LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Announcements
->Multipage format
This page
Previous weekFollowing week
Recent Features
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for October 22, 2009Sam Ramji: On the CodePlex Foundation and moreA few weeks back, we looked at the newly announced CodePlex Foundation. At the time, there were a few questions about the foundation and its plans. We asked Sam Ramji, interim president of the foundation—and, previously, Microsoft's senior director of platform strategy—to fill in some of the gaps. Below are his answers to our questions, ranging from the foundation's governance and plans, to his thoughts on Microsoft's open source strategy going forward, as well as information about his new company and its relationship to open source software. LWN: I'd like to start by discussing the CodePlex Foundation, can you give us your high-level overview of the foundation and its mission? Is it meant to serve the open source community, software companies, or both?
Both. The CodePlex Foundation's mission is to
enable the exchange of code and understanding among software companies and
open source communities. We are organized to serve both the open source
community and software companies, which is why we chose to operate as an
independent, non-profit foundation. As LWN and others have noted,
other foundations exist – GNOME, Mozilla, Apache, Linux and Eclipse, for
example – which share similar goals, although those foundations have a
specific technology focus. We saw the need for an organization that more
broadly addressed the process of participating in open source
communities. In my travels in open source I've observed that corporate
software developers don't often participate as much as one might expect in
the open source projects that they make use of. We are working to provide
an answer to the question: as a software company or as a corporate software
developer, how can I contribute code, or a project, to an open source
project or foundation?
LWN: As interim president, you, the board of directors, and advisory board are tasked with finding an executive director and permanent members for both boards. What time frame do you have for putting that all together? Will the adoption of a charter for the foundation be done in a similar time frame, or is that something that will be done by the new boards once they are in place? Will you be staying on as president after that or will that role fall to the new executive director?
We set some tough deadlines. In the first 100 days, we will remake the
board of directors, appoint a new president, and hire a full-time executive
director. I expect the new board members to come equally from software
companies and the open source community, which will shift the center of
influence away from Microsoft. Incidentally, if you look at the current
board, three of us are not employed by Microsoft, so I would argue that
this balance is already shifting. Additionally, the board of advisors
represents a cross-industry and cross-community team of experts; we have
people ranging from backgrounds in MySQL to VA Linux to open source .NET
projects.
We will continue to recruit new members for the board of advisors. The board's intent is to have the advisory board more accurately represent collaboration between software companies and open source communities. When the permanent boards are seated, they will take on the task of formulating the Foundation's charter, so look for that document to take shape in the 180-day timeframe. For the first 100 days I will serve as interim President, but my path is back to the private sector: I am VP Strategy for Sonoa Systems, a Silicon Valley cloud infrastructure company. After my term as Foundation President ends, I will continue to work with the Foundation, probably as a member of the board of advisors. I'm not a candidate for the Executive Director role. Just as a point of education – the roles of President (which is a board of directors role) and Executive Director (a full-time paid staff role) are quite different. You have exceptions to this model like Jim Zemlin, who is both an operational manager and a spokesperson/leader, but in general for non-profits the ED is a very hands-on operational person, while the President provides high-level direction and spokesmanship. . LWN: There has been criticism of the make up of the initial boards, notably from Andy Updegrove (and follow-up), because they are Microsoft dominated. His contention that the appearance, at least, is that this is a Microsoft-focused foundation with little or no room for outside voices, and more importantly, the ability to act independently of Microsoft's wishes. Does that seem accurate to you? If not, why? What gives it the ability to act independently?
I really appreciate Andy's comments. He spent a lot of time analyzing the
Foundation's structure and governance, and his suggestions are guiding the
board as we look for a permanent president and executive director.
I understand that the initial makeup of the boards would lead observers to the conclusion that the Foundation is dominated by Microsoft, but the 100-day target we set for revamping the boards should reassure observers that there is plenty of room for other points of view. The more companies that participate, and the more points of view represented, the better. Microsoft's founding donation gave us the ability to operate independently. That might not seem obvious, but with the sponsorship, Microsoft gave the Foundation the ability to open a bank account, hire employees, revisit the mission, reconsider governance and formulate a work plan to move forward. It set the ball rolling, and now the Foundation is on a distinct – and separate – path. In order to bring in more sponsors, we're clear that there will need to be balance and independence not just in our actions but in our governance, and therefore in the makeup of the board of directors. We're working through Andy's suggestions and those of others with experience in this area. You will see some changes by the end of the 100-day period. LWN: What are the criteria for finding new members for the board of directors and advisory board? Is one of the goals of the search process to increase the diversity (i.e. fewer Microsoft employees and/or voices from outside of the Microsoft sphere of influence) of those boards? If so, how might that be accomplished, or, if not, why?
We are looking for board members who are independent thinkers who
understand open source, know the value of open source in a commercial
context, and have a proven ability to bring the two together. You can see
some good examples of these on the current boards. Those parameters mean
we are searching a diverse pool of candidates. For example, right now I
think we need a board member with open source legal expertise as well as
one who has led use of open source within corporate environments beyond the
software industry. We're looking at people within open source communities
and also at people in commercial software companies that are outside of
Microsoft's sphere of influence. We expect that Microsoft will still be
represented – the company is the founding sponsor – but there will be many
voices. Also, the interim board is committed to the long-term success of
the Foundation, and knows that we'll be judged by what we do, not just by
what we say we'll do.
LWN: Will the foundation be sponsoring particular projects, something like what the Apache Foundation does? What criteria will be used to decide which projects make sense to sponsor? What benefits would a project gain by becoming a part of the CodePlex Foundation?
We're still working through the process for
accepting projects, and will be talking about our progress on our website
and at my blog and Mark Stone's blog. October will be the
month where we're able to post a public draft of our project acceptance and
governance process as well as go into reviewing projects that are submitted
to us.
LWN: Up until recently, you were the open source "point man" for Microsoft. Over your tenure there, large strides were clearly made, what are your thoughts about Microsoft's open source initiatives (separate from the foundation) going forward? Where do you see the company headed in terms of open source participation? [PULL QUOTE: In a 91,000 person company that is hiring engineers constantly, it's impossible to hire engineers under 30 years old who have no open source experience; I think of it as a generational shift that's inescapable. Their collective views create pressure within the company to find ways to adopt and work with open source. END QUOTE]
Advocacy for open source has been growing
within Microsoft for years. It was my job to get that initiative going
strong, and in that I was successful. We socialized the idea that open
source is complementary to Microsoft's core business. The contribution of
the Linux device drivers at OSCON was one good proof point; that work is
complementary to Hyper-V and the virtualization business. What I saw as I
left was that the range of advocates within the company had grown, both
through our collective successes with work on PHP, OpenPegasus, and MPICH2, and
through the natural influx of industry talent. In a 91,000 person company
that is hiring engineers constantly, it's impossible to hire engineers
under 30 years old who have no open source experience; I think of it as a
generational shift that's inescapable. Their collective views create
pressure within the company to find ways to adopt and work with open
source. The same is true for more experienced developers and business
leaders who have come to Microsoft from companies who make extensive use of
open source – for example, Lee Nackman from IBM who shepherded the
Eclipse project is now a Corporate Vice President at Microsoft. So I
expect to see more participation and contribution, focused clearly on areas
that deliver long-term, sustainable growth in core businesses like
operating systems and databases.
LWN: Many Linux developers are concerned about Microsoft's patent attack against TomTom and its attempted sale of 22 patents to non-practicing companies. What would you say to those developers to convince them that Microsoft's motives are benign and that cooperating with Microsoft (either through the foundation or in other ways) is a safe and appropriate thing to do?
There is a real issue and a red herring in that question. On the red
herring, it's my understanding that those 22 patents were offered to both
Red Hat and IBM individually before they were sold to Allied Securities
Trust, a non-profit that counts both Red Hat and IBM among its members.
You have to wonder why they would turn down the option to buy the patents,
subsequently accept AST's membership benefit of gaining a license to those
patents, and then raise issues in the public about the risks posed by both
the patents and AST and stepping in to buy them through OIN. It strikes me
as disingenuous at best.
On the real issue, which is patent litigation, I think that Microsoft is not very different than other large software companies in their behavior on patents – for example IBM has a longer history of patent litigation, and similar issues with the management of their patent portfolio. The structural problem that I see in this industry is a lot like the cold war and the related nuclear proliferation: large companies feel that they need them for protection from each other, so they take actions to ensure that their arsenal is strong, including testing them in court or other bodies. These actions end up causing a lot of fear for other people and companies, and tend to inhibit innovation in the industry. Personally I'd like to see a structural solution such as legislative reform or even a revision of the application of patents to software with a focus on copyright instead, as it used to be in the 70s and 80s. Until this happens it's not clear to me that any of the large software companies are going to change their behavior. Finally, working with the CodePlex Foundation is quite separate from working with Microsoft. What we are building is a safe harbor for software companies and open source communities to collaborate in. One of the ways we plan to do this is by requiring software companies to grant a patent license for any code they contribute to the Foundation, and then by relicensing those patents at no cost to all downstream users and developers, including their use in derivative works. I think that for the projects and companies that participate in CodePlex Foundation projects, this will prove to be a valuable innovation that lets more developers participate in open source. LWN: What can you tell us about your new job? It is said to be at a "cloud computing" startup, is that right? Is that company using (or planning to use) open source technologies? If so, how?
I'm responsible for strategy at Sonoa.
It's a cloud computing infrastructure company focused on the analysis,
control, and security of cloud services. We've all seen a ton of expansion
of cloud services – as an example, a year ago eBay stated that 60% of their
traffic was coming through the cloud rather than the web. That was 6
billion API calls per month as of 2008 that went directly to their backend
rather than their website. As the "invisible web" of programmatic
connections to business services expands, and those connections become more
critical to the businesses providing and subscribing to them, there's value
in being able to ensure availability and performance, logging and auditing,
and dynamic modification to how they're being offered to different
customers or partners. Sonoa's products do just that; we have a free
product called APIgee.com, which runs in Amazon's EC2 environment and lets
any cloud service provider manage their uptime, rate limits on subscribers,
and get visibility into their current subscribers. That's built on
ServiceNet, which is our paid product that runs in the cloud (EC2) and
on-premise as a software or hardware appliance. ServiceNet has a lot more
features accessible than APIgee currently – it's effectively a high-scale,
low-latency routing platform for cloud services.
We use a number of open source technologies, starting with Linux, which is our base platform. While much of the product is in C, we're using Java, and more specifically Apache technologies in the server. We use Xen in packaging our EC2 AMI and some of our customer environments. We also have a design studio for cloud policies which is an Eclipse-based authoring and editing environment. I think there's a lot more that Sonoa can do in this area – both in giving back to the projects that we're benefiting from directly in the product, and in the projects that we're benefiting from as a company. Here's an example: before someone needs our products, they need to have cloud services, whether those are REST APIs, SOAP APIs, or RSS feeds. They need to build them, and they need to deploy them. We don't have any offerings in those areas – we're not an IDE or application server provider. It's only logical that we should support projects like Apache Axis2 and PHP REST frameworks. The open source strategy at Sonoa is a blank slate, which is one of the things that makes it exciting to me. LWN: Is there anything else you would like to tell our readers?
It's been a privilege to work with a number of industry leaders in the
role that I served in at Microsoft. The Samba Team taught me a great deal
and I appreciated their optimism in being willing to work with me after
prior negative experiences with Microsoft, and our success together enabled
us to move a lot of things forward, including our relationship with the
Linux Foundation. In general those who have taken the time to understand
the work that my team did on interoperability with Linux have appreciated
the work and had good advice. I feel that there was much more I would like
to have done, but that work will fall to my successors and to the company
as a whole. I am glad to carry on putting my beliefs into practice at the
CodePlex Foundation – that we can build a better software industry by
getting software companies consistently contributing to open source
projects – but I will miss guiding Microsoft's progress on Linux and Open
Source.
I would say this to each of your readers: it's through the outreach and education that you have to offer that will narrow the rifts in the industry. I think every systems administrator would prefer to do less work in making multiple operating systems work in a single environment, and I know that every developer would like to have their work have more impact by running on more platforms and more computers. So if you have advice for the people making decisions and enacting strategy, give it to them constructively and with patience, because meaningful change takes time. [ We would like to thank Sam for taking the time to answer our questions. ]
Open source hardware for telephonyApplying open source principles to hardware, specifically hardware for telephony, can lead to lower-cost telephone service, which may well be a boon to those in developing countries. Several projects are working on devices and software that can dramatically reduce the cost of providing phone service, particularly in rural areas or those with less infrastructure to support it. In addition, those projects can also potentially bring service to places where telephone service is currently unavailable. The precepts of open source hardware (OSH) are very similar to those of open source software (OSS). The ideas that make up an object, whether they be schematics for a circuit board or CAD files for a clock enclosure, are available to view, copy and modify. As such, many OSH projects have adopted some of same licenses traditionally used by OSS projects, such as the GPL and MIT licenses. Some have even adopted Open Hardware specific licenses, such as the TAPR Open Hardware License. One person, in particular, has created an OSH project that could change the face of telephony. David Rowe, an engineer hailing from Adelaide, South Australia wants to make the ability to make a phone call a right, and not a privilege, for every person in the world. And he has designed the hardware (running Linux, of course) to do just that. The Free Telephony Project was started by Mr. Rowe in 2005. Like many OSS developers he had an itch to scratch, and the process of scratching that itch led him to develop the IP04 PBX: "a low cost phone system that can switch phone calls from analog phones or phone lines over the Internet using VoIP". The IP04 is an embedded device powered by Analog Devices Blackfin processor and running Linux as the operating system with Asterisk software serving as a Private Branch Exchange (PBX). The IP04 is designed to bring the cost of deploying telephone systems down to the point where most anyone could deploy them in developing nations. The concept of such a device is not new, in fact Mr. Rowe had actually started and exited a company that provided hardware for telephony on Linux. What makes the IP04 different is the relatively low cost (starting at approximately $300 USD), low power requirements (the unit can be powered by solar power and/or batteries if need be), and the fact that the designs of the all the hardware and software are open source. Mr. Rowe envisions possible deployments of the IP04 as seeds of entrepreneurship in developing areas. A budding local businessperson could set up a device and provide services to people in his or her local area; in essence becoming a small telephone company. Mr. Rowe believes that with the right help for the initial deployment, the IP04 presents an opportunity to find the right franchise model that would allow for "self-funded, viral growth of telephony in developing communities. Business is a much more powerful way to roll out a service than continual donations and first world support." Mr. Rowe blogged his progress during the IP04 design phase, and his work caught the eye of Atcom, a Chinese manufacturer of telephony equipment. Atcom contacted Mr. Rowe to thank him for the open designs he had published and offered assistance if he ever needed anything to be manufactured. When the IP04 reached prototype stage, he took Atcom up on its offer. "Three weeks later DHL rang my doorbell and there were two assembled prototypes on my doorstep." Final production hardware started rolling off the line in July, 2007. It only took about 18 months to go from idea to a finished product. The help from Atcom is but one example of how making the project open has helped the IP04's progress. Mr Rowe is quick to acknowledge everyone that has helped along the way, "I stand on the shoulders of giants. Thanks to all the people who have contributed and whose work I have built on. In no particular order: Atcom, Analog Devices Blackfin team, the Asterisk community, and the Astfin & BlackfinOne teams." The IP04 has spawned other devices, such as the IP01, IP02 and IP08, differentiated mostly by the number of possible connections to either analog phones or analog lines in the absence of VOIP service. Atcom produces units for sale, and Mr. Rowe also sells the devices via his website (in addition to bare printed circuit boards for those adventurous enough to assemble a unit by hand). The IP04 has even been put through a gamut of certification testing, winning FCC certification in the U.S. and A-tick certification in Australia. There is an active forum where users can go for support, and many have helped extend the device either through software add-ons or by helping chase down bugs. One company has even started a successful business selling and supporting customers with a range of devices through the addition of custom firmware, as well as starting its own community forum. The possibilities of low cost and open communication for the world are many. The IP0x series of devices seem to be but the first building block. This fact was recognized by Steve Song. As the Shuttleworth Foundation's Telecommunications Fellow, Mr. Song was involved with the creation of the Village Telco Project which had many of the same ideas that Mr. Rowe envisioned in his Free Telephony Project. Mr. Song invited Mr. Rowe and several other like-minded individuals to a workshop to come up with ideas for extending the concept of a low-cost telephone company toolkit. Out of this first meeting, known as the First Village Telco Workshop and held in June 2008, the idea of the next generation of OSH telephony device came to life: The Mesh Potato. Essentially a WiFi router with a FXS (Foreign eXchange station, a connection for a traditional analog phone) port running a mesh network, the original concept was devised by colleague of Mr. Rowe's, Kristen Peterson during a conference in 2007. The concept of the device is simple. A small unit the size of a standard WiFi router (running OpenWRT) that would cost approximately $50 USD and has a connection for a traditional cheap analog phone (the FXS port). This device would operate in a mesh network with other, similar devices, much in the same manner as the the OLPC's XO laptop, in essence creating an ad-hoc telephone network with no other infrastructure required. The devices can operate standalone, or could be connected upstream to a local provider. Mr. Rowe offers, "Many people in the developing world already spend a large proportions of their income on cell phones (up to 40%). They are getting ripped off by the sort of business models that cell phones seem to attract. We aim to introduce a little competition using service running on unlicensed spectrum." Use in developing nations is not the only potential use for the Mesh Potato device. Mr. Song has envisioned uses in a crisis situation. After a major disaster occurs, if all cell communications and landline communications are shut down, a number of Mesh Potato devices could be deployed in a very short time. Though still a concept at this stage, Mr. Song has laid out a interesting scenario in one of the Village Telco blog posts. The Mesh Potato has hit prototype status and the first devices are being readied to hand out to testers all over the world. When asked to define what would mark success for the Village Telco Project, Mr. Rowe answers, "Six months in operation in some township while making a profit for the Village Telco Entrepreneur. Making $ is the best way to prove the technology is working." The OSH telephony innovations don't stop with Mr. Rowe or the Village Telco Project. The Astfin project, a uClinux Asterisk distribution, not only supports the IP0x series of devices, but they have also produced hardware that offer different connection options such as ISDN's basic and primary rate interfaces (BRI/PRI). Of course, the community has pushed the envelope even farther. The OpenBTS project is a "an open-source Unix application that uses the Universal Software Radio Peripheral (USRP) to present a GSM air interface ("Um") to standard GSM handset and uses the Asterisk software PBX to connect calls. The combination of the ubiquitous GSM air interface with VoIP backhaul could form the basis of a new type of cellular network that could be deployed and operated at substantially lower cost than existing technologies in greenfields in the developing world." In essence, they have taken an OSH device (the USRP) combined it with some OSS, and provided a means to create a wireless network compatible with many mobile phones throughout the world. They recently put the system to the test at the Burning Man Festival and have detailed blog postings about what worked and what did not. Whether the Open Telephony Project, Village Telco Project, or the OpenBTS Project are successful remains to be seen, but in all three instances, the decision to make the not only the software but hardware open has already paid dividends in terms of time to market and fostering of the community. No one project would have a chance to succeed if other open software or open hardware projects did not already exist. Just as the world has benefited from OSS, the future of OSH seems to hold many possibilities for the future.
Embedded Linux Conference Europe 2009The 2009 edition of the Embedded Linux Conference Europe (ELCE) was held recently in Grenoble, France. This event, sponsored by the CE Linux Forum (CELF), brought together developers and companies interested in embedded Linux, from throughout Europe and from around the world. Last year's edition was held in the Netherlands, but the conference moves around, and this year the event was held in France. The city of Grenoble is in an impressive setting, surrounded by tall mountains, and is a hub of technical development (locally called the "scientific polygon"). This report describes a few of the talks this year. It's impossible to describe all the different talks at the event in a short summary, but the presentations are being gathered on the CELF wiki. There were presentations on a range of topics, including distributions and build systems, kernel subsystems, features and tools, licensing, power management, bootup time, and many more. Most presentations are already available on the wiki, and the few stragglers should show up within a week or two. I should mention that I'm one of the conference organizers, so you can expect some bias about the event, but overall I think the conference turned out very well. ![[Venue]](/images/conf/elce2009/sign_sm.jpg)
Jon Masters, a developer at RedHat, started off the conference with a talk about porting Linux to different architectures and platforms. He spoke about the technical challenges involved, and the surprising addition of 2 new architectures to the mainline kernel source tree just this year. He reported that Arnd Bergmann is in the process of writing a new set of asm-generic include files, and trying to rework and clean up a lot of existing architecture code in the kernel (the source files of which have often been copied for new architectures from pre-existing architectures, sometimes correctly and sometimes with bugs.) This work has the potential to make it much easier and less error prone to add new architecture support to the kernel going forward. Matt Porter, who has been in the embedded Linux domain for many years, gave a very interesting talk about Android. (In fact, his talk was voted by attendees as the best one at the conference.) He titled his talk "Mythbusters: Android", and Matt said he intended to show some of the realities about the system that developers may not expect. He described a lot of the difficulties that he and his team of developers at Mentor Graphics had in porting Android to other processors, and also in supporting existing Linux applications. Android replaces many parts of the system with its own, newly-written software. Things like the init system, the Dalvik virtual machine, and many class libraries are new, and appear to have been written hastily to get the phone products out the door. Also, there are numerous examples of ARM-specific and endian-specific code in the system that were painful to find and fix. Matt said Google needs to do a much better job of interacting with the rest of the open source community. The next session was another on Android by Nina Wilner of IBM. She works for Power.org, and her talk was on porting Android to PowerPC. She started, however, by talking about the possible upsides of Android, helping to explain why this platform has raised people's expectations. Among other things, she observed that Android might just be to Linux, what Linux was to Unix. In the embedded space, Linux distributions are horribly fragmented, so a strongly supported platform might create a rallying point to unite around and be used to compete against other commercial embedded offerings. Nina remarked that when Linux arrived on the Unix scene, many people looked at the relatively immature system and asked "why make a new OS?" Although Android may be a bit rough around the edges right now, it is possible that things like marketing clout may overcome its coding quality, and create a common Linux platform that can be used in a variety of embedded products. We'll have to wait to see if that's how things play out in the market or not. ![[Bubble cable cars]](/images/conf/elce2009/bubbles_sm.jpg)
On Thursday evening, there was a social event at the "Bastille", an 18th century fort in the mountains above Grenoble, that now has a cable car, restaurants, and other touristy stuff. The trip in the cable cars was quite interesting, as they consist of "bubbles", which are clear on all sides. This, combined with the steepness of the ascent, was a little more thrilling than most cable car rides. See Wikipedia for more information. On Friday, the keynote was offered by Philip Gerum, who is the lead maintainer for the Xenomai (realtime framework for Linux) project. He gave a thorough talk about the current state of Xenomai, and realtime support in Linux in general. Another talk on Friday that I found quite interesting was by Vitaly Wool about recent work on adding "device tree" support for the ARM architecture. The device tree is a structure used to describe platform hardware to the kernel, which can be integrated into a compiled kernel or passed by the bootloader. It was developed for the PowerPC architecture, but has since been used in other architectures as well. There may be some value in pushing it throughout the different kernel architectures in order to simplify device drivers and unify the methods of passing data between firmware and the kernel on bootup. He reported on the different discussions that were held on the kernel mailing list, and the points made by different developers in favor or against adopting this for the ARM architecture. The conference closed with a game designed to show the "Butterfly Effect of CELF". It was really an excuse for the primary sponsor to talk a little about itself, and a way to hand out prizes to attendees. The game consisted of a physics engine where, in some levels, you added objects and removed obstacles to allow a butterfly to reach its goal. Some humorous moments developed when contestants figured out that the controls allowed manipulating pre-existing level elements (including deleting the obstacles directly). The game is open source, and is still under development, but it is currently available for download at SourceForge. Free Electrons videotaped all the sessions, and will make them available shortly — once they have time to do some video processing. This is a really nice service to the embedded Linux community. The videos from this event should be available in 4 to 6 weeks, and will be announced when they are ready. Overall the conference provided a good opportunity for embedded Linux developers in Europe to convene and connect with each other. CELF is planning a similar conference for Europe next year (in addition to its "regular" Embedded Linux Conference which is usually held in the spring in the US.)
FOSS license compliance for companies[ Editor's note: This is the third and final part of our series on FOSS license compliance. Part one introduced the topic and described what developers can do to protect their rights. Part two looked at compliance engineering—how to determine if a violation has occurred. ]Getting startedFree and Open Source Software (FOSS) allows all stakeholders to use, study, share and improve code for commercial or non-commercial reasons. However, engagement can still appear daunting to companies. They are monetizing other people's creations, and, with the high economic value of FOSS, making a mistake is less easily forgiven than it might be in non-commercial circumstances. Fortunately, there is a substantial body of documentation available to help commercial stakeholders learn how FOSS licenses work, how to communicate effectively to resolve issues, and how to understand what expectations might exist beyond simple legal requirements. There are also several organizations acting as neutral educators dedicated to licensing, development, and governance issues. Complying with FOSS licensesFOSS licenses use copyright law as a legal framework for applying their terms and conditions. In using copyright law the licenses are similar to proprietary software. However, FOSS licenses differ in the types of terms and have a different conceptual framework from proprietary licenses. Therefore FOSS licensing must be examined in its own context and without prior assumptions to ensure compliance. There are four basic types of FOSS license: permissive, weak Copyleft, strong Copyleft and network protective. These can be placed on a sliding scale from licenses that do not have a perpetual grant to use, study, share and improve code through to licenses that perpetuate these freedoms through both traditional distribution and on the Internet. The fewest terms tend to be in permissive licenses and the most terms tend to be in strong Copyleft or network protective licenses. David Wheeler has created a graphic to visualize the relationship between various popular FOSS licenses using this scale. Key examples of FOSS license terms can be found by reading the GNU GPLv2. This is the most popular license in the ecosystem, contains strong Copyleft provisions, and requires (among other things) attribution, access to source code, and for a copy of the license to be included with any code distributed in binary or source form. Many other FOSS licenses are broadly similar though they differ on details. The different ways FOSS licenses express their various grants and terms has consequences for license use and compliance. These are legal documents and wording differences can make them incompatible with each other. It also means that there is no single approach to shipping code that satisfies all possible licensing requirements, which is an important consideration given that forgetting a license term can result in legal action. A good process for FOSS compliance will deal with multiple licenses and terms by determining what code is included in a product and then checking which licenses apply. It will include provisions for understanding whether the various licenses are compatible with each other and for making sure they are not mixed incorrectly through code combination or linking. It will also include a review of included license terms and include a check for adherence in the product before distribution. To allow issues undetected in the process to be solved without undue escalation, it is also sensible to provide a contact address for people to report concerns. Communicating to resolve problemsBeing a good citizen in the FOSS community means pro-actively solving problems and maintaining a positive relationship with the projects producing source code used in products. These concerns center around the principle of share-alike, and rely on an understanding of how various parties are expected to act in this field. The key expectations in FOSS are that everyone will follow the licenses and will contribute code improvements back to source (or "upstream") projects. The former is a legal requirement and the latter is a social expectation. Fulfilling both can greatly assist in maximizing a company's return from FOSS. Failing to do so can have negative consequences, ranging from legal action over licensing issues through to negative press because of a lack of cooperation with the community. Dealing with these expectations requires community-oriented communication and quite a different approach to that used in traditional proprietary markets. Whereas proprietary code is about monetizing licenses, FOSS is about how shared technology is developed. FOSS licensing mistakes and other problems are usually resolved in an equitable manner. Parties in this field are rarely, if ever, interested in exploiting the value of the code to penalize infringing parties unduly. Some best practice techniques have emerged around the gpl-violations.org project for resolving legal issues. The first step when receiving notice of a possible violation is to confirm to the reporter that the matter is being investigated. Then the discussion is moved to a private space where information can be shared without disruptive interjections. The party with the potential issue, now fully informed by the reporter, checks the problem against their internal compliance process. The final stage of communication is to update the reporter and issue a correction if a license violation has been identified. Communicating with projects is equally straightforward. Current best practice is to establish a relationship between a designated company representative and a designated project spokesperson. This allows companies to keep projects informed of expected code use and contributions, and makes it possible to investigate any issues before public escalation. Regardless of whether an issue is about legal requirements or code contribution to the ecosystem, having a chance explain the corporate position clearly to the project helps defuse problems in a mutually acceptable manner. Getting informationThere is quite a lot information available to address the most popular licensing choices or combinations in the FOSS ecosystem. Most of this material centers around the GNU GPL because of its popularity in developer circles and because the majority of commercial activity is focused on the Linux kernel. Given this, an essential reading list for FOSS compliance includes:
Additionally, people focused on code development will find "The Touchier Points of Determining the License of an Open Source Project" and "Maintaining Permissive-Licensed Files in a GPL-Licensed Project: Guidelines for Developers" useful. People dealing with multiple versions of GPL code will find the compatibility matrix published by FSF helpful. People seeking to allocate exposure in supplier/purchaser relationships will benefit from examining the recently released Risk Grid [PDF] and its accompanying explanatory article. More specialized information is also available, ranging from license agreements that reduce exposure to software patents through to manuals showing how gpl-violations.org discovers license violations in embedded products [PDF]. When it comes to finding such niche information the most productive approach is to establish relationships with knowledge providers in this field. Finding knowledge providersThere are numerous parties offering opinions in FOSS. Finding reliable providers for commercial interaction requires a focus on parties with an established reputation and an understanding of ICT business imperatives. Two relatively recent initiatives with substantial reach and non-partisan membership are the European Legal Network, which has over 200 members across 27 countries and 4 continents, and the International Free and Open Source Software Law Review, which provides a neutral platform for detailed and industry relevant discussions. It is worth building relationships with organizations like FSFE's Freedom Task Force, FSF's Free Software Licensing and Compliance Lab, Linux Foundation, gpl-violations.org, Software Freedom Law Center, Open Bar, ifrOSS and FOSSBazaar. They all provide various services related to direct licensing assistance, explanatory documentation, case law examples, and fostering professional cooperation between FOSS stakeholders. ConclusionFOSS offers tremendous value in the development of shared platforms. Harnessing this requires the establishment of on-going relationships between diverse stakeholders, and for a combination of adherence to license terms and respect towards code creators' wishes.
Security Distributed brute force ssh attacksBrute force password-guessing attacks against ssh are all too common these days. But, various countermeasures can be used to blunt their impact. A recent discussion on the freebsd-hackers mailing list looks at the problem and some solutions. Ssh is generally the tool of choice for connecting to remote servers and it is rare that it is disabled on any true multi-user, network-connected machine. Typically, it is configured such that users need to log in with their normal username/password pair. But, since users often use poorly-chosen passwords—and usernames are relatively easily guessed—trying a large number of combinations of credentials will often gain unauthorized access. In addition, most Linux (or UNIX, for that matter) machines have several known usernames that can be tried ("root", "news", "mail", etc.), which can reduce the search space significantly. Of course, gaining access to the root account compromises the entire system, so many ssh installations do not allow root to log in via ssh. In fact, disabling root logins (using "PermitRootLogin no" in /etc/ssh/sshd_config) is generally one of the first suggestions for making ssh more secure. Another countermeasure against these kinds of attacks is turning off password authentication entirely, which can be done using "PasswordAuthentication no" in the configuration file. In that case, only users who have installed public keys for the hosts and accounts they wish to use to log in will be allowed. That completely eliminates the possibility of password guessing attacks, but does require that users protect the corresponding private keys. An attacker who gains access to the private key can immediately log in as the user. A brute force attempt on a server generally leaves an audit trail in a server's log files, which can be used by an administrator to block the offending IP address. Of course, attackers quickly recognized that repeatedly trying passwords from a single address was likely to result in either being blocked or being caught by the authorities. So, distributed brute force attacks were born. In a distributed attack, multiple hosts—quite possibly members of a botnet of some kind—attack multiple victim machines so that there are many more addresses to block. In addition, those addresses change frequently, so an administrator needs some kind of automated tool to keep up. Enter DenyHosts and other, similar tools, such as Fail2ban. The basic idea behind these tools is that they scan various log files for evidence of a brute force attack. Once they find an offending IP address—based on various criteria—they update firewall or other access-control configurations to deny access from those addresses. Essentially, they automatically ban the addresses of hosts participating in these distributed brute force attacks. There is a balance to be struck in terms of the criteria used to determine "bad" hosts. Denying access to legitimate users—who forget their password or try to log in from a host without the right private key—needs to be avoided. Typically, hosts that do not misbehave for some period of time will age off the bad host list, but legitimate users are unlikely to be willing to wait that long. On the other hand, setting the criteria too high will still allow too many attempts from attack hosts before they get stopped. In addition, with the size of today's botnets, there may be no reason for a particular address to make more than one attempt per hour, or day, which will generally fly under the radar of most configurations. But, DenyHosts turns the tables on distributed attacks, by collecting distributed data itself—from many different hosts in what is called "synchronization mode". Basically, a central server collects information from DenyHosts's users on which IP addresses they have determined to be bad. That information can then be used by other DenyHosts installations to effectively ban addresses that have not yet attacked them, but are currently attacking other DenyHosts users. There are dangers to this approach, of course, and it still may not catch the largest botnets where individual IP addresses never quite reach the thresholds required to ban them, but it can help. The standard problems with blacklists and false positives certainly apply, and one could imagine all kinds of havoc that could come from malicious DenyHosts installations, but it is one way to leverage the data from multiple victims. A further refinement might be to provide the raw failure data, rather than just the bad IP addresses filtered by each site's failure criteria, to the central server. That server could then correlate single attack attempts on multiple hosts to more easily catch the larger botnets. Much like the spam problem, brute force ssh attacks are a kind of arms race. Administrators will need to change tactics periodically as the types of attacks change. Turning off password authentication is not possible for all installations—and still doesn't get rid of the log file mess that brute force attacks leave behind—so techniques like DenyHosts's synchronization mode will, unfortunately, be needed for the foreseeable future.
New vulnerabilities camlimages: integer overflows
django: denial of service
gd: buffer overflow
kernel: multiple vulnerabilities
mysql-ocaml: missing escape function
perl-net-oauth: session fixation vulnerability
pidgin: denial of service
poppler: integer overflow
postgresql-ocaml: missing escape function
pygresql: missing escape function
xpdf: integer overflows
Page editor: Jake Edge Kernel development Brief items Kernel release statusThe current development kernel is 2.6.32-rc5, released by Linus on October 15. "90% of the bulk of the changes since -rc4 are in drivers, with most of it coming from two new network drivers (stmmac and vmxnet3). But apart from the new drivers, there's almost 300 commits in there, and most of them are pretty spread our random one- (or few-) liners: arch updates (arm, powerpc, x86), some filesystem updates (mainly btrfs), and some documentation, networking etc." The short-form changelog is in the announcement, or see the full changelog for the details.Due to the distraction of the kernel summit, no changes have been merged into the mainline repository since the 2.6.32-rc5 release. There have been no stable updates over the last week. The 2.6.31.5 update is in the review process as of this writing; it may be available by the time you read this.
Quotes of the week
So I tentatively submitted a test case to the Linux kernel mailing
list. I didn't know what to expect; maybe more flames carrying
over from the BFS debate? Instead, I got "Thanks a bunch for the
nice repeatable testcase!" This is one of the few times I've seen
this outside of what I attempt to do with x264: a developer happy
to see someone report a bug with his code and apparently eager to
jump to fixing it. Though it certainly sounded good so far, but
would anything result from this?
-- Dark Shikari
Answer: yes: up to a 70% increase in performance, committed the next day. But the kernel devs weren't done yet: a quick grep of Linux kernel mails over the next weeks showed x264 popping up in quite a few scheduler benchmarks: they had added it as a regular test case. And just recently we got another 10% performance.
Something that looks like crap should not get extra protection to
stay in the kernel just because it 'might' be non-crap.
-- Ingo Molnar
Results of the 2009 LF TAB electionOne of the more obscure events held at the kernel summit every year is an election to fill five of the ten seats on the Linux Foundation's Technical Advisory Board (TAB). The TAB is charged with interfacing between the LF and the development community. The 2009 election, held in Tokyo, chose between a large set of candidates. In the end, the winners were Greg Kroah-Hartman, Alan Cox, Thomas Gleixner, Ted Ts'o, and your editor Jonathan Corbet. The other half of the board (whose terms end next year) is James Bottomley, Kristen Carlson Accardi, Chris Wright, Chris Mason, and Dave Jones.
Kernel development news The 2009 Linux Kernel SummitThe 2009 Linux Kernel Summit was held in Tokyo, Japan on October 19 and 20. Jet-lagged developers from all over the world discussed a wide range of topics. LWN's Jonathan Corbet was there, and has written the following summaries.
Day 1The sessions held on the first day of the summit were:
Day 2The discussions on the second day were:
See also: the obligatory kernel
summit group photo.
File holes, races, and mmap()File operations using truncate() have always had race conditions. Developers have always been concerned with file writes racing against file size modifications. Various corner cases exist where data could either be lost or ignored when an error occurs or unexpected data may occur where zeros are expected for holes in the file. Jan Kara's patch is an attempt to fix such races, and it depends on the new truncate sequence, which corrects the way the inode size of the file is set. HolesA hole in a file is an area represented by zeros. It is created when data is written at an offset beyond the current file size, or the file size is "truncated" to something larger than the current file size. The space between the old file size and the offset (or new file size) is filled by zeros. Most filesystems are smart enough to mark the holes in the inode, and not store them physically on disk (these are also known as sparse files). The filesystem marks blocks in the inode to denote that they are part of a hole. When a user requests data from an offset in a hole, the filesystem creates a page filled with zeroes and passes it to user space. The handling of holes becomes a little tricky when the holes are not aligned to the filesystem block boundary. In that case, parts of blocks must be zeroed to represent the holes. For example, a 12k file on a filesystem with 4k block size with a hole at offset 2500 of size 8192, would require the last 1596 (4096-2500) bytes of the first block to be set to zero and the first 2500 bytes of the third block to be set to zeroes. The second block is bypassed in the inode's list of data blocks and does not occupy any space on disk.
Mmapmmap() is a system call to map the contents of a file into memory. The call takes the address where the file should be mapped, a file descriptor, the offset within the file to be mapped, and the length of data from the offset to be mapped. Usually, the address passed is NULL, so that the kernel can choose an address and provide it to the process. Mmap can be performed in two ways:
The current sequence in page_mkwrite() can race with file size changes performed by truncate(). File truncates happening while the data is written back from a shared mmap() could lead to unexpected results, such as loss of data or data in places where zeros are expected. Data lossData loss in a program can occur in a specific case where a program maps a file into memory bigger than the current file size. To explain how data loss can occur, consider the following code snippet for writing a file, on a system with a block size of 1024 bytes and a page size of 4096 bytes:
ftruncate(fd, 0);
pwrite(fd, buf, 1024, 0);
map = mmap(NULL, 4096, PROT_WRITE, MAP_SHARED, fd, 0);
map[0] = 'a'; /* page_mkwrite() for index 0 is called */
Note that even though the file size is set to 1024 bytes, the map is mapped to 4096, which is beyond the current file size. This is feasible because pages from a file are mapped in page size chunks. Since there is a change to the shared memory, this causes the entry in the page table to become writable.
pwrite(fd, buf, 1, 10000);
map[3000] = 'b';
fsync(fd); /* writepage() for index 0 is called */
When the first page_mkwrite() is called, only block 0 is allocated because the file size can fit in 1024 bytes. However, when the program later increases the file size and calls fsync(), the writepage() needs to allocate 3 more blocks to complete the write caused by changing map[3000]. In that situation, if the user's quota exhausts or the filesystem has no more space, the data modified by map[3000] is silently ignored. Unexpected non-zeroes in a holeA non-zero character can end up in a hole if the process dies after extending the file, but before zeroing the page and writing it. To understand the problem, consider the following code snippet:
ftruncate(fd, 1000);
map = mmap(NULL, 4096, PROT_WRITE, MAP_SHARED, fd, 0);
while (1)
map[1020] = 'a';
The program continuously writes at offset 1020. The kernel zeroes the page from offset 1000 to 4096 before writing the page to disk. However, map[1020] can be set after the kernel has zeroed the page. The page is unlocked and set for write-back. In this case, a non-zero character will be written to the disk. This is not a problem because it is out of the range of the file size. However, if another process increases the file size (and thus the size of the hole), and is killed before re-zeroing and writing the page, the "dirty character" will be included in the file the next time the file is read. This problem exists regardless of the block size of the filesystem. The complete program to demonstrate this problem is posted here. SolutionJan's patch introduces helper functions which facilitate the creation of holes: block_prepare_hole() and block_finish_hole(). These functions are respectively called in write_begin() and write_end() sequence of address space operations if the current file position is detected to be beyond the current file size, that is, for creation of a hole. write_begin() and write_end() are usually called in page_mkwrite(). The part of the page in the hole is zeroed in block_prepare_hole() instead of block_write_full_page(). The page remains locked during the entire page_mkwrite() sequence, so it is protected against writes from other processes. The truncate operation can only occur once the page lock is released, serializing the sequence. This resolves the problem of the stray data that can land in the hole. On the other hand, block_finish_hole() is responsible for marking the part of the page in the hole as read-only. If the process attempts to write anything in the part of the hole belonging to the page, page_mkwrite() will be called. The kernel gets an opportunity to allocate buffer_heads, if required, for the additional write, or return an error in the case of ENOSPC or EDQUOT. If there is an error, write_begin() will return it, thus, modifying the mapped memory area, will return an error (SIGSEGV). The function to write data back to disk, block_write_full_page(), checks for all pages' buffers in the page instead of just those within the file size, which are delayed or mapped. The new truncate sequence guarantees that the file is not truncated while this is performed. This resolves the problem of data loss. The patch introduces a new field new_writepage in struct address_space_operations, to store the new method used to perform the writepage(). Like the new truncate sequence, this field is a temporary hack and will go away once all filesystems adhere to the new standards of writing the pages to disk. Filesystems implementing the new method of writepage must set the new_writepage and handle blocks with holes, by preparing the creation of holes in write_begin(), and to terminate it in write_end(). The old behavior of handling page_mkwrite() is restored in noalloc_page_mkwrite(). It does not allocate any blocks on page fault and marks all the unmapped buffers in the page as delayed so that block_write_full_page() writes them. simple_create_hole() is a new function analogous to the rest of the simple_* functions; it is a simple way of creating hole in a file. The function zeros out the part of the pages which are a part of the hole. This function is called whenever file size is truncated beyond the current file size. This posting is the third revision of the patch, and most of the objections have been ironed out in the earlier two passes. Since this patch deals with closing a race condition, it is probable that it will be included eventually. However, this series depends on the new truncate series, so it must wait for those patches to be incorporated in the mainline kernel. Moreover, the hackish method of distinguishing the new writepage must be removed. This requires all filesystems transition to using the new writepage sequence. [ Thanks to Jan Kara for reviewing the article. ]
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Memory management
Networking
Architecture-specific
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Thunderbird and Fedora: what should a package update change?The Fedora project recently experienced controversy thanks to an updated Mozilla Thunderbird package that surprised some users by introducing major changes. The resulting debate focused on when changes to a package are big enough that they warrant a new release instead of an update, and on Fedora's processes for testing and packaging updated upstream packages. The BirdsJeff Garzik first reported the problem to the fedora-devel-list mailing list on October 11. The update was to the package thunderbird-3.0-2.7.b4.fc11, and introduced two new features: "smart folders" mode and global search functionality via the "Gloda" global database. The smart folders mode is an alternate presentation mode of Thunderbird's folder pane; it combines folders such as the Inbox from multiple accounts into a single, unified folder. Gloda works by creating an index of all of Thunderbird's mail. The updated package caused Garzik trouble because both new features were turned on by default, resulting in a surprise rearrangement of Thunderbird's Inboxes, and a sudden (and lengthy) freeze when Gloda — on its first run — attempted to build an index of Garzik's extensive email archive. Others on the mailing list reported similar surprise and dissatisfaction, noting that some Thunderbird users are required to keep their home and work email accounts separate for legal reasons, and that with several gigabytes of stored mail, Gloda not only slows the system down to the point of unresponsiveness during indexing, but it also consumes considerable disk space storing its index in the user's home folder. Furthermore, there was no indication that this update to the package would introduce any substantial changes; it is beta 4 of Thunderbird 3.0, and the previous betas did not introduce either feature. The change-log of the package indicated only that beta 4 was a security update. Finally, also compounding the issue is the fact that Fedora 12 is scheduled to be released in November 2009, and Garzik argued that introducing a major change to a key package should have been postponed until the new release of the distribution rather than be pushed out to the stable release so late in the release cycle. Fedora's official policy is to follow what the upstream package does, so the decision to turn on "smart folders" mode and Gloda in the update was following correct protocol because the change originated with the official Thunderbird release from Mozilla. Garzik's contention that the user interface changes and new features were too big to be pushed in what appeared to be a minor update received some support, but not consensus. The list did seem to agree, however, that by not mentioning the new features, the terse change-log contributed to the confusion. Testing 1, 2, 3Ultimately, the participants in the discussion thread reached consensus that the package update was handled incorrectly but that, more importantly, the project needed to study the event so that it could implement a process for better catching similar problems in the future. Fedora packages are published through the Bodhi system, in which maintainers submit packages for review, the release team approves packages and moves them into a special "testing" repository, and when sufficient testing has been performed, pushes the packages into the "stable" repository. While in "testing," testers report their experience by voting +1 or -1 "karma" points. By default, when the package achieves a +3 karma score, Bodhi pushes it to "stable" automatically, although the maintainer can disable this behavior if he or she feels more testing is warranted. Several readers decided that the +3 threshold was too low for Thunderbird 3.0 beta 4, given the changes it introduced. Adam Williamson also dug into the test feedback, and noted that two of the +1 votes that eventually contributed to the automatic push actually reported problems in the attached comments, despite their positive vote. Richard Hughes observed that getting adequate feedback from testers is a challenge with no easy solution — for any distribution. The karma threshold in Bodhi is set at +3 because few packages receive significantly more feedback. Benny Amorsen speculated that Fedora could recruit more users to test packages by notifying them of available test packages at login. Hughes and several other liked the idea, and suggested that a test-package notification system could be hooked into PackageKit, although if implemented it should remain deactivated in upstream PackageKit builds so as to not offend other distributions. RollbackIn addition to the problem of recruiting more package testers, several on the fedora-devel-list felt like developing a general-purpose rollback or downgrade procedure was in order. The specific harm in the case of this Thunderbird update is not difficult to correct; "smart folders" mode and Gloda can be disabled as defaults in the next update. Fedora could also push a new package of Thunderbird 3.0 beta 4 with the disabled changes the only difference from the previous update. The fix is not always so simple, however: if an application changes its data storage format in an upgrade, downgrading could cause data loss or unpredictable behavior. The list debated several possible strategies, including using operating system snapshots to allow the user to roll back a system, data included. In the end, though, there is no abstract way to ensure that an upgrade is completely reversible, including data formatting changes. The best Fedora or any distribution can do is keep a close watch for problems and trust its package maintainers to release fixes when an update causes trouble for end users. Thunderbird 3.0 is expected to enter release candidate status the first week of November, so interested parties may wish to monitor the Fedora package to see whether or not the problems encountered with the beta 4 release reappear. Looking further forward, the possibility of a test-package-recruiting application could be good for not only Fedora, but other Linux distributions as well. Hughes volunteered to mentor student work on such a project for Google's Summer of Code — although that is still many months away.
New Releases Release for CentOS-5.4 i386 and x86_64The CentOS project has announced the release of CentOS-5.4 for i386 and x86_64 architectures. "CentOS-5.4 is based on the upstream release EL 5.4.0, and includes packages from all variants including Server and Client. All upstream repositories have been combined into one, to make it easier for end users to work with. And the option to further enable external repositories at install time is now available in the installer." See the release notes for more detailed information.
Fedora 12 Beta now availableThe Fedora project has released Fedora 12 Beta. "We have reached the Fedora 12 Beta, the last important development milestone of Fedora 12. Only critical bug fixes will be pushed as updates leading up to the general release of Fedora 12, scheduled to be released in mid-November. We invite you to join us and participate in making Fedora 12 a solid release by downloading, testing, and providing us your valuable feedback." Click below for a list of new features.
OpenBSD 4.6 releaseTheo de Raadt has announced the official release of OpenBSD 4.6. "This is our 26th release on CD-ROM (and 27th via FTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install. As in our previous releases, 4.6 provides significant improvements, including new features, in nearly all areas of the system." Click below for details.
openSUSE 11.2 Release candidate 1 availableThe openSUSE project has announced the first release candidate for openSUSE 11.2. "This release includes quite a few bugfixes and several updates, including GNOME 2.28 final, Linux 2.6.31.3, and many others."
Distribution News Debian GNU/Linux Bits from the Debian kernel teamThe Debian kernel team met recently at the Linux Plumbers Conference and posted the abridged minutes of that meeting (with a pointer to the full minutes). Many things were decided including basing squeeze (Debian 6.0) on the 2.6.32 kernel, separating firmware from the kernel, adding support for kernel mode setting, continuing support for OpenVZ, deprecating VServer and Xen, and quite a bit more. For example, OSS will be removed: "This has been a deprecated kernel interface for some time and will be disabled for squeeze with mechanisms put in place to deal with legacy users."
Bits from the release team: Planning, request for helpIn these bits the release team proposes a new freeze date. "Proposing a new freeze date is not easy. Taking into account all of the feedback we have received, both online (by e-mail, IRC) as well as in person, and some challenging release goals we have set for ourselves, we propose freezing in March 2010."
Mandriva Linux Introducing Mandriva LinuxTwo new articles about Mandriva Linux can be found on the official blog. contributing to Mandriva Linux covers "a multitude of ways of contributing to Mandriva", and taking part in Mandriva Linux covers financial support. "The distribution responds to a wide public, from beginners to advanced users. To resolve this quandary we offer the possibility of financially contributing to our component projects. Funds would be used to strengthen both infrastructure and those projects essential to Mandriva Linux, needed by the free community, developers and contributors."
SUSE Linux and openSUSE SUSE Linux Enterprise 10 - Service Pack 2 and 3 parallel maintenanceSUSE Linux Enterprise 10 Service Pack 3 has been released. "With the release of SUSE Linux Enterprise 10 Service Pack 3 the SUSE Linux Enterprise 10 Service Pack 2 now enters a 6 month parallel maintenance period." Click below for details.
Ubuntu family 5 years later, 5 ways that Ubuntu has made Linux more human (ars technica)ars technica celebrates Ubuntu's fifth anniversary with a list of positive changes the distribution has made to the Linux landscape. "The Ubuntu Linux distribution is named after an African philosophical principle which holds that the betterment of the individual and community are interconnected. This philosophy is at the core of Ubuntu development and is formalized in the Ubuntu code of conduct, a simple set of rules that Ubuntu members commit to follow. Although the contents of the code of conduct are well within the boundaries of common sense, having a codified standard encourages respectful and considerate collaboration, making Ubuntu more inclusive and welcoming to new contributors."
Paul: Closed Design or No Design? Something is better than nothingCeleste Lyn Paul discusses doing user interface design and the tradeoffs between being completely open to all commenters or moving to a more closed-off design discussion. Her post was prompted by a recent decision to turn the Ubuntu Ayatana design project into an "invite-only" discussion. "In a move to try and get more done, Ayatana has decided to try something different and once again close parts of Ubuntu design. The risk of reducing community feedback is that the chance where someone not vested in the design could catch serious design flaws is reduced. However, the benefit of getting more stuff done in a sane and organized matter could out-weigh this risk, especially if Ayatana learns from past mistakes and incorporate good iterative design practices, keep the community informed, and involve upstream vendors in their process as needed."
Ubuntu IRC Council ElectionsNominations are open for the Ubuntu IRC Council Elections. "We would like to invite Ubuntu members to nominate themselves if they wish to run for election for the Ubuntu IRC Council. Please only nominate yourself, do not nominate others." Click below for more information.
Other distributions Eeebuntu 4.0 moves to DebianEeebuntu is an Ubuntu-based distribution for netbooks. Except that it no longer is: the project has announced that Eeebuntu 4.0 will be based on Debian unstable instead. "This is not an attempt at Ubuntu bashing, there are enough people around to take that mantle, this is a strategic development decision to help move our distribution along. Ubuntu is proving more difficult to customise with each release and if Debian Unstable is good enough for Ubuntu then it is certainly good enough for us. I'm sure you would agree."
Linux Mint newsClement Lefebvre, the founder of Linux Mint reports on some Mint news. Topics include the cancellation of Mint 7 editions of LXDE and Fluxbox, work continues on Mint 8, and more. "I resigned and left the company I used to work for. To compliment the income generated by Linux Mint I also take part in contracting work based on the distribution itself. So in other words, I'm now working full time on Linux Mint and on projects based or related to it."
Distribution Newsletters DistroWatch Weekly, Issue 325The DistroWatch Weekly for October 19, 2009 is out. "The release season is finally here. With the recent second release candidate for Mandriva Linux 2010 and the upcoming final development releases of Fedora 12, Ubuntu 9.10 and openSUSE 11.2, the last-minute bug-fixing is all that is left to do for the big popular distributions. In the news section, Arch Linux releases the first printed edition of Arch Linux Handbook, Gentoo explains the recent Foundation troubles and presents exciting new features in the popular source-based distribution, and Linux Mint outlines some of the improvements in the upcoming release, version 8. Still in the news section, we refer to an article listing the twenty best features of Mandriva Linux 2010 and link to a couple of opinions expressing dissatisfaction with the current status of development at Canonical. For those readers interested in novice-friendly Linux distros, Jesse Smith takes a look at iMagic OS 2009.9, a commercial project based on Ubuntu, but enhanced with various extras that might appeal to former Windows users. All this and more in this issue of DistroWatch Weekly - happy reading!"
Fedora Weekly News Issue 198The Fedora Weekly News for October 18, 2009 is out. "This week's issue begins with some updates on lodging for December's Fedora User and Developer Conference in Toronto. If you plan to attend or are considering it, be sure to read this. News from the Fedora Planet presents news and views from Fedora community members. In Quality Assurance news, details from the latest upcoming Test Days on SELinux and power management, and an invitation for Test Day proposals for Fedora 12 and 13 cycles, in addition to wonderful detail on the weekly QA meetings and team activities, and updates towards Fedora 12 beta. In translation news, details from last week's Fedora 12 beta readiness meeting, a query about the Russian translation of Fedora 12 virt-manager, and details of new Fedora Localization Project members. From the Art/Design team, details on Constantine (Fedora 12) wallpapers. Our issue wraps up this week with details on last week's security patches for Fedora 10 and 11. Enjoy FWN!"
Openmoko Community Updates/2009-10-14This issue of the Openmoko Community Updates covers QtMoko, fso-simplemixer, qtm, and several other topics.
OpenSUSE Weekly News/93This issue of the OpenSUSE Weekly News covers openSUSE 11.2 on its way to become final -- Release candidate available!, Pavol Rusnak: RPM Summit at the openSUSE Conference 2009, rockslinuxgravity.com: Manipulating, converting and editing audio and video, Cornelius Schumacher: 4,273,291 lines of code, LinuxSecurity.com/Bill Keys: Security Features of Firefox 3.0, and more.
Ubuntu Weekly Newsletter #164The Ubuntu Weekly Newsletter for October 17, 2009 is out. "In this issue we cover: Archive frozen for preparation of Ubuntu 9.10, Unseeded Universe/Multiverse Final Freeze Schedule, Ubuntu Open Week: November 2-6, 2009, LoCo News, New lpx project group for Launchpad extensions, Launchpad's status page, Ubuntu Forums Tutorial of the Week, Stefan Lesicnik: Debian 2 Ubuntu - Security FTW, Ubuntu-UK Podcast: Beautiful Chaos, 0 A.D. Promises Real Gaming for Ubuntu, and much, much more!"
Interviews Gentoo: "We're Not Dead" (Linux Magazine)Linux Magazine has an interview with Gentoo developer Matthew Summers. "MS: Gentoo is far more than a project. Gentoo is representative of the notions of freedom and the existential open society, a choice we choose to make about our digital lives. However, with the idea and choice, we face the work of engineering solutions. There are many challenges devs are facing and there is much good work coming of it."
Distribution reviews Ubuntu 9.10 Beta Promises to Strengthen Distro's Position as Desktop Favorite (eWeek)eWeek has a review of Ubuntu 9.10 beta. "Karmic will ship with a long list of enhancements and additions, including the sort of core open-source application updates you expect to see with any Linux distribution refresh (new versions of Firefox, OpenOffice.org and the GNOME desktop environment). Beyond these typical updates, however, I've taken particular note of changes around disk encryption, tightened system permissions and cloud service integration."
Page editor: Rebecca Sobol Development The Equinox Desktop Environment approaches version 2.0The Equinox Desktop Environment (EDE) is a lightweight alternative to GNOME and KDE that aims to be used on embedded systems and older desktop machines. Equinox shares the lightweight desktop environment space with FVWM, LXDE and Xfce. The project has been around since at least 2005 and the code is licensed under the GPLv2. Equinox is built on top of FLTK, the Fast Light ToolKit and follows the freedesktop.org standards. The EDE FAQ mentions that EDE had been using the eFLTK fork of the never-released FLTK 2.0, and has since switched back to using the stable FLTK 1.x series. From the about document:
EDE (Equinox Desktop Environment) is simple and fast desktop environment with familiar look and feel. EDE uses FLTK toolkit for GUI presentation and UNIX philosophy for it's design.
With UNIX philosophy, EDE splits each component in separate executable entity that do one job and do it good. This makes EDE very easy to alter on user needs or requirements.
EDE is light and fast. It uses C++ carefully yielding fast startup, low memory usage and great portability. Also, we care not only about how EDE runs, but how much time is needed to compile it.
This facts makes EDE a perfect desktop environment for older computers and embedded devices. But, you can use it on your everyday hardware too.
![[Equinox Desktop Environment]](/images/ns/EDELogo.png)
Digging through the project's news listings shows that EDE has been ported to the Mandriva, Ubuntu, and STX live CD Linux distributions and also OpenBSD and Minix 3. EDE also runs on sXb, a Slackware distribution for the Xbox platform. The screenshots give a look at various versions of EDE on a number of platforms. The project's Recent Changes document shows that all of the current work is being performed by developer Sanel Zukan. Version 2.0 Beta of EDE was announced on October 8, 2009. The release has been coming for around three years. The Change Log has an overview of what's new: "EDE 2.0 Beta is the latest release of EDE desktop. This release brings a lot of improvements and introduces some new cool features and programs. Please note how this release is still a beta, going toward brand new and redesigned 2.0 release." The release announcement also sheds some light on the structure of EDE, with the following components undergoing improvements: the EDE Library, Panel, Desktop, Dialog Helper, Bug Report Tool, Crash Handler, Mount notifier and Launcher. Whether the Linux world needs another lightweight Linux desktop environment remains to be seen. The project's success will likely remain tied to the efforts of its main developer, and its adoption into widely-used Linux distributions and embedded projects.
System Applications Audio Projects Music Player Daemon 0.15.5 releasedVersion 0.15.5 of Music Player Daemon has been announced. "This release improves stability by fixing one hang and a few memory leaks."
Database Software PostgreSQL Weekly NewsThe October 18, 2009 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
SQLite 3.6.19 releasedVersion 3.6.19 of the SQLite DBMS has been announced. "Changes associated with this release include the following: * Added support for foreign key constraints. Foreign key constraints are disabled by default. Use the foreign_keys pragma to turn them on. * Generalized the IS and IS NOT operators to take arbitrary expressions on their right-hand side. * The TCL Interface has been enhanced to use the Non-Recursive Engine (NRE) interface to the TCL interpreter when linked against TCL 8.6 or later. * Fix a bug introduced in 3.6.18 that can lead to a segfault when an attempt is made to write on a read-only database."
SQLObject 0.12.0 releasedVersion 0.12.0 of SQLObject has been announced, this is the first stable release of branch 0.12. "SQLObject is an object-relational mapper. Your database tables are described as classes, and rows are instances of those classes. SQLObject is meant to be easy to use and quick to get started with."
Interoperability Samba 3.3.9 is availableVersion 3.3.9 of Samba has been announced. "This is the latest stable release of the Samba 3.3 series". More information is available in the release notes.
Mail Software Exim 4.70 prerelease announcedPrerelease version 4.70 of Exim, a mail transfer agent, has been announced. "The release of Exim 4.70 is on the horizon. A lot of stuff has accumulated in CVS since January 2008. Since we want to give the current code some wider exposure, please accept this invitation to test a 4.70 pre-release." (Thanks to Neil Youngman).
Telecom Nokia Sponsors KOffice Development for Mobile Devices (KDE.News)KDE.News has an interview with Suresh Chande. "At the Maemo Conference in Amsterdam Suresh Chande announced that Nokia has contracted KO GmbH to write a mobile office viewer using the KOffice libraries. The presentation by Suresh was given with the Nokia N900 smartphone, using the new Office Viewer. The improvements in KOffice have largely been in the libraries, on top of which a Maemo-specific GUI was written. KOffice became faster and more stable, and the various file import filters have been greatly improved. This includes the beginnings of MS Office 2007 import support. Thanks to this work the KOffice document viewer for Maemo will be able to properly read files created with a wider range of office applications, and all other users of KOffice 2.x will benefit."
Web Site Development Midgard 8.09.6 releasedVersion 8.09.6 of the Midgard web content management system has been announced. "The Midgard Project has released the sixth maintenance release of Midgard 8.09 Ragnaroek LTS. Ragnaroek LTS is a Long Term Support version of the free software content management framework. The 8.09.6 "AmsterGard" release focuses on API stability and provides improved Midgard installer."
Desktop Applications Audio Applications Ecasound 2.7.0 releasedVersion 2.7.0 of Ecasound, an audio processing utility, has been announced. This is the 10th anniversary of the project. "Initial Open Sound Control (OSC) interface for parameter control has been added. New '-chorder' and '-eadb' options, and 'cop-get' interactive mode command, have been added. Optional build time support has been added for using liboil to optimize inner loops, giving a small performance boost to many common use-scenarios. Various bugs fixed in JACK support, mp3 output and option parsing. Fixes to build problems in Mac OS X."
Desktop Environments GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Software AnnouncementsThe following new KDE software has been announced this week:
X11R7.5 Release Candidate 1 announcedVersion 7.5 RC 1 of X11 has been announced. "At this point, only some final bug fixes and documentation updates are expected between now and the final release of X11R7.5, including final releases of several modules for which release candidates are included in this set (including xorg-server 1.7.1, xorg-docs 1.5.0, and a couple driver modules)."
Xorg Software AnnouncementsThe following new Xorg software has been announced this week:
Music Applications ifn parser tools for csound 1.05 releasedVersion 1.05 of ifn parser tools for csound has been announced. "Ifn parser tools includes a number of csound tools that are useful[] within an ide along with a ifn renumbering tool that helps with numbering unencapsulated instruments in csound. The current version includes an ifn renumber, an ifn locater, a depreceated csound command locater and a pfield counter."
Office Suites OpenOffice.org 3.2 Beta releasedVersion 3.2 Beta of OpenOffice.org has been announced. "The OpenOffice.org Community is proud to announce the availability of a beta release of its upcoming 3.2 version. This first preview is for everyone interested in the new features and enhancements of the final 3.2 release, expected in December."
OpenOffice.org development switches to MercurialThe OpenOffice.org project has announced plans to switch to the Mercurial source code management system. "We have chosen Mercurial out of the three major open source DSCM tools available (Git, Bazaar and Mercurial) because we believe that its combination of ease of use, flexibility and performance fits best with the overall OOo needs. We are well aware that a slightly different emphasis on the selection criteria might well have led to a choice of Git or Bazaar, which are both very capable DSCMs as well."
Digital Photography UFRaw 0.16 releasedVersion 0.16 of UFRaw has been announced. "I'm pleased to announce the release of UFRaw-0.16. The major new feature of this release is 100% zoom. Yet I must warn you all that what you are seeing is not the final implementation. The current implementation is a bit slow and setting the zoom level to 100% will freeze the user interface for a few seconds. By the next version of UFRaw this should be fixed. Other interesting new features include image rotation by arbitrary angle and adjustment of color lightness by hue. In addition 39 new cameras are supported (see list below)."
Science LabPlot and SciDAVis Collaborate on the Future of Free Scientific Plotting (KDE.News)KDE.News interviews developers of the LabPlot and SciDAVis projects about their collaboration plans. Both projects are GUI plotting tools and plan to work together on back-end code. "The collaboration has stopped short of merging the projects for a few reasons. There are (presently at least) different approaches to the user interface. Alexander notes that 'SciDAVis, being a fork of QtiPlot, provides an Origin like way of doing plotting. LabPlot has a different approach. Both programs have their own user basis. This fact justifies the development of two UIs supporting different workflows'. Knut agrees with this but sees a bigger obstacle in the choice of pure Qt or KDE in the applications: 'SciDAVis is expressly cross-platform, and the practical viability of KDE on Windows and Mac OS X remains to be proven. LabPlot on the other hand puts some emphasis on its integration with KDE'."
Video Applications Bombono DVD 0.5.2 releasedVersion 0.5.2 of Bombono DVD has been announced. "Bombono DVD is a DVD authoring program for Linux. This software allows you to get video on those optical discs without knowing many technical details. The version 0.5.2 is the last stable one from the first program publication and ready to use by general public. The program provides full authoring sequence: making chapters while browsing videos, custom menu creation, authoring and optionally burning on DVD. Also, it features such an interesting feature as re-authoring: one can get video back from DVDs."
Languages and Tools C GCC 4.4.2 releasedVersion 4.4.2 of GCC, the Gnu Compiler Collection, has been announced. "This release is a bug-fix release, containing fixes for regressions in GCC 4.4.1 relative to previous releases of GCC."
GCC 4.4.2 Status ReportThe October 15, 2009 edition of the GCC 4.4.2 Status Report has been published. "GCC 4.4.2 release tarballs have been uploaded, the 4.4 branch is again open for commits under the usual release branch rules."
Sparse 0.4.2 releasedVersion 0.4.2 of Sparse, a semantic parser for C, has been announced. "As previous discussions on the sparse mailing list, I am the new maintainer of the sparse project. This is my first release for sparse. Thanks Josh Triplett for the previously maintaining the project."
Videos from the LLVM Developers' MeetingThe LLVM Developers' Meeting happened on October 2; videos from many of the talks are now available (in encumbered formats, alas). Covered topics include LLVM backend building, Unladen Swallow, the "Parfait" bug checker, extreme vectorization, Ruby acceleration, and more.
Caml Caml Weekly NewsThe October 20, 2009 edition of the Caml Weekly News is out with new articles about the Caml language.
Perl Parrot 1.7.0 "African Grey" releasedVersion 1.7.0 of Parrot has been announced, it adds some new capabilities. "On behalf of the entire Parrot team, I'm proud to announce Parrot 1.7.0 "African Grey." Parrot is a virtual machine aimed at running all dynamic languages."
Python Setuptools 0.6c10 releasedVersion 0.6c10 of Setuptools has been announced. "Major updates and fixes include: * Support for SVN 1.6 and Python 2.6 * Fix for the Python 2.6.3 build_ext API change * Support for the most recent Sourceforge download link insanity * Fix for Vista UAC errors running easy_install.exe or other "installer-looking" executables * Fix for errors launching 64-bit Windows Python * Stop crashing on certain types of HTTP error * Stop re-trying URLs that already failed retrieval once * Fixes for various dependency management problems such as looping builds, re-downloading packages already present on sys.path (but not in a registered "site" directory), and randomly preferring local -f packages over local installed packages * Prevent lots of spurious "already imported from another path" warnings (e.g. when pkg_resources is imported late) * Ensure C libraries (as opposed to extensions) are also built when doing bdist_egg".
Setuptools 0.6c11 releasedVersion 0.6c11 of Setuptools has been announced. "It fixes an error when running the "sdist" command on a package with no README, and includes the 64-bit Windows fix that was promised in 0.6c10 but wasn't actually checked in to SVN."
Python-URL! - weekly Python news and linksThe October 15, 2009 edition of the Python-URL! is online with a new collection of Python article links.
Libraries libfiu 0.13 releasedVersion 0.13 of libfiu has been announced. "libfiu is a C library for fault injection. It provides functions to mark "points of failure" inside your code (the core API), and functions to enable/disable the failure of those points (the control API). It also comes with some tools that can be used to perform fault injection in the POSIX API without having to modify the application's source code, that can help to test failure handling in an easy and reproducible way. This release fixes some portability issues, adds wrappers for strdup()/strndup() and support for simulating incomplete reads and writes, among other minor bug fixes and improvements."
Version Control GIT 1.6.5.1 releasedVersion 1.6.5.1 of the GIT distributed version control system has been announced, it is a maintenance release that addresses a number of bugs.
Page editor: Forrest Cook Announcements Non-Commercial announcements It's Time for Obama to Come Out for FOSS (The Standards Blog)Andy Updegrove has written an open letter to US president Obama, urging support for Free/Open Source Software. "It's time for the Obama Administration to publicly state that it whole heartedly supports FOSS procurement by the federal agencies. Not in preference to proprietary software, but on an equal basis. Only by doing so can it ensure that when it comes to getting the best deal for the American public, the best software will win."
Commercial announcements MontaVista Launches Next-Gen Carrier Grade LinuxMontaVista has announced Carrier Grade Linux 5.1. "CGE 5.1 adds support for next generation 4G wireless networks including LTE and WiMAX, and includes full integration of the OpenSAF high availability middleware consistent with Service Availability Forum specifications. In addition, MontaVista becomes the first commercial Linux vendor to offer virtual routing and forwarding (VRF) capabilities for secure wireless networks."
Articles of interest Darl McBride Out; SCO Looking to Sell 'Non-Core Assets' (Groklaw)Groklaw has the news that Darl McBride is no longer with The SCO Group, because "the Company has eliminated the Chief Executive Officer and President positions and consequently terminated Darl McBride". The information comes from SCO's latest 8K filing with the SEC.
Red Hat share price passes Microsoft's (The Inquirer)The Inquirer notes that Red Hat's share price is now higher than Microsoft's. "Since 2001 Red Hat has experienced more than 600 per cent growth, while during the same period Microsoft has experienced negative growth in its share price. Actually 2001 was a darn good time to invest in Red Hat. In those days its stock was worth a piddling $3 per share. Now Red Hat stock is priced at over $28 per share."
Resources Kdenlive Meets Studio Dave (Linux Journal)Dave Phillips takes a look at Kdenlive. "Over the past few months I've been drifting into the world of Linux video applications and development. I've already written a review of the LiVES video editor, and I've made occasional reference to the Kino editor. Recently a reader asked if I'd tried a recent version of Kdenlive. I started looking into it and I liked what I saw. The following article is an account of my continuing experience with the latest codebase from the project."
Monomania (Tux Deluxe)Here's a look at Mono by Jeremy Allison on the Tux Deluxe site. "But my basic issue with the Microsoft Community Promise is that Miguel doesn't have to depend on it like everyone else does. Miguel's employer, Novell, has a patent agreement with Microsoft that exempts Mono users from Microsoft patent aggression, so long as you get Mono from Novell. Miguel takes pains to point this out. This is not a level playing field, or software freedom for all. This is a preferred supplier trying to pretend there is no problem. Sure there isn't a problem, for them. If it isn't good enough for Miguel, why is it good enough for other developers?"
Contests and Awards Georgia Tech receives $12M NSF Track 2 award for HPCGeorgia Tech has received a $12M NSF award to build an experimental high performance computing system. "The Georgia Institute of Technology today announced its receipt of a five-year, $12 million Track 2 award from the National Science Foundation's (NSF) Office of Cyberinfrastructure to lead a partnership of academic, industry and government experts in the development and deployment of an innovative and experimental high-performance computing (HPC) system. The award provides for the creation of two heterogeneous, HPC systems that will expand the range of research projects that scientists and engineers can tackle, including computational biology, combustion, materials science, and massive visual analytics."
Event Reports Developer Days 2009: Qt Grows (KDEDot)KDE.News covers Qt Developer Days. "Last week, Munich saw the 2009 Edition of the Qt Developer Days. Qt Developer Days is a Qt-focused software conference which is held yearly in Europe and the U.S. The American edition will be held at the start of November in San Francisco. 700 attendants and more than 70 Trolls made this edition the biggest Developer Days to date. Qt Development Frameworks had invited a group of KDE developers to the conference, more well-known heads from the KDE world were sent by their respective employers. The days brought training sessions around Qt and many interesting presentations ranging from higher level topics such as the future roadmap for Qt to topics related to Qt programming with techniques and technologies such as the Model/View Framework, QGraphicsView, WebKit, multithreading and many more."
Calls for Presentations CanSecWest 2010 cfp and PacSec selectionsA call for papers has gone out for CanSecWest 2010. The event takes place on March 22-26, 2009 in Vancouver, BC, Canada on March 22-26, 2010. Submissions are due by November 30. Also, the PacSec conference paper selections have been announced.
Salon Linux 2010 Paris announcedSalon Linux 2010 takes place in Paris, France on March 16-18, 2010. "This message is to inform the community that in the next edition of the the "Salon Linux 2010" in march 2010 in Paris, a french Linux event including a conference cycle, there will be a session around professional music and video creation with free software." Talk submissions are being accepted.
Upcoming Events Camp KDE registration openedRegistration has opened for Camp KDE 2010. "Camp KDE 2010 will be taking place in sunny San Diego at the University of California, San Diego from January 15th-22nd, 2010."
GOSCON: federal keynotes announcedThe GOSCON keynotes have been announced. "Government Open Source Conference November 5, 2009 at the Ronald Reagan Building and International Trade Center Spotlighting Software Initiatives at HHS, NASA, OMB, DOD, CIA, NSA, EPA, NARA, DHS, and Dept of State".
pyArkansas - November 14thThe 2009 pyArkansas conference has been announced. "The 2nd annual pyArkansas conference will be held on Saturday, November 14th, on the campus of the University of Central Arkansas in Conway, Arkansas. The conference is put on be the Python Artists of Arkansas (pyAR^2) and hosted by the UCA Department of Computer Science."
pyTexas: Regional Conference - Oct 24/25The 2009 pyTexas conference has been announced. "pyTexas, the 3rd annual regional Python conference, is coming up in only five days. It is being held Oct 24-25 Sat/Sun in Ft. Worth at the University of North Texas Health Science Center."
Events: October 29, 2009 to December 28, 2009The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it. Miscellaneous Brockmeier: Open Source marketing: Lead with Free or benefits?Joe "Zonker" Brockmeier, openSUSE community manager, looks at open source marketing on his blog. The subject came up at two meetings he attended last week (a Novell strategy session and the GNOME Summit) and he suggests that the benefits of open source (including software freedom) be the lead message, rather than starting from software freedom and eventually getting around to the concrete user benefits. "One of the things we talked about in the marketing meetings in Waltham is this idea: Logic leads to conclusions, but emotions lead to actions. You can make the logical argument about Software Freedom until the proverbial cows (or gnus ) come home, but if people arent buying it emotionally, theyll stick with their existing stuff."
Page editor: Forrest Cook
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Joker]](/images/conf/ks-jls-09/alan.jpg)
![[File hole]](/images/file-hole.png)