that his next project will definitely have a much shorter review cycle. This growth makes him far more valuable for the company than having him as the internal expert for some "well it works for us" driver. The framework maintainer benefited as well, as he needed to look at the requirements of the new device and adjust the framework to handle it in a generic way. This phenomenon is completely consistent with Greg Kroah-Hartman's statement in his OLS keynote last year:
We want more drivers, no matter how "obscure", because it
allows us to see patterns in the code, and realize how we
could do things better.
All of the above leads to a single conclusion: working with the kernel development community is worth the costs it imposes in changes to internal processes. Companies which work with the kernel developers get a kernel which better meets their needs, is far more stable and secure, and which will be maintained and improved by the community far into the future. Those companies which choose to stay outside the process, instead, miss many of the benefits of millions of dollars' worth of work being contributed by others. Developers are able to take advantage of working with a group of smart people with a strong dedication to code quality and long-term maintainability. It can be a winning situation for everybody involved - far better than perpetuating the embedded Linux nightmare.
A tale of two dead companiesOnce upon a time, there was a software firm named AppForge, Inc. This company sold development tools for mobile platforms, allowing others to create applications which would run on a number of different devices. These were all proprietary tools for proprietary systems, and so wouldn't normally be of interest on LWN. What has happened with AppForge turns out to be worth a look, however.It seems that AppForge went bankrupt back in March. So there will be no support for AppForge's products going into the future. But, as it turns out, it's worse than that:
Crossfire licensing typically works by validating a serial number
against AppForge's server before installation on any new
device. Since AppForge went dark, end users have been unable to
provision new devices with software that they thought they
owned.
It does not take much searching to find forums full of AppForge customers looking for ways to activate the product licenses they had already bought and paid for. In the mean time, their businesses have come to a halt because a core component of their products has suddenly been pulled out from underneath them. Adding the usual sanctimonious LWN sermon on the risks of using proprietary software seems superfluous here. More recently, Progeny Linux Systems ceased operations. This company, which had based its hopes on a specialized, configurable version of the Debian distribution aimed at appliance vendors, had been quiet for some time. Founder Ian Murdock headed off to greener pastures (first the Free Standards Group, then Sun) a while back. Press releases and other communications had dried up. The last repository update posted to the mailing lists happened in October, 2006. The DCC Alliance, a Progeny-led effort to create a standard distribution based on Debian, has had no news to offer since 2005. Now the company's web site states that Progeny ceased operations on April 30. Progeny seems to have lost out in the market to others with more interesting offerings. Ubuntu declined to join the DCC Alliance for what looks like a clear business reason: Ubuntu is becoming the standardized, cleaned-up version of Debian that DCC wanted to be, and with predictable releases as a bonus. Companies like rPath appear to be finding more success at signing up customers in the appliance market. With no wind in its sails, Progeny was unable to bring in the revenue to keep going. Progeny's customers, too, will lose the support offered by the company. There will be no distribution upgrades, no security fixes, and nobody to answer questions. This loss will clearly be a concern for any affected customers, but those customers are in a very different position from those who were dependent on AppForge tools. Since they were using a free platform, nothing prevents Progeny's customers from continuing to ship their products. These customers can also readily find companies (or consultants) who can continue to support the Progeny platform, should they need that support. The cost may be unwelcome, but the core truth remains: any Progeny customer which has a need to keep the Progeny platform secure or fix bugs in it will be able to do so. The nature of the technology market is such that the failure of product lines and entire companies is not an uncommon event. When one company depends on another company's products, the risk of this sort of failure must be kept in mind. That risk is far lower, however, when companies base their products on free software. (Thanks to Scott Preece for bringing the AppForge situation to our awareness).
Security IPv6 source routing: history repeats itselfA feature slipped into the IPv6 protocol because of political, rather than technical, considerations and has, perhaps unsurprisingly, come back to haunt the IPv6 working group. It also caused a recent Linux kernel release that disables a particular routing 'feature' of IPv6 by default; it also allows administrators to enable it if they wish. Even a cursory look at the IPv6 routing header type 0 (RH0) might lead one to remember a similar IPv4 feature that eventually fell out of favor: source routing. Mostly used as a diagnostic tool, source routing allows a packet to specify the route, as a list of IP addresses, that should be used to reply to it. This capability was abused in IP address spoofing attacks by enabling the spoofer to see responses that normally would be routed directly to the spoofed address. Because of this (and other source routing abuses), most routers are configured to drop packets that have source routing information and have been since the mid-90s. Ten years or more would seem to be enough time to ensure that the 'next generation' of IP (IPv6 was originally billed as 'IPng') missed out on repeating these mistakes of the past; sadly, that is not the case. IPv6 introduces something called a 'routing header' into the protocol as part of the extension headers, which are meant to replace the IPv4 options field. Three types of routing header are defined, one of which is unused (type 1) and another which is only used by Mobile IPv6 implementations (type 2). It is the third (type 0) that is the cause of all the current uproar. Also known as RH0 headers, they contain a list of hosts to be 'visited' on the way back to the source address. It should be noted that the IPv6 RFC mentions IPv4 source routing as part of the description of RH0. A presentation (PDF) at the CanSecWest 2007 conference outlined several vulnerabilities with RH0 and that led to the kernel changes in 2.6.20.9. The biggest vulnerability appears to be in the amplification effect that can be caused by listing hosts multiple times in the 'route'. One packet can then cause what are essentially multiple copies of itself to be sent back and forth between the hosts listed in the header. This can be used to multiply the traffic in a denial of service attack as well as masking the source of the attack. The BSD operating systems have also released new versions to address this problem and the router vendors will not be far behind. (It should be noted that a bug in the original Linux fix was addressed in 2.6.20.10 and because 2.6.21 had been released in the interim, in 2.6.21.1 as well.) Given that the problems with source routing are known and that the parallels between RH0 and source routing are also known, how did we get to the point where this kind of feature was added into IPv6? The Internet Engineering Task Force (IETF) IPv6 working group is discussing some of that in a thread on their mailing list. A memorable rant by Theo de Raadt seems to indicate that 'academics' in the process forced the inclusion of RH0 through politics. Paul Vixie commiserates and indicates that he sees it as more evidence that the IETF is largely irrelevant in setting internet standards today. In addition, no one responding to the thread seems to be able to come up with a particularly valid use case for the feature. This would appear to be a classic case of ignoring the past and being doomed to repeat it, but it would also appear that the politics of standards bodies played a role. We certainly are not well served when political considerations trump security (or, really, any technical) considerations. Hopefully this will be yet another object lesson for those of a political bent.
New vulnerabilities capi4k-utils: buffer overflow
gimp: arbitrary code execution
kernel: denial of service
net-snmp: denial of service
qemu: multiple vulnerabilities
quagga: denial of service
tomcat: directory traversal
util-linux: access restriction bypass
vim: arbitrary shell code execution
wordpress: another pile of vulnerabilities
xscreensaver: password check bypass
Updated vulnerabilities 3proxy: buffer overflow
acroread: multiple vulnerabilities
aircrack-ng: remote execution of arbitrary code
apache: cross-site scripting
Asterisk: two SIP denial of service vulnerabilities
blender: user-assisted remote execution of arbitrary code
bluez-utils: hidd vulnerability
bugzilla: multiple vulnerabilities
busybox: insecure password generation
clamav: several vulnerabilities
Courier-IMAP: remote execution of arbitrary code
cpio: arbitrary code execution
vixie-cron: privilege escalation
cscope: buffer overflows
cscope: buffer overflows
cups: denial of service
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
dovecot: index cache file handling error
elinks: arbitrary file access
evolution: format string error
fail2ban: denial of service
ffmpeg: buffer overflows
file: denial of service
file: arbitrary code execution
firefox: FTP PASV port-scanning
freeradius: memory leak
freetype: integer overflows
gcc: file overwrite vulnerability
gd: buffer overflow
gdb: buffer overflow
gdm: improper file permissions
gedit: format string vulnerability
grip: buffer overflow
gzip: multiple vulnerabilities
horde-kronolith: local file inclusion
ImageMagick: integer overflows
imlib2: arbitrary code execution
ipsec-tools: denial of service
java: multiple vulnerabilities
kdelibs: kate backup file permission leak
kdelibs: cross-site scripting
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
kernel: denial of service
kernel: denial of service
kernel: denial of service by memory consumption
kernel: denial of service
kernel: denial of service
kernel: denial of service
kernel: multiple vulnerabilities
krb5: uninitialized pointers
krb5: local privilege escalation
krb5: multiple vulnerabilities
ktorrent: incorrect validation
libgadu: memory alignment bug
libgtop2: buffer overflow
libmodplug: boundary errors
libpng: buffer overflow
libpng: heap based buffer overflow
libtiff: buffer overflow
libxml2 - arbitrary code execution
libxml2: multiple buffer overflows
lighttpd: denial of service
lookup-el: insecure temporary file
lynx: arbitrary command execution
mod_jk: stack overflow
mod_perl: denial of service
mplayer: buffer overflow
mysql: denial of service
mysql: format string bug
MySQL: privilege violations
MySQL: logging bypass
nbd: arbitrary code execution
ncompress: buffer underflow
openldap: security bypass
OpenSSH: denial of service
openssh: remote denial of service
opera: several vulnerabilities
php: multiple vulnerabilities
php: several vulnerabilities
php: buffer overflows
phpbb2: missing input sanitizing
phpbb2: multiple vulnerabilities
postgresql: SQL injection
postgresql: privilege escalation
qt: "/../" injection
quake: buffer overflow
rpm: arbitrary code execution
Mozilla: multiple vulnerabilities
shadow-utils: mailbox creation vulnerability
slocate: information disclosure
snort: remote arbitrary code execution
sqlite: buffer overflow
sun-jdk: arbitrary code execution
tcpdump: denial of service
unzip: long file name buffer overflow
vixie-cron: weak permissions may cause errors
w3c-libwww: possible stack overflow
webcalendar: cross-site scripting
XFree86 X.org: integer overflows
xine: format string vulnerabilities
xine-lib: arbitrary code execution
xine-lib: buffer overflow
xine-lib: buffer overflow
xinit: race condition
xmms: BMP handling vulnerability
X.org: local privilege escalations
zziplib: buffer overflow
Page editor: Jonathan Corbet Kernel development Brief items Kernel release statusThere is no 2.6 prepatch outstanding as of this writing. The 2.6.22 merge window has opened, and about 2,000 changesets have been merged so far (see below).The current -mm tree is 2.6.21-rc7-mm2. There's not been a lot of new features going into -mm recently; the focus has been on bug fixes. The current stable 2.6 kernel is 2.6.21, released on April 25. For those just tuning in, 2.6.21 includes clockevents and the dynamic tick patch, the VMI virtualization interface, a number of KVM improvements, the ALSA system on chip layer, and much more. See the KernelNewbies 2.6.21 summary for vast amounts of detail. The 2.6.21.1 update added a couple of fixes for security issues in the networking code.
For older kernels: the current 2.6.20 release is 2.6.16.50-rc1 was released on May 1 with several fixes, a couple of which have CVE numbers attached.
Kernel development news Quotes of the week
So -mm is still very useful just because *Andrew* tests it, and
finds all kinds of issues with it, but I literally suspect that
Andrew himself is personally a big part of that, which is kind of
wasteful - we should be able to spread out the pain more. Andrew is
also too damn polite when something goes wrong.
-- Linus Torvalds
The overall stability in recent -mm's was not sufficiently high and
we ran out of time to find all the bugs. I shouldn't have merged
all those patches last week - they contained an exceptional amount
of garbage. This all means that more bugs than usual will probably
leak into mainline, and we'll have to fix them there.
-- Andrew Morton
Job opening: kernel bug managerIn the middle of the discussion on the handling of kernel bugs, Andrew Morton let it slip that the long-rumored, Google-funded kernel bug manager position is now open. It's apparently proved hard to fill: "Unfortunately the recruiting has been a bit tricky - this is not a typical job and it's a funny mixture of bureaucracy/politics/social engineering and programming. People who are skilled in both areas, are, ah, uncommon." If you are such a person this could be a great opportunity to build kernel skills while working directly with Andrew - and help the kernel process as well.
Merged (and to be merged) for 2.6.22The 2.6.22 merge window has opened, with almost 2,000 changesets merged as of this writing. The merge process appears to have slowed somewhat; it may be that the level of traffic on linux-kernel is so high (even by linux-kernel standards) that nobody has time to deal with actual patches. Be that as it may, user-visible changes merged so far include:
Changes visible to kernel developers include:
Those who are curious about what else might get in to 2.6.22 can have a look at Andrew Morton's 2.6.22 merge plans document. Interestingly, Lguest, the signalfd work, and the SLUB allocator are all planned for merging, but all have become less certain since:
There are a few things of interest which are not on Andrew's list. The reiser4 filesystem seems certain to sit out (at least) another cycle, despite a resurgence in interest in getting it ready for inclusion. Xen is not mentioned, but it seems that, behind the scenes, it is being worked on. So Xen could actually show up before the merge window closes. There will be no major scheduler rework in 2.6.22; it's too soon for any of those patches to go in. The anti-fragmentation patches look likely to wait a little longer; Andrew worries that they still haven't seen enough review and benchmarking despite many iterations over a few years. The integrity management patches are considered to be unready and will not be merged. Beyond that, there will be doubtless be surprises over the next week or so; stay tuned.
UIO: user-space driversThe concept of supporting user-space drivers has appeared on this page a few times before. It's back; this time there is a version of the patch (now called "UIO") which is being proposed for inclusion into 2.6.22. The interface has changed somewhat, so another look is called for.Like the previous version, UIO does not completely eliminate the need for kernel-space code. A small module is required to set up the device, perhaps interface to the PCI bus, and register an interrupt handler. The last function (interrupt handling) is particularly important; much can be done in user space, but there needs to be an in-kernel interrupt handler which knows how to tell the device to stop crying for attention. The kernel module includes <linux/uio_driver.h>. If it's a driver for a PCI device, it should register itself as a PCI driver in the usual way. When it comes time to connect a device (perhaps in the PCI probe() function), the driver fills in a uio_info structure:
struct uio_info {
char *name;
char *version;
struct uio_mem mem[MAX_UIO_MAPS];
long irq;
unsigned long irq_flags;
void *priv;
irqreturn_t (*handler)(int irq, struct uio_info *dev_info);
int (*mmap)(struct uio_info *info, struct vm_area_struct *vma);
int (*open)(struct uio_info *info, struct inode *inode);
int (*release)(struct uio_info *info, struct inode *inode);
/* Internal stuff omitted */
};
Here, name is the name of the device and version is the driver version (which will show up in sysfs). The number of the interrupt used by the device (if any) goes into irq, with irq_flags being the flags which will be passed to request_irq(). The function which handles interrupts is handler(). This handler should acknowledge the interrupt; it usually does not need to do anything else. The mmap(), open(), and release() functions are called from the equivalent file_operations members. The mem array describes any memory areas which can be mapped into user space. The uio_mem structure looks like:
struct uio_mem {
unsigned long addr;
unsigned long size;
int memtype;
void __iomem *internal_addr;
/* ... */
};
For each mappable area, addr is the relevant address, and size is the size of the area. If it's an I/O memory area, internal_addr is the address returned by ioremap(). The memtype field describes what the area really is:
Once the structure is filled in, the driver stub passes it to:
int uio_register_device(struct device *parent, struct uio_info *info);
The parent pointer tells the kernel which "real" device is associated with the UIO device; if the driver is for a PCI device, parent will be pci_dev->dev. There is not much more to the kernel-space UIO API. When a device goes away, the driver should call:
void uio_unregister_device(struct uio_info *info);
The final function of note is:
void uio_event_notify(struct uio_info *info);
Its purpose is to notify the UIO core that an event (typically an interrupt) has occurred. The stub driver need not call uio_event_notify() for real interrupts, but it can be used to simulate interrupts in other situations. On the user space side, the first UIO-handled device will show up as /dev/uio0 (assuming a normal udev setup). The user-space driver will open the device. Reading the device returns an int value which is the event count (number of interrupts) seen by the device; if no interrupts have come in since the last read, the operation will block until an interrupt happens (though non-blocking operation is supported in the usual way as well). The file descriptor can be passed to poll(). The memory areas described by the kernel-space driver can be mapped into user space with the mmap() call. The interface is just a little strange: the offset value passed to mmap() should be N times the page size for the Nth memory area. So, on a system with 4096-byte pages, the first memory area will be found with an offset of zero, the second at 4096, the third at 8192, etc. Once that is figured out, though, everything is pretty straightforward. There are some limitations, of course. UIO drivers are char drivers; there is no provision for creating user-space block or network drivers at this time. It is not possible to set up DMA operations from user space. But, for drivers which can be implemented with I/O memory access and simple interrupt handlers, the necessary pieces are in place. The patch set includes an example driver to show how it all works. According to Thomas Gleixner, the original, fully in-kernel version of the driver had to implement 68 different ioctl() commands and was over 5,000 lines long. The associated user-space code was over 3,000 lines as well. The new driver eliminates all of that, with a total of 156 lines of kernel code and just under 3,000 lines in user space. Andrew Morton has expressed some reservations about the patch:
I'm a bit uncertain about the whole UIO idea, really. I have this
vague feeling that we'd prefer to encourage people to move device
drivers into GPL'ed kernel rather than encouraging them to do
closed-source userspace implementations which will probably end up
being slower, less reliable and unavailable on various
architectures, distros, etc
The authors respond that it's not really about doing proprietary drivers, though some of that will undoubtedly go on. There's a number of people, especially in the embedded space, who want to do user-space drivers, for prototyping purposes if nothing else. The UIO framework gives them a relatively safe and standard way to write these drivers, which is seen as being better than having them each create their own kernel hooks. The patch has not been merged as of this writing, but, unless stronger objections arise, it's chances of getting into 2.6.22 are reasonably good.
Large block size supportOn its face, it doesn't seem like Christoph Lameter's large block size support patch would be that controversial. This patch set equips the page cache to hold blocks which are larger than the system's page size by storing them in higher-order, compound pages. That, in turn, enables filesystems to work with larger blocks. The patch should make operations on large files more efficient and improve the kernel's support for some types of hardware. The patch might eventually get merged, but not before more discussion has happened.The problem is that this patch is not without its difficulties. It adds a certain amount of complexity to the core virtual memory subsystem to implement what is, in all reality, a feature which has been rejected before: larger pages. The patch currently ducks the most difficult part of the problem - handling faults on larger pages, needed to make mmap() work - meaning that more complexity can be expected in the future. Larger blocks in the page cache means more demand for higher-order pages, which are already in short supply on many systems; that, in turn, means that the anti-fragmentation patches would almost certainly be needed as well. Use of larger pages in the page cache can also lead to more internal fragmentation and less efficient memory use. For all these reasons, Andrew Morton has been expressing some reservations:
And make no mistake: the latter disadvantage is huge. Because if
we do the PAGE_CACHE_SIZE hack (sorry, but it _is_), we have to do
it *for ever*. Maintaining and enhancing core MM and VFS becomes
harder and more costly and slower and more buggy *for ever*. The
ramp for people to become competent on core MM becomes longer. Our
developer pool becomes smaller, and proportionally less skilled.
Andrew is not necessarily opposed to the patch; he is more concerned that it not be merged until it has been carefully compared with the alternatives. He suggests keeping the page cache entry size unchanged, but trying to allocate entries in higher-order groups. That would result in larger blocks being stored contiguously in memory without the memory subsystem changes. Filesystems could use those larger blocks, and hardware could treat them as single units in scatter/gather lists for DMA, leading to more efficient operations. Another possibility which has been raised is raising the maximum size of hardware scatter/gather lists or allowing them to be chained. Drivers could then set up larger I/O operations, improving efficiency without requiring the other changes. Still, there is support for Christoph's patch. It would make support of larger blocks relatively straightforward for the lower layers, perhaps enabling the removal of some real hacks found in some drivers and filesystems now. The patch would also allow ext3 filesystems with larger block sizes - sometimes created on ia64 systems, which use larger pages - to be mounted on other architectures. Christoph Hellwig likes the idea that a higher-order page cache could force a solution to the longstanding problem of physical memory fragmentation. To many, it seems like a straightforward and necessary solution to a longstanding problem. So the large block size idea is unlikely to just go away. It may be a while, though, before its proponents can do enough homework and benchmarking to fully address the worries which have been expressed. Fundamental changes are often the ones which take the longest to get into the kernel, so there is little that is surprising here. Just don't ask for a prediction of the final outcome.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Looking into the future of Mandriva, Freespire and Linspire
Mandriva 2008Mandriva developer Olivier Blin "blino" has posted some specs and proposals for Mandriva 2008. Changes proposed for the base system include will affect udev, mkinitrd, hardware detection, kernel drivers, graphical splash and power management. He's looking at iwlwifi for Intel Wireless 3945ABG network drivers and rt2x00 for more open source drivers. Live CDs will use squashfs + lzma, with a special squashfs kernel module and readahead + loopback ordering to speed up the boot process. Live installs may become more flexible and allow the user select packages and languages during the live install. Gamers may see a drakjoy tool for joystick calibration, OpenAL support for SecondLife and Wiimote using new cwiid features.
Freespire, Linspire, CNR.comKevin Carmony looks at some big changes in Linspire, Freespire and CNR.com. CNR is Linspire's Click aNd Run software repository. It's being revamped as a website with Web 2.0 technology and it will be supporting several other popular Linux distributions. The new CNR will be available for Linspire and Freespire users by early June. A CNR plug-in will be available for Ubuntu Feisty users by mid-June. Eventually plug-ins will be available for Debian, OpenSUSE and Fedora users as well. The new Freespire 2.0 operating system will use Ubuntu 7.04 (Feisty Fawn) for its baseline, and will then integrate the latest KDE, the new CNR, and the latest 3rd-party proprietary software, drivers and codecs for better hardware and multimedia support. Freespire 2.0 is currently in alpha testing. A beta should be out sometime soon, with a final version expected in early June, timed to coincide with the CNR.com launch. Linspire 6.0 will be Based on Freespire 2.0, and will be modified for OEM and Retail Channel partners. Linspire 6.0 Final is expected in late June.
New Releases Announcing Fedora 7 Test 4 (6.93)The Fedora Project has announced the release of the fourth and final test release of Fedora 7. "Test 4 is for beta users. This is the time when we MUST have full community participation. Without this participation both hardware and software functionality suffers. We need your help. Join us!"
OpenBSD 4.1 ReleasedOpenBSD 4.1 has been released, with plenty of improvements and new features. Here's the list of changes made between OpenBSD 4.0 and OpenBSD 4.1.
New Yellow Dog Linux v5.0.1 for PS3TerraSoft Solutions has announced the availability of Yellow Dog Linux v5.0.1 for PS3. There are more than 500 packages updates included as well as support for built-in wireless.
Distribution News Bits from the DPLSam Hocevar looks at his first ten days as Debian Project Leader. "It's already been 10 days since I started my DPL term and I haven't made any formal annoucement yet, so here it is. It's a bit late to comment on the elections, but let me thank all other candidates anyway, with extra sympathy for Steve McIntyre who for the second time came second by less than 10 votes and Gustavo Franco who had a platform very similar to mine yet wasn't rewarded with as many favourable votes. Also many thanks to Anthony Towns, my predecessor, and Steve McIntyre again for making the switch as comfortable as possible."
Mandriva Linux Discovery 2007 SpringMandriva Linux Discovery 2007 Spring is the distribution designed for beginners. "Mandriva Linux Discovery is a Live DVD: first, you can try Mandriva Linux without installing it on your hard drive. Then, once you love it, a simple icon on the desktop allows you to install the system with a few clicks - thanks to a smooth setup wizard - without even rebooting to run the installer! It has never been easier to discover Linux."
The Ubuntu trademark policyCanonical has posted a trademark policy describing how others can use the Ubuntu names. "The Ubuntu trademarks are designed to cover use of a mark to imply origin or endorsement by the project. When a user downloads something called Ubuntu, they should know it comes from the Ubuntu project. This helps Ubuntu build a reputation that will not be damaged by confusion around what is, and isn't, Ubuntu."
Gutsy Gibbon open for general developmentUbuntu has started the development of the Gutsy Gibbon. "For Gutsy, the general theme is Quality and Improvement. This means, we are not so much looking for new and experimental features, but rather in stabilising and polishing off our current set of features."
First kernel upload for gutsy...pricelessBen Collins looks at the Gutsy Gibbon's kernel. "Well, it's all up. linux-source-2.6.22, which is 2.6.21 at the moment, as we continue to follow linux-2.6.git through the 2.6.22 development cycle. Followed by linux-restricted-modules, which is an exact dupe of the package in feisty for 2.6.20, obviously compiled against the new kernel."
New Distributions AlinexAlinex is the product of a partnership between Junta de Extremadura in Spain and the University of Évora in Portugal. It's a general purpose distribution targeted to the educational system and public administration. The website and documentation are in Portuguese. (Thanks to Luís Rodrigues)
Distribution Newsletters Debian Weekly News - April 24th, 2007The Debian Weekly News covers Mercurial version control now available for Alioth users, version 0.4.0 of the Debian loader for Windows released, security updates are available via IPv6, Debian etch release parties, the IT department of Germany's Federal Foreign Office save money using Debian, a new GNU/kFreeBSD CD image released, Debian GNU/Linux 4.0 released and much more.
Fedora Weekly News Issue 85The Fedora Weekly News for April 28, 2007 looks at Fedora 7 Test 4, Making the Merge Happen, Red Hat Magazine OLPC Articles, Red Hat Summit Compilation, 0-Day Fedora Kernels, Red Hat's JBoss to Adopt Fedora Model, and much more.
PCLinuxOS Magazine Issue 9PCLinuxOS Magazine for May 2007 is out. This issue covers KDE User Guide Part 2, Scroogle and Konqueror Integration, Top Ten Reasons for Using Linux, Linux in Education, Updating PCLinuxOS to 2007, Using Settings from a Previous Linux Install, and much more.
Ubuntu Weekly News: Issue #38The Ubuntu Weekly Newsletter for April 28, 2007 covers Gutsy Gibbon's kick off off development and new additions, the availability of VMware server on Canonical's commercial servers, the Latinamerican Installfest and several other topics.
DistroWatch Weekly, Issue 200The DistroWatch Weekly for April 30, 2007 is out. "This week belongs to Mandriva Linux and its recently released version 2007.1 - we'll bring you a full review, comment on the release process, share our upgrade experiences, and link to a technical specification proposal for Mandriva Linux 2008. In other news: PCLinuxOS opens for business after a disastrous bandwidth outage, Linspire announces release dates of Freespire 2.0 and Linspire 6.0, Terra Soft release Yellow Dog Linux 5.0.1 for free download, and the developers of VMKnoppix announce a 64-bit edition of KNOPPIX 5.1.1. Finally, a comment on translating the new Top Ten Distributions page and an update on tracking distribution usage through browser strings."
Distribution meetings Discover Ubuntu at the Ubuntu Live Conference this SummerRegistration is open for Ubuntu Live, the first official conference dedicated to Ubuntu. "The conference will showcase a wide-ranging program of expert-led sessions and tutorials to inform and inspire the growing Ubuntu community, from power users to the Ubuntu-curious. The three-day conference launches July 22-24, 2007 at the Oregon Convention Center in Portland, Oregon, in conjunction with the O'Reilly 2007 Open Source Convention (OSCON)."
Newsletters and articles of interest Get Slack (Tux Deluxe)Richard Hillesley traces the history of the Slackware distribution in a Tux Deluxe article. "At the time that Slackware first emerged as the logical replacement for the Software Landing Systems (SLS) Linux distribution, the satirical Church of the Subgenius, with its slogan get slack, was still a popular source of humour on the college campuses of the US. Slackware can be taken as a a tongue-in-cheek reference to the Church of the Subgenius, and its charismatic leader, JR Bob Dobbs, The Master of Slack, and as an assertion that Slackware was part of the zeitgeist of the youth of America."
Distribution reviews Review: SimplyMEPIS Linux 6.5 (Linux.com)Linux.com reviews SimplyMEPIS Linux 6.5. "A few weeks ago, MEPIS released SimplyMEPIS 6.5. The latest version of the Ubuntu-based desktop distribution offers a number of interesting new features, including a 64-bit release and Beryl for 3-D desktop effects. After spending a fair amount of time with the release, I found it to be a worthy update to earlier versions of MEPIS."
Review: Ubuntu Feisty Fawn (Linux.com)Linux.com reviews Ubuntu 7.04. "Another six months, another release from the Ubuntu folks. The Ubuntu 7.04 release, better known as Ubuntu Feisty Fawn, is another cutting-edge, but not bleeding-edge, release that shows what Linux is capable of on the desktop. I've been running it since the early betas, and have found that it's the best Ubuntu release yet."
Page editor: Rebecca Sobol Development Improved Linux debugging with ChronicleLast December, as examined in a previous LWN article, Robert O'Callahan discussed the need for better debugging tools under Linux:
One of the painful truths about Linux development is that debugging sucks. Specifically, gdb on Linux sucks. Basic functionality simply does not work reliably. The details of the brokenness vary depending on the version, but the general suckiness seems to hold up across versions. Since it fails on the basics, we need not even discuss the lack of modern features or its appalling usability. This is a big problem for Linux because it is driving developers away from the platform.
Here's a deeper and less widely understood truth: all debuggers suck.
The article suggested that a big problem with most debuggers was the inability to move backward through buggy code (reverse execution). O'Callahan produced a paper on the topic entitled Efficient Collection And Storage Of Indexed Program Traces [PDF] and introduced the Amber project. Amber started out with a patent liability problem due to O'Callahan's employment by Novell. Fortunately, that issue was resolved early on: "Novell has generously granted permission to release Amber as open source." Amber underwent a name change, and is now known as the chronicle-recorder project. "Chronicle records every memory and register write in the execution of a Linux process, using Valgrind to instrument execution at the machine code and system call level. These events are indexed and compressed; from the resulting database the Chronicle query tool can efficiently reconstruct the state of memory and/or registers at any point during the execution. Additional queries such as "when was the last write to location X before time T" and "when was location X executed between times T1 and T2" are also supported." On the topic of licensing, the Chronicle README file says: Valgrind is under the GPL. The Valgrind 'chronicle' tool's main.c file is also under the GPL. The tool's headers --- arch.h, log_stream.h, and effects.h --- use an X11 license, so they can be included by anyone. The Chronicle 'indexer' and 'query' components are GPLed. They rely on a 'base' component whose files have an X11 license (including a simple C JSON library). The intent is that the individual Chronicle components are GPLed but since they run in separate processes communicating via clearly defined interfaces, non-GPLed code can communicate with them. In particular, debugger front ends can use any license." O'Callahan discussed the new project with his Chronicle Released article, and discussed some new debugging capabilities that Chronicle brings with a followup article on History Based Stack Reconstruction. The code is currently in an early state, the user interface is still in the planning stages and tests are limited. For more information on Chronicle's author, Robert O'Callahan was featured in a February, 2007 Computerworld NZ interview. (Thanks to Danny O'Brien for pointing out the latest Chronicle developments).
System Applications Database Software PostgreSQL Weekly NewsThe April 29, 2007 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
SQLite 3.3.17 releasedVersion 3.3.17 of SQLite, a light weight DBMS, is out. "This version fixes a bug in the forwards-compatibility logic of SQLite that was causing a database to become unreadable when it should have been read-only. Upgrade from 3.3.16 only if you plan to deploy into a product that might need to be upgraded in the future. For day to day use, it probably does not matter."
Device Drivers LCDproc 0.5.2 releasedVersion 0.5.2 of LCDproc, the Linux LCD display driver, is out with lots of new capabilities and some bug fixes.
Mail Software Apache SpamAssassin 3.2.0 availableSpamAssassin 3.2.0 is out. The changelog is not particularly informative to outsiders ("compilation of SpamAssassin rules into a fast parallel-matching DFA, implemented in native code"), but one assumes it is better at filtering out spam and that can only be a good thing.
Printing Merger of ESP Ghostscript and GPL GhostscriptThe CUPS printing project mentions the merger of ESP Ghostscript 8.15.4 and GPL Ghostscript 8.57, and how it affects CUPS. "As the head branch of Ghostscript is now under GPL (and not only the previous major version as formerly) the ESP Ghostscript project is discontinued and the extra functionality of ESP Ghostscript is merged into the head development of Ghostscript, GPL Ghostscript."
VPN Software SSL-Explorer 0.2.13 released (SourceForge)Version 0.2.13 of SSL-Explorer has been released. "SSL-Explorer is the world's first open-source, browser based SSL VPN solution. This unique remote access security solution provides users and businesses alike with a means of securely accessing network resources from outside the network perimeter using only a standard web browser. The 0.2.13 release provides a number of important bug fixes to many areas of the system (see change log below). This release also includes a number of performance improvements that provide improved web server responses."
Web Site Development SilverStripe 2.0.1 releasedStable version 2.0.1 of SilverStripe has been announced. "SilverStripe is a free software / open source content management system (CMS) for creating and managing websites through a simple web interface. It has many advanced features. These features include an MVC framework, XHTML compliance, multiple ways of organising navigation through folksonomy, a flexible data object model, multiple templates per page, a separate "draft site" and "published site through staging content, asset management , image resizing, versioning and rollback, SEF URLs with meta-data. SilverStripe is designed for UTF-8 support including internationalisation of character sets."
Miscellaneous Free-SA 1.3.0 releasedVersion 1.3.0 of Free-SA has been released. "Free-SA is statistic analyzer for daemons log files similar to SARG. Its main advantages over SARG are much better speed (7x-20x times), more reports support, crossplatform work and W3C compliance of generated HTML/CSS reports code."
Desktop Applications Audio Applications Ardour 2.0 releasedVersion 2.0 of Ardour, a multi-track digital audio workstation, has been announced. "Nearly 2 years of work have gone into this new version. Along the way a huge number of bugs were fixed, performance and workflow were improved, and many new features were added."
alsaplayer 0.99.78 releasedVersion 0.99.78 of alsaplayer, a PCM player for the ALSA sound system, is out. "AlsaPlayer is a new type of PCM player. It is heavily multi-threaded and tries to excercise the ALSA library and driver quite a bit. It has some very interesting features unique to Linux/Unix players. This is a feature enhancement and minor bugfix release. Support for FLAC-1.3 and 1.4 is added. A desktop file is included."
eSpeak 1.23 releasedVersion 1.23 of eSpeak, a text to speech synthesis converter, is out with new Croatian language support.
jack_capture V0.9.4 releasedVersion 0.9.4 of jack_capture is out with a bug fix involving recording more than 2 channels of audio. "jack_capture is a program for recording soundfiles with jack. Its default operation is to capture whatever sound is going out to your speakers into a file."
JackMiniMix undergoes rewriteJackMiniMix has been rewritten. "It's now called JackMixDesk has a configurable number of mono/stereo channels, pre and post sends, LASH support, a XML config file and an additional GTK interface which can be started on demand. Im working on a SVG knob widget to make the interface use less ram and I'm planning to implement MIDI support."
Desktop Environments GNOME 2.19.1 releasedVersion 2.19.1 of the GNOME desktop environment has been released with much exclamation. "Welcome to the new GNOME development cycle! Please fasten your seat belt: you're going to see a lot of exciting new changes!, new features!, new bugfixes!, new translations!, new documentation!. Lots of modules have great plans for 2.19 and if you're willing to help, there's a lot of areas where you'll be heartily welcomed! Don't hesitate to ask how or where you can help. If you don't even know where to start, just send a mail to our fantastic gnome-love mailing list. This is our first development release on our road towards GNOME 2.20.0, which will be released in September 2007."
GARNOME 2.19.1 releasedVersion 2.19.1 of GARNOME, the bleeding edge GNOME distribution, is out. "This release includes all of GNOME 2.19.1 plus a whole bunch of updates that were released after the GNOME freeze date. This is the first development release on our road towards GNOME 2.20.0, which will be released in September 2007."
GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Commit-Digest for 29th April 2007 (KDE.News)The April 29, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "Continued work across kdegames, with the kbattleship-rewrite merged back into trunk/. Start of scalable interface support in Kanagram. Further functionality enhancements implemented in the Konsole refactoring effort. Small refinements in KSysGuard. More work on the KDevelop Subversion plugin. Preparations for RSYNC support in the icecream distributed compilation utility. Progress made in the Amarok-on-Windows porting and generic music store intergration for Amarok 2. Initial milestones reached in the Music Notation Flake shape Summer of Code project in KOffice. Support for boolean operations on paths in Karbon. Primary iconset imported for KDE 4, as part of a general cleanup effort in kdeartwork - more iconsets to be added soon."
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Xorg Software AnnouncementsThe following new Xorg software has been announced this week:
Electronics Icarus Verilog 20070427 releasedSnapshot 20070427 of Icarus Verilog, a Verilog electronic simulation language compiler, is available. See the release notes for change information.
KJWaves 1.1.2 releasedVersion 1.1.2 of KJWaves has been announced. The description states: "100% Java program allows viewing of RAW SPICE files, for example, those created by ngSPICE. Also allows adding analysis to SPICE CIR files and run ngSPICE and examine output. Supports printing graphs as well as copy and pasting (via right-clicking). Has German, Greek, and Spanish language translation and should be able to handle much RAW larger files."
Encryption Software Cryptkeeper 0.3.666 releasedStable version 0.3.666 of Cryptkeeper has been announced. "Cryptkeeper is a FreeDesktop.org Standard (KDE, Gnome, XFce, etc.) system tray applet that manages EncFS encrypted folders."
Financial Applications SQL-Ledger 2.8.2 releasedVersion 2.8.2 of SQL-Ledger, a web-based accounting system, is out with new features, bug fixes and translation work. See the What's New document for details.
Games FreeCol 0.6.1 released (SourceForge)Version 0.6.1 of FreeCol, a cross-platform open-source version of the strategy game Colonization, is available. This release adds some new features and fixes some bugs.
GUI Packages PyQt 4.2 releasedVersion 4.2 of PyQt, the Python language bindings for Qt, has been announced. "The highlights of this release include: - The ability to write widget plugins for Qt Designer in Python. - Integration of the Python command shell and the Qt event loop. This allows developers to call Qt functions dynamically on a running application. - Integration of the Qt event loop with the standard Python DBus bindings available from www.freedesktop.org."
Interoperability Wine 0.9.36 releasedVersion 0.9.36 of Wine has been announced. Changes include: "Midi support in the CoreAudio driver, Mixer support in the Alsa driver, A lot of MSI fixes, Implementation for most D3DRM functions, The usual assortment of Direct3D fixes and Lots of bug fixes."
Wine Weekly NewsletterThe April 30, 2007 edition of the Wine Weekly Newsletter is online with coverage of the Wine project. Topics include: "Wine 0.9.36, ALSA Changes, Winscard Support, Wine Killing X?, SambaXP Report, Mandriva RPM's, Debugging Reports, Wine At LinuxTag 2007 and WineConf 2007."
Medical Applications Apelon Vocabulary Server is now open-sourceApelon has announced the release of its Distributed Terminology System under the Apache 2.0 open-source license. "DTS assists in the management, integration, and deployment of structured biomedical terminology. It has the broadest installed user base of any such software, and is part of applications that include clinical data repositories, EMR systems, public health programs, decision support, guideline authoring, and interface engines."
Music Applications pyliblo 0.5 announcedVersion 0.5 of pyliblo"pyliblo is a Python wrapper for the liblo OSC library. It does not yet wrap all of liblo's functionality, but includes everything you need to send and receive almost any kind of OSC message, using a nice and simple Python API. OSC can hardly get any easier :)"
Office Suites OpenOffice.org NewsletterThe April, 2007 edition of the OpenOffice.org Newsletter is out with the latest OO.o office suite articles and events.
Video Applications Freevo release 1.7.1 is out (SourceForge)Version 1.7.1 of Freevo, a Linux application that turns a PC with a TV capture card and/or TV-out into a standalone multimedia jukebox/VCR/PVR/HTPC, is out. "This release contains some new features and some significant bug fixes. A native ALSA mi[]xer has been added, a wide screen skin "Panorama" has been added, a TV recordings manager has been added and user defined commands can now be sent to the Xine player."
Web Browsers Gran Paradiso Alpha 4 available for testing (MozillaZine)MozillaZine notes the availability of the Gran Paradiso Alpha 4 browser. "New features in this development milestone of Mozilla Firefox 3 include the FUEL JavaScript library for extension developers, a redesigned Page Info window, improvements to offline application support and Gecko 1.9 bug fixes."
Miscellaneous Wixi 0.81 releasedVersion 0.81 of Wixi has been released. "Wixi is a multi-platform wiki application for the desktop. It is written in python/wxpython and uses txt2tags to convert plain text to many other formats. Wixi strives to be a simple and powerful[] wiki tool for organizing all kind of information." See the changelog file for details on this version.
Languages and Tools Caml Caml Weekly NewsThe May 1, 2007 edition of the Caml Weekly News is out with new Caml language articles.
Haskell Haskell Weekly NewsThe April 27, 2007 edition of the Haskell Weekly News has been published. "The last week was a very exciting week for the Haskell community, with a new GHC release, the first release of Xmonad, a window manager written in Haskell, and DisTract, a new distributed bug tracker, written in Haskell. A number of new Haskell jobs were announced, and several new user groups were formed!"
PHP Code As Data: Reflection in PHP (O'ReillyNet)Zachary Kessin discusses PHP reflection on O'Reilly. "At the end of the day, all code gets turned into data before it is executed. Sometimes, you can use that fact to help ease some of your programming chores. Zachary Kessin examines the PHP reflection capabilities and shows how you can use them to automate the creation of unit tests."
Python The Python 3000 PEP ParadeGuido van Rossum has gone through the list of enhancement proposals for Python 3000 (the upcoming major rewrite of the language) and given his opinion on each. Since Guido maintains his Benevolent Dictator role, his opinion matters. The result is interesting reading for those who are curious about the future of the language. The actual proposals are not linked in the message, but they can be found on the Python PEP index page.
Python-URL! - weekly Python news and linksThe April 30, 2007 edition of the Python-URL! is online with a new collection of Python article links.
Tcl/Tk Tcl-URL! - weekly Tcl news and linksThe April 25, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.
Tcl-URL! - weekly Tcl news and linksThe May 1, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.
Miscellaneous Adobe to open-source FlexAdobe has announced plans to release its Flex software development kit under the Mozilla Public License. "This includes not only the source to the ActionScript components from the Flex SDK, which have been available in source code form with the SDK since Flex 2 was released, but also includes the Java source code for the ActionScript and MXML compilers, the ActionScript debugger and the core ActionScript libraries from the SDK."
Page editor: Forrest Cook Linux in the news Recommended Reading Two patent decisions from the U.S. Supreme CourtThe U.S. Supreme Court has issued two decisions, both of which weaken the current patent regime somewhat. The San Jose Mercury News covers the ruling in ATT v. Microsoft, which decided that Microsoft is not responsible for violations of U.S. patents which happen elsewhere in the world. "'The presumption that United States law governs domestically but does not rule the world applies with particular force in patent law,' Justice Ruth Bader Ginsburg wrote in the majority opinion."This Bloomberg article covers the second ruling, which states that simply combining two inventions in a trivial way does not create a new, patentable invention. "'Granting patent protection to advances that would occur in the ordinary course without real innovation retards progress,' Justice Anthony Kennedy wrote for the court."
Linux-powered robots go global (Computing)Computing takes a look at internet-controlled wireless robots which are simple enough for "almost anyone" to build with off-the-shelf parts. "The stated goal is to make highly capable robots accessible and affordable for college and pre-college students, as well as anyone interested in robots. At the heart of each TeRK robot is a unique controller called Qwerk that combines a Linux computer with the software and electronics necessary to control the robot's motors, cameras and other devices."
Trade Shows and Conferences Akonadi Hacking Meeting (KDE.News)KDE.News covers the second Akonadi Hacking Meeting. "Last weekend was not only the time for the KMail Hacking Days but also for the second Akonadi· Hacking Meeting in Berlin, Germany. 7 KDE-PIM developers came together for 2 days at the KDAB offices in Berlin's Kreuzberg district and continued to improve Akonadi, the personal information data storage for KDE 4. Meeting the other developers in real life and discussing issues face to face always helps to find new solutions and implement crucial features in a short period of time."
Falcon to be the major piece of MySQL 6.0 (LinuxWorld)LinuxWorld reports on the upcoming MySQL major release from the MySQL user conference. "MySQL developed Falcon in response to Oracle Corp.'s surprise acquisition of Finnish startup Innobase in October 2005. Oracle's purchase was seen by many observers as a predatory strike against MySQL, which bundles Innobase's InnoDB storage engine with its database. The acquisition also prompted MySQL to open up its database storage API (application programming interface) to third parties so companies could create their own storage engines."
China's Open Source Software Contest announces winners (Linux.com)Linux.com covers the 2007 China Open Source Software Summit. "At the 2007 China Open Source Software Summit in Beijing on March 27, China's Co-Create Software League (Cosoft) awarded prizes to 25 winners in the second China Open Source Software Contest."
Companies Dude, you're getting Ubuntu (Linux.com)Linux.com reports that Dell has teamed up with Canonical to sell Dell desktops and laptops with Ubuntu preinstalled. "Jane Silber, director of operations for Canonical, says Canonical will be working to certify certain models of Dell computers to ensure that they work with Ubuntu. The two companies are not announcing what models will ship with Ubuntu at this time, but Nick Selby, senior analyst with The 451 Group, says that there will be one notebook and three desktop systems."
MySQL hits $50 million revenue, plans IPO (ZDNet)ZDNet looks at plans for an IPO by MySQL AB. "MySQL, purveyor of the open-source database of the same name, is on the road to becoming a publicly traded company, bolstered by $50 million in revenue in 2006. "It's still in the pipeline," Chief Executive Marten Mickos said of the plan to hold an initial public offering of his company's stock. He declined to discuss when the company planned to go public, but said, "We're making good progress, doing all the things we need to get done.""
Linux at Work U.S. schools may join inexpensive-laptop project (ZDNet)ZDNet reports that some One Laptop per Child PCs may end up in the US school system. "Once known as the $100 laptop, the lime-green-and-white devices are inching up in price. In February, the project estimated said they would sell for $150 each. Negroponte now puts their price tag at $176 apiece. He also noted this week that the machines, which run Linux, also will be configured to run Windows as well (a fact likely to severely disappoint the open-source community). The machines would go at a higher price to U.S. schools, he said, because more resources are invested in American education than in developing nations, even in the poorest U.S. regions."
Legal FSF's Brett Smith Answers Your GPLv3 Questions (Groklaw)FSF Licensing Engineer Brett Smith answers questions from Groklaw readers about GPLv3. "I won't deny that GPLv3 is more complex than GPLv2. That's because we live in a more complex world now, where people interact with software in lots of ways besides sitting down in front of a box that runs their code, and some developers want to have all the advantages of freedom with none of the obligations. You can use simple language if all the participants have shared understanding. Unfortunately, not everybody groks freedom yet."
Interviews Tom Albers (People Behind KDE)Here's a People Behind KDE interview with Tom Albers. "In what ways do you make a contribution to KDE? Currently I'm developing Mailody, an alternate mail client for KDE. It only supports online IMAP and I want to bring a new way of reading and handling email. I can't tell what things I have in mind, because there is competition with other mail clients, some of which can implement things much faster than we can ;-)." (Found on KDE.News)
Josh Berkus: KDE Aids The PostgreSQL Team (KDE.News)Aaron J. Seigo talks with PostgreSQL contributor Josh Berkus. "During FISL 8.0 I caught up with PostgreSQL contributor Josh Berkus who was there to present on PostgreSQL and meet up with the local PostgreSQL community. Josh is a member of the PostgreSQL core team and works at Sun Microsystems as part of their open source database team. Over lunch, Josh shared how KDE plays an important role in the release coordination process which Josh oversees."
First interview: Sam Hocevar, new Debian Project Leader (Linux.com)Linux.com has an interview with Sam Hocevar. "Sam Hocevar recently became the next Debian Project Leader (DPL), defeating seven other candidates while running on a platform that emphasized ways to improve how project members interact. Hocevar's election comes at a time when Debian may be losing mindshare among both users and developers to Ubuntu, and looking for ways to improve its efficiencies and to mend internal divisions. Recently, Linux.com discussed these challenges with Hocevar via email in his first interview since his election."
Sebastian Trüg on K3b 1.0 and More (KDE.News)KDE.News has an interview with Sebastian Trüg. "Today we talk with the author of the K3b Project, the well known application that lets you burn CDs/DVDs and that lets you rip music from CD audio and films from DVD Video. We are going to talk with Sebastian about his story: when he started using KDE, when he started to create K3b and to talk about his plans in KDE 4 with a new KDE 4 project."
Resources Something's Happening Here (Linux Journal)Dave Phillips covers several topics in this blog entry. "I love my 64-bit machine. It's fast and stable, and I can run all my favorite sound and music software on it (largely thanks to the work of the 64Studio team, a.k.a. Daniel James and Free Ekayanaka). Alas, some software awaits being ported to 64-bit versions, including Adobe's ubiquitous Flash technology. I had thought my machine was doomed to life without YouTube and Homestar Runner, but recently I discovered Gwenole Beauchesne's nspluginwrapper. This little program performs a neat trick: It convinces 64-bit Mozilla/Firefox that the browser can handle a 32-bit helper application (such as Flash) with the same transparency as the true 32-bit Firefox."
The Rise of Functional Languages (Linux Journal)Pat Eyler looks at functional programming languages. "Functional Languages seem to be pushing for the title of the next cool thing. Talks and tutorials about them are starting to show up in conferences and conventions, books about them are hitting the shelves, people are even asking about talking about them in blogs and mailing lists devoted to some of the current hot languages."
Linux Gazette #138The May issue of the Linux Gazette is out. Topics this month include an introduction to R, Debian on a Slug, a couple of book reviews, and more.
Reviews The rise of Alfresco: ECM that people will really use (LinuxWorld)LinuxWorld looks at Alfresco. "Alfresco is an enterprise content management system that, according to some users, is beating legacy content management systems in speed, quality and ease of use. It has been around since 2005, but the open source, open standards, enterprise scale content management system offered by Alfresco is winning the trust of the marketplace."
Miscellaneous Wikipedia co-founder wants open-source search engine (ZDNet)ZDNet looks at the Wikia project. "Jabber founder Jeremie Miller has signed on to help develop Wikia's open-source search engine project, the organization announced. The Wikia project aims to develop a search engine, crawlers and other indexing tools through a collaborative, open-source process."
Page editor: Forrest Cook Announcements Non-Commercial announcements The Linux Foundation travel fundThe Linux Foundation has announced a new travel fund which will pay for free software developers to attend distant events. "Conferences covered by this fund include the LF Collaboration Summits held three times a year, the LF's Japan Symposia, the Kernel Summit, Ottawa Linux Symposium, Linux.conf.au, desktop conferences such as Guadec and aKademy, and other technical conferences where true collaboration takes place."
A Manifesto for Free AppliancesThe Free Appliances project has issued a manifesto for free Appliances. "Just as there is a need for Free Software, there is a need for free (as in speech) appliances. Free Appliances can be modified or enhanced using GNU/Linux tools or other Open Source Software, preferably licensed as GPLv3. They have no binaries without source code. They adhere to generally accepted standards as much as possible. Their documentation is open. They favor open file formats since information in open file formats should not require DRM. They do not use proprietary components when there are generic ones widely available. (For example: batteries should be replaceable.)"
WorldVistA EHR VOE/ 1.0 achieves CCHIT certification (LinuxMedNews)LinuxMedNews reports on the CCHIT certification of the WorldVistA electronic medical record system. "Formerly VistA Office EHR (VOE) there has been a name change due to entanglements. It is now known as WorldVistA EHR."
Commercial announcements Coverity to Regularly Scan Security and Quality of 250 Open Source ProjectsCoverity, Inc. has announced a major infrastructure upgrade to scan.coverity.com, an open source software quality and security analysis site. "The upgrade will enable the rapid expansion of the site, including regular additions of hundreds of new open source software projects. Coverity will use the new infrastructure to add 100 new open source graphics projects to the site on May 4th, 2007, coinciding with the start of the open source Libre Graphics Meeting in Montreal, Canada."
OpenLogic announces Open Source Software inventory toolOpenLogic, Inc. has announced the release of OpenLogic Discovery. "OpenLogic, Inc., a provider of enterprise open source solutions encompassing hundreds of open source packages, today announced the release of OpenLogic Discovery, a free software tool that helps enterprises inventory the open source software installed on their computer systems. OpenLogic Discovery finds installed open source software on Windows, Linux and Solaris platforms in order to help enterprise customers manage their use of open source and remain compliant with internal policies."
Parallels Technology Network launchedThe Parallels Technology Network has been launched. "Parallels, Inc., maker of award-winning desktop virtualization solutions for Windows, Linux and Mac OS X, announced today the Parallels Technology Network (PTN) - an online community for users, as well as developers using Parallels virtualization technology to deliver their software in self-contained virtual appliances."
SugarCRM expands support for Oracle Unbreakable LinuxSugarCRM Inc. has announced plans to support SugarCRM on Oracle Unbreakable Linux. "Based on the growing community and customer demand, SugarCRM and Oracle can now provide their joint customers a robust, fully supported solution. "We are proud to have SugarCRM join the Oracle Unbreakable Linux Support Program," said Monica Kumar, senior director of product marketing, Oracle. "Together we can provide performance, reliability and world-class support that enterprise customers demand for their business-critical CRM applications.""
Sybase releases IQ Analytics Server 12.7Sybase, Inc. has announced the release of Sybase IQ analytics server 12.7. "Sybase IQ analytics server handles the most challenging data warehousing requirements with ease, meeting the demand for business intelligence, advanced analytics, predictive modeling, stringent regulation compliance and high-speed reporting. The addition of ETL functionality to Sybase IQ provides highly improved data integration capabilities."
New Books Practical Packet Analysis - No Starch Press's Latest ReleaseNo Starch Press has published the book Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems by Chris Sanders.
Upcoming Events KOffice / KDE ODF Infrastructure Meeting (KDE.News)KDE.News has announced an upcoming KOffice / KDE ODF infrastructure meeting. "KOffice, the KDE office suite, has always stood behind the OpenDocument Format (ODF) as an industry standard. Now with KOffice 2.0 around the corner, with OpenOffice.org quickly becoming a new leader, and with Microsoft to release its own so-called "open" format, ODF and the interoperability that it promises is more important than ever. The KOffice developers will meet in Berlin during the weekend of May 12th-13th to do as much ODF-centered development as possible."
The Libre Graphics MeetingA press release has been sent out by the organizers of the 2007 Libre Graphics Meeting. "Libre Graphics Meeting 2007 (LGM), a conference for developers and artists of leading open source graphics software, will bring together the top open source graphics application development teams, along with artists and print production users. LGM will take place at the Ecole Polytechnique from the 4th to the 6th of May 2007 and will be of interest to end-users, students of graphic design, editors, pre-press staff, printers and institutional archivists."
Mitch Kapor, Philip Rosedale to Keynote at Dr. Dobb's Life 2.0 SummitCMP Technology has announced the keynote speakers for the Life 2.0 Summit "... a virtual event that will take place in Second Life April 28 to May 4."
The Make Magazine Maker FaireThe Make Magazine Maker Faire will be held on May 19 and 20 at the San Mateo Fairgrounds in northern California. "The award-winning, family-friendly Maker Faire celebrates the Do-It-Yourself (DIY) mindset. The festival draws the grassroots community of backyard inventors, hackers, creative recyclers, artists, engineers, and scientists from across the country--called Makers. These Makers gather to share and display their amazingly entertaining projects, wonderfully ingenious crafts, and eye-popping, up-to-the-nanosecond projects."
Cross Desktop Text Layout Summit 2007 (GnomeDesktop)GnomeDesktop.org reports on the upcoming GNOME/KDE cooperative Text Layout Summit. "The Akademy team is pleased to announce that we will be hosting the Text Layout Summit 2007 during our week in Glasgow at the start of July. This is the second Text Layout Summit following the success of the event at Gnome's Boston Summit last year. " See the KDE.News article on the summit for more information.
Events: May 10, 2007 to July 9, 2007The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it. Web sites Cryptome site shut downCryptome.org has long been a place to find information which has been suppressed elsewhere. Now, it seems, Cryptome has been shut down by its ISP, Verio, which has provided not solid reasons for the disconnection. The shutdown notice can still be found in Google's cache, for now.
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||