The free software community has produced a wealth of tools for the
manipulation of image data. For simple changes, such as cropping,
resizing, or basic contrast tweaking, any of a number of programs can be
used. More complex changes will require falling back to tools like the
GIMP, krita, or cinepaint. Anybody who has tried to join together two or
more independent images in those tools will have discovered, however, that
certain manipulations fall into a class of their own. For that kind of
work,
hugin would appear to be
the only choice. Your editor has long intended to play with hugin; the
threat of having some
real work to do finally provided the necessary
motivation.
The problem with just gluing two images together is simple to understand:
lenses distort. Even the best lens will transform light differently toward
the edges of the image than it does in the middle. Multiple images also
suffer from parallax problems, even if the camera is mounted on a tripod.
The result is that two overlapping images will not normally join together
in a straightforward way - the pieces simply do not fit. Resolving this
problem requires distorting the images in fairly tricky ways. The key to
the value of a tool like hugin is not in putting images together; it is,
instead, in the process of stretching and remapping those images (along
with some other details like exposure matching) so that they can be
put together. As an added bonus, the ability to correct lens distortion
makes some other interesting applications possible.
The classic use of a tool like hugin, though, is the creation of panoramic images
which cover a field larger than the camera can capture. A photographer
wanting to create the best panorama should do a number of things to ensure
that a set of images can be combined easily: the camera should be mounted
on a tripod, and all settings should be manually selected and should be the
same for every component image. A camera set for automatic exposure, for
example, will vary that exposure as the camera is rotated to take the
pictures; that will create differences from one image to the next. Changes
in focus or depth of field will also complicate the task of properly
stitching the images together.
That said, hugin does an impressive job of joining images which
were not taken in optimal conditions. Feed it a set of handheld cellphone
photos and you'll get something reasonable out.
To test hugin,
your editor took a series of pictures of the continental divide from the
eastern Colorado plains. They are not great pictures - it was not a
particularly clear day - but they are sufficient to show what hugin can
do. The individual images are:
These images present some challenges; among other things, the tripod was
not entirely level, so the horizon appears to tilt from one to the next.
Putting them together is clearly going to require some complex
manipulations. The nice thing is that hugin manages to hide that
complexity from the user - most of the time. For beginning users, there is
an "assistant" mode which will step through the process relatively easily.
There's also a nice set of
tutorials which should really be required reading for any new user.
The first step is to bring the images into hugin; that is done with the
usual GTK file-chooser dialog. Depending on the distribution being used,
there may be an unpleasant surprise once the files have been
selected. Your editor, testing the Fedora hugin package, got a dialog
containing the following:
If you see this message then your version of hugin has been
configured without support for automatic generation of control
points.
Probably your system administrator or Linux distribution did this
because the SIFT algorithm used by autopano-sift and
autopano-sift-C is encumbered by software patents in the United
States of America.
Did your editor ever mention that software patents are a pain?
The message goes on to say that hugin remains a useful tool, even without
the forbidden algorithm. And, indeed, it does, though the amount of work
required is higher. The next step in the process is the assignment of
"control points" which tie the images together. The tool presents a pair
of images, and the user has the task of identifying points in each which
![[Control point selection]](/images/ns/grumpy/hugin/hugin-pano-pts2-sm.png)
correspond to the same location. The process can be a little painful,
depending on the images involved, but it's not that bad, especially if
there are a lot of easily-identified, small features to line up.
It's just
a matter of clicking on one image, adjusting the point, then doing the same
thing on the other image.
Hugin creates a small, high-resolution window surrounding
the selected points which makes it easy to align control points with
single-pixel accuracy.
Once a couple of points have been fixed, hugin will do its best to
automatically find the corresponding point for a location picked in one
image. Often the process works quite well; other times, not quite so
well. Sometimes hugin's guess is simply wrong; other times it will
conclude that it cannot find a matching point and put up an
obnoxious dialog which must be dismissed. In the latter case, it would be
better to just pick a
nearby point (as it does anyway) and be done with it. Beyond that, though,
the process is pretty smooth.
![[Hugin optimizer]](/images/ns/grumpy/hugin/hugin-optimizer-sm.png)
Then, one must go into the "optimize" area. This is where the friendliness
of hugin comes closest to falling apart. "Optimizing" is the calculation
of a set of parameters describing how the component images are related to
each other and how they have been distorted by the camera; it is, essentially, a set of
magic algorithms generating magic numbers. A
user who doesn't really understand the math behind what hugin is doing
(and, remember, we're dealing with photographers here) will have no clue
what's happening or how to judge whether the process has worked properly or
not. And it doesn't always work properly. The help from the
tutorials can make things worse:
If you are lucky you will be able to select Optimize Positions,
View and Barrel (y,p,r,v,b), hit Optimize Now! and finish the
optimisation process in one go. Otherwise, if the optimiser
reduces the field of view to zero, you will find that you have to
just Optimize Positions first, before you can optimise the other
parameters.
How does one know if the optimizer has reduced the field of view in this way? The
screen will not actually say that. So the optimizer is the place where a
somewhat naive user (your editor, say) is likely to grope around blindly in
the hopes of getting something done.
![[Hugin preview window]](/images/ns/grumpy/hugin/hugin-pano-preview-sm.png)
After that, one can pull up the preview window to see what hugin plans to
do with the images. The preview, too, can be confusing; mouse clicks on
the image shift it around in ways which are entirely predictable (and even
useful), but disorienting to a new user. Sometimes the program comes up
with bizarre values for the actual area of the image, leading to a mostly
black preview with the useful image data crammed into a corner somewhere.
Solutions can include redoing the optimization process or going to the
"stitcher" window and asking it to recalculate the image size parameters -
including a couple of "field of view" numbers which don't have any clear
meaning to the uninitiated. Things usually work, but it can be
discouraging when they don't.
Once the preview looks good, the stitcher is invoked to create the final
image. That process can take a while, but the end results tend to be
good. Usually all that's required afterward is a quick cropping pass in a
more traditional image editor to come up with something presentable. Here
is your editor's final panorama (please note that the larger version is a
9MB image - and that's after reducing it considerably):
![[Final panorama]](/images/ns/grumpy/hugin/pano-cropped-sm.png)
Your editor, being a daring sort of person, decided that he wanted to find
out just what sort of functionality is being denied to hugin users by the
oppressive US software patent regime. As it happens, Fedora users can get
around patent-based repression by installing the autopano-sift-C package
from the rpmfusion repository and tweaking the program preferences to use
the real autopano tool. The difference is striking: with autopano-sift-C
installed, the program proceeds immediately from image selection to a
preview window; the whole "control points" and "optimization" process just
sort of goes away. This package does a great job of finding control
points, at least on your editor's sample image set. Software patents have
cost Linux users a highly useful tool here; fortunately, users who are not
affected by the American software patent regime can still obtain the
autopano-sift-C package. Your editor would highly recommend doing so.
Beyond panoramas
Hugin's uses are not limited to the creation of panoramic images. The
image distortion logic built into the program can be put to other uses as
well. Consider this image from the 2008 Kernel Summit:
![[Kernel summit before correction]](/images/ns/grumpy/hugin/ks-before-sm.jpg)
Your editor was constrained to take the picture from an off-center point of
view - the professional photographer who was hired to do a proper picture
had, naturally, taken the best spot. One might be tempted to point out
that your editor's picture got out into the world, while the professional's
has never really been seen, but your editor would never think of being so
petty. What is worth pointing out here is that the off-center perspective,
combined with lens distortion, results in a bit of a strange view; look at
the visible bend in the beam at the top of the stage opening over the group
of assembled kernel hackers. The sides of the opening also appear to not
be parallel. It's a fairly classic case of distortion caused by the
combination of an off-center perspective and a zoom lens being pushed to
its wide-angle extreme.
It turns out that hugin can fix problems like this. To use hugin in this
mode, the user feeds a single image to the application. The process of
creating control points is now done a little differently; the task is to
identify points in the same image which make up a horizontal or vertical
line. Your editor indicated that the border around the stage really should
be level and plumb, and picked a couple of other lines as well. Hugin then
does its magic and comes up with a new image:
![[Processed motley crowd]](/images/ns/grumpy/hugin/ks-processed-sm.png)
The lines have been straightened and the photograph looks more rectilinear
in general. It's still not perfect, of course, and not even hugin can make
Al Viro smile, but it's a step in the right direction.
This technique can be used for fixing up the perspective on any of a number
of pictures which are taken from a less-than-optimal location.
In summary: hugin would appear to be unique in the free software community.
Despite the occasional glitch, hugin makes the execution of non-trivial
image manipulations easy to the point that even your editor can do it; your
average professional photographer should have even less trouble. It is an
impressive piece of work, even though it has not yet reached its 1.0
release (version 0.8 came out in July). It definitely belongs on any
Linux-using photographer's system.
Comments (39 posted)
September 9, 2009
This article was contributed by Koen Vervloesem
Recent computers support booting over the network by PXE (Preboot
eXecuting Environment), an extension to the firmware that allows
the computer to boot an operating system from a remote server using a
network interface. However, this feature requires the user to setup a PXE boot
server with one or more operating system images. A few weeks ago, Nick Johnson released a new service that
makes use of PXE to boot into the install program of many popular Linux
distributions and FreeBSD, directly over the Internet, and without the need of
any local PXE boot server; it is called netboot.me.
Essentially, netboot.me offers a universal boot loader that allows the
user to install the most recent version of any of a number of open source
operating systems from one single medium. The boot loader makes use of gPXE (GPL PXE); the 1 MB image can be
installed on a USB pen drive, floppy disk, or burned onto a CD. From
then on, any computer that boots from the image retrieves the current list
of available operating systems from the netboot.me website and shows that
list in the boot menu. When the user chooses an operating system from the
menu, the installer is downloaded over HTTP or FTP and starts running. This
currently only works over an Ethernet connection, but WiFi support is in
progress via a Google
Summer of Code project for implementing 802.11 drivers in gPXE.
Currently the boot menu has installers for:
- FreeBSD 7.2
- Debian Lenny and Debian Testing
- Fedora 11
- openSUSE 11.1
- Ubuntu 9.04 and 9.10 alpha
It also gives access to some live operating systems and tools that can
come in handy. The user can launch live CDs for Tiny Core Linux 2.2, Micro Core
Linux 2.2 and MirOS
BSD. Other available tools are the
![[netboot.me menu]](/images/netbootme-menu_sm.png)
GParted Live disk
partitioning tool, the Parted
Magic 4.4 rescue and partitioning live cd, Memtest86 and Memtest86+ to test system memory,
and Hardware
Detection Tool, a Syslinux module that displays low-level hardware
information.
So on the one hand, this boot loader gives the user the possibility to
install some of the most popular Linux distributions and FreeBSD, without
the need to first download and burn an installer image. On the other hand,
the netboot.me boot loader has a couple of useful diagnostic, partitioning
and rescue tools. Users often do not download rescue tools until they
need them, at which point it may be too late, so the tools in the
netboot.me menu can be a time—and system—saver.
Chainload URLs
Netboot.me refers to each available operating system by what the project
calls
a "chainload URL", which identifies the operating system image
uniquely. For example, the Debian Lenny installer for x86 is located at the
chainload URL http://netboot.me/2013. This web page
lists the kernel image, the initial ramdisk, and the kernel arguments
(vga=normal -- quiet). The details differ slightly among
distributions, however: in the Fedora 11 PXE installer, the user has to
explicitly enter a URL containing the Fedora installation image, while the
openSUSE 11.1 installer already has the repository URL as a kernel
argument. The netboot.me website lists the available operating systems in different subcategories.
In fact, the user doesn't even need the boot loader image: most
recent computers are perfectly capable of netbooting without a boot
disk. This can be used to automatically bootstrap a netboot.me boot loader
which netboots the final distribution boot loader over HTTP or FTP. For
such a diskless netboot, the user just has to change the settings of his
local DHCP server to return the required information to boot over TFTP
(Trivial File Transfer Protocol). Because TFTP isn't the most reliable
protocol over the Internet, the user can also host his own copy of the
bootstrap image on a local TFTP server. Instructions can be found on the Getting started page.
The best part is that netboot.me is hackable and open for
contributions. Each user is able to add custom boot configurations to the
website, although it unfortunately requires logging in with a Google
account. The user then submits the URIs of the kernel image and initial
ramdisk, together with any required kernel arguments. Netboot.me is capable
of booting any Linux kernel and any other standard boot image, as well as
disk images and CD images. To boot this custom configuration from the
netboot.me boot disk, the user opens the gPXE command line with CTRL-B
right before the netboot.me menu appears, enters autoboot and then
chain http://netboot.me/XXXX with the correct chainload URL for
the custom configuration.
Security
The security implications of netboot.me need to also be considered. What
assurance does a user have that they
are really getting the boot loader and OS image that were requested?
In general, images on the netboot.me menu originate from either
static.netboot.me, in which case Nick Johnson personally downloaded and
verified them, or from official distribution web sites such as
ubuntu.com. If the user trusts netboot.me and the official sources, the
only remaining concern is man-in-the-middle attacks. Johnson calls this a
legitimate concern and considers two components that could be secured
further: the download of the scripts and menu from netboot.me, and the
subsequent download of the boot image from the source. The former can be
protected, in principle, by using SSL, which gPXE supports. Unfortunately,
Johnson sees two major issues with gPXE's SSL support:
It doesn't do certificate verification, and its
random number generator is poor (to say the least - it always fills the
buffer with 0x01 bytes). Both of these can be fixed, of course (though
getting legitimately random data at boot time is tough), but I have some
reservations about the integrity of gPXE's SSL implementation and my
ability to secure it. With that in mind, I'm considering a simpler
approach: Sign responses from netboot.me with an RSA key, putting the
signature in the header, and verifying it in gPXE. gPXE already has the RSA
implementation, so in principle this is a fairly straightforward
extension.
The second component (the download of the boot image) is somewhat
simpler: securing it would require adding support for verifying content
hashes of downloaded images. Most of this is already in place, actually, so
according to Johnson this would be a very simple extension.
Host your own netboot.me
The code for netboot.me is licensed under the BSD license. Most of the
server side is Python
code which is meant to run on Google
App Engine. The boot loader is a
modified version of gPXE. One obvious disadvantage of netboot.me is its
dependence on Google App Engine. While there aren't any active efforts to
decouple netboot.me from the App Engine, Johnson maintains that this ought
to be fairly straightforward:
Netboot.me doesn't use the datastore in a
particularly complicated manner, so it ought to be fairly easy to insert an
abstraction layer to allow it to run on a relational database. Alternately,
there are efforts like
AppScale and Twisted AE to
make it easier to host App Engine apps in third-party environments. For a
purely local network solution, however, hosting using the SDK's
dev_appserver
would probably be perfectly satisfactory.
Collaboration
How does netboot.me compare with other solutions? There is Billix, a multiboot USB
pen drive with network installations for several Linux distributions. Its
approach is different: Billix hosts network install ISOs of the
distributions on the USB pen drive, while netboot.me bootstraps the user's
computer to grab
complete ISOs of the distributions via PXE over the internet.
Another more direct competitor of netboot.me is boot.kernel.org (BKO), which is a Google
Summer of Code project for gPXE. Although it seems to be less polished
than netboot.me and offers fewer Linux distributions at the moment, it has
one advantage: it can be installed easily on a local
server. The administrator can download the ISO images, and then all users on
the local network then can install the available Linux distributions via
PXE. Because the ISOs are stored on the local network, this goes
much faster than over the internet with netboot.me. This is not a
luxury because the experience with netboot.me regularly gets spoiled by
slow downloads of the operating system images.
The projects also have a slightly different focus. BKO is aiming more
at live distributions that use iSCSI or HTTPFS for mounting filesystems, while
netboot.me is concentrating more on netbooting existing
images. According to Johnson, the two projects are keeping an eye out for
opportunities
to collaborate. As part of that effort, he has already
added a menu item
in the "Tools" category that loads the boot.kernel.org menu from within the
netboot.me
menu.
In conclusion
For testing out new distributions—or entire operating
systems—it is certainly convenient to be able to boot directly from the
internet. But, for system recovery tasks, it could easily be
indispensable. Being able to access any number of up-to-date
distributions, live CDs, and recovery tools, without having to maintain a
library of CDs or other media, is something that users and system
administrators alike may find very handy.
Comments (5 posted)
By Jonathan Corbet
September 9, 2009
In many parts of the US, the Best Buy chain is truly the best
bricks-and-mortar option for those looking for electronics and related
products. That is seen by many as a rather sad state of affairs, but such
is life; we can't all live in Akihabara. It is not a place where one normally
goes in search of technical expertise. Recent reports that Microsoft has
made an attempt to make the situation even worse should not be particularly
surprising - or concerning.
Recently, a Best Buy employee encountered
some Microsoft training materials aimed at Best Buy sales people.
Surprisingly enough, Microsoft would like these sales representatives to
believe that Windows is a better operating system than Linux; Microsoft
would also be most gratified if those representatives would convince their
customers of the same. So it has put together a set of slides full of
easy-to-remember sales points and gotten Best Buy to use those slides as
training material.
So why is Windows better? Apparently it offers a "richer and more engaging
experience." It is, believe it or not, compatible with Windows, which is
seen as a good thing. There is, we're told, better support for cameras,
iPods, printers, and more. Windows Live stuff is not supported under
Linux; neither is World of Warcraft. Best Buy employees are to tell their
customers that Linux lacks
"authorized support," it takes a lot of time to maintain
and it doesn't offer "regular updates." There's no guarantee of security
updates; "Linux users are on their own." There are no "step-by-step
tutorials" for Linux.
Some of Microsoft's claims have merit: it is almost certainly true that
Windows users are more familiar with Windows than with Linux, for example.
Others are clearly false. It's amusing to see the return of the "no
support" FUD line - though it must be said that the support options
available to an end user who buys a Linux-based netbook from Best Buy are
limited. The "Geek Squad" is likely to prove a disappointing resource for
confused Linux users. There is no mention that World of Warcraft can be
run under WINE, but one should also bear in mind that there's probably no
end of WoW junkies who have no interest in trying to figure out a Wine
installation. Cameras work fine with Linux, as do music players, and
printers are
getting better all the time. The security claims still come across as
laughable. It is clear that Microsoft is clearly playing a
little loose with the truth here.
The response on the net has been strong; Microsoft's attempt at Best Buy
sales droid indoctrination appears to have touched a sensitive nerve. The
Linux community does, indeed, show a high level of sensitivity for this
kind of criticism. It has been years since Linux was dismissed as a toy
operating system which was not to be taken seriously, but, perhaps, we
still have some sensitive toes left from those days.
But think about it: it's a rare corporation which does not attempt to make
its products look better than those of its competitors. It's also a rare
company which does not stretch the truth occasionally in the process. Lies
and FUD are not justified, but they are normal. The fact that these
techniques are being turned against Linux at this level is not particularly
surprising. It just says that Microsoft sees Linux as a true competitive
threat in need of the usual competitive response. Linux is being treated
like just another competing product on the market.
Much effort has gone into publicizing and debunking Microsoft's training
slides. It is worthwhile to shine light on this kind of activity, and it
is worthwhile to correct claims that are not true. But Microsoft's silly
training slides are not a cause for great concern, hang-wringing, or
outrage. They are just another ham-fisted attempt to fight off an
increasingly worrisome competitor. As long as Microsoft keeps its fight on
this level, we have little to worry about.
Comments (38 posted)
Page editor: Jonathan Corbet
Security
By Jake Edge
September 9, 2009
The WordPress content management system
(CMS) has been in the news lately—for reasons the project and its
users would probably rather not see—as there have been a rash
of attacks
against older versions of WordPress. At least one high-profile blogger,
Robert Scoble, succumbed
to the attack, posting that he no longer felt safe with WordPress.
Various others also piled on, but the problem that was being exploited had
been fixed in early August; the affected sites just hadn't upgraded.
Keeping up with security updates can be time-consuming, especially for
relatively non-technical users who are hosting a CMS site simply to provide
themselves a place to blog. One could easily argue that those kinds of
users would be best served by using one of the free services available for
such things. But, those services tend to have fewer features—often
to encourage upgrading to a subscription-based support plan—leaving
bloggers who want the latest shiny features to host WordPress (or other
similar CMS programs) themselves.
At least for WordPress, many of those shiny features come as plugins to the CMS
engine. When security updates are made, changes required for the plugins
may very well lag behind. Even if the upgrade wouldn't affect the plugins
at all, concerns over that happening led various folks, including Scoble,
to wait a while before upgrading:
I wanted to run my own blog. Mostly so I could use various plugins and play
around. I didn't realize that Wordpress had major holes in it. I figured
that since it was several years old that the nasties had been found and
removed and that it wasn't so brittle. Turns out my assumptions were
wrong. I was also overly scared of upgrades, because of how software
works.
In the comments on Scoble's blog posting (where the above quote comes
from), as well as in a conversation
on his FriendFeed, it is clear that numerous other folks have run into
similar problems with attacks as well as issues with upgrades. WordPress
developer Matt Mullenweg has numerous comments on Scoble's complaints, and
his suggestions are fairly obvious: update immediately when there are
outstanding security patches and, if that's not possible, consider moving
to a managed provider (possibly WordPress.com, the commercial side of
WordPress development).
Mullenweg's advice is good, but it would also seem that the WordPress project
could be doing more to highlight security issues. The
project home page lacks obvious links for security information—though
it currently has a link to Mullenweg's How
to Keep WordPress Secure posting—and searching for "security" on
the site does not bring up any centralized location for that kind of
information. It is probably just an oversight, but even the "Security"
category on the WordPress
blog does not contain the 2.8.3
announcement, which is the release that fixes the problem being
exploited.
For a new, or casual, WordPress user, it would certainly seem possible that
they might miss these security announcements. The WordPress software will
alert the user that there are updates available—and there is an email
list for new release notification—but there numerous ways to add
content to a WordPress blog without logging into the administrative
interface, so the alerts may be missed. It's clear that Mullenweg takes
security seriously based on his comments, but that message may not be
getting out to the WordPress faithful.
The actual bug that is being exploited is a run-of-the-mill privilege
escalation flaw. While the bug itself may be pedestrian, the consequences
are not, as Scoble and others found. Scoble's situation was exacerbated by
not having any backups (!), but the bigger problem is how to get the system
back to a "safe" state after it has been exploited. Depending on how
WordPress was installed, the only safe way to restore a cracked system may
be to reinstall the entire operating system. These kinds of attacks can
leave various back doors behind that stay active even after WordPress
itself has been
upgraded.
The point is not to pick on WordPress, or even CMS programs in general, but
to note a general problem. There is a tension between the fear of
upgrading and the fear of an attack, and many users fear the former much
more than the latter. WordPress has made great strides in simplifying the
upgrade process, but it still has the potential to break
things—especially in plugins that are completely outside of the
project's control. As it turns out, the privilege escalation vulnerability
was related to how certain plugins' administration pages were handled.
Web application security is hard. It is harder still when trying to create
a general purpose web application platform, particularly one that allows
plugins to fairly arbitrarily change its behavior. This is certainly not
the last attack against WordPress or CMS programs that we will see. It is
definitely in the best interest of these projects and their users to pay
close attention to security issues as they arise.
Comments (12 posted)
Brief items
Here's
an entry on the WordPress Blog on keeping installations secure - a topic WordPress administrators should be especially concerned about at the moment. "
Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts."
Comments (2 posted)
Ars technica
looks at a free software release of deep packet inspection (DPI) code from ipoque. At least part of the motivation for releasing the code is to allay fears that ipoque's DPI hardware is digging into the actual content, rather than the packet formats and timing, of encrypted traffic, but this release may not succeed in doing that:
"
The OpenDPI engine, released under the LGPL license, differs from ipoque's commercial scanning engine in its high-priced DPI hardware. The open-source version is much slower and (more importantly) doesn't reveal ipoque's methods for identifying encrypted transmissions. DPI vendors all claim high levels of success at identifying such traffic based on the flow patterns and handshake signatures common to protocols like BitTorrent and Skype, even if they cannot crack the encryption and examine the content of those transmissions."
Comments (24 posted)
Security reports
Red Hat's director of security response, Mark J. Cox, has
released another of his risk reports, this one looking at the security updates between RHEL 5.3 and 5.4. He notes that of the nine vulnerabilities of "critical" severity in that time, seven were for Firefox. It is interesting to note that the three NULL pointer vulnerabilities for the kernel were not rated as critical as they were not remotely exploitable. He also points out that three flaws which would have required critical updates, instead required no update—or in one case a low severity update for a denial of service—due to various mitigations (FORTIFY_SOURCE and hardened malloc/free) present in RHEL.
Comments (20 posted)
New vulnerabilities
cmus: temporary file vulnerability
| Package(s): | cmus |
CVE #(s): | CVE-2008-5375
|
| Created: | September 9, 2009 |
Updated: | September 9, 2009 |
| Description: |
The cmus (C* Music) player suffers from a temporary file vulnerability; 2.2.0-r1 contains the fix. |
| Alerts: |
|
Comments (none posted)
cyrus-imapd: buffer overflow
| Package(s): | cyrus-imapd |
CVE #(s): | CVE-2009-2632
|
| Created: | September 8, 2009 |
Updated: | October 24, 2011 |
| Description: |
From the Debian advisory:
It was discovered that the SIEVE component of cyrus-imapd, a highly scalable
enterprise mail system, is vulnerable to a buffer overflow when processing
SIEVE scripts. Due to incorrect use of the sizeof() operator an attacker is
able to pass a negative length to snprintf() calls resulting in large positive
values due to integer conversion. This causes a buffer overflow which can be
used to elevate privileges to the cyrus system user. An attacker who is able
to install SIEVE scripts executed by the server is therefore able to read and
modify arbitrary email messages on the system. |
| Alerts: |
|
Comments (none posted)
devscripts: missing input sanitation
| Package(s): | devscripts |
CVE #(s): | CVE-2009-2946
|
| Created: | September 3, 2009 |
Updated: | October 9, 2009 |
| Description: |
From the Debian alert:
Raphael Geissert discovered that uscan, a program to check for
availability of new source code versions which is part of the
devscripts package, runs Perl code downloaded from potentially
untrusted sources to implement its URL and version mangling
functionality. This update addresses this issue by reimplementing the
relevant Perl operators without relying on the Perl interpreter,
trying to preserve backwards compatibility as much as possible. |
| Alerts: |
|
Comments (none posted)
gccxml: temporary file vulnerability
| Package(s): | gccxml |
CVE #(s): | CVE-2008-4957
|
| Created: | September 9, 2009 |
Updated: | September 9, 2009 |
| Description: |
The GCC-XML utility suffers from a temporary file vulnerability. |
| Alerts: |
|
Comments (none posted)
lmbench: temporary file vulnerability
| Package(s): | lmbench |
CVE #(s): | CVE-2008-4968
|
| Created: | September 9, 2009 |
Updated: | September 9, 2009 |
| Description: |
The lmbench utility contains multiple temporary file vulnerabilities. There does not appear to be a fix available; Gentoo has responded by removing lmbench from its repository entirely. |
| Alerts: |
|
Comments (none posted)
openoffice.org: integer underflow, boundary error
| Package(s): | openoffice.org |
CVE #(s): | CVE-2009-0200
CVE-2009-0201
|
| Created: | September 4, 2009 |
Updated: | May 24, 2010 |
| Description: |
From the Red Hat advisory:
An integer underflow flaw and a boundary error flaw, both possibly leading
to a heap-based buffer overflow, were found in the way OpenOffice.org
parses certain records in Microsoft Word documents. An attacker could
create a specially-crafted Microsoft Word document, which once opened by an
unsuspecting user, could cause OpenOffice.org to crash or, potentially,
execute arbitrary code with the permissions of the user running
OpenOffice.org. |
| Alerts: |
|
Comments (none posted)
pam: authentication bypass
| Package(s): | pam |
CVE #(s): | |
| Created: | September 9, 2009 |
Updated: | September 9, 2009 |
| Description: |
From the Ubuntu advisory: Russell Senior discovered that the system authentication module
selection mechanism for PAM did not safely handle an empty selection.
If an administrator had specifically removed the default list of modules
or failed to chose a module when operating debconf in a very unlikely
non-default configuration, PAM would allow any authentication attempt,
which could lead to remote attackers gaining access to a system with
arbitrary privileges. |
| Alerts: |
|
Comments (none posted)
qt: man-in-the-middle attack
| Package(s): | qt |
CVE #(s): | CVE-2009-2700
|
| Created: | September 3, 2009 |
Updated: | February 3, 2010 |
| Description: |
From the National Vulnerability Database
entry:
"src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408." |
| Alerts: |
|
Comments (none posted)
screenie: temporary file vulnerability
| Package(s): | screenie |
CVE #(s): | CVE-2008-5371
|
| Created: | September 9, 2009 |
Updated: | September 9, 2009 |
| Description: |
Versions of screenie prior to 1.30.0-r1 contain a temporary file vulnerability. |
| Alerts: |
|
Comments (none posted)
silc: several vulnerabilities
| Package(s): | silc-client/silc-toolkit |
CVE #(s): | CVE-2008-7159
CVE-2008-7160
CVE-2009-3051
|
| Created: | September 4, 2009 |
Updated: | June 1, 2010 |
| Description: |
From the Debian advisory:
An incorrect format string in sscanf() used in the ASN1 encoder to scan an
OID value could overwrite a neighbouring variable on the stack as the
destination data type is smaller than the source type on 64-bit. On 64-bit
architectures this could result in unexpected application behaviour or even
code execution in some cases (CVE-2008-7159).
Various format string vulnerabilities when handling parsed SILC messages
allow an attacker to execute arbitrary code with the rights of the victim
running the SILC client via crafted nick names or channel names containing
format strings (CVE-2009-3051).
An incorrect format string in a sscanf() call used in the HTTP server
component of silcd could result in overwriting a neighbouring variable on
the stack as the destination data type is smaller than the source type on
64-bit. An attacker could exploit this by using crafted Content-Length
header values resulting in unexpected application behaviour or even code
execution in some cases (CVE-2008-7160).
|
| Alerts: |
|
Comments (none posted)
tkman: symbolic link vulnerability
| Package(s): | tkman |
CVE #(s): | CVE-2008-5137
|
| Created: | September 9, 2009 |
Updated: | September 9, 2009 |
| Description: |
Versions of tkman prior to 2.2-r1 suffer from a symbolic link vulnerability. |
| Alerts: |
|
Comments (none posted)
xemacs: multiple buffer overflows
| Package(s): | xemacs |
CVE #(s): | CVE-2009-2688
|
| Created: | September 4, 2009 |
Updated: | June 3, 2010 |
| Description: |
From the Fedora advisory:
This update fixes multiple buffer overflows when reading large image files, or maliciously created image files whose headers misrepresent the actual image size.
|
| Alerts: |
|
Comments (none posted)
Page editor: Jake Edge
Kernel development
Brief items
The 2.6.31 kernel is out,
released by Linus on
September 9. A
few of the major features in 2.6.31 include
performance counter support, the
"fsnotify" notification infrastructure, kernel mode setting for ATI Radeon
chipsets, the
kmemleak tool,
char drivers in user space
support, USB 3 support, and much more. As always, see
the KernelNewbies 2.6.31
page for a much more exhaustive list.
The last prepatch, 2.6.31-rc9, was released on September 5.
The current stable kernel is 2.6.30.6, released (along with 2.6.27.32 2.6.27.33) on September 8.
Both contain a long list of fixes, many of which are in the KVM subsystem.
Comments (6 posted)
Kernel development news
After reading more and more about BFS, I've realized that it's the
Fight Club of schedulers. You do not talk about BFS on
linux-kernel. BFS does not benchmark, it does not keep score, it
has no leaderboard. BFS only exists in the time between when Flash
Player starts and when Flash Player crashes.
--
Wesley Felter
My life's project is to hunt down the guy who invented mail client
wordwrapping, set him on fire then dance on his ashes.
--
Andrew Morton (Thanks to Nikanth K)
Linux is a 18+ years old kernel, there's not that many easy
projects left in it anymore :-/ Core kernel features that look
basic and which are not in Linux yet often turn out to be not that
simple.
--
Ingo Molnar
Checkpoint/restart has traditionally been interesting in the
mainframe and supercomputer space. These environments have very
different security profiles from a user desktop. No one at the
[.......] National Supercomputer Centre cares if you can save your
rogue game as soon as you pick up the Amulet of Yendor and restart
it if you get killed on the way up. These environments are
concerned with leaking data between the groups that have funded the
facility, which is why they are very often customers of advanced
access control technologies. I don't know that I see a really good
security story for [checkpoint/restart] in the desktop space, and as Russell points
out, there are plenty of opportunities to exploit the feature.
--
Casey Schaufler
Comments (1 posted)
By Jonathan Corbet
September 9, 2009
reflink() for 2.6.32. Joel Becker's
announcement of his 2.6.32 ocfs2 merge plans
included a mention that the
reflink() system call
would be merged alongside the ocfs2 changes. A call to
reflink()
creates a lightweight copy,
wherein both files share the same blocks in a copy-on-write mode. The
final
reflink() API looks like this:
int reflink(const char *oldpath, const char *newpath, int preserve);
int reflinkat(int olddirfd, const char *oldpath,
int newdirfd, const char *newpath,
int preserve, int flags);
A call to reflink() causes newpath to look like a copy of
oldpath. If preserve is REFLINK_ATTR_PRESERVE,
then the entire security state of oldpath will be replicated for
the new file; this is a privileged operation. Otherwise (if
preserve is REFLINK_ATTR_NONE), newpath will get
a new security state as if it were an entirely new file. The
reflinkat() form adds the ability to supply the starting
directories for relative paths and flags like the other *at()
system calls. For more information, see the documentation file at the top
of the
reflink() patch.
Joel's patch adds reflink() support for the ocfs2 filesystem; it's
not clear whether other filesystems will get reflink() support in
2.6.32 or not.
A stable debugfs?. Recurring linux-kernel arguments tend to focus
on vitally important issues - like where debugfs should be mounted. The
official word is that it belongs on /sys/kernel/debug, but there
have been ongoing problems with rogue developers mounting it on unofficial places
like /debug instead. Greg Kroah-Hartman defends /sys/kernel/debug by noting
that debugfs is for kernel developers only; there's no reason for users to
be interested in it.
Except, of course, that there is. The increasing utility of the ftrace
framework is making it more interesting beyond kernel development circles.
That led Steven Rostedt to make a
suggestion:
I think that the tracing system has matured beyond a "debug" level
and is being enabled on production systems. Both fedora and debian
are now shipping kernels with it enabled. Perhaps we should create
another pseudo fs that can be like debugfs but for stable ABIs. A
new interface could start out in debugfs, but when it has reached
a stable interface, then it could be moved to another location to
signal this.
Steven would like a new virtual filesystem for stable kernel ABIs
which is easier to work with than sysfs and which can be mounted in a more
typing-friendly location. Responses to the suggestion have been scarce so
far; somebody will probably need to post a patch to get a real discussion
going.
data=guarded. Chris Mason has posted a new version of the ext3
data=guarded mode patch. The guarded mode works to ensure that data
blocks arrive on disk before any metadata changes which reference those
blocks. The goal is to provide the performance benefits of the
data=writeback mode while avoiding the potential information disclosure
(after a crash) problems with that mode. Chris had mentioned in the past
that he would like to merge this code for 2.6.32; the latest posting,
though, suggests that some work still needs to be done, so it might not be
ready in time.
Comments (1 posted)
By Jonathan Corbet
September 9, 2009
As was recently
reported
here, Con Kolivas recently resurfaced with
a new CPU
scheduler called "BFS". This scheduler, he said, addresses the
problems which ail the mainline CFS scheduler; the biggest of these, it
seems, is the prioritization of "scalability" over use on normal desktop
systems. BFS was meant to put the focus back on user-level systems and,
perhaps, make the case for supporting multiple schedulers in the kernel.
![[Pipe
benchmark results]](/images/ns/kernel/bfs-vs-tip-pipe.jpg)
Since then, CFS creator Ingo Molnar has responded with a series of
benchmark results comparing the two schedulers. Tests included kernel
build times, pipe performance, messaging performance, and an online
transaction processing test; graphs were posted showing how each scheduler
performed on each test. Ingo's conclusion: "Alas, as it can be seen
in the graphs, i can not see any BFS performance improvements, on this
box." In fact, the opposite was true: BFS generally performed
worse than the mainline scheduler.
Con's answer was best described as
"dismissive":
/me sees Ingo run off to find the right combination of hardware and
benchmark to prove his point.
[snip lots of bullshit meaningless benchmarks showing how great cfs
is and/or how bad bfs is, along with telling people they should use
these artificial benchmarks to determine how good it is,
demonstrating yet again why benchmarks fail the desktop]
As far as your editor can tell, Con's objections to the results mirror
those heard elsewhere: Ingo chose an atypical machine for his tests, and
those tests, in any case, do not really measure the performance of a
scheduler in a desktop situation. The more cynical observers seem to
believe that Ingo is more interested in defending the current scheduler
than improving the desktop experience for "normal" users.
The machine chosen was certainly at the high end of the "desktop" scale:
So the testbox i picked fits into the upper portion of what i
consider a sane range of systems to tune for - and should still fit
into BFS's design bracket as well according to your description:
it's a dual quad core system with hyperthreading. It has twice as
many cores as the quad you tested on but it's not excessive and
certainly does not have 4096 CPUs.
A number of people thought that this box is not a typical desktop Linux
system. That may indeed be true - today. But, as Ingo (among others) has
pointed out, it's important to be a little
ahead of the curve when designing kernel subsystems:
But when it comes to scheduler design and merge decisions that will
trickle down and affect users 1-2 years down the line (once it gets
upstream, once distros use the new kernels, once users install the
new distros, etc.), i have to "look ahead" quite a bit (1-2 years)
in terms of the hardware spectrum.
Btw., that's why the Linux scheduler performs so well on quad core
systems today - the groundwork for that was laid two years ago when
scheduler developers were testing on a quads. If we discovered
fundamental problems on quads _today_ it would be way too late to
help Linux users.
Partly in response to the criticisms, though, Ingo reran his tests on a single quad-core system,
the same type of system as Con's box. The end results were just about the
same.
The hardware used is irrelevant, though, if the benchmarks are not testing
performance characteristics that desktop users care about. The concern
here is latency: how long it takes before a runnable process can get its
work done. If latencies are too high, audio or video streams will skip,
the pointer will lag the mouse, scrolling will be jerky, and Maelstrom
players will lose their ships. A number of Ingo's original tests were
latency-related, and he added a couple more in the second round. So it
looks like the benchmarks at least tried to measure the relevant quantity.
Benchmark results are not the same as a better desktop experience, though,
and a number of users are reporting a "smoother" desktop when running with
BFS. On the other hand, making significant scheduler changes in response
to reports of subjective "feel" is a sure recipe for trouble: if one cannot
measure improvement, one not only risks failing to fix any problems, one is
also at significant risk of introducing performance regressions for other
users. There has to be some sort of relatively objective way to judge
scheduler improvements.
The way preferred by the current scheduler maintainers is to identify
causes of latencies and fix them. The kernel's infrastructure for the
identification of latency problems has improved considerably over the last
year or two. One useful tool is latencytop, which collects data on
what is delaying applications and presents the results to the user. The
ftrace tracing framework is also able to create data on the delay between
when a process is awakened and when it actually gets into the CPU; see this post from Frederic Weisbecker for an
overview of how these measurements can be taken.
If there are real latency problems remaining in the Linux scheduler - and
there are enough "BFS is better" reports to suggest that there are - then
using the available tools to describe them seems like the right direction
to take. Once the problem is better understood, it will be possible to
consider possible remedies. It may well be that the mainline scheduler can
be adjusted to make those problems go away. Or, possibly, a more radical
sort of approach is necessary. But, without some understanding of the
problem - and associated ability to measure it - attempted fixes seem a bit
like a risky shot in the dark.
Ingo welcomed Con back to the development community and invited him to help
improve the Linux scheduler. This seems unlikely to happen, though. Con's
way of working has never meshed well with the kernel development community,
and he is showing little sign of wanting to change that situation. That is
unfortunate; he is a talented developer who could do a lot to improve Linux
for an important user community. The adoption of the current CFS scheduler
is a direct result of his earlier work, even if he did not write the code
which was actually merged. In general, though, improving Linux requires
working with the Linux development community; in the absence of a desire to
do that effectively, there will be severe limits on what a developer will
be able to accomplish.
(See also: Frans Pop's benchmark tests,
which show decidedly mixed results.)
Comments (25 posted)
By Jake Edge
September 9, 2009
The staging tree has made a lot of progress since it appeared in June 2008. To start with, the
tree itself quickly moved into the mainline
in October 2008; it also has accumulated more than 40 drivers of various
sorts. Staging is an outgrowth of the Linux Driver Project that is
meant to collect drivers, and other "standalone" code such as filesystems,
that are not yet ready for the mainline. But, it was never meant to be a
"dumping ground for dead
code", as staging maintainer Greg Kroah-Hartman put it in a recent status update. Code that
is not being improved, so that it can move into the mainline, will be
removed from the tree.
Some of the code that is, at least currently, slated for removal includes
some fairly high-profile drivers, including one from Microsoft that was
released with great fanfare
in July. After a massive cleanup that resulted in more than 200 patches to
get the code "into a semi-sane kernel coding style",
Kroah-Hartman said that it may have to be removed in six months or so:
Unfortunately the Microsoft developers
seem to have disappeared, and no one is answering my emails.
If they do not show back up to claim this driver soon, it will
be removed in the 2.6.33 release. So sad...
Microsoft is certainly not alone in Kroah-Hartman's report—which
details the status of the tree for the upcoming 2.6.32 merge
window—as several other large companies' drivers are in roughly the
same boat. Drivers for Android hardware (staging/android),
Intel's Management Engine Interface (MEI) hardware (staging/heci),
among others were called out in the report. Both are slated
for removal, android for 2.6.32, and heci in 2.6.33
(presumably). The latter provides an excellent example of how not to
do Linux driver development:
A wonderful example of a company throwing code over the
wall, watching it get rejected, and then running away as fast
as possible, all the while yelling over their shoulder, "it's
required on all new systems, you will love it!" We don't, it
sucks, either fix it up, or I am removing it.
Kroah-Hartman's lengthy report covers more than just drivers that may be
removed; it also looks at those that have made progress, including some
that should be moving to the mainline, as well as new drivers that are
being added to staging. But the list of drivers that aren't being actively
worked on is roughly as long as the other two lists combined, which is
clearly suboptimal.
Presumably to see if folks read all the way through,
Kroah-Hartman sprinkles a few laughs in an otherwise dry summary. For the
me4000 and meilhaus drivers, he notes that there is no
reason to continue those drivers "except to watch the RT guys squirm
as they try to figure out the byzantine locking and build logic here (which
certainly does count for something, cheap entertainment is
always good.)"
He also notes several drivers that are in the inactive category, but are
quite close to being merge-worthy. He suggests that developers looking
for a way to contribute consider drivers such as asus_oled (Asus
OLED display),
frontier (Frontier digital audio workstation controller),
line6 (PODxt Pro audio effects modeler), mimio (Mimio Xi
interactive whiteboard), and panel (parallel port LCD/keypad).
Each of those should be relatively easy to get into shape for inclusion in
the mainline.
There are a fair number of new drivers being added for 2.6.32,
including the Microsoft Hyper-V drivers (staging/hv) mentioned
earlier, as well as VME bus drivers (staging/vme), the industrial
I/O subsystem (staging/iio), and several wireless drivers (VIA
vt6655 and vt6656, Realtek rtl8192e, and Ralink 3090). Also,
"another COW driver" is being added: the Cowloop copy-on-write
pseudo block driver
(staging/cowloop).
Two of
Evgeniy Polyakov's projects—mistakenly listed in the "new driver"
section though they were added in 2.6.30—were also mentioned.
The distributed storage (DST)
network block device (staging/dst), which Kroah-Hartman notes may
be "dead" is a candidate for removal, while the distributed
filesystem POHMELFS (staging/pohmelfs) is mostly being
worked on out-of-tree. Polyakov agrees that DST is not needed in the
mainline, but is wondering about moving POHMELFS out of staging and
into fs/. Since there are extensive changes on the way for
POHMELFS,
it is unlikely to move out of staging for another few kernel releases at
least.
There was also praise for the work on various drivers which have been
actively worked on over the last few months. Bartlomiej Zolnierkiewicz
was singled out for his work on rt* and rtl* wireless
drivers (which put him atop the list of most active 2.6.31
developers), along with Alan Cox for work on the et131x driver
for the
Agere gigabit Ethernet adapter. Johannes Berg noted that much of Zolnierkiewicz's work on
the rt* drivers "will have been in vain" because of
the progress being made by the rt2x00 project. But that doesn't faze Zolnierkiewicz:
The end goal of this work has always been having native rt2x00 support
for all those chipsets (as have been explained multiple times). If this
means that one day we will delete all Ralink drivers in staging in favor
of proper wireless drivers -- fine with me.
In the meantime (before clean and proper support becomes useful) Linux
users are provided with the possibility to use their hardware before it
becomes obsolete.
At least one developer stepped up to work on one of the inactive drivers (asus_oled) in
the thread. In addition, Willy Tarreau mentioned that he had heard from another who
was working on panel, telling Kroah-Hartman: "This
proves that the principle of the staging tree seems to work".
Overall, the staging tree seems to be doing exactly what Kroah-Hartman and
others envisioned. Adding staging into the mainline, which raised the
profile and availability of those drivers, has led to a fair amount of
cleanup work, some of which has resulted in the drivers themselves moving
out of staging and into the mainline. Some drivers seem to be falling by
the wayside, but one would guess that Kroah-Hartman would welcome them back
into the tree should anyone show up to work on them. In the meantime, the
code certainly hasn't suffered from whatever fixes various kernel
hackers found time to do. Those changes will be waiting for anyone who
wants to pick that code back up, even if it is no longer part of staging.
Comments (11 posted)
September 9, 2009
This article was contributed by Valerie Aurora (formerly Henson)
Sure, programmers (especially operating systems programmers) love
their specifications. Clean, well-defined interfaces are a key
element of scalable software development. But what is it about file
systems, POSIX, and when file data is guaranteed to hit permanent
storage that brings out the POSIX fundamentalist in all of us? The
recent
fsync()/rename()/O_PONIES
controversy was the most heated in recent memory but not out of
character for
fsync()-related discussions. In this
article, we'll explore the relationship between file systems
developers, the POSIX file I/O standard, and people who just want to
store their data.
In the beginning, there was creat()
Like many practical interfaces (including HTML and TCP/IP), the POSIX file system
interface was implemented first and specified second. UNIX was
written beginning in 1969; the first release of the POSIX
specification for the UNIX file I/O interface (IEEE Standard 1003.1)
was released in 1988. Before UNIX, application access to non-volatile
storage (e.g., a spinning drum) was a decidedly application- and
hardware-specific affair. Record-based file I/O was a common paradigm,
growing naturally out of punch cards, and each kind of file was treated
differently. The new interface was designed by a few guys (Ken
Thompson, Dennis Ritchie, et alia) screwing around with their new
machine, writing an operating system that would make it easier
to, well, write more operating systems.
As we know now, the new I/O interface was a hit. It turned out to be a
portable, versatile, simple paradigm that made modular software
development much easier. It was by no means perfect, of course: a
number of warts revealed themselves over time, not all of which were
removed before the interface was codified into the POSIX
specification. One example is directory hard links, which permit the
creation of a directory cycle - a directory that is a descendant of
itself - and its subsequent detachment from the file system hierarchy,
resulting in allocated but inaccessible directories and files.
Recording the time of the last access time - atime - turns every read
into a tiny write. And don't forget the apocryphal quote from Ken
Thompson when asked if he'd do anything differently if he were
designing UNIX today: "If I had to do it over again? Hmm... I guess
I'd spell 'creat' with an 'e'". (That's the creat()
system call to create a new file.) But overall, the UNIX file system
interface is a huge success.
POSIX file I/O today: Ponies and fsync()
Over time, various more-or-less portable additions have accreted
around the standard set of POSIX file I/O interfaces; they have been
occasionally standardized and added to the canon - revelations from
latter-day prophets. Some examples off the top of my head include
pread()/pwrite(), direct I/O, file preallocation, extended attributes,
access control lists (ACLs) of every stripe and color, and a vast
array of mount-time options. While these additions are often debated
and implemented in incompatible forms, in most cases no one is trying
to oppose them purely on the basis of not being present in a standard
written in 1988. Similarly, there is relatively little debate about
refusing to conform to some of the more brain-dead POSIX details, such
as the aforementioned directory hard link feature.
Why, then, does the topic of when file system data is guaranteed to be
"on disk" suddenly turn file systems developers into pedantic
POSIX-quoting fundamentalists? Fundamentally (ha), the problem comes
down to this: Waiting for data to actually hit disk before returning
from a system call is a losing game for file system performance. As
the most extreme example, the original synchronous version of the UNIX
file system frequently used only 3-5% of the disk throughput. Nearly
every file system performance improvement since then has been
primarily the result of saving up writes so that we can allocate and
write them out as a group. As file systems developers, we are going
to look for every loophole in fsync() and squirm our way
through it.
[PULL QUOTE:
As file systems developers, we are going
to look for every loophole in fsync() and squirm our way
through it.
END QUOTE]
Fortunately for the file systems developers, the POSIX specification
is so very minimal that it doesn't even mention the topic of file
system behavior after a system crash. After all, the original
FFS-style file systems (e.g., ext2) can theoretically lose your entire
file system after a crash, and are still POSIX-compliant. Ironically,
as file systems developers, we spend 90% of our brain power coming up
with ways to quickly recover file system consistency after system
crash! No wonder file systems users are irked when we define file
system metadata as important enough to keep consistent, but not file
data - we take care of our own so well. File systems developers have
magnanimously conceded, though, that on return
from fsync(), and only from fsync(), and
only on a file system with the right mount options, the changes to
that file will be available if the system crashes after that point.
At the same time, fsync() is often more expensive than it
absolutely needs to be. The easiest way to
implement fsync() is to force out every outstanding write
to the file system, regardless of whether it is a journaling file
system, a COW file system, or a file system with no crash recovery
mechanism whatsoever. This is because it is very difficult to map
backward from a given file to the dirty file system blocks needing to
be written to disk in order to create a consistent file system
containing those changes. For example, the block containing the
bitmap for newly allocated file data blocks may also have been changed
by a later allocation for a different file, which then requires that
we also write out the indirect blocks pointing to the data for that
second file, which changes another bitmap block... When you solve the
problem of tracing specific dependencies of any particular write, you
end up with the complexity
of soft updates. No
surprise then, that most file systems take the brute force approach,
with the result that fsync() commonly takes time
proportional to all outstanding writes to the file system.
So, now we have the following situation: fsync() is
required to guarantee that file data is on stable storage, but it may
perform arbitrarily poorly, depending on what other activity is going
on in the file system. Given this situation, application developers
came to rely on what is, on the face of it, a completely reasonable
assumption: rename() of one file over another will either
result in the contents of the old file, or the contents of the new
file as of the time of the rename(). This is a subtle
and interesting optimization: rather than asking the file system to
synchronously write the data, it is instead a request to order the
writes to the file system. Ordering writes is far easier for the file
system to do efficiently than synchronous writes.
However, the ordering effect of rename() turns out to be
a file system specific implementation side effect. It only works when
changes to the file data in the file system are ordered with respect
to changes in the file system metadata. In ext3/4, this is only true
when the file system is mounted with the data=ordered
mount option - a name which hopefully makes more sense now! Up until
recently, data=ordered was the default journal mode for
ext3, which, in turn, was the default file system for Linux; as a result,
ext3 data=ordered was all that
many Linux application developers had any experience with. During the
Great File System Upheaval of 2.6.30, the default journal mode for
ext3 changed to data=writeback, which means that file
data will get written to disk when the file system feels like it, very
likely after the file's metadata specifying where its contents are
located has been written to disk. This not only breaks
the rename() ordering assumption, but also means that the
newly renamed file may contain arbitrary garbage - or a copy
of /etc/shadow, making this a security hole as well as a
data corruption problem.
Which brings us to the present
day fsync/rename/O_PONIES
controversy, in which many file systems developers argue that
applications should explicitly call fsync() before
renaming a file if they want the file's data to be on disk before the
rename takes effect - a position which seems bizarre and random until
you understand the individual decisions, each perfectly reasonable,
that piled up to create the current situation. Personally, as a file
systems developer, I think it is counterproductive to replace a
performance-friendly implicit ordering request in the form of
a rename() with an impossible to
optimize fsync(). It may not be POSIX, but the
programmer's intent is clear - no one ever, ever wrote
"creat(); write(); close(); rename();" and hoped they
would get an empty file if the system crashed during the next 5
minutes. That's what truncate() is for. A generalized
"O_PONIES do-what-I-want" flag is indeed not possible,
but in this case, it is to the file systems developers' benefit to
extend the semantics of rename() to imply ordering so
that we reduce the number of fsync() calls we have to cope
with. (And, I have to note, I did have a real, live pony when I was a
kid, so I tend to be on the side of giving programmers ponies when
they ask for them.)
My opinion is that POSIX and most other useful standards are helpful
clarifications of existing practice, but are not sufficient when we
encounter surprising new circumstances. We criticize applications
developers for using folk-programming practices ("It seems to work!")
and coming to rely on file system-specific side effects, but the bare
POSIX specification is clearly insufficient to define useful system
behavior. In cases where programmer intent is unambiguous, we should
do the right thing, and put the new behavior on the list for the next
standards session.
Comments (119 posted)
Patches and updates
Kernel trees
Build system
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Virtualization and containers
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
Foresight Linux is an
offshoot of rPath. It uses Conary for package management,
as well as other tools developed by rPath to create bleeding edge desktop
distributions. Originally Foresight focused on GNOME, but later branched
out to cover KDE and XFCE.
Things were a bit slow at Foresight recently, so Michael K. Johnson posted a "thought exercise" to the foresight-devel
mailing list about a possible change for Foresight Linux to incite some
discussion.
Because I'm rPath's Director of Operating Systems, in charge of
rPath Linux, this may come as a big shock, but perhaps I'm the one
in the best place to say this: rPath Linux is not the right base
OS for Foresight. rPath Linux is a great OS for the purpose for
which it was built, and delivers great value to rPath's customers
for building server-oriented application stacks that include a
versioned operating system -- in fact, it is based on demand from
those customers that rPath has concentrated on doing incremental
improvements to a stable OS base rather than new OS versions.
The development model of rPath Linux is too divergent from the
development model of Foresight to make it an appropriate long-term
base for Foresight.
While Michael's proposal was not meant to be taken too seriously it did
spark plenty of discussion, some here on LWN and more on the
foresight-devel list, where a few people wondered how this discussion ended
up on LWN. That's what we get for following -devel mailing lists.
What did become clear during this discussion was there was very little
interest in rebasing Foresight, but there was interest in a Conary import
of Fedora RPMs. This led to another
proposal, to create "Boots, a Fedora Remix". Boots is a completely
separate project, not to be confused with any possible rebase for
Foresight. More information is available on this
wiki page. The Foresight Council approved
Boots as a sub-project on September 4, 2009.
Boots is mostly a binary import of Fedora, with packages modified or
rebuilt from source as necessary. For example, PackageKit would be changed
to use the Conary backend. There will be a full import of most of Fedora
for x86 and x86_64 architectures. There will be no SELinux support or
support for other architectures unless volunteers come forth to make it
happen. Boots will comply with Fedora
trademark guidelines so it will exclude trademark-related packages and use the
secondary
mark instead. Boots aims to be a good citizen in both the Fedora and
Foresight communities.
While Foresight favors a rolling release model, some users have asked
for a time-based releases. Some users have also asked for some server
packages. While these have been outside of Foresight's scope, Boots will
follow the time-based Fedora release schedule and include Fedora's server
packages. A new version of Boots will follow each Fedora release and
reproduce Fedora, bugs and all, while allowing users a choice of package
management systems.
Boots users should note that while the rpm command will be included,
using it could break your system. From the wiki:
"the rpm command is on the installed system. If you choose to use it
to install packages that conflict with Conary, you broke your system, and
you get to keep both pieces."
rPath's distribution import tool mirrorball will be used to
import Fedora packages into the boots.rpath.org repository. rPath is
currently using mirrorball to maintain up-to-date imports of SLES 10, SLES
11, CentOS 5, and Scientific Linux 5 as maintained platforms, as well as
Ubuntu Hardy as a proof of concept. Note that these are all server
versions. Boots will be the first desktop distribution (after Foresight)
to use the Conary package management system.
Boots packages will use the Fedora toolchain to maintain binary
compatibility with Fedora. Foresight may or may not use the same
toolchain, that is another discussion. Nonetheless, bleeding edge packages
in Fedora may be rebuilt for Foresight. In any case Foresight can renew
its focus on providing the latest desktop developments and allow Boots to
focus on any server package requests and the time-based releases that users
have requested.
Comments (1 posted)
New Releases
Back Track FRHACK Editon v1 alpha 1 is out. The Edition is an
updated/modified version of the latest
BackTrack 4 release
with updates and additional security- and cracking-oriented tools.
Full Story (comments: none)
The release of DesktopBSD 1.7 has
been
announced. "
This new release comes with FreeBSD 7.2-RELEASE-p3 as base system and KDE 3.5.10 as desktop environment and includes a large number of pre-installed applications. The easy-to-use graphical installer and utilities allow for a simple installation and configuration process."
Comments (none posted)
Ubuntu's Karmic Koala Alpha 5 (Ubuntu 9.10) is available for testing.
Images are also available for Ubuntu Server for UEC and EC2, Ubuntu ARM,
Kubuntu, Xubuntu and Mythbuntu.
Full Story (comments: none)
Distribution News
Debian GNU/Linux
A recent debian-devel-announce posting describes in detail the problems
faced by the current Debian boot system and what is being done to fix
them. "
Over the last few years, the boot system in Debian has progressively
deteriorated due to changes in the Linux kernel which make the kernel
more and more event based. For example, the kernel and its drivers no
longer block all processing while detecting disks, network interfaces
and other hardware, making the once trusty old boot system in Debian
increasingly fragile." The solution is dependency-based init script
sequencing (well in progress) and an upcoming switch to
upstart.
Full Story (comments: 36)
The GRUB maintainers take a look at the current status of GRUB 2 in
Debian. "
As you may have noticed, upgrades of the GRUB Legacy
package (`grub') in unstable have begun using GRUB 2 (`grub-pc' package) as
upgrade path. This means that tentatively, GRUB 2 is to be considered the
option for Lenny to Squeeze upgrades. It should also become the option for
new Squeeze installs. This decision is not final yet!"
Full Story (comments: none)
The Debian Release Team has decided to make use of the release.debian.org
pseudo-package on the BTS. "
The Release Team list policy has long
been "this is not a discussion list, please go elsewhere". The reason has
been that with too much discussion, it's easy to lose track of the release
related requests. With the BTS, we hope this will not happen
anymore. That's why we're considering relaxing the list policy to enclose
matters like Release Goals discussions, arch qualifications, and similar
matters."
Full Story (comments: none)
Debian has a new standard defining meta-information to integrate on
patches. "
I just changed the status of this Debian Enhancement
Proposal to CANDIDATE, that means that you are all encouraged to make use
of it and try it out for real. Hopefully, http://patch-tracker.debian.org
will gain support of this format and will allow smarter browsing based on
those information." Feedback is requested.
Full Story (comments: 1)
DebConf10 will be held in New York City, USA, exact date to be determined
soon. If you think you might need a visa it's not too early to start the
process and to make sure your passport is current. Click below for visa
information.
Full Story (comments: none)
Fedora
Fedora Infrastructure has been discussing having a consistent set of
licenses for applications and scripts we create for Fedora. They have
decided that libraries will be licensed under LGPLv2+ and applications will
be licensed under GPLv2+.
Full Story (comments: none)
Mandriva Linux
The Official Mandriva Blog has
an
interview with Colin Guthrie. Colin has been working on Compiz
"
for the pointless eye candy" and PulseAudio. "
I now
also look after PulseAudio. This has been a software system I've been
pushing for the last couple years. I'm quite passionate about music (can't
produce it but I do like appreciating it) and the way the audio system
worked on Linux before PulseAudio really annoyed me. Now that is has come
along, it has literally revolutionised my view of audio on Linux and while
it's not without it's problem on some hardware, I'm fully committed to
pushing it as a solution."
Comments (none posted)
Red Hat Enterprise Linux
ars Technica
covers a change in
virtualization software for Red Hat Enterprise Linux 5.4.
"
Red Hat announced Wednesday the release of Red Hat Enterprise Linux 5.4, a new major point update of the company's popular commercial Linux distribution. This version introduces official support for KVM and marks an important milestone in Red Hat's gradual transition away from Xen.
KVM, the Kernel-based Virtual Machine, is an open source framework that brings native full virtualization to the Linux kernel."
Comments (10 posted)
Dag Wieers
wonders whether seven years of support is enough for Red Hat Enterprise Linux (RHEL). He looks at the increasing time span between RHEL major releases and notes that the support window may close before customers are ready. "
Let me explain what I mean. When Red Hat released RHEL2.1, seven years of support was perfect, seemed more than one would want. RHEL3 came 18 months after RHEL2.1 and after one year of testing RHEL3 and 3rd party integration new systems could be deployed, giving you 6 years of support. Your hardware would usually not outlive the operating system support."
Comments (24 posted)
Slackware Linux
Linux Magazine
interviews Eric
Hameleers about his work with Slackware. "
To me, Slackware's
philosophy has a different angle that sets it apart from all the others. To
this day, Slackware has an extremely lean design, intended to make you
experience Linux the way the software authors intended. This is
accomplished by applying patches as little as possible - preferably for
stability or compatibility reasons only. Slackware's package manager (yes,
it has one, pkgtools!) stays out of your way by not forcing dependency
resolution. And the clean, well-documented system scripts (written in bash
instead of ruby) allow for a large degree of control over how your system
functions. Slackware does not try to assume or anticipate."
Comments (44 posted)
Distribution Newsletters
The
DistroWatch
Weekly for September 7, 2009 is out. "
Continuing with our series of first looks at small and minimalist distributions, Caitlyn Martin tries xPUD, a 50 MB live CD with an unusual user interface, suitable for netbooks and web kiosks. Is xPUD ready for prime time? Or does the version number of 0.9 indicate that the distro still needs some polishing before it can be considered a competitor to Moblin and similar projects? Read on to find out. In the news section, the new Slackware Linux 13.0 maintains much interest in the Linux user community, Lubuntu announces the first testing release of its lightweight distribution that combines Ubuntu with LXDE, Debian prepares to replace the old SysVInit start-up system with the more modern upstart, and Red Hat Enterprise Linux 5.4 arrives with a new virtualisation option and many new kernel patches. Also in the news, fans of BSD on the desktop will be thrilled to learn that DesktopBSD is back with a new release, while Mandriva developer Colin Guthrie tells us about his recent work on Compiz and PulseAudio. Finally, we are pleased to announce that the recipient of the DistroWatch.com August 2009 donation is the Linux MultiMedia Studio (LMMS) project. Happy reading!"
Comments (none posted)
The Fedora Weekly News for September 6, 2009 is out. "
Our issue kicks off with announcements, including news that major segments of fedoraproject.org and the Fedora Project infrastructure now support IPv6, and details of a new licensing policy for apps developed by the Fedora infrastructure team. News from Planet Fedora is back in this issue, covering interesting posts and commentary from the Fedora blogosphere. In marketing news, coverage of the major marketing deliverables for releases, and how Fedora Ambassadors can assist with F12 marketing, along with an exciting proposal for a Fedora special issue of Linux Pro Magazine that is being considered. In Ambassador news, details on the upcoming Utah Open Source Conference and a report from a free software workshop at KLN Madurai. In Quality Assurance news, updates from recent Test Days and Fit and Finish test days, along with all the week's news of team meetings. The Translation beat provides us with various Transifex-related updates coming soon. In Design news, a request for a logo for a Fedora Chilean event. Our issue completes with a variety of virtualization-related news, including new Fedora 12 features, and future developments to the Xen dom0 kernels. Enjoy FWN 192!"
Full Story (comments: none)
This issue of the
Mint
Newsletter covers the status of the Fluxbox edition and much more.
Comments (none posted)
This issues of the
OpenSUSE Weekly
News covers Keynote Update: Lenz Grimmer to Keynote openSUSE
Conference, Masim Sugianto: Indonesian openSUSE Event : Zimbra Community
Training, Pavol Rusnak: New RPM in openSUSE Factory, Unixmen/M.Zinoune:
Usefull extensions for openoffice, Andrew Wafaa: Guide To Goblin and more.
Comments (none posted)
The Ubuntu Weekly Newsletter for September 5, 2009 is out. "
In this issue we cover: Karmic Koala Alpha 5 released, New Ubuntu TechBoard for 2009, Jono Bacon: Three Years At Canonical, Canonical adds Advanced Ubuntu Service and Support, Ubuntu Stats, Ubuntu LoCo News, Karmic gets another cloud tool: Tahoe-LAFS, Ubuntu Forums Tutorial of the week & Report Abuse Icon, Ubuntu Developer Week Summaries, Help Fill in the Ubuntu IRC channels, Ubuntu Podcast Quickie #11, Ubuntu-UK podcast: The Android Invasion, and much, much more!"
Full Story (comments: none)
Interviews
Linux Magazine's ROSE weblog has an
interview with Debian developer Meike Reichle. The interview covers a number of topics including Reichle's thoughts on why more women should get involved in free software development and how the community operates. She also has some advice on finding employment: "
So, if you have some time (for instance if you are still in school or at a college or university), the best way to get such a job is surely to make a name for yourself in the community first. The best way to get into an Open Source company is if there's no need for introduction. If that is not a choice, I would recommend visiting a couple of Open Source events and personally introduce yourself to prospective employers."
Comments (none posted)
Distribution reviews
J.A. Watson
takes
a look at the latest Zenwalk release. "
First, you need to be aware that although there are at least four different versions of the Zenwalk distribution (Standard, Core, Live and Gnome), at this point only the Standard Edition has been updated to the 6.2 release. Don't get confused - the LiveCD is not the 6.2 release (yet), and the Standard Edition is an installation CD, not a LiveCD, so the only thing you can do is download and install it, you can't just "try it out" yet."
Comments (none posted)
Page editor: Rebecca Sobol
Development
September 9, 2009
This article was contributed by Nathan Willis
Quickly is a new utility to
simplify Linux application development by bootstrapping repetitive project
setup, user interface, packaging, and release chores. It targets both new
application developers and those who simply want to speed up recurring
tasks. Quickly is a product of the Ubuntu project, but is flexible enough
to be used in other distributions and for other types of tasks — the
real power of Quickly lies in the templates that automate different aspects
of project configuration and maintenance.
An application built using Quickly has no dependency on Quickly itself,
said developer Didier Roche, "there is no Quickly runtime or base
class library." The goal, he said, is to speed up the process for
regular developers and help new developers get past the barrier of deciding
which tools and approaches to use.
It can be difficult to get into GNU/Linux
programming as there are a whole bunch of available technologies. Let's think
about using GTK/QT, language, which library do I need? Add to this some
tools decisions like the IDE, the VCS, hosting the project, etc. Too many
choices kills the choice itself. [...] For instance, learning Debian
packaging just to create a package to share with people can be
tedious. Quickly (with ubuntu-project template) does it for
you. Consequently, opportunistic developers can focus only on precise
things and do it quickly, easily and right!
Canonical's Rick Spencer came up with the initial idea for Quickly after a
series of false starts with missing documentation — including the
deprecated tool libglade that did
not point him towards its replacement gtkbuilder
— and packaging guides that were so generalized that they provided little
concrete help:
It took me a long time and a lot of digging to put
together a set of tools for myself that worked for me. [...] This was
partly due to the fact that there was no definitive source of information,
or any credible expert. So threads in Ubuntu Forums where newcomers asked
"how do I write an app for Ubuntu" get a pile of different options, and no
way to know what is best. I very much wanted to
solve this problem, and create a pipeline that made it easy to go from
conceiving an app to have people using it.
The latest version of Quickly is 0.2.2 and is
packaged only for Ubuntu 9.10, in which it is slated to be part of the
official release. The authors note, however, that it could easily be
packaged for Ubuntu 9.04 or for other distributions. Quickly is a
command-line only tool that developers can use to execute discrete steps of
the form:
quickly command [options]
It has commands
that create a new project, start an editing session, package it, make a
public release, and so on.
Most of these commands are defined in a template tailored to a specific
scenario; running "quickly commands" will list the built-in
commands and those associated with each installed template. So far, the
only released template is ubuntu-project, which automates working with
Ubuntu-compatible code (using Bazaar
for version control, Debian packaging, and Launchpad.net Personal Package
Archives (PPA) for releases).
In addition, the ubuntu-project template makes what Roche called
"opinionated choices" for the tools and technologies used by the new
application: using Python for the language, PyGTK for the user interface, Glade for
the UI design, Gedit for the editor, and Desktop CouchDB for
(optional) data storage. Using the template's project creation routines to
start a new project, Quickly creates a subdirectory for the project and
set of skeleton files, including necessary Python and Glade files, plus
auxiliary icon and licensing files. Quickly also creates Python classes to
encapsulate basic windows and dialogs, and a separate Glade file for each
class and window. These decisions are designed to make it simple to edit
the application with Quickly, even though they might not be the design
choices other programmers would make.
Example Quickly usage
The Ubuntu wiki features a
basic tutorial on writing code with Quickly, and Roche has started
a series of blog entries to document its usage and options. On August 31,
Roche and Spencer hosted an IRC
talk during Ubuntu Developer Week that delved into further detail.
The process starts by running:
quickly create ubuntu-project myapp
Quickly then creates a
./myapp directory, and fills it
with:
bin/
Copyright
data/
myapp/
myapp.desktop.in
setup.py
The Python files are placed in myapp/myapp, and the Glade files in
myapp/data. After that, the developer must
cd into
the myapp directory. From there, quickly run will launch the
new application, quickly edit will open the key Python files
in Gedit, and quickly glade will open
the UI files with Glade. Because the focus of the ubuntu-project template
is on graphical applications, a quickly dialog command is
available to create a new dialog window and associated class in Glade and
Python.
Running quickly save will save the code to Bazaar,
quickly license some_license will add license
headers, and quickly package will calculate dependencies and
generate a .deb package. Public releases are made with
quickly share and quickly release. Both
commands require the
user to have a working account on Launchpad.net, complete with a PPA. The
difference between the two commands is that share does not assign
a version
number or allow for a change log; release automatically increments
version
numbers, although they can be overridden.
Quickly design: core and templates
At its core, Roche explained, the quickly tool itself is
essentially a
parser and command processor. It checks context (for example, whether the
working directory is a Quickly project directory), provides command
completion, help, and a few low-level hooks, but most of the logic resides in
the templates. Templates are written in Python, and although there is no
documentation for template writing available yet, interested parties can
browse the code used in the ubuntu-project template, which is installed by
the package at /usr/share/quickly/templates/ubuntu-project.
Roche said that the Quickly team decided to separate as much of the
"intelligence" as possible from the quickly core in order to make it more
useful. "If anyone wants to make templates for other platforms, we
would gladly merge those into our project," he said, perhaps
separating Quickly templates into its own subproject from Quickly Core.
"We would love to see, for instance, a fedora-project template,
gnome-project one, plasmoid-project, [or a] zeitgeist-plugin."
Quickly even makes it simple to duplicate an existing template in order
to customize it; the built-in command:
quickly quickly template
creates a duplicate. The user can then modify the
new template for use with other editors, other version control systems, or
make more substantial changes without starting from scratch. "If
someone likes the ubuntu-project template but doesn't agree on, let's say,
couchdb but prefers gconf, he is able to create his own template based on
ubuntu-project with $ quickly quickly ubuntu-project
ubuntu-project-with-gconf and then hack in
~/quickly-templates/ubuntu-project-with-gconf/ to tweak what interests
him," said Roche.
Quickly's core/template separation means that it is not limited to
standalone GUI Linux application development. As the project's Launchpad page states, developers
could easily create a template to kick-start creation of a conforming
plugin for a specific application, for working with rendering systems like
LaTeX, or for non-coding
projects like documentation tasks.
As additional templates are written by Quickly users, Roche said, the
team will coordinate with template authors to see what shared functionality
deserves to be rolled up into built-in commands. Regardless of the task,
some operations like file upload are generic enough for reuse. Quickly's
Launchpad access is one such example; it began as part of the
ubuntu-project template, but is now accessible to other template authors
through Quickly's core — abstracting sign-in, reconnections, and
other tasks.
Quickly in practice
Quickly is on track to ship
with Ubuntu "Karmic Koala" 9.10, though Spencer said he does not know of
any official Karmic applications written with Quickly. A few developers
have started using the package to build small applications; Jono Bacon blogged
about his use of Quickly while working on a tool for managing Amazon Kindle
content, and Bryce Harrington has started
developing a GUI front-end to Quickly — using Quickly itself.
Roche said that the near-term plans for the ubuntu-project template
include adding some important features like GPG and SSH key creation for
use with package signing and Launchpad upload. The team is also interested
in adding new templates, including an ubuntu-game template that
incorporates PyGame, and a
gedit-plugin template that would demonstrate Quickly's applicability for
application-specific plugin project development.
In the long term, Roche said that Quickly should be able to scale up to
large projects in addition to the modest single-developer examples shown so
far. It already supports concurrent Bazaar access, but the ubuntu-project
template does not support Launchpad's "teams" collaboration feature because
it is not accessible via the Launchpadlib library. Nevertheless, he said,
the Quickly team is actively working on the issue and hopes to be able to
tackle it in the future.
An early review
of Quickly at Ars Technica compared it to Rails, which also uses a command-line to
automate set-up for non-command-line projects. Readers responded that it
also bears similarity to Django
and Maven project creation, but it
may be a first for desktop applications. Although, as Roche said, nothing
about Quickly's core or its templating system limit it to desktop
application development. Any repetitive task could be sped up by being
adapted into a Quickly template; which templates the world sees depends
entirely on who picks up Quickly and experiments with it.
Comments (10 posted)
System Applications
Audio Projects
Version 1.0.21a of alsa-lib has been announced.
"
I made a quick release 1.0.21a of the alsa-lib package to fix
regression for the configuration parsing (makes some device names unavailable)."
Full Story (comments: none)
Database Software
A release candidate for version 1.5.6 of the
Firebird DBMS has been announced.
"
The Firebird Core team invites users who want to continue using Firebird 1.5 to test the release candidate for V.1.5.6. 32-bit kits are available for Linux and Windows now.
NOTE :: This will become the LAST sub-release for the V.1.5 series."
Comments (none posted)
Version 5.1.38 of MySQL Community Server has been announced.
"
MySQL Community Server 5.1.38, a new version of the popular Open
Source Database Management System, has been released. MySQL 5.1.38 is
recommended for use on production systems."
Full Story (comments: none)
The September 6, 2009 edition of the PostgreSQL Weekly News
is online with the latest PostgreSQL DBMS articles and resources.
Full Story (comments: none)
Web Site Development
The GT portalBase has been released under GPL.
"
On its fourth anniversary, GT portalBase has
been released under a GPL open source license.
GT portalBase is a web based industrial strength platform for business
application development based on a postgresql database. It's used to
rapidly prototype and develop data entry and reporting applications
that work over the internet or a local network.
Our vision was to create a product that allowed business analysts to
create lean, agile, Just-In-Time (JIT) back offices."
Full Story (comments: none)
Desktop Applications
Audio Applications
The Preview 1 release of LADI Session Handler is available.
"
LADI Session Handler or simply ladish is a session management system
for JACK applications on GNU/Linux. Its aim is to allow you to have
many different audio programs running at once, to save their setup,
close them down and then easily reload the setup at some other
time. ladish doesn't deal with any kind of audio or MIDI data itself;
it just runs programs, deals with saving/loading (arbitrary) data and
connects JACK ports together. It can also be used to move entire
sessions between computers, or post sessions on the Internet for
download."
Full Story (comments: none)
Data Visualization
Version 5.9.5 of PLplot, a cross-platform scientific graphics plotting
library, has been
announced.
"
This is a development release of PLplot. It represents the ongoing efforts of the community to improve the PLplot plotting package. Development releases in the 5.9.x series will be available every few months. The next full release will be 5.10.0."
Full Story (comments: none)
Desktop Environments
Issue #16 of the
GNOME Journal
has been announced.
"
Issue 16 features three new articles, including a recap of the recent
Writing Open Source Conference, an interview with John Palmieri based on his
recent GUADEC talk, "Putting the Network back into G(N)OME", and Behind the
Scenes with Lucas Rocha (who originally started the Behind the Scenes
feature).
Issue 17 is currently being planned with a focus on Multimedia - if you
would like to contribute an article, please let me know."
Full Story (comments: none)
The following new GNOME software has been announced this week:
You can find more new GNOME software releases at
gnomefiles.org.
Comments (none posted)
The following new KDE software has been announced this week:
You can find more new KDE software releases at
kde-apps.org.
Comments (none posted)
The following new Xorg software has been announced this week:
More information can be found on the
X.Org Foundation wiki.
Comments (none posted)
Encryption Software
Version 1.4.10 of GnuPG has been announced.
"
We are pleased to announce the availability of a new stable GnuPG-1
release: Version 1.4.10.
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
and data storage. It is a complete and free replacement of PGP and
can be used to encrypt data and to create digital signatures."
Full Story (comments: none)
Version 2.0.13 of GnuPG has been announced.
"
We are pleased to announce the availability of a new stable GnuPG-2
release: Version 2.0.13."
Full Story (comments: none)
GUI Packages
Version 2.9.0 of the
wxWidgets
cross-platform GUI toolkit has been announced.
"
We are pleased to announce the first release in the 2.9 development series. wxWidgets 2.9.0 gives a flavour of what will be provided in the stable wxWidgets 3.0 version next year, and we are interested in your feedback. Enhancements in 2.9 include the removal of the distinction between ANSI and Unicode builds, and a reworked Mac OS X architecture, supporting both 32-bit Carbon and 32-bit/64-bit Cocoa variants (wxOSX/Cocoa at alpha stage)."
Comments (none posted)
Imaging Applications
The gimpusers.com site has
a preview of new features in the upcoming GIMP 2.8 release. "
It's now possible to group layers into folders in a tree-like way. You can move and show/hide all layers of a group at once so it will finally be possible to create complex layouts without getting lost. The layer sets don't work perfectly, since layer masks don't work yet for example. Nevertheless the basic behaviour works quite well already!" 16-bit image depth is not on the list, unfortunately.
Comments (7 posted)
Interoperability
Version 1.1.29 of Wine has been
announced. Changes include:
"
- Improved Gecko integration by using Wine's network layers.
- Use of external libmpg123 for mp3 decoding.
- Support for JPEG and PNG formats in WindowsCodecs.
- Many regression test fixes for Win64 and Windows 7.
- Various bug fixes."
Comments (none posted)
Mail Clients
Version 1.2.0 beta 1 of Sylph-Searcher has been
announced,
it adds a number of new capabilities.
"
Sylph-Searcher is a program that enables fast full-text search of messages stored in mailboxes of Sylpheed, or normal MH folders."
Comments (none posted)
Multimedia
Version 2.0.0 of NMM has been announced.
"
Motama released the next major version of its Network-Integrated
Multimedia Middleware (NMM) for Linux, Windows, and Mac OS X:
NMM 2.0.0 Codename "Seamlessly"."
Full Story (comments: none)
Music Applications
Version 0.6 of xwax has been announced, it includes several new capabilities
and some bug fixes.
"
xwax is open-source vinyl emulation software for Linux. It allows DJs and
turntablists to playback digital audio files (MP3, Ogg Vorbis, FLAC, AAC
and more), controlled using a normal pair of turntables via timecoded
vinyls."
Full Story (comments: none)
Office Suites
Version 2.4.3 of OpenOffice.org has been announced.
"
The OpenOffice.org Community is pleased to announce the release of
OpenOffice.org 2.4.3, a minor update to the legacy OpenOffice.org 2.x
series."
Full Story (comments: none)
The August, 2009 edition of the OpenOffice.org Newsletter
is out with the latest OO.o office suite articles and events.
Full Story (comments: none)
Digital Photography
Leonard Goh
takes
a look at Frankencamera. "
Photo scientists at Stanford University have conceived what is probably the world's first open-source camera. Their contraption, dubbed the Frankencamera, consists of a Nokia N95 mobile phone camera module, circuit board, a couple of lenses from Canon and Linux for all the open-source goodness."
Comments (4 posted)
Here's
a review of digiKam found on the "An alien's viewpoint" weblog. "
Happily, there is now another open source alternative with 16 bit mode editing capabilities which appears to be getting ready to give the big guys a run for their money digiKam. I have personally only recently discovered digiKam. Well, I had tried it before, but only since I tried its KDE4 edition did I think it was ready for my use. I was actually quite surprised to see how much it has improved and how many features have been included with it."
Comments (none posted)
The August 31, 2009 issue of the
DigiKam Digest
has been published.
"
This week we saw finishing of work on new color management code; updating of libraw to stable 0.8.1 (28 new cameras comparing to previous 0.7.x stable release, API extension and fixes); optimizations in thumbnails display; preparations for 1.0-beta4 (released on 31st August)."
Comments (none posted)
Wireless Applications
Thomas Thurman has posted
the first part in a series on writing GTK applications for the N900 device. "
Now, theres two important things you have to consider when porting or building an app on the N900. One of them, which weve just mentioned, is that sometimes there are widgets which dont exist on the desktop, because they work in ways which are better adapted to life on a phone. The other is that theres a whole ecosystem of programs on the device with which we must play nicely."
Comments (none posted)
Thomas Thurman continues his
series on writing GTK applications for the N900. In this installment, he looks at packaging issues, but also puts to rest some concerns expressed about his previous post: "
If you want to write Qt applications, you can write them now under Maemo 5 and they'll run; if you write GTK applications now, they will still run under Maemo 6 when it comes out. The GTK libraries won't stop shipping with Maemo just because Qt becomes the primary toolkit."
Comments (none posted)
Languages and Tools
Caml
The September 8, 2009 edition of the Caml Weekly News
is out with new articles about the Caml language.
Full Story (comments: none)
Java
Version 1.6 of IcedTea6 has been announced, it includes a new feature,
a bunch of security updates and some bug fixes.
"
The IcedTea project provides a harness to build the source code from
OpenJDK7 using Free Software build tools. It also includes the only
Free Java plugin and Web Start implementation, and support for
additional architectures over and above x86, x86_64 and SPARC via the
Zero assembler port."
Full Story (comments: none)
Version 0.0.1 of Jato has been announced.
"
Jato is a JIT-only virtual machine for Java that can run some simple programs
under GNU/Linux on modern 32-bit x86 CPUs. A port to the x86-64 machine
architecture is currently being developed. Jato depends on GNU Classpath to
provide core Java runtime classes.
The VM is licensed under the GPLv2 with the GNU Classpath linking exception
which makes embedding Jato to third-party applications possible."
Full Story (comments: none)
Python
Version 0.6.1 of Distribute has been announced, it includes several
bug fixes.
"
Distribute is a friendly fork of the Setuptools project."
Full Story (comments: none)
Version 0.12 of PyBindGen has been announced, it includes new capabilities
and bug fixes.
"
PyBindGen is a Python module that is geared to generating C/C++ code that
binds a C/C++ library for Python. It does so without extensive use of either
C++ templates or C pre-processor macros. It has modular handling of C/C++
types, and can be easily extended with Python plugins. The generated code is
almost as clean as what a human programmer would write."
Full Story (comments: none)
Version 1.5.0 of Pydev has been announced.
"
Today, Aptana is proud to announce that Pydev and Pydev Extensions
have become a single plugin, with all the available contents open
source (and freely available for anyone) in the 1.5.0 release (it's
the same as 1.4.8 but with all the code open source).
With that, Aptana believes in providing a better service and growth
path for Pydev (which will still be actively maintained by Aptana),
enabling anyone to provide contributions to the previously closed
source product, while providing its Cloud customers a better service."
Full Story (comments: none)
Version 0.2 of Python Keyring Lib has been announced, it includes bug fixes.
"
The Python keyring lib provides a easy way to access the system keyring
service from python. It can be used in any application that needs safe
password storage."
Full Story (comments: none)
Version 0.6.3 of Sphinx has been announced.
"
I'm proud to announce the release of Sphinx 0.6.3, which is a
bugfix-only release in the 0.6 series.
Sphinx is a tool that makes it easy to create intelligent and beautiful
documentation for Python projects (or other documents consisting of
multiple reStructuredText source files)."
Full Story (comments: none)
Version 1.6.1 of TestFixtures has been announced.
"
This package is a collection of helpers and mock objects that are useful when writing unit tests or doc tests.
This release sees the following changes:
- @replace and Replacer.replace can now replace attributes that may
not be present, provided the `strict` parameter is passed as False.
- should_raise now catches BaseException rather than Exception so raising of SystemExit and KeyboardInterrupt can be tested.
"
Full Story (comments: none)
Tcl/Tk
The September 2, 2009 edition of the Tcl-URL! is online with new
Tcl/Tk articles and resources.
Full Story (comments: none)
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
A coalition of authors and publishers is urging a federal judge to reject
the proposed settlement in a lawsuit over Google Book Search, arguing that
the sweeping agreement to digitize millions of books ignores critical
privacy rights for readers and writers. "
The settlement, currently
pending approval from a New York federal district court, would end the
legal challenges brought by the Authors' Guild over the Google Book Search
project. It would give Google the green light to scan and digitize
millions of books and allow users to search for and read those books
online. However, Google's system could monitor what books users search
for, how much of the books they read, and how long they spend on various
pages."
Full Story (comments: 27)
The Open Invention Network has
announced
the acquisition of 22 software patents formerly owned by Microsoft.
"
We are pleased to have purchased these patents and view this as a
model of successful collaboration among defensive patent organizations that
share a common goal of creating freedom of action for practicing entities
across Linux and the broader technology sector. The prospect of these
patents being placed in the hands of non-practicing entities was a threat
that has been averted with these purchases, irrespective of patent quality
and whether or not the patents truly read on Linux."
Information on what the patents actually covered remains scarce. Readers
wanting a conspiratorial view of the whole thing can find it at
Groklaw.
Comments (6 posted)
Commercial announcements
Canonical has announced a new support service.
"
Canonical, the founder of the Ubuntu project, announced today an
advanced service and support offering that gives large enterprises with complex IT environments a
highly-skilled, dedicated Canonical support professional.
Premium Service Engineer (PSE), a new level of support for large enterprises, offers a single point
of contact for Canonical's large customers - enabling a faster response time and faster issue
resolution. PSEs have access to all levels of support, including Canonical's platform engineers."
Full Story (comments: none)
Reuters
reports on a collaboration between Red Hat and HP.
"
Red Hat Enterprise Linux 5.4 is now available on HP BladeSystem and HP ProLiant
servers. With this combination, customers can take advantage of an open source,
standards-based virtual infrastructure that provides scalability and security
capabilities. Additionally, enterprises will be able to leverage management
capabilities offered by both companies."
Comments (none posted)
Legal Announcements
Drupal would appear to be the latest
project which is attempting to assert heavy-handed control through the use
of a new
trademark policy;
complaints from users are beginning to appear. "
This policy - as
well as the accompanying website - may be changed at any time. You accept
that all licenses accorded under this policy are non-exclusive,
non-transferable, non-sub-licensable, revocable at any time, and subject to
changes in policy. Hence, changes in this policy may cause permissions to
be revoked or made dependent on additional obligations."
Comments (16 posted)
The EU Commission has issued a
press release
regarding Oracle's plans to acquire Sun.
"
The European Commission has opened an in-depth investigation under the EU Merger Regulation into the planned acquisition of US hardware and software vendor Sun Microsystems by Oracle Corporation, a US database and application software company. The Commissions initial market investigation indicated that the proposed acquisition would raise serious doubts as to its compatibility with the Single Market because of competition concerns on the market for databases. The decision to open an in-depth inquiry does not prejudge the final result of the investigation. The Commission now has 90 working days, until 19 January 2010, to take a final decision on whether the concentration would significantly impede effective competition within the European Economic Area (EEA) or a substantial part of it."
(
Found on Groklaw).
Comments (21 posted)
Contests and Awards
LinuxMedNews
notes
that the application Medical has won an award.
"
Medical, the Open Source Health and Hospital Information System, has been the winner in SourceForge project of the month.
In the latest release, Medical includes a new section on genetics (NCBI / genecards) and family history. It also contains perinatal and puerperium information.
Medical is part of the GNU solidario project, a non-profit effort to provide Health and Education to emerging economies with free software."
Comments (none posted)
Event Reports
KDE.News
covers
the third Plasma developers meeting. "
Last week, the third Plasma
developers meeting was held in the Swiss Alps. 15 developers from 3
continents came to Randa, Canton Wallis to work on Plasma's code, design
new ideas and concepts and to strengthen their bonds as a sub-community
within KDE. Topics of this third Plasma sprint, which is named after a
plasma fusion reactor, included but were not limited to Plasma on mobile
devices, network-enabled Plasma widgets and a richer user interface thanks
to a new animation framework. Furthermore deeper integration of web
services in the Plasma shell, semantic awareness of Plasma components,
secure privilege elevation and polishing of the existing functionality,
among many other things, were on the agenda."
Comments (none posted)
Calls for Presentations
A call for papers has gone out for the Distro Summit 2010,
submissions are due by September 30.
"
Distro Summit 2010 is a one-day technical conference with a strong focus on
collaboration between Free Software distributions. The event is hosted at
the linux.conf.au, which will be held in Wellington (New Zealand) on the
18-23 of January, 2010.
We are looking for proposals from any Free Software distribution, from the
typical full distributions (both linux and non-linux) to the niche market
derivatives."
Full Story (comments: none)
The GitTogether '09 Developer/User Summit takes place on October
27-29, 2009 in Mountain View, CA, proposals are being solicited.
"
Like last year, this GitTogether immediately follows the Google
Summer of Code mentor summit, so some of our end-user groups may
already have representatives in the area and might like to attend.
We've timed the GitTogether to follow the summit so we can get some
users to attend while they are still in the area.
Git contributors and users alike are welcome to attend. Admission is
free, as everything is being donated by Google, but you will need
to arrange for your own travel and lodging."
Full Story (comments: none)
A call for proposals has gone out for PyCon 2010, which takes place on
February 17-25, 2010 in Atlanta, GA.
"
Due date: October 1st, 2009
Want to showcase your skills as a Python Hacker? Want to have
hundreds of people see your talk on the subject of your choice? Have some
hot button issue you think the community needs to address, or have some
package, code or project you simply love talking about? Want to launch
your master plan to take over the world with python?"
Full Story (comments: none)
A call for papers has gone out for SCALE 8x, abstracts are due by
December 15.
"
The Eighth Annual So Cal Linux Expo is coming! It will be February 19th-21st, 2010, and will again
be at the Westin LAX.
The Call for Papers for the conference is now open. Besides the regular conference tracks, SCALE 8x
will include specialty tracks for both developers and beginners."
Full Story (comments: none)
Upcoming Events
KDE.News has
announced Akademy 2010, the date will be late June or early July.
"
The KDE community is proud to announce the location of next year's Akademy: Tampere, Finland. Akademy is the yearly world conference held by the KDE community to celebrate the Free Software desktop and work towards the future of KDE.
After a successful Akademy 2009 on the Canary Islands, as part of the Gran Canaria Desktop Summit, Akademy heads north to the birthplace of Linux where contributors will enjoy the midnight sun as they spend a week to present, plan and participate in the development of KDE software."
Comments (1 posted)
Registration has opened for ELC-E 2009.
"
The next Embedded Linux Conference event is upcoming: ELC-E 2009, October 15&16, Grenoble France.
I'd like to inform you that registration has opened, and we managed to line up a very exciting
program this year!"
Full Story (comments: none)
Ninux Day 2009 takes place in Rome, Italy on November 27-29, 2009.
"
The Ninux.org team is glad to announce the first "Ninux Day", the only
day that lasts a weekend ;)
A weekend surreal time slot on topics about wireless communities.
Under the same roof for the first time you'll find hackers, geeks,
nerds, engineers, artists, curious and academics."
Full Story (comments: none)
The openSUSE Conference keynote speaker has been announced.
"
The openSUSE Project is happy to announce that Lenz Grimmer will be delivering
the opening keynote for the first-ever openSUSE Conference. The openSUSE
Conference will be held September 17 through September 20 in Nürnberg,
Germany."
Full Story (comments: none)
Registration is open for the PostgreSQL Conference West.
"
Being held at Seattle Central Community College from October 16th 2009
through October 18th 2009, West is set to be the venue for PostgreSQL
education, advocacy and technical information transfer."
Full Story (comments: none)
Events: September 17, 2009 to November 16, 2009
The following event listing is taken from the
LWN.net Calendar.
| Date(s) | Event | Location |
|---|
September 14
September 18 |
Django Bootcamp at the Big Nerd Ranch |
Atlanta, Georgia, USA |
September 15
September 17 |
International Conference on IT Security Incident Management and IT Forensics |
Stuttgart, Germany |
September 17
September 18 |
Internet Security Operations and Intelligence 7 |
San Diego, CA, USA |
September 17
September 20 |
openSUSE Conference |
Nuremberg, Germany |
September 18
September 19 |
BruCON |
Brussels, Belgium |
September 18
September 20 |
EuroBSDCon 2009 |
Cambridge, UK |
| September 19 |
Atlanta Linux Fest 2009 |
Atlanta, Georgia, USA |
| September 19 |
Beijing Perl Workshop |
Beijing, China |
| September 19 |
Software Freedom Day |
Worldwide, |
| September 20 |
SELinux Developer Summit 2009 @ LinuxCon |
Portland, Oregon, USA |
September 21
September 23 |
LinuxCon 2009 |
Portland, OR, USA |
September 21
September 25 |
Ruby on Rails Bootcamp with Charles B. Quinn |
Atlanta, USA |
| September 23 |
Bacula Conference 2009 |
Cologne, Germany |
September 23
September 25 |
Linux Plumbers Conference |
Portland, Oregon, USA |
September 23
September 25 |
Recent Advances in Intrusion Detection |
Saint-Malo, Brittany, France |
September 23
September 25 |
OpenSolaris Developer Conference 2009 |
Hamburg, Germany |
September 24
September 26 |
Joomla! and Virtue Mart Day Germany |
Bad Nauheim, Germany |
September 25
September 27 |
International Conference on Open Source |
Taipei, Taiwan |
September 25
September 27 |
Ohio LinuxFest |
Columbus, Ohio, USA |
| September 26 |
Open Source Conference 2009 Okinawa |
Ginowan City, Okinawa, Japan |
September 26
September 27 |
PyCon India 2009 |
Bengaluru, India |
September 26
September 27 |
Mini-DebConf at ICOS |
Taipei, Taiwan |
September 28
September 30 |
Real time Linux workshop |
Dresden, Germany |
September 28
September 30 |
X Developers' Conference 2009 |
Portland, OR, USA |
September 28
October 2 |
Sixteenth Annual Tcl/Tk Conference (2009) |
Portland, OR 97232, USA |
| September 30 |
HCC!Linux Theme Day |
Houten, Netherlands |
October 1
October 2 |
Open World Forum |
Paris, France |
| October 2 |
LLVM Developers' Meeting |
Cupertino, CA, USA |
| October 2 |
Mozilla Public DevDay/Open Web Camp 2009 |
Prague, Czech Republic |
October 2
October 3 |
Open Source Developers Conference France |
Paris, France |
October 2
October 4 |
7th International Conference on Scalable Vector Graphics |
Mountain View, CA, USA |
October 2
October 4 |
Linux Autumn (Jesien Linuksowa) 2009 |
Huta Szklana, Poland |
October 2
October 4 |
Ubuntu Global Jam |
Online, Online |
October 3
October 4 |
T-DOSE 2009 |
Eindhoven, The Netherlands |
October 3
October 4 |
EU MozCamp 2009 |
Prague, Czech Republic |
October 7
October 9 |
Jornadas Regionales de Software Libre |
Santiago, Chile |
October 8
October 10 |
Utah Open Source Conference |
Salt Lake City, Utah, USA |
October 9
October 11 |
Maemo Summit 2009 |
Amsterdam, The Netherlands |
| October 10 |
OSDN Conference 2009 |
Kiev, Ukraine |
October 10
October 12 |
Gnome Boston Summit |
Cambridge, MA, USA |
October 12
October 14 |
Qt Developer Days |
Munich, Germany |
October 15
October 16 |
Embedded Linux Conference Europe 2009 |
Grenoble, France |
October 16
October 17 |
Pycon Poland 2009 |
Ustron, Poland |
October 16
October 18 |
Pg Conference West 09 |
Seattle, WA, USA |
October 16
October 18 |
German Ubuntu conference |
Göttingen, Germany |
October 18
October 20 |
2009 Kernel Summit |
Tokyo, Japan |
October 19
October 22 |
ZendCon 2009 |
San Jose, CA, USA |
October 21
October 23 |
Japan Linux Symposium |
Tokyo, Japan |
October 22
October 24 |
Décimo Encuentro Linux 2009 |
Valparaiso, Chile |
October 23
October 24 |
Ontario GNU Linux Fest |
Toronto, Ontario, Canada |
October 23
October 24 |
PGCon Brazil 2009 |
Sao Paulo, Brazil |
| October 24 |
Florida Linux Show 2009 |
Orlando, Florida, USA |
| October 24 |
LUG Radio Live |
Wolverhampton, UK |
October 24
October 25 |
PyTexas |
Fort Worth, TX, USA |
October 24
October 25 |
FOSS.my 2009 |
Kuala Lumpur, Malaysia |
| October 25 |
Linux Outlaws and Ubuntu UK Podcast OggCamp |
Wolverhampton, UK |
October 26
October 28 |
Techno Forensics and Digital Investigations Conference |
Gaithersburg, MD, USA |
October 26
October 28 |
GitTogether '09 |
Mountain View, CA, USA |
October 26
October 28 |
Pacific Northwest Software Quality Conference |
Portland, OR, USA |
October 27
October 30 |
Linux-Kongress 2009 |
Dresden, Germany |
October 28
October 30 |
Hack.lu 2009 |
, Luxembourg |
October 28
October 30 |
no:sql(east). |
Atlanta, USA |
| October 29 |
NLUUG autumn conference: The Open Web |
Ede, The Netherlands |
October 30
November 1 |
YAPC::Brasil 2009 |
Rio de Janeiro, Brazil |
| October 31 |
Linux theme day with ubuntu install party |
Ede, Netherlands |
November 1
November 6 |
23rd Large Installation System Administration Conference |
Baltimore, MD, USA |
November 2
November 6 |
ApacheCon 2009 |
Oakland, CA, USA |
November 2
November 6 |
Ubuntu Open Week |
Internet, Internet |
November 3
November 6 |
OpenOffice.org Conference |
Orvieto, Italy |
November 4
November 5 |
Linux World NL |
Utrecht, The Netherlands |
| November 5 |
Government Open Source Conference |
Washington, DC, USA |
November 6
November 7 |
PGDay.EU 2009 |
Paris, France |
November 6
November 8 |
WineConf 2009 |
Enschede, Netherlands |
November 6
November 10 |
CHASE 2009 |
Lahore, Pakistan |
November 7
November 8 |
OpenFest 2009 - Biggest FOSS conference in Bulgaria |
Sofia, Bulgaria |
November 7
November 8 |
OpenRheinRuhr |
Bottrop, Germany |
November 7
November 8 |
Kiwi PyCon 2009 |
Christchurch, New Zealand |
November 9
November 13 |
ACM CCS 2009 |
Chicago, IL, USA |
November 10
November 11 |
Linux Foundation End User Summit |
Jersey City, New Jersey |
November 12
November 13 |
European Conference on Computer Network Defence |
Milan, Italy |
November 13
November 15 |
Free Society Conference and Nordic Summit |
Göteborg, Sweden |
| November 14 |
pyArkansas |
Conway, AR, USA |
If your event does not appear here, please
tell us about it.
Web sites
The
Python Open Mike blog has been launched.
"
A new blog, python-open-mike.posterous.com, has been created for open
discussion in the Python community. *Anyone* can post to this blog,
simply by emailing to post@python-open-mike.posterous.com.
Not everyone has, wants, or feels ready for a blog of their own; we
want to make sure that everyone has a chance to speak out to the
Python community. We hope to broaden discussion in the Python
blogosphere by making it even easier for new participants to join in
the conversation.."
Full Story (comments: none)
Page editor: Forrest Cook
![[Source image]](/images/ns/grumpy/hugin/src1.jpg)
![[Source image]](/images/ns/grumpy/hugin/src2.jpg)
![[Source image]](/images/ns/grumpy/hugin/src3.jpg)
![[Source image]](/images/ns/grumpy/hugin/src4.jpg)
![[Pipe
benchmark results]](http://people.redhat.com/mingo/misc/bfs-vs-tip-pipe.jpg)