| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for May 8, 2008Rietveld: another code review aid With the release of Rietveld, another tool for those interested in doing web-based code reviews is now available. We looked at Review Board back in January. It was inspired by an internal Google tool, written by Python creator and Google employee Guido van Rossum, called Mondrian. That tool in turn spawned Rietveld. The feature sets of Rietveld and Review Board are strikingly similar, which is not surprising as they both used Mondrian as a model. van Rossum originally wanted to turn Mondrian into a free software project, but it was too tied to "proprietary Google infrastructure", so he started over, with Rietveld as the result. Both tools are implemented in Python using the Django framework, but one major difference is that Rietveld is written to use Google App Engine. ![[Rietveld issues]](/images/rietveld/rvissue_sm.png)
There are multiple ways to get a set of patches into the Rietveld system to create an "issue"—the term used for a patch set undergoing review—from an upload of a unified diff to using a python script to retrieve the patches from a repository. Currently Rietveld only supports Subversion, but van Rossum would like to see support added for other version control systems over time. Review Board has a bit of a head start in this area, so it supports Mercurial, Git, Bazaar, Perforce, Subversion and CVS. Once an issue has been created in the system, reviewers can then be invited to comment on the changes. Navigating through the diff is straightforward, with Javascript being used liberally to give an interactive "local application" feel to the interface. Double-clicking on a line brings up a comment box that a reviewer can fill in to attach some comments to that line. All comments are held as "drafts" until the reviewer is satisfied with their review at which point they "publish" the comments for the author and other reviewers to see. ![[Rietveld diff]](/images/rietveld/rvdiff_sm.png)
The Rietveld project is free software, released under the Apache 2.0 license, while the application itself runs via the Google App Engine. Anyone can browse the system, but folks who have a Google account can add issues, comments, and conduct reviews using the tool. Because it uses App Engine, people wanting to try it out on their code need not find a server to install and run the application—as would be required with Review Board—they can just upload a set of patches, invite some reviewers, and proceed. This kind of simplified deployment is one of the benefits that Google App Engine is meant to provide. For free software projects, where code review is purposely done in the open, Rietveld provides a way to quickly try the application out. Those who wish to keep their source code secret may want to install their own instance of Review Board or another tool. It may be possible to install Rietveld in a different environment by replacing the App Engine-specific pieces, but that clearly is not where it is targeted. While Rietveld does not provide much in the way of additional functionality from Review Board—in fact it lags Review Board in some areas—it does provide a very nice introduction to the Google App Engine interface. Developers will undoubtedly be using the code as a template for their own ideas once Google makes more App Engine accounts available. Given the shared history, language, and framework, it isn't impossible to imagine that Review Board and Rietveld might join forces one day. Even if they don't, some cross-pollination is inevitable which will result in both getting better. Hopefully, with more projects using one or both, better code for the community is the result.
How not to sell embedded Linux Every now and then one should have a look at some unabashed fear, uncertainty, and doubt (FUD) material. It's good to know what the other side is saying, the level of unintended humor is often high, and, on occasion, one even learns something. Your editor's suggestion for FUD of the week is this Embedded.com article by Dan O'Dowd. Therein, one will learn about the impending death of embedded Linux as told by the companies which sell embedded Linux.In particular, Mr. O'Dowd looks at some marketing material from MontaVista and Wind River, and concludes:
This embedded Linux bashing from embedded Linux's strongest
proponents should give pause to those who are thinking through
their embedded operating system strategy. If embedded Linux
champions are saying that embedded Linux is terrible, why would
anyone want to risk their products or their company on it?
One can easily pick holes in this article, starting with the assertion that MontaVista and Wind River are "Linux's strongest proponents." One could also recall that we have heard this kind of thing before; in 2004, Mr. O'Dowd (who happens to be the founder and CEO of a proprietary embedded systems software vendor) helpfully warned us that "intelligence agencies and terrorists" would contribute "subversive software" to Linux and lectured on the need for secret source code to achieve true security. One could point out that many of the points put forward by Mr. O'Dowd appear to be pure fantasy. All of these rebuttals would be valid, but they risk missing an important point to be gained from this article - though it's not quite the point Mr. O'Dowd is trying to make. Mr. O'Dowd obtains his "facts" from two sources: an advertisement by Wind River Systems (which your editor was unable to find online) and, primarily, from a column by MontaVista founder Jim Ready in Military Embedded Systems magazine. Mr. Ready's evident purpose is to frighten embedded systems vendors into buying his company's services; to that end, he lays it on pretty thick:
To keep abreast of the changes occurring on a daily basis, a
developer needs to monitor the email traffic of 11 different and
unsynchronized open source projects: kernel.org, the core home of
the Linux kernel; the gcc and glibc projects (the core tool chain
and libraries from FSF at fsf.org); and at least nine other
components that would typically comprise a useable Linux
development environment.
Kernel.org itself may have up to 5,000 messages a day with 1,000 of these being patches that need to be evaluated and possibly applied to the source base. Simply ignoring the traffic, figuring that the system in use seems to be working well enough, can lead to disastrous consequences later. For example, a recent security patch that took all of 13 lines of code to implement against an embedded Linux system would have taken more than 800k lines of source patches to implement if the previous trail of patches had been ignored. It's a classic case of pay now or really pay later. Somebody must have had a great deal of fun putting all of those numbers together. The generation of ordinary random numbers can be managed through traditional methods like a toss of the dice, picking numbers out of a hat, or reading corporate earnings estimates. Randomness on this scale, though, can only be achieved through the use of special-purpose software. Even by kernel.org standards, 5,000 messages per day is fairly intense, though your editor, a subscriber to the linux-kernel, git-commits-head, and mm-commits lists, can attest that the order of magnitude is right at least. But your editor cannot even begin to grasp the thought process which turns a 13-line security patch into 800,000 lines of code. Imagine posting that to linux-kernel. "Pay now or really pay later" indeed. But the provenance of the numbers is not really the point here. Mr. Ready is perpetrating the fallacy that, to build an embedded system with Linux, one starts with the various components and integrates them all by hand. If a company were to take that path, it might well incur the high costs that Mr. Ready warns about. Creating your own distribution - and maintaining it over a product's life - is, indeed, a difficult and expensive job. But it is a rare vendor which does that; even Gentoo users outsource much of the integration work to their distributor. Why would any vendor create its own distribution when there are so many out there to base a product on? Customizing a distribution for an embedded application is not a trivial job, but it's not rocket science either. The distributor will keep up with most of those mailing lists, and, somehow, a reasonable distribution also manages to ship security updates which do not involve 800,000 lines of code. There is no reason for embedded systems vendors to wander into the expensive mess that Mr. Ready describes; the creation of a suitable distribution is much easier than that. Even so, many vendors may decide that, in fact, they would rather not be in the business of customizing distributions. They might, instead, look to a vendor to do that work for them. It makes perfect sense for companies like MontaVista and Wind River (among others) to offer to provide a stable, integrated, and supported platform to embedded systems vendors for a fee. There is honest value in this line of business. But one does have to wonder why these companies feel the need to scare companies into buying their services. Those services, properly rendered, have a real value which can be sold without resort to outright FUD. Failure to focus on that value gives encouragement to people like Mr. O'Dowd, who would be most pleased if embedded Linux were to go away altogether. This does not seem like a sensible business strategy. Companies which seek to make money from Linux might just want to think twice before poisoning the well they are trying to drink from. That is the real lesson to be learned from this particular piece of writing.
Blizzard tests the reach of copyright law Free software users rarely, if ever, need to be concerned about the license that governs the applications they use. Unlike developers or distributors, users are unlikely to pay attention to whether a program is released under a BSD, GPL, or some other license—not so with proprietary software. If Blizzard Entertainment has its way, it could get a whole lot worse, with proprietary vendors controlling the behavior of its users and enforcing it by way of the Copyright Act. Blizzard, makers of the online role-playing game World of Warcraft (WoW), has filed a lawsuit against MDY, Inc., makers of a tool that assists players in gaining levels within the game. The Glider program essentially plays the game for a user, creating a more powerful character, with additional riches, while the user is otherwise occupied. Some would claim it is a legitimate way to avoid some of the drudgery of "leveling up" a new character, while others would see it as a means of cheating. In any case it is clearly a violation of the Terms of Use (TOU) of WoW. But those terms are only accepted by a user when they agree to the End User License Agreement (EULA) that comes with the game. Blizzard would seem to have plenty of ammunition to take action against players that use Glider, but instead of suing its customers for breach of contract—perhaps they have learned something by watching the music industry—they went after the easier target. Had they only sued MDY for "tortious interference with contracts", it probably would have attracted little attention. But Blizzard did something that aroused the interest of the Electronic Frontier Foundation (EFF), Public Knowledge, and others by trying to stretch copyright law to cover MDY's actions. Certainly Blizzard is no stranger to using copyright law—in particular the much-despised Digital Millennium Copyright Act (DMCA)—in ways that many have found objectionable. The courts, at least in the Blizzard v. BNETD case, have agreed with Blizzard, though, shutting down the development of an alternative server for players of their games. Because of that, any time Blizzard makes a copyright claim, serious scrutiny from various watchdogs can be expected. Blizzard's claim is that, by running Glider, its users are not only in violation of the contract they agreed to, but they are also committing copyright infringement. As has been seen in various file-sharing lawsuits, whenever copyright is supposedly violated on a computer, any program even tangentially involved in that violation is then accused of "contributory infringement"; this is the second claim that Blizzard makes against MDY in its suit. Under Blizzard's interpretation, users are allowed to copy the program into the RAM of their computer as long as they do not violate the TOU. If they do violate them, their license to copy to RAM—a necessary step to be able to use the program at all—is terminated; they are infringing Blizzard's copyright and liable for damages starting at $750 per illegal RAM copy. If Blizzard's interpretation is upheld by the courts, many other acts would also serve as copyright infringements: choosing a character name that violates any of the thirteen name restrictions spelled out in the TOU, transmitting or posting "any content or language which, in the sole and absolute discretion of Blizzard, is deemed to be offensive...", or "anything that Blizzard considers contrary to the 'essence' of the Program", for example. Under those conditions, Blizzard could essentially claim copyright infringement any time they wish; racking up another $750+ each time the program is used. Public Knowledge outlined two good reasons that the copyright infringement claim should be discarded. It is well established that it is not an infringement if making a copy is required to use the copyrighted material, as it is for software. Blizzard's argument that due to the terms of the EULA, those who buy WoW are not "owners" but instead license the software is also weak. The courts have always looked on software purchases as sales, not rentals under some company-controlled license, in much the same way that music and movies are purchased. Copyright owners would love to be able to eliminate the "first sale doctrine" that allows owners to sell used books and other copyrighted content, but the courts have so far been unwilling to go along. One would hope that the courts would be persuaded not to see this dispute in terms of copyright either, but there is the risk that a tool used for "cheating" might not get the benefit of a well-reasoned view. There have been many occasions where the US courts have made surprising decisions regarding copyright. Undoubtedly there are various copycat suits waiting in the wings should such a decision be reached. In the end, though, neither Blizzard nor any copycats really want to go after the actual "infringers"—also known as customers—they want to go after others who allow users to use (or abuse) their software in ways they do not like. It is a classic proprietary software control strategy, and, thankfully, something that free software users do not have to endure. There is an interesting comparison to be made with free software licensing, though. Licenses like the GNU GPL also restrict behavior based on copyright law; GPLv3, for example, makes some specific requirements on the patent-licensing agreements that one can make with third parties. Like Blizzard, those who release software under a free license can make a claim of copyright infringement (not breach of contract) if the terms of that license are not adhered to. There is a crucial difference, though: free software licenses do not regulate the use of the software, only its distribution. By claiming that users of the software violate copyright if it does not like their behavior, Blizzard is attempting to extend the reach of copyright law far beyond anything seen in the free software community. It is certainly understandable that Blizzard would prefer that its users did not employ Glider or other, similar software. They believe it unbalances the game; making it unfair to other players. In the past, they have temporarily or permanently banned players for using bot software, but Glider is evidently more difficult to detect, which led to the current lawsuit. Blizzard must police its own game, however, and should not expect others to do it for them. It is hard to see that Glider is doing anything particularly wrong here, though Blizzard may prevail on either or both of its claims. If players want to find ways around things they don't like about the game, they will, unless Blizzard finds technological means to prevent it. It would appear that there is a substantial business opportunity in helping players avoid some of the boring, repetitive parts of playing the game—one that Blizzard currently ignores. Though there is no direct threat to free software from this litigation (unless one is developing free game-playing robots), any potential expansion of copyright is worth watching. The community relies upon copyright law to enforce its licenses, so watching how judges make decisions about such issues is important. While it may be that Blizzard is in the right to go after "cheaters" and a company that helps them, it should not be doing that by trying to expand the reach of its copyrights to this extreme.
Page editor: Jonathan Corbet Security Cryptographic splicing makes for a Wordpress vulnerability Authentication bypass vulnerabilities are particularly painful because they allow an attacker to access and potentially modify things that should be off-limits. It is important to ensure that when fixing that kind of bug, one does not introduce a different, but equally potent, hole. A recent Wordpress vulnerability clearly demonstrates the care that needs to be taken. The problem started in November 2007, when Steven Murdoch reported a problem with Wordpress authentication cookies. Essentially, the cookie that Wordpress used was an MD5 hash calculated using a value stored in the database's user table. Any attacker that could get read access to the database, via a SQL injection or looking inside a database backup for example, could generate a cookie value that would allow them access as that user. The password itself was not stored in the database as plaintext, but the value used in the cookie was just a simple MD5 of the stored value. So, the value stored was MD5(password) and the cookie value was MD5(MD5(password)). Murdoch released his advisory in advance of a fix, because the vulnerability was being actively exploited. It was entered as bug #5367 into the Wordpress bug tracking system and a long conversation about how to properly fix it ensued. As part of that discussion, Murdoch suggested that a paper entitled "Dos and Don'ts of Client Authentication on the Web" [PDF] be consulted. The paper covers various issues regarding cookies and the kinds of attacks that can be made against them. Some, but not all, of its recommendations were followed. The new cookie scheme was released at the end of March as part of the Wordpress 2.5 release. Authentication cookie values were now calculated using the following (with the '.' operator representing concatenation):
USERNAME . "|" . EXPIRATION . "|" . MD5(USERNAME . EXPIRATION . secret)
This took into account the hazards of a straightforward hash of a stored
value and added an expiration to the cookie, but it failed to protect
against a cryptographic splicing attack.
When calculating the hash of the concatenation of the username and expiration (along with a secret known by the server), no delimiter was used between the two. This means that the hash for username "foobar" with expiration "20080507" is the same as the hash for username "foo" with expiration "bar20080507". This allows anyone with a username that begins the same as another username, to generate a legitimate cookie for that other user. Using the example above, user "foobar" could create valid cookies for a user "foo" (or any other prefix substring). Many Wordpress weblogs allow new users to create an account with any name they choose, so long as it is not already taken. By choosing one that starts with the administrator's username, an attacker can generate a cookie for themselves, modify it slightly, and have a valid cookie to access the administrator account. No password cracking is required, nor is any access to the database needed. Wordpress 2.5.1 has been released to address this problem. Earlier versions could disable the registration feature and delete or suspend any user accounts with suspicious usernames as a workaround. Though if those suspicious accounts exist, it would not be surprising to find that the real administrator no longer knows the proper password for that account. The paper that Murdoch referenced clearly indicated the danger from cryptographic splicing, but the Wordpress implementers must have missed it. Cookie authentication schemes are a necessary evil for web applications—it would be nearly unusable to have to authenticate on each page—but they are difficult to get right. A careful reading of the paper will help, as will using already vetted libraries or frameworks. It is one of those things that is hard to get right and extremely important to do so.
New vulnerabilities b2evolution: cross-site scripting
emacs: insecure temp files
kernel: several vulnerabilities
kernel: unspecified vulnerability
kernel: memory corruption
kernel: race condition
kernel: denial of service
kernel: Xen-based denial of service
wordpress: multiple vulnerabilities
Page editor: Jake Edge
Kernel development Release status Kernel release status The current 2.6 prepatch is 2.6.26-rc1, released on May 3. "So this merge window was somewhat rocky in the sense that there was a lot of arguments about it, but at the same time I at least personally think that from a technical angle, we had somewhat less scary stuff going on than has been almost the rule lately." At about 7500 commits, this cycle has fewer changes than the last couple have; a lot of the changes are infrastructural, so there will be fewer obvious new features with 2.6.26 than with some of its predecessors. See the short-form changelog for details, or the full changelog for lots of details.A relatively slow stream of patches has been heading into the mainline git repository since the -rc1 release. The current stable 2.6 release is 2.6.25.2, released on May 6. This release contains a single fix for a locally-exploitable security problem in the filesystem locks code. 2.6.24.7 and 2.4.36.4 were also released with this fix. Previously, 2.6.25.1 and 2.6.24.6 had been released with a larger set of fixes. In the absence of another security issue, there will probably not be any more 2.6.24 stable updates.
Kernel development news Quotes of the week
Usually my git problems are root-caused down to my lack of a PhD in
hermeneutic metaphysiology, but not this time, methinks.
-- Andrew Morton
Kids: do not shove random modules into your kernel. Just because
Linus does something doesn't make it a good idea...
-- Rusty Russell
We've moved half the kernel brains to userspace with udev, initrd and modules; it's really unfair that you're not sharing all that why-won't-my-machine-boot love.
[T]he kernel team has evolved from a small team of buddies to a
large enterprise. And to survive this evolution, we may need to
apply the immoral principles found in big companies.
-- Willy Tarreau
The last things through the 2.6.26 merge window About 500 changesets were merged after the publication of the first and second 2.6.26 merge window summaries. The merge window is now closed; here is the final set of changes which got in:
Time to slow down? All communities develop rituals over time. One of the enduring linux-kernel rituals is the regular heated discussion on development processes and kernel quality. To an outside observer, these events can give the impression that the whole enterprise is about to come crashing down. But the reality is a lot like the New Year celebrations your editor was privileged enough to see in Beijing: vast amounts of smoke and noise, but everybody gets back to work as usual the next day.Beyond that, though, discussions of this nature have real value. Any group which is concerned about issues like quality must, on occasion, take a step back and evaluate the situation. Even if there are no immediate outcomes, the ideas raised often reverberate over the following months, sometimes leading to real improvements. The immediate inspiration for this round of discussion was broken systems resulting from the 2.6.26 merge window. This development cycle has had a rougher start than some, with more than the usual number of patches causing boot failures and other sorts of inconvenient behavior. That led to some back-and-forth between developers on how patches should be handled. Broken patches are unfortunate, but one thing is worth noting here: these problems were caught and fixed even before the 2.6.26-rc1 kernel release was made. The problems which set off this round of discussion are not bugs which will affect Linux users. But, beyond any doubt, there will be other bugs which are slower to surface and slower to be fixed. The number of these bugs has led to a number of calls to slow down the development process in one way or another. To that end, it is worth noting that the process has slowed down somewhat, with the 2.6.26 merge window bringing in far fewer changesets than were seen for 2.6.24 or 2.6.25. Whether this slower pace will continue into future development cycles, or whether it's simply a lull after two exceptionally busy cycles remains to be seen. But, if the process does not slow down on its own, there are developers who would like to find a way to force it to happen. Some have argued for simply throttling the process by, for example, limiting new features in each development cycle to specific subsystems of the kernel. There has also been talk of picking the subsystems with the worst regression counts and excluding new features from those subsystems until things improve. The fact of the matter, though, is that throttling is unlikely to help the situation. Slowing down merging does not keep developers from developing, it just keeps their code out of the tree. An extreme example can be found in the 2.4 kernel: the merging of new code was heavily throttled for a long time. What happened was that the distributors started merging new developments themselves because their users were demanding them. So a lot of kernels which went under the name "2.4" were far removed from anything which could be downloaded from kernel.org. That way lies fragmentation - and almost certainly lower quality as well. Linus actually takes this argument further by arguing that quickly merging patches leads to better quality:
[M]y personal belief is that the best way to raise quality of code
is to distribute it. Yes, as patches for discussion, but even more
so as a part of a cohesive whole - as _merged_ patches!
The thing is, the quality of individual patches isn't what matters! What matters is the quality of the end result. And people are going to be a lot more involved in looking at, testing, and working with code that is merged, rather than code that isn't. Andrew Morton has also argued against throttling:
If we simply throttled things, people would spend more time
watching the shopping channel while merging smaller amounts of the
same old crap.
Kernel developers are, of course, known to be hard-core shoppers, so giving them more opportunity to pursue that activity is probably not the best idea. Seriously, though: Andrew is in favor of a slower development process, but only when approached from a different angle: his point is that an increased focus on quality will, as a side effect, result in slower development. Kernel developers need to be focused on finding and fixing bugs rather than creating new ones and/or shopping. It is worth noting that a substantial portion of the development community appears to believe that there are no real problems in this regard. Bugs are being found and fixed at a high rate and the kernel is solid for most users. Arjan van de Ven notes:
Are we doing worse on quality? My (subjective) opinion is that we
are doing better than last year. We are focused more on
quality. We are fixing the bugs that people hit most. We are fixing
most of the regressions (yes, not all). Subsystems are seeing flat
or lower bugcounts/bugrates.
Ted Ts'o points out that a lot of problems result from obscure and low-quality hardware, and that it's not possible to make everybody happy. Andrew is unconvinced, though, and seems to fear that the kernel is declining in quality. In a sense, though, that part of the discussion is moot. Nobody would argue against the idea that fewer bugs is a worthy goal, regardless of whether one believes that the current process has quality problems. So talk of ways to make things better is always on-topic. Testing remains a big issue; the kernel, more than almost any other project, is highly sensitive to the systems on which it is run. Many problems (arguably the majority of them) are related to specific hardware, or specific combinations of hardware; there is no way for the developers, who do not have all possible hardware to test on, to ever find all of these bugs. Users have to help with that process. Getting widespread testing coverage is always hard; Peter Anvin argues that the current process has actually made that harder:
One thing is that we keep fragmenting the tester base by adding new
confidence levels: we now have -mm, -next, mainline -git, mainline
-rc, mainline release, stable, distro testing, and distro release
(and some distros even have aggressive versus conservative tracks.)
Furthermore, thanks to craniorectal immersion on the part of
graphics vendors, a lot of users have to run proprietary drivers on
their "main work" systems, which means they can't even test newer
releases even if they would dare.
There is, in fact, a wealth of development kernels to test, and it is not always clear where users and developers should be concentrating their testing effort. A consensus may be forming, though, that more people should be looking at the linux-next tree in particular. Linux-next is where all of the patches intended for the next merge window are supposed to congregate; the current contents of linux-next, as of this writing, are targeted toward 2.6.27. This is the place where early integration issues and other problems should be found; if linux-next is well tested, the number of problems showing up in the next merge window should be somewhat reduced. The linux-next tree is an interesting experiment. It is, for all practical purposes, making the development cycle longer: since linux-next exists, the 2.6.27 cycle has, in some sense, already started. Linux-next also does something which kernel developers have tended to resist: causing the stabilization period for one development cycle to overlap with active development for the next cycle. In the past, it has been argued that this kind of overlap will cause developers to prioritize the creation of new toys over fixing the problems with last week's toys. Some people argue that this is happening now: developers are not spending enough time dealing with bugs - and that their carelessness is creating too many bugs in the first place. Others assert that, while it will never be possible to fix every reported bug, the bugs that really matter are being addressed. A real resolution to this disagreement seems unlikely; the creation of meaningful metrics on kernel quality is a difficult task. About the best that can be done is to try to keep the regression list as small as possible; as long as systems which once worked continue to work, it is hard to argue too forcefully that things are headed in the wrong direction.
Read-only bind mounts Bind mounts can be thought of as a sort of symbolic link at the filesystem level. Using mount --bind, it is possible to create a second mount point for an existing filesystem, making that filesystem visible at a different spot in the namespace. Bind mounts are thus useful for creating specific views of the filesystem namespace; one can, for example, create a bind mount which makes a piece of a filesystem visible within an environment which is otherwise closed off with chroot().There is one constraint to be found with bind mounts as implemented in kernels through 2.6.25, though: they have the same mount options as the primary mount. So a command like:
mount --bind -o ro /vital_data /untrusted_container/vital_data
will fail to make /vital_data read-only under /untrusted_container if it was mounted writable initially. On your editor's 2.6.25 system, the failure is silent - the bind mount will be made writable despite the read-only request and no error message will be generated (the mount man page does document that options cannot be changed). There is clear value in the ability to make bind mounts read-only, though. Containers are one example: an administrator may wish to create a container in which processes may be running as root. It may be useful for that container to have access to filesystems on the host, but the container should not necessarily have write access to those filesystems. As of 2.6.26, this sort of configuration will be possible, thanks to the merging of the read-only bind mounts patches by Dave Hansen. As it happens, it's still not possible to create a read-only bind mount with the command shown above; the read-only attribute can only be added with a remount operation afterward. So the necessary sequence is something like:
mount --bind /vital_data /untrusted_container/vital_data
mount -o remount,ro /untrusted_container/vital_data
This example raises an interesting question: what if some process opens a file for write access between the two mount operations? A system administrator has the right to expect that a read-only mount will, in fact, only be used for read operations. The 2.6.26 patch is designed to live up to that expectation, though the amount of work required turned out to be more than the developers might have expected. Filesystems normally track which files are opened for write access, so an attempt to remount a filesystem read-only can be passed to the low-level filesystem code for approval. But the low-level filesystem knows nothing about bind mounts, which are implemented entirely within the virtual filesystem (VFS) layer. So making read-only access for bind mounts work requires that the VFS keep track of all files which have been opened for write access. Or, more precisely, the VFS really only needs to keep track of how many files are open for write access. The technique chosen was to create something which looks like a write lock for filesystems. Whenever the VFS is about to do something which involves writing, it must first call:
int mnt_want_write(struct vfsmount *mnt);
The return value is zero if write access is possible, or a negative error code otherwise. This call can be found in obvious places - such as in the implementation of open() - when write access is requested. But write access comes into play many other situations as well; for example, renaming a file requires write access for the duration of the operation. So mnt_want_write() calls have been sprinkled throughout the VFS code. When write access is no longer needed, the "write lock" should be released with a call to:
void mnt_drop_write(struct vfsmount *mnt);
One of the discoveries which has been made is that write access is needed in rather more places than one might have thought. In particular, it turns out that there is need for mnt_want_write() calls within the low-level filesystems as well as in the VFS layer. So getting the read-only bind mounts patch into shape has been an ongoing process of finding the spots which have been missed and adding mnt_want_write() calls there. In an attempt to make this process a bit less error-prone, Miklos Szeredi has put together a set of VFS helper functions which encapsulate the situations where write access is needed. Those functions have not been merged for 2.6.26, however. Superficially, mnt_want_write() is easy to understand - it simply increments a counter of outstanding write accesses. The problem with a simple implementation, though, is that a shared, per-filesystem counter would create scalability problems. On multiprocessor systems, the cache line containing the counter would bounce around the system, slowing things considerably. A common response to this type of problem is to turn the counter into a per-CPU variable, allowing operations on the counter to remain local to each processor. When somebody needs to know the total value of the counters, it's a simple matter of adding each CPU's version; this operation is slow, but it is also rare. On big systems, though, the number of CPUs can be large - as can the number of filesystems, and bind mounts will only increase that number. The result is a multiplicative effect which, once again, is a scalability problem, only this time it manifests itself in the form of excessive memory use. The read-only bind mounts patch resolves this situation by, in effect, going back to global counters which are cached on specific processors. To that end, each CPU has one of these structures:
struct mnt_writer {
spinlock_t lock;
unsigned long count;
struct vfsmount *mnt;
}
At any given time, this structure will hold a local count for one filesystem, represented by mnt. If the processor needs to adjust the write count for that filesystem, it's a simple matter of incrementing or decrementing count. When the processor's attention turns to a different filesystem, it must first adjust the global count for the old filesystem, then it can switch its local mnt_writer structure to the new one. The result is a compromise between purely local and purely global counters which yields "good enough" performance on benchmarks designed to stress the system. Read-only bind mounts join with other features (such as shared subtrees) to create a flexible set of tools for the construction of the filesystem namespace. It is not clear how much of this functionality is being used at this time, but, as the implementation of containers in the mainline gets closer to completion, there is likely to be more interest in this capability. Linux systems in coming years may have much more complex filesystem layouts than have been seen in the past.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Architecture-specific
Security-related
Virtualization and containers
Benchmarks and bugs
Page editor: Jonathan Corbet
Distributions News and Editorials Looking ahead to Mandriva Linux 2009 With Mandriva Linux 2008 Spring out the door, the first steps toward Mandriva Linux 2009 are in progress. Ideas are being collected on this wiki page and Bugzilla is open for suggestions and ideas. The wiki page begins with instructions for entering ideas and suggestions into Bugzilla.A number of items are in the wish list for kernel and hardware support. The ML 2009 kernel will use libata, the one item already marked as complete (better late than never). Other wishes include an installed and enabled kerneloops package, full support for Lenovo Thinkpads T60/T61 (and T62 in the future) (with all the bells, whistles, drivers, hotkeys, LEDs, etc. working), making Xen work properly (or dropping it), and patches for kernel-level mode setting. There is a request for virtualbox 1.6 to be added to the toolchain, along with cmake and svn. The RPM, URPMI requests include better separation of free and non-free so that non-free sources do not get installed on an otherwise free system; and better dependency handling. Some requests involve making it easier to use a lightweight desktop/window manager. There is an Xfce edition for ML 2008.1, but some would like the Xfce edition to be an official part of the 2009 release. Requests for improved icewm support are joined by requests for LXDE, and Enlightenment 17. No matter how good an installer is, there is always room for improvement and some ideas are on the list. The same could be said for system tools, and several improvements to Drakxtools are also on the list. The list ends with suggestions for better internationalization and localization support. Those who have ideas about improving Mandriva Linux, now is the time to get involved. File bug reports where features seem to be missing, and help make ML 2009 better than ever.
New Releases easys GNU/Linux 4.1 The easys development team has announced the release of easys GNU/Linux 4.1, a Slackware based distribution. "For the first time the new installation and the administration framework for Linux - ALICE (Advanced Linux Installation and Configuration Environment) - is introduced to the public. Both tools have been created in close co-operation with the DARKSTAR Linux and the easys developer team. Due to ALICE now novices and advanced users are able to perform an easy graphical installation of a Slackware Linux system, only a few steps are to be taken."
F9 beta for ia64 now available A beta release of Fedora 9 for ia64 is available. "F9 is the first Fedora release to be officially supported on ia64. This ia64 build of fedora is the first to be released under the "secondary architectures" project. We have made efforts to make sure that the ia64 release is equal to the release of Fedora for x86, x86_64, ppc and ppc64, however there are some differences that should be noted."
Fedora Unity releases Fedora 8 Updated Re-Spin The Fedora Unity Project has announced the release of new ISO Re-Spins (DVD and CD Sets) of Fedora 8. "These Re-Spin ISOs are based on the officially released Fedora 8 installation media and include all updates released as of May 1st, 2008. The ISO images are available for i386, x86_64 and PPC architectures via Jigdo and Torrent."
Get DeltaH, gNewSense 2.0 The gNewSense project has announced the release of DeltaH, the second version of their all free-software GNU/Linux distribution. This release is based on Ubuntu Hardy, with help from Blag's deblob scripts for removing binary blobs from the kernel.
Mandriva 2008 Spring Xfce is out! Mandriva 2008.1 is now available in an Xfce edition. "Xfce is in version of 4.4.2, in few areas it has been patched with upstream svn patches."
OpenBSD 4.3 released May 1, 2008 The official release of OpenBSD 4.3 has been announced. This version has new and extended platform support for sparc64, hppa, mvme88k and sgi, plus improved hardware support, new tools, new functionality, and much more.
OpenSolaris 2008.05 released Here's the announcement for the much-hyped OpenSolaris 2008.05 release. "This release also introduces IPS, a new network based package management system, allowing users to install additional software from the network. ZFS is also the default root file-system, allowing unique snapshot and rollback features, especially useful during system upgrade. OpenSolaris 2008.05 has a significantly improved user environment, in particular for those familiar with other Linux distributions."
Announcing openSUSE 11.0 Beta 2 The openSUSE team has announced the second Beta release of openSUSE 11.0, with countless bug fixes, as well as the import of the new openSUSE 11.0 artwork for login, splash screens and more. "The live installation should work, but there are several known quirks, so be sure to check the most annoying bugs list before proceeding with the live installation."
Slackware 12.1 released The announcement for Slackware 12.1 has gone out. "This first Slackware edition of the year combines Slackware's legendary simplicity (and close tracking of original sources), stability, and security with some of the latest advances in Linux technology. Expect no less than the best Slackware yet." There's a lot of new stuff in this release; see the announcement for an overview.
Distribution News Debian GNU/Linux being released from the hot seat Andreas Barth is happy that Marc 'HE' Brockschmidt didn't become the Debian project leader, because that would have put Andreas on the DPL team. Instead Marc will become a release manager and Andreas will work on the Lenny release as the release wizard.
Fedora Fedora Board Recap 2008-04-29 Click below for a look at the April 29 meeting of the Fedora Board. Topics include fedoraproject.org mail and Open Conversation.
Fedora Board Appointment timing Paul Frields takes a look at the upcoming Fedora Project Board election. "The Board will announce Red Hat's appointments around the week of May 19th. Nominations will not close, nor will voting begin, until well after the appointments are announced... Nevertheless, I'd recommend that any interested community members run for the Board, regardless of their employment status or length of time working in the Fedora Project, and be confident about their record of getting things done."
Fedora board nominations sought Nominations for Fedora Project Board are open. "Are you someone who thinks a lot about Fedora's impact on society and the world? Do you love reading books about open standards and the free/remix culture? Do you want to work on big-picture issues as opposed to technical details? Has the time you've spent working in the Fedora Project brought you an appreciation for all the things our contributor community does? Then you might be just the sort of person who's interested in a seat on the Board."
Fedora Xfce SIG Fedora's Xfce Special Interest Group is recruiting new members. "Maintaining Xfce packages, translations, documentation, artwork and improve the Fedora Xfce Spin (installable Live CD) are some of the things you can do to help the Xfce team in Fedora."
SUSE Linux and openSUSE openSUSE hard disk configuration survey openSUSE is conducting a survey on hard disk configuration. The survey will be online until May 28, 2008 and the results will be published on openSUSE.org as soon as possible.
Indonesian OpenSUSE Community Launching Free Blog Offer for OpenSUSE Lover Indonesian openSUSE fans now have a mailing list, support forum and more, localized in Bahasa Indonesia. Click below for more information.
Ubuntu family Intrepid open for development Now that the Hardy Heron (Ubuntu 8.04) has been released, it's time to start thinking about the Intrepid Ibex, which will become Ubuntu 8.10. For those who like to run bleeding edge development versions, this one still isn't ready to do much besides eat your system. There's the inevitable GCC upgrade, followed by automatic syncs from Debian unstable, and some hardening/bug fixing to do first. See the Intrepid release schedule for more information.
Distribution Newsletters Arch Linux Newsletter The Arch Linux Newsletter for May 5, 2008 covers Archlinux 2008.04-RC, Arch Linux Schwag Report, Who is Skoal?, community contributions, interview with Simo Leone, and several other topics.
OpenSUSE Weekly News/20 This week's edition of the openSUSE Weekly News covers openSUSE: Google Summer of Code projects announced, People of openSUSE: Michael Löffler, openSUSE Build Service Version 0.9.1 Release, KDE 4.1 Alpha1 Live, First look at SUSE on the HP Mini-Note, and much more.
Ubuntu Weekly Newsletter #89 The Ubuntu Weekly Newsletter for May 3, 2008 covers: Ubuntu Open Week, Intrepid Ibex: Open for Business, FLISOL Nicaragua 2008, Launchpad 1.2.4, gNewSense release of DeltaH(based on Hardy Heron), Fox New Responds to Linux Community, Ubuntu 8.04 vs. Windows Vista Power Usage, Interview with Donald Knuth, and much more.
DistroWatch Weekly, Issue 251 The DistroWatch Weekly for May 5, 2008 is out. "A week of many excellent releases - a brand new Slackware 12.1 (read our first-look review of the world's oldest surviving Linux distribution), an updated OpenBSD 4.3 (check out the exhaustive interview with the project developers at ONLamp.com), a hot new Puppy Linux 4.00 (with pretty artwork and a large number of state-of-the-art features and packages), and an Xfce edition of Mandriva Linux 2008.1 (complete with Compiz support on an installable live CD). But the excitement never ends here at DistroWatch; as we go to press, the first-ever stable release of OpenSolaris is hitting the download mirrors, together with a plethora of related announcements and Planet posts from the growing OpenSolaris developer and user community. There is also more news on the latest beta of openSUSE 11.0, information about the first alpha release of PC-BSD 7.0, and the usual columns, including a donation of €250 to the GSPCA project for its amazing work developing Linux webcam drivers. There is lot more, so enjoy the read!"
Distribution meetings Reminder about upcoming FUDCons FUDCon is a Conference for Fedora Users and Developers. There are three coming up in the next few months: mini-FUDCon Berlin 2008, May 30 (at LinuxTag); FUDCon Boston 2008, June 19 - 21; and one in the planning for September in Prague.
Distribution reviews Coming along strong: first look at openSUSE 11 beta 2 (ars technica) Beta 2 for openSUSE 11 was recently announced, so ars technica decided to take a peek. They tried both the GNOME and KDE flavors and were generally impressed. "There are a lot of things to like in openSUSE 11 and it will make a good choice for many users—it is already shaping up to provide better PulseAudio integration and stronger desktop search capabilities than Ubuntu, for instance. OpenSUSE also has excellent support for KDE 4, which is why we have used it as our reference platform for KDE testing and reviews."
Linux Shootout: 7 Desktop Distros Compared (InformationWeek) InformationWeek looks at seven Linux distributions, comparing how each installed and ran on five different machines. The article looks at openSUSE, Ubuntu
Meet The Hardy Heron: What's New in Ubuntu 8.04 (O'ReillyNet) O'Reilly's LinuxDevCenter takes a look at Ubuntu 8.04. "Ubuntu 8.04 LTS (long-term support) launched on April 24th for desktops and servers. There is something for everyone in this version, but the LTS release will have particular appeal to enterprises. As one corporate user said to me, "I have been waiting for the release of Ubuntu 8.04, because I am using Ubuntu 6.06 on my company laptop and we have to install exclusively long term support releases." The LTS release assures a reliable upgrade paths twice a year with security updates maintained for a full five years."
Page editor: Rebecca Sobol
Development Pygments - the Python Syntax Highlighter Pygments is a multi-language syntax highlighter that is written in Python and distributed under the BSD license. The project description states:
It is a generic syntax highlighter for general use in all kinds of software such as forum systems, wikis or other applications that need to prettify source code. Highlights are:
![[Pygments]](/images/ns/pygmentslogo.png)
The project FAQ notes that
Pygments supports a long (and expandable)
collection of input languages.
It can produce output as HTML, LaTeX, RTF and ANSI sequences for
console output. The software can be run from the pygmentize
command-line tool, or accessed from your own Python code. See the
command line reference
for details on running pygmentize.
Pygments version 0.10 was recently announced. Changes include the addition of 15 new language lexers, expansion of the Makefile lexer's capabilities, the ability to output in several image formats, a new style and other enhancements and fixes. Installation of Pygments was straightforward on an Ubuntu 7.04 system. A tar.gz file was downloaded from the Python package site. The file was uncompressed with gunzip and extracted with tar. Running python setup.py install as root on the setup script installed the software and it was ready to run. After a quick read of the Command Line Usage document, your author was able to run pygmentize on some Python code and produce some rather pleasing colorized html output. The project's demo page has a number of examples of Pygment's output, it also allows you to upload your own code to see how it looks after formatting. Pygments looks to be a well designed generic tool. It could useful for online and offline documentation, code analysis, education and much more. This list of projects is already putting Pygments to use, perhaps your project could make use of it as well.
System Applications Database Software pgDesigner 1.2.5 released Version 1.2.5 of pgDesigner, a GUI database interface to PostgreSQL, has been announced. "Changes: BUG: Fixed some bugs related to the loading and saving projects. BUG: Fixed some bugs in class CPdfWriter. NDA: Program compiled with version 2.5.0 of Gambas."
PostgreSQL Weekly News The May 4, 2008 edition of the Postgres Weekly News is online with the latest PostgreSQL DBMS articles and resources.
Mail Software sendmail 8.14.3 is available Version 8.14.3 of sendmail has been announced. "This version fixes some bugs: * the MTA accessed storage after it free()d it. This was a regression introduced in 8.14.2, but the bug only showed up on a few operating systems. * ruleset processing: the function cataddr() could cause the addition of the BlankSub character between some tokens when it should not happen and thus failures in rule matching. It seems that none of the default rules were affected by this bug and hence the problem did not show up for default configurations. * the libmilter state engine did not deal correctly with milters that requested the omission of protocol steps during the negotiation callback."
Security libprngwrap 1.0.2 announced Version 1.0.2 of libprngwrap is available. "Maybe an interesting library for people who are very serious about security: libprngwrap (version 1.0.2) was released. Libprngwrap replaces calls to rand(), random() and other pseudo random generators to calls which retrieve entropy-data from /dev/urandom (or /dev/random if you wish and don't care about your application stalling when /dev/random is out of entropy data)."
OSSEC HIDS v1.5 released Version 1.5 of OSSEC HIDS has been announced. "OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. This new release comes with numerous new features, including new LIDS (log-based IDS) support for Solaris BSM, Asterisk, Checkpoint, Postfix SASL, Smart Defense, Debian package and Shorewall logs."
Web Site Development nginx 0.6.30 released Version 0.6.30 of nginx, an HTTP server and mail proxy server, has been announced. Changes include several new features and bug fixes, see the CHANGES file for more details. "In March 2007 about 20% of all Russian virtual hosts were served or proxied by nginx. According to Google Online Security Blog year ago nginx served or proxied about 4% of all Internet virtual hosts, although Netcraft showed much less percent. According to Netcraft in March 2008 nginx served or proxied 1 million virtual hosts."
Miscellaneous Mandriva Directory Server 2.3.1 announced Version 2.3.1 of Mandriva Directory Server has been published, this is a bug fix release. "The Mandriva Directory Server (MDS) is a Free Software project that features: * user authentication and management thanks to LDAP * an extensible, nice looking and AJAX powered PHP web interface called MMC (Mandriva Management Console), provided with 5 modules: * Users and groups management * SAMBA accounts and shares management * DNS/DHCP management * Email delivery management * Web proxy blacklist management * a Python dedicated management API for LDAP, SAMBA, and SQUID (core of the MDS and the MMC) * a policy system, that will allow to define users right on network ressource".
Desktop Applications Desktop Environments GNOME Software Announcements GNOME Software Announcements The following new GNOME software has been announced this week:
KDE 4.0.4 released Version 4.0.4 of KDE has been announced. "The KDE Community today announced the immediate availability of KDE 4.0.4, the fourth bugfix and maintenance release for the latest generation of the most advanced and powerful free desktop. KDE 4.0.4 is the fourth monthly update to KDE 4.0."
KDE Commit-Digest (KDE.News) The April 20, 2008 edition of the KDE Commit-Digest has been announced. The content summary says: "The start of the Google Summer of Code with 47 KDE projects. Initial version of a kxsldbg plugin for Quanta. Kross-based scripting in KDevelop. Tabs return to the kdevplatform (KDevelop, etc) interface framework. A database plugin for Kommander, with Kommander widgets becoming accessible within Designer. Support for file attachment and sound annotations in Okular. Work on support for JavaScript runners, and an enhanced visual appearance for KRunner in Plasma..."
KDE Software Announcements The following new GNOME software has been announced this week:
Xorg Software Announcements The following new Xorg software has been announced this week:
GUI Packages Troll treasure: an in-depth look at Qt 4.4 (ars technica) Trolltech has announced the release of Qt 4.4, so ars technica looks at the new features and interviews Trolltech CTO Benoit Schillings about the new version and where Qt is headed in the future. "Some of the most significant features added in Qt 4.4 include a multimedia abstraction layer, an HTML rendering widget based on WebKit, a new concurrency framework, and support for rendering widgets on the toolkit's drawing canvas. This is also the first Qt release to include support for Windows CE and Windows Mobile."
Interoperability Wine Release Countdown A Wine Release Countdown is in progress. "wine-0.9.61 was released on Friday, May 2nd, 2008. Wine is now in a code freeze in preparation for the 1.0 release. According to http://wiki.winehq.org/WineReleasePlan, wine-1.0.0-rc1, due out Friday, May 9, 2008, will be the first release candidate for 1.0."
Wine 0.9.61 released Version 0.9.61 of Wine has been announced. Changes include: Automatic updating of the WINEPREFIX directory, Winhelp now uses Richedit as display engine, Many RichEdit fixes, More improvements to IME support, More quartz fixes, Implementation for many more Gdiplus functions and Lots of bug fixes.
Medical Applications New OpenEHR strategic direction (LinuxMedNews) LinuxMedNews covers a change of strategic direction for the openEHR project. "Thomas Beale, Chair of the openEHR Foundation Architecture Review Board (ARB) has posted a message describing some goals for the coming year. These include a vision, roadmap and strategies for the architecture and clinical modeling. Read more; for the entire email with links and descriptions."
Music Applications Rosegarden 1.7.0 released Version 1.7.0 of Rosegarden, a MIDI sequencer, is out. "This release focuses mostly on notation enhancements, although there are also substantial bug fixes in other areas."
Office Suites OpenOffice.org 3 beta released The first OpenOffice.org 3.0 beta release is available, and the project is looking for testers. "The most immediately visible change to OpenOffice.org 3.0 is the new 'Start Centre', new fresh-looking icons, and a new zoom control in the status bar. A closer look shows that 3.0 has a myriad of new features. Notable Calc improvements include a new solver component; support for spreadsheet collaboration through workbook sharing; and an increase to 1024 columns per sheet. Writer has an improved notes feature and displays of multiple pages while editing. There are numerous Chart enhancements, and an improved crop feature in Draw and Impress."
Languages and Tools C GCC 4.3.1 Status Report The May 5, 2008 edition of the GCC 4.3.1 Status Report has been published. "GCC 4.3.1 was scheduled for 2008-05-05, but will be delayed. There are three P1 bugs open that need resolving before 4.3.1-rc1 is released: a restricted pointers bug (36013), the x86 direction flag issue (36079) where we don't yet have consensus on whether we need to have a workaround patch applied, and the ppc64 cacoshl miscompilation (36090) where possible patches are being discussed. Ian has applied the CERT warning fixes to 4.3 branch, so those will be in 4.3.1."
Caml Caml Weekly News The May 6, 2008 edition of the Caml Weekly News is out with new articles about the Caml language.
Perl This Fortnight on perl5-porters The April 13-27, 2008 edition of This Fortnight on perl5-porters is out with new Perl 5 articles. ""Perl simply isn't broken enough. Most things work too well, hence no-one finds that they need to fix their itch, so in turn, they don't get sucked into core development generally. Maybe we need to start adding bugs, somewhat like a protection racket." "Your program works very nicely. It would be a shame if something went wrong with it, wouldn't it? ..." -- Nicholas Clark, on possible future revenue schemes."
PHP PHP 5.2.6 released Version 5.2.6 of PHP has been announced. "The PHP development team would like to announce the immediate availability of PHP 5.2.6. This release focuses on improving the stability of the PHP 5.2.x branch with over 120 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release."
Python Sphinx 0.3 released Version 0.3 of Sphinx has been announced, several new capabilities have been added and some bugs have been fixed. "Sphinx is a tool that makes it easy to create intelligent and beautiful documentation for Python projects (or other documents consisting of multiple reStructuredText source files)."
Python-URL! - weekly Python news and links The May 6, 2008 edition of the Python-URL! is online with a new collection of Python article links.
Tcl/Tk Tcl-URL! - weekly Tcl news and links The April 30, 2008 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.
IDEs eric 4.1.3 released Version 4.1.3 of eric, an IDE for Python and Ruby, has been announced. "I'd like to inform everybody about the immediate availability of eric v4.1.3. This is a bug fix release."
Version Control Bazaar 1.4 released Version 1.4 of the Bazaar version control system has been announced. "This release of Bazaar includes handy improvements to the speed of log and status, new options for several commands, improved documentation, and better hooks, including initial code for server-side hooks. A number of bugs have been fixed, particularly in interoperability between different formats or different releases of Bazaar over there network. There's been substantial internal work in both the repository and network code to enable new features and faster performance."
Miscellaneous Rietveld: a new code review tool Guido van Rossum has announced the availability of "rietveld," a new code review tool based on the Google-proprietary "Mondrian" tool. "What I'm announcing now is the next best thing: an code review tool for use with Subversion, inspired by Mondrian and (soon to be) released as open source. Some of the code is even directly derived from Mondrian. Most of the code is new though, written using Django and running on Google App Engine." The source is available from this page.
Page editor: Forrest Cook
Linux in the news Recommended Reading A Brief History of Sun by Groklaw's grouch (Groklaw) A Groklaw reader named grouch has compiled a brief history of Sun. "I think Sun is not the same as it was 5 years ago, or even 3 years ago. How long has it been since Schwartz blogged about Red Hat being "proprietary"? Even RMS got tired of all the noise Sun made about setting Java free, someday, but then Sun actually did it. That was shockingly different."
Readers' Choice Awards 2008 (Linux Journal) Linux Journal has announced the results of its Readers' Choice Awards. "In this year's competition, we designated only one winner per category, with strong contenders receiving honorable mention awards. For instance, in the categories where a cluster of formidable contenders followed the outright winner, we designated up to three honorable mentions. However, if one product clearly dominated a category (for example, OpenOffice.org with 85% in Favorite Office Program or Apache with 92% in Favorite Web Server), and the contenders were barely on the radar, there were no honorable mentions."
Trade Shows and Conferences Linuxfest Northwest 2008 report Scott Dowdle has written a report on the recent Linuxfest Northwest. "For those unfamiliar with the Linuxfest Northwest, it is an annual, two-day event held at Bellingham Technical College in Bellingham, Washington on the last weekend in April. It has become a hub of Linux activity in the Northwest with several of the Washington area Linux Users Groups supporting it. Visitors seem to come from all over the country especially those places that don't have a Linux conference anywhere near them. I also attended the LFNW last year so a bit of this review compares this year with last."
Linux Fest Northwest 2008 Jesse Keating has a report from Linux Fest Northwest. "In Bellingham we arrive, somewhat late at night. Driving through the downtown area we spot a large banner hanging across the street advertising the Fest. Times have certainly changed. It's certainly fun to see the influx of geeks mesh with the biker bars and the college crowd. At the hotel you can tell it's fest time. Lobby filled with geeks: laptops, ham radios, smarmy t-shirts abound; excited conversations about kernels and desktops, and rpms, and debs, and who's going to win Alpha Geek this year. Snickering comments about whether or not the hotel wireless will withstand the abuse a hotel full of Linux geeks can throw at it, and a bemused rueful grin is the only answer one gets from the hotel staff (turns out that the hotel internet is pretty unusable by the time we arrive, but there is open wireless somewhere near that still works!)."
The SCO Problem Deluded SCO CEO on witness stand: "Linux is a copy of UNIX" (ars technica) ars technica covers the latest news from the Novell/SCO trial. "McBride said that SCO holds the rights to UNIX and that "many Linux contributors were originally UNIX developers." Specifically, he said, "We have evidence System V is in Linux,"—directly contradicting what Sontag had previously testified. Due to the witness exclusion rule invoked by both parties, McBride was not present during Sontag's testimony and wasn't aware of what had been said. McBride's claims also directly contradict internal SCO memos from 2002, which reveal that the company's own extensive source code audits had uncovered no UNIX code in Linux."
Companies Windows-based EeePC cheaper than Linux one (APCMag) Here's an APC Magazine article which proclaims that the Windows-based EeePC 900 will cost less than the Linux version - though the fine print notes that the Linux-based system comes with more storage. "APC played briefly with the machines on show at the launch. The XP version of the Eee boots quite speedily for a Windows box, but is still notably slower than its Linux counterpart. Even Asus' press release promoting the product acknowledges that the Linux machine is faster to get started. 'It provides a fast boot-up time, ideal for quick internet access while waiting for public transport or taking notes on-the-go,' it breathlessly proclaims."
Dell to sell in Officeworks, but no Linux PCs, thank you (APC) APC reports that Dell will only be selling PCs loaded with Microsoft Vista through Officeworks in Australia. ""At this stage it's Vista only," Evan Williams, general manager for consumer sales and marketing at Dell South Asia, said during a telephone briefing on the plans. "We'll evaluate on the XP side." (For its recent revision of its Vestron small business line, Dell is allowing customers to downgrade their licence and purchase a machine with Windows XP already installed.) Nor is Dell planning to extend its Inspiron notebook line featuring Ubuntu rather than Windows, which has been successful in the US and Europe, into Australia." (Thanks to Dan Warne).
Interviews Interview with the Ekiga developers (Free Software Magazine) Free Software Magazine interviews five members of the Ekiga development team. Ekiga is a Voice-over-IP application—and more—as the interview shows. "Matthias Schneider: Actually, Ekiga is not only Voice over IP software, it is also Video over IP software and the beautiful thing is that this additional capability is transparent to the user. When making a call, no thought needs to be given on how you want to communicate with your peers. You only need to dial a phone number or enter a sip address, Ekiga then takes care of negotiating capabilities at the other end. That means when calling a normal phone line it will be a a voice-only call, but if calling another softphone or even a hardphone that has video capabilities, video will be activated automatically (if the user has enabled this function)." (Thanks to Ian Ward).
Resources Linux Gazette #150 is out! Linux Gazette #150, for May 2008, is out. Articles include Deividson on Databases: Stored Procedures, Knoppix 5.3.1, Virtualizing without Virtualizing, Lockpicking and much more.
Reviews Rugged PDA available with Linux (LinuxDevices) LinuxDevices covers a Linux port to a PDA. "A value-added reseller of mobile computers and PDAs has ported Linux to a ruggedized, "military-grade" PDA. SDG Systems is offering the "Nomad" from Tripod Data Systems (TDS) pre-installed with Angstrom Linux and Qtopia PDA Edition, and bundled with a toolsuite and build environment based on OpenEmbedded."
Page editor: Forrest Cook
Announcements Non-Commercial announcements Congress Must Investigate Electronic Searches at U.S. Borders (EFF) The Electronic Frontier Foundation is asking the US congress to hold oversight hearings on the Department of Homeland Security's search and seizure of electronic devices at US borders. ""Our computers, cell phones, and other electronic devices hold a vast amount of personal information like financial data, health histories, and personal emails and letters," said EFF Staff Attorney Marcia Hofmann. "In a free country, the government cannot have unlimited power to read, seize, and store this information without any oversight.""
2008Q2 TPF Grant Proposals (use Perl) use Perl covers the latest Perl Foundation grant proposals. "On The Perl Foundation weblog are a set of posts with proposals received by the Grants Committee during the second call for grant proposals for 2008. Although not usual, the rules of the TPF Grants Committee are changing and we hope to make this a rule. Proposals are accepted during one month and after that period, they are posted for public discussion. This is important to make the Grants Committee more aware of the community interest on the project, and to help opening the grants attribution process."
Latest Samba volunteer job postings The Samba project has posted a request for volunteer help. "The Samba Team is looking for people to help keep our user community information current, covering development news, releases, general news, and events."
Welte v. Skype going to trial Harald Welte lets it be known that there will be a hearing on May 8 in his GPL-enforcement case against Skype, which is shipping Linux-based phones without making source available. "Interestingly, Skype is arguing against the validity of the GPL as a whole, asserting that it is violating anti-trust regulation and similarly strange claims."
Commercial announcements Adobe's Open Screen Project Adobe has announced the "Open Screen Project," which seems mainly oriented toward getting flash players onto everybody's phones. One of the outcomes, though, is that the licensing restrictions on the Flash specifications (which prevented people from using those specifications to make competing Flash players) have been lifted. The Flash 9 specification can now be downloaded from this page.
Continuent announces uni/cluster 2008 for PostgreSQL and EnterpriseDB Continuent, Inc. has announced the availability of Continuent uni/cluster 2008. "This newest version of Continuent's uni/cluster software provides the highest levels of availability and scalability for database applications built using PostgreSQL and EnterpriseDB Postgres Plus databases. Continuent uni/cluster offers a multi-master approach to replication. Data is committed and available to all nodes in the cluster simultaneously, effectively eliminating data latency and providing increased reliability through redundancy."
Mozilla selects MindTouch as future platform for developer community MindTouch has announced the release of MindTouch Deki Wiki v8.05, the latest version of its open source enterprise collaboration and integration platform. The Deki Wiki v8.05 release was driven in part by the requirements of Mozilla, which selected MindTouch for the upcoming re-launch of their Mozilla Developer Community.
Motorola demonstrates MOTODEV Studio Tools Motorola, Inc. has announced the expansion of their MOTODEV Studio development platform for mobile phones. "Based on an open framework enabled by Eclipse, MOTODEV Studio is an integrated development environment that provides the necessary tools for the application development life cycle -- from requirements definition to testing and deployment -- across all Motorola platforms. MOTODEV Studio and its associated toolsets are designed to enable developers all over the world to create platform-specific applications for Motorola devices -- even before they are available on the market."
SDG Systems Announces Linux-based TDS Nomad SDG Systems, LLC has announced the immediate availability of their Linux-based TDS Nomad rugged mobile hand-held computer. "The Nomad provides a high level of device integration including Bluetooth, 802.11, GPS, Camera, Barcode scanning and USB host and client ports. All Nomads also include a high-resolution screen (480x640 portrait VGA) for sharp, clear images and a 806 MHz PXA 320 processor. The USB host port has been tested to support mass storage, keyboard, mouse, Ethernet and RS-232 serial adapters."
New Books Make Projects: Small Form Factor PCs--New From O'Reilly O'Reilly has published the book Make Projects: Small Form Factor PCs by Duane Wessels and Matthew J. Weaver.
Programming in Python 3 released by Safari Books Online Mark Summerfield has announced the online availability of his new book Programming in Python 3: A Complete Introduction to the Python Language. "The online version contains about half the book so far and is about six weeks behind my working copy. It is accurate for Python 3.0 alpha 4. More text will be added and updates made as the book and Python progress. The book began life last year once it was clear that Python 3 was going to come out this year. The printed version should be available in October in the U.S.---but it will only go to press once all the examples and snippets have been tested against Python 3.0 final, so the date will slip if Python's release date slips."
Education and Certification OpenEMR HQ to offer second online training session (LinuxMedNews) LinuxMedNews notes that OpenEMR HQ will offer online training on May 27, 2008. "OpenEMR HQ, Inc., announced today that it plans to offer a second online training session for those interested in the OpenEMR software but who aren't able to attend an in-person event at their Tulsa facility."
Calls for Presentations Deadline for Akademy 2008 Presentation Proposals Extended (KDE.News) The deadline for submitting a proposal to Akademy 2008 has been extended until Monday, May 12, 2008, 23:59 UTC. "Tell the world about your contribution to KDE. Tell the community what cool things you have done with KDE."
OpenOffice.org: what can you share with the community? A call for papers has gone out for OOoCon 2008. The event will be held in Beijing, China on November 5-7, 2008. The submission deadline is June 20. "The OpenOffice.org Community invites potential speakers to submit proposals for papers for the OpenOffice.org annual international conference, OOoCon 2008. Whether you are a seasoned presenter, or have never stood up in public before, if you have something interesting to share about OpenOffice.org - we want to hear from you."
OSDC 2008 Sydney call for papers A call for papers has gone out for the Open Source Developers' Conference 2008. The event will take place in Sydney, Australia on December 1-5, 2008. The submission deadline is June 30.
PyOhio call for proposals A call for proposals has gone out for PyOhio. "PyOhio, the first annual Python programming mini-conference for Ohio and surrounding areas will take place Saturday, July 26, in Columbus, Ohio. The conference is free of change and will include scheduled presentations, Lighting Talks and unconference-style Open Spaces." The submission deadline is June 1.
Upcoming Events Linux Installfest workshop in Davis, CA The Linux Users' Group of Davis will hold the next Linux Installfest workshop in Davis, CA on Saturday, May 17.
PyPy sprint - Berlin The PyPy sprint will take place in Berlin, Germany on May 17-22, 2008. "The next PyPy sprint will be in the crashed `c-base space station`_, Berlin, Germany, Earth, Solar System. This is a fully public sprint: newcomers (from all planets) and topics other than those proposed below are welcome."
Events: May 15, 2008 to July 14, 2008 The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it. Web sites Blogging platform for openSUSE launched The openSUSE distribution has announced a new blogging site. "We're launching today officially a new website: lizards.opensuse.org! This site offers blog hosting for openSUSE members. The blogs should be focused on the openSUSE project, e.g. on the distribution, packages, build service, events, etc. Please contact the site administrators (via mail to news-submit@opensuse.org) if you want to have your blog created."
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||