| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for July 3, 2008More DTrace envy Nearly a year ago, we looked at the status of SystemTap in the context of Sun's much-hyped DTrace tool. Since that time there has been progress, but the basic problem still remains: Linux does not have a good, ready-to-run answer to those wanting the equivalent functionality of DTrace. Due to an apparent disconnect between the developers of SystemTap and the kernel hackers, tracing for the Linux kernel—never mind user space programs—is not up to the competition. Both SystemTap and DTrace are tools meant to help administrators track down performance and other problems on production systems by instrumenting the kernel. Because SystemTap has not matured to the point of easy usability, DTrace is often seen as a prime differentiator between Linux and Solaris. In a posting to the ksummit-2008-discuss mailing list—where Kernel Summit topics are considered—Matthew Wilcox brought up the subject based on his experience at a recent PostgreSQL conference:
There was a lot of
buzz around DTrace. Sun and a couple of other companies have put DTrace
hooks into postgres, so they now have some really useful canned queries.
If you're running Solaris or MacOS, of course.
So there was a lot of talk about switching away from Linux. This can't possibly be a good thing for us. I don't personally know what the state of our competing projects are, but clearly they haven't got their hooks into postgres ... at least not upstream. Typically Linux has been in the forefront of interesting new technologies for free operating systems. When Sun opened up Solaris, though, a few features jumped ahead of their Linux counterparts, in particular the ZFS filesystem and DTrace. SystemTap is supposed to provide the tracing functionality while Btrfs is the leading candidate for a "next generation" filesystem. But, so far, SystemTap has not lived up to its potential. There are a few reasons for disappointment with SystemTap, some of which were pointed out by James Bottomley:
When I go around end users, I find people in two camps: The ones who've
drunk the sun coolaid and won't take anything on linux that isn't a
fully replicated dtrace (sort of like windows people who demand the
availability of outlook on linux) and people who are migrating to Linux
and trying to use systemtap for tracing. These latter seem to have a
number of genuine concerns including latency, the time it takes to
actually go from command executing to functional trace, the inability to
trace user programs (dtrace can) and concerns about the amount of
perturbation the probes actually place inside the kernel.
Those are all valid concerns, but the biggest problem for users is that, unless they are knowledgeable about kernel internals, it is difficult to know how to use SystemTap. A more simplified interface, one that is less reliant on kernel internals, needs to be created; the way to do that is through the placement of static trace points in the kernel and the creation of "tapsets" to make them easily usable. The SystemTap developers think the kernel hackers are in the best position to do that work. Ted Ts'o agrees but sees some barriers:
The big thing that are missing are the tapsets
— the macro libraries that allow a system administrator to use it to
find and solve performance problems without being a kernel developer,
and more importantly, the documentation for said macro libraries so a
system administrator can actually use it.
[ ... ] the real problem isn't as much kernel developers, it's that (a) it's too hard for many kernel developers to use (and so many kernel developers are [not] using it), and (b) there aren't enough tapsets. The latter is something that kernel developers can help solve, but unfortunately I'm not sure discussing it at the Kernel Summit will necessarily lead to making forward progress. If the kernel developers have trouble using SystemTap, they are unlikely to add the tapsets that would make it more usable for system administrators and others who have some general kernel knowledge but not enough to sensibly instrument it. For people using distribution kernels—at least for the enterprise distributions and Fedora—it is only somewhat painful to get SystemTap up and running. But kernel hackers tend to run their own kernels, often many different versions in a short period of time, so they need to be able to be easily build one that works with SystemTap and includes all of the debugging information that it requires. SystemTap developer Frank Ch. Eigler has a long reply to many of the complaints in the thread. It seems clear that the SystemTap folks and the kernel hackers have not been communicating—there are solutions to many of the problems that were cited. They are in various states of readiness, but are mostly working. So SystemTap is most of the way there for kernel tracing as long as you are well-versed in kernel internals, but that has been true for some time. In order to get SystemTap to where it needs to be, the kernel hackers need to be involved. Building the infrastructure and waiting for tapsets to magically appear is not a recipe for success. The SystemTap hackers need to be engaging the kernel community, as well as distributions, to make the tool into something that gets used. SystemTap can use static probe points, kernel markers—merged into 2.6.24—but it is notable that no one has, as yet, made use of them. A concerted effort needs to be made to make the tool more usable for the kernel developers who can, in turn, help make it more usable for others. There is a clear problem when folks like Ts'o regularly try, but find it too difficult to be useful:
But maybe as more people try using it, they'll discover some of these
rough edges, and will start trying to fix it. Every couple of months,
I've tried using it, and because it [h]as so many rough edges, I've
normally found it less work to debug the kernel using manual methods
rather trying to make Systemtap work on my system and with my kernel
development workflow.
It is a commonly heard complaint that while SystemTap is difficult to use, DTrace "just works" for Solaris; Eigler responds:
Yeah, so I hear, but think about how different their target
environment is. Their kernel hardly changes (several fixed APIs,
ABIs): this has huge implications. Their kernel was willing to
insert probes (~ markers), a bunch of build system changes (debug
info subset transcribing). Here in linux land, we suffer
multifaceted tensions and it is hard to go toward a goal without
obstructions (well-meaning as they may be).
A bunch of third-party scripts are often conflated with "dtrace", which is just a matter of growing the user community enough, and giving them a good tool to build on top of. A growing set of runnable end-user scripts is already packaged with systemtap, intended for use by nonexperts, more help (e.g. concise problem statements about what you'd like to measure/see) would be welcome. Many administrators and other users of tracing facilities are not necessarily interested in kernel-level tracing, but would really like to be able to use the instrumented versions of things like PostgreSQL. That is in the plan according to Eigler: "We aim to piggyback on these efforts by reusing the dtrace instrumentation calls embedded into postgres etc., if at all possible." Until the rough edges can be smoothed on the kernel side, Bottomley wonders if it even makes sense to start considering user space:
Although there are
differing opinions about what systemtap could and should do, it's clear
that it's not working incredibly well for its design space: the kernel,
so talking about extending it to userspace is a premature.
DTrace sounds like a nice working solution that has many uses and many happy users. If one can ignore the self-congratulatory postings from its lead developer, it might be worth having in Linux, but that simply is not going to happen. Paul Fox is working on a port of DTrace to Linux, but that ignores the licensing realities that would never allow it to become part of Linux. It also ignores the difficult path a DTrace port would face getting merged into the mainline. (We hope to have an article from Mr. Fox on his DTrace porting work soon, stay tuned). For all of the talk out of Sun about how they would love to make DTrace a part of Linux, they clearly made a choice to ensure that could not happen. Even if any technical barriers were lifted, the CDDL is not compatible with the GPL. It is perfectly fine as a free software license, but if you wish to get things into Linux, they must be licensed in a GPL-compatible way. This was well understood at the time Sun freed Solaris, so this must have been a conscious decision. Given how much their marketing organization likes to tout DTrace, it would seem to be a choice that Sun is quite happy with. Linux will eventually get the tracing support it needs, in a way that is easily accessible to users, but it may take some time. Conversations like the recent one on ksummit-2008-discuss are an important part of getting there. It would appear that better support for the use cases of kernel developers will be forthcoming. It is mostly a matter of documentation along with simplifying some of the building and installation issues. Once the kernel hackers actually start using it, progress is likely to be fairly swift. This is the way free software development works; it generally does not track a straight path to a solution, but often wanders about in the solution space for a while. It is highly unlikely that a development like DTrace could have come about in the way that it did in a true community-developed operating system. For that you need everyone pulling in the same exact direction, which may be why Sun is reluctant to turn over much of the governance of Solaris to the community. That may help them develop things more quickly, because there will be fewer barriers, but it won't help them to foster the kind of development community that characterizes Linux.
Mozilla plans for Firefox 3 and beyond The gift wrap is scarcely off Firefox 3 and the Mozilla community is already looking toward its next update. The first alpha release of Firefox 3.1, codenamed Shiretoko, may be released as early as this month, while its final release might see the light of day by year's end. Let's take a look at where this popular Internet browser is headed in the coming months, and what new features users can expect to see. Several features were nearly included for Firefox 3.0 but didn't make the cut because they weren't completely ready. New features expected to be in version 3.1 include a history and bookmark organizer with unified search and smart folder capabilities, and visual tab switching that shows thumbnail images of the web sites opened in each tab when moused over, both of which were abandoned in lieu of other, more critical features. According to an email sent to the mozilla.dev.planning mailing list, Mozilla's Vice President of Engineering, Mike Schroepfer, says there are other features expected to make it into version 3.1. For instance, native JSON DOM bindings (preferred by web developers over its JavaScript counterparts), an improved Awesomebar, support for cross-site XMLHttpRequest for the development of more powerful web applications, and better system integration are a few of the features Mozilla is anxious to get into the hands of users. Schroepfer says, "This, along with the overall quality of Gecko 1.9 as a basis for mobile and the desire to get new platform features out to web developers sooner has [led us] to want to do a second release of Firefox this year." In the event a feature isn't ready for version 3.1's targeted ship date, Schroepfer says rather than hold the release, it will simply be included in the next major release instead. In a recent blog post, Schroepfer says the new decision to aim for shorter, date-driven release cycles is in large part due to Mozilla's desire to "deliver releases of the quality and impact of Firefox 3 with much greater frequency." More frequent indeed; the gap between the release of Firefox 2.0 and 3.0 was almost two years. Not surprisingly, Firefox 4 is expected to usher in a whole host of changes, not the least of which is the introduction of Mozilla2, "an extensive update to the Mozilla platform to feature highlights like ActionMonkey, the merge of Mozilla's JavaScript engine (SpiderMonkey) and Tamarin, Adobe's JavaScript virtual machine open-sourced in late 2006." Details of the features expected to ship with Firefox 4 are sketchy, but the Vice President of Mozilla Labs, Chris Beard, has two projects currently under development that he'd like to see included: Weave and Prism. Weave is similar to the wildly popular browser synchronization add-on, Foxmarks. While Foxmarks only syncs an individual's bookmarks across machines, Weave's goal is to replicate a user's entire browsing experience — including bookmarks, favorites, passwords, and preferences — no matter where they access the Internet. Prism takes aim at Google Gears by making browser functionality available even while offline. Previously known as WebRunner, Prism is based on an idea called site specific browsers (SSB) and is already implemented in Fluid for Mac OS X, Adobe Air, and Microsoft Silverlight. Prism team member Matthew Gertner explains, "Rather than running programs in normal web browsers like Firefox or Safari, wedged in a tab between New York Times articles and TechCrunch posts, each app is given its own dedicated browser, which is customized to include many of the desktop features that users know and love." For a taste of what Prism can do within Firefox 3, download this extension. Of course, one of the biggest questions on the minds of many people these days is: what's up with the mobile version of Firefox? Although it looks like there's a ways to go before Mobile Firefox turns up on your Razr or BlackBerry, the rapid release cycle of Firefox will help push the project along. Schroepfer says, "There are already devices shipping with early versions of Gecko 1.9 at the core. More are coming soon and we'll be releasing milestones of full branded versions of Firefox (with XUL and the Firefox team taking a lead in the user experience) later this year. This lines up well with Firefox 3.1 and a synchronized release schedule will make everything run more smoothly." The development team is working on sorting through some of the basic differences among mobile devices such as a touch screen versus non-touch screen interface, virtual versus tactile keyboards, and so on. If you're interested in trying out the prototypes, they're available on the team's wiki page. Firefox 3 has been downloaded more than 8 million times since its release on June 17th, and more than 90% of users download the latest version of the browser within 7 days of its release. Clearly, Firefox has a large and growing user base, no doubt due in large part to Mozilla's willingness to offer new and useful features in a timely fashion.
Netgear's open router Your editor was recently reminiscing about an early stage of his career, which involved the administration of a VAX 11/780 computer. The VAX was a highly successful product, as was its native operating system VMS. Quite a few VAX customers chose to do without VMS, though, and put early versions of BSD Unix on them instead. Digital Equipment Corporation never entirely appreciated those customers. To DEC, every BSD installation looked like a lost VMS service contract.The company should, instead, have seen those installations as an extra sale gained as a result of the VAX's ability to run a nice operating system. Almost 30 years later, some parts of the computing industry have come to understand that there is value in selling hardware which can run operating systems provided by others. Microsoft made that point in a big way, of course, but there are also significant parts of the industry which benefit from making systems which can run Linux - and, in particular, a version of Linux which is not necessarily supplied by the vendor. But other sectors still seem to see the ability for the customer to put (or replace) Linux on their systems the way DEC saw Unix in the early 1980's. They see no value in letting their customers make changes to their systems, choosing instead to lock those systems down and keep total control. Embedded systems are often singled out as an example of this type of behavior, and vendors of small routers tend to be especially inclined in this way. It is not a coincidence that a substantial portion of the high-profile GPL-enforcement cases to date have involved consumer-level routers. Some vendors, at least, are getting smarter and doing what they need to do to avoid licensing problems. But relatively few of them welcome customers who want to replace the software on "their" devices. There are exceptions, though, and their number just grew with this announcement from Netgear. The WGR614L router looks like a fairly straightforward consumer wireless router, with the usual set of features. LWN readers will doubtless be glad to hear that it is "Works with Windows Vista" certified. It has a four-port Ethernet switch, an 802.11g access point, and a mighty 240 MHz CPU and 16MB of RAM. All of the stuff one would expect from an inexpensive desktop device. But what makes this device interesting is that it's designed to be open and hackable. The source code for the factory-installed firmware is available from Netgear's community web site; it's amusingly packaged as a zip file containing a single, compressed tarball which, in turn, holds a bleeding-edge 2.4.20 kernel tree. But anybody wanting something a bit more contemporary and community-oriented can replace that firmware altogether with a package like Tomato or DD-WRT; indeed, Netgear almost seems to encourage its customers to do so. Every one of those customers then gets the benefit of the effort which has gone into the development of those router distributions - with little effort required on Netgear's part. Those customers can improve this platform and make their changes available to other customers; that makes Netgear's hardware more valuable. If there are bugs in the system, a single motivated customer can fix them and make those fixes available to everybody else. And all of this comes at almost no cost to Netgear. It is always fun to see Linux turn up in new places. It's now a routine experience to realize that one's new television, camcorder, music player, or automobile runs Linux. But locked-down, Linux-based devices are not far removed from the fully proprietary systems which preceded them. Whether or not one agrees that locking down systems in this way is legally or morally defensible, it's easy to conclude that it is undesirable. A Linux system which is cast in concrete loses a part of the vital energy which makes Linux what it is. So it is always a welcome development when a vendor decides to take a more open path. With any luck at all, the wider public will eventually realize that more open devices are more powerful devices, and, as a result, such devices will prove more successful. That is the path that brings us more control over our systems and, eventually, to World Domination.
Page editor: Jonathan Corbet Security Ruby security flaws expose release process problems Some serious integer overflows in the Ruby language were recently discovered and fixed, but the process has left some in the community unhappy about how it was done. One of the biggest problems was that the official patched versions of the language broke its signature application: Rails. The overflows may lead to arbitrary code execution which left some users in a quandary, trying to decide whether to close known holes in the language or to keep their web applications running. There still seems to be some question about whether the holes are exploitable or not, but one thing is abundantly clear: they were fixed in the public CVS several days before any kind of security announcement was made. It was made worse by referring to the CVE numbers in the commit message. For anyone looking for a possibly exploitable Ruby flaw—one that had yet to be publicly announced—that would be a glaringly obvious place to start. When a release and announcement went out, some of the versions specified would cause Rails, the web application framework, to segfault. No new updates have been posted to the Ruby language web site leaving distributions and users to fill in the gap. Some frantic scrambling can be seen on a thread on the ruby-talk mailing list as folks with production Rails applications cast about for solutions. Part of the problem may stem from the number of separate language versions the Ruby team is trying to support. Three stable versions (1.8.5, 1.8.6, and 1.8.7) as well as one development version (1.9.0) are all affected by these vulnerabilities. Unfortunately, all four of the updated packages had one or more problems that either didn't fix all of the vulnerabilities or broke Rails. Those are still the versions suggested as a fix as of this writing. The new versions were based on the latest code in the CVS tree which evidently had not been tested completely. There are several test suites available for Ruby and Rails that would have caught these problems, but they apparently were not run. It is certainly important to get security fixes out quickly, but introducing other vulnerabilities and/or incompatibilities with existing code is a rather high price to pay. As is waiting ten (and counting...) days for a proper fix from upstream. For the most part, Linux distributions have resolved the problem for themselves by either backporting the fixes into the version they already support or by fixing the updated version provided. For example, Fedora 9 has done three separate releases to fully resolve the problem, the first to upgrade to the suggested upstream version (1.8.6p230), a second to resolve a segfault introduced somewhere between p114 and p230, and a third to handle the problem of Rails being broken. There is some indication that the Ruby team does not consider the flaws to be exploitable for code execution but, if so, they are still clearly denial-of-service vulnerabilities. The continued silence, at least on the official website, should also give one pause. The release process for Ruby seems to have fairly serious holes in it. This has caused some to issue a plea for a release process on the ruby-core mailing list. In addition, Dominique Brezinski claims that these bugs or some that were closely related were disclosed several years ago (see comment 43) and essentially ignored at that time. This is disconcerting for a language that is being increasingly used in web applications and other internet-facing services. One can only hope that this incident will serve as a wake up call to the Ruby developers. Failing that, if additional incidents like this occur, it may instead serve as a wake up call for those who depend on Ruby.
Security news The web browser "insecurity iceberg" Stefan Frei and company have posted the results of a lengthy survey on web browser security, looking, in particular, at how many users were running versions without known vulnerabilities. "[W]e discovered that at most 83.3% of Firefox users, 65.3% of Safari users, 56.1% of Opera users, and 47.6% of Internet Explorer users were using the latest most secure browser version on any day between January 2007 to June 2008... Despite the single-click integrated auto-update functionality of Firefox, rather surprisingly, 16.7% Firefox users (one out of six) continue to surf the Web with an outdated version of the Web browser." But the real problem, they say, is with insecure plugins.
New vulnerabilities firefox: multiple vulnerabilities
kernel: multiple DoS vulnerabilities
libetpan: denial of service
motion: off-by-one error
mysql: privilege escalation
nasm: buffer overflow
perl: insecure use of chmod
sympa: denial of service
Page editor: Jake Edge
Kernel development Release status Kernel release status The current 2.6 development kernel remains 2.6.26-rc8; no 2.6 prepatches have been released over the last week.The current stable 2.6 kernel remains 2.6.25.9. The 2.6.25.10 update, with about a dozen fixes, is currently in the review process; it will probably be released on July 3.
Kernel development news Quotes of the week
Open source is rapid at progressing towards common goals ... it's
when the goals aren't common that progress gets bogged down.
-- James Bottomley
If we put stuff in sysfs then people WILL use it and we WILL need
to support it for ever. Pointing at some document and saying "call
my lawyer" just won't cut it. sysfs is part of the kernel ABI. We
should design our interfaces there as carefully as we design any
others.
-- Andrew Morton
I hope that nothing I ever say holds back our developers or
community from doing what is right. I did not realize that the GNU
and Linux kernel hackers were such dutiful slaves.
-- Theo de Raadt
Ext4 hacker Ted Ts'o converts his laptop A big step in the development of a new filesystem is when the developers feel confident enough to start trusting their data to it. For ext4, it appears we have reached that point as Ted Ts'o has switched his laptop to use it. "So far I’ve found one bug as a result of my using ext4 in production (if delayed allocation is enabled, i_blocks doesn’t get updated until the block allocation takes place, so files can appear to have 0k blocksize right after they are created, which is confusing/unfortunate), but nothing super serious yet. I will be doing backups a bit more frequently until I’m absolutely sure things are rock solid, though!"
Making power policy just work The sched_mc_power_savings parameter (cleverly hidden under /sys/devices/system/cpu) was introduced in the 2.6.18 kernel. If this parameter is set to one (the default is zero), it changes the scheduler load balancing code in an interesting way: it makes an ongoing effort to gather together processes on the smallest number of CPUs. If the system is not heavily loaded, this policy will result in some processors being entirely idle; those processors can then be put into a deep sleep and left there for some time. And that, of course, results in lower power consumption, which is a good thing.Vaidyanathan Srinivasan recently noted that, while this policy works well in a number of situations, there are others where things could be better. The sched_mc_power_savings policy is relatively conservative in how it loads processes onto CPUs, taking care to not overload those CPUs and create excessive latency for applications. As a result, the workload on a large system can still end up spread out more widely than might be optimal, especially if the workload is bursty. In response, Vaidyanathan suggests making the power savings policy more flexible, with the system administrator being able to select a combination of power savings and latency which works well for the workload. On systems where power savings matters a lot, a more aggressive mode (which would pack processes more tightly into CPUs) could be chosen. This suggestion was controversial. Nobody disputes the idea that smarter power savings policy would be a good idea. But there is resistance to the idea of creating more tuning knobs to control this policy; instead, it is felt, the kernel should work out the optimal policy on its own. As Andi Kleen puts it:
Tunables are basically "we give up, let's push the problem to the
user" which is not nice. I suspect a lot of users won't even know
if their workloads are bursty or not. Or they might have workloads
which are both bursty and not bursty.
There are a couple of answers to that objection. One is that the system cannot know, on its own, what priorities the users and/or administrators have. Those priorities could even change over time, with performance being emphasized during peak times and low power usage otherwise. Additionally, not all users see "performance" the same way; some want responsiveness and low latency, while others place a higher priority on throughput. If the system cannot simultaneously optimize all of those parameters, it will need guidance from somewhere to choose the best policy. And that's where the other answer comes in: that guidance could come from user space. Special-purpose software running on large installations can monitor the performance of important applications and adjust resources (and policies) to get the desired results. Or, in a somewhat different vision, individual applications could register their performance needs and expected behavior. In this case, the kernel is charged with somehow mediating between applications with different expectations and coming up with a reasonable set of policies. In the middle of all this, it was pointed out that a mechanism by which expectations can be communicated to the kernel already exists: the nice level (priority) associated with each process. In a simple view of the world, a process's nice level would tell the kernel how to manage it with regard to power savings; on a system with a number of niced processes, those processes would be gathered onto a subset of processors during period of relatively low activity. In essence, this policy says that it is not worthwhile to power up more processors just to give better throughput to low-priority processes. It does not take long, though, to come up with situations where the use of nice levels leads to the wrong sort of results. Peter Zijlstra observed that he has niced processes (created with distcc) which should have access to all of the CPU power available, but which should not contend with interactive processes on the same system. In such cases, those processes should have a high nice value with regard to CPU usage, but that should not interfere with their ability to move onto idle CPUs, if any exist. So the answer may take the form of a separate "powernice" command which would regulate a process's priority when it comes to causing the system to draw more power. Nice levels may (or may not) prove to be sufficient information to let the system choose an optimal power policy. But it will be some time before anybody really knows that; work on optimizing power usage - especially on server systems - is not in an advanced state. So pressure to add tuning knobs for power policies may continue, for one simple reason: people want ways of experimenting with different policies and seeing what the results are. Until we really know what the effects of different policies are - on both power usage and system performance - it will be hard to build a system which can choose an optimal policy on its own.
TASK_KILLABLE Like most versions of Unix, Linux has two fundamental ways in which a process can be put to sleep. A process which is placed in the TASK_INTERRUPTIBLE state will sleep until either (1) something explicitly wakes it up, or (2) a non-masked signal is received. The TASK_UNINTERRUPTIBLE state, instead, ignores signals; processes in that state will require an explicit wakeup before they can run again.There are advantages and disadvantages to each type of sleep. Interruptible sleeps enable faster response to signals, but they make the programming harder. Kernel code which uses interruptible sleeps must always check to see whether it woke up as a result of a signal, and, if so, clean up whatever it was doing and return -EINTR back to user space. The user-space side, too, must realize that a system call was interrupted and respond accordingly; not all user-space programmers are known for their diligence in this regard. Making a sleep uninterruptible eliminates these problems, but at the cost of being, well, uninterruptible. If the expected wakeup event does not materialize, the process will wait forever and there is usually nothing that anybody can do about it short of rebooting the system. This is the source of the dreaded, unkillable process which is shown to be in the "D" state by ps. Given the highly obnoxious nature of unkillable processes, one would think that interruptible sleeps should be used whenever possible. The problem with that idea is that, in many cases, the introduction of interruptible sleeps is likely to lead to application bugs. As recently noted by Alan Cox:
Unix tradition (and thus almost all applications) believe file
store writes to be non signal interruptible. It would not be safe
or practical to change that guarantee.
So it would seem that we are stuck with the occasional blocked-and-immortal process forever. Or maybe not. A while back, Matthew Wilcox realized that many of these concerns about application bugs do not really apply if the application is about to be killed anyway. It does not matter if the developer thought about the possibility of an interrupted system call if said system call is doomed to never return to user space. So Matthew created a new sleeping state, called TASK_KILLABLE; it behaves like TASK_UNINTERRUPTIBLE with the exception that fatal signals will interrupt the sleep. With TASK_KILLABLE comes a new set of primitives for waiting for events and acquiring locks:
int wait_event_killable(wait_queue_t queue, condition); long schedule_timeout_killable(signed long timeout); int mutex_lock_killable(struct mutex *lock); int wait_for_completion_killable(struct completion *comp); int down_killable(struct semaphore *sem); For each of these functions, the return value will be zero for a normal, successful return, or a negative error code in case of a fatal signal. In the latter case, kernel code should clean up and return, enabling the process to be killed. The TASK_KILLABLE patch was merged for the 2.6.25 kernel, but that does not mean that the unkillable process problem has gone away. The number of places in the kernel (as of 2.6.26-rc8) which are actually using this new state is quite small - as in, one need not worry about running out of fingers while counting them. The NFS client code has been converted, which can only be a welcome development. But there are very few other uses of TASK_KILLABLE, and none at all in device drivers, which is often where processes get wedged. It can take time for a new API to enter widespread use in the kernel, especially when it supplements an existing functionality which works well enough most of the time. Additionally, the benefits of a mass conversion of existing code to killable sleeps are not entirely clear. But there are almost certainly places in the kernel which could be improved by this change, if users and developers could identify the spots where processes get hung. It also makes sense to use killable sleeps in new code unless there is some pressing reason to disallow interruptions altogether.
Some development statistics for 2.6.26 - and beyond When 2.6.26-rc1 was released, your editor noted that, at a mere 7500 commits, it looked like 2.6.26 would be a smaller than usual development cycle. Interestingly, though, 2.6.26 has caught up. As of this writing (waiting for 2.6.26-rc9), this development cycle has incorporated 10,102 changesets for a net addition of 169,439 lines of code to the kernel. That makes it still significantly smaller than 2.6.25, but it is, by no means small. The developer base remains as broad as ever: 1065 developers (representing some 150 companies) have contributed to 2.6.26; just over 1/3 of those developers contributed one single changeset.The 2.6 development model says that the bulk of the changes should be merged during the merge window (before the -rc1 release), with only fixes coming thereafter. Here's how things break down for recent releases:
So, while the bulk of the big patches enter the kernel during the merge window, at least 25% of the total - and often more - come thereafter. That's a lot of fixes. So who were the most active developers this time around? Here's the top 20:
In terms of the number of changesets merged, Harvey Harrison got to the top of the list with a wide variety of of janitorial fixes. Bartlomiej Zolnierkiewicz continues to put significant effort into cleaning up the IDE subsystem, even though most distributors have moved away from that code and are using the newer PATA layer instead. Glauber Costa has been tirelessly working in the x86 architecture code; in particular, he continues to work toward the goal of unifying the 32-bit and 64-bit code to the greatest extent possible. Adrian Bunk has made a career of cleaning up the code base and eliminating unneeded code. And Joe Perches dedicated much time to eliminating warnings from the checkpatch.pl script. There have been complaints from the developers that the volume of "cleanup" patches is reaching a point that it is drowning out the rest and interfering with "real work." We're seeing some of that volume here, with three of the top five changeset contributors doing cleanup work - some of which is seen to be more valuable than the rest. On the lines changed side, we see a mostly different set of developers. In this case, the top slots were earned by deleting code. Stephen Hemminger finally succeeded in getting rid of the old sk98lin driver. Adrian Bunk tore out the bcm43xx driver, the ieee80311 software MAC layer, the xircom_tulip_cb driver, and various other bits and pieces. David Miller removed a bunch of old SPARC code, but replaced it with various other facilities; he also took the PowerPC low-level memory manager and made it generic. Steven Toth works in the Video4Linux layer; he added some new drivers and a bunch of cleanups. Ben Hutchings added the Solarstorm SFC4000 driver. When one thinks about 2.6.26 features, the things that come to mind include KGDB, almost-ready network namespaces, almost-ready mesh networking support, a working (shall we say "almost ready"?) realtime group scheduler, read-only bind mounts, page attribute table support, the object debugging infrastructure, and, of course, the vast pile of new drivers. One has to look hard to find the developers behind that work in the lists above (some of them are certainly there). Which just reinforces an important point: there is interest and information in counting changesets and lines changed, but the correlation between those numbers and serious accomplishments in kernel programming is weak at best. Unfortunately, "real work" is awfully hard to measure in any sort of automated way. So what the heck; we'll go back to the numbers we can measure. Here's the most active companies for 2.6.26:
This list tends not to change too much from one release to the next; in particular, the top companies are always the same. If we look at who is attaching Signed-off-by tags to code they didn't write, we get a sense for who the gatekeepers to the kernel are. These are the developers and companies who are herding code into the mainline:
Once again, these numbers tend not to change that much from one development cycle to the next. Subsystem maintainers do not change often.
What's next?This is the first full development cycle where the linux-next tree was in operation. At this stage in the cycle, linux-next should look very much like 2.6.27 - or, at least, 2.6.27-rc1. Your editor pulled the July 2 linux-next tree and ran some statistics; this tree contains 6527 changesets from 619 developers. Just over 400,000 lines of code are touched, with a net addition of 38,000 lines. If linux-next is to be believed, the most active 2.6.27 developers will be:
These numbers reflect a number of the larger developments which can be expected for 2.6.27: incredible amounts of KVM work, the merging of the UBIFS filesystem, the ftrace tracing framework, a lot of reworking of the TTY layer, a lot of firmware thrashing, and ongoing big kernel lock removal work. It will be most interesting to see how these numbers compare with what actually shows up in 2.6.27-rc1. Recent numbers suggest that quite a few patches will hit the mainline without having been in the linux-next tree - either that, or 2.6.27 will be a relatively small release. If nothing else, we will see which developers do not yet get their work into linux-next for integration testing ahead of the merge window.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Kernel building
Memory management
Networking
Architecture-specific
Security-related
Virtualization and containers
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions News and Editorials A look at openSUSE 11.0 openSUSE 11.0 was released about two weeks ago, to generally good reviews. TuxMachines ran some lighthearted tests last fall and again recently, comparing the latest Mandriva release with the latest openSUSE release. This time around openSUSE edged out Mandriva in a near tie. Other good reviews can be found on LinuxPlanet, DownloadSquad and many other places around the web.There are plenty of options for getting a hold of this release. You can buy a boxed set, an option that has all but disappeared from the Linux distribution scene. The box comes with complete end-user documentation, installable media for 32 Bit and 64 Bit systems, plus 90 days of end-user installation support. Most people will probably download the release in one form or another. Chose from the 32-bit, 64-bit or PowerPC platforms. Get a DVD, a Live CD or use a network install. The live CD comes in a GNOME or a KDE version. There's plenty of documentation online to go along with that; release notes, the openSUSE 11.0 startup document and the step-by-step installation guide. The KDE live CD only contains KDE 4. If you would prefer KDE 3.5, it is available on the DVD or the network install. Benjamin Weber has a blog post on the inclusion of KDE4. "There should be a KDE3.5 installable livecd. This was not produced as there were insufficient resources to produce and test three installable livecds. Someone can always step up and help produce one." Xfce 4.4 is also available for those who want something lighter than either GNOME or KDE. Other applications available in this release include Firefox 3.0, OpenOffice.org 2.4, Banshee 1.0 and Wine 1.0. KIWI LTSP is the LTSP5 implementation on openSUSE. The previous openSUSE release added Giver, an easy GTK+ file-sharing tool. This release includes Kepas, a KDE application for file-sharing. Underneath all that you'll find Linux 2.6.25.4, AppArmor 2.3, Xen 3.2.1 RC1, Alsa 1.0.16, glibc 2.8 branch, binutils 2.18.50 SVN, cmake 2.6, gcc 4.3 branch, gdb 6.8, Perl 5.10, ConsoleKit 0.2.10, CUPS 1.3.7, D-Bus 1.2.1, NetworkManager 0.7 SVN, PackageKit 0.2.1, PolicyKit 0.7, PulseAudio 0.9.10, Samba 3.2pre2 and X.org 7.3. These and other highlights are listed here. Those familiar to openSUSE will notice that the installer and the package management have been overhauled for this release. Also NetworkManager has been improved and should autodetect an EVDO card without any major problems. Of course it's impossible to squash all bugs, but the Most Annoying Bugs 11.0 list is quite short and most have workarounds. All in all, this looks like a great release for openSUSE.
New Releases The first Ubuntu "Intrepid" alpha release The first alpha release of Ubuntu 8.10 is available for especially brave testers. "The primary changes from Hardy have been the re-merging of changes from Debian and the upgrade of the Linux kernel to a pre-release version of 2.6.26." See the Intrepid blueprints page for a summary of the goals for the 8.10 release.
Novell Client for Linux Public Beta for openSUSE 10.3 The public beta of the Novell Client for Linux 2.0 SP1 is available for openSUSE 10.3. "A number of openSUSE users have expressed interest in having the client packaged for openSUSE, so our developers have been working on building the client against openSUSE. Please download the package and give it a try on your systems." A package for openSUSE 11.0 is in works.
Launchpad 1.2.6 released The latest release of Launchpad is out. This release features two improvements to code review, including an email interface, a new interface for bugs, translations and distribution pages, and more control code imports.
Distribution News Debian GNU/Linux Debian teams survey results Debian project leader Steve McIntyre summarizes the results of a survey he conducted about how well the various Debian teams are working and communicating. "As I hoped to find, the vast majority of the respondents said they were having fun working on Debian. That's not unexpected, but it's nice to confirm this. A few people responded to say 'I have fun doing Debian work, but would have even more fun doing it if I had more time.' Quite a number said they're enjoying working with friends, doing cool technical stuff but are less happy about our mailing lists and IRC channels when they devolve into flamewars." Click below for the full summary.
Fedora Fedora Board Recap 2008-JUN-24 The June 24 meeting of the Fedora Board welcomes new board members, looks at FUDCon Boston, and contains several other topics.
Final Fedora Board appointment Chris Tyler has been selected to fill the final seat on the Fedora Project Board. "Many of you may know Chris from his "Fedora Daily Package" website, or his work at Seneca College on open source curricula, or as author of O'Reilly's "Fedora Linux" book."
Fedora Release Engineering Meeting Recap 2008-06-30 The June 30 Fedora Release Engineering meeting included discussions of F9 Spins and F10 release naming.
SUSE Linux and openSUSE openSUSE 11.1 Roadmap posted Now that openSUSE 11.0 is out, the project is looking forward to the 11.1 release. It's planned for December 18, and includes GNOME 2.24, KDE 4.1, and the 2.6.27 kernel. "Want to get involved? The start of a release cycle is a great time to get involved in openSUSE development."
Distribution Newsletters Ubuntu Weekly Newsletter #97 The Ubuntu Weekly Newsletter for June 28, 2008 covers: Ubuntu 8.04.1 freeze proposed, Intrepid Alpha 1 released, a new Universe contributor, Brainstorm updates, Ubuntu Women project status, new Ubuntu members, LoCo news, Launchpad news, Ubuntu Forums news, Full Circle Magazine #14, UK podcast #8, and much more.
OpenSUSE Weekly News/28 This edition of the OpenSUSE Weekly News looks at GNOME Helping Hands Project Launches, People of openSUSE: Tanja Roth, Masim Sugianto: How to Make openSUSE 11.0 GM Live USB, Benjamin Weber: openSUSE 11.0 KDE4 inclusion, tuxmachines.org: Battle of the Titans - Mandriva vs openSUSE: The Rematch, and more.
Gentoo Monthly Newsletter The Gentoo Monthly Newsletter for June 30, 2008 looks at the Gentoo Trustees meeting summary, the Council meeting summary, Germany: LinuxTag 2008, Venezuela: FliSoL 2008, Interview: Google Summer of Code Student Nirbheek Chauhan, Gentoo Linux Headed for Space!, and several other topics.
Fedora Weekly News Issue 132 The Fedora Weekly News for June 8, 2008 looks at Fedora Board election results, kdebindings -> PyKDE4 split, ScreenCast on Miro updates, and much more.
DistroWatch Weekly, Issue 259 The DistroWatch Weekly for June 30, 2008 is out. "You've seen it too - a recent Linux convert, used to clicking on executable files to install software, is often shocked to discover that Linux distributions use dedicated package managers to install and remove applications. But with a large number of distributions and philosophies, which is the best tool on the market? And how do they differ in terms of usability and convenience? If you are a new Linux user then our article explaining the various package management options is a must-read. In the news section, openSUSE developers defend their inclusion of KDE 4 into the recently released openSUSE 11.0, Mandriva cancels the first alpha release of version 2009 due to problems with X.Org, Debian completes the security infrastructure for the upcoming release of Debian "Lenny", and Ubuntu unveils the first developers' build of the new MID edition for mobile Internet devices. Also in this issue: a link to an interview with Zenwalk's Jean-Philippe Guillemin, a review of the upcoming Acer Aspire One and a round-up of rescue live CDs based on Linux."
Arch Linux Newsletter The Arch Linux Newsletter for July 1, 2008 is out. "This past month has been great for the open source world, we have seen many great application releases this month. For example, Firefox 3.0, Wine 1.0, even Arch Linux 2008.06 are notable among other great software releases. I hope you are enjoying your Arch Linux system as much as I am. The open source world is always moving; we are still waiting for other wonderful releases like KDE 4.1, a highly anticipated release for those of you that like the K Desktop Environment."
Miscellaneous Articles Ubuntu MID makes Linux upwardly mobile (iTWire) iTWire looks at Ubuntu MID. "Ubuntu Linux owner Canonical has launched Ubuntu into the realm of mobile Internet devices with a release called Ubuntu MID. The new version of arguably the world's most popular desktop Linux distribution initially targeted the Samsung Q1U though the OS also runs on Intel's Atom-based Crown Beach development system. Ubuntu MID 8.04 is a developer release, but the software is expected to start to ship on commercial devices by the end of the year."
Interviews Interview with Jean-Philippe Guillemin, Zenwalk's creator (OneOpenSource) OneOpensource has an interview with Jean-Philippe Guillemin, creator of the Slackware based Zenwalk distribution.
Why did you decide to develop Zenwalk? What's wrong with Slackware?
I started the Zenwalk project (formerly Minislack) as a way to learn the internals of GNU-Linux. Building an operating system is a great way to understand IT deeply because you're on your own to solve the problems when things don't work as expected. In my opinion Slackware is the best Linux "Distribution" in the world (a "Distribution" is a collection of applications and GNU tools, compiled on top of the Linux kernel and the Glibc). Slackware is fast, reliable, secure, up to date, and built with respect for the Unix spirit. Thanks to Patrick Volkerding, the Slackware founder and maintainer, for his hard work. Zenwalk is not really designed to be a "GNU Linux Distribution", rather a "GNU-Linux Operating System". When you install Zenwalk, you immediately get one application for each task, optimized and ready to use, along with a refined look and feel. The pre-selected packages are carefully chosen by Zenwalk developers to provide the user with only the best and most usable applications.
Distribution reviews Open Source Data Recovery Tools To The Rescue (InformationWeek) InformationWeek looks at several Linux Live recovery tools. "Disasters happen to the best of computers. Luckily, open source apps like SystemRescueCD, dd, Partedmagic, BackTrack, Security Tools Distribution, Helix, and TestDisk can help recover important data and bring dead systems back to life."
Mandriva Linux - Wonderful and Maddening (ZDNet blog) J.A. Watson takes a look at Mandriva 2008 Spring. "Mandriva seemed to do an excellent job of identifying and loading drivers for the hardware in my Lifebook S2110 (AMD Turion 64) laptop. It got the ATI Radeon 200M video and the Atheros Wireless right (although I haven't had a chance to test the wireless setup yet), it handled the Logitech Alto USB hub with no problem, and it even recognized and configured the Logitech V-20 speakers that are connected to the Alto. Of course it got the Alto cordless keyboard right, and the Logitech VX Nano mouse, also connected to the Alto."
Page editor: Rebecca Sobol
Development The OLPC project releases 10GB of sound samples The One Laptop Per Child project recently released a large collection of sound samples:
Loops, Grooves, Licks, Stings, Hits, Pads, Melodic Motives/Themes/Phrases, Sound-Effects, City and Country Soundscapes, Motors, Machines, Toys, Guns, Explosions, Swords, Armor, Cars, Jets, Pot & Pans, Acoustic and Synthetic Noises, Acoustic and Electronic Drums, Voices, Western and World Instruments, Real and Human Animals, Industrial and Natural Ambiences, Film and Game Foley, and more, more, more! This huge collection of new and original samples have been donated to Dr. Richard Boulanger @ cSounds.com specifically to support the OLPC developers, students, XO users, and computer and electronic musicians everywhere. They are FREE and are offered under a CC-BY license for downloading and use in your teaching, your demos, your research, your music, your remixes, your songs, your games, your videos, your slideshows, your websites, and your XO activities.
![[OLPC]](/images/ns/olpclogo.png)
The sample collection comes from a number of sources including the Open Path Music recording label, Zenph Studios (a musical software company), the Berklee College of Music, the Berklee Music Synthesis Alumni, Berklee Shares.com, the Worldwide Community of Csound Developers, Teachers and Users and Dr. Richard Boulanger. The sample collection is somewhat random in nature, there are similarities in the material from the various sources such as many single notes from common musical instruments. The recording quality tends to be decent, although a percentage of the sound samples have audible hum, hiss, aliasing issues and rough beginnings or endings. All of the samples are recorded in mono and are available in several sample rates. The samples have also had their volumes normalized. An obvious improvement to the collection would involve compressing the samples with FLAC to save disk space. The majority of the samples have durations of a few seconds or less, there are a number of long selections from long ambient recordings or groupings of short sounds. The sound descriptions for the various collections are somewhat generic, the best way to get a good understanding of the entire library is to download a group of sub-collections and play through the various sounds. Having a few gigabytes of empty disk space is a good idea. Unleashing a random audio file player on the collection can be amusing, if somewhat annoying after a while. Your editor listened to a random selection from the first seven sections from the Berklee College of Music Sampling Archive, the collection is quite diverse. One can imagine a number of possible uses for such a large library of sounds. Adding audio to games is an obvious use for the sounds. One could create accessibility applications for the visually impaired. In keeping with the OLPC theme, a teacher could sort through the sounds and use them for educating children about animals, musical instruments and other things that they may not experience in daily life. On the artistic side, the samples could be put to good use making audio tracks and movies. With the appropriate sample playing software, new and interesting musical instruments could be created. If your software project has a need for some open-licensed audio clips, the OLPC collection is a good source. Producing a large collection of sounds such as this would involve many hours of work.
System Applications Database Software MySQL 6.0.5 Alpha released Version 6.0.5 Alpha of the MySQL DBMS has been released. "MySQL 6.0.5-alpha, a new version of the MySQL database system including the Falcon transactional storage engine, has been released."
PostgreSQL Weekly News The June 29, 2008 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
Embedded Systems Busybox 1.11.0 and 1.10.4 are out Versions 1.11.0 and 1.10.4 of Busybox, a collection of command line utilities for embedded systems, have been announced, these are primarily bug fix releases.
Security New libnfnetlink and libnetfilter libraries released New versions of libnfnetlink and the libnetfilter libraries have been announced. "The netfilter project proudly presents: * libnfnetlink-0.0.39 * libnetfilter_conntrack-0.0.95 * libnetfilter_queue-0.0.16 * libnetfilter_log-0.0.14 This release set includes bugfixes for the userspace netfilter libraries. See ChangeLog for more details. Upgrade is recommended."
ratproxy - a passive web application security assessment tool The ratproxy project has been open-sourced. "I am happy to announce that we've just open sourced ratproxy - a free, passive web security assessment tool. This utility is designed to transparently analyze legitimate, browser-driven interactions with tested web applications - and automatically pinpoint, annotate, and prioritize potential flaws or areas of concern on the fly."
Web Site Development nginx 0.7.5 released Version 0.7.5 of the nginx web server has been announced, it adds some new bug fixes. See the CHANGES file for details.
Desktop Applications Accessibility Accelerator 2.0.0 released Version 2.0.0 of Accelerator is out with a change of algorithm. "Accelerator is a GUI program that shows where keyboard accelerators should go in menu option texts and dialog labels. The program instantly produces optimal results on the basis that the best accelerator is the first character, the second best is the first character of a word, the third best is any character, the worst is no accelerator at all, and no accelerator should be used more than once. With this program developers can help improve usability for users who can't use the mouse and for fast typists who don't want to use the mouse."
Audio Applications jack_capture 0.9.17 is available Version 0.9.17 of jack_capture, a program for recording soundfiles with the JACK Audio Connection Kit, has been announced. This release adds some new capabilities and fixes some bugs.
Data Visualization Graphite - Enterprise Scalable Realtime Graphing Graphite is a Python-based graph plotting system. From the FAQ: "Graphite is a highly scalable real-time graphing system. As a user, you write an application that collects numeric time-series data that you are interested in graphing, and send it to Graphite's processing backend, carbon, which stores the data in Graphite's specialized database. The data can then be visualized through graphite's web interfaces."
Desktop Environments GNOME Software Announcements The following new GNOME software has been announced this week:
KDE Commit-Digest (KDE.News) The May 25, 2008 edition of the KDE Commit-Digest has been announced. The content summary says: "In this week's KDE Commit-Digest: Marble gets "temperature" and "precipitation" maps, and a "stars" plugin. More work on "fuzzy searches" in Digikam. Konqueror gets support for crash session recovery and session management. Runners can now be managed using a KPluginSelector-based dialog, and attention-blinking support in Plasma..."
KDE Software Announcements The following new KDE software has been announced this week:
Xorg Software Announcements The following new Xorg software has been announced this week:
Games Update on Python-based Second Life client library A new release of pyogp, the Python-based Second Life client, is out. "Pyogp is the Python-based library being developed by Linden Lab, makers of Second Life, and the programming community of the users of Second Life under the auspices of the SL Architecture Working Group, in order to test and implement open protocols designed to allow anyone to create their own virtual world servers and clients compatible enough with Second Life so that avatars can travel to and from SL and other virtual worlds, keeping identity and inventory intact."
WOMBAT 0.0.1 released The WorldForge game project has announced the initial release of WOMBAT. "The WorldForge team is proud to present the first release of WOMBAT, the WorldForge Open Media Browser/Archive Tool. WOMBAT aims to improve the user experience browsing our media repository by providing a nice web front-end and, in later versions, search (and maybe even upload) features."
GUI Packages wxPython 2.8.8.0 released Version 2.8.8.0 of wxPython, a Python interface to the wxWindows GUI toolkit, has been announced. "This release has had a number of further refinements and enhancements on the stable 2.8 source tree since the previous release."
Imaging Applications Perceptual Diff: 1.0.2 Released (SourceForge) Version 1.0.2 of Perceptual Diff has been announced. "PerceptualDiff is an image comparison utility that compares two images using a perceptual metric. That is, it uses a computational model of the human visual system to determine if two images are visually different, so minor changes in pixels are ignored. This version of perceptual diff has the file IO changed to use FreeImage so it supports a lot more file formats than before. Thanks for Jim Tilander for the patch."
Interoperability Wine 1.1.0 released Development release version 1.1.0 of Wine has been announced. Changes include: Many more gdiplus functions implemented. Improved graphics tablet support. Many Richedit fixes and improvements. Support for HWND_MESSAGE windows. A lot of new MSHTML functions. Many fixes in MSI registry handling. Initial implementation of the inetmib1 DLL. Improvements to the quartz renderers. Various bug fixes.
Mail Clients Claws Mail 3.5.0 unleashed Version 3.5.0 of Claws Mail has been announced, many new features and some bug fixes are included.
Medical Applications HealthCloud CHMED Developer API Public Beta available (LinuxMedNews) LinuxMedNews has announced the availability of a beta version of the HealthCloud CHMED Developer API. "If you have followed our previous posts on an open source medications database ClearHealth you are already aware that we now operate a fully public domain data resource regarding medications for use with our ClearHealth system. We have been struggling with a way to make this available and relevant for a wide audience for use in many applications and have now completed the beginning of that effort."
Multimedia MediaInfo: 0.7.7.3 released (SourceForge) Version 0.7.7.3 of MediaInfo has been announced. "MediaInfo supplies technical and tag information about video or audio files (MPEG-PS/MPEG-TS/Bluray/HD-DVD/MKV/AVI/MOV/MPEG1, 2, 4/M4A/M4V/MP3/AAC/RM/DV/...) There are several versions: Graphical interface, Command line, or DLL for third-party software developers (like emule). GUI is multi-language. In this minor release: better detection for complex MPEG-TS streams, small GUI improvements."
Office Suites OpenOffice.org Newsletter The June, 2008 edition of the OpenOffice.org Newsletter is out with the latest OO.o office suite articles and events.
OxygenOffice Professional: 2.4.1 (SourceForge) Version 2.4.1 of OxygenOffice Professional, an enhanced version of OpenOffice.org, has been announced. "This release contains bugfixes and security fixes. It is highly recommended to update to this version."
Web Browsers Firefox 2.0.0.15 available for download Version 2.0.0.15 of the Firefox web browser has been announced. "As part of Mozilla Corporation's ongoing stability and security update process, Firefox 2.0.0.15 is now available for Windows, Mac, and Linux for free download from http://www.mozilla.com/firefox/all-older.html. We strongly recommend that all Firefox users upgrade to this latest release."
NSS 3.12 is released Version 3.12 of Network Security Services (NSS), a set of libraries designed to support cross-platform development of security-enabled client and server applications on Firefox, has been announced. Several new capabilities have been added.
Languages and Tools Caml Caml Weekly News The July 1, 2008 edition of the Caml Weekly News is out with new articles about the Caml language.
Haskell Haskell Weekly News The June 25, 2008 edition of the Haskell Weekly News is online. This week features Google Summer of Code projects, a new release of Pugs, and more.
Perl This Week on perl5-porters (use Perl) The June 14-20, 2008 edition of This Week on perl5-porters is out with the latest Perl 5 news.
Python ConfigObj version 4.5.3 released Version 4.5.3 of ConfigObj, a Python module for reading and writing config files, is out. "This version is a minor bugfix release. It fixes a relatively obscure bug, where an exception could be raised when validating a config file with 'copy=True' and '__many__' sections."
Docutils 0.5 released Version 0.5 of the Python Docutils is out with some new capabilities.
Tcl/Tk Tcl-URL! - weekly Tcl news and links The June 26, 2008 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.
Tcl-URL! - weekly Tcl news and links The July 2, 2008 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.
Debuggers Interfacing with the CDT debugger, Part 2 (IBM developerWorks) IBM developerWorks has published part two in a series on the Eclipse C/C++ Development Tooling. "The graphical debugging environment provided by Eclipse C/C++ Development Tooling (CDT) is about as good as it gets, displaying breakpoints, watchpoints, variables, registers, disassembly, signals, and memory contents. You can add new capabilities to this environment or access these views to display output from a custom debugger. But first, you need to understand the C/C++ Debugger Interface (CDI) and how it communicates with Eclipse."
Version Control GIT 1.5.6.1 is available Version 1.5.6.1 of the GIT distributed version control system has been announced, it includes a number of bug fixes.
Miscellaneous 3-way-diff-overview: diff3-ov v0.32 released (SourceForge) Version 0.32 of diff3-ov has been announced. "diff3-ov is a tool, written in perl/Tk, which should help you in the process of performing a 3-way-diff and merge on large Software-Projects. diff3-ov gives you an overview (in a graphical way/as a html/csv-table) of the whole project, where you have to expect merging-activities on changed areas and therefore have to allocate experts. This new version includes several small changes, bugfixes and GUI-enhancements (still ugly...), and now is also able to detect files that are changed the same by the different parties (usually when patches are exchanged)."
Page editor: Forrest Cook
Linux in the news Recommended Reading Google's Open Source Android OS Will Free the Wireless Web (Wired) Wired has posted a lengthy feature about Android. "Among the contact management systems and shopping tools, there were applications that truly fulfilled Android's promise, particularly in their use of location awareness, social networking, and cloud computing. One developer offered up Jamdroid, a program that you turn on in your car to feed real-time traffic data to a central server; the info is then compiled and beamed to other Jamdroid users, crowdsourcing road conditions. LifeAware tracks friends or family, plotting them on a map and alerting the user when, say, a kid leaves a preset area. E-ventr mashes up evites and Google Maps to organize parties on the fly. BreadCrumbz lets you share photo-enhanced driving and walking routes with the world. Already, Android has half as many outside applications as RIM's BlackBerry platform and about 10 percent the number offered for Windows Mobile at Handango, a leading application download site — and that's still months before it launches."
I hate Linux Graphics (Linux Hater's Blog) The Linux Hater's Blog has a rant on the state of 3D graphics in Linux. "Alright, so as soon as I started bitching about graphics, my coworker, lets just call him Linux Graphics Hater (warm applause everyone! ready those tomatoes!), went off on a rant the technical reasons why open source ATI and intel drivers still suck ass. He also corrected me that nvidia might actually be making money from some of these linux drivers. Good for them, but as long as they're still kind of hiding the fact that they're only really doing it for their paying customers, I think it supports my overall point." (Thanks to Bob Miller)
Companies Nvidia Reiterates Position on Closed Source Driver (OSnews) OSnews reports on video card manufacturer Nvidia's plans to keep their drivers closed. "Nvidia, which delivers probably the most prominent closed-source Linux driver, has reiterated its position concerning this matter. ZDNet's Paula Rooney contacted Nvidia for an official response to the statement - and she got one. "NVIDIA supports Linux, as well as the Linux community and has long been praised for the quality of the NVIDIA Linux driver. NVIDIA's fully featured Linux graphics driver is provided as binary-only because it contains intellectual property NVIDIA wishes to protect, both in hardware and in software.""
Red Hat net profit rises, expects steady growth (Forbes) Forbes covers the latest Red Hat financial stats. "Red Hat Inc, the world's largest publicly traded provider of Linux software, reported Wednesday a quarterly profit that met Wall Street expectations as its revenue grew 32 percent. Net income rose 7 percent to $17.3 million, or 8 cents per share, in its fiscal first quarter, from $16.2 million, or 8 cents per share, in the same period a year ago."
Linux Adoption Microsoft tactics push India toward Linux (Linux-Watch) Linux-Watch looks at Linux laptops for school children in the Indian state of Tamil Nadu. "In evaluating laptop hardware, ELCOT claims to have two primary tests. One is a "fire walk test" that requires laptops to survive being stood and walked upon by 175-pound people. The other -- hopefully easier to pass -- requires that they fully support Linux."
Interviews Coming Battle Over Open Source Phones (Forbes) Forbes interviews Morgan Gillis, executive director of the LiMo Foundation, about the Symbian announcement, the merger with LiPS, and competition with Android. "The traditional point of difference--royalty rates--has dissolved for now, but other points of difference will emerge between the platforms. While both are open-source, LiMo uses the Linux kernel, which is the jewel in the crown of the open-source development world. There's deep familiarity there with our technology. The Symbian kernel has grown up as a proprietary item. The open-source community needs time to get familiar with that technology."
Cloudsecurity.org Interviews Guido van Rossum cloudsecurity.org has an interview with Guido van Rossum on the topics of Google App Engine, Python and Security. "cloudsecurity.org: I recently attended a fascinating talk by Justin Ferguson (a Seattle based security consultant) at eusecwest in London. He gave a great talk exploring security vulnerabilities in language interpreters and specifically highlighted some security weaknesses in Python App Engine. What are your thoughts on his research and specifically the Python issues he highlighted? When do you anticipate they will get fixed? GvR: We’ve anticipated all of the possibilities raised in Justin’s talk, and took measures to protect our users. Justin highlighted weaknesses in Python, but not in App Engine. Furthermore, our security model does not rely solely upon protections within the Python interpreter; there are additional protections that these external analyses have missed."
Resources About:mobile first issue The first issue of about:mobile, a newsletter dedicated to mobile Firefox development, has been posted. "The M4 Milestone release of Fennec is available for testing for the N800 and N810. The main feature of this release is that it features really good scrolling and panning, largely written by Stuart Parmenter and Gavin Sharp. Please note that this is still a very early milestone release, and as such this build has many features that are either incomplete or unstable." "Fennec" is Firefox for mobile devices, see the Fennec vision page for details.
Reviews Openmoko ships Neo FreeRunner Linux phone (ZDNet) ZDNet reports on the first Openmoko Neo FreeRunner mobile phone shipments. "The suggested retail price is $399 (£201). The Neo FreeRunner has a VGA (480-by-640 pixel) touchscreen, internal GPS, Bluetooth, a 400MHz processor, 802.11b/g Wi-Fi, two 3D accelerometers and SD-card expandability. Unusually for a mobile phone, it also includes a USB host function, meaning it can be used to power USB devices."Linux Devices has a review of the FreeRunner.
Miscellaneous The critics are wrong: KDE 4 doesn't need a fork (ars technica) Here's an ars technica article telling frustrated KDE 4 users to give the project a bit more time. "The single greatest strength of Plasma is the inherent mutability that it brings to the desktop. It provides a very flexible framework within which the developers can experiment with completely different paradigms for basic components of the user interface. That is why a fork is a profoundly misguided option at this stage."
Page editor: Forrest Cook
Announcements Non-Commercial announcements Barracuda countersues Trend Micro Barracuda Networks has announced the filing of a software patent countersuit against Trend Micro, using three freshly-acquired patents. "'The reality is that Trend Micro is asking Barracuda Networks to pay for the use of the free and open source ClamAV software,' said Dean Drako, president and CEO of Barracuda Networks. 'We have asserted all along that Trend Micro's actions are unjust and could have serious implications against the open source community and other free and open source projects.'"See also: this LinuxWorld article on the countersuit.
Fedora announces final board appointment The final Fedora board appointment has been announced. "Chris Tyler has been selected to fill the final seat on the Fedora Project Board. Many of you may know Chris from his "Fedora Daily Package" website, or his work at Seneca College on open source curricula, or as author of O'Reilly's "Fedora Linux" book." (Thanks to Rahul Sundaram).
Commercial announcements CadSoft releases Eagle 5.1 CadSoft has released version 5.1 of their Eagle printed circuit CAD application. This release adds some new capabilities and bug fixes. See the What's new document for details.
EMCC Software anticipates Symbian Foundation to stimulate growth EMCC Software anticipates growth in the mobile phone industry due to the Symbian Foundation. "The formation of the Symbian Foundation Platform will bring standardisation and increased certainty to application creators wishing to develop solutions for all Symbian handsets. EMCC foresees a significant reduction in platform fragmentation that will mean a combination of reduced time to market, wider addressable markets for new products, plus reduced porting and testing costs for the leading Smartphone platform in the mobile industry. This should also result in a significant number of new players licensing the new open source platform from the Symbian Foundation for an even wider range of products."
Xandros buys Linspire? Former Linspire CEO Kevin Carmony has put up an angry weblog posting after being notified that Linspire has been sold to Xandros. "I predict this was done to: 1) help Robertson drain the company of its cash and resources. When I left Linspire, we had a very profitable year and the company had millions in the bank. I predict Robertson has moved this money to himself, family, and his other companies, leaving Linspire's minority shareholders with nothing. 2) help Robertson save face by issuing a 'Linspire Acquired by Xandros!' press release, instead of living with the public humiliation that Linspire failed under his leadership. (Although, being out lasted by Xandros isn't much less embarrassing.)" That press release has not yet been sent out as of this writing; we'll keep an eye out for confirmation of what's going on.
Some answers from Xandros CEO Andreas Typaldos Xandros has sent out a set of questions and (not entirely satisfying) answers from its CEO regarding the acquisition of Linspire. On the question of how big the combined company will be: "Xandros has been on a fast growth path for the last couple of years; has an aggressive headcount and revenue growth plan at this time; and is currently in heavy hiring mode. We believe that at this point Xandros is already the third largest Linux Company in the world, and that we may already be the largest private Linux Company in the world."
LiPS and LiMo merge Two competing groups trying to build standardized platforms for mobile telephony - the Linux Phone Standards Forum and the LiMo Foundation - have announced their intent to merge. "This pooling of efforts and resources reflects the industry-wide trend towards unification of Linux-based mobile telephony platforms and will serve to accelerate the emergence of common mobile Linux specifications and implementations. It will also bolster the emerging mobile Linux developer community and support the creation of a range of new applications, services and end-user experiences." It also acknowledges the fact that there's no shortage of mobile platform projects currently.
Netgear's open wireless-G router for open source hackers NETGEAR has announced a wireless router specifically targeted at the Linux community. The WGR614L is based on a MIPS CPU with 16M of RAM an 4M of flash, along with 802.11g and 10/100 ethernet connectivity. It currently runs Tomato and DD-WRT firmware and will soon add support for OpenWRT. NETGEAR is also sponsoring a community site for developers and users to gather. Click below for the press release.
Openmoko Neo Freerunner goes on sale July 4 Openmoko has announced that its long-awaited phone will go on sale on July 4. "The Openmoko Neo FreeRunner utilizes GNU/Linux and comes with core software for dialing, SMS and recording contacts. Openmoko will supplement these features with periodic downloads beginning with a software suite that takes full advantage of the phone's hardware platform. The new software, debuting at Linux world in August, will provide exciting new location based applications."
Preview of Open-Xchange Server Edition announced Open-Xchange Inc. has announced a preview version of Open-Xchange Server Edition. "Open-Xchange offers email, calendar, contacts, tasks and document sharing to provide companies with all the tools needed to facilitate communication and efficient teamwork."
Rackspace Greenspace Initiative hits one year mark Rackspace has announced the first year anniversary of its Greenspace Initiative. "Rackspace® Hosting, a leading hosting services provider, began taking a more proactive role in environmental responsibility by launching the Greenspace® Initiative in 2007, which promotes energy conservation through customer offerings, company conservation and employee education on green living. Since that time, Rackspace has focused on providing their customers with offerings that include the most energy efficient products available, the ability to offset carbon emissions and greener services, such as virtualization and cloud hosting."
Terra Soft, Argo Graphics provide Power Linux to Japan 2008 Terra Soft and Argo Graphics have announced a partnership. "Terra Soft Solutions of Loveland, Colorado, USA and Argo Graphics of Tokyo, Japan today announce a collaborative effort to bring enterprise level support to Linux for Power architecture systems in Japan, with immediate support for the IBM PowerXCell 8i 3.2 GHz based QS22 blade and the IBM Cell SDK."
Meeting Minutes Perl 6 Design Minutes (use Perl) The minutes from the June 11, 2008 Perl 6 Design Meeting have been published. "The Perl 6 design team met by phone on 11 June 2008. Larry, Allison, Patrick, Jerry, Jesse, Nicholas, and chromatic attended."
Calls for Presentations BA-Con 2008 CFP A call for papers has gone out for BA-Con 2008. The event takes place in Buenos Aires, Argentina from September 30 through October 1, 2008, the submission deadline is July 11. "The first annual BA-Con applied technical security conference - where the eminent figures in the international and South American security industry will get together and share best practices and technology - will be held in Buenos Aires on September 30 and October 1st. 2008. The most significant new discoveries about computer network hack attacks and defenses, commercial security solutions, and pragmatic real world security experience will be presented in a series of informative tutorials."
CFP - 25th Chaos Communication Congress 2008 A call for papers has gone out for the 25th Chaos Communication Congress. The event takes place in Berlin, Germany on December 27-30, 2008. Submissions are due by October 5.
piksel08 - code dreams :: open call A call for papers has gone out for Piksel08: code dreams. The event takes place on December 4-7, 2008 in Bergen, Norway, the submission deadline is August 15. "Piksel08 examines the other side of code, an alternative side to a hard-coded reality of work and play. Open hardware and free software project a utopic vision, yet exist within economies of capital, the dream factory of mainstream technology. Within the chance meeting of sewing machine and umbrella on the dissecting table, hardware and software are flattened. Piksel08: code dreams explores the dreams of this soft machine; bachelors coding for pleasure, reverse engineering paranoiac constructs of the real, automatic coding practice, soft hardware, and everyday magic."
The Python Papers call for papers A call for papers has gone out for The Python Papers. "We would like to call for papers, articles, opinion pieces and feedback to include in Volume 3, Issue 2 of The Python Papers. We would love to receive articles on Python for beginners and discussions about Python performance. Any article will be gratefully received, of course, so do not let the above list of suggestions deter you from considering an article on another topic. We also need volunteers from Python User Groups to include an article on the activities, members and geographical area of their local group. Expressions of Interest Close: Friday, 18 July Initial Draft Submission Deadline: Friday, 25 July".
Upcoming Events Deepsec Talks 2007 are online - registration for 2008 is open DeepSec 2008 registration has been opened and videos from the 2007 DeepSec are available. "DeepSec Vienna, the annual In-Depth Security Conference has opened online registrations for 2008. Registrations will receive a discount of 5% off the regular fees until August 31st if you use the following promotional code..."
Far East Perl call for attendees (use Perl) Far East Perl has been announced. "I am happy to announce the Second Russian Perl Workshop which is called "Far East Perl" and takes place on 13th of September in Vladivostok."
SciPy Conference Updates Some update information for the 2008 SciPy Conference has been posted. The event will be held at Caltech on August 19-24, 2008. "The SciPy Conference is not too far away. I thought I'd summarize some recent news about the conference in case some of you missed it".
Web 2.0 Expo Keynotes announced The keynote speakers for the Web 2.0 Expo have been announced. "Web 2.0 Expo New York will convene the brightest minds of the next-generation Web to celebrate the power, size and innovation of the industry on the East Coast. Web 2.0 Expo New York happens September 16-19, 2008 in the Javits Convention Center."
Events: July 10, 2008 to September 8, 2008 The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it. Audio and Video programs LugRadio to end soon The popular LugRadio podcast will soon be recording its last show. The most recent edition was the second-to-last "regular" show, with one more to follow, as well as a live final show to be recorded at LugRadio Live in the UK on the 19th and 20th of July. More info can be found at Jono Bacon's blog as well as Stuart Langridge's blog (from which we quote): "I probably ought to say: it isn't because we’ve had a row or anything. We want the show to go out on a high — always leave 'em wanting more, isn't that the showbiz mantra? — and everyone can name programmes that have outstayed their welcome by stringing it out for just one more season. I would like to keep those people who don't think that we jumped the shark 104 shows ago to be still thinking that the show was good even after it's over."
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||