LWN.net Weekly Edition for January 8, 2009 [LWN.net]

The Grumpy Editor's guide to 2009

By Jonathan Corbet
January 7, 2009

Author Charles Stross recently lamented that times have gotten sufficiently interesting that the writing of near-future science fiction is currently impossible. Too much is changing, in too many interesting and unpredictable ways, for anybody to make projections of the future that don't look ridiculous long before that future arrives. Your editor can certainly understand that concern. But, then, your editor's predictions have always looked ridiculous in short order. So there's no reason not to continue with business as usual. Here's a set of wild guesses as to what we might see this year. Woe unto anybody who takes any of this seriously.

Commercial

The net is full of guesses about what the currently-unfolding financial crisis will mean for free software; many of those are wildly optimistic. Your editor is a bit more guarded: the free software community will emerge from this mess stronger than ever, but it may well be a difficult ride. Much of the commercial Linux industry draws a fair amount of its income from the financial industry, and many players in that industry - there should still be one or two left - are likely to be looking to cut their expenses somewhat. So money for little things like critical infrastructure may be a little short until the bonus pool can be brought back to a satisfactory level. Other parts of the economy will be suffering similar pain. All told, economic trouble will make life harder for a number of free software companies - and the people they employ.

Still, the lower cost of free software, along with its flexibility, can only serve to make it more appealing to companies which are trying to develop a successful business strategy for difficult times. The commercial ecosystem around free software should continue to grow, but it may go through some interesting changes along the way.

One thing that will help is that open embedded systems will grow in appeal and become more successful. The iPhone showed what can be done with an interesting hardware platform; at the same time, it has spawned a steady industry devoted to opening up the device. Android-based platforms are quickly showing that it's possible to make an equally (or almost equally) nice device without locking it down in the same way. Awareness of the value of open gadgets will grow, and there will be more of them on the market by the end of 2009. These gadgets may not be as completely open as many LWN readers would like, but they will be a big step in the right direction.

As that happens, your editor thinks that Android will grow in popularity, perhaps to the point where it eclipses other Linux-based handset platforms. Android has no shortage of flaws, but it is a sufficiently well thought-out and developed system that it should be able to attract a real development community - especially if Google opens up its processes sufficiently. And if Google maintains an overly-firm hand on Android, we may well see forked versions aimed at the hardware devices which can run them.

Legal

The pace of GPL enforcement actions will drop as a result of two independent developments: more companies will figure out that free software licensing matters, and developers will decide that they do not want to be part of a high-profile lawsuit. That said, there will be some significant actions on this front in 2009. Meanwhile, the FSF's GPL-infringement lawsuit against Cisco will be settled in a flurry of "win-win" press releases.

GPLv3 migrations will slow, especially among projects that people have actually heard of.

A formerly friendly company may pull an SCO. The sad fact is that failing companies have a certain tendency to look toward their "IP portfolio" as a last-ditch source of revenue. 2009 is likely to see more than the usual number of failing companies; do not be surprised if one of them grasps at this particular straw.

Distributions

Debian Lenny will be released. Now that the ritual firmware flame war and general resolution obligations have been satisfied, it looks like even Debian would be hard put to not get a release out this year. Debian will also make a serious attempt to avoid a repeat of the recent general resolution mess. There will be changes to how resolutions find their way to a vote, and the scripture-like authority of the "foundation documents" may be eroded somewhat.

We still won't know about Fedora's "infrastructure issues". But they'll promise to fill us in as soon as they possibly can. In the mean time, Fedora will crank out two more solid releases, one of which will eventually show up (somewhat transformed) as the next RHEL release.

openSUSE will make it easier for outside developers to maintain packages in an attempt to bolster its relevance in the development community.

Development

The 2.6.33 kernel will be released. In other words, the kernel development cycle will continue at its fast pace, and the numbering scheme will not be changed.

The realtime patch set will be mostly merged by the end of the year. It really has to happen this time. What could possibly go wrong?

After many years of effort, 3D graphics will be a solved problem on Linux systems. We will no longer be second to other systems with regard to functionality or performance - at least, if you buy your video hardware from cooperative companies. Some of the code may still be working its way through the distribution system, but the work will be done.

It will be a make-or-break year for Perl. If the Perl developers cannot either bring new life to Perl 5 or turn Perl 6 into something real, this language will, by the end of the year, have moved well down the road to "legacy" status.

By the end of the year, KDE 4 will have stabilized, and most users will have forgotten what all of the flames were about. Meanwhile, the first pieces of GNOME 3 may be out, but they are likely to be received without great enthusiasm.

The distributed version control system debates will continue in full force through the year. A number of major projects will make the jump to a DVCS, and most of them will go to git. But Mercurial and Bzr (at least) will remain strong contenders.

As a result of declining contributions from Sun and frustration felt by outside developers, OpenOffice.org will be forked. The new project is likely to have some initial troubles - OpenOffice.org is a big program - but it will eventually become the focus of a much more dynamic, community-oriented system.

Conclusion

This article would not be complete without a prediction that free software will be stronger than ever at the end of 2009. Some predictions are easy to make; that has been the trend for many years, after all. Still, it is going to be interesting to see what we will be able to accomplish over the next twelve months. As always, it is going to be fun.

Finally, it will be a hard year for Linux-related media; we have already seen a foreshadowing of the situation with Groklaw's shift into maintenance mode and the recent demises of LinuxWorld.com and Linux.com. It is a hard time to be in the media business in general, and the free software realm offers challenges of its own even in the best of times. That said, LWN appears to be holding steady so far, thanks to thousands of readers who feel that this enterprise is worth supporting. So your editor is able to confidently predict that we'll still be here for the traditional mocking of these predictions in December.

Comments (51 posted)

Debates on the future of Compiz

January 7, 2009

This article was contributed by Bruce Byfield

Is Compiz dying? Possibly not, but the consensus among developers of the compositing window manager seems to be that the project is in serious need of reorganization if it is going to survive.

Founded three years ago, Compiz quickly gained recognition as one of the first projects to deliver 3-D graphical effects on the desktop. Probably its best-known effect is the presentation of multiple workspaces on a rotating cube. The current state of the project dates from the merger of Compiz and Beryl, a fork of Compiz, at the end of March 2007.

Since then, development has been divided into two projects: Compiz, which includes the core functionality and basic plugins, and Compiz Fusion, which includes utilities and more plugins. In theory, the two projects were supposed to merge, but in practice, that has never happened. The projects still maintain separate web sites, mailing lists, and bug trackers, despite the fact that most developers of one project also work on the other.

The community appears to lack both organization and direction, with many developers working on their own branches of Compiz in secret rather than face endless discussion about their goals. Still other developers have drifted away from the project. Under these circumstances, the community has not only been unable to manage a 1.0 release, but, 18 months after the last stable release, is still struggling to complete version 0.8.

More recently, the community has been affected by the withdrawal of Compiz project leader David Reveman. Reveman's departure, apparently made without any official announcement, has led to a lack of leadership, since no experienced Compiz developer appears willing to assume the role of community organizer. Just as importantly, Reveman's refusal to respond to emails after his withdrawal has caused practical difficulties for other developers because much of the Compiz code base is undocumented.

The result is that Compiz, once seen as an exciting, leading-edge project is now being openly denigrated in some circles. For instance, one commenter on a recent Compiz video on YouTube wrote:

Dramatically ugly, unusable, slow, badly animated and unconsistent. Open source development without a serious, expert maintainers can result in chaotic growth of the project and waste of human resources into pointless code. The Compiz-Fusion project is certainly the most representative example of all this.

The situation came to a head in late December when developer Dennis Kasprzyk announced the creation of a new compiz++ code branch. This new branch is written in C++ as opposed to the C programming language of the main branch, and would require numerous changes in the behavior of plugins. A few days later, Kasprzyk's announcement motivated Kristian Lyngstol, another developer, to begin a thread on the Compiz mailing list on "The Future of Compiz." This thread was echoed in an article called "Compiz is dying and we need to fix it" by Kevin Lange. Since then, discussions about the state of Compiz have emerged on numerous other mailing lists, especially those dedicated to specific distributions.

According to Lyngstol, "there has been the equivalent of no progress since the merger. We've basically been in maintenance mode. The reason for this, from my point of view, is a complete lack of direction and leadership."

Lyngstol sees several reasons for the current state of Compiz. To start with, he suggests that project members have been waiting too long for "something that will change everything," and the result has been too many code branches, many of which are incompatible with each other. "The reality is that all these branches are counter-productive, regardless of how fun or flashy they are," Lyngstol writes. He continues:

If we are to have a healthy development environment, and any hope of bringing Compiz out of a constant alpha-stage, we need to have clear development goals and a way to cooperate. Before somebody puts 6+ months of development into their work then present it as a final solution.

Next, Lyngstol notes that the community remains small, with less than 20 people contributing code, if the subscription list for Compiz-Fusion Planet is an indication. In fact, Lyngstol writes, "Unless I'm missing something obvious, we haven't seen a single new core developer that contributes significantly to [the main branch] since the merge. We have, however, lost a few."

Lyngstol goes on to suggest the reasons for the lack of developers. Because the project has no direction, he writes, "all development and design is done as a solo race. There's no way to know whether you can work on something without losing your work because some obscure branch gets merged."

Even worse, the merge of Compiz and Compiz-Fusion that was supposed to happen never has, resulting in a duplication of effort that Lyngstol describes as "messy." Much the same state of chaos exists in the code, which is both "undocumented" and "not particularly pretty." Moreover, when new code is added, its functions "do more than C functions should do." But the basic problem, according to Lyngstol, is that "Compiz is a research project," in a constant state of change and is not focused on producing a stable release.

To solve this situation, Lyngstol suggests a merger of the various code branches — or perhaps, an agreement that some or all are forks — and some serious attention paid to project management. "We should have clear goals for every major release," he writes, "and finding those goals should be the top priority after a stable release. For each point-release in a development series, we should also have a clear goal. This will make it easier to predict releases and for developers to help."

[PULL QUOTE: Perhaps the greatest indicator of the state of the Compiz community is not Lyngstol's critique, but the polite agreement with which it has been greeted so far. END QUOTE] Perhaps the greatest indicator of the state of the Compiz community is not Lyngstol's critique, but the polite agreement with which it has been greeted so far. To date, those who have responded to Lyngstol's posting have quibbled over the details of some of his points while not seriously contesting his overall observations or his suggested solutions.

Another, more unfortunate indicator is that, while posters have agreed that leadership and direction are needed, so far none of them have come forward to offer it. Instead, Lyngstol and several other active developers have gone out of their way to state that, while they would support change, they were unwilling or unable to take on any leadership role.

So far, no one has suggested possible external reasons for the diminishment of Compiz. But it may be that, now that the novelty of 3-D special effects have worn off, few reasons exist to develop them; the few practical effects, such as zooms, are too slight to encourage the majority to move away from standard 2-D desktops.

Another possible factor is that 3-D video drivers that are both stable and released under a free license are taking longer to arrive than anyone anticipated, and their lack reduced users' interest in projects like Compiz that require them.

Still another suggestion was made in an anonymous comment on Lange's article: Perhaps Compiz has served its purpose by proving that the free desktop could surpass Windows or OS X in eye candy. However, not everyone would agree — developer Quinn Storm, for example, posted a comment to the Compiz mailing list in which she makes clear that she thinks that Compiz has that goal, but has yet to reach it.

Whatever the reasons and whatever happens, one consolation is that, in free and open source software, nothing is really lost. But, as things stand now, with no one willing to assume the leadership of the project, a very strong possibility exists that the the Compiz will continue to diminish, with its members aware of the situation but unable or unwilling to change it.

Comments (18 posted)

The Android Dev Phone 1

By Jonathan Corbet
December 29, 2008

Your editor's long-suffering spouse will attest that gadgets are never in short supply in the house. Many of them pass below her interest, but a new one has come in which has attracted attention throughout the household: an Android Dev Phone, otherwise known as the fully unlocked version of the G1 phone offered by T-Mobile. This phone is certainly a fun toy, but it has the potential to be a lot more than that.

The details of this device have been well publicized for a while now. It includes a nice touchscreen display, QWERTY keyboard, GPS receiver, accelerometer, 3.2 megapixel camera, and more. The whole thing is powered by Google's Linux-based Android platform. The Dev Phone is essentially the same device as that sold by T-Mobile, but with a crucially important difference: it is unlocked in all senses. This means not just that it can be used with any mobile carrier's SIM, but also that the base operating software has not been locked down. This is a phone for which the entire system can be rebuilt and replaced at will.

The Dev Phone thus joins the OpenMoko Neo Freerunner on the very short list of truly open mobile handsets. This device, though, has the advantage of being a bit more of a finished product with what appears to be a rather stronger software development team behind it. It also, for what it's worth, has some nice hardware capabilities that the Neo lacks: quad-band GSM, 3G (though not on the bands used by your editor's carrier, alas), keyboard, etc. Your editor believes that it will be a successful product.

Over the course of the next few months, your editor plans to dig into this device and report on what he finds. How open is the device really? What does it take to put a new kernel onto it? What might it take to put a different operating system onto it altogether? And, in general, how does this whole Android thing work? Assuming that he does not brick the device early on, your editor hopes to get a real sense for what can be done with this device, how close its software is to what we normally think of as Linux, and where it might go into the future. It should be a fun project.

First, though, one has to get through the stage of simply playing with the new toy. So the rest of this article will be a user-level review of sorts.

The hardware: it feels generally solid. The device is larger and heavier than handsets your editor has used in the past, but that is to be expected. The keyboard works better than one might think given its size; even your relatively fat-fingered editor is able to type with reasonable speed and accuracy. The vibrator lacks strength. The camera seems to take nice photos (for a phone camera), but it is exceedingly slow. As with most color-screen devices, the display is entirely unreadable when the backlight is off. A nice touch with this phone is an indicator LED which blinks when the phone has something to tell you - an unread text message, for example - but the use of the LED seems to be somewhat inconsistent.

Your editor has yet to get a sense for what the battery life would be in the absence of children playing with the device all day long. Complaints about battery life can be found on the net, but it appears that the phone should be able to get through two or three days of moderate usage where the GPS receiver is off most of the time. On the other hand, if you let your kids use it to mess around on video sites, the battery runs down relatively quickly.

On the software side, this phone gets off to a bit of a rough start. It first requires the user to configure the phone to access data service from the carrier, a process which must be done by hand if that carrier is not T-Mobile. Your editor's last new phone recognized the carrier from the SIM and handled this task automatically. More annoying, though, is that the phone requires the creation of a Gmail account as part of its setup process. The fact that one does not have - and does not want - such an account is not relevant. So now your editor has an entry in the Gmail account database which will never be used.

That, of course, ties in to why Google has gotten into this exercise in the first place. There are many features of the Android platform which are designed to tie the user in more closely to services provided by Google. Some features, such as the calendar, are really just an extension of the online offerings. The phone wants to sync the contacts list to...somewhere...and turning the feature off leads to unpleasant behavior. It is possible to use many of the features of the device without connecting back to the Google mother ship, but it's not the natural mode of operation.

Another example is email handling. There is a separate icon for Gmail which just works; that application offers the features (such as threading) provided by that service. One can run a different mail application to connect to a POP or IMAP account somewhere, but it's a separate setup process. Later, with luck, one discovers the improved K9 client, which must be installed separately and which requires one to go through the setup process again. Even with K9, the non-Gmail mail client is not what it should be. There is no threading of messages, many basic commands (refiling messages, for example) are missing, etc. Then there's little problems like refusing to connect to a server if it doesn't think it can trust the SSL certificate and failing to authenticate if the user's password contains special characters. One assumes that this client will improve, or that other clients will be ported to the platform, but, for now, it doesn't seem to be a priority for the Android developers.

More generally, though, the Android software is pretty slick. A fair amount of thought has been given to how interaction should work on this kind of device. Once one gets used to a few specific differences (holding a finger on an item on the screen for a few seconds often brings up otherwise hidden options, for example), navigating through applications comes fairly naturally. Only in some cases do inconsistencies pop up - some applications have different notions for how to zoom in and out than others is one that your editor has noticed. As a whole, the interface comes across as polished and attractive.

That said, use of the display could be improved. On a small display, there will always be a certain tension between getting enough information on-screen and avoiding the creation of headaches through severe eye strain. Different users will do better with small fonts than others. But if Android offers an option to configure default font sizes, your editor cannot find it. So it becomes necessary to manually zoom almost every web page, almost every email, etc. to get a sufficient amount of information onto the screen. That gets a little tiresome after a while.

The "Android Market" offers a wealth of applications, most of which are available as free software or, at least, in a free-beer mode. When browsing applications, one runs into the Android security model, which is oriented around a long set of capabilities which can be granted to applications. A program which needs do things like access the net, obtain location data, change hardware settings, etc. must declare the capabilities it needs; these are then presented to the user at installation time. Most users will probably just say "yes," but it is worth taking a closer look. Your editor decided to decline the installation of a Mahjongg game after being unable to figure out why it was asking for full network access.

Beyond the inevitable games (including one of the worst Tetris implementations seen in a while), there is a wide variety of available applications. The "Locale" tool makes up for the (surprising) lack of the sort of "profile" feature found on almost every handset your editor has ever seen; it performs tricks like using the GPS receiver to automatically change profiles when the phone enters the office or a theater. The "bubble" application (shown on the left) turns the handset into a portable level. There's no shortage of "smart shopper" applications, most of which can read a barcode using the camera and look up prices for items. There is a "power manager" which attempts to configure the device for optimal power use in a number of situations; it provides a basic profile functionality as well, though the user should be prepared to spend some time configuring the options into a workable form. There's plenty of travel-oriented applications which will fetch weather reports, currency rates, or call a taxi.

One notable omission, with both the base phone and the available applications, is voice over IP functionality. This handset should be able to do VOIP beautifully, but almost no such functionality is available. There appears to be a tool for Skype users, but that's about it.

There are a couple of applications that are of particular interest to your editor. ConnectBot is an SSH client which works surprisingly well; the developers are clearly working toward the creation of a tool useful for people logging into Linux-like systems. And the terminal emulator provides that all-important feature: a shell prompt on the device. Even more fun, on the Dev Phone, a simple "su" with no password will yield a root shell.

Playing around on the device, your editor sees that the ARM processor provides a mighty 383 bogomips. It appears to have a little over 100MB of usable memory. It's running a 2.6.25 kernel (known to be heavily modified) with a single loadable module called "wlan." And so on. As useful as the keyboard is, trying to use it to type commands at a shell which lacks a history mechanism gets painful after a while. Time to go looking for an SSH server.

There are other useful applications, of course, such as the one which actually makes phone calls. Like the others, it lacks perfection, but one can only assume that, on a platform driven by free software, that imperfect applications will be improved or replaced. How easy it is to do such things is part of what your editor intends to find out in the coming months. Stay tuned.

Comments (37 posted)

Page editor: Jonathan Corbet

Security

Filesystem capabilities in Fedora 10

By Jake Edge
January 7, 2009

Linux capabilities have been around for a long time, but they are finally starting to get to the point where they can actually be used. There are still no mainstream distributions that make use of them, but Fedora 10 has all of the requisite functionality available, as Ulrich Drepper recently pointed out in a blog posting. There are now systems available for administrators to begin to try out capabilities to see what advantages they offer.

Note that this article concerns Linux/POSIX capabilities and not the other security approach of the same name.

The canonical test program for capabilities seems to be ping; that is what Drepper used, as did Chris Friedhoff in his capabilities documentation. Currently in Fedora 10, ping is a setuid-root program as it needs privileges that normal users do not have. Removing the setuid bit with

    chmod u-s /bin/ping

results in normal users getting the following error:

    ping: icmp open socket: Operation not permitted

But, ping can be left without the setuid bit, by proper application of capabilities.

By using the setcap command, a root user can give the required capabilities to the ping program. These get stored as extended attributes (xattrs) in the filesystem and queried by the kernel when filesystem capabilities are enabled. It should be noted that not all filesystems support xattrs, but for those that do, setcap will add the "capability" attribute with a 20-byte value representing the capability information.

The capability required by ping is CAP_NET_RAW, so an administrator who wants to have a non-setuid-root ping must do:

    setcap cap_net_raw=ep /bin/ping

This sets the CAP_NET_RAW bit in both the "effective" (e) and "permitted" (p) capability sets. These two sets, along with the "inheritable" set, govern the capabilities that a process has or can set. Serge Hallyn's developerWorks article is a good reference for how those sets interact.

But, how does one find out what capabilities a particular program needs? In some ways similar to the audit2allow method sometimes used to determine SELinux policies, one can look for permission denied errors as Friedhoff describes:

    $ strace ping localhost 2>&1 | grep EPERM
    socket(PF_INET, SOCK_RAW, IPPROTO_ICMP) = -1 EPERM (Operation not permitted)

In this case, ping tried to open a raw socket which requires CAP_NET_RAW. Hallyn's article also has code for a capable_probe kernel module that can be used to see what capabilities are requested. As with the SELinux method, one must be careful that the capabilities requested are actually reasonable for the program's task before granting them.

Now that capabilities are available, folks have started to wonder when things like ping will have their setuid bit removed in standard distributions. Panu Matilainen asked on fedora-devel: "Are we ready to start considering moving away from SUID bits to capabilities, in Fedora 11 maybe?" The answer in the resulting thread seems to be "no", mostly because there is concern about folks building their own kernel without support for capabilities. It is a bit of a weak argument because Fedora depends on any number of kernel options. Drepper is characteristically blunt: "That's nonsense since there are many other options we rely on and which can be compiled out."

Other distributions may handle things differently, though, so we may see Linux-capability-based systems elsewhere. For now, administrators can turn off setuid and instead set capabilities on programs in Fedora 10, "unfortunately you have to do it every time the program is updated again," Drepper notes. Capabilities were originally added to Linux in the 2.1 kernel series, around ten years ago, so it is nice to see them finally getting to the point of usability for regular users and administrators. It will be interesting to see where things go from here.

Comments (15 posted)

Brief items

25C3: MD5 collisions crack CA certificate (heise online)

Researchers presenting at the 25th Chaos Communication Congress (25C3) have used MD5 collisions to generate bogus, but trusted, SSL certificates as reported by heise online. This would allow nefarious web sites to generate a certificate purporting to be from any other site—greatly increasing the reach of phishing and other scams. "Using a weakness in the MD5 cryptographic hash function, which allows different messages to generate the same MD5 hash – known as an MD5 'collision', the international team of Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molinar, Dag Arne Osvik and Benne De Weger, have used one attack scenario to create a certificate which will be trusted by all browsers because it appears to be signed by one of the root CAs that browsers trust by default. The certificate can also be used to sign other certificates, which could allow attackers to carry out 'practically undetectable phishing attacks'."

Comments (47 posted)

New vulnerabilities

OpenSSL: certificate verification flaw

Package(s):

OpenSSL

CVE #(s):

CVE-2008-5077

Created:

January 7, 2009

Updated:

July 27, 2011

Description:

From the Red Hat advisory: the Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server, or able to effect a "man in the middle" attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client and bypass validation.

Alerts:

SUSE	SUSE-SU-2011:0847-1	2011-07-27
openSUSE	openSUSE-SU-2011:0845-1	2011-07-27
Gentoo	200904-05	2009-04-05
Mandriva	MDVSA-2009:271	2009-10-12
Mandriva	MDVSA-2009:037	2008-02-16
Gentoo	200902-02	2009-02-12
Slackware	SSA:2009-014-01	2009-01-15
Fedora	FEDORA-2009-0419	2009-01-14
Fedora	FEDORA-2009-0543	2009-01-14
SuSE	SUSE-SA:2009:006	2009-01-23
rPath	rPSA-2009-0008-1	2009-01-20
Slackware	SSA:2009-014-03	2009-01-15
CentOS	CESA-2009:0004	2009-01-07
Debian	DSA-1701-1	2009-01-12
Fedora	FEDORA-2009-0331	2009-01-08
Red Hat	RHSA-2009:0004-01	2009-01-07
Fedora	FEDORA-2009-0544	2009-01-14
Fedora	FEDORA-2009-0547	2009-01-14
Slackware	SSA:2009-014-02	2009-01-15
Fedora	FEDORA-2009-0325	2009-01-08
Ubuntu	USN-704-1	2009-01-07

Comments (none posted)

p7zip: unknown vulnerability

Package(s):

p7zip

CVE #(s):

Created:

January 7, 2009

Updated:

January 7, 2009

Description:

The p7zip file archiver suffers from "archives formats issues." Such information as is available can be found in this bugzilla entry.

Alerts:

Fedora	FEDORA-2008-11868	2008-12-30
Fedora	FEDORA-2008-11891	2008-12-30
Fedora	FEDORA-2008-11843	2008-12-30

Comments (none posted)

php-xajax: cross-site scripting

Package(s):

php-xajax

CVE #(s):

CVE-2007-2739

Created:

December 29, 2008

Updated:

January 7, 2009

Description:

From the Debian advisory:

It was discovered that php-xajax, a library to develop Ajax applications, did not sufficiently sanitise URLs, which allows attackers to perform cross-site scripting attacks by using malicious URLs.

Alerts:

Debian

DSA-1692-1

2008-12-27

Comments (none posted)

samba: privilege escalation

Package(s):

samba

CVE #(s):

CVE-2009-0022

Created:

January 6, 2009

Updated:

October 5, 2009

Description:

From the Ubuntu advisory: Gunter Höckel discovered that Samba with registry shares enabled did not properly validate share names. An authenticated user could gain access to the root filesystem by using an older version of smbclient and specifying an empty string as a share name. This is only an issue if registry shares are enabled on the server by setting "registry shares = yes", "include = registry", or "config backend = registry", which is not the default.

Alerts:

Fedora	FEDORA-2009-10172	2009-10-03
Mandriva	MDVSA-2009:042	2009-02-18
Fedora	FEDORA-2009-0160	2009-01-07
SuSE	SUSE-SR:2009:001	2009-01-12
Fedora	FEDORA-2009-0268	2009-01-07
Slackware	SSA:2009-005-01	2009-01-06
Ubuntu	USN-702-1	2009-01-05

Comments (none posted)

xen: DOS and symlink vulnerabilities

Package(s):

xen

CVE #(s):

CVE-2008-4405 CVE-2008-4993

Created:

January 7, 2009

Updated:

September 15, 2009

Description:

The Xen package, as shipped by Red Hat (at least), contains a pair of vulnerabilities. Unprivileged DomU domains are able to overwrite "xenstore values," enabling the killing of arbitrary processes. And the qemu-dm.debug script has a symbolic link vulnerability exploitable by a local attacker.

Alerts:

SuSE	SUSE-SR:2009:015	2009-09-15
Mandriva	MDVSA-2009:016	2009-01-16
CentOS	CESA-2009:0003	2009-01-08
Red Hat	RHSA-2009:0003-01	2009-01-07

Comments (none posted)

xterm: arbitrary code execution

Package(s):

xterm

CVE #(s):

CVE-2008-2383 CVE-2008-7236

Created:

January 5, 2009

Updated:

March 11, 2009

Description:

From the Debian advisory:

Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences.

Alerts:

Slackware	SSA:2009-069-03	2009-03-11
Gentoo	200902-04	2009-02-12
Debian	DSA-1694-1	2009-01-02
Fedora	FEDORA-2009-0059	2009-01-07
Fedora	FEDORA-2009-0154	2009-01-07
Fedora	FEDORA-2009-0091	2009-01-07
CentOS	CESA-2009:0018	2009-01-07
Mandriva	MDVSA-2009:005	2009-01-11
Red Hat	RHSA-2009:0019-01	2009-01-07
Red Hat	RHSA-2009:0018-01	2009-01-07
SuSE	SUSE-SR:2009:003	2009-02-02
SuSE	SUSE-SR:2009:002	2009-01-19
Ubuntu	USN-703-1	2009-01-06
Debian	DSA-1694-2	2009-01-06

Comments (none posted)

Page editor: Jake Edge

Kernel development

Brief items

Kernel release status

The 2.6.29 merge window is open, so there is no development kernel release as of this writing. Quite a bit of work has been merged for 2.6.29; see the separate article below for details.

The current stable 2.6 kernel is 2.6.28, released by Linus on December 24. Some of the highlights of this kernel are the addition of the GEM GPU memory manager, the ext4 filesystem is no longer "experimental", scalability improvements in memory management via the reworked vmap() and pageout scalability patches, moving the -staging drivers into the mainline, and much more. See the excellent KernelNewbies summary for lots more details about 2.6.28. Says Linus: "In fact, even _if_ you have friends or family, leave them to their endless toil over that christmas ham or turkey, and during the night, when they're asleep, you can give them that magical present of a newly updated computer. When they wake up tomorrow morning, tell them how you saw Santa crawl down the chimney with his USB stick in hand, updating the OS of all good boys and girls."

Comments (none posted)

Kernel development news

Quotes of the week

The software design moral: Everything is shit and will attempt to kill you when you're not looking.

-- Matthew Garrett

I don't believe "auto-destroy my music collection" is a sane default.

-- Alan Cox

BTW, the current influx of higher-complexity filesystems certainly worries me a little.

-- Christoph Hellwig

Can you post the patch, so that we can see if we can find some silly error that we can ridicule you over?

-- Linus Torvalds (Thanks to Jeff Schroeder)

There's a lot of stuff here, as can be seen by the final diffstat number:

779 files changed, 472695 insertions(+), 26479 deletions(-)

and yes, it's all crap :)

-- Greg Kroah-Hartman

I will just note wryly that it used to be that I could compile 0.9x kernels on a 40 MHz 386 machine in 10 minutes. Some 15 years later, it still takes roughly the same amount of time to compile a kernel, even though computers have gotten vastly faster since then. Something seems wrong with that....

-- Ted Ts'o

Comments (11 posted)

2.6.29 merge window, part 1

By Jonathan Corbet
January 7, 2009

As of this writing, some 6500 non-merge changesets have been accepted for the 2.6.29 development cycle. There is the usual set of new device drivers, combined with a number of important core kernel changes.

As of this writing, user-visible changes include:

New drivers for for SH-2A FPU based SH7201 processors, Palm T|X, T5 and LifeDrive audio devices, Gumstix Overo audio devices, Marvell Zylonite audio devices, Wolfson Micro TWL4030, UDA134x, WM8350 AudioPlus, and WM8728 codecs, Texas Instruments SDP3430 audio devices, OMAP3 Pandora audio devices, Intel G45 integrated HDMI audio codecs, Broadcom BCM50610 network PHYs, LSI ET1011C PHYs, KS8695 Ethernet devices, SMSC LAN9420 PCI Ethernet adapters, SMSC LAN911x and LAN921x embedded Ethernet controllers, Solarflare 10Xpress SFT9001 network controllers, Atheros AR9285 chipsets, Solos ADSL2+ PCI Multiport cards, Nuvoton W90X900 CPUs, LG ATSC lgdt3304 video capture devices, Sharp s921 ISDB-T devices, ST Microelectronics STB6100 silicon tuners and STB0899 multistandard frontend devices, ST STV06XX-based cameras, TDA8261 8PSK/QPSK tuners, OmniVision ov772x cameras, Conexant CX24113/CX24128 tuners, Texas Instruments TVP514x video decoders, OMAP2 camera devices (as seen in Nokia Internet tablets), NXP TEA5764 I2C FM radio devices, Chelsio T3 ASIC based iSCSI adapters, Wolfson Microelectronics WM8350 power management units, Dialog DA9030 battery chargers, DaVinci DM355 EVM microcontrollers, Intel 5400 (Seaburg) memory controller chipsets, Walkera WK-0701 RC transmitters, Wacom W8001 penabled serial touchscreens, Dialog Semiconductor DA9034 touchscreens, TSC2007 based touchscreens, PXA930 trackball mice, and PXA930/PXA935 enhanced rotary controllers.
A number of new drivers have also entered the kernel via the staging tree; these include drivers for Sensoray 2250/2251 video capture devices, Airgo AGNX00 wireless chips, a wide variety of data acquisition devices via the Comedi framework, ASUS laptop OLED displays, Ralink 2860 and 2870 wireless wireless interfaces ("This is the Ralink RT2860 driver from the company that does horrible things like reading a config file from /etc."), RealTek RTL8187SE Wireless LAN NICs, HD44780 or KS-0074 parallel port LCD panels, ServerEngines BladeEngine (EC 3210) network interfaces, Princeton Instruments USB cameras, Mimio Xi interactive whiteboards, the openPOWERLINK network stack, Frontier Tranzport and Alphatrack devices, and several families of Meilhaus data acquisition boards. Also added, seemingly without help from Google, is a set of drivers for the Android platform, including support for the /dev/binder IPC mechanism, timed GPIO operations, the RAM buffer console, a special "low memory killer" device, and the logger device.
Remember that "staging" drivers are not considered to be up to normal kernel code quality drivers; they are merged in the hope that developers will help to make them better. Quite a few improvements to these drivers were merged via the staging tree this time around, so this tree may be working as intended.
The long-deprecated eepro100 driver has finally been removed; the e100 driver should be used instead.
The SCSI layer has acquired support for Fibre Channel over Ethernet (FCoE) devices.
The GEM layer used for memory management in graphical processor unit (GPU) driver code has seen a number of improvements. The big news in this area, though, is that the kernel mode setting code has finally been merged. This change paves the way for the removal of a great deal of scary user-space code, better support for features like fast user switching, and the ability to run the X server without root privilege. Kernel mode setting is still in an early state, though, and most people will not want to enable it unless they are sure they have a properly-prepared user space.
Support for HP iPAQ h5000 systems, Samsung S3C64XX series based systems, and Pandora game consoles has been added to the ARM architecture code.
The SuperH architecture has gained support for the ftrace tracing framework.
There is a new no_file_caps= boot option which can be used to disable file capabilities on kernels which have that feature enabled. From the changelog: "This allows distributions to ship a kernel with file capabilities compiled in, without forcing users to use (and understand and trust) them."
The CIFS filesystem supports a new forcemand mount option; when present, it causes CIFS to use mandatory locks rather than POSIX-style advisory locks.
The CUBIC 2.3 TCP congestion control algorithm and the "backward congestion notification" feature are now supported in the networking layer.
The network code has support for the "deficit round robin" packet scheduling algorithm, said to produce highly fair scheduling with minimal cost.
A vast set of network namespace patches has been merged. The namespace hackers have, so far, refrained from saying that this feature is ready for general use, but it must be getting closer.
The devpts filesystem now supports the creation of multiple instances in different namespaces.
The wireless regulatory domain code has been extended to provide 802.11d support.
The Tree RCU patch set, which should provide improved scalability on systems with "more than a few hundred CPUs," has been merged.
Users of huge pages can now look in /proc/pid/smaps for a new KernelPageSize value giving the actual size of the pages in use. Among other things, this information can be used to verify that a process is actually using large pages where expected.
The eCryptfs filesystem now supports the encrypting of file names as well as their contents.
The FUSE user-space filesystem mechanism can now support ioctl() and poll() calls.
Support for unlabeled networks and hosts has been added to the SMACK security module.

Changes visible to kernel developers include:

There is a new synchronous hash interface called "shash." It simplifies the use of synchronous hash operations while allowing the same tfm to be used simultaneously in different threads. All in-tree users have been switched to the new API.
The massive task credentials patch set has been merged. This code reorganizes the handling of process credentials (user ID, capabilities, etc.). One of the immediate implications of this change is direct references to credential-oriented fields in the task structure need to be changed; for example, current->user->uid becomes current_uid(). See Documentation/credentials.txt for a description of the new API.
The ftrace code has seen a lot of internal changes. The function tracing feature has seen a number of improvements, and the developers have added mechanisms to profile the behavior of if statements, provide function call graphs, obtain user-space stack traces, and follow CPU power-state transitions.
Most of the callback functions/methods associated with the net_device structure have been moved out of that structure and into the new struct net_device_ops. In-tree drivers have been converted to the new API.
The priv field has been removed from struct net_device; drivers should use netdev_priv() instead.
The generic PHY layer now has power management support. To that end, two new methods - suspend() and resume() - have been added to struct phy_driver.
The networking layer now supports large receive offload (or "generic receive offload") operation.
The NAPI API has been cleaned up somewhat; in particular, functions like netif_rx_schedule(), netif_rx_schedule_prep(), and netif_rx_complete() have lost the unneeded struct net_device parameter.
The hrtimer code has been simplified with the removal of variable modes for callback functions. All processing is now done in hardirq context.
A new set of LSM hooks has been added; these support pathname-based security operations. With the merging of these hooks, one major obstacle to the inclusion of security modules like AppArmor and TOMOYO has been removed.
The kernel will now refuse to build with GCC 4.1.0 or 4.1.1; those versions have unfortunate bugs which prevent the building of a working kernel. Versions 3.0 and 3.1 have also been deemed to be too old and will not be supported in 2.6.29.
Video4Linux drivers now use a separate v4l2_file_operations structure to hold their VFS-like callbacks. The prototypes of a number of these functions have been changed to remove the inode argument.
Video4Linux2 has also acquired a new "subdevice" concept, meant to reflect the fact that video "devices" tend to be, in reality, a set of cooperating devices. See the new document for a description of how this mechanism works.
Two new functions - stop_machine_create() and stop_machine_destroy() - allow the independent creation of the threads used by stop_machine(). That, in turn, lets those threads be created before trying to actually stop the machine, making that operation more resistant to failure.
The poll() file operation is now allowed to sleep; see this article for more information on this change.
The CPU mask mechanism, used to represent sets of processors in the system, is in the middle of being massively reworked. The problem is that CPU masks were often put on the stack, but, as the number of processors grows, the stack lacks room for the mask. The new API is designed to get these masks off the stack, and to guard against anybody ever trying to put one back. See this posting by Rusty Russell for details on this work.

The merge window opened on December 28; if the usual two-week pattern holds, changes should be accepted through January 11. Tune in next week for an update on the final patches merged for the 2.6.29 kernel.

Comments (5 posted)

The future for grsecurity

By Jake Edge
January 7, 2009

Using an out-of-tree kernel patch has several downsides but, as long as the patch is maintained and updated with the kernel, it is workable. If the developers lose interest—or funding—it suddenly becomes a much bigger problem for users. That scenario may be about to play out for users of the grsecurity tool as a recent release comes with a warning that it could be the last.

Users of grsecurity are, unsurprisingly, worried about the future of the security tool, but calls for its inclusion in the mainline are not likely to be successful. Over time, largely because of the efforts of others outside of the grsecurity project, various pieces of grsecurity (and the associated PaX project) have been added to the kernel. But, there are a number of reasons that the full grsecurity patch is not in the mainline; the most basic is that the developers seem unwilling or uninterested in following the normal path to inclusion.

The grsecurity patch implements a number of security features that are useful, particularly for web servers or servers that provide shell access to untrusted users. One of the major features is role-based access control (RBAC), which is an alternative to the traditional UNIX discretionary access control (DAC) or the more recent mandatory access control (MAC) provided by SELinux and Smack. The aim of RBAC is create a "least privilege" system, where users and processes have only the minimum necessary privilege to accomplish their task. grsecurity also includes hardening of the chroot() system call, to eliminate privilege escalation and other vulnerabilities from within a "chroot jail". In addition, there are a number of other miscellaneous features like auditing and restricting /proc information, all of which are listed on the grsecurity features page.

Another major component of grsecurity is the PaX code, which restricts memory use so that various exploits, such as buffer overflows and other code execution vulnerabilities, are blunted or eliminated. It does this by making data pages non-executable using—or emulating—the "no execute" (or NX) bit. PaX restricts mprotect() to not allow pages that are both writable and executable to avoid code injection as well. PaX also adds much more aggressive address space layout randomization (ASLR) than is currently used by Linux. PaX is developed separately from grsecurity, by the anonymous "PaX Team", then incorporated into grsecurity by developer Brad Spengler.

The project has been around for a long time; grsecurity started in 2001, while PaX began in 2000. There are numerous satisfied users and grsecurity has been used in distributions such as NetSecL and Hardened Gentoo, but it has never made it into the mainline. Gabor Micsko recently posted a request on linux-kernel for Linus Torvalds to reconsider grsecurity:

The common opinion of the developers of grsecurity, PaX and their users is that acceptance of the code into the kernel would be the best solution for saving the project, beside finding another long-term sponsor.

Torvalds replied that much of what was in grsecurity and PaX was "insane and very annoying and invasive code." He then went on to explain some of the history:

The apparent inability (and perhaps more importantly - total unwilling[n]ess) from the PaX team to be able to see what makes sense in a long-term general kernel and what does not, and split things up and try to push the sensible things up (and know which things are too ugly or too specialized to make sense), caused many PaX features to never be merged.

Much of it did get merged over the years (mostly because some people spent the time to separate things out), but no, we're not going to suddenly start merging code like that just because the project is in trouble. None of the basic issues have been solved.

A perfect example of the unwillingness to work with the kernel hackers is embodied in the decision not to implement RBAC as a Linux Security Module (LSM). For better or worse, LSM is the mechanism used to implement access control in the kernel. Conceptually, it is a good fit for the grsecurity RBAC code. It might require additional LSM hooks, but working on getting those hooks added is the right approach. There was some uncertainty about LSM at one time, but it clearly is the way forward today.

There may also be an issue with the PaX code, in that anonymous contributions to the kernel are not allowed. Presumably Spengler, or some other interested hacker, could sign off on that code, but it cannot be accepted directly from "PaX Team".

To the extent grsecurity and PaX have been proposed for inclusion, they have always been presented as a single monolithic patch. There has never been an attempt to break the patch up into logical chunks that can be accepted or rejected on their individual merits. So far, that has not occurred even after the project lost its sponsor. But waiting until the last minute is not going to work. As Robert Hancock puts it:

Saying to the kernel developers "here, throw this huge blob of code into your kernel because otherwise we're taking our ball and going home" is not how it works.

If there is value in the existing code, interested users and developers need to work within the kernel process to get it accepted. To do that, one must identify the useful pieces and proceed from there. Valdis Kletnieks suggests:

Probably the best way to proceed would be for the stakeholders to come to some agreement on which parts are the "sane stuff" (which could be an interesting food fight), split those parts out, and submit them for inclusion as standalone separate patches.

This is yet another example of the perils of out-of-tree code. By all accounts, there are satisfied grsecurity users who may well be left behind if the grsecurity project fails to find sponsors by the end of March. They can, of course, continue running the grsecurity-enhanced kernels they currently have, but may not be able to take advantage of upcoming kernel advances.

Perhaps the stakeholders will gather together and continue updating grsecurity for newer kernels, but that still leaves the underlying problem. They would be better served spending at least part of their time working with the kernel hackers to get as much of grsecurity and PaX as possible merged into the mainline.

Comments (2 posted)

Btrfs aims for the mainline

By Jonathan Corbet
January 7, 2009

The Btrfs filesystem has been under development for the last year or so; for much of that time, it has been widely regarded as the most likely "next generation filesystem" for Linux. But, before it can claim that title, Btrfs must stabilize and find its way into the mainline kernel. Btrfs developer Chris Mason has been saying for a while that he thinks the code will come together more quickly if it is merged relatively soon, even if it is not yet truly ready for production use. General experience with kernel development tends to support this position: in-tree code gets more review, testing, and fixes than out-of-tree code. So the development community as a whole has been reasonably supportive of a relatively early Btrfs merge.

In our last Btrfs episode, Andrew Morton suggested that a 2.6.29 merge be targeted. Chris would like that happen; to that end, he has posted a version of Btrfs for consideration. Unsurprisingly, that posting has already increased the amount of attention being paid to this code, with the result that Chris quickly got a list of things to fix. Most of those have now been addressed, but there are a few remaining issues which could still impede the merging of Btrfs in this development cycle. This article will look at the potential roadblocks.

One of those is the user-space API. Btrfs brings with it a whole set of new ioctl() calls, none of which have been seriously reviewed or even documented. These calls perform functions like creating snapshots, initiating defragmentation, creating or resizing subvolumes, adding devices to the volume set, etc. Interestingly, there has been no real complaint about the volume-management features of Btrfs in general. But the interface to features like that needs close scrutiny; normally, user-space APIs cannot be broken once they are merged into the mainline. There has been some talk of making an exception for Btrfs, since there is little chance of systems becoming dependent on a specific interface before Btrfs is production-ready.

Still, once distributions start shipping Btrfs tools - to help testers if nothing else - an API change would cause pain. Any potential for this kind of pain would make API changes very hard to do. So Linux may well end up being stuck with the early Btrfs API. Given that at least one developer thinks that this API needs a serious rework, this issue could turn out to be a serious roadblock indeed.

Then, there is the issue of the special-purpose locking primitives used in Btrfs. To understand this discussion, it's worth looking at the locking function used within Btrfs:

    int btrfs_tree_lock(struct extent_buffer *eb)
    {
	int i;

	if (mutex_trylock(&eb->mutex))
	    return 0;
	for (i = 0; i < 512; i++) {
	    cpu_relax();
	    if (mutex_trylock(&eb->mutex))
		return 0;
	}
	cpu_relax();
	mutex_lock_nested(&eb->mutex, BTRFS_MAX_LEVEL - btrfs_header_level(eb));
	return 0;
    }

The lock in question is a mutex, but it is being acquired in an interesting way. If the lock is held by another process, this function will poll it up to 512 times, without sleeping, in the hope that it will become available quickly. Should that happen, the lock can be acquired without sleeping at all. After 512 unsuccessful attempts, the function will finally give up and go to sleep.

Chris justifies this behavior this way:

Btrfs is using mutexes to protect the btree blocks, and btree searching often hits hot nodes that are always in cache. For these nodes, the spinning is much faster, but btrfs also needs to be able to sleep with the locks held so it can read from the disk and do other complex operations.

For btrfs, dbench 50 performance doubles with the unconditional spin, mostly because that workload is almost all in ram. For 50 procs creating 4k files in parallel, the spin is 30-50% faster. This workload is a mixture of disk bound and CPU bound.

That kind of performance increase seems worth going for. In fact, it reflects a phenomenon which has been observed in other situations as well: even when sleeping locks are used, performance often improves if a processor spins for a while in the hope that a contended lock will become available. If the lock can be acquired without sleeping, then the overhead associated with putting the process to sleep and waking it up can be avoided. Beyond that, though, there is the fact that the process seeking to acquire the lock is probably well represented in the CPU's cache. Allowing that process to continue to run will, if the lock can be acquired quickly, almost certainly lead to better system performance.

For this reason, the adaptive realtime locks patch was developed last year, though it never found its way into the mainline. In response to the Btrfs discussion, Peter Zijlstra proposed a spinning mutex patch which is intended to provide the same benefits as the special Btrfs locking function, but for more general use and without the addition of magic constants. In Peter's patch, an attempt to acquire a contended lock will spin for as long as the process holding that lock is actually running on a CPU. If the lock holder goes to sleep, any process trying to acquire the lock also goes to sleep. The heuristic seems to make sense, though detailed benchmarks have not been posted. The patch was received reasonably well, though Linus has insisted that some changes be made.

So a more general spinning mutex may well find its way into the mainline. Whether it will go in for 2.6.29 is not clear, though. Developers tend to like their core locking primitives to be reasonably well tested; merging something which was developed toward the end of the merge window could be a hard sell. Until something like that happens, Chris is uninterested in removing his special locking function:

But, if anyone working on adaptive mutexes is looking for a coder, tester, use case, or benchmark for their locking scheme, my hand is up. Until then, this is my for loop, there are many like it, but this one is mine.

Finally, there is the question of the name. Some reviewers have suggested that the filesystem should be merged with a name which makes it clear that it's not meant for production use - "btrfsdev," for example. Chris is resistant to that idea, noting that, unlike existing filesystems, Btrfs is known to be new and has no reputation for stability. He has stated his willingness to make the change, though, if it is truly considered to be necessary. Bruce Fields pointed out that calling it "Btrfs" from the beginning could possibly burn future developers who boot an old kernel (with a non-production Btrfs) after switching to a newer, production-ready version of the filesystem.

All of this adds up to an uncertain fate for Btrfs in 2.6.29; there are a fair number of open issues and it's late in the merge window. Of course, Btrfs could be merged after 2.6.29-rc1; since it is a completely new subsystem, it won't cause regressions. But if Linus concludes that there are enough loose ends in the current Btrfs code, he may just decide to give it one more development cycle before bringing it into the mainline. So, while nobody seems to doubt that Btrfs will go in, the question of when remains open.

(With any luck, we hope to have an authoritative article on Btrfs for this page in the near future, once the author - you know who you are! - gets it written. Stay tuned.)

Comments (36 posted)

Patches and updates

Kernel trees

Linus Torvalds: Happy v2.6.28. (December 25, 2008)

Build system

Rob Landley: PATCH [0/3]: Simplify the kernel build by removing perl.. (January 5, 2009)

Core kernel code

Scott James Remnant: Notify init when processes are reparented to it. (January 4, 2009)

Li Zefan: cpuset: convert to new cpumask API. (January 4, 2009)

Ingo Molnar: scheduler updates for v2.6.29. (January 5, 2009)

Ingo Molnar: core kernel updates for v2.6.29. (January 5, 2009)

Ingo Molnar: sparseirq / irq updates for v2.6.29. (January 5, 2009)

Rusty Russell: cpumask tree. (January 5, 2009)

Jussi Laako: Multimedia scheduling class. (January 5, 2009)

Manfred Spraul: kernel/rcu: add kfree_rcu. (January 5, 2009)

Arjan van de Ven: Fastboot revisited: Asynchronous function calls. (January 5, 2009)

Peter Zijlstra: : mutex: adaptive spin. (January 6, 2009)

Peter Zijlstra: : mutex: implement adaptive spinning. (January 7, 2009)

Casey Dahlin: waitfd. (January 7, 2009)

Development tools

Eduard - Gabriel Munteanu: kmemtrace over tracepoints. (January 4, 2009)

Eduard - Gabriel Munteanu: kmemtrace over tracepoints (resubmit). (January 4, 2009)

Ingo Molnar: kmemcheck for v2.6.29. (January 5, 2009)

Lai Jiangshan: ftrace: support binary record (V2). (January 4, 2009)

Ingo Molnar: tracing updates for v2.6.29. (January 5, 2009)

Subrata Modak: [ANNOUNCE] The Linux Test Project has been Released for DECEMBER 2008. (January 5, 2009)

Device drivers

Guennadi Liakhovetski: i.MX31: dmaengine and framebuffer drivers. (January 4, 2009)

Jaya Kumar: gpiolib: add batch set/get. (January 4, 2009)

Rafael J. Wysocki: PCI PM: Make new suspend-resume callbacks carry out core operations. (January 4, 2009)

Dave Airlie: drm. (January 5, 2009)

James Bottomley: first set of SCSI updates for the 2.6.28 merge window. (January 5, 2009)

Len Brown: RFC - ACPI source code re-org. (January 5, 2009)

Stefan Richter: firewire: cdev: proposed ABI extensions. (January 5, 2009)

Hans J. Koch: UIO: Add name attributes for mappings and port regions. (January 5, 2009)

unsik Kim: mflash linux support. (January 5, 2009)

Balaji Rao: PCF50633 support. (January 5, 2009)

Adam Baker: Driver for SQ-905 based cameras. (January 5, 2009)

Bartlomiej Zolnierkiewicz: IDE updates part 3. (January 7, 2009)

Greg KH: STAGING patches for 2.6-git. (January 7, 2009)

Greg KH: driver core patches for your 2.6-git tree. (January 7, 2009)

Greg KH: USB patches for 2.6-git. (January 7, 2009)

Jean Delvare: hwmon updates for 2.6.29. (January 7, 2009)

Ira Snyder: net: add PCINet driver. (January 7, 2009)

Filesystems and block I/O

Mark Fasheh: Ocfs2 patches for merge window, batch 3/3. (December 31, 2008)

Evgeniy Polyakov: pohmelfs: The Great Southern Trendkill release.. (December 31, 2008)

Evgeniy Polyakov: Distributed storage release.. (December 31, 2008)

Matthew Garrett: relatime: Let relatime update atime at least once per day. (January 4, 2009)

Daniel Phillips: Tux3 report: A Golden Copy. (January 5, 2009)

Daniel Phillips: Tux3 Report: Structure of Tux3, Revisited. (January 7, 2009)

Al Viro: vfs patches, part 1. (January 5, 2009)

Al Viro: VFS patch pile #2. (January 5, 2009)

Chris Mason: Btrfs for mainline. (January 5, 2009)

Theodore Ts'o: New ext4 patchset: 2.6.28-ext4-1. (January 5, 2009)

Theodore Tso: Allow ext4 to run without a journal.. (January 5, 2009)

Phillip Lougher: Squashfs: compressed read-only filesystem. (January 5, 2009)

Jonathan Corbet: RFC: Fix f_flags races without the BKL. (January 5, 2009)

Alasdair G Kergon: device-mapper patches for 2.6.29. (January 6, 2009)

Tetsuo Handa: Introduce d_realpath().. (January 6, 2009)

Daniel Phillips: Patch: Filesystem change brackets. (January 6, 2009)

Boaz Harrosh: open-osd: OSD Initiator library for 2.6.29. (January 6, 2009)

Memory management

Peter W Morreale: fix pdflush races and enhancement v2. (January 4, 2009)

Balbir Singh: Memory controller soft limit patches. (January 7, 2009)

Networking

Jouni Malinen: mac80211: Add support for IEEE 802.11w (MFP). (January 5, 2009)

Jouni Malinen: mac80211: IEEE 802.11w (management frame protection). (January 7, 2009)

David Miller: : Networking. (January 6, 2009)

Architecture-specific

Avi Kivity: Remove interrupt stack table usage from x86_64 kernel (v2). (December 31, 2008)

Ingo Molnar: x86 updates for v2.6.29. (January 5, 2009)

Yu Zhao: ATS capability support for Intel IOMMU. (January 7, 2009)

Security-related

Herbert Xu: Crypto Update for 2.6.29. (January 5, 2009)

James Morris: Security changes for 2.6.29. (January 5, 2009)

James Morris: More security updates for 2.6.29. (January 7, 2009)

Tetsuo Handa: TOMOYO Linux. (January 5, 2009)

Ingo Molnar: stackprotector re-enabling patches. (January 5, 2009)

Virtualization and containers

Oren Laadan: Kernel based checkpoint/restart. (January 4, 2009)

Sukadev Bhattiprolu: Container-init signal semantics. (January 4, 2009)

Rusty Russell: virtio and lguest tree. (January 5, 2009)

Miscellaneous

J.H.: Announcement: patchwork.kernel.org. (January 5, 2009)

Paul Mackerras: New maintainer for powerpc architecture. (January 5, 2009)

Andrew Morton: 2.6.29 -mm merge plans. (January 5, 2009)

Douglas Gilbert: smp_utils-0.94 available. (January 5, 2009)

Kay Sievers: udev 136 release. (January 7, 2009)

Page editor: Jonathan Corbet

Distributions

News and Editorials

Social networking and the Linux distribution

By Rebecca Sobol
January 7, 2009

Last August a friend of mine invited me to join Facebook, a social networking site. I was skeptical. After all, when you spend hours every day working on a computer, spending more hours networking with friends seems less than attractive.

Lately though, I've been seeing mention of various distributions on Facebook, so I thought I'd take a look for other Linux groups. The first I found in my search is the GNU Linux group, with over 24,000 members.

There are around 500 groups of various distribution fans. Any member can join a group, if the group is open. Look for the groups Debian GNU/Linux and Gentoo Linux Users (motto: if it moves compile it). Also SuSE Linux Users and openSUSE Linux. There's BackTrack Linux, an unofficial Ubuntu Linux group, Arch Linux, Pardus Linux Users, Mandriva Linux Users, Linux Mint, Fedora - Linux, and many more. I only looked at 40 of 500 groups.

There are many individuals with Linux in their names. As individuals you can only find out more about them if you become friends. Most seem to be fans of one distribution or another. There are many instances of Ubuntu Linux or Linux Ubuntu, Fedora Linux or Linux Fedora, plus fans of Linux Unbuntu, Linux Suse, Debian Gnu Linux, Redhat Linux, Linux Barrera, Mandriva Linux, Apollokk Arch-Linux, Linux Centos, Dell Linux, Linux Asianux, Mk Linux, Intel Linux, Comunidad Linux, Linux Latin America, Knoppix Linux, Maghreb Linux in Morocco, Sabayon Linux, Tito Linux in Egypt, Linux Galore in India, Zune Linux and Tux Linux. The spellings and capitalization are copied directly from Facebook. Other obvious fans include Unix Linux from Morocco, Linux Torvaldo, Linus Linux, and Linus Linux Torvalds from France.

You can find local user groups, Linux forums, Python fans, more distribution fan groups, and if you can't find what you are looking for you can start your own group, if you are a Facebook member of course.

LWN.net even has an unofficial fan site, so stop by for a visit.

All this research was done on Facebook. I have yet to join MySpace, Twitter or any of the growing number of other social networking sites.

Comments (1 posted)

New Releases

Fedora Unity F9 20081217 respins

The Fedora Unity Project has new respins of Fedora 9, with all errata as of December 17, 2008.

LWN.net Weekly Edition for January 8, 2009

Commercial

Legal

Distributions

Development

Conclusion

OpenSSL: certificate verification flaw

p7zip: unknown vulnerability

php-xajax: cross-site scripting

samba: privilege escalation

xen: DOS and symlink vulnerabilities

xterm: arbitrary code execution

Useful, redundant, or dangerous?

Conclusion

Events: January 15, 2009 to March 16, 2009