LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Announcements
->Multipage format
This page
Previous weekFollowing week
Recent Features
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for November 12, 2009Python moratorium and the future of 2.xOn November 9, Python BDFL ("Benevolent Dictator For Life") Guido van Rossum froze the Python language's syntax and grammar in their current form for at least the upcoming Python 2.7 and 3.2 releases, and possibly for longer still. This move is intended to slow things down, giving the larger Python community a chance to catch up with the latest Python 3.x releases. The idea of freezing the language was originally proposed by Van Rossum in October on the python-ideas list and discussed on LWN. There are three primary arguments for the freeze, all described in the original proposal:
The proposal turned into PEP 3003, "Python Language Moratorium", which is more definite about what cannot be changed:
Adding a new method to a built-in type will still be open for consideration, and so is changing language semantics that turn out to be ambiguous or difficult to implement. Python's C API can be changed in any way that doesn't impose grammar or semantic changes, and the modules in the standard library are still fair game for improvement. The duration of the freeze is given in the PEP as "a period of at least two years from the release of Python 3.1." Python 3.1 was released on June 27 2009, so the freeze would extend until at least June 2011. Van Rossum later clarified the duration on python-dev, writing "In particular, the moratorium would include Python 3.2 (to be released 18-24 months after 3.1) but (unless explicitly extended) allow Python 3.3 to once again include language changes." Most responses to the moratorium idea were favorable, but those who had objections felt those objections very strongly. Steven D'Aprano wrote:
A moratorium isn't cost-free. With the back-end free to change,
patches will go stale over 2+ years. People will lose interest or
otherwise move on. Those with good ideas but little patience will be
discouraged. I fully expect that, human nature being as it is, those
proposing a change, good or bad, will be told not to bother wasting
their time, there's a moratorium on at least as often as they'll be
encouraged to bide their time while the moratorium is on.
A moratorium turns Python's conservativeness up to 11. If Python already has a reputation for being conservative in the features it accepts — and I think it does — then a moratorium risks giving the impression that Python has become the language of choice for old guys sitting on their porch yelling at the damn kids to get off the lawn. That's a plus for Cobol. I don't think it is a plus for Python. The 2-to-3 transitionOne of the reasons for the moratorium is the developers' increasing concern at the slow speed of the user community's transition away from Python 2.x. The moratorium thread led to a larger discussion of where Python 3.x stands. Progress on the transition can be roughly measured by looking at the third-party packages available for Python 3.x. Only about 100 of the 8000 packages listed on the Python Package Index claim to be compatible with Python 3, and many significant packages have not yet been ported (Numeric Python, MySQLdb, PyGTk), making it impossible for users to port their in-house code or application. Few Linux distributions have even packaged a Python 3.x release yet. For the Python development community, it's tempting to nudge the users toward Python 3 by discouraging them from using Python 2. The Python developers have been dividing their attention between the 2.x and 3.x branches for a few years now, and a significant number of them would like to refocus their attention on a single branch. Given the slow uptake of Python 3, though, it's difficult to know when Python 2 development can stop. The primary suggestions in the recent discussion were:
Abandoning the 3.x branch had very few supporters. Retroactively declaring 2.6 the final release was also not popular, because people have been continuing to apply and backport improvements on the assumption that there was going to be a 2.7 release. As Skip Montanaro phrased it:
2.6.0 was released over a year ago and there has been no effort to
suppress bug fix or feature additions to trunk since then. If you
call 2.6 "the end of 2.x" you'll have wasted a year of work on 2.7
with about a month to go before the first 2.7 alpha release.
If you want to accelerate release of 2.7 (fewer alphas, compressed schedule, etc) that's fine, but I don't think you can turn back the clock at this point and decree that 2.7 is dead. A significant amount of work has already been committed to the
2.7 branch, as can be seen by reading "What's New in
Python 2.7" or the more detailed NEWS file.
New features include an ordered dictionary type, support for using
multiple context managers in a single Clearly a 2.7 release will happen, and manager Benjamin Peterson's draft release schedule projects a 2.7 final release in June 2010. There's no clear consensus on whether to continue making further releases after 2.7. Post-2.7 releases could continue to bring 2.x and 3.x into closer compatibility and improve porting tools such as the 2to3 script, while keeping existing 2.x users happy with bugfixes and a few new features, but this work does cost effort and time. Brett Cannon stated his case for calling an end with 2.7:
[...] I think a decent number of us no longer want to maintain the 2.x
series. Honestly, if we go past 2.7 I am simply going to stop
backporting features and bug fixes. It's just too much work keeping so
many branches fixed.
Raymond Hettinger argued that imposing an end-of-life is unpleasant for users:
I do not buy into the several premises that have arisen in this
thread. [First premise:] For 3.x to succeed, something bad has to
happen to 2.x. (which in my book translates to intentionally harming
2.x users, either through neglect or force, in order to bait them into
switching to 3.x).
Hettinger is unmoved by the argument that maintaining 2.x takes up a lot of time, arguing that backporting a feature is relatively quick compared to the time required to implement it in the first place. He's also concerned that 3.x still needs more polishing, and concludes:
In all these matters, I think the users should get a vote. And that vote
should be cast with their decision to stay with 2.x, or switch to 3.x, or
try to support both.
AssessmentDeclaring such a long-term freeze on the language's evolution is a surprising step, and not one that developer groups often choose. Languages defined by an official standard, such as C, C++, or Lisp, are forced to evolve very slowly because of the slow standardization process, but Python is not so minutely specified. D'Aprano makes a good point that the developers are already pretty conservative; most suggestions for language changes are rejected. On the other hand, switching to Python 3.x is a big jump for users and book authors; temporarily halting further evolution may at least give them the sense they're not aiming for a constantly shifting target. It's probably premature to call the transition to Python 3.x a failure, or even behind schedule. These transitions invariably take a lot of time and proceed slowly. Many Linux distributions have adopted Python for writing their administrative tools, making the interpreter critical to the release process. Distribution maintainers will therefore be very conservative about upgrading the Python version. It's a chicken-and-egg problem; third-party developers who stick to their distribution's packages can't use Python 3 yet, which means they don't port their code to Python 3, which gives distributions little incentive to package it. Eventually the community will switch, but it'll take a few years. The most helpful course for the Python developers is probably to demonstrate and document how applications can be ported to Python 3, as Martin von Löwis has done by experimentally porting Django to Python 3.x, and where possible get the resulting patches accepted by upstream. It remains to be seen if a volunteer development group's efforts can be successfully redirected by declaring certain lines of development to be unwelcome. Volunteers want to work on tasks that are interesting, or amusing, or relevant to their own projects. The moratorium may lead to a perception that Python development is stalled, and developers may start up DVCS-hosted branches of Python that contain more radical changes, or move on to some other project that's more entertaining. The nearest parallel might be the code freezes for versions 2.4 and 2.6 of the Linux kernel. The code freeze for Linux 2.4 was declared in December 1999, and 2.5.0 didn't open for new development until November 2001, nearly two years later. The long duration of the freeze led to a lot of pressure to bend the rules to get in one more feature or driver update. Python's code freeze will be of similar length and there may be similar pressure to slip in just one little change. However, freezing the language still leaves lots of room to improve the standard library and the CPython implementation, enhance developer tools, and explore other areas not covered by the moratorium. Perhaps these tasks are enough of an outlet for creative energy to keep people interested.
Switching desktops surprisingly painlessBusy days are not uncommon here at LWN, but Tuesdays and Wednesdays are particularly full with writing and editing tasks for the weekly edition. Any kind of computer problem is most unwelcome on such days, whether that is because your ISP has decided to route your packets to Borneo, or because some critical piece of the desktop goes out to lunch. So, trying to wrestle with a Plasma—KDE 4's desktop shell—crash while under deadline pressure made for a rather stressful few hours. The point here is not to bash on KDE, or Fedora, which is the distribution I tend to use, as the fault may well be my own. But, in the process of getting back to a working state, I made a surprising (to me, anyway) discovery: switching from KDE to GNOME was completely painless. The desktop wars would lead one to believe that there are such fundamental differences between the two dominant desktops that switching between them would be "entering a world of pain". Not so, at least for this relatively unsophisticated user. Generally, I try and avoid dipping into the Fedora 10 update stream in the early part of any week, just for stability purposes. I also tend to ignore updates for several weeks at a time, which is part of what made the Plasma crash so surprising—I hadn't updated for roughly two weeks. It may well have been that I didn't restart the desktop after the last update, I often do yum update in some random Konsole and forget about it. So, when Plasma tried to restart, perhaps there was a newer version of it or libraries it depended on. Back in January, I wrote an article about the KDE 4 transition and, in it noted that I had gone through the transition with few problems. In some ways, I was mystified by all of the uproar about KDE 4 as it more or less worked for me. Oddly, I think I now have a better perspective on what folks suffered at that time. If Plasma won't start, you don't really have a desktop; maybe there are various workarounds to switch workspaces or to particular windows (especially iconified windows) using just the keyboard, but I didn't have any time to figure that out. Over the last year and a half or so—since switching to KDE 4—I had been having infrequent Plasma crashes. Roughly once a month, the desktop would briefly seize up, with the Panel disappearing and windows rearranging themselves, and then it would all come back. Sometimes, the KDE bug reporting tool would come up, but, since I don't run debug versions of the desktop applications, the tool made it clear that the reports weren't wanted. In fact, as I found out yesterday, reporting a bug through the tool requires having a bugs.kde.org login, which is an exceedingly annoying—unlikely to be surmounted by many—requirement. This time, things were different, as Plasma went away and didn't come back. Since I had a lot of state in various workspaces (i.e. virtual desktops) that I didn't want to lose, I poked around on the net for ways to restart Plasma. None of those worked, so I saved off what I could and killed the X server with ctrl-alt-backspace, fully believing that logging in anew would clear up the problem. Not so; new logins would either just return to the login screen (after loading most of KDE based on the progress bar), or get to a screen with KDE bug tool reporting that Plasma had crashed. So, it seemed like it might be time to upgrade or downgrade KDE to get back to a working state. I didn't have a lot of patience, so I just did:
yum remove kde*
to get rid of an updates-testing version I had previously
installed, followed by:
yum groupinstall "KDE (K Desktop Environment)"
just using the standard F10 repositories. I was very sure that would fix
the problem, but it was not to be. The same behavior was exhibited when
trying to start Plasma.
For a moment, I was kind of at a loss, trying to figure out the optimal approach for tracking down the breakage and somehow downgrading to a working version, or deciding to switch to the laptop—ironically running Rawhide without any problems—for the next few days. At that point I realized there was another option, switch over to using GNOME. Now that probably is an obvious choice, in hindsight it certainly is, but when you are focused on a particular desktop, the alternative doesn't even enter your mind right away. Once I decided to do that, I immediately began to dread the amount of configuration and hassle that I expected it to take. I hadn't run GNOME in many years, perhaps as many as ten. I know lots of folks who run GNOME and had no reason to believe it was inferior in any way, but I did think, or led myself to believe, that it was different. It took roughly five minutes of working with GNOME before I was largely unaware that I had switched. It may be that my use of the desktop is relatively minimal, though it is in use for many hours a day. I tend to have multiple Konsole windows (each with multiple tabs), a browser, the Gimp, claws-mail, and emacs up all the time, scattered around multiple workspaces. The only departures from standard GNOME were to move the menu bar to the bottom of the screen and to make windows auto-raise when the mouse pointer moves into them (something that has to be done for KDE as well). I imagine I will revert back to KDE once I resolve whatever problem Plasma is having (and it may be as simple as yum update in a day or two), but I certainly won't look at the competing desktops for Linux in quite the same way. For any hardcore advocates of one desktop or the other, I would seriously encourage giving the other a try for a few hours some day. You may very well be surprised at how little difference, in terms of actually getting work done, there really is. There are certainly lessons here for both Fedora and KDE, even though the problem may be partially of my own doing. It is hard to see how removing KDE and reinstalling from the F10 repositories didn't clear up this problem, unless there is some configuration in my home directory that causes it. Perhaps it is something in the Plasmoids (I did fiddle with the World Clock widget an hour or two before the crashes started) or Panel widgets that I have running. It is not easy to tell, nor is it particularly easy to Google for. Plasma should (obviously) try to be more robust, and provide some better idea of where things might be going wrong—and what to do about it—but, certainly KDE should not be placing barriers between its users and its bug reporting system. I suspect it is an attempt to reduce some kind of bug report spam, but requiring a username/password for some "random" site is something that will stop bug reports from lots of users, including me. Fedora has been concerned recently about the stability of upgrades. A recent issue with a Thunderbird upgrade, which caused much pain for users, is just one of a number of Fedora upgrade woes. This particular Plasma problem may be another, and, if so, will likely cause the project to focus on the upgrade stability issue even more. Software has bugs, but desktop environments—much like the kernel—occupy a special place. If those pieces stop working, there is little the user can do to work around that fact. Usually, downgrading the kernel to the previously functioning one is an option, and it may be for desktops as well, but another alternative that free software brings is to switch to a different desktop (or even kernel, FreeBSD anyone?) entirely. That's a freedom worth having.
Nepomuk: sharing application metadataThe Nepomuk project has the potential to unlock the data from its originating application so that it can used by other applications on the desktop. If Nepomuk becomes pervasive, history logs, bookmarks, file metadata, email, instant messages, photo tags, or other metadata will be shared between various desktop applications. Why should music metadata like track length or artist and song title be locked away in an index created and used explicitly by a music playing application? Consider a download assistant such as kget. The subversion branch of kget recently got the ability to store its download history using Nepomuk. kget could already save the transfer history in XML or SQLite. The advantage of using Nepomuk is that other desktop tools can easily see where a file was downloaded from and when; the information is unlocked from just kget. With Nepomuk, other applications don't need to know where the SQLite file is, or find and parse an XML file. All of the sudden, the file manager can let you know where this file came from so you can easily return for newer versions, or a desktop search can reveal all the files downloaded last year from http://example.com. To allow data to be stored, exchanged, and understood by many applications, Nepomuk uses the same underlying technology that the Semantic Web is designed around. The Semantic Web tries to separate the data from the presentation in a way that allows for both humans and computers to inspect and digest the data. At the base of the Semantic Web is Resource Description Framework (RDF) which aims to allow metadata to be exchanged in an unambiguous, machine-processing-friendly format. There are many who dismiss the Semantic Web as an ivory tower pipe dream. Various concerns are cited as reasons that RDF will not be adopted: it takes extra time to generate RDF data, it allows for automated comparisons which will make companies uncomfortable, and there will no agreement between companies on which schemas to use, etc. Nepomuk and RDF have a huge potential on the Free and Open Source Software (FOSS) desktop because application developers have no vested interest in locking their data away, and due to the nature of free software, one can patch in RDF and/or Nepomuk support into projects. The latter problem about projects designing their own schema is still present for FOSS, but, luckily, schema mismatches in and of themselves are not a show stopper for RDF adoption. By definition, once data is in RDF it can be processed automatically by a computer, so the machine, rather than the human, can always work around schema differences. RDF tries to capture information in the form of triples. The classic examples are relationships and ownerships, for example: "Mary knows Mark" and "dog has tail". To avoid name clashes for things described in RDF, longer URL style identifiers are used for the three pieces of information. To get back to smaller text strings for these URLs, prefixes are used in the style of XML namespaces. For example, foaf:name could be used for a human name which expands to the URL http://xmlns.com/foaf/0.1/name. This way, individual things can still be described concisely, but they should also have globally understood meaning. A foaf:name is a person's name, whereas a toolshed:name might name a screwdriver. Below is an example of using Nepomuk from the command line to create and list an RDF file:
$ sopranocmd --backend redland add \
"<http://onto.libferris.com/things/1234>" "<http://onto.libferris.com/price>" "30"
$ sopranocmd --backend redland add \
"<http://onto.libferris.com/things/1234>" "<http://onto.libferris.com/title>" \
"super crazy magical item"
$ sopranocmd --backend redland list
<http://onto.libferris.com/things/1234> <http://onto.libferris.com/price> \
"30"^^<http://www.w3.org/2001/XMLSchema#int> (empty)
<http://onto.libferris.com/things/1234> <http://onto.libferris.com/title> \
"super crazy magical item"^^<http://www.w3.org/2001/XMLSchema#string> (empty)
Total results: 2
Execution time: 00:00:00.1
While an RDF repository can be used to just store, update, and query these triples, a schema can also be imposed so that applications know what to expect. For example, that the foaf:homepage is a link to a web site with certain constraints. Examples of constraints include the type of data stored (integer, date, etc), how many times a property can appear (only one homepage), and so on. The SPARQL query language can be used to join together the triples and select the information of interest. While SPARQL uses familiar SQL, like the SELECT, WHERE, ORDER BY, and LIMIT keywords, joining triples is a bit different than with SQL. For example, the query below grabs the price and title for "something". We don't particularly care what the something is, as long as the same something has a title and a price of less than 30.5.
SELECT ?title ?price
WHERE { ?x ns:price ?price .
FILTER (?price < 30.5)
?x dc:title ?title . }
With all this talk of RDF, triples, and ivory towers, one might think that using Nepomuk and RDF will be painful and have an extremely long learning curve. Below are a few examples of using Nepomuk in a KDE application to quell those fears. Nepomuk makes using RDF simple because it provides a code generator that makes native C++ classes to allow interaction with the RDF store:
Nepomuk::File f( "/home/foo/bar.txt" );
f.setAnnotation( "This is just a test file that contains nothing of interest." );
The above is much neater than thinking in terms of the triples shown below which might be stored to represent it. In this case X will really be a persistent unique identifier used to identify the file, similar to the device number and inode in the kernel. The type, file etc will of course be longer URIs in the real RDF store.
X type file
X url "/home/foo/bar.txt"
X annotation "This is just a..."
The above example which uses setAnnotation() takes advantage of a schema for annotating and tagging files which comes with Nepomuk itself. The kget program mentioned earlier in the article is a good example of not using a standard schema. In the sources of kget, the transferhistorystore.cpp file manages the XML, SQLite, and Nepomuk representations of download history. At the end of transferhistorystore.cpp file, there is the following code:
void NepomukStore::saveItem(const TransferHistoryItem &item)
{
Nepomuk::HistoryItem historyItem(item.source());
historyItem.setDestination(item.dest());
historyItem.setSource(item.source());
historyItem.setState(item.state());
historyItem.setSize(item.size());
historyItem.setDateTime(item.dateTime());
}
void NepomukStore::deleteItem(const TransferHistoryItem &item)
{
Nepomuk::HistoryItem historyItem(item.source());
historyItem.remove();
...
The HistoryItem class is generated by Nepomuk using the custom schema file kget_history.trig, part of which is repeated below. While the schema language that kget_history.trig is using may be unfamiliar, it should still be clear that there is a ndho:HistoryItem which has properties of various types with various restrictions on them, such as a destination property which can appear zero or one times and is a string. Given the below schema file, Neopmuk can generate the C++ class Nepomuk::HistoryItem needed to allow the above C++ code compile.
<http://nepomuk.kde.org/ontologies/2008/10/06/ndho> {
ndho:HistoryItem
a rdfs:Class ;
rdfs:comment "A kget history item." ;
rdfs:label "application" ;
rdfs:subClassOf rdfs:Resource .
ndho:destination
a rdf:Property ;
rdfs:comment "Destination of the download." ;
rdfs:domain ndho:HistoryItem ;
rdfs:label "source" ;
rdfs:range xsd:string ;
nrl:maxCardinality "1" .
...
At the base of the Nepomuk project is the Soprano library and command line tools which depend only on QtCore, making them a useful RDF library for use on both desktop and mobile platforms. The Nepomuk libraries build on Soprano to make writing KDE applications using RDF simple. One of the great things about the design of Soprano is that there are multiple backends which can store and query RDF. So there can be a memory mapped implementation for a mobile device, or a full-blown database server for a LAN, and applications still use the same API. For a long time Soprano has had two main backends: Redland and Sesame2. The former is a C library for RDF and the latter a Java implementation. While Sesame2 is written in Java it can deliver better query performance than Redland. This left KDE4 in the predicament that it required Java to achieve good RDF performance. To solve this issue the new Virtuoso backend was created and is getting to the point where it is now stable. As I discovered recently, the main impediment to developing a backend for soprano is implementing SPARQL. Adoption still remains the major hurdle for Nepomuk and Soprano. With the host of persistence options available, the first thing that comes to an application developer's mind might be flat files, MySQL, Sqlite, Berkeley DB, or some generic relational database library, when wanting to store and retrieve data. However, when storing data that might be of interest to other applications, using Nepomuk or Soprano has the potential to unlock an application's data. As can be seen above, the main thing to learn is a bit about the schema language and then native C++ objects can be used to interact with Nepomuk from an application.
Security What lessons can be learned from the iPhone worms?Word spread quickly earlier this week when the first known worms targeting the Apple iPhone surfaced days apart in Australia and the Netherlands. Neither inflicts serious harm on devices — though perhaps the Australian "Ikee" worm is guilty of crimes against good taste, as it swaps out the iPhone's wallpaper for a vintage photo of Rick Astley. The events are notable, however, because they only affect jailbroken iPhones, raising questions over whether the iPhone jailbreaking community behaves responsibly when it frees the devices from Apple's factory restrictions. Ikee was created on November 4 by Ashley Towns, a programmer from Wollongong, Australia. The worm propagates by scanning IP ranges in the blocks used by the iPhone's Australian carrier, checking for iPhone OS fingerprints, and looking for a running SSH daemon on any iPhones it finds. Because all iPhones ship from the factory with the same default root password, "alpine", the worm can connect, copy itself over to the new device, install its signature wallpaper, and repeat. Ikee also deactivates SSHd on the host phone as part of its payload, but it does not change the root password. Thus, restarting SSH makes the phone vulnerable to reinfection. It attracted considerably less public attention than Ikee, but on November 2, a worm surfaced in the Netherlands using the exact same attack vector: IP range scanning of the approved 3G carrier, OS fingerprinting, and connecting via SSH using the default password. The Dutch worm lacked the campy sensibility of Ikee; rather than Rickrolling the iPhone's wallpaper, it popped-up a message telling the user that the iPhone was insecure and asking €4.95 for instructions on how to secure it. That same day, however, the author changed his mind and posted both an apology and free instructions for securing the phone on the web site to which the worm pointed its victims. Jailbreaks are risky. Much like in real life."Jailbreaking" refers to hacks that enable full access to the iPhone's operating system, and is distinct from SIM unlocking, which removes carrier-restrictions that limit the device to registering on only approved 3G networks. The iPhone has multiple layers of security built into the OS, including everything from boot loader restrictions to application code signing. The term "jailbreak" originates from the fact that all iPhone applications run inside a chroot jail; when connecting the iPhone to a Mac or PC only the contents of the chroot jail are accessed by the iTunes application for installing and removing media content and applications. Consequently, breaking out of the chroot jail is required to perform any real OS customization, and the popular jailbreaking utilities set up niceties that most hackers will expect on a Unix-like system like OS X. That includes SSH, which obviates the need to keep the phone attached to a PC by cable while working on it. It is Apple's decision to ship all models of its iPhone with the same root password — a tactic common to embedded device makers, if not particularly secure. The point of debate is whether the security hole left open by the combination of a default root password and a running SSH daemon is Apple's fault, the jailbreaking tool authors', or simply the users'. Searching for solutionsChanging the password is simple enough; should PwnageTool, PurpleRa1n, and the other jailbreak utilities do so upon installation, either by automatically generating a new password or by prompting the user? An Australian blogger who interviewed Towns about Ikee thinks so; he posted an opinion piece following up on the interview in which he asks the jailbreaking tool developers to to do just that. From reading the various news sites' discussions, it is clear that plenty of others disagree, noting that the responsibility for securing the device stops with the end user. But is there any substantial risk to changing the root password on the device, when measured against the risks of a default password exploit? Default password exploits are well-known enough that most end-user applications have moved away from them; other than the fact that the iPhone is an embedded system, why should it be measured by different standards than a desktop or server, or for that matter, a PayPal account? For comparison's sake, Android phones do not include a password-enabled root account, and although changing this is well-documented, it is a complicated process even for the comparatively unlocked Android Dev Phone 1. Similarly, installing a working SSH daemon is not a straightforward process even on a rooted phone. On the other hand, Maemo offers OpenSSH (both client and server) as a one-click install, but installing it automatically prompts the user to change the root password from its default. ComputerWorld's Robert McMillan speculates that Apple cares little about the issue — jailbroken phones are not covered by warranty, so there is no incentive for the company to close its part of the security hole by changing its root password policy. In fact, it may tacitly approve of the negative press generated around jailbreaking. On the other hand, as the author of the Dutch worm put it, "the way I got access to your iPhone can be used by thousands of others. And they can send text messages from your number (like I did..), use it to call (or record your calls), and actually whatever they want [...]" The next exploit taking advantage of the iPhone's default root password may not require a jailbroken device. Apple will surely sit up and take notice then. In the meantime, though, the question remains: should the people who care about freeing a device from the factory's proprietary lock-downs also care about putting it into a secure state once it is free? While some FOSS-based phones may not require jailbreaking — or not enable SSHd as part of the process — there are warnings here for Google, Nokia, Palm, and others. By forcing users to perform dodgy operations on their phones, in order to enable the functionality they want, phone makers may very well be putting those users at risk. Whether the underlying code is open source or proprietary doesn't alter that risk.
Brief items Vixie: What DNS Is NotOver at the ACM Queue, Paul Vixie writes about what he calls "stupid DNS tricks". These include various schemes by ISPs and others to "monetize" DNS traffic in some way. "Not all misuses of DNS take the form of lying. Another frequently seen abuse is to treat DNS as a directory system, which it is not. In a directory system one can ask approximate questions and get approximate answers. Think of a printed telephone white pages directory here: users often find what they want in the printed directory not by knowing exactly what the listing is but by starting with a guess or a general idea. DNS has nothing like that: all questions and all answers are exact. But DNS has at least two mechanisms that can be misused to support approximate matching at some considerable cost to everybody else, and a lot of that goes on." (thanks to Jay R. Ashworth).
New vulnerabilities alienarena: buffer overflow
apache: man-in-the-middle/SSL injection
cups: cross-site scripting
drupal6: multiple vulnerabilities
horde: cross-site scripting
java: multiple vulnerabilities
kernel: integer overflow
libvorbis: arbitrary code execution
qtwebkit: arbitrary local file access
typo3: multiple vulnerabilities
wordpress-mu: denial of service
Page editor: Jake Edge Kernel development Brief items Kernel release statusThe current development kernel remains 2.6.32-rc6; there have been no 2.6.32 prepatches released over the last week.The current stable kernel is 2.6.31.6, released (along with 2.6.27.39) on November 9. Both kernels contain a long list of important fixes, including some which are security-related.
Quotes of the week
I, Paul E. McKenney, maintainer of the RCU implementation embodied
in the Linux kernel and co-inventor of RCU, being of sound mind and
body, notwithstanding the wear and tear inherent in my numerous
decades sojourn on this planet, hereby declare that the following
usage of work queues constitutes a valid RCU implementation...
-- Acked-by: Paul McKenney style (thanks to
Amit Shah)
Hugh's hypothesis: for every variable x initialized by a
subfunction, there exists at least one version V of gcc, such that
V reports that x may be used uninitialized.
-- Hugh Dickins
The block I/O controllerI/O bandwidth allocation and control is a tricky problem; as was discussed here earlier this year, several groups have tried to solve this problem at different levels in the block I/O stack. At a minisummit in Tokyo, the developers behind various I/O controllers got together and decided on a multi-level approach to the problem. Since then, developer Vivek Goyal has remarked:
IO control is a huge problem and the moment we start addressing all
the issues in one patchset, it bloats to unmanageable proportions
and then nothing gets inside the kernel. So at io mini summit we
agreed that lets take small steps and once a piece of code is
inside the kernel and stabilized, take the next step. So this is the
first step.
This first small step is a 20-part patch series implementing a proportional-weight I/O controller within the CFQ I/O scheduler. A new control group (cgroup) class (called "blkio") is created, with each group given an I/O weight between 100 and 1000. The available I/O bandwidth is then handed out to groups as determined by their configured weight. Working within CFQ gives the I/O controller fine-grained control over how much bandwidth each group gets. On the other hand, CFQ is poorly positioned to identify block I/O traffic which is not directly generated by user space (writeback, for example) or to throttle activity at the virtual memory level. Achieving that will require the integration of a controller which hooks into the system at a much higher level. The plan is to write such a controller and have it work transparently within the same blkio cgroup. But a couple more small steps will probably be required before that is ready to go in.
Removing binary sysctlThe "sysctl" mechanism is used by the kernel to export a wide variety of tuning options to user space. Sysctl is actually two interfaces which have been awkwardly joined together: the sysctl() system call and the /proc/sys directory hierarchy. Of the two, /proc/sys is much more widely used, to the point that developers rarely even think about the system call. But the sysctl() implementation is a significant amount of code which suffers from chronic neglect. It has thus been the target of removal attempts for years.The problem with removing sysctl(), of course, is that it is part of the kernel ABI. As long as the possibility of broken applications exists, this ABI cannot be removed. So it continues to sit in the kernel, despite the fact that its absence would be noted by few people. Eric Biederman has come up with a new approach to the problem. His patch set removes the current sysctl() implementation, getting rid of a few thousand lines of unloved code. He then adds back a new wrapper which emulates the sysctl() ABI by way of /proc/sys. So any applications using sysctl() should continue to work, but the code dedicated to making it work is much reduced from what was there before. The patch set still concerns some developers. The compatibility wrapper has its own configuration option, leading some to worry that distributions might disable it and cause obscure things to break. Going through /proc/sys will make access to these variables much slower than it was before. That should not really be a problem: access to sysctl variables is not normally a performance-critical operation. So there does not appear to be any sort of real obstacle to the merging of these patches; maybe, someday, binary sysctl() will truly vanish into the past.
Next-generation Linux file systems: NiLFS(2) and exofs (developerWorks)IBM developerWorks has posted an introduction to the NilFS2 and exofs filesystems. "An interesting aspect of NiLFS(2) is its technique of continuous snap-shotting. As NILFS is log structured, new data is written to the head of the log while old data still exists (until it's necessary to garbage-collect it). Because the old data is there, you can step back in time to inspect epochs of the file system. These epochs are called checkpoints in NiLFS(2) and are an integral part of the file system. NiLFS(2) creates these checkpoints as changes are made, but you can also force a checkpoint to occur."
Kernel development news Supporting transactions in btrfsMuch of the fuss involving fsync() and crash robustness over the last year was really about how applications can get transactional semantics out of filesystem operations. An application developer often wants to see a set of operations either succeed or fail as a unit, without the possibility of partially-completed operations. Providing ways for applications to get that behavior can be a challenge, though.Btrfs has tried to make this capability available to user space by way of the BTRFS_IOC_TRANS_START and BTRFS_IOC_TRANS_END ioctl() calls. There are some real problems with this approach, though. They operate as a pair of system calls, with any operations between the two being treated as a transaction within the filesystem. But if something fails, or if the application never quite gets around to ending the transaction, things will eventually come to a halt. That is why the btrfs code includes this comment:
There are many ways the trans_start and trans_end ioctls can lead
to deadlocks. They should only be used by applications that
basically own the machine, and have a very in depth understanding
of all the possible deadlocks and enospc problems.
It is, in other words, a dangerous capability which cannot be made generally available. Sage Weil has posted a patch taking a rather different approach to the problem. The key idea is to avoid the problem of never-completed transactions by encapsulating the entire thing within a single system call. The result is a new BTRFS_IOC_USERTRANS command for ioctl(); chances are it will require a bit of work yet, but it could be the base for user-space transactions in the future. This command takes a structure which looks something like the following:
struct btrfs_ioctl_usertrans {
__u64 num_ops;
struct btrfs_ioctl_usertrans_op *ops_ptr;
__u64 num_fds;
__u64 data_bytes, metadata_ops;
__u64 flags;
__u64 ops_completed;
};
The ops_ptr argument points to an array of num_ops individual operations to complete:
struct btrfs_ioctl_usertrans_op {
__u64 op;
__s64 args[5];
__s64 rval;
__u64 flags;
};
Here, op describes an individual operation. It can be BTRFS_IOC_UT_OP_OPEN (open a file), BTRFS_IOC_UT_OP_CLOSE (close a file), BTRFS_IOC_UT_OP_PWRITE (write to a file), BTRFS_IOC_UT_OP_UNLINK (unlink a file), BTRFS_IOC_UT_OP_LINK (make a link to a file), BTRFS_IOC_UT_OP_MKDIR (create a directory), BTRFS_IOC_UT_OP_RMDIR (remove a directory), BTRFS_IOC_UT_OP_TRUNCATE (truncate a file), BTRFS_IOC_UT_OP_SETXATTR (set an extended attribute), BTRFS_IOC_UT_OP_REMOVEXATTR (remove an extended attribute), or BTRFS_IOC_UT_OP_CLONERANGE (copy a range of data from one file to another). For each operation, the args field contains a set of arguments similar to what one would see for the corresponding system call. One interesting difference is that there are no hard-coded file descriptor numbers; instead, the transaction gets a new file descriptor table and all operations work with indexes into that table. Essentially, transactions work within a file descriptor space separated from that used by the calling process. The flags field describes how the return value from each operation should be interpreted. It can be contain any of: BTRFS_IOC_UT_OP_FLAG_FAIL_ON_NE, BTRFS_IOC_UT_OP_FLAG_FAIL_ON_EQ, BTRFS_IOC_UT_OP_FLAG_FAIL_ON_LT, BTRFS_IOC_UT_OP_FLAG_FAIL_ON_GT, BTRFS_IOC_UT_OP_FLAG_FAIL_ON_LTE, and BTRFS_IOC_UT_OP_FLAG_FAIL_ON_GTE. In each case, the flag causes the return value to be compared against the passed-in rval field; if the comparison is successful, the transaction will fail. What happens if the transaction fails? The partially-completed transaction will not be rolled back; btrfs, not being a database, is not really set up to do that. Instead, the number of successfully-completed operations will be passed back to user space. Optionally, the application can provide the BTRFS_IOC_UT_FLAG_WEDGEONFAIL flag, causing btrfs to leave the transaction open, locking up the filesystem until the system is rebooted. This may seem like a rather antisocial approach to transaction atomicity, but, if failure is both highly unlikely and highly problematic, that might be the right thing to do. A patch like this raises a lot of questions. The first obstacle may be the fact that it requires exporting a number of system call implementations to modules, a change which has been resisted in the past. Kernel code need not normally call functions like sys_mkdir(), but this patch does exactly that. Calling system call implementations directly can be a bit tricky on some architectures, and there are good reasons for not making these functions available to modules in general. Another problem is that the filesystem has no real way of determining whether a transaction will succeed before jumping into it; the best it can do is reserve some metadata space in accordance with an estimate provided by the application. If transactions are allowed to complete partially, they are no longer transactions. But the alternative of locking up the system can only leave people wondering if there isn't a better way. Then, there is a question which was raised on the list: btrfs provides cheap snapshots, why not use them to implement transactions? Using a snapshot would take advantage of existing functionality and should make proper rollback possible. The problem would appear to be performance: btrfs snapshots are not quite that cheap, especially when one considers the need to exclude other activity on the filesystem while the transaction is active. So Chris Mason has suggested that the old standby - write-ahead logging - would be preferable because it will perform much better. But, he thinks, the multi-operation ioctl() could maybe perform better yet. Finally, there would appear to be some real similarities between this API and the rather more general syslets mechanism. Syslets have been on the back burner for some time now, but they could come back forward if they seemed like a good way to solve this problem. Clearly, like much of btrfs, this new ioctl() is a work in progress. If it gets into the mainline, it will be likely to have changed quite a bit on the way. But the problem this patch is trying to solve is real; it's clearly an issue which is worth thinking about.
Another new ABI for fanotify"Fanotify" is a much-revised system for providing filesystem event notifications to user space, and, possibly, allowing user space to block open() operations on specific files. The intended use case is malware-scanning utilities, but there are others: hierarchical storage has been cited as one possibility. This code has had a long, hard path into the kernel for a couple of reasons: kernel developers are not big fans of malware scanning, and nailing down the user-space ABI has been challenging.The first obstacle has been more-or-less overcome. Even developers who think that malware scanning is the worst sort of security snake oil can agree that having these utilities use a well-defined kernel interface is better than having them employ nasty tricks like hooking into the system call table. ABI difficulties can be harder to overcome, though. With the latest fanotify posting, developer Eric Paris may have resolved this issue for at least a portion of the fanotify functionality. The new version does away with the novel interface using setsockopt() in favor of a couple of new system calls. The first of these is fanotify_init():
int fanotify_init(unsigned int flags, unsigned int event_f_flags,
int priority);
This system call initializes the fanotify subsystem, returning a file descriptor which is used for further operations. There are two flags values implemented: FAN_NONBLOCK creates a nonblocking file descriptor, and FAN_CLOEXEC sets the close-on-exec flag. Currently, event_f_flags and priority are unused; they should be set to zero. Management of notification events is then done with fanotify_mark():
int fanotify_mark(int fanotify_fd, unsigned int flags,
int dfd, const char *pathname, u64 mask,
u64 ignored_mask);
This call is used to "mark" specific parts of the filesystem hierarchy, indicating an interest in events involving those files. fanotify_fd is the file descriptor returned by fanotify_init(). The flags parameter must be one of FAN_MARK_ADD or FAN_MARK_REMOVE, indicating whether this call adds new marks or removes existing ones; there are also a couple of flags to control following of symbolic links and the marking of directories (without their contents). The file(s) to be marked are determined by dfd and pathname; these parameters work much like in any of the *at() system calls. If dfd is AT_FDCWD, the pathname is resolved using the current working directory. If, instead, dfd points to a directory, the pathname lookup starts at that directory. If pathname is null, though, then dfd is interpreted as the actual object to mark. Finally, mask and ignored_mask control which events are reported. To generate a specific event, a file must have the appropriate flag set in mask and clear in ignored_mask. The flags are FAN_ACCESS (file access), FAN_MODIFY (a file is modified), FAN_CLOSE_WRITE (a writable file has been closed), FAN_CLOSE_NOWRITE (a read-only file has been closed), FAN_OPEN (a file has been opened), and FAN_EVENT_ON_CHILD (events on children of a directory). There is also a FAN_Q_OVERFLOW event for event queue overflows, but that is not currently implemented. Once files have been marked, the application can simply read from the fanotify file descriptor to get events. The events look like:
struct fanotify_event_metadata {
__u32 event_len;
__u32 vers;
__s32 fd;
__u64 mask;
};
Here, event_len is the length of the structure, vers indicates which version of fanotify generated the structure, fd is an open file descriptor for the object being accessed, and mask describes what is actually happening. There is one crucial component missing in these patches: there is no way for the fanotify user to react to these events. In particular, the ability to block an open() call, a core part of the malware-scanning process, is missing. That, presumably, is to be added in a future revision. Meanwhile, Eric has requested permission to put the notification code into linux-next, presumably with a 2.6.33 merge in mind. As of this writing, objections have not been forthcoming.
A futex overview and updateThe futex [PDF] mechanism, introduced in 2.5.7 by Rusty Russell, Hubertus Franke, and Mathew Kirkwood, is a fast, lightweight kernel-assisted locking primitive for user-space applications. It provides for very fast uncontended lock acquisition and release. The futex state is stored in a user-space variable (an unsigned 32-bit integer on all platforms). Atomic operations are used in order to change the state of the futex in the uncontended case without the overhead of a syscall. In the contended cases, the kernel is invoked to put tasks to sleep and wake them up.Futexes are the basis of several mutual exclusion constructs commonly used in threaded programming. These include pthread mutexes, condvars, semaphores, rwlocks, and barriers. They have been through a lot of reconstructive and cosmetic surgery over the last several years, and are now more efficient, more functional, and better documented than ever before.
OverviewWhile few application developers will use futexes directly, a cursory knowledge of how to do so is necessary to appreciate the improvements presented a bit later. By way of a simple example, futexes can be used to store the state of a lock and provide a kernel waitqueue for tasks blocking on the lock. To minimize syscall overhead, this state should allow for atomic lock acquisition when the lock is uncontended. The state could be defined as:
In order to acquire the lock, an atomic test-and-set instruction (such as cmpxchg()) can be used to test for 0 and set to 1. In this case, the locking thread acquires the lock without involving the kernel (and the kernel has no knowledge that this futex exists). When the next thread attempts to acquire the lock, the test for zero will fail and the kernel needs to be involved. The blocking thread can then use the futex() system call with the FUTEX_WAIT opcode to put itself to sleep on the futex, passing the address of the futex state variable as an argument. To release the lock, the owner changes the lock state to zero (unlocked) and issues the FUTEX_WAKE opcode, which will wake the blocked thread to return to user space and try to acquire the lock (as described above). This is a an obviously trivial example with lots of room for optimization. Ulrich Drepper's "Futexes are Tricky" [PDF] is still the undisputed reference for using futexes to build locking primitives such as mutexes. It explores the many race conditions involved with using futexes as well as optimizations to improve on the example given here. When the user threads call into the kernel with the futex() system call, they pass the address of the futex state (uaddr), the opcode to perform (op), and various other arguments. The uaddr is used by the kernel to generate a unique "futex_key" to reference the futex. When a thread requests to block on a futex, as with FUTEX_WAIT, a "futex_q" is created and queued in the "futex_queues" hash table. There is one futex_q for every task blocked on a futex, possibly many futex_q's per futex. The futex_queues themselves (the hash table lists, not the "futex_q's") are shared among futexes, since multiple futex_keys will hash to the same queue. These relationships are illustrated below:
In most cases, there is no policy defining how the user space state variable is to be used (despite what the futex man pages may or may not say). The application (or a library such as glibc) uses this value to define the state of the locking construct being implemented. This can be as simple as a boolean variable (as in the example above), however optimized implementations and other locking mechanisms require more complex state values. In addition to the simple FUTEX_WAIT and FUTEX_WAKE operations, the kernel also manages special operations that require more knowledge of the locking construct's state than can be had in user space, most notably the priority inheritance (PI) chains and robust lists. PI and robust futexes are exceptions to the user-defined-policy rule regarding the state variable. Their state depends not only on the locked state of the mutex, but also on the identity of the owner and whether or not there are waiters. As such, the futex value is defined as the thread identifier (TID) of the owner and a bit to indicate pending owners. This policy still allows for user space atomic operations to avoid calling into the kernel in the uncontended case.
ImprovementsFutexes have seen numerous improvements from a handful of developers since their debut appearance in 2.5.7. Some notable improvements include priority based wake-up for real-time tasks (by Pierre Peiffer) and robust and PI futexes (by Ingo Molnar and Thomas Gleixner). These latter features have been in use for some time and have been adequately covered here on LWN.net as well as in the excellent discussions on the kernel mailing list. Your author's foray into futexes picks up here, about two and a half years ago. Aside from several fixes to address rare corner cases and race conditions, the futex code has seen several functional and performance improvements since those earlier contributions. Significant effort went into reducing futex overhead. Eric Dumazet introduced private futexes as an optimization for PTHREAD_PROCESS_PRIVATE pthread mutexes. Private futexes can only be used by threads of the same process. They are distinguishable from each other simply by their virtual address, while shared futexes have different virtual addresses in each process, requiring the kernel to lookup their physical address for unique identification. This optimization eliminates the use of the mmap_sem semaphore for private futexes, reducing system-wide contention. It also eliminates the atomic operations used in reference counting for private futexes, resulting in less cache-line bouncing on SMP machines. Glibc now uses private futexes by default. Peter Ziljstra further reduced the futex dependency on mmap_sem by using get_user_pages_fast() in the fast paths, making use of get_user_pages(), and pushing the mmap_sem locks down tightly around the slow paths (September 2008). These changes had the added benefit of removing much of the virtual memory related logic from kernel/futex.c, simplifying the code considerably. Due to their dependence on user space addresses, futexes are burdened with several possible fault points. Holding mmap_sem complicated the fault logic since it had to be released prior to calling get_user(). With mmap_sem usage reduced, your author greatly simplified the fault logic (March 2009), resulting in far more legible code. Bitset conditional wakeup was added by Thomas Gleixner (February 2008) in order to enable optimized rwlock implementations in glibc. FUTEX_WAIT_BITSET and FUTEX_WAKE_BITSET allow the user to specify a bitmask which limits the woken tasks to those which specified the same bitset (or a superset, such as FUTEX_BITSET_MATCH_ANY) at wait time. Since the introduction of PI futexes, the glibc condvar implementation of pthread_cond_broadcast() (with a PI mutex) has been forced to wake all waiters, rather than take advantage of FUTEX_REQUEUE, due to the lack of support for requeueing to PI futexes. This leads to a wake-up storm as all the waiters race back to user space to contend for the lock. It also fails to ensure that the highest priority task acquires the lock first. Recent kernels (2.6.31-rt* and 2.6.32-rc*) now have your author's FUTEX_CMP_REQUEUE_PI patches (April 2009) which provide the kernel-side support for requeueing waiters from a non-PI futex to a PI futex. With glibc patches in the works by Dinakar Guniguntala, real-time applications will soon be able to use pthread condition variables with guaranteed wake-up order and fewer overall wake-ups.
Now What?While there are several items that futex developers may consider in the future, they are hopeful that kernel/futex.c and all its brain-bending, liver-killing insanity can be put to rest for at least a little while. However, since no article is complete without a list of next steps, the following items may receive some attention in the future: Man pages: The current man pages do not include some of the new futex operations. They suggest a policy for the value of the futex which has led to some confusion regarding usage of futexes. Worst of all, the user space futex() definition has been removed from /usr/include/linux/futex.h, rendering the man pages not only incomplete, but also inaccurate. Users of futexes must use the syscall interface directly. Adaptive futexes: It is possible that some of the scheduling overhead of futexes can be reduced by some optional amount of spinning prior to going to sleep in the kernel. However, as futexes expose their state to user space, this spinning can also be done in user space, as is done with adaptive mutexes in glibc now, albeit without the knowledge of whether the owner is running, so spinning is reduced to a simple maximum-retries loop. Interruptible futexes: There is some interest in interruptible blocking lock operations from large proprietary software projects. Futex operations currently restart themselves in the event of a signal, rather than returning -EINTR to user space. Futexes could be flagged with FUTEX_INTERRUPTIBLE which would be checked on signal-induced wakeup to determine if the syscall should be restarted or if -ECANCELED should be returned to user space. Exposing such a feature in the pthread locking primitives would involve non-POSIX compliant changes to the pthread library, but this is not without precedent. Scalability enhancements: There has been some discussion on LKML regarding private as well as NUMA-optimized hash tables. The futex hash table is shared across all processes and is protected by spinlocks which can lead to real overhead, especially on large systems. This overhead is not serving any useful purpose if these systems are partitioned on NUMA nodes, or even for processes that use private futexes exclusively. Futex test suite: Your author has been compiling a list of requirements for an exhaustive test suite to validate futex functionality. This test suite would serve as a regression suite for future development. The many corner cases and misuse cases possible with futexes complicate the test suite and present a challenge to its design.
AcknowledgementsI would like to extend my thanks to John Stultz, Will Schmidt, Paul McKenney, Nivedita Singhvi, and, of course, Jon Corbet, whose reviews have made this article far more legible and complete than it would have been otherwise.
Patches and updates Kernel trees
Build system
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Memory management
Networking
Architecture-specific
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials Mandriva 2010Mandriva 2010.0 is the latest achievement of the Mandriva community. According to the features page it is faster and sexier than ever. Released earlier this month, Mandriva 2010.0 has some interesting new features including Moblin, Sugar, and the so-called "Smart Desktop". 
As usual, Mandriva is shipped in three flavors - One, Free and PowerPack. The Flash drive edition was not available when this article was written, but should be available soon. While PowerPack and One contain some non-free packages like drivers or patent encumbered multimedia codecs, Free is 100% freedom software. Mandriva recommends the free edition to advanced users, so that is what we reviewed. Mandriva Free is available as an installation DVD for 32 (i586) and 64 bit architectures, together with a dual arch DVD which seems to be the same as a 32 bit one. At the time this article was written the reviewers guide had no information about this. Mandriva has a tradition of being user friendly, with a touch of simplicity. The installer is no exception. It offers a partition setup based on the available free space in case there are other operating systems and data. It is also possible to configure a custom disk setup. KDE is chosen by default, with GNOME, other desktops and all available software on the DVD as an option. We chose all the defaults and the installation finished quickly. Advanced options are there for the users who need them. 
Since the 100% free software edition was used, no non-free drivers or firmware were installed. Therefore my Thinkpad T61, which was used for the tests, was left with no hardware acceleration for the Nvidia Quadro graphics and no wireless connection with its Intel 4965 chip. After the non-free repository was added to rpmdrake, the necessary drivers and firmware became available for installation. A few clicks and an X restart made the hardware usable. Rpmdrake was very responsive on my system, starting and performing very quickly. No more KDE3KDE3 and its applications, such as Quanta Plus, have been discontinued in Mandriva 2010. The default setup should be familiar to KDE3 users, however, with the desktop set to Folder View, and the menu in the classic layout. While the default setup provides a safe landing for KDE3 users, the full KDE4 desktop is only a few clicks away. The Smart Desktop is one of the most interesting features in Mandriva 2010. In a nutshell, the Smart Desktop tries to build a semantic, task based desktop on top of KDE's Nepomuk service. In order to be usable, Smart Desktop requires both Nepomuk and Stringi to be installed and running. Interaction with the user happens through the Task Management Widget and a program called Tasktop. 
The concept is simple—files and information are gathered around a common context, called a task. The task is created through the widget or Tasktop, and allows the user to associate contacts, files, emails and web pages to the task. The service is integrated with the Dolphin file manager, which associates the files to the task through the Actions menu. Dolphin can list all the files associated with a certain task, and can add files to a task with a right click. Tasktop also has an 'Open in Dolphin' option, which opens a file manager window with all of the task's associated files, contacts, emails and web pages. Open/Save dialogs are also integrated into the Smart Desktop's task based semantic mode. For example you can save a file to a task using Dolphin. The theory behind the Smart Desktop is very interesting. In practice the service is very new and other KDE applications have yet to be integrated. It would be nice to have an option to associate a contact to the task directly from the Kontact, or to do the same with a bookmark from Konqueror, but it's not there yet. It would be even nicer if this support were integrated into other applications such as GNOME PIM or Mozilla. Sweet and mobileMandriva 2010.0 is a multi-purpose desktop. Beside the popular desktops like KDE and GNOME, Mandriva ships Sugar and Moblin desktops, available for installation through the task-sugar and task-moblin packages, according to the 2010 tour. Due to a conflict with the etoys package, task-sugar wasn't immediately available for installation. Fortunately, task-moblin installed the Moblin GUI without any problems. Moblin is designed for netbooks, but the interface can be used on other hardware. Mandriva also claims to support a wide range of netbooks, so netbook users should have no problem using Moblin on Mandriva. OtherThe Mandriva Control Center has been updated. The network profiles management tool was redesigned and net_monitor was rewritten from scratch. Package management and updating is more usable and configurable now. The package search function is now able to use full names, versions and releases. The update system offers more configurable frequency settings. The Tomoyo security framework replaces AppArmor and is configurable with the Tomoyo-gui. New partitions are formatted as Ext4. Plymouth provides a pretty boot process, and if you like to benchmark you can install the phoronix-test-suite package. Mandriva actively advertises Moovida, the renamed Elisa multimedia center with a new graphical user interface. Mandriva positions itself as a home multimedia center capable distribution, too. Mandriva 2010.0 features the latest versions of many popular applications. KDE 4.3, GNOME 2.28, OpenOffice.org 3.1.1, Firefox 3.5.5, and Linux 2.6.31 are just some of the examples. ConclusionWe experienced some small glitches during initial setup, the desktop froze during font configuration and there was an offer to upgrade to 2009.1, but these glitches didn't persist after the initial setup. Mandriva manages to pack a high quality desktop. Their careful approach with KDE4 settings will hopefully be enough compromise for those who dislike it, while the performance and responsiveness bring nothing but joy. The Smart Desktop is certainly a innovation and the most interesting part of this release.
New Releases Moblin v2.1 project release for netbooks and nettopsThe Moblin project steering committee has announced the project release of Moblin v2.1 for Intel Atom* processor-based netbooks and nettops. "This project release includes the broadest feature additions, customer requested improvements, and overall polish to date. With this community release you will see significant feature additions and improvements including enhanced browser functionality and plug-in support, UI enhancements, support for 3G data connections, Bluetooth* device management, input method support for localized languages, integrated application installer for the Moblin Garage, performance and stability improvements, and additional overall help and documentation."
Distribution News Fedora Fedora's CC license changeover completeThe Fedora Docs team has finished converting all current documentation and project content from the OPL to a CC BY-SA 3.0 Unported license.
Nominations now open for December Fedora ElectionsNominations are open for seats in the Fedora Project Board, the Fedora Ambassadors Steering Committee and the Fedora Engineering Steering Committee. Click below for the election schedule.
F13 Naming: Leonidas -> Constantine -> <New Name>?The final Fedora 12 release is just around the corner, so it's time to think about a name for Fedora 13. If you are a Fedora contributor you can suggest a name for F13. "Remember there needs to be an "is-a" link between the name Constantine and the name you suggest and this link must be different than all previous links used to connect Fedora release names." Nominations for the F13 name end November 16, 2009.
Fedora Board Recap 2009-11-05Click below for a recap of the November 5, 2009 meeting of the Fedora Advisory Board. Topics include Fedora 12 release, hall-monitor policy, and website redesigns.
Ubuntu family Debian and Ubuntu now use the same patch tagging guidelinesUbuntu has adopted Debian's patch tagging guidelines. "After a discussion on ubuntu-devel, it now turns out that the Debian proposal is stable enough to become widely adopted. Thus our own policy for this now by and large is just a pointer to DEP-3."
Lucid translation imports are now activeUbuntu has announced that translation imports have now been enabled for Lucid Lynx, the latest development branch. "This means that packages uploaded to Lucid will have their translations stripped and put in the imports queue straight away. In this way, they will be processed much earlier and we'll avoid backlogs of imports as it's been the case in some previous releases."
Distribution Newsletters DistroWatch Weekly, Issue 328The DistroWatch Weekly for November 9, 2009 is out. "Two topics dominated last week's proceedings on many Linux web sites: the release of Mandriva Linux 2010 (Jesse Smith takes a first look at the product in this issue's feature article) and the unhappy experiences of some users with Ubuntu 9.10. As for Mandriva, the early indications are that the new version is one of the better releases from a company that tends to fluctuate between truly excellent and amazingly mediocre. On the other hand, many users' high hopes for a smooth upgrade to the new Ubuntu were dashed as numerous problems reported around the Internet have soured their experiences. But if Ubuntu doesn't work for you and Mandriva isn't to your taste, there is a lot more to come in the coming weeks - openSUSE 11.2 will arrive in just a few days, while Fedora 12 is scheduled for release next week. Other topics covered in this week's issue are the upcoming release of Sabayon Linux 5.1, server compromises of some popular distribution's web sites, and an interesting review of three netbook-specific distributions - with an unexpected winner. Finally, we are pleased to announce that the October 2009 DistroWatch.com donation goes to OpenSSH. Happy reading!"
Fedora Weekly News 201The Fedora Weekly News for November 8, 2009 is out. "In this week's issue, a variety of announcements from the Project kicks us off, including completion of the Fedora documentation to a Creative Commons license, announcement of a new Fedora Medical special interest group, and announcements related to the upcoming Fedora 12 release candidate. In Ambassador news, details on an upcoming Fedora 12 event in Antwerp, Belgium. In Translation news, details regarding the Serbian translation team's discovery of a nomenclature discrepancy, a proposal to prepare marketing materials for use by the Ambassador program, and new members joining the Czech and Bengali localization teams. From the Art/Design Team, a call for help to assemble screenshots of games included in the Fedora Game spin and details on the remaining Art Team tasks for the road to Fedora 12. The Security Advisories beat brings us up to date on the security-related updates to Fedora 11 and 10 over this past week, and rounds out this issue of FWN. Enjoy!"
Ubuntu Weekly Newsletter #167The Ubuntu Weekly Newsletter for November 7, 2009 is out. "In this issue we cover: Lucid open for development, Ubuntu Open Week review, Updating the Ubuntu Code of Conduct, Ubuntu Marketing Team revival and SpreadUbuntu, LoCo News: Tunisia, Norway, New York State, Massachusetts, Ubuntu Forums Tutorial of the Week, Ubuntu Hits Italian National TV (again), Canonical Matching Creative Commons Donations, LugRadio Documentary - Now Available Online, Team Meeting Summaries: October 2009, and much, much more!"
Page editor: Rebecca Sobol Development ]Project Open[ for Enterprise Project Management]Project Open[, or ]po[ is a cross-platform project management tool that is integrated within an enterprise resource planning system. It can be used for project planning, tracking, controlling and invoicing. ]po[ is designed in a modular fashion, individual packages can be installed and removed at runtime. The ]Project Open[ Company is located in Spain and is under German management. From the in a Nutshell document:
]po[ is a Web-based "Enterprise Project Management" software for project-based organizations with 2-200 users. ]po[ integrates areas such as CRM, sales, project planning, project tracking, collaboration, timesheet, invoicing and payments.
]project-open[ is one of the largest open-source based web applications in the world with more than 1,000,000 lines of code.
More than 1000 companies in 25 countries use ]po[ to run their businesses.
The depth of functionality provided by
]Project Open[ is shown by the extensive
list of modules that can be used for performing the many operations.
Key module categories include Projects, Finance, Customers, Collaboration,
Human Resources, Providers, Knowledge Management, Reporting and Translation.
]po[ is released under a mixed-source model of licensing including GPL, the ]project-open[ Free License (FL) and the ]project-open[ Commercial License (CL). The model is explained this way:
The basic idea behind ]project-open[ is to create an open-source
ERP (Enterprise Resource Planning) system. So why don't we release all of
our code under an open-source license such as the GPL ?
It's a difficult one. We are believers in open-source who are convinced
that open-source economics will, on the long term change and finally
dominate the entire software industry. However, there is a certain misfit
between the open-source concept and ERP software, because ERPs are
considered by most open-source developers to be very boring; resulting that
few of them are willing to spend their free time developing them. We have
tried a lot of different options in the past in order to tackle this issue
and to make open-source ERPs work. However, due to the lackluster success
of the completely "open-source" method, some auxiliary parts of
]project-open[ are licensed commercially in order to generate revenue for
ourselves.
The "boring" nature of ERP software hasn't prevented the community from producing a variety of offerings, though. The ]po[ Free License is unusual:
Software under the Free License is free for everybody to use and modify. It is "normal" commercial software, but the license fee is 0.00.
However, the redistribution of any software that has been
downloaded/modified is restricted in order to avoid the "free loader
problem" (companies taking advantage of the efforts of others). Basically,
you have to become a "[partner]" and share the development costs in order
to receive the rights of redistribution for any software
downloaded/modified with the Free License.
The license text is a bit more clear: redistribution of the software requires a separate license which may be had by contacting the project and, presumably, meeting whatever terms they may require. The "Free License" is a "free beer" license which happens to include source code. Version 3.4 of ]po[ was released on November 5, 2009.
V3.4 is the first release after nearly 18 months of development work. New
non-functional features include a completely revamped GUI, localization into
10 languages, and an online context help system. New functionality includes
support for ITIL/ITSM processes including Helpdesk (Incident and Change
Management), Inventory (Configuration & License Management), Release
Management, and integration links with Nagios, CVS, OCS-Inventory, and many
more. New enterprise features include an Active Directory integration, the
increased use of approval workflows for business objects, generic auditing
for regulatory compliancy, performance improvement for companies with >1.000
users, and the support for multiple profit centers (corporate multi-company
structures) and profit center controlling.
If your small or medium sized business needs a Linux-compatible business management system and you don't mind working with a mixed-source product, ]Project Open[ appears to be capable of providing a wide range of capabilities.
System Applications Database Software MySQL Connector/ODBC 5.1.6 is availableVersion 5.1.6 of MySQL Connector/ODBC has been announced. "MySQL Connector/ODBC 5.1.6, a new version of the ODBC driver for the MySQL database management system, has been released. This release is the latest release of the 5.1 series and is suitable for use with any MySQL version since 4.1 (It will not work with 4.0 or earlier releases.)"
PostgreSQL Weekly NewsThe November 8, 2009 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
SQLite 3.6.20 releasedVersion 3.6.20 of SQLite has been announced. "Changes associated with this release include the following: * Optimizer enhancement: prepared statements are automatically re-compiled when a binding on the RHS of a LIKE operator changes or when any range constraint changes under SQLITE_ENABLE_STAT2. * Various minor bug fixes and documentation enhancements."
Mail Software Exim 4.70 RC 3 releasedVersion 4.70 release candidate 3 of the Exim mail transfer agent has been announced. "Announcing the 3rd Release Candidate for the exim 4.70 release - we intend this to be the final release candidate unless any release blocking bugs are discovered. The release of Exim 4.70 is on the horizon. A lot of stuff has accumulated in CVS since January 2008. Since we want to give the current code some wider exposure, please accept this invitation to test a 4.70 pre-release." Late breaking news, Exim 4.70 RC 4 has been announced, it includes fixes for a few more bugs. (Thanks to Neil Youngman).
Printing CUPS 1.4.2 releasedVersion 1.4.2 of CUPS, the Common Unix Printing System, has been announced. "CUPS 1.4.2 fixes a web interface security issue and several build issues."
Web Site Development Pyjamas 0.7pre1 releasedVersion 0.7pre1 of Pyjamas, a port of Google Web Toolkit to Python, has been announced. "This is a 0.7 prerelease of Pyjamas, to invite users to help test the latest version. The latest svn is regularly but informally tested against the regression tests and the examples, and used in production, but not extensively tested against all known browsers on each commit. Community assistance by running against a wider range of browsers ensures that *you* get a stable release."
Desktop Applications CAD ForcePAD 2.4.0 releasedVersion 2.4.0 of ForcePAD has been announced. "ForcePAD is an intuitive tool for visualising the behavior of structures subjected to loading and boundary conditions. The design of the user interface aims to be as intuitive as a standard image processing software. Users should be able to design structures, apply loads and define boundary conditions without knowledge of the underlying finite element model. ForcePAD is also designed to give an intuitive image of stresses and deformations in the material. The release 2.4.0 of the application marks a new era in the ForcePAD history. The 2.4.0 release has a completely redesigned user interface and real-time force manipulation and a builtin structural optimisation module (beta)."
Desktop Environments GNOME 3.0 in September 2010The GNOME release team has announced that GNOME 3 will be released in September 2010, and that GNOME 2.30 will come in March 2010. "Thanks to the input from the community, we were able to draw a clear picture of where we stand today and where we will be next March. As mentioned in the GNOME 3.0 planning document, the release date for 3.0 was not set in stone: while we're using a strict schedule that allows us to release GNOME every six months, GNOME is above all using quality-based release engineering. That's why our community wants GNOME 3.0 to be fully working for users and why we believe September is more appropriate." Along those lines, the module decisions for 2.30 have been announced as well.
New module decisions for GNOME 2.30The GNOME 2.30 module decisions have been announced. "In: gmime (external dependency) libdb (external dependency) vala (external dependency) gnome-packagekit (desktop) nautilus-sendto (desktop) In, but not as expected: tracker (external dependency instead of desktop) dconf (not for 2.30, but pre-approved for 3.0) Blocking on external issues: clutter-core (see details below) Out: couch-db, evolution-couchdb (desktop) globalmenu (desktop) nautilus-actions (desktop) Withdrawn by maintainer: emerillon (desktop) libvtemm (desktop) "
GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Xorg Software AnnouncementsThe following new Xorg software has been announced this week:
Financial Applications SQL-Ledger 2.8.27 releasedVersion 2.8.27 of SQL-Ledger, a web-based double entry accounting/ERP system, has been announced. Changes include: "fixed payment for recurring transactions, fixed lineitem discount when converting order to invoice".
Imaging Applications pymos 0.6 introductionVersion 0.6 of pymos has been announced. "PyMos is a python module/command-line tool that helps you create mosaics of your photos using a collection of thumbnails specified by the user. PyMos-0.6 adds new improvements in the way thumbnails are placed/resized to form mosaic. A new fuzzfactor parameter has been added to add randomness to output at user's wish."
Office Suites OpenOffice.org NewsletterThe October, 2009 edition of the OpenOffice.org Newsletter is out with the latest OO.o office suite articles and events.
Web Browsers Firefox 3.5.5 now available for downloadVersion 3.5.5 of Firefox has been announced, it includes fixes for several stability issues. "As part of Mozilla's ongoing stability and security update process, Firefox 3.5.5 is now available for Windows, Mac, and Linux as a free download from http://firefox.com/. We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 3.5, you will receive an automated update notification within 24 to 48 hours."
Miscellaneous CollectionSpace 0.2 releasedVersion 0.2 of CollectionSpace has been announced. "Rochelle Slovin, Director of Museum of the Moving Image, announced today that a preliminary release version is now online for CollectionSpace: an innovative, web-based software solution that enables museums of all kinds to record, manage and share information about the materials in their collections."
Languages and Tools Caml Caml Weekly NewsThe November 10, 2009 edition of the Caml Weekly News is out with new articles about the Caml language.
Java IcedTea6 1.5.3 and 1.6.2 releasedVersions 1.5.3 and 1.6.2 of IcedTea6 have been announced. "We are pleased to announce two new security releases, IcedTea6 1.5.3 and 1.6.2. The IcedTea project provides a harness to build the source code from OpenJDK6 using Free Software build tools. It also includes the only Free Java plugin and Web Start implementation, and support for additional architectures over and above x86, x86_64 and SPARC via the Zero assembler port."
Python eGenix pyOpenSSL Distribution 0.9.0-0.9.8l releasedVersion 0.9.0-0.9.8l of eGenix pyOpenSSL Distribution, a Python interface for OpenSSL, has been announced. "This new release of the eGenix.com pyOpenSSL Distribution updates the included OpenSSL version to 0.9.8l. The new OpenSSL version includes an important work-around for a serious problem in TLS, the protocol implemented and used by OpenSSL. The Man-in-the-Middle TLS protocol attack was disclosed on 2009-11-05 and is being tracked as CVE-2009-3555".
ErrorHandler 1.1.0 releasedVersion 1.1.0 of ErrorHandler has been announced. "This is a handler for the python standard logging framework that can be used to tell whether messages have been logged at or above a certain level. The only change for this release is that there is now a full set of documentation available courtesy of Sphinx".
Fabric 0.9 releasedVersion 0.9 of Fabric has been announced. "Fabric is a Python library and command-line tool for streamlining the use of SSH for application deployment or systems administration tasks. It provides a basic suite of operations for executing local or remote shell commands (normally or via ``sudo``) and uploading/downloading files, as well as auxiliary functionality such as prompting the running user for input, or aborting execution."
Python-URL! - weekly Python news and linksThe November 10, 2009 edition of the Python-URL! is online with a new collection of Python article links.
Tcl/Tk Tcl-URL! - weekly Tcl news and linksThe November 5, 2009 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.
Profilers smem 0.9 releasedVersion 0.9 of smem, a tool that can give numerous reports on memory usage on Linux systems, has been announced. "I've pushed out a 0.9 release with all the fixes collected since the 0.1 release in April. The most notable new features are a manpage and the smemcap lightweight snapshotting tool for using smem with embedded system."
Miscellaneous Google's new "Go" languageThe folks at Google have decided that we need a new "systems language," so they have produced one called "Go." "Go promotes writing systems and servers as sets of lightweight communicating processes, called goroutines, with strong support from the language. Run thousands of goroutines if you wantand say good-bye to stack overflows." The code is BSD licensed. More information on GoLang.org, including a Go FAQ and tutorial.
Page editor: Forrest Cook Announcements Non-Commercial announcements FSFE in battle for European interoperabilityThe Free Software Foundation Europe has announced an effort to promote European interoperability. "FSFE has unleashed an advocacy push in order to prevent the European Commission from hollowing out an important European reference document on interoperability. A draft for a new version of the European Interoperability Framework (EIF) leaked to the press last week."
Commercial announcements Cavium Networks to acquire MontaVista SoftwareCavium Networks has a press release announcing that it has reached agreement to acquire embedded Linux vendor MontaVista Software. The deal is for $50 million in combined cash and stock. "After the acquisition, MontaVista Software will run as a separate operating unit and will retain the MontaVista brand name. In addition, Cavium Networks will continue the MontaVista business model and support embedded Linux on multiple architectures from multiple processor vendors. MontaVista will maintain its own dedicated and focused engineering, sales and product management staff. MontaVista's customers and partners will see no change in customer facing field operations and the web-based support and product download sites will be maintained." (thanks to Sven-Thorsten Dietrich.)
Red Hat expands Mission-Critical programRed Hat has announced an expansion of its Advanced Mission-Critical program in Japan. "Long-time Red Hat partner Hitachi Ltd., a leading global electronics company with headquarters in Tokyo, Japan, has joined the Advanced Mission-Critical Program and will offer expanded services for mission-critical customers in Japan in collaboration with Red Hat. Red Hat announced the Advanced Mission-Critical Program in November 2008, combining substantially enhanced service levels with the proven advantages of Linux for workloads previously only thought to be supported on more expensive legacy platforms."
Samsung's new smartphone platformSamsung, evidently feeling that there are not enough Linux-based phone platforms out there, has announced the existence of its "bada" system. "The name 'bada', which means 'ocean' in Korean, was chosen to convey the limitless variety of potential applications which can be created using the new platform. It also alludes to Samsung's commitment to a variety of open platforms in the mobile industry. Samsung bada also represents the fresh challenges and opportunities available to developers, as well as the entertainment which consumers will enjoy once the new platform is open." Some more information can be found on bada.com.
Three Ulteo news announcementsThe Ulteo open-source virtual desktop project has announced the winning of an Open World Forum award, a new twitter-based news delivery system and an upcoming version 2.0 release.
Legal Announcements SFLC summary of Bilski v. KapposThe Software Freedom Law Center (SFLC) has compiled a summary of some of the main arguments in the Bilski v. Kappos case dealing with software patents. "As a legal services organization for free and open source software (FOSS), we filed a brief in support of the respondent arguing (1) that all software is unpatentable under Supreme Court precedent, (2) that software patenting reduces the level of innovation in software, and (3) that constitutional limitations from the First Amendment prevent Congress from making patent law that covers mental steps, basic ideas, or algorithms."
Analysis: The "Lorenzo Jones" case emerges (SCOTUS Blog)The SCOTUS (Supreme Court of the US) blog has an analysis of the oral arguments heard in the Bilski case today. This is a case that many hope will reduce the scope of what is patentable in the US, and the justices seemed skeptical of the arguments made in defense of the Bilski patent on a "business method". "The largest question left unanswered when the one-hour argument was over was whether the Court would go forward and issue a major new ruling interpreting patent law, when the practical result here seemed so evident. Lawyers and judges have invested heavy resources in the Bilski case, and it does raise a fundamental question that may well need answering. But, when there may well be no formulation of patent law that would salvage the Bilski-Warsaw creation, why bother?" (thanks to Rahul Sundaram).
Court Gets A Torrent-full About Linux (Linux Journal)Linux Journal looks at an Australian legal case involving BitTorrent. "The matter at hand is a lawsuit by the Australian Federation Against Copyright Theft yes, that's AFACT against iiNet, an Australian internet service provider over the ISP's role in allowing its service to be used for illegal BitTorrent downloading. The basis for the case, according to trial coverage, is an earlier case concerning photocopies of print books which held that the University of New South Wales was liable for copyright infringement essentially because they controlled the copiers. AFACT hopes to use the same argument against iiNet, holding it liable for what goes through because it owns the tube."
Articles of interest The State of Open Source on Firefox's Fifth Birthday (PC Magazine)PC Magazine looks at the growth of open source software. "This week marks the fifth anniversary of Mozilla's Firefox browser. Launched on November 9, 2004, the software now boasts an estimated 330 million users. Any company or product than can achieve that manner of popularity in such a short period of time is clearly a success, but Mozilla shouldn't get all of the credit. Most of the congratulations belong to the open source movement."
Microsoft, Novell say alliance still bearing fruit (ComputerWorld)Eric Lai takes a look at the Novell/Microsoft alliance after three years. "For Novell, the alliance has been a particular boon. Revenue related to SUSE Enterprise Linux is up 50% year over year, said Susan Heystee, vice-president and general manager for global strategic alliances at Novell. Most of that comes from $225 million in SUSE support vouchers purchased and sold by Microsoft to customers running both Windows Server and SUSE Linux."
Novell cuts 3 percent of its workforce (cnet)cnet reports that Novell has laid off 3 percent of its employees. "Linux jobs in the United States are booming, up 6 percent since January, according to data from Dice.com. This will come as small consolation to Novell employees, however, which weathered another round of layoffs at the Waltham, Mass.-based company. According to several sources within the company, and confirmed by Novell's public-relations director, Ian Bruce, Novell last week laid off 100 to 130 people of its roughly 3,900 global employees. While my sources indicated that the Workgroup division was particularly hard-hit, Bruce told me that the cuts came "across the company, both geographically and productwise.""
New Books Grails: A Quick-Start Guide--New from Pragmatic BookshelfPragmatic Bookshelf has published the book Grails: A Quick-Start Guide by Dave Klein.
Resources Let's Act on ACTA Before it's Too Late (Linux Journal)Glyn Moody looks at the "Anti-Counterfeiting Trade Agreement" (ACTA) in a Linux Journal article. This essentially secret (in the US, for "national security" reasons) treaty looks to implement a wide array of restrictions that the content "producers" are lobbying for. As one might guess, it is a vast expansion of copyright. "The second of these means that ISPs would become liable for copyright infringement committed by their users. The idea here is to force them to become copyright cops if they want to survive, and to shift the onus onto them for the policing of all digital content – a massive win for the media industries, which have hitherto shown themselves totally inept when it comes to trying to do the same."
Checking in on CodePlex (The Standards Blog)A few weeks ago LWN talked with Sam Ramji about the CodePlex Foundation. Since then the Foundation has published its new Project Acceptance and Operation Guidelines (PDF). Andy Updegrove takes a look at the new guidelines. "The Guidelines and recent reviews with Sam also provide more detail on what types of work the Foundation hopes to undertake. I think that two of the projects that are described in the Guidelines can be particularly useful. The first (mentioned earlier) is intended to provide a resource to help developers understand not only what individual OSS licenses say, but how they fit together. Given that open source is usually a mosaic of existing and new code, all of which is then further evolved, it's essential that the licensing rules that apply to composite code are compatible, rather than at internal war with each other. If this resource is well done, it will indeed be useful for hosted and outside projects alike."
Learning with Gcompris (Linux Journal)Mike Diehl takes a look at the Gcompris education suite for younger children. "Gcompris has a pretty simple user interface. Along the bottom of the screen, we have buttons that let us quit, see the credits, configure the program, and get help. Along the left side, we have icons for each game (I mean exercise) category. As you mouse over each icon, a brief written explanation of category is presented in the blue section of the screen. This is a nice compromise for kids who can't read and parents who would rather see text. The program's spoken prompts and classical music playing in the background make Gcompris a very professional program. Besides, everyone knows that classical music is good for kids."
Contests and Awards FSFE to award 36 Fellowship grantsThe Free Software Foundation Europe has announced a fellowship grant program. "Starting in November 2009, Free Software Foundation Europe (FSFE) will award three people with a Fellowship grant every month for the coming year. Everybody who is actively working for Free Software but cannot afford the Fellowship contribution can apply for the grant."
Matthias Ettrich receives German Federal Cross of Merit (KDE.News)KDE.News covers Matthias Ettrich's receipt of a German award. "Today at 4pm CET at the Center for Economics, Technology and Womens Issues at the Berlin Senate, KDE founder Matthias Ettrich was decorated with the German Federal Cross of Merit for his contributions to Free Software. Matthias was awarded the medal in recognition of his work spurring innovation and spreading knowledge for the common good."
Surveys Linux owns 32 percent of netbook market, says study (DesktopLinux.com)DesktopLinux.com looks at the results of a study on the percentage of Linux-based netbooks. "ABI Research is projecting that in 2009 Linux will represent 32 percent of netbook sales, far higher than the seven percent figure claimed by Microsoft, says a report. ABI estimates that Linux will overtake Windows on netbooks by 2013, largely due to sales in less-developed countries."
Event Reports Linux-Kongress 2009 (The H)The H has a report from Linux-Kongress 2009, recently held in Dresden. "Theodore Ts'o said that it is hard to predict which trends will emerge after mobile and cloud computing in two or three years but that those who can answer this question might become rich. 2010 will (not) be the year of the Linux desktop just like the years before it, said the developer. Ts'o considers developing Linux for desktop PCs a difficult task while the required improvements to the software stack are in progress, they aren't happening as fast as many people would like, he explained."
Calls for Presentations ELC 2010 Call for PresentationsA call for presentations has gone out for ELC 2010, submissions should be in by January 15. "The CE Linux Forum would like to invite you to make a presentation at our upcoming Embedded Linux Conference. The conference will be held April 12-14, 2010 in San Francisco, California."
SCALE 8X Call For Papers closes December 1thThe call for papers for SCALE 8X ends on December 1, early bird registration opens on November 16. "Mark your calendars - be in Los Angeles Feb. 19-21st, 2010, for SCALE 8x, where Open Source Happens!"
Upcoming Events CONFidence 2.0 schedule online, registration closingThe schedule for CONFidence 2.0 has been posted, the event takes place on November 19-20 in Warsaw, Poland. "CONFidence is the one of the most technical conference in Eastern Europe."
FLOSS in health care track at Med-e-Tel 2010 (LinuxMedNews)LinuxMedNews has announced the next Med-e-Tel conference. "The 8th annual Med-e-Tel conference (14-16 April 2010) will include a track that is dedicated specifically to Free/Libre Open Source Software in Health Care (FLOSS-HC).If you, your company or your organization is active or interested in FLOSS-HC Med-e-Tel is the place to be in 2010. One of the main goals of the FLOSS track is to serve as a forum for all people and organizations interested in FLOSS-HC, as a meeting place for old and new FLOSS-HC enthusiasts and a place for exchanging ideas, knowledge and experience and setting up new collaborations."
Events: November 19, 2009 to January 18, 2010The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it. Miscellaneous Perl far from dead, more popular than you think (Royal Pingdom)The Royal Pingdom takes a look at popular websites that use Perl. "Perl has been around since 1987 and became an early darling of web developers. These days, however, you don't hear much about Perl. Everyone seems to be talking about trendier languages like PHP, Python and Ruby, with Perl left in the back as a neglected, not-so-hip cousin. That might lead you to think that Perl is dying, but as it turns out, it's still used by plenty of websites out there, including some pretty big hitters."
Page editor: Forrest Cook
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Futex diagram]](/images/ns/kernel/dvh-futexes.png)
![[Project Open]](/images/ns/ProjectOpenLogo.png)
The ]po[