LWN.net Weekly Edition for May 7, 2009

Updating and rebuilding Android

This is one in a series of articles on working with the Android Developer Phone (ADP1) device. In the previous episode, your editor went through the process of updating the software on the ADP1. This time around, we'll look at the latest software builds, then take a beginning look at the process of actually building new software for the device.

Your editor started by testing out the Android 1.5 images provided by HTC, the manufacturer of the ADP1. The provision of these images is a nice step forward by HTC; thus far, ADP1 owners have felt somewhat left out when new versions of the firmware have been released. This time around, they have the new software at about the same time as everybody else. The 1.5 update is done in the usual way: use the "adb" tool to copy it to /sdcard/update.zip on the phone, then reboot into the recovery image to actually install the new code. Two such iterations are required this time around; there is an update to the (closed-source) radio code which must be applied first.

So what's new in Android 1.5? The biggest user-visible feature is almost certainly the on-screen keyboard. It's no longer necessary to open the keyboard to send a quick text message. The on-screen keyboard is somewhat painful for your fat-fingered editor to use when the phone is in the portrait orientation, but it works better in the landscape mode. One has to wonder, though, what inspired the Android developers to dedicate a significant chunk of scarce screen space to a "smiley" key. There are plenty of characters which would have been rather more useful in that position.

Beyond that, the 1.5 release includes "Latitudes" support for those of you who want to continuously report your real-world location to the Google mother ship. There are simple screen effects which come into play when switching between applications and orientations. Holding the power button gives quick access to "airplane mode." The camera is quite a bit more responsive. The zoom icons are smaller and more discrete. GPS acquisition is said to be faster; your editor has not had a chance to test that claim, but it would certainly be a welcome improvement. The orientation-awareness (turn the phone on its side and the display switches to landscape mode) that has been a feature of the JesusFreke builds for a while is now part of the core platform. And so on. Mostly small stuff, but it's enough to make for a nicer feel to the platform overall.

Speaking of the JesusFreke builds, the JFv1.50 build, based on 1.5, is also available; your editor promptly installed it. This build is basic Android 1.5 with a number of additions, including multitouch support, tethering support, an augmented init daemon, a whole set of busybox-based command-line utilities, and more; see the full list for the details. As usual, these builds add a number of nice features to the phone; anybody who is interested in really playing with the device will likely prefer the JF version of the software.

Remaking JF builds

Playing with new builds is fun, but this is free software. The real fun comes from rebuilding the software from the source, perhaps with specific changes. There are two levels at which this can be done. The first is to use the JesusFreke "build environments." Essentially, the build environment is a tarball containing the modifications made to create the JF image, along with the necessary scripts. There's a new kernel containing multitouch and unionfs support, along with the patches needed to create it. Busybox is found there, as are a number of other useful diagnostic tools, an ssh client, and more.

To create a new build, it is necessary to get the associated official build, place it within the build environment, then run make. With any luck, the end result is an update.zip file ready to be flashed into the phone.

One of the interesting things your editor learned from looking at the images (and from talking to Mr. Freke) is that the JF builds do not actually involve rebuilding much of the Android system. It's mostly a matter of unpacking an official build and making a few creative substitutions. The kernel has been remade, as has the browser application (to support multitouch zooming). Everything else is just a matter of shuffling files around. So the JF build environments can be useful for somebody else wanting to do the same kind of manipulations, but more extensive changes require building the system at a lower level.

Building Android from source

Remaking Android from the source code turns out to be a bit of a challenge. What follows here is a brief set of instructions derived from the Android "building for Dream" page, some hints helpfully provided by GeunSik Lim, and a fair amount of painful experience. In summary: most of the code needed to rebuild the platform is available, but (1) it's not a quick or simple process, and (2) there are a few pieces missing.

There's a number of tools which must be installed on a Linux system to rebuild the Android platform. These include flex, bison, git, and the Sun Java system. Beyond that, one must grab the repo tool. Repo is Google's answer to the problem of managing a whole set of related repositories; essentially it is a tool which sits on top of git and manages a whole set of git repositories in parallel. Once repo has been installed, the meta-repository is set up with a command like:

    repo init -u git://android.git.kernel.org/platform/manifest.git

This command pulls down the manifest file describing all the repositories needed to build the platform. Note that if a branch other than the trunk is desired, it must be obtained during this stage with the -b option; repo apparently cannot switch branches in an existing source tree.

One then obtains the code by running "repo sync" and going out for coffee.

Incidentally, when you go out for coffee, you need not hurry back. It's entirely possible to fly to a different continent, harvest the coffee by hand (after waiting for it to reach the perfect ripeness), fly home, and roast it yourself. You'll still probably have time for a second cup before the downloading of the source is complete. You are, after all, not just downloading a huge pile of source files. You are, instead, downloading over 100 independent git repositories, each containing a long trail of history - about 2.4GB worth of stuff. It takes a while. And, needless to say, some disk space.

To make things worse, you still don't have all the source; there are a few components of the binary platform for the ADP1 which have not been released as free software. You cannot download those binary components from anywhere; instead, what's needed is to obtain them from a working phone. To that end, the file vendor/htc/dream/extract-files.sh contains a script which will pull the needed components from a USB-connected ADP1 device. These components vary from files containing mixer settings to programs for controlling Bluetooth, the GPS receiver, firmware for the wireless network adapter, a camera control library, and more. The dream directory also contains a binary driver module (wlan.ko) for the WIFI adapter, despite the fact that said driver is open source and included in the distribution.

After that, it's a matter of copying build/buildspec.mk.default to buildspec.mk in the top-level directory, editing it to set TARGET_PRODUCT to htc_dream, and typing make. And going out for more coffee, of course. At the end of the process, with luck (a fair amount of luck may be required), there will be new system and boot images which can be flashed into the phone with the fastboot tool. A reboot will run the new code.

At that point, of course, there are some surprises to be found. One is that the newly built software is lacking a number of features found in an official build. The reason for this is simple: several of the applications which run on Android phones are not open source. These include the Gmail client (which your editor will happily do without), Maps (which cannot be done without, at least until AndNav progresses a little further), and more. These applications can generally be recovered by grabbing the associated package files from an official build and slipping them into the build environment. See this article for a terse description of how that is done.

It took your editor a little while to figure out another little surprise: despite the fact that the Android source tree includes a kernel repository, the build process does not actually build the kernel. One might think that it would be hard to miss something the size of a kernel build, but ... did your editor mention that the Android source tree is big? The Android build system which goes with this source tree is quite a piece of work; there must be people working full time on it, and they probably hate their lives.

Trying to figure out what is happening in an Android build requires digging through many thousands of lines of makefile rules. What your editor finally discovered is that the build system simply pulls a binary kernel from a special "prebuilt" repository (that repository also contains a cross-compiling toolchain for the creation of ARM executables). The kernel source tree, seemingly, is just there for show. Using something other than the prebuilt kernel requires making it separately and pointing a build-system variable at the location of the result.

[PULL QUOTE: It's clear that even people who remake Android are not, in general, expected to remake the kernel. END QUOTE] It's clear that even people who remake Android are not, in general, expected to remake the kernel. The kernel repository pulled down by the repo command does contain the Android-specific patches, but it lacks nice things like branches (even "master" is missing) or tags. There are some remote branches with names like korg/android-msm-2.6.27 which contain lines of development for various kernel versions; the 2.6.27 one appears to be, as of this writing, the one which is best supported on real hardware. But, within those branches, there are (unlike the situation with the rest of the Android code) no tags associated with releases. Nothing in the repository will tell a developer which kernel was shipped with a given version of Android.

So it's hard to build a kernel which corresponds to the one found within an official release. But not impossible: most of the official releases include the git commit ID in the kernel version. So by digging down into the settings menus, your editor was able to determine that the HTC 1.5 build came from commit 8312baf. After checking out that commit, one can do a make msm_defconfig to configure the kernel properly. Then it's just a matter of setting the ARCH and CROSS_COMPILE environment variables and doing the build. If you have a 32-bit Linux environment, the prebuilt ARM toolchain provided with the Android source does the job just fine.

Once the kernel build is done, it's possible to build a new set of firmware images which can be loaded into the device with fastboot. That's easy to say, but it can be harder to do; the sources from the repository often do not build, and it's not always easy to get all the pieces together to make a working image for the ADP1. Making it possible for people outside of the core Android project to build and install the platform appears to be an afterthought, at best.

Android and the ADP1

In truth, Google does not really support the ADP1 as a system people can develop and run on; this situation was somewhat explained by Jean-Baptiste Queru, who is easily the most helpful Google developer on the mailing lists:

So, while the ADP1 is one of the most open cellular phone platforms yet to appear, it does not, yet, represent a fully-open system in the way the OpenMoko phone does. Most people wanting to do things with this device are likely to end up starting with the official, binary builds and tweaking things around the edges, much like as has been done with the JF builds.

That said, there is a lot of fun to be had with this device. It's fully hackable at the kernel level now, and more hardware information is becoming available, which raises the hope of gaining more control over the low-level system in time. About the time the ADP1 becomes fully obsolete and unobtainable, we should have it figured out pretty well. With any luck at all, at least one of the devices which replaces it will be more open from the outset.

Comments (24 posted)

Unladen swallow: accelerating Python

Google uses Python for many of its engineering projects, from internal server monitoring and reporting to outward-facing products like Google Groups, so it is no surprise that the company wants to improve Python application performance. A group of Google developers is working on a new optimization branch of Python dubbed Unladen Swallow, with the goal of a five-fold speed increase over the trunk. It will achieve that goal by adding just-in-time compilation and a new virtual machine design, all while retaining source compatibility for Python application developers.

Unladen Swallow's lead developers Collin Winter, Jeffrey Yasskin, and Thomas Wouters have long been core developers for the CPython project, the reference implementation and most widespread interpreter for the Python language. All three are Google employees, and others contribute their "twenty percent time" to Unladen Swallow, but the group insists that it is a Python project, not an effort owned by Google.

Winter said the origin of the idea dates back to his work on the web-based code review tool Mondrian, when the team's attempts at optimization repeatedly hit limitations in CPython, such as the Global Interpreter Lock (GIL), the mutex that prevents concurrency on multiprocessor or multi-core machines. While researching potential speed-ups and changes, Winter and the other Google engineers eventually decided that the long-range ideas they had in mind were significant enough to warrant making a separate branch. Plus, doing so would give them the chance to stress-test their ideas before trying to roll them back into CPython.

The Concept: a bird's eye view

The core of the Unladen Swallow team's planned improvements is to remove performance bottlenecks in the Python virtual machine (VM) design, leaving the rest of the interpreter — not to mention the substantial runtime library — relatively untouched. The long-term plan is to replace CPython's existing stack-based VM with a register-based VM built with code from the Low Level Virtual Machine (LLVM) project, and to add a just-in-time compiler (JIT) on top of the new VM. Other performance-based improvements are welcome at the same time, and the team has several in store based on their talks with heavy Python users.

Using a JIT will speed up execution by compiling to machine code, thus eliminating the overhead of fetching, decoding, and dispatching Python opcodes. "In CPython," Winter explained, "this overhead is significant; some minor tweaks were made to CPython 2.7 that netted a 15% speed-up with relatively little work."

Adding the JIT presents a good opportunity to switch from a stack-based VM to LLVM's register-based design, which Winter said will net its own performance benefits. The merits of stack- versus register-based VMs is an ongoing debate, but Winter cites a 2005 study [PDF] from the Lua project showcasing the empirical benefits of the register-based design.

Unladen Swallow is based on Python 2.6.1, which is not the most recent release. Python 3.0 was released in December of 2008, implementing the backward-incompatible 3.0 version of Python. Because the majority of Python code in the wild — and in use at Google — is still written for Python 2.x, the Unladen Swallow team decided to focus its efforts on the earlier version where more benefits would be felt. By using the CPython source as its base, Python users can expect Unladen Swallow to retain 100% source compatibility.

Still, Winter said, the team does keep in close contact with Python designer Guido van Rossum (himself a Google employee) and other members of the CPython team. "In our discussions with Guido and others about how and where to merge our changes back into CPython, the idea has been proposed that Unladen Swallow should merge into 3.x. 3.x is the future of the language, and if 3.x is significantly faster than 2.x, that's an obvious incentive to port applications and libraries to 3.x. None of that is set in stone, and Guido may well change his mind."

Recent sightings

The team has set a tight development schedule for Unladen Swallow, making quarterly milestone releases. The first release, 2009Q1, was limited in scope, aiming for a 25 to 35% speed increase over vanilla CPython by making less than drastic changes to the code. The changes include a new eval loop reimplemented using vmgen, several improvements to the garbage collector — better tracking long-lived objects so that the garbage collection can make fewer collection runs — and to the data serialization module cPickle, which the developers said will benefit web applications in particular. Several obscure Python opcodes were also removed and replaced with functionally-equivalent Python functions, which reduces code size without affecting performance.

Unladen Swallow 2009Q1 is available as source code only for the time being, and can be checked out as a branch from the project's public Subversion repository. No specific compilation instructions are provided because this release closely follows the upstream CPython, but the developers do recommend building in 64-bit mode in order to take the fullest advantage of the performance increases.

Since speed of execution is the goal, the team performs regular benchmarks on the code. The thirteen benchmark tests in the suite are based on real-world performance tests designed to highlight practical application tasks, particularly for web applications. The results of the tests on Unladen Swallow 2009Q1 versus CPython 2.6.1 are posted on the project wiki; Unladen Swallow ranges from 7.43% faster to 157.17% faster, beating CPython on every benchmark.

Work is underway now on Unladen Swallow 2009Q2, which will focus on replacing the existing CPython VM with an equivalent built using LLVM.

Elsewhere in the ecosystem

Other open source projects have sought to improve Python application execution using some of the same ideas. Psyco was an earlier JIT for Python, but which was later superseded by the PyPy project. PyPy's primary goal is not performance, though, rather it is to build a Python implementation in Python itself. Stackless Python implements concurrency through the use of its own scheduler and special primitives called "tasklets." Finally, the Parrot project is implementing Python on its own register-based VM.

In some ways, Unladen Swallow is more ambitious than these other projects, particularly when you consider the rapid pace of development laid out in the road map. On the other hand, Unladen Swallow starts from the CPython 2.6.1 code base, and incorporates many CPython developers, which greatly improves the chances that its changes will one day be blessed as the official CPython release. Many of the 2009Q1 changes have already been sent upstream to CPython, and the door is still wide open for the 3.0 series should the JIT and VM performance deliver real-world performance increases anywhere close to the expected 400 percent.

Comments (18 posted)

Tomboy, Gnote, and the limits of forks

Your editor has long been a user of the Tomboy note-taking tool. Tomboy makes it easy to gather thoughts, organize them, and pull them up on demand; it is, beyond doubt, a useful productivity tool. But all is not perfect with Tomboy. Some people have complained about its faults for a while; Hubert Figuiere, instead, chose to do something about it in the form of the Gnote utility. So now, of course, people are complaining about Gnote instead.

So what are the problems with Tomboy? For your editor, at least, the biggest issue is the simple sluggishness of the tool. It is a large program which takes quite some time to start up. If one tries to bring up a note on a system which has been used for other things, there can be a lengthy delay before the menu from the taskbar icon appears. Rightly or wrongly, users blame this fundamental slowness on Tomboy's use of the Mono platform. Now, of course, use of Mono brings in a whole host of other complaints, but we need not consider those here. The simple fact is that Mono adds a great deal of baggage to what should be a small and simple application. A basic note-taking tool should not be a heavyweight program.

Gnote is a reimplementation of Tomboy's functionality using C++ and GTK+. In a sense, though, it is not an independently-developed application. Instead, Gnote is a straightforward port of the original C# code to C++. So it's not just a Tomboy work-alike; it's a true clone. There are advantages to this approach; it makes use of the experience which has gone into Tomboy development, and compatibility with the Tomboy file format is not a problem. This approach enabled Hubert to put together a working application in a relatively short time.

Some distributors (Fedora, at least) have made Gnote packages available. Your editor played with the Rawhide version of Gnote for a bit; it is, in general, indistinguishable from Tomboy. It does seem more responsive, especially when the system is under some memory pressure. Annoyingly, it does not (unlike Tomboy) dismiss notes when the escape key is hit. Beyond that, though, Tomboy users (at least those who do not use plugins) will be hard-put to tell the difference between the two.

It is said that imitation is the sincerest form of flattery; if that is true, one would expect the Tomboy developers to be flattered indeed. But a web log entry about the Tomboy 0.14.1 release made it clear that "flattered" may not be the operative word in the Tomboy camp:

It should not come as a surprise that this language inspired a lot of responses, on the original site and elsewhere. Reading through the discussions, your editor has come to a couple of conclusions:

• The Tomboy development community obviously sees Gnote as a threat. It's not entirely clear why that should be. If these developers are paying attention to what they are doing, and if the Mono platform is as "extremely productive" as they say, they should have no trouble staying ahead of Gnote. Beyond that, the existence of other, interoperable applications should serve to grow the community as a whole.

• Gnote clearly has added value for some users. There is a significant community out there which does not want to have Mono on its systems. One may or may not agree with their reasoning, but one cannot argue with the fact that these users exist; simply dismissing their concerns is unlikely to change their minds. Mono-free, Tomboy-like functionality adds value for those users.

It is evident that some developers and users in the Tomboy camp think that the creation of Gnote is an improper thing to do. The creation of a new application by translating code into another language seems unoriginal at best, and a misappropriation of the code at worst. The fact that the code has been relicensed (from LGPL 2+ to GPLv3) in the translation process has not helped. But it should be remembered that both the translation and the relicensing are acts which are allowed by the license chosen by the Tomboy developers. The LGPL license text packaged with the Tomboy code reads:

Other parts of Tomboy carry GPLv2+ or BSD licenses; it's actually quite a mixture, but they all allow conversion to GPLv3. So Hubert has only done what the original developers explicitly allowed him to do; about the only complaint one might make is that he appears to not have carried the copyright attributions over into his translated code. That, probably, is an omission which needs to be fixed; it would be hard to argue that Gnote is not derived from Tomboy.

Beyond that, there are concerns that Gnote will take developer attention away from Tomboy. That could be true, but chances are that any developers working on Gnote (and it's not clear that there are any, beyond Hubert) are unlikely to have been working on Tomboy previously. There is also concern about what happens if and when Tomboy and Gnote diverge from each other. That could well happen; Hubert does not appear to have promised to mirror Tomboy forever. Should things go that way, Gnote really just becomes another fork; it will live or die on its own merits.

It will take time to know whether hacking on Gnote is a wise use of Hubert's time. But it is a clear example of what is good about free software: a developer with a specific itch was able to scratch it (for himself and for others) without having to start from the beginning. Criticisms of Gnote would seem to be misplaced, and attempts to suppress it (and telling distributors that distributing Gnote is a threat to their users' data can only be seen as such an attempt) even more so. Free software means letting others take your code in directions you may not always approve of.

Comments (120 posted)

Page editor: Jonathan Corbet

Security

The Firefox extension war

By now, the escalating battle between the NoScript and Adblock Plus Firefox extensions is fairly well-publicized. In fact, the LWN comment thread on the topic has attracted an enormous number of comments—though many are rather tangential to the actual issue. While the original dispute has been settled, there are still a few issues to ponder from that incident.

For those who didn't follow the dispute, a review is probably in order. Both NoScript and Adblock Plus are meant to assist users in controlling the content that their browsers display. As their names imply, NoScript is focused on blocking things like Javascript, Flash, and the like, whereas Adblock Plus blocks advertisements. There is some overlap between the two, of course, because much of the advertising on the web is served via Javascript and/or contains Flash content.

NoScript's author, Giorgio Maone, uses advertising on the NoScript web pages to help fund development of the extension, which is part of why the frequently-updated extension opens a tab on the release notes page after an update. This particular feature—which can be disabled fairly easily—is quite annoying to some. Part of that annoyance may be because of the ads on that page. In late April, Adblock Plus added the NoScript site to its filter list so that its users would no longer see the ads. That led to an arms race.

The NoScript and Adblock Plus developers went back and forth, with NoScript circumventing the filters and Adblock Plus adding new filters to block the ads. This continued until the Adblock Plus filter fundamentally broke the NoScript site so that users could no longer even see the links to download NoScript. This sent Maone around the bend, evidently, as his next step was to add obfuscated code—though the extent of the obfuscation is disputed—to NoScript that disabled the Adblock Plus filter for his site.

At that point, Adblock Plus author Wladimir Palant wrote a blistering blog post about the dispute, which brought it to the attention of many. Maone quickly backed down, offering a detailed and seemingly heartfelt apology. In the meantime, though, the folks at addons.mozilla.org (AMO) noticed the problem and are considering changes to their policy on legitimate extension behavior.

It should be noted that AMO did not review the NoScript changes (or, presumably, the Adblock Plus filter changes) before the updates were made available to users. As Maone explains, once an extension reaches a certain level of trust, the AMO reviewers do not check updates—they are approved automatically. It is unclear how that process works exactly, but given the number of escalating changes both extensions were making over a short period of time, some kind of minimal oversight might have noticed that something was amiss.

For someone of malicious intent, as opposed to someone just exhibiting some incredibly bad judgment, a Firefox extension makes a pretty tempting target. Much of what goes on inside the browser involves sensitive information which users do not wish to have exposed (passwords, browsing history, etc.). If an extension can get to the point where it can push out "trusted" updates, without any review, that seems rather troubling.

Some distributions—Debian at least—package Firefox extensions for their users. Though it isn't a foolproof solution, it does add a level of review to the code before it gets installed. It probably makes sense for other distributions to consider doing that as well. Changing the AMO policy is certainly a good idea, but it will hardly protect against attackers of various sorts.

While there is nothing wrong with supporting development via advertising, clearly Maone crossed the line. Adblock Plus users specifically want ad blocking, so turning that functionality off, even "just" for one site, is plain wrong. Maone seems to recognize that now and this dispute will hopefully serve as a warning to other extension authors before they allow their anger to get in the way of their good sense. For the rest of us, though, it serves as a reminder that we are sometimes, perhaps even frequently, installing software in our browsers that has had little or no oversight.

Comments (3 posted)

New vulnerabilities

apache: information leak

Package(s):	apache	CVE #(s):	CVE-2009-1191
Created:	May 1, 2009	Updated:	December 7, 2009
Description:	From the Mandriva advisory: mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
Alerts:	Mandriva MDVSA-2009:323 2009-12-07 Fedora FEDORA-2009-8812 2009-08-20 Slackware SSA:2009-214-01 2009-08-03 Gentoo 200907-04 2009-07-12 Ubuntu USN-787-1 2009-06-12 Mandriva MDVSA-2009:102 2009-04-30

Comments (none posted)

Apport: arbitrary file removal

Package(s):	Apport	CVE #(s):	CVE-2009-1295
Created:	April 30, 2009	Updated:	May 13, 2009
Description:	From the Ubuntu alert: Stephane Chazelas discovered that Apport did not safely remove files from its crash report directory. If Apport had been enabled at some point, a local attacker could remove arbitrary files from the system.
Alerts:	SuSE SUSE-SR:2009:010 2009-05-12 Ubuntu USN-768-1 2009-04-29

Comments (none posted)

bash-completion: incorrect metacharacter quoting

Package(s):	bash-completion	CVE #(s):
Created:	May 4, 2009	Updated:	May 6, 2009
Description:	From the Red Hat bugzilla: An old Debian bug report (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=259987) indicates that some bash completions fail to properly quote or escape special characters like ' and &. Most bash completions are escaped fine, but certain ones (such as aspell) do not.
Alerts:	Fedora FEDORA-2009-3639 2009-04-14 Fedora FEDORA-2009-3640 2009-04-14

Comments (none posted)

clamav: incorrect ownership

Package(s):	clamav	CVE #(s):
Created:	May 5, 2009	Updated:	May 6, 2009
Description:	From the Ubuntu advisory: A flaw was discovered in the clamav-milter initscript which caused the ownership of the current working directory to be changed to the 'clamav' user.
Alerts:	Ubuntu USN-770-1 2009-05-04

Comments (none posted)

drupal: multiple vulnerabilities

Package(s):	drupal	CVE #(s):	CVE-2008-3661
Created:	May 4, 2009	Updated:	May 6, 2009
Description:	From the Drupal advisory: Certain byte sequences that are valid in the UTF-8 specification are potentially dangerous when interpreted as UTF-7. Internet Explorer 6 and 7 may decode these characters as UTF-7 if they appear before the tag that specifies the page content as UTF-8, despite the fact that Drupal also sends a real HTTP header specifying the content as UTF-8. This behaviour enables malicious users to insert and execute Javascript in the context of the website if site visitors are allowed to post content. In addition, Drupal core also has a very limited information disclosure vulnerability under very specific conditions. If a user is tricked into visiting the site via a specially crafted URL and then submits a form (such as the search box) from that page, the information in their form submission may be directed to a third-party site determined by the URL and thus disclosed to the third party. The third party site may then execute a CSRF attack against the submitted form.
Alerts:	Debian DSA-1792-1 2009-05-06 Fedora FEDORA-2009-4175 2009-05-02 Fedora FEDORA-2009-4203 2009-05-02

Comments (none posted)

gpdf: buffer overflows

Package(s):	gpdf	CVE #(s):	CVE-2009-0195
Created:	May 1, 2009	Updated:	August 18, 2010
Description:	From the Red Hat advisory: Multiple buffer overflows in JBIG2 decoder (setBitmap, readSymbolDictSeg).
Alerts:	Ubuntu USN-973-1 2010-08-17 CentOS CESA-2010:0400 2010-05-28 Mandriva MDVSA-2010:096 2010-05-17 CentOS CESA-2010:0399 2010-05-08 Red Hat RHSA-2010:0400-01 2010-05-06 Red Hat RHSA-2010:0399-01 2010-05-06 Mandriva MDVSA-2010:087 2010-04-29 Mandriva MDVSA-2009:282-1 2009-12-07 Mandriva MDVSA-2009:283 2009-10-19 Mandriva MDVSA-2009:282 2009-10-19 CentOS CESA-2009:0480 2009-05-15 Red Hat RHSA-2009:0480-01 2009-05-13 CentOS CESA-2009:0458 2009-05-03 Red Hat RHSA-2009:0458-01 2009-04-30

Comments (none posted)

kernel: denial of service

Package(s):	linux-2.6.24	CVE #(s):	CVE-2008-5701
Created:	May 4, 2009	Updated:	May 7, 2009
Description:	From the Debian advisory: Vlad Malov reported an issue on 64-bit MIPS systems where a local user could cause a system crash by crafing a malicious binary which makes o32 syscalls with a number less than 4000.
Alerts:	Debian DSA-1794-1 2009-05-06 Debian DSA-1787-1 2009-05-02

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):	linux-2.6.24	CVE #(s):	CVE-2009-1192 CVE-2009-1242 CVE-2009-1265 CVE-2009-1337 CVE-2009-1338 CVE-2009-1439
Created:	May 4, 2009	Updated:	November 16, 2009
Description:	From the Debian advisory: CVE-2009-1192: Shaohua Li reported an issue in the AGP subsystem they may allow local users to read sensitive kernel memory due to a leak of uninitialized memory. CVE-2009-1242: Benjamin Gilbert reported a local denial of service vulnerability in the KVM VMX implementation that allows local users to trigger an oops. CVE-2009-1265: Thomas Pollet reported an overflow in the af_rose implementation that allows remote attackers to retrieve uninitialized kernel memory that may contain sensitive data. CVE-2009-1337: Oleg Nesterov discovered an issue in the exit_notify function that allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. CVE-2009-1338: Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to reach processes outside of the current process namespace. CVE-2009-1439: Pavan Naregundi reported an issue in the CIFS filesystem code that allows remote users to overwrite memory via a long nativeFileSystem field in a Tree Connect response during mount.
Alerts:	SuSE SUSE-SA:2009:055 2009-11-12 Red Hat RHSA-2009:1211-01 2009-08-13 SuSE SUSE-SA:2009:056 2009-11-16 SuSE SUSE-SA:2009:054 2009-11-11 Ubuntu USN-793-1 2009-07-02 Red Hat RHSA-2009:1132-01 2009-06-30 CentOS CESA-2009:1106 2009-06-19 Mandriva MDVSA-2009:135 2009-06-17 Red Hat RHSA-2009:1106-01 2009-06-16 CentOS CESA-2009:1550 2009-11-04 Red Hat RHSA-2009:1550-01 2009-11-03 SuSE SUSE-SA:2009:033 2009-06-16 SuSE SUSE-SA:2009:032 2009-06-09 SuSE SUSE-SA:2009:031 2009-06-09 SuSE SUSE-SA:2009:030 2009-06-08 Red Hat RHSA-2009:1081-01 2009-06-03 Red Hat RHSA-2009:1077-01 2009-06-02 Fedora FEDORA-2009-5383 2009-05-25 Fedora FEDORA-2009-5356 2009-05-25 SuSE SUSE-SA:2009:028 2009-05-20 Mandriva MDVSA-2009:119 2009-05-19 Debian DSA-1800-1 2009-05-15 Red Hat RHSA-2009:1024-01 2009-05-18 rPath rPSA-2009-0084-1 2009-05-15 CentOS CESA-2009:0473 2009-05-07 Red Hat RHSA-2009:0473-01 2009-05-07 Debian DSA-1794-1 2009-05-06 Debian DSA-1787-1 2009-05-02

Comments (none posted)

libwmf: pointer use-after-free flaw

Package(s):	libwmf	CVE #(s):	CVE-2009-1364
Created:	May 1, 2009	Updated:	December 3, 2009
Description:	From the Red Hat advisory: A pointer use-after-free flaw was found in the GD graphics library embedded in libwmf. An attacker could create a specially-crafted WMF file that would cause an application using libwmf to crash or, potentially, execute arbitrary code as the user running the application when opened by a victim.
Alerts:	Mandriva MDVSA-2009:106-1 2009-12-03 Gentoo 200907-01 2009-07-02 SuSE SUSE-SR:2009:011 2009-06-09 Fedora FEDORA-2009-5518 2009-05-27 Fedora FEDORA-2009-5524 2009-05-27 Fedora FEDORA-2009-5517 2009-05-27 Debian DSA-1796-1 2009-04-07 Mandriva MDVSA-2009:106 2009-05-05 Ubuntu USN-769-1 2009-05-04 CentOS CESA-2009:0457 2009-05-03 Red Hat RHSA-2009:0457-01 2009-04-30

Comments (none posted)

memcached: information leak

Package(s):	memcached	CVE #(s):	CVE-2009-1255 CVE-2009-1494
Created:	May 4, 2009	Updated:	August 11, 2009
Description:	From the Mandriva advisory: The process_stat function in Memcached prior 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port (CVE-2009-1255, CVE-2009-1494).
Alerts:	SuSE SUSE-SR:2009:013 2009-08-11 Fedora FEDORA-2009-4542 2009-05-08 Fedora FEDORA-2009-4199 2009-05-02 Mandriva MDVSA-2009:105 2009-05-04

Comments (none posted)

moin: cross-site scripting

Package(s):	moin	CVE #(s):	CVE-2009-1482
Created:	May 6, 2009	Updated:	May 11, 2009
Description:	From the Debian advisory: It was discovered that the AttachFile action in moin, a python clone of WikiWiki, is prone to cross-site scripting attacks when renaming attachements or performing other sub-actions.
Alerts:	Ubuntu USN-774-1 2009-05-11 Debian DSA-1791-1 2009-05-06

Comments (none posted)

pam_ssh: information (user account existence) leak

Package(s):	pam_ssh	CVE #(s):	CVE-2009-1273
Created:	May 4, 2009	Updated:	May 6, 2009
Description:	From the Red Hat bugzilla: A security flaw was found in PAM module, providing user authentication based on SSH keys. A remote attacker could use this flaw to recognize, if some username/login belongs to set of user accounts, existing on the system, and subsequently perform dictionary based password guess attack.
Alerts:	Fedora FEDORA-2009-3500 2009-04-13 Fedora FEDORA-2009-3627 2009-04-13

Comments (none posted)

prelude-manager: database password in world-readable configuration

Package(s):	prelude-manager	CVE #(s):
Created:	May 4, 2009	Updated:	May 6, 2009
Description:	From the Fedora advisory: The configuration file of prelude-manager contains a database password and is world readable. This update restricts permissions to the root account.
Alerts:	Fedora FEDORA-2009-3931 2009-04-27 Fedora FEDORA-2009-4044 2009-04-27

Comments (none posted)

quagga: improper assertion

Package(s):	quagga	CVE #(s):
Created:	May 5, 2009	Updated:	May 6, 2009
Description:	From the Debian advisory: It was discovered that Quagga, an IP routing daemon, could no longer process the Internet routing table due to broken handling of multiple 4-byte AS numbers in an AS path. If such a prefix is received, the BGP daemon crashes with an assert failure, leading to a denial of service.
Alerts:	Debian DSA-1788-1 2009-05-04

Comments (none posted)

ruby: denial of service

Package(s):	ruby	CVE #(s):
Created:	May 1, 2009	Updated:	May 6, 2009
Description:	From the ruby advisory: There is a DoS vulnerability in the REXML library included in the Ruby Standard Library. A so-called "XML entity explosion" attack technique can be used for remotely bringing down (disabling) any application which parses user-provided XML using REXML.
Alerts:	Slackware SSA:2009-120-01 2009-05-01

Comments (none posted)

Page editor: Jake Edge

Kernel development

Brief items

Kernel release status

The current 2.6 development kernel is 2.6.30-rc4, released by Linus (who has reverted to the old "just after LWN goes out" schedule) on April 29. Changes this time around include Tux's return as the kernel mascot and a whole bunch of fixes. Plus the code name for this release has been changed to "Vindictive Armadillo." Full details can be found in the long-format changelog.

Patches continue to flow into the mainline repository; they are almost all fixes, including one from LWN editor Jake Edge addressing some of the address space randomization problems covered on last week's Security Page.

No stable 2.6.29 updates have been made in the last week. We did see the release of the 2.6.27.22 and 2.6.28.10 updates on May 2. They contain fixes all over the tree (58 and 88 patches respectively); several have CVE numbers associated with them, so users are encouraged to upgrade. Also: "NOTE, this is the LAST update of the 2.6.28 kernel series, so all users are very strongly encouraged to upgrade to the 2.6.29 series at this point in time!" 2.6.27 will continue to be maintained by the stable folks for quite some time to come.

Comments (4 posted)

Kernel development news

Quotes of the week

-- John Curran (Microsoft); boot time is no longer the battleground.

-- Al Viro

-- Eric Biederman

Comments (6 posted)

The LKML Summary Podcast

Jon Masters is experimenting with the idea of creating a short podcast with a summary of discussions on the linux-kernel mailing list. The initial installment [MP3] is just under four minutes long; it includes brief summaries of discussions about DRBD, GFP_PANIC, file descriptor abuse, and more. "I am hoping this of use to some people who can't read LKML every day. Yesterday took 15-20 minutes to put together, and that's doable on a regular basis, subject to it being of use to anyone. I figured I'm reading LKML whether I do I summary recording or not. If it takes off, then I'll try forming a small team to share the effort out."

Full Story (comments: 19)

The return of devfs

The drive for faster boot times has led to a number of changes in the kernel. Some, like the parallelization of USB initialization we looked at last week, have caused disruptions for some users. But others, like the recently proposed devtmpfs, have a different set of challenges. While it may provide a good solution to reducing boot times, devtmpfs faces some fairly stiff resistance, at least partially because it reminds some folks of a feature previously excised from the kernel, namely devfs.

The basic idea is to create a tmpfs early in the kernel initialization before the driver core has initialized. Then, as each device registers with the driver core, its major and minor numbers and device name can be used to create an entry in that filesystem. Eventually, the root filesystem will be mounted and the populated tmpfs can be mounted at /dev.

This has a number of benefits, all of which derive from the fact that no user-space support is required to have a working /dev directory. With the current udev-based approach, there is a need for a reasonably functional user-space environment for udev to operate in. For simplified booting scenarios—like rescue tools or using the init=/bin/sh kernel boot parameter—a functional /dev directory is needed, in particular because of dynamic device numbers. It would also be useful for embedded devices that do not need or want a full-featured user space.

Andrew Morton's immediate reaction was amusement: "Lol, devfs." Greg Kroah-Hartman, who authored the patch along with Kay Sievers and Jan Blunck, admitted that it was a kind of devfs: "Well, devfs 'done right' with hopefully none of the vfs problems the last devfs had. :)" But Morton is somewhat concerned that "devfs2", as he calls it, is just going over old ground:

Though the other advantages are important, Kroah-Hartman replied with the crux of the argument for devtmpfs:

But Alan Cox is not so sure. His argument is that moving this functionality (back) into the kernel, just papers over a user-space problem, while increasing kernel, thus not pageable, memory usage. Others think that the kernel should just buffer uevents—the messages generated by the kernel to send to udev on device state changes—until udevd is started. But, that doesn't solve the synchronization problem: user space must still wait for a populated /dev hierarchy.

A problem with the current scheme is that it essentially does the device enumeration twice—once in the kernel as devices are registered and once in user space by udevd, when it gets started. The device information that was gathered by the kernel is lost. When udevd initializes, it walks the /sys directory to find devices, then creates device nodes for them. That can take 1-2 seconds on a complex system—on the order of twice the kernel boot time—but worse still, no other user-space processes can start until this "coldplug" pass has completed. Using devtmpfs, there will be a working /dev that other user-space code can use, so that the udev coldplug pass can be done in parallel.

Several alternate methods of solving the problem were proposed in the thread, but, by and large, Sievers was able to show why they didn't actually solve the problem. In some cases, the behavior of devfs is being incorrectly attributed to devtmpfs, but the two are quite different. The new scheme would create root-owned device nodes, with fixed 0600 permissions, for each device. It would avoid much of complexity of devfs. As Sievers puts it:

Christoph Hellwig objected to the proposal as well. Part of his complaint is how quickly devtmpfs was added to the linux-next tree, but he also sees it as adding devfs back into the kernel:

Sievers outlines the differences between devtmpfs and Adam Richter's proposal from 2003. It mostly boils down to complexity; devtmpfs is a much simpler scheme, which really adds very little to the kernel. The implementation is around 300 lines of code, in comparison to roughly 3600 for devfs and 600 for an early version of Richter's mini-devfs.

Anticipating the next complaint, Sievers also points out that the device naming policy is already in the kernel, but that udev can override the kernel-supplied values if need be. From his perspective this has already occurred, making that an invalid argument against devtmpfs:

It is clear that the devtmpfs developers have put a fair amount of thought into just what was needed, and how it could work with existing code—both inside and outside the kernel. It is also clear that there is some resistance to returning to anything even remotely reminiscent of devfs. Because devtmpfs is really quite different, and has a nice effect on boot speed, one would think that it is likely to find its way into the mainline sooner or later. If no further objections are raised, and the linux-next trials go well, 2.6.31 may very well be the release that sees the inclusion of devtmpfs.

Comments (33 posted)

Long discussions about long names

When Microsoft filed its lawsuit against TomTom, it named two patents which cover the VFAT filesystem. That, naturally, led to a renewed push to either (1) get those patents invalidated, or (2) move away from VFAT altogether. But some participants have advocated a third approach: find a way to work around the patents which retains most of the VFAT filesystem functionality while, with luck, avoiding any potential infringement of the claims of the patent. But, as a recently-posted patch and the ensuing discussion show, workarounds are not a straightforward solution even after the lawyers have been satisfied.

The patch (written by Andrew Tridgell, but posted by Dave Kleikamp), comes with this changelog:

Note that the changelog gives no clue as to why one might want this particular configuration option. What it probably comes down to is this: all of the claims in the VFAT patent refer to the creation of long file names. Reading filesystems with such names is not addressed by the patent. So the apparent thinking is that, even if the named patents really read on the Linux VFAT implementation, they will not read on a version which cannot create files with long names.

It looks like a reasonable hack. Interoperability with all existing VFAT filesystems is retained, as long as one does not need to create files with long names on the Linux side. But systems which run kernels with this option enabled have a much lower probability of being found to infringe on the VFAT patents. It could, maybe, be an optimal solution.

That said, the patch has been poorly received in the kernel development community. One of the reasons for this chilly reception, certainly, is general hostility to the software patent system and an associated lack of willingness to capitulate to it. Add in a generous helping of contempt for the VFAT patents - and their owner - in particular, and it is not surprising that some developers would rather not entertain "solutions" to this problem.

The bigger issue, though, is that the patch does not describe the real problem that it is trying to solve. There has been a lot of fairly weaselly discussion from IBM developers on the lists, but none of them are willing to just come out and say what is going on. The closest, perhaps, is this message from Tridge:

All of this talk creates a certain feeling of patches being sent out to the list from some smoke-filled room deep within IBM headquarters. But, more importantly, the lack of information makes it impossible for the development community to determine whether the patch works. To make that decision, developers need to know what problem is being solved, and how the proposed solution makes the problem go away. But they don't have that information; instead, they simply have a patch which makes it possible to remove some functionality from the kernel.

The subtext of the conversation is that some lawyers at IBM have, presumably, determined that a potential problem exists. That problem could be as simple as "this feature may attract infringement suits," independently of whether the patents are valid or whether Linux infringes on them. For any number of Linux users, the simple fact that the probability of being sued might go up is enough to inspire a search for alternatives. Also, presumably, these same lawyers have concluded that this particular workaround can resolve these worries. So now they believe it should be a part of the Linux kernel.

But if the lawyers have really come to these conclusions, they are not saying so in any public forum. So the kernel developers are left wondering what is really going on. Are there really lawyers involved, or is this patch the work of a couple of programmers who have tried to create a solution (to a problem perceived by them) on their own? Why can't a company like TomTom just patch out the long-name functionality on their own if they are truly worried about it? Might the inclusion of this patch open the kernel up to other potential legal difficulties that we don't know about?

Tridge's suggestion is that a prominent kernel developer needs to have a conversation with a lawyer before making the decision on this patch. That approach might lead to a correct outcome, but it will still leave most of the community in the dark and unhappy about it.

It would appear that a better way is required. Currently, it is difficult for developers to determine whether a patent really applies to an algorithm in the kernel or not. If they conclude that there is a patent problem, these same developers are poorly placed to figure out what a minimal workaround might be. We need some help in this area. This particular problem is likely to come up again in other contexts; if we can put some sort of process in place for addressing legal issues, life will be easier in the future.

IBM is said to have extensive documentation on the process of working around patents; for some strange reason, this information has never been released to the public. Unfortunately, determinations by lawyers are also unlikely to be released to the public, for any number of reasons. But developers need all of this information to respond properly to legal problems. There may be no alternative to some sort of process where a limited group of developers is given access to information under non-disclosure agreements. Such processes are distasteful, but they also are fairly common; many device drivers are created under non-disclosure agreements.

The Linux Foundation currently has an NDA program intended to connect developers with hardware documentation. Perhaps a similar program (under the auspices of the Linux Foundation, or of another group like the Software Freedom Law Center or the Open Invention Network) could be created for access to legal information. As it is, we have a situation where some developers are talking to their employers' lawyers and nobody else has any real idea of what is going on. That will lead to slow, loud, and contentious attempts to solve legal problems. Given that we're almost certain to have more of these problems in the future, we might want to put some thought into finding a better way.

Comments (50 posted)

The two sides of reflink()

One of the discussions your editor missed at the recent Linux Storage and Filesystem workshop covered the proposed reflink() system call. Fortunately, the filesystem developers have now filled in the relevant information with a detailed email exchange, complete with patches. We now have a proposed system call which has created more open questions than answers. The creation of a new core system call requires a lot of thought, so a close look at these questions would seem to be called for.

The proposed system calls are pretty simple:

    int reflink(const char *oldname, const char *newname);

    int reflinkat(int old_dir_fd, const char *oldname,
                  int new_dir_fd, const char *newname, int flags);

These system calls function much like link() and linkat() but with an important exception: rather than create a new link pointing to an existing inode, they create a new inode which happens to share the same disk blocks as the existing file. So, at the conclusion of a reflink() call, newname looks very much like a copy of oldname, but the actual data blocks have not been duplicated. The files are copy-on-write, though, meaning that a write to either file will cause some or all of the blocks to be duplicated. A change to one of the files will thus not be visible in the other file. In a sense, a reflink() call behaves like a low-cost file copy operation, though how copy-like it will be remains to be seen.

The first question to arise was: does the kernel really need to provide both the reflink() and reflinkat() system calls? Most of the other *at() calls are paired with the non-at versions because the latter came first. Since Unix-like systems have had link() for a long time, it cannot be removed without breaking applications. So linkat() had to go in as a separate call. But reflink() is new, so it can just as easily be implemented in the C library as a wrapper around reflinkat(). That is how things will probably be done in the end.

The deeper discussion, though, reveals that there are two fundamentally different views of how this system call should work. Joel Becker, who posted the reflink() patch, sees it as a new variant of the link() system call. Others, though, would like it to behave more like a file copy operation. If you see reflink() as being a type of link(), then certain implications emerge:

• The reflink-as-link view requires that the new file have (to the greatest extent possible) the same metadata as the old one; in particular, it must have (at the end of the reflink() system call) the same owner, just like hard links do.

• Creating low-level snapshots of filesystems (or portions thereof) is straightforward and easy. Reflinked files look just like the originals; in particular, they have (mostly) the same metadata and can share the same security context.

• Disk quotas are a problem. Should a reflinked file count against the owner's disk quota, even though little or no extra storage is actually used? If so, the system must take extra steps to keep users from creating a reflink to a file they do not own; otherwise one user could exhaust another user's quota. If, instead, storage is charged against the quota of the user who created the reflink, complicated structures will be needed to track usage associated with files owned by others.

• What happens if the new file's metadata - permissions or owner - are changed? In some scenarios, depending on the underlying filesystem implementation, it seems that a metadata change could require a copy-on-write of the whole file. That would turn a command like chmod into a rather heavy-weight operation.

On the other hand, if a reflink is like making a copy, the situation changes somewhat:

• Security becomes a rather more complicated affair. Making a hard link doesn't require messing with SELinux security contexts, but a reflink-as-copy would require that. Permission checks (again, including security module checks) would have to become more elaborate; it would have to be clear that the user making the reflink had read access to the file.

• The quota problem goes away. If a reflink is essentially a copy, then the resulting link should be owned by the user who creates it, rather than the owner of the original file. The only course which makes sense is to charge both users for the full size of the file. There are no concerns about one user exhausting another's disk quota, and there are no real difficulties with keeping disk usage information current.

• Metadata changes are handled naturally, since the files are completely separate from each other.

• Reflinks are no longer true snapshots; they will not work to represent the state of the filesystem at a given time. For a user whose real interest is low-level snapshotting, reflink-as-copy will not work.

On the other hand, reflink-as-copy could be used in a lot of other interesting situations; the cp command could create reflinks by default when the destination file is on the same filesystem. That would turn "cp -r" into a fast and efficient operation. They could also be used to share files between virtualized guests.

What it comes down to is that there are real uses for both the reflink-as-link and reflink-as-copy modes of operation. So the right solution may well be to implement both modes. The flags parameter to reflinkat() can be used to distinguish between the two. Implementing both behaviors will complicate the implementation somewhat, and it muddies up what is otherwise a conceptually clean system call. But that's what happens, sometimes, when designs encounter the real world.

Comments (86 posted)

Patches and updates

Kernel trees

• Linus Torvalds: Linux 2.6.30-rc4 . (April 30, 2009)

• Greg KH: Linux 2.6.28.10 . (May 3, 2009)

• Greg KH: Linux 2.6.27.22. (May 3, 2009)

Core kernel code

• David VomLehn: [PATCH 1/5] KERNEL: Support asynchronously-discovered boot devices, v4 (resend) . (April 30, 2009)

• Paul E. McKenney: v4 RCU: the bloatwatch edition . (May 4, 2009)

• Arve Hjønnevåg: Suspend block api (version 2) . (May 4, 2009)

• Nigel Cunningham: TuxOnIce . (May 6, 2009)

Development tools

• Frederic Weisbecker: tracing/workqueue: events support/enhancements, worklets tracing, fixes . (April 30, 2009)

• Subrata Modak: The Linux Test Project has been Released for APRIL 2009 . (May 1, 2009)

• Clark Williams: version 0.37 of rt-tests available . (May 4, 2009)

Device drivers

• Kay Sievers: driver-core: devtmpfs - driver core maintained /dev tmpfs . (April 30, 2009)

• David VomLehn: [PATCH 1/5] initdev:kernel: Asynchronously-discovered device synchronization, v5 . (May 4, 2009)

• Ben Hutchings: MDIO and ethtool enhancements . (May 4, 2009)

• Jean Delvare: i2c: Get rid of the legacy binding model . (May 4, 2009)

• Linus Walleij: ST DDC I2C bus driver v1 . (May 5, 2009)

• Jason Wessel: usb_debug driver improvements . (May 6, 2009)

Documentation

• Jason Baron: add tracepoints docbook (take #2) . (May 1, 2009)

Filesystems and block I/O

• Philipp Reisner: DRBD: a block device for HA clusters . (April 30, 2009)

• Jan Kara: A new way of attaching information to inodes . (May 1, 2009)

• Andrew Tridgell: Add CONFIG_VFAT_NO_CREATE_WITH_LONGNAMES option . (May 2, 2009)

• Matthew Wilcox: New TRIM/UNMAP tree published (2009-05-02) . (May 4, 2009)

• Andrea Righi: cgroup: io-throttle controller (v16) . (May 4, 2009)

• Tejun Heo: block,scsi,ide: unify sector and data_len, take#2 . (May 4, 2009)

• Joel Becker: The reflink(2) system call. . (May 4, 2009)

• Matt Helsley: Add checkpoint file operations . (May 5, 2009)

• Vivek Goyal: IO scheduler based IO Controller V2 . (May 5, 2009)

Janitorial

• Dave Hansen: consolidate pte mapping functions across all architectures . (May 1, 2009)

• Thomas Gleixner: Remove obsolete genirq defines and typedefs [Resend] . (May 4, 2009)

Kernel building

• Steven Rostedt: updated version of streamline_config.pl . (April 30, 2009)

Memory management

• Cyrill Gorcunov: introducing __GFP_PANIC . (May 4, 2009)

Networking

• Tom Herbert: Receive Packet Steering . (May 4, 2009)

• Lennert Buytenhek: generic skb recycling . (May 6, 2009)

Architecture-specific

• Tobias Doerffel: Specific support for Intel Atom architecture . (May 4, 2009)

• Masami Hiramatsu: x86 instruction decoder with userspace test code . (May 4, 2009)

• Alok Kataria: x86: Reduce the default HZ value . (May 5, 2009)

• Rik van Riel: x86: 46 bit PAE support . (May 6, 2009)

Security-related

• Jake Edge: [PATCH] proc: avoid leaking eip, esp, or wchan to non-privileged processes . (May 1, 2009)

Virtualization and containers

• Gregory Haskins: irqfd . (May 5, 2009)

• Gregory Haskins: generic hypercall support . (May 5, 2009)

Miscellaneous

• Kyle Moffett: Generic LRU cache built on a kmem_cache and a "struct shrinker" . (May 4, 2009)

• Jon Masters: ANNOUNCE: module-init-tools 3.8 release . (May 4, 2009)

• Karel Zak: util-linux-ng v2.15 (stable) . (May 6, 2009)

• Greg KH: usbutils 0.82 release . (May 6, 2009)

Page editor: Jonathan Corbet

Distributions

News and Editorials

NetBSD 5.0

After more than two years of development, NetBSD 5.0 was released at the end of April. The thirteenth release of this derivative of UC Berkeley's 386BSD boasts improved performance and scalability on modern multiprocessor and multicore systems. This is the result of a lot of rewritten code: a new threading subsystem based on a 1:1 threading model, new kernel synchronization primitives, kernel preemption, a rewritten scheduler and real-time scheduler extensions.

The improvements in the areas of scheduling and threading are reviewed in a short document [PDF] written by NetBSD developer Mindaugas Rasiukevicius. NetBSD 5.0 provides some soft real-time extensions, which means that it doesn't meet latency requirements unconditionally, but tries to minimize the latencies. Rasiukevicius performed a latency test with two threads with a POSIX SCHED_FIFO (First in, first out) real-time scheduling policy when the system was under heavy load. This showed that NetBSD 5.0 with kernel preemption tends to respond within 5 microseconds on a modern pc, which is similar to other real-time operating systems. The details of the test and the different scheduling policies can be consulted in the document written by Rasiukevicius.

NetBSD 5.0 also has processor sets: the possibility to exclusively dedicate specific (groups of) processors to processes or threads. The API is expected to be nearly compatible with Solaris and HP-UX processor set interfaces. According to the NetBSD developers, almost all core kernel subsystems, including virtual memory, memory allocators and file system frameworks, were audited and overhauled to shift to a fine-grained locking model, which allows multiple processors to execute kernel code simultaneously.

Much of the development in the areas of SMP (symmetrical multi-processing) performance and scalability has been sponsored by the 2007 fundraising campaign that pretty much exactly met its targeted USD 50,000. NetBSD developer Andrew Doran was sponsored for parts of 2007 and 2008 to work full time on improving SMP in NetBSD, and later to help to get the NetBSD 5.0 beta in shape.

But improved performance is not the only difference with the previous major release: a number of NetBSD ports (platforms) now finally use X.Org instead of XFree86, a step that virtually all Linux distributions made years ago. The file system FFS (Fast File System) has a preview of metadata journaling, known as WAPBL (Write Ahead Physical Block Logging), which makes file system consistency checking after an unclean shutdown much faster. And one thing many laptop users will love to hear: ACPI suspend and resume now should be working on many computers.

What didn't change so much is NetBSD's installer, sysinst. This is still rather basic, but it does its job. One especially good thing is that sysinst doesn't let the user create an insecure password. There is no shortage of password enforcement tools on Linux, but it's nice to see this enforced by default in NetBSD.

Unit tests for an operating system

Also new is the Automated Testing Framework (ATF), a collection of libraries and utilities designed to ease unattended testing of applications. ATF provides the means to create test suites composed of multiple test programs, which in turn are a collection of test cases. When a test case detects an error, ATF provides as much information as possible about the failure.

ATF started as a Google Summer of Code 2007 project mentored by The NetBSD Foundation. Its original goal was to provide a testing framework for NetBSD, but it grew into an independent project because the framework could be made platform-independent. At the moment, only a few NetBSD-specific tests are available as ATF-based tests, but these are a good preview of what NetBSD 6.0 will have: many more test cases.

ATF is not only for developers. In fact, the NetBSD developers encourage all users to run the test suites themselves. They do not need to have development tools installed or source trees available to certify that a certain application works as advertised. This is the main difference from other test frameworks, which ship as part of a source package and are only run by developers after the program is built. Then the end user, who uses binary packages, never sees these tests or the results.

During the installation of NetBSD 5.0, the user sees ATF as a new tests.gz distribution set. If he chooses to install it, sysinst will populate /usr/tests with a collection of ATF test programs. Once installed, the user edits /etc/atf/NetBSD.conf to suit his system preferences and then runs atf-run | atf-report in the directory /usr/tests. At the end, the program gives a summary with the number of passed and failed test cases. If all test cases ran successfully, the user is sure the tested software behaves as it should on his hardware.

Of course it runs NetBSD.

Although NetBSD is one of the most portable operating systems (the NetBSD motto is "Of course it runs NetBSD.", your author had a fair amount of problems installing it. A physical install didn't work out because NetBSD doesn't recognize the keyboard of his Dell laptop, and resorting to virtualization proved problematic too. Only Xen seems to like NetBSD, and fortunately this process is explained well in the NetBSD Xen Guide [PDF].

What did impress your author is the cross-compiling framework: this allows a user to build a complete NetBSD distribution from another system, which could be on a different architecture or even running a different operating system. The only requirement is that the host operating system has a POSIX environment and C/C++ compiler. Because your author is generally suspicious of such claims, he put it to the test in Ubuntu 9.04 and OpenSolaris build 111 (2009.06), and the process worked flawlessly in both cases. After downloading and extracting the NetBSD sources, a simple

./build.sh -U -m i386 release iso-image

command creates a cross-build environment, cross-compiles the sources and creates a bootable ISO image. This is a huge time saver for building embedded systems.

Towards NetBSD 6.0

The NetBSD Foundation is already looking forward to the future and developers have begun working on NetBSD 6.0. The next version will improve the performance and concurrency of the network stack, it will improve existing file systems and develop new ones. The operating system will also add features for embedded use, including high-resolution timers, and it will improve the quality assurance and automatic testing. A desktop improvement we will see is dhcpcd-gtk, an application that shows a systray icon with the state of dhcpcd and provides a graphical user interface to configure the network. While NetworkManager requires libnl and hal, which at the moment depend too much on Linux, dhcpcd-gtk only requires dhcpcd-dbus, which is much simpler to port.

In this year's Google Summer of Code program, 11 out of the 34 submitted applications by the NetBSD project have been chosen. The list shows some interesting projects, such as a port of Sun's ZFS file system, a minimalistic X server for embedded environments and a NetBSD router. The NetBSD Foundation has also announced the 2009 Fund Drive and expects to collect USD 60,000 by the end of the year.

Conclusion

Recently a couple of projects have emerged to create a better NetBSD desktop experience, such as the graphical user interface for dhcpcd and the NetBSD Desktop Project that was announced in February. The primary goal for this project, started by Andrew Doran and Jared D. McNeill, is to simplify the installer to be able to install a useful NetBSD system with Gnome desktop environment in 15 minutes. This will give new users a better chance to evaluate NetBSD. But this mature Unix system has always focused on the server and embedded applications. The improvements in the scheduler give NetBSD 5 an even stronger position as an embedded operating system, and some Google Summer of Code projects are paving the way for more embedded features in NetBSD 6.

Comments (3 posted)

New Releases

openSUSE 11.1 KDE4 Reloaded: Includes KDE 4.2.2 and 11.1 updates

openSUSE 11.1 Reloaded is a respin of openSUSE 11.1, including KDE 4.2.2 packages and updates to 11.1. "This is an installable live CD that features the KDE 4.2.2 packages from the openSUSE Build Service repo. The live CD was created by Stephan 'Beineri' Binner, and is useful for people who want to test out KDE 4.2 and users who are doing new installs and want the most recent openSUSE updates straight out of the box."

Full Story (comments: none)

Mandriva Linux 2009 Spring released

Mandriva Linux 2009 Spring has been released. "Mandriva Linux 2009 Spring comes with a big improvement in boot time. Tools of Mandriva Control Center have been also optimized. Network center is now supporting advanced network configuration together with additional pre-configured Internet providers, integration with new network devices and support for different wireless regulatory domains. msev, the Mandriva security framework has been also redesigned." See the tour page for details.

Full Story (comments: none)

hackable:1 - new release

A new release of hackable:1 is available. "hackable:1 now offers phone functionality and sms plus a full PIM suite consisting of contacts, calendar and todo list manager, plus a timesheet time tracker application."

Full Story (comments: none)

OpenBSD 4.5 released

OpenBSD 4.5 is out, right on schedule. It has the usual pile of new drivers and fixes; there are also ports for the Gumstix platform and the OpenMoko phone.

Full Story (comments: 6)

NetBSD 5.0 released

NetBSD 5.0 is out; it looks like the developers have been busy. "In addition to scalability and performance improvements, a significant number of major features have been added. Some highlights are: a preview of metadata journaling for FFS file systems (known as WAPBL, Write Ahead Physical Block Logging), the 'jemalloc' memory allocator, the X.Org X11 distribution instead of XFree86 on a number of ports, the Power Management Framework, ACPI suspend/resume support on many laptops, write support for UDF file systems, the Automated Testing Framework, the Runnable Userspace Meta Program framework, Xen 3.3 support for both i386 and amd64, POSIX message queues and asynchronous I/O, and many new hardware device drivers." More information can be found in the release notes.

Full Story (comments: 12)

FreeBSD 7.2-RELEASE Available

The FreeBSD Release Engineering Team has announced the availability of FreeBSD 7.2-RELEASE. "This is the third release from the 7-STABLE branch which improves on the functionality of FreeBSD 7.1 and introduces some new features." See the release notes for additional information.

Full Story (comments: none)

DragonFly BSD Release 2.2.1

The DragonFly 2.2.1 release is available. "The HAMMER filesystem is considered production-ready in this release; It was first released in July 2008. The 2.2 release represents major stability improvements across the board, new drivers, much better pkgsrc support and integration, and a brand new release infrastructure with multiple target options." DragonFly is a desktop cluster oriented fork of FreeBSD.

Comments (3 posted)

BSDanywhere 4.5 released

BSDanywhere 4.5 is available for i386 and AMD64. BSDanywhere is a bootable Live-CD image based on OpenBSD 4.5. It has the entire OpenBSD base system (without the compiler) plus a graphical desktop.

Comments (none posted)

Distribution News

Debian GNU/Linux

Debian switching to EGLIBC

Here's a weblog posting with an interesting statement: "I have just uploaded Embedded GLIBC (EGLIBC) into the archive (it is currently waiting in the NEW queue), which will soon replace the GNU C Library (GLIBC)." The EGLIBC project has produced a version of the C library aimed primarily at embedded situations. Evidently the Debian developers feel that it is good enough for wider use, though, and they seem to strongly prefer the way that project is run upstream. (Thanks to Paul Wise).

Comments (121 posted)

Looking for new Security Team members

The Debian Project is looking for new members for the Security Team. If you are an experienced programmer with some time to kill and are concerned about Debian security, consider joining the team.

Full Story (comments: none)

(Overlapping) bits from the DPL

Debian Project Leader Steve McIntyre has some bits about releases, press, teams, talks, Google Summer of Code 2009 and DebConf 9.

Full Story (comments: none)

Fedora

No deltarpms in Fedora 11

As seen in passing on Paul Frields's weblog: it appears that the deltarpm feature is not going to make it into the imminent Fedora 11 release after all. There is apparently work to be done on Fedora's internal update systems which will not be completed in time. That's an unfortunate development, but, at least, Rawhide users are able to use this feature to reduce the pain of keeping up with the update stream.

Comments (15 posted)

Fedora Board Recap

Click below for a brief recap of the April 29, 2009 meeting of the Fedora Advisory Board. Topics include: "Belgian Domain Request" and "What is Fedora?"

Full Story (comments: none)

Fedora Classroom: May 2009

Fedora IRC Classroom for May 2009 was completed successfully with 3 sessions. One for Fedora Ambassadors, one looking at 4 key causes of SELinux errors, and an introduction to libvirt. IRC logs are available at the Classroom wiki. There is also a new mailing list for the discussion, ideas, feedback, planning and announcement of Fedora Classroom sessions.

Full Story (comments: none)

Gentoo Linux

Gentoo Council summary for meeting on April 23, 2009

Click below for a summary of the April 23, 2009 meeting of the Gentoo Council. Several technical issues were discussed.

Full Story (comments: none)

Mandriva Linux

Hello KDE cooker users...

Mandriva's KDE Cooker will soon be open for development. There is a warning though as the developers have promised, "We will go to future KDE 4.3 codebase - We will break A LOT of things"

Full Story (comments: none)

Distribution Newsletters

Arch Linux Newsletter May 2009

The May 2009 edition of the Arch Linux Newsletter is out. "This month the Arch Linux newsletter sees, among others, a great interview with Hugo Doria, one of our developers. We also take a tour through our Schwag shop, where we spend some time looking at some of the new collector items. In the community highlights we discover some of the great work of Xyne, and pogeymanz explains what, for him, makes the ideal desktop. Additionally, we have a general review of what happened in the Arch Linux community this last month. Last, but not least, we try to increase your knowledge a little further through a great article about diff. All of this and much more is made available for you by the awesome Arch Linux Newsletter Team."

Comments (none posted)

Arch User Magazine #2

The Arch User Magazine is a monthly newsletter created by Arch fans. This issue looks at Replacing the Arch Initscripts, Disaster Preparation: How Paranoid Should You Be?, Living at The Command Line: Grep by Paragraph, and more.

Comments (none posted)

DistroWatch Weekly, Issue 301

The DistroWatch Weekly for May 4, 2009 is out. "Last week we took a look at how two distributions based on the same environment and one a derivative of the other, can actually be very different. Xubuntu and Debian both use the same package management system and both have the same suites of software available. So what makes them so different when installed out of the box? Can Xubuntu be just as lightweight as its Debian counterpart? This week we take another look at how Xubuntu 9.04 fairs when installed in a more minimalist manner. In the news this past week, Mandriva developers make massive updates to "Cooker" following the stable 2009.1 release, four main BSD projects all announce new updates of their flagship products, the openSUSE community releases updated media for 11.1 with KDE 4.2.2, users of the Arch Linux distribution put together a free community magazine, the creator of Puppy Linux looks set for a return to the helm of the project, and Oracle's Solaris (no, the name doesn't roll off the tongue easily here either) is rumoured to be working on version 11 set for release in the middle of 2010. Finally, we are pleased to announce that the recipient of the April 2009 DistroWatch.com donation is Python, the popular programming language. Happy reading!"

Comments (none posted)

Fedora Weekly News #174

The Fedora Weekly News for the week ending May 3, 2009 is out. "This week Announcements suggests reading the release notes for "Fedora 11 (Leonidas)". PlanetFedora highlights some choice posts from Fedora blogs including one on the relevance of PPC as a primary architecture. Ambassadors reports that "Fedora stars at Flisol Caracas". QualityAssurance is packed with information on "Test Days" for SSSD and Virtualization. Developments warns of a "Presto No Go" and shares some "Ext4 fallocate() Happiness". Translation reflects a huge amount of activity including "Documentation Decisions for Fedora 12". Artwork wonders if there will be a Plymouth plugin for Fedora 11 Leonidas. The Weekly Webcomic peeks and pokes at some color preferences! Virtualization includes a look at a new libguestfs release and other salient developments."

Full Story (comments: none)

openSUSE Weekly News, Issue #69

This edition of the openSUSE Weekly News covers openSUSE 11.2 Milestone 1 Released, People of openSUSE: Jan Engelhardt, Michal Vyskocil : How to track changes in packages: osc vc, Joe Brockmeier: The argument for free fonts, openSUSE Forums: Newbie KDE Questions, and more.

Comments (none posted)

OpenSUSE Weekly News/70

This issue of the OpenSUSE Weekly News covers KDE4 Reloaded, Google Summer of Code Introduction, OpenOffice.org 3.1beta6, Lukas Ocilka: YaST Has New Icons / Mascot ... Finally :), ARM support in openSUSE Buildservice - fixed, and more.

Comments (none posted)

Ubuntu Weekly Newsletter #140

The Ubuntu Weekly Newsletter for the week ending May 2, 2009 is out. "In this issue we cover: Karmic Open for Development, Notify OSD to be discussed at Ubuntu UDS Karmic, Ubuntu Open Week Summary, New Ubuntu Member, Ubuntu Hug Day: May 7th, LoCo News: Jaunty Release Parties, Launchpad 2.2.4, Launchpad's web service code released as stand alone libraries, New prefixes in the help sub-forums, Hiding post (bean) counts, Announcing the Ubuntu High Availability Team, Ubuntu Brains, Ubuntu 9.04 does not use ext4 by default, Ubuntu-UK podcast: Partners in Crime, Canonical engaging Ubuntu Software Partners, Team Meeting Summaries for April 2009, and much, much more!"

Full Story (comments: none)

Newsletters and articles of interest

How to choose the best Linux distro for you (TuxRadar)

TuxRadar has an article on choosing the best distribution for your needs. "Choice is the best thing about Linux. Without choice, we may as well use an operating system where the developers make those choices for us. As we've covered in the past, anyone can create a Linux distribution. If it is different enough, it will survive, but most disappear without a trace. There is a flip side to all this choice however, and that's finding the time to find the perfect distribution for you. You really need to try several before setting on the one you prefer, and downloading, installing and testing a Linux distribution takes a lot of time."

Comments (none posted)

The Perfect Desktop - Ubuntu Studio 9.04 (HowtoForge)

HowtoForge sets up a desktop with the latest version of Ubuntu Studio. "This tutorial shows how you can set up an Ubuntu Studio 9.04 desktop that is a full-fledged replacement for a Windows desktop, i.e. that has all the software that people need to do the things they do on their Windows desktops. The advantages are clear: you get a secure system without DRM restrictions that works even on old hardware, and the best thing is: all software comes free of charge."

Comments (none posted)

Page editor: Rebecca Sobol

Development

SchoolTool finishes its foundations

As SchoolTool's founder, Mark Shuttleworth, once said, the goal of the project is "a common information systems platform for school administration from California to Calcutta." This was an original and ambitious goal when first announced in 2000. However, it is far less so in 2009, when content managers like Drupal and Joomla! include most of the functionality of student information systems (SIS). Perhaps that is why, although SchoolTool recently reached version 1.0, the project and online help sites sound mildly apologetic in places. Where a free software SIS once seemed visionary, it now seems commonplace, and SchoolTool's first release is more of a solid basis for future expansion than state-of-the-art.

Part of the reason for the delay in version 1.0's arrival are the many changes in the project. To start with, the project has undergone several changes in leadership, the most famous being Shuttleworth's own departure from hands-on management. Even more importantly, the software has transitioned from the original Java to Python and Zope, and finally to a calendar-based system. In the last few years, as well, the project's software has been extensively tested, particularly in Virginia, culminating in a six month beta program. In addition, the project's documentation is unusually complete by free software standards, although it is still being updated to reflect the new release.

As you might expect in a project sponsored by the Shuttleworth Foundation, both binary and source code is available on Launchpad, packaged for recent Ubuntu releases. Once you install, you can access SchoolTool by opening http://localhost:7080 in your browser, with the default user name "manager" and the default password "schooltool".

Setup and configuration

SchoolTool is not difficult to use. If you have ever used any form of online content management, you should be able to orient yourself quickly. If content management systems are new to you, then the simplicity of the organization should have you up and running almost as quickly.

All the same, SchoolTool is large, and needs to be set up methodically. For these reasons, you should set up SchoolTool with the Initial Setup Process pages of the online help open in another tab — if only for a checklist. Going through the setup will help you get a sense of how SchoolTool is organized, although you can always import sample data right away and skip directly to using SchoolTool as an ordinary user.

To set up SchoolTool, log in as the Manager, and select Manage from the top menu to open the sub-menu. Configuring SchoolTool is largely a matter of defining the start and end of the school year, then working systematically from top to bottom of the school years' sub-menu, starting with terms — semesters or whatever other divisions the school has — and working downwards. Creating different groups for the users, adding the names attached to data in the application, defining the school timetable for the system, and creating courses and course sections — all these follow in orderly progression. You have little chance to deviate from the set order, because most items are only definable after you finish with those earlier on the list.

Once you have completed these details, the next step is to add groups if the default ones such as teachers, administrators and students are not enough, and to add people to these groups, particularly students. These groups are used mainly for determining what each type of user can do, so that administrators can assign grades if you choose, and all users can change their own passwords.

Only those who are actually going to log on to the system need passwords — which generally excludes students — but you do have the option of adding contact information and other information about them. You may also want to add lists of resources, such as projectors, so that they can be booked for specific classes.

If you prefer, you can use a spreadsheet as a form for entering information quickly, then convert it to a CSV file to add multiple people in a single batch. One time-saving suggestion from the online help is to use the sample data file as a template, erasing the sample data but leaving the header columns before entering your own data.

After SchoolTool is set up for general use, administrators might also want to spend some time with the Administrators' Handbook section of the online help. This section concisely explains where the database is located on your Ubuntu system, how to backup and restore the database, and some rudimentary troubleshooting.

Daily use of SchoolTool

Administrators are some of the main users of an SIS, which is why I've devoted so much space to configuration. But what is SchoolTool like for an everyday user, such as a teacher? The short answer is: adequate — but a little sparse in features.

To login to SchoolTool, you need not only to be added to the database, but to have a password assigned to you by the administrator as well.

The default page is a calendar view of events — generally, classes — for the current user. Click an event, and you can see the resources booked for it, such as the room and a projector. In the left pane is a summary of tomorrow's events, and controls for setting what events appear on the calendar, and seeing how resources are allocated throughout the school term. Using the calendar, you can create one-time or recurring events.

So far, so useful. However, while sections of a class share the same color code, you cannot choose the colors assigned to a class. Nor can you use a class's color to signify that another event might be related to it. For example, you cannot assign a class's color to an interview with a student from that class. Similarly, the calendar does not allow you to define or assign types of events, so that you can differentiate between lectures, seminars, and appointments. You can use the calendar to assign each event, but have no way of showing at a glance how they are related.

A similarly adequate, but limited, choice of features appear in SchoolTool's Journal for attendance and its Gradebook. In the Journal, you can add brief codes beside each students' name, such as "a" for absent or "t" for tardiness, but cannot enhance the code with your own abbreviations, or write notes beside a name, let alone set up an automatic calculation for a participation grade. Nor can you access your attendance records from the Gradebook except by flipping back and forth between views.

As for the Gradebook, you can create assignments and grading criteria, but only in a narrow range of non-customizable categories, and on a scale of 100. While the scale is mitigated partly by the fact that you can assign different weights to each assignment for the final grade, you cannot assign a letter grade, or a score on any different scale. Some, too, might appreciate a few basic functions for calculating medians, maximum and minimum scores, and other statistics.

The overall impression SchoolTool leaves is that, while all the basic features are available, advanced features and customization are lacking in many places. Admittedly, in many cases, you or the SchoolTool administrator might be able to find a kludge to let you do what you want. However, if you want anything out of the ordinary, you may find yourself fighting SchoolTool and paying it more attention than the tasks for which you are using it.

Future Plans

SchoolTool is not a lesson planning or presentation application, and, so far, the project has no immediate interest in adding such functionality. Instead, the project has been testing a competency tracking system called Can Do in Arlington, Virginia for the last five years. It is also testing a student intervention tracking system in Philadelphia. Both these modules are scheduled for next years' release.

Other features in the next release might include a module for sharing information between different SchoolTool installations, and another for sharing information with civic authorities.

Meanwhile, the documentation is blunt about the current state of the project. "If you currently are using another mature, full-featured web-based SIS, SchoolTool will probably feel like a step down for your school. If you are running the school using paper, a hodgepodge of spreadsheets and Access databases, or a badly implemented commercial SIS, SchoolTool should be a step up for you."

That is hardly a ringing self-endorsement, but it is a refreshingly honest one. And now that the basic engine is tested and released, in addition to its new modules, with luck the project will focus on the refinements necessary to make it more than a basic tool.

Comments (none posted)

System Applications

Database Software

MySQL Community Server 5.0.81 has been released

Version 5.0.81 of MySQL Community Server has been announced. "This is a bugfix release for the current production release family. It replaces MySQL 5.0.77."

Full Story (comments: none)

py-postgresql 0.8.1 for Python 3 released

Version 0.8.1 of py-postgresql has been announced. "This release marks major bug fixes for the 0.8 branch."

Full Story (comments: none)

PostgreSQL Weekly News

The May 3, 2009 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

Interoperability

Samba 3.4.0pre1 is available

Version 3.4.0pre1 of Samba has been announced. "This is a preview of the next upgrade production release version of Samba. It is intended for testing purposes only. Please test and report any bugs that you find. Our plan is to possibly have one more preview release and move to the release candidate stage in September. The final 3.4.0 release is planned for July 1, 2009."

Comments (none posted)

LDAP Software

python-ldap 2.3.8 announced

Version 2.3.8 of python-ldap has been announced. "python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. It mainly wraps the OpenLDAP 2.x libs for that purpose. Additionally it contains modules for other LDAP-related stuff (e.g. processing LDIF, LDAPURLs and LDAPv3 schema)." Fault tolerance is the theme of this release.

Full Story (comments: none)

Miscellaneous

flashrom 0.9.0 released

Version 0.9.0 of flashrom has been announced. "flashrom is a utility for reading, writing, erasing and verifying flash ROM chips. flashrom is often used to flash BIOS/coreboot/firmware images because it allows you to update your BIOS/coreboot/firmware without opening the computer and without any special boot procedures. After nine years of development and constant improvement, we have added support for every BIOS flash ROM technology present on x86 mainboards and every flash ROM chip we ever saw in the wild."

Full Story (comments: none)

Desktop Applications

Audio Applications

Audacious 2.0-alpha2 released

Version 2.0-alpha2 of the Audacious media player has been announced. "Audacious is an advanced audio player. It is free, lightweight, based on GTK2, runs on Linux and many other *nix platforms and is focused on audio quality and supporting a wide range of audio codecs. Its advanced audio playback engine is considerably more powerful than GStreamer. Audacious is a fork of Beep Media Player (BMP), which itself forked from XMMS."

Comments (none posted)

Data Visualization

python-graph 1.5.0 released

Version 1.5.0 of python-graph has been announced. "Changes in this release: * Added Critical Path Algorithm and Transitive Edge Identification; * A few bugs were fixed."

Full Story (comments: none)

Desktop Environments

GNOME Software Announcements

The following new GNOME software has been announced this week:

• Accerciser 1.7.1 (bug fixes and translation work)
• Anjuta and Gdl 2.27.1 (new features and bug fixes)
• Cheese 2.27.1 (new features, bug fixes and translation work)
• Deskbar-Applet 2.27.1 (bug fixes and translation work)
• Eye of GNOME 2.27.1 (code cleanup, bug fixes and translation work)
• GCalctool 5.27.1 (bug fixes and translation work)
• GLib 2.21.0 (new features, bug fixes and translation work)
• gnome-applets 2.27.1 (new features, code cleanup and translation work)
• gnome-games 2.27.1 (new features, bug fixes and translation work)
• GNOME Media 2.27.1 (bug fixes and translation work)
• gnome-settings-daemon 2.27.1 (bug fixes and translation work)
• GOK 2.27.1 (bug fixes and translation work)
• gscan2pdf 0.9.28 (bug fixes and translation work)
• GTK+ 2.17.0 (new features, bug fixes and translation work)
• krb5-auth-dialog 0.9.1 (new features and bug fixes)
• Lasem 0.1.0 (unspecified)
• mousetweaks 2.27.1 (code cleanup, documentation and translation work)
• Nemiver release 0.6.7 (bug fixes, code cleanup and translation work)
• Orca 2.27.1 (new features, bug fixes and translation work)
• Paperbox 0.4.2 (new features, code cleanup and translation work)
• PyGobject 2.17.0 (new features, bug fixes and documentation work)
• PyGTK 2.15.0 (new features and bug fixes)
• rep-gtk 0.18.5 (new features and bug fixes)
• seahorse 2.27.1 (bug fixes and translation work)
• seahorse-plugins 2.27.1 (code cleanup and translation work)
• Seed 0.6 (new features, code cleanup, build fixes)
• Tomboy 0.15.0 (new features, bug fixes and translation work)

You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE 4.2.3 released

Version 4.2.3 of KDE has been announced. "The KDE community is happy to announce the release of KDE 4.2.3, codename Cuagmire. This service update brings bugfixes, performance improvements and updated translations, but no new features in order to minimize the risk of regressions. KDE 4.2.3 is a recommended upgrade for everybody currently running KDE 4.2.2 or earlier."

Full Story (comments: none)

KDE Software Announcements

The following new KDE software has been announced this week:

• 2ManDVD 0.8.4 (new features, bug fixes and translation work)
• 2ManDVD 0.8.5 (new features, bug fixes and translation work)
• Back In Time 0.9.22 (unspecified)
• eric4 4.3.3 (bug fixes)
• KAlarm 2.2.0 (new features and bug fixes)
• KDE Partition Manager 1.0.0-BETA2 (new features and bug fix)
• Kid3 1.2 (new features and bug fixes)
• kmj 0.2 (new features, bug fixes, documentation and translation work)
• MyRT 0.1.4_alfa (new features and bug fix)
• PeaZip 2.6 (new features)
• PokerTH 0.7 (new features, bug fixes and translation work)
• 'Q' DVD-Author 1.7.0 (new features and bug fixes)
• QTrans 0.2.1.7 (new feature)
• rekonq 0.1 alpha (new features)
• SMILE 0.9.4 (bug fixes and translation work)
• SMILE 0.9.5 (bug fixes)
• SMILE 0.9.6 (new features and bug fixes)
• SMILE 0.9.7 (new features and bug fixes)
• TreeLine 1.2.3 (bug fixes)
• Wally 2.0.3 (bug fixes)
• yape 2.1.3 (bug fix)

You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

Xorg Software Announcements

The following new Xorg software has been announced this week:

• xf86-input-evdev 2.2.2 (bug fixes)
• xf86-video-mach64 6.8.1 (bug fixes and documentation work)
• xf86-video-suncg3 1.1.1 (code cleanup and documentation work)
• xf86-video-suncg6 1.1.1 (code cleanup and documentation work)
• xf86-video-suncg14 1.1.1 (code cleanup and documentation work)
• xf86-video-suntcx 1.1.1 (documentation work)

More information can be found on the X.Org Foundation wiki.

Comments (none posted)

Educational Software

SchoolTool 1.0 released

The 1.0 release of the Shuttleworth Foundation's SchoolTool project is out. "SchoolTool includes customizable student demographics, parent/contact management, attendance, gradebook, calendaring, resource booking and report card generation. SchoolTool can be used in a wide variety of contexts. An individual teacher can run a personal gradebook on their desktop or laptop computer. Individual schools can use SchoolTool as his or her primary student information system or a complement to other systems. SchoolTool is also scalable to multi-school deployments, as the Commonwealth of Virginia (US) is piloting at eight career and technical academies." More information can be found at schooltool.org.

Full Story (comments: 8)

Electronics

Qucs 0.0.15 released

Version 0.0.15 of Qucs has been announced. "So far Qucs is not yet finished... but it is on the road. Qucs is an integrated circuit simulator which means you are able to setup a circuit with a graphical user interface (GUI) and simulate the large-signal, small-signal and noise behaviour of the circuit. After that simulation has finished you can view the simulation results on a presentation page or window."

Comments (1 posted)

Games

Python testing client for Second Life virtual world announced

The Pyogp/Client Lib project has been announced. "Its a pretty interesting project, IMHO. Gives complete source for non-graphical aspects of interface with the Second Life virtual world. Apache V2 licensed."

Full Story (comments: none)

Music Applications

Jackbeat 0.7.0 announced

Version 0.7.0 of Jackbeat, a drum machine, has been announced. "* The GUI has been re-designed for the pleasure of the eye and more ergonomy * New shortcuts, knobs and waveform animation bring more interactivity * OSC is now supported with a fair amount of methods and events * Mac OS X integration has been much improved * ALSA, CoreAudio and PulseAudio are now directly supported in addition to JACK * Several bugs and usability issues have been fixed * The internal architecture has been improved".

Full Story (comments: none)

midish 0.4.0 released

Version 0.4.0 of midish has been announced. "Midish is a MIDI sequencer/filter with a shell-like interface. This release provides significant improvements, including: * new simplified interface requiring less scripting * smarter and improved MIDI merger * new track and filter editing functions * native support for the ALSA sequencer (linux only) * more powerful -- but simpler -- filter * basic command completion in the readline(3) frontend * support for editting during playback/recording".

Full Story (comments: none)

SuperCollider 3.3 released

Version 3.3 of SuperCollider has been announced, it includes new features and performance improvements. "SuperCollider is an environment and programming language for real time audio synthesis and algorithmic composition. It provides an interpreted object-oriented language which functions as a network client to a state of the art, realtime sound synthesis server."

Full Story (comments: none)

Office Suites

Update on ODF Spreadsheet Interoperability

Rob Weir looks at ODF spreadsheet interoperability in a blog posting. Since his original test in March, things have gotten quite a bit worse, largely due to Microsoft Office 2007 SP2 with integrated ODF support. "We might also hear concerns that supporting other vendors' ODF spreadsheet formulas cannot be done because this formula language is undocumented. The irony here is that the formula language used by OpenOffice (and by other vendors) is based on that used by Excel, which itself was not fully documented when OpenOffice implemented it. So an argument, by Microsoft, not to support that language because it is not documented is rather hypocritical."

Comments (10 posted)

Miscellaneous

IMDbPY 4.1 and IMDbPYKit 1.1.1

Version 4.1 of IMDbPY and version 1.1.1 of IMDbPYKit are out. "IMDbPY is a Python package useful to retrieve and manage the data of the IMDb movie database about movies, people, characters and companies. IMDbPYKit (mostly developed by H. Turgut Uyar) is a web interface to IMDbPY, able to serve its output both in HTML and XML. With this release, a DTD for the XML output was formalized and support for i18n was introduced. A lot of bugs were fixed."

Full Story (comments: none)

Xesam Specification v1.0 announced

The stable 1.0 release of the Xesam Specification has been announced. "Xesam is short for eXtEnsible Search And Metadata and is an umbrella project with the purpose of providing unified APIs and specs for desktop search- and metadata services. We are collaborating with several projects such as Tracker, Strigi, Beagle, Pinot, Recoll, and Nepomuk-KDE."

Full Story (comments: none)

Languages and Tools

C

GCC 4.4.1 Status Report

The May 5, 2009 edition of the GCC 4.4.1 Status Report has been published. "GCC 4.4.0 was released into the wild approximately two weeks ago, and so far few serious defects have been reported. That's great! There are, however, a couple of open P1s and a bevy of P2s -- most of which also apply to 4.5. So, there are good opportunities to help both 4.4 and 4.5."

Full Story (comments: none)

GCC 4.5.0 Status Report

The May 5, 2009 edition of the GCC 4.5.0 Status Report has been published. "The trunk is in Stage 1. As previously stated, we expect that Stage 1 will last through at least July. Clearly, we have had a significant jump in P1 issues due to the major changes made to the compiler middle-end. Let's drive that number down -- otherwise it will be hard for other people to get their improvements contributed."

Full Story (comments: none)

Caml

Caml Weekly News

The May 5, 2009 edition of the Caml Weekly News is out with new articles about the Caml language.

Full Story (comments: none)

Python

Python-URL! - weekly Python news and links

The May 5, 2009 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Editors

Emacs 23.0.93 pretest announced

Version 23.0.93 pretest of Emacs has been announced. "Emacs pretest 23.0.93 is now available; this is the fourth pretest for what will be the Emacs 23.1 release."

Full Story (comments: none)

Libraries

SLV2 0.6.4 released

Version 0.6.4 of SLV2 has been announced. "SLV2 is a library to make the use of LV2 plugins as simple as possible for applications. Changes this release: * Add generic query interface to allow arbitrary querying of data * Combine similar headers (reduce code duplication) * Upgrade to waf 1.5.6 * Add man pages for utilities This version adds API, but is binary backwards compatible with the previous release."

Full Story (comments: none)

Version Control

bzr 1.14.1 released

Version 1.14.1 of the bzr adaptive version control system has been announced. "Change api_minimum_version back to api_minimum_version = (1, 13, 0)".

Full Story (comments: none)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

Mozilla ponders policy change after Firefox extension battle (ars technica)

A dispute between the NoScript and AdBlock Plus Firefox extensions has Mozilla thinking about changing its policies, as ars technica reports. "Maone funds the development of NoScript by placing advertisements on the extension's official website and by receiving donations from end-users. In order to prevent AdBlock Plus from undermining the financial sustainability of his project, Maone modified the NoScript website and circumvented the block. Palant responded by instructing the AdBlock Plus filter list maintainer—an individual known as Ares2—to add a filter that would specifically block ads on Maone's domain. Maone found new ways to work around the filters, but Ares2 consistently retaliated by adding increasingly draconian rules to the filter list."

Comments (120 posted)

The SCO Problem

U.S. Trustee Moves to Convert SCO Bankruptcy to Chapter 7 (Groklaw)

Remember the SCO group? Groklaw reports that the government trustee has finally given up on the company and moved that its bankruptcy case be switched to chapter 7, which would simply liquidate the company and be done with it. "Incidentally, going into Chapter 7 would not necessarily end the litigation. In fact, it can't on its own. It would be up to the appointed trustee to try to figure out what to do, and the trustee's interest will not dovetail with SCO executives, I'm guessing. For one thing, he'll be wanting to pay the creditors. Like, for example, Novell. And the trustee has no power to terminate the IBM counterclaims. Then there is Red Hat. They are not necessarily willing to drop their claims, since the goal is to establish that there are no legitimate claims against Linux."

Comments (6 posted)

Linux Adoption

Rockefeller Looking to Grant Open Source (Linux Journal)

Linux Journal reports that Senator Rockefeller has proposed a bill that promotes open-source health care software. "Thanks, in large part, to a little company called Standard Oil, Open Source isn't necessarily the first term to come to mind when one thinks of the name Rockefeller. However, that's exactly the term Mr. Rockefeller's great-grandson, Senator Jay Rockefeller, is pushing in Congress — attached to a bill to strengthen Open Source in health-care. The proposal in question, The Health Information Technology (IT) Public Utility Act of 2009 (Senate Bill 890), is the latest in a series of Open-Source-in-Health-IT bills aimed at taking health-care — or at least health records — digital, one way or another."

Comments (15 posted)

Resources

How-to: using the new Facebook stream API in a desktop app (ars technica)

Ryan Paul takes a look at a new set of APIs that allow third-party software to interact with the Facebook activity stream. "Courtesy of these APIs, rich support for Facebook could soon arrive in your favorite Twitter client and other social networking programs. In this article, I'll give you an inside look at how I used the new APIs to add full support for the Facebook stream in Gwibber, my own open source microblogging client for Linux."

Comments (none posted)

Ten top Linux and open-source developer tools (ZDNet.uk)

ZDNet.uk presents ten favorite development tools. "Without sound development tools, you will not be able to capitalise on the best qualities of Linux. Fortunately, there is no shortage of Linux and open-source development tools. But if you are a new user, you might not know which utilities to choose, so here are 10 outstanding tools that will help take your development to another level."

Comments (28 posted)

Miscellaneous

Nagios forks to ICINGA (The H)

The H briefly covers a fork in the Nagios community. "The team behind ICINGA, including Michael Luebben, Hendrik Bäcker and Joerg Linge, all members of the Nagios Community Board, are promising that ICINGA will be fully compatible with the preceding version of Nagios. What they aim to do with ICINGA is to fix long standing bugs, make improvements to database integration and standardise the API for third party add ons. They expect to make the first release of ICINGA code by the end of May and a first stable version is planned for the end of October."

Comments (5 posted)

Whatever Happened to OOXML? (ComputerWorld)

Glyn Moody observes that OOXML has not been as big a problem as many had thought. "All-in-all, I think things have gone much better in the office sector than I or many others feared when OOXML gained its 'approval' from ISO. OOXML has not caught on, and there is every chance that ODF will become a widely-used national and international standard."

Comments (12 posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

The GNOME Foundation is looking for help

The GNOME Foundation has posted a call for help to keep operating at its current level in a hostile economy. "As the economy persists on this roller coaster of ups and downs, the Foundation is rolling with the punches and looking for ways to best serve our members. While we can look at this downturn as a time to tighten our belts, I would much rather look at this as an opportunity for the community to take a stake in the future of the Foundation and show that we are not exclusively reliant on corporate coffers to grow GNOME."

Comments (21 posted)

Request for Comment: TPF to engage Richard Dice on 6 month contract (use Perl)

use Perl has a Request for Comment concerning the employment of Richard Dice to work on Perl. "The plan includes a long list of projects, most of which have been discussed within TPF for a while but have been on indefinite hold due mainly to lack of available effort to address them properly. Some are for TPF process improvement and others are in more direct support of the Perl community. The essence of plan is that I be employed on contract by TPF for the next 6 months working on this list."

Comments (none posted)

Want to host the 2010 Linux Plumbers Conference?

The Linux Plumbers Conference was first held in Portland, Oregon last year; it will be returning to Portland in September. For 2010, though, the LPC organizers are taking a cue from the linux.conf.au playbook and are looking for a team interested in hosting the event in a different North American city. Applications are being sought now, with the deadline being the beginning of July. If you would like to bring a high-level Linux event to your town, now is the time to start getting an organizing team together. Click below for the full call for applications.

Full Story (comments: 4)

Commercial announcements

CadSoft releases Eagle 5.6

CadSoft has released version 5.6 of their Eagle printed circuit CAD application. This release adds improvements to a number of different commands. See the What's new document for details.

Comments (none posted)

Springsource Acquires Hyperic

SpringSource has announced it has acquired substantially all of the assets of Hyperic. "San Francisco-based Hyperic, recently named a "cool vendor" by Gartner and a "company to watch in 2009" by Linux Magazine, provides web application performance management software that is used by numerous Fortune 1000 entities, including many of the world's largest SaaS and consumer web companies. Hyperic's solutions monitor and manage the performance and availability of the entire application stack from hardware and operating systems to virtual machines, web servers, application servers, databases, and more -- giving IT and web operations a unified view and control of the performance and health of their entire web infrastructure." SpringSource's Spring Framework is an Apache-licensed Java application framework. (Found on Linux Journal)

Comments (6 posted)

Zenoss Core 2.4 Open Source Network Monitoring is available

Zenoss Inc. has announced the release of Zenoss Core 2.4. "Zenoss Inc., the leading commercial open source network and systems management provider, today announced the general availability of the latest version of their award-winning open source network monitoring tool, Zenoss Core 2.4. This release was made possible by the collaboration of more than 50,000 members of the Zenoss user community who helped report, test and fix over 500 bugs as well as test numerous beta releases."

Full Story (comments: none)

New Books

The Blender GameKit, 2nd Edition--New from No Starch Press

No Starch Press has published the book The Blender GameKit, 2nd Edition by Carsten Wartmann.

Full Story (comments: none)

Resources

LF: Linux is the operating system of the cloud

The Linux Foundation has released a new white paper highlighting (in marketing-speak) the use of Linux in "cloud computing" environments. "One of the most common concerns that analysts and other advisers have for potential cloud customers is the lack of standards, and the resulting potential for lock­in. For all of the advantages in deployment speed and flexibility, the nascent stage of many cloud offerings and the absence of common, agreed upon formats for packaging, runtimes, and virtual images introduces risk. Fortunately, customers can leverage Linux as a hedge against this possibility. The differences between Linux instances hosted in cloud environments and those hosted locally or at a data center, after all, are generally less technical than geographical. By standardizing on Linux workloads, customers will have the flexibility to deploy locally or remotely as the economics and circumstances dictate."

Comments (2 posted)

Announcing the Community RFB protocol specification

An online version of the Community RFB protocol specification has been announced. "RFB ("remote framebuffer") is a simple protocol for remote access to graphical user interfaces. Because it works at the framebuffer level it is applicable to all windowing systems and applications, including X11, Windows and Macintosh. RFB is the protocol used in VNC (Virtual Network Computing)."

Full Story (comments: none)

GNOME Journal, May 2009 edition released

The May, 2009 edition of the GNOME Journal is available. "After an extended break, the latest issue of the GNOME Journal has been published. It features an interview with Stormy Peters, the Executive Director of the GNOME Foundation by Jayson Rowe, a review of the Gourmet Recipe Manager application by Sriram Ramkrishna, a look at the GConf Configuation System for developers by Natan Yellin, an Introduction to the Message Indicator for developers by Ken VanDine, and a letter from our editor, Jim Hodapp."

Full Story (comments: none)

Linux Foundation Newsletter, April 2009

The April, 2009 edition of the Linux Foundation newsletter has been published. "In this month's Linux Foundation newsletter: * Linux Foundation to Host Moblin Project * Annual Collaboration Summit Held in San Francisco * Video Contest Winner Revealed * Linux Foundation Site Revamped * Linux Foundation in the News".

Full Story (comments: none)

Linux Gazette #162

Issue #162 of the Linux Gazette has been published. Topics include: "* Mailbag * Talkback * 2-Cent Tips * News Bytes, by Deividson Luiz Okopnik and Howard Dyckoff * Command-Line Processing with 'process-getopt', by Bob Hepple * New Options in the World of File Compression, by Brian Lindholm A short history of compression; a comparison of gzip, bzip2, and 7-zip; and a pointer to some conversion software. * Joey's Notes: TCP Wrappers on Red Hat Enterprise Linux, by Joey Prestia Our monthly column of basic Linux advice and education * XKCD, by Randall Munroe".

Full Story (comments: none)

Contests and Awards

Linux Journal Announces Winners of its 2009 Readers' Choice Awards (Linux Journal)

Linux Journal has announced the winners of its annual Linux Journal Readers' Choice Awards. The results are not particularly surprising. Favorite Primary Linux Distribution of Choice - Ubuntu; Favorite Desktop Environment - GNOME; Favorite Web Browser - Firefox; Favorite E-Mail Client - Mozilla Thunderbird; and that's just for starters.

Comments (11 posted)

Calls for Presentations

Call for Presentations: ELC-Europe 2009

A call for presentations has gone out for ELC-Europe 2009. The event takes place on October 15-16, 2009 in Grenoble, France. The submission deadline is June 15. "CELF is the primary sponsor of this event, which is open to the public. This year we will be holding the conference in conjunction with the Embedded Systems Week (ESWEEK), an exciting event which brings together conferences, tutorials and workshops centered on various aspects of embedded systems research and development."

Full Story (comments: none)

EuroSciPy: abstracts deadline extended

The EuroSciPy Call for Abstracts deadline has been extended to May 8. "Some people asked for more time to prepare their abstracts. Therefore, we extended the deadline for the submission of abstracts for EuroSciPy 2009 to May 8, 2009. Please send your abstract to mmueller at python-academy dot de. More details below. We're pleased to announce the EuroSciPy 2009 Conference to be held in Leipzig, Germany on July 25-26, 2009."

Full Story (comments: none)

Call for Papers Hack.lu 2009

A call for papers has gone out for Hack.lu 2009. "The purpose of the hack.lu convention is to give an open and free playground where people can discuss the implication of new technologies in society. hack.lu is a balanced mix convention where technical and non-technical people can meet each other and share freely all kind of information. The convention will be held in the Grand-Duchy of Luxembourg in October 2009 (28-30.10.2009)." Abstracts are due by June 15.

Full Story (comments: none)

Piksel09 :: Call for Projects

A call for projects has gone out for Piksel09. "Piksel is an international event for artists and developers working with Free/Libre and Open Source technologies in artistic practice. Part workshop, part festival, it is organised in Bergen, Norway,and involves participants from more than a dozen countries exchanging ideas, coding, presenting art and software projects, doing workshops, performances and discussions on the aesthetics and politics of FLOSS & art." The event takes place on November 19-22 2009 in Bergen, Norway, the project deadline is July 15.

Full Story (comments: none)

Upcoming Events

CONFidence 2009 trainings

A reminder has gone out for CONFidence 2009. "CONFidence is an international conference that has been taking place in May in Poland for the last 5 years. CONFidence is focused on research and best practices of database, application, systems and network security. CONFidence is a two-day event, (15-16 May, 2009) divided in three tracks. The speakers list includes: Bruce Schneier, Tavis Ormandy, Jacob Appelbaum, Joanna Rutkowska, Rich Smith, Mario Heiderich, Mark Schoenefeld and many many more top security experts."

Full Story (comments: none)

OSCON 2009 registration open

Registration is open for OSCON 2009. "Registration is now open for the O'Reilly Open Source Convention (OSCON). OSCON 2009 will be July 20-24 in San Jose, California. Early registration ends June 2. Use the special discount code 'os09pgm' for an extra 15% off."

Full Story (comments: none)

Events: May 14, 2009 to July 13, 2009

The following event listing is taken from the LWN.net Calendar.

Date(s)	Event	Location
May 13 May 15	FOSSLC Summercamp 2009	Ottawa, Ontario, Canada
May 15	Firebird Developers Day - Brazil	Piracicaba, Brazil
May 15 May 16	CONFidence 2009	Krakow, Poland
May 16 May 17	YAPC::Russia 2009	Moscow, Russia
May 18 May 19	Cloud Summit 2009	Las Vegas, NV, USA
May 19	Workshop on Software Engineering for Secure Systems	Vancouver, Canada
May 19 May 21	Where 2.0 Conference	San Jose, CA, USA
May 19 May 22	PGCon PostgreSQL Conference	Ottawa, Canada
May 19 May 22	php|tek 2009	Chicago, IL, USA
May 19 May 22	SEaCURE.it	Villasimius, Italy
May 21	7th WhyFLOSS Conference Madrid 09	Madrid, Spain
May 22 May 23	eLiberatica - The Benefits of Open Source and Free Technologies	Bucharest, Romania
May 23 May 24	LayerOne Security Conference	Anaheim, CA, USA
May 25 May 29	Ubuntu Developers Summit - Karmic Koala	Barcelona, Spain
May 27 May 28	EUSecWest 2009	London, UK
May 28	Canberra LUG Monthly meeting - May 2009	Canberra, Australia
May 29 May 31	Mozilla Maemo Mer Danish Weekend	Copenhagen, Denmark
May 31 June 3	Techno Security 2009	Myrtle Beach, SC, USA
June 1 June 5	Python Bootcamp with Dave Beazley	Atlanta, GA, USA
June 2 June 4	SOA in Healthcare Conference	Chicago, IL, USA
June 3 June 4	Nordic Meet on Nagios 2009	Stockholm, Sweden
June 3 June 5	LinuxDays 2009	Geneva, Switzerland
June 6	PgDay Junín 2009	Buenos Aires, Argentina
June 8 June 12	Ruby on Rails Bootcamp with Charles B. Quinn	Atlanta, GA, USA
June 10 June 11	FreedomHEC Taipei	Taipei, Taiwan
June 11 June 12	ShakaCon Security Conference	Honolulu, HI, USA
June 12 June 13	III Conferenza Italiana sul Software Libero	Bologna, Italy
June 12 June 14	Writing Open Source: The Conference	Owen Sound, Canada
June 13	SouthEast LinuxFest	Clemson, SC, USA
June 14 June 19	2009 USENIX Annual Technical Conference	San Diego, USA
June 17 June 19	Open Source Bridge	Portland, OR, USA
June 17 June 19	Conference on Cyber Warfare	Tallinn, Estonia
June 20 June 26	Beginning iPhone for Commuters	New York, USA
June 22 June 24	Velocity 2009	San Jose, CA, USA
June 22 June 24	YAPC|10	Pittsburgh, PA, USA
June 24 June 27	LinuxTag 2009	Berlin, Germany
June 24 June 27	10th International Free Software Forum	Porto Alegre, Brazil
June 26 June 28	Fedora Users and Developers Conference - Berlin	Berlin, Germany
June 26 June 30	Hacker Space Festival 2009	Seine, France
June 28 July 4	EuroPython 2009	Birmingham, UK
June 29 June 30	Open Source China World 2009	Beijing, China
July 1 July 3	OSPERT 2009	Dublin, Ireland
July 1 July 3	ICOODB 2009	Zurich, Switzerland
July 2 July 5	ToorCamp 2009	Moses Lake, WA, USA
July 3	PHP'n Rio 09	Rio de Janeiro, Brazil
July 3 July 11	Gran Canaria Desktop Summit (GUADEC/Akademy)	Gran Canaria, Spain
July 4	Open Tech 2009	London, UK
July 6 July 10	Python African Tour : Sénégal	Dakar, Sénégal
July 7 July 11	Libre Software Meeting	Nantes, France

If your event does not appear here, please tell us about it.

Web sites

ESP launches en.swpat.org: a wiki for anti-software patent campaigns

End Software Patents (ESP) has announced a new wiki to document the case against software patents at en.swpat.org. "ESP's executive director Ciaran O'Riordan explains: 'So far, we have articles about the case law, legislation, and patent office behavior in various countries. We have articles about economic studies, about related books, about the various ways to fight software patents, about each of the arguments against software patents, and most importantly, the evidence for each argument. [...]'" Click below for the full announcement.

Full Story (comments: 3)

My developerWorks: 6 ways to build your technical skills and your professional network (developerWorks)

IBM has launched My developerWorks, a social networking site. "It may look small at first: just sticking "My" in front of developerWorks. But what those characters represent is huge: You can now interact with developerWorks' how-to content and with your peers on a personal level—by personalizing and customizing your view of developerWorks content so you see just the information that's pertinent to you. My developerWorks makes it easy. It also gives you a window into the ways your peers are using, tagging, and contributing to the knowledge base, so you can learn from each other while building your skills and your professional network at the same time."

Comments (3 posted)

Page editor: Forrest Cook