LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Announcements
->Multipage format
This page
Previous weekFollowing week
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for January 7, 2010The SAY2K10 bugSpamAssassin is crucial infrastructure, at least for some of us. So it was with some dismay that your editor, while performing a quick New Year's Day disaster check, noted that SpamAssassin had not made the adjustment to 2010 in good form. The bug was straightforward and easy to fix, but it merits a closer look for what it reveals about our infrastructure and how we support it.The task assigned to SpamAssassin, of course, is to look over incoming email and assign a score to each message indicating how likely that message is to be spam. It does this job surprisingly well; your editor currently receives around 5,000 spams per day - one every 17 seconds or so - but it's a bad day if two dozen of those get past SpamAssassin and show up in the inbox. Put simply: without SpamAssassin, your editor's email address would simply be unusable. All it takes is a five-minute window without spamd running to see what life would be like if the incoming mail stream had to be dealt with in its full, unfiltered glory. This is mission-critical software, so any faults which turn up in it tend to be of great concern. The core of SpamAssassin is a vast set of rules looking for spammy characteristics in incoming email. The rules match anything that the developers think might indicate spam; some of the tests include:
...and so on. Each matching rule adds a numeric score to the message; when the process is complete, the scores are added up to yield a total spamminess value. The bayesian recognizer also gets a chance to look at the message and add a score of its own. At the conclusion of this process, any message with a score of 5.0 or higher (by default) is considered to be spam. Some years ago, a SpamAssassin developer noticed that some unwanted mail came in with dates far in the future. These messages almost certainly represent an attempt by spammers to take advantage of mail clients which sort messages by date; a far-future date should show up at the top of the list. To deal with these messages, said developer wrote a rule matching any date from the year 2010 or afterward. At the time, 2010 was some years in the future, so the rule seemed to make sense. Surely somebody would fix it long before that distant year arrived. The scores assigned to rules in SpamAssassin are not random, but neither are they assigned by the rule authors. Instead, the project uses a "perceptron" program to determine which combination of scores performs best against a large body of spam and "ham" email. When this tool was run, legitimate email from 2010 was indeed a rare thing, so the rule turned out to be a very good positive indicator for spam. As a result, it was assigned a score which, in some situations, could be as high as 3.5. As of January 1, mail with 2010 dates suddenly became rather more common. With the year-2010 rule now firing on every message, the SpamAssassin threshold was, in effect, lowered from 5.0 to as low as 1.5. That, in turn, caused a fair amount of legitimate email to be classified as spam, a most unwelcome development. Your editor, receiving 5,000 spams every day, has long since stopped scanning the spam folder for false positives; even if they exist (which they almost never do), they represent a needle which is almost impossible to find in a haystack that large. So email classified as spam is, for all practical purposes, simply lost. As described in Justin Mason's weblog, the year-2010 problem was noted by a SpamAssassin developer in 2008. The rule was duly fixed in the project's repository, and promptly forgotten about. What the SpamAssassin developers did not do was any of (1) informing the user community of the rule change, (2) making a new major release with the fixed rule, or (3) distributing the rule fix through the sa-update channel, which exists for just this purpose. So everybody was caught by surprise - users, distributors, Internet service providers, and the SpamAssassin developers themselves. All told, the harm caused by this problem was relatively small and mostly recoverable. It is a very small blot on SpamAssassin's long record of making email usable for large numbers of people. But it highlights a few points which are worthy of note:
It would appear that what SpamAssassin needs is some dedicated maintenance talent which is not dependent on evening hours put in by developers committed to other projects. Typically that is the sort of work that requires a paying customer. Given how many people and companies rely on this software, it seems like it should be possible to find the money to motivate somebody to put more time into SpamAssassin maintenance. The hard part is collecting and administering those funds; that's not something that the free software community has yet reliably become good at doing.
Computer science education and free softwareThere is an effort underway to enhance the current high school computer science curriculum in the US. Spearheaded by the US National Science Foundation (NSF), the intent is to "transform" high school computing education from one that is focused on application and programming training to one that opens up more of the "magic of computing". The idea is that computing cuts across many different types of activities and jobs, so narrowly focusing on things like word processing or Java programming may not provide a good overview of the field to teenagers. The NSF executive summary [PDF] of its "Transforming High School Computing" project cites several statistics that highlight the current problems with computing education in the US, along with its plans for addressing them. Essentially, it would like to see three new classes developed that will benefit students who are headed in different directions. Two of the courses would take the place of today's introductory and advanced placement (AP) computing classes, while an entirely new course would be developed for students who are headed to college and interested in a scientific field. But instead of an introductory class that teaches how to use a keyboard—something that is likely needed by very few high school students today—word processing, and the like, the new "Pre-AP" curriculum would "go beyond mere computer literacy to teaching fluency in the fundamentals of computing and computational thinking, using an inquiry-based instructional approach and engaging students with exciting, 21st century applications." Likewise, the new AP course for potential science majors will "explore, in more detail and depth, computational concepts introduced in the "Pre-AP" course, including critical thinking, logic, algorithms, etc." While the text reads a bit like a marketing brochure (which, in some sense, it is), filled with phrases like "rigorous and engaging", it would seem to be a step in the right direction. Another goal is to train 10,000 new teachers in the new curriculum so that by 2015 the new courses are being taught in 10,000 schools. These are fairly ambitious goals and will require a public/private partnership for funding according to the NSF. There will undoubtedly be large hardware and software companies falling all over themselves to give money and, more importantly from their perspective, hardware and software to schools in support of this effort. That's good, as far as it goes, but the NSF and those working on the project should most certainly consider the role for free software as part of the "transformation". It is certainly true that there is far more to computing than learning how to use Office and Photoshop (or even OpenOffice and GIMP for that matter). Students will clearly understand computers and computing better if they get a sense for what computers can and cannot do. That implies access to a wide variety of different types of applications, not just those that might be used in an office or programming job, which is something that free software can provide much more easily, at a much lower price than the commercial vendors can. Consider the breadth of applications available for today's Linux distributions—all installable at the click of a button. Most certainly many of them are not as polished as their commercial counterparts, but they are available to explore. Want to try computer aided design for the birdhouse you are building in wood shop? There's an app for that. AutoCAD, even provided for free, seems a bit like overkill to explore the idea of CAD. Tracking down the proper computer with the proper license for the CAD software also seems like it would be counterproductive. Free software can be installed easily and abandoned quickly if it does not suit. Teacher training could also focus on how to find interesting applications, and to note particularly good ones for specific purposes. It is far more useful to understand what a spreadsheet can do, how it works, and how it can help with your homework, than it is to know the specific function names in Excel, for example. Just as good programmers can switch languages fairly easily, computer literate people should be able to switch applications without much difficulty. That is done by understanding the underlying concepts and then being to able to apply them widely, which is something that the diversity in free software fosters. The cost savings of using free software are likely to be quite large, but the commercial companies will try to reduce that advantage as much as they can—and take a tax write-off while they are about it. But the advantages of free software go well beyond the price. For anyone interested in "how it works", free software offers the ultimate inside look. From most proprietary software companies, that can't be bought at any price. For budding programmers, or those that think they may have an interest, free software provides not only a look at the code, but also a look at the development culture. Finding a bug in some package may be frustrating, but a quick look on Google or the project's web site may find others who have the same problem and have a patch available to fix it. There is a lot to be learned (both good and bad) from grabbing a patch from the internet and rebuilding an application. All of that is not to say that the entire curriculum should be narrowly focused on free software. There is plenty to be learned from the proprietary brands. Trying to keep Windows and Macs out of the classroom is unlikely to work, but is also a bad idea. Diversity is important when trying to learn about computers, so seeing how different organizations and projects do things can only help there. The information available so far is unclear about what tools will be used in the new classes. One hopes that the NSF, which has sponsored a whole lot of free software along the way, doesn't fall into the trap of thinking that Windows and Mac are the only choices. Even if those two do dominate the computer labs in high schools, there is plenty of free software that runs atop them. The benefits of free software outlined here will not surprise many (any) LWN readers, but they may not be obvious to those outside our communities and that's something worth changing.
Looking forward to 2010Your editor, not generally known for his good sense, has long made a tradition of putting together a set of Linux-related predictions at the beginning of each year and posting them for the world to see. There is no particular source of inside knowledge behind these predictions, and no real reason to give them more credence than is merited by much of the material found in one's spam folder. Still, it's a fun exercise in pondering how things could go and trying to guess what the important themes will be.On that note, here's your editor's thoughts for 2010. Any relation to reality is purely coincidental. Open hardware platforms will be seen as increasingly important by the general public. Anybody who saw Verizon's heavy advertising campaign for its Android-based "Droid" offering will have understood that openness is now seen as a selling point in the mobile phone market - something which was not true even a year or two ago. Apple has done us a favor by showing how painful a restricted platform can be - even if it is a relatively open one. Future offerings, including the much-hyped "tablet" machines, will be judged by many criteria, one of which will be "who decides which applications I can run on it?" Locked-down systems will suffer as a result of their closed nature. We'll see a number of Linux-based tablet computers offered to the market this year. What may take a bit longer to see is just what all of these machines will really be good for. Software patents will strike close to home again. Nokia's suit against Apple is an especially ominous development. We are seeing the opening of a whole new computing market where none of the traditionally dominating companies have a commanding share. So it's a bit of a gold rush, and some companies will undoubtedly rush to gain their gold by way of the courts. Copyright assignment policies will be debated by numerous projects over the course of the year. In the past year, the (attempted, in-progress) acquisition of MySQL (by way of Sun) by Oracle has clearly shown how assignment of copyrights to a corporation can go wrong, and Canonical's imposition of an assignment policy has created a backlash of its own. Even Eben Moglen, who has argued for copyright assignments in the past, has stated publicly that MySQL would be better off with a more diverse ownership structure. Developers in the future will think harder about signing assignment agreements, and projects will wonder whether their interests are truly best served by imposing assignment agreements. Copyright assignment agreements will not go away, but, like heavy-handed trademark policies, they will come to be seen an an impediment to freedom which is often counterproductive. Speaking of MySQL, Oracle's acquisition of Sun will proceed without the imposition of major changes by the European Union. Regardless of its long-term plans, Oracle will treat MySQL with a light hand in the coming year. There will almost certainly be attempts to fork the project, though, regardless of how Oracle behaves. The browser war will heat up again, but the main contestants will be free software. Firefox holds a commanding position, but its heavy weight and long startup time are enough to push some users to the competition - which, increasingly, looks to be Google's Chrome. If Google continues to develop the browser, and continues to avoid fatal errors like disallowing ad blocking extensions, Chrome may hold a significant part of the market by the end of the year. Solid-state storage devices will come into wider use this year, with some interesting results. For example, the above-mentioned long startup time for Firefox tends to just vanish when the browser is SSD-based. Wider use of SSDs will tend to hide lazy or inefficient application development, but it will also put more pressure on the kernel's block subsystem, which will struggle to keep up with rapidly-increasing operation rates. Adventurous distributors will be offering Btrfs by the end of the year. The filesystem will be feature-complete and stabilizing, but it will still be very much for adventurous (and well backed up) users at that point. Ext4, instead, will be moving beyond community distributions and into "enterprise" production use. The big kernel lock will be gone from the mainline kernel. Actually, it will probably remain in a number of places, but things will have reached a point where a lock_kernel() call is an indication of old, unmaintained, and unused code. On any reasonably current hardware, a leading-edge kernel will be able to run with no BKL use at all. This work will be part of the larger job of getting the realtime preemption patch set into the mainline, but your editor dares not attempt another prediction on when that task will be complete. Production use of LLVM will be on the rise as this compiler matures and stabilizes. Some of the most interesting uses are likely to be in nontraditional projects like Unladen Swallow. There will be a scary security incident involving mobile Linux devices. Our security is pretty good, but it's far from perfect; just think, for example, about the number of bugs likely to be found in wireless network drivers, which are quite complex and reviewed by relatively few people. Speaking of security, 2010 will be the year of the sandbox. Technologies like SELinux, AppArmor, and TOMOYO will not be going away, but increasing numbers of people will decide that many security objectives are more easily obtained by just placing at-risk processes into their own box. There will be lots of talk of clouds, with companies stumbling over each other to become the host for some portion of our lives. Your editor can only hope that, at some point, this rush toward highly centralized services will be countered by a push for personal control of data. Perhaps members of our community will make it easy for nontechnical users to set up "cloudlets" for individual or small-group use, with a focus on individual control and portability. GNOME 3 will be released. Learning from the KDE 4 experience, the GNOME developers will promote their work less and focus more on not breaking things for users. The result will be a launch which draws relatively little attention, of either the good or the bad variety, but which lays the base for the platform's future development. Developers will start using Python 3 as that language becomes more widely available in community distributions. By the end of the year, a small number of Python 3 programs will be in reasonably wide use. Meanwhile, we'll still be waiting for Perl 6. Community distributions will grow in commercial importance over the course of the year. Distributions like Debian and Gentoo already show up in surprising places, with prominent organizations choosing them for their combination of stability, broad software selection, and great support. More companies will begin to realize that the "enterprise distribution" model is not perfect for all situations and will go looking for solutions which bring them closer to the communities which create all of that software in the first place. Linux and free software will be stronger than ever at the end of the year. Yes, your editor makes this prediction every year, but it has proved rather more reliable than most of the others. It makes sense to go with a known winner, and, in any case, this prediction is easy to justify. The software keeps getting better, the community gets larger, and the value of free software is becoming more widely understood. There doesn't seem to be any reason for any of that to change anytime soon.
Security GSM encryption crack made publicThe schemes commonly used to encrypt GSM telephone calls, SMS messages, and data transmissions have been theoretically broken for years at both the protocol and cipher levels, but results presented in Berlin at the 26th Chaos Communication Congress (26C3) on December 27 demonstrate that a practical attack can be easily implemented. Researchers unveiled cracking tables requiring just two terabytes of disk space that can be used to look up a GSM encryption key and decrypt a transmission. The tables were computed on 40 commodity hardware PC nodes in just a few months' time, and are shared through Bittorrent. Furthermore, the presentation explains that the more difficult practical task of intercepting and capturing GSM calls can already be done with inexpensive radio equipment and open source software. BackgroundThe cipher under attack is known as A5/1; it was invented by the GSM Association in 1987. Due to the Cold War, A5/1 was deployed only in Western Europe and the United States, and was accompanied by a significantly weaker cipher called A5/2 for export to other regions. The GSM protocol supported both A5/1 and A5/2, plus A5/0, or unencrypted connections, a choice that left the protocol itself vulnerable to attack. A5/1 was not published, but researchers began to reverse-engineer it almost immediately, work that was completed and publicized in 1999. Theoretical attacks based on weaknesses in the cipher date back to at least 1997, but real-world attacks on the system as implemented in the global GSM network only began to appear in 2003, when the team of Elad Barkan, Eli Biham, and Nathan Keller reported that phones use the same set of keys regardless of whether A5/1 or A5/2 encryption was enabled. [PULL QUOTE: Thus, by momentarily tricking a phone into using A5/2 (which can be cracked in seconds), a man-in-the-middle attacker can retrieve the session key for a call and continue to decrypt it even if it subsequently switches to A5/1 at the network's request. END QUOTE] Thus, by momentarily tricking a phone into using A5/2 (which can be cracked in seconds), a man-in-the-middle attacker can retrieve the session key for a call and continue to decrypt it even if it subsequently switches to A5/1 at the network's request. Shortly thereafter, networks were advised to discontinue use of A5/2. Barkan, Biham, and Keller also published a ciphertext-only attack on A5/1 itself that relied on a time-memory tradeoff: building a lookup table of partially-precomputed hash values. A5/1 uses a 64-bit key (although, interestingly enough, 10 bits are fixed at 0 in all known deployments, making the practical strength 54-bits), which would require around 128 petabytes for a complete code book (a complete plaintext:ciphertext table for each key). In 2008, a group called The Hackers Choice (THC) announced that it had computed the complete code book, in a more space-efficient format that required just three terabytes, running on a cluster of 70 field-programmable gate array (FPGA) boards. THC did not publish its tables, however. A5/1 Security Project, technique and resultsAt the Hacking at Random conference in July of 2009, researchers Karsten Nohl and Sascha Krißler announced yet another effort to compute the code book, dubbed the A5/1 Security Project, utilizing distributed computing with publicly available source code. The A5/1 Security Project code was designed to run on NVIDIA and ATI graphics cards using the CUDA parallelization architecture; a participating node would claim a unique chunk of the code book from the project, then report its results back to the centralized server. Nohl and Chris Paget announced in their 26C3 presentation that the project had completed computation of the tables, and that the complete result was available on Bittorrent. Around 40 nodes participated in the effort over three months; some false starts caused by bugs in the code slowed down the computation initially, but the results as presented at 26C3 are final. The format chosen by the project uses a combination of rainbow tables and distinguished point tables as a space-saving measure. Rather than storing the entire code book as a plaintext:ciphertext lookup table, rainbow tables compute chains of encrypted values, and store only the first and last values in the chain. Decrypting a given value then involves generating a chain from the value, and looking at each step for a match in the rainbow table. Thus, using longer chains in the rainbow table requires less storage space, but demands more time in the decryption step by requiring more computation steps looking for a match. But once a match has been found, the key can then be determined allowing further decryption using the algorithm directly. Distinguished point tables save space by selectively storing only those chains in the table that have an endpoint matching some helpful property — such as a long string of zero-bits. Chains that don't have that property are not stored saving a great deal of space, but turn the key extraction into a probabilistic search. Given enough ciphertext, though, key extraction should be possible. The team eventually settled on a combined table approach that used 380 tables, each of which consists of 32 distinguished-point segments of length 2^15 merged into one rainbow table. In addition, they discovered ways to locate known plaintext in a GSM transmission (such as predictable ACK packets) that would save time and space by requiring a smaller subset of the code book to be computed. If those details do not communicate much to non-cryptographers, the practical results should: the final tables take up just 2 terabytes of storage space, and can be used to perform near-real-time decryption. Reaction and better securityNohl and Paget are quick to point out that the completion of the A5/1 tables itself does not constitute a measure for intercepting and listening in on GSM telephone calls. Shortly after news of the work went public, the GSM Association issued a press release playing down the result, based in large part on what it called the "practical complexity" of capturing and recording a GSM call. Nohl and Paget dealt with that assertion in their talk, describing the components that would be required to receive, process, and record GSM calls, all of which are easy to obtain. At the hardware level, the Universal Software Radio Peripheral (USRP) developed for the GNU Radio project can tune and capture GSM spectrum. The OpenBTS software stack implements GSM and is designed for use with USRP, allowing the user to process and decode the data in a GSM channel, as well as to perform other feats in active attacks, such as faking a legitimate GSM base station. Other software packages, such as OpenBSC and Airprobe, can also be used for specific GSM-related tasks. The GSM Association press release also implies that any real-world risk inherent in a broken A5/1 is moot because the stronger A5/3 is also available, and is not subject to the same algorithmic attacks. Nohl and Paget point out, however, that theoretical attacks on A5/3 have already been published, and that, despite its availability for over a decade, no carriers use it. Moreover, the GSM protocol itself is still highly insecure; in fact the same technique Barkan, Biham, and Keller used in 2003 to trick a phone into downgrading from A5/1 to A5/2 can also be used to attack A5/3 — since A5/3 uses the same encryption keys as A5/1 and A5/2. In addition, lack of network authentication and the fact that GSM phones automatically attach to the strongest available base station make interception and man-in-the-middle attacks possible, that are independent of the encryption method deployed. Securing mobile phone communications is vital in today's world. As Nohl and Paget's presentation noted, GSM is not only used for voice calls, but for SMS (which increasingly includes financial transactions) and EDGE data connections as well. Consumers have no control over the GSM network, and although most have little to worry about in the realm of criminal attackers intercepting their voice calls, business and government users do. 40 off-the-shelf graphics cards computed the A5/1 code book in less than three months; the estimated hardware needed to built a USRP-based GSM interceptor is less than US$3000. That is a trivial investment to anyone with a financial interest in eavesdropping. On top of that, as the weakness of WEP encryption demonstrated to WiFi router owners, a broken security system leaves the network open to mischief, bandwidth-theft, and other security problems beyond call interception. Hopefully, as the A5/1 Security Project suggests, the telecommunications sector will now take positive steps to correct the flaws in GSM and implement better security. For the open source software community, however, there is another benefit to the project's success: the basic idea is reusable. The team built the distributed pre-computation framework to be generic; it can work on any cipher, with different table layouts, and on multiple hardware back-ends. In other words, if you have a cipher that needs a code book and you have access to 40 modern graphics cards, your job may have just gotten a lot easier.
Brief items Critical PowerDNS Recursor security vulnerabilitiesThose of you using PowerDNS Recursor 3.1.7.1 or earlier will want to upgrade to 3.1.7.2 quickly. "The two major vulnerabilities can lead to a FULL SYSTEM COMPROMISE, as well as cache poisoning, connecting your users to possibly malicious IP addresses." Distributor updates are on their way, but the advisory notes that Ubuntu will not be shipping an update, so Ubuntu users will need to do the upgrade manually.
The isolate utilityIsolate is a program designed to run otherwise unsafe programs in a secure manner. "This utility, isolate, runs processes in a chroot-ed environment, with constrained resource limits, as a random UID, and with limited access to the X server. An isolated program ('isolatee') no longer has all the authority of your user account, but you can still enjoy its legitimate functionality. You can play even maliciously-crafted songs in an unsafely implemented music player, with greatly minimized risk to your other data." As with so many security-related programs, its original inspiration comes from Daniel J. Bernstein.
New vulnerabilities acl: symlink attack
automake: arbitrary code execution
gimp: integer overflows
jpgraph: multiple cross-site scripting vulnerabilities
kernel: denial of service
krb5: denial of service
NetworkManager: multiple vulnerabilities
PHP: multiple vulnerabilities
phpldapadmin: local file inclusion
slim: X session hijacking
stardict: information disclosure
unbound: bad cryptographic implementation
viewvc: multiple vulnerabilities
wireshark: multiple vulnerabilities
Page editor: Jake Edge Kernel development Brief items Kernel release statusThe current development kernel is 2.6.33-rc3, released on January 5. Linus says:
The bulk of the patches are some SH defconfig updates
(40%), but ignoring those we have the normal 'half drivers, half everything
else' pattern. On the driver front, the perhaps most notable change is not
so much a code change, but the small change of marking the "new" firewire
stack as being the recommended one.
The short-form changelog is in the announcement, or see the full changelog for the details. 2.6.33-rc2 was released on December 24. It included a number of fixes, the Nouveau "ctxprogs" generator for nv40 chipsets, and a Silicon Motion sm712 video card driver; this release also saw the removal of the unused and abandoned distributed storage subsystem. Full details are in the full changelog. Stable updates: the 2.6.27.43, 2.6.31.10, and 2.6.32.3 stable kernel updates were released on January 6. All three contain a mixture of fixes; 2.6.27.43 is relatively small while the other two are large. Updates for 2.6.31 probably end with 2.6.31.11.
Quotes of the week
And we do make plenty of mistakes. And when we fix them, we have
to maintain bug-compatibility to allow live migration from the
broken version to the good version. If you're ever feeling overly
happy, do some compat work in qemu and it will suck a year's worth
or two of your life force a pop.
-- Avi Kivity
Application developers have historically been intolerant of systems
that change their security policy on the fly. No, let me say what I
really mean. They hate them with a flaming passion. Sometimes the
system requirements make it necessary, but please don't think the
application developers will thank you for it.
-- Casey Schaufler
Its always easier short term to pee in the pond than install a
toilet - it's just not a good long term plan.
-- Alan Cox
If you start a benchmark and you don't know what the answer should
be, at the very least within a factor of 10 and ideally within a
factor of 2, you shouldn't be running the benchmark. Well, maybe
you should, they are fun. But you sure as heck shouldn't be
publishing results unless you know they are correct.
-- Larry McVoy
list_sort()The kernel has long had a set of standard functions for the manipulation of linked lists. What it has lacked, though, is a function for sorting those lists. Actually, that's not quite true: it has two of them: one in the direct rendering code, and one in the UBIFS filesystem. When Dave Chinner found himself needing the same functionality for XFS, he decided that adding a third implementation was probably not the best idea.So, instead, Dave grabbed the UBIFS version and reworked it into a generic list_sort() patch. The result is this function:
void list_sort(void *priv, struct list_head *head,
int (*cmp)(void *priv, struct list_head *a, struct list_head *b));
This function behaves like many generic sort utilities - the cmp() function will be called with pairs of list elements (and the given priv pointer); it should return an integer value indicating whether the first item should sort ahead of or behind the second. The existing users of this functionality have acknowledged the change, so it will almost certainly make an appearance in 2.6.34.
Kernel development news Restricting the networkNew security features can be affected by the "law of unintended consequences", because a seemingly simple restriction runs afoul of unanticipated interactions with other parts of the system—often other security mechanisms. These interactions can be difficult to spot immediately, which makes kernel hackers very careful about adding new security features. A recent proposal to provide a means for processes to restrict their network access—something that would be useful for a process sandbox for instance—ran into unintended consequences. But the somewhat ad hoc nature of the feature, and its tuning for a fairly specific use case, also caused objections from some. The basic idea is fairly simple. Michael Stone would like to have a means for a process to reduce its privileges such that it can no longer make network connections. It would be a one way gate for a process (and any subsequent children) that would restrict network usage to previously opened connections. Because Stone's use case is for the desktop—specifically some parts of the OLPC Bitfrost security model—there would be an exception made for connecting to named AF_UNIX sockets, which would allow restricted processes to still be able to talk to the X server. When he initially proposed the idea in an RFC in January 2009, Stone took a straightforward approach using resource limits. He added a new boolean limit (RLIMIT_NETWORK) that could be set by a process to turn off further network activity. There was a problem in that scheme in that it didn't actually limit the process because it didn't stop it from using ptrace(). A subverted process could still do networking via another process by using ptrace() on it. In addition, James Morris noted that network namespaces might be a possible solution to the problem. After that round of comments, Stone came back with an updated patchset in December. He addressed the ptrace() issue by adding a test for the resource limit in __ptrace_may_access() that would prevent processes that are network-limited from using ptrace(). He also noted that using network namespaces didn't support one part of his use case: processes in a private namespace could no longer connect to the X server using AF_UNIX sockets. Using resource limits as the interface was not very well received by glibc maintainer Ulrich Drepper ("it's a pain to deal with rlimit extensions"), who suggested using prctl() instead. Stone quickly turned around another version of the patch that used prctl(), but a few problems cropped up along the way. At first blush, removing further network access seems like a harmless way for a process to voluntarily give up some portion of its privileges. But, when coupled with setuid() binaries that expect to be able to access the network, things get murkier. As Eric W. Biederman put it: "You can in theory confuse a suid root application and cause it to take action with it's elevated privileges that violate the security policy." That is why privileges are required for entering a new network namespace (as well as for things like chroot()), because they can violate the assumptions made by setuid() programs. Stone is looking for a mechanism that doesn't require a privileged process, however, which is why he proposed resource limits or prctl() as the interface. But those don't alleviate the problem with suid programs. The so-called "sendmail capabilities bug" was brought up several times in the conversation about Stone's feature as a concrete example of how the interaction between security mechanisms can go awry. That bug was really in the kernel, but by manipulating the Linux capabilities of a process before spawning sendmail (which runs as setuid(0)), attackers could bypass the privilege separation that sendmail tries to enforce. Adding a new security mechanism (capabilities) suddenly—mistakenly—changed the behavior of a well-established security technique. Implementation bugs aside, there are concerns about sprinkling support for this feature in various places in the kernel: ptrace() and the networking stack, particularly since the changes have the AF_UNIX exception as a special case. Alan Cox puts it this way:
This is a security model, it belongs as a security model using LSM. You
can already do it with SELinux and the like as far as I can see but
that's not to say you shouldn't submit it also as a small handy
standalone security module for people who don't want to load the big
security modules.
Otherwise you end up putting crap in fast paths that nobody needs but everyone pays for and weird tests and hacks for address family and like into core network code. The fact the patches look utterly ugly should be telling you something - which is that you are using the wrong hammer Unfortunately, switching to an LSM-based solution opens the "stacking-LSM can of worms again", as Valdis Kletnieks calls it. Currently, there is no general way to run multiple LSMs in a kernel. The idea has come up multiple times, but there are serious concerns about allowing it. Any new LSM is much less likely to be used, at least in distributions that already use one of the "monolithic" security modules like SELinux, TOMOYO, or the out-of-tree AppArmor. In another thread Stone queried linux-kernel on the use of LSM and expressed that concern:
Unfortunately, I don't feel that I can make effective use of these hooks
because they seem to be "occupied" by the large mandatory access control
frameworks.
Smack developer Casey Schaufler essentially agreed, but encouraged Stone to go forward with an LSM-based solution:
You're arguing for stacking a set of small security modules. This
is a direction that has gotten slammed pretty hard in the past but
that crops up every time someone like you comes along with a
module that serves a specific purpose. Mostly the objections have
come from people who will tell you that something else already
does what you're trying to do, and that all you have to do is take
on the entirety of their monolithic approach and you'll be happy.
I'm behind you 100%. Use the LSM. Your module is exactly why we have the blessed thing. Once we get a collection of otherwise unrelated LSMs the need for a stacker will be sufficiently evident that we'll be able to get one done properly. There are good reasons to be concerned about stacking security modules, but they mostly stem from trying to combine things like SELinux and TOMOYO rather than small single-purpose modules. Serge E. Hallyn warned that "the problem is that composing any two security policies can quickly have subtle, unforeseen, but dangerous effects." But he also pointed out that there are ways to "hardcode" stacking with the assistance of the other LSM developers:
So with your module, I'd recommend following the route of the capabilities
LSM. You can provide an optional stand-alone LSM which only hooks your
functions. Then smack, for instance, can call the functions in your LSM
from within its own hooks, or it can simply explicitly assign its hooks to
your functions in smack_ops. Selinux can do the same thing, although I
suspect they would more likely implement their own functions for your newly
hooked sites.
While not opposed to that approach in principle, Stone notes that it requires others to change their code, something he has been trying to avoid:
Doesn't it seem a bit strange to you to be recommending that everyone else
using the five security hooks I want to use modify their code *in detail* to
support my functionality given that my functionality is explicitly intended not
to require any such work on their part?
This seems frankly silly to me, not to mention expensive and error-prone. Another alternative would be to use SELinux to do the restriction as Kyle Moffett suggested: "If you aren't using SELinux at this time (and therefore have no existing policy), then it's actually pretty straightforward (relatively speaking) to set up for your particular goals." He outlined an SELinux policy scheme to enforce the networking restrictions. Schaufler was skeptical of that approach—while noting his amusement that an SELinux advocate would call the default polices "fantastically complicated" as Moffett did. Schaufler expects the full policy to support Stone's use case to be rather complicated itself:
I'm willing to bet all the beers you can drink in a sitting that
the policy would be bigger than the proposed LSM. You can count that
in either bytes or lines.
Meanwhile, Stone proposed yet another version that uses the LSM hooks. The feature is still enabled through prctl(PR_SET_NETWORK, PR_NETWORK_OFF), but the implementation is done via a disablenetwork LSM. But there is still the problem of removing the network for setuid() programs that are spawned from the restricted, unprivileged program. Some don't see that as a real problem, because the network could go away for other reasons (network cable pulled, open file limit set sufficiently low, and so forth), but others like Pavel Machek, who NAKed the patch, disagree, envisioning plausible, if unlikely, scenarios where it could cause a problem. That led Biederman to propose a mechanism that would allow processes to call prctl(PR_SET_NOSUID) to permanently revoke their ability to execute setuid() programs (in much the same manner as the MNT_NOSUID mount option). Any process that did that would then be eligible to also revoke its network access. In addition, it would potentially allow entering private namespaces to become a non-privileged operation as namespaces suffer from the some of the same issues regarding setuid() programs. But, once again, Biederman's patch implements a security model of sorts, and belongs in an LSM, at least according to Cox: "Another fine example of why we have security hooks so that we don't get a kernel full of other 'random security idea of the day' hacks." Which leads right back to the problem of stacking security modules. Like Schaufler, though, Cox seems to think LSM stacking will eventually come to pass:
Yes it might mean the hooks need tweaking, yes it probably means the
people who want these need to do some trivial stacking work, but if as
many people are actually really interested as are having random 'lets add
a button to disable reading serial ports on wednesday' ideas there should
be no shortage of people to do the job right.
Part of the problem is the whole raft of security mechanisms that Linux supports: setuid(), capabilities, LSMs, monolithic LSMs like SELinux, securebits (which was mentioned as a possible solution for PR_SET_NOSUID), seccomp, and more. As the sendmail capabilities bug showed, these can interact in unexpected ways. Adding a specific knob, whether it be disabling the network or setuid(), only addresses that particular problem, while potentially impacting the whole system in a negative way. It is rather counter-intuitive that allowing non-root programs to voluntarily drop some portion of their privileges should lead to other security problems. The root cause may really be setuid(), but that mechanism is so ingrained into Unix programming that there is little to be done but live with it—warts and all. But there will be more and more pressure to provide ways for processes to sandbox themselves (and others). The seccomp changes proposed by Google for its Chrome browser in May are another way of approaching the problem. Even with all of the competing—sometimes clashing—security mechanisms, one gets the sense that there is more infrastructural work to be done in Linux security. If the concern about generalized LSM stacking is only for the monolithic security models, one could imagine some kind of "LSM lite" that used the same hooks but had restrictions on behavior such that modules could stack. Perhaps some of these restrictions could be implemented as some kind of trusted user space daemon that changed the capabilities of running processes. So far, it's not clear where things are headed, but it does seem clear that sandboxing is something that folks want to be able to do, and that there are some approaches to that problem that Linux does not yet support.
Memory compactionThe longstanding memory fragmentation problem has been covered many times in these pages. In short: as the system runs, pages tend to be scattered between users, making it hard to find groups of physically-contiguous pages when they are needed. Much work has gone into avoiding the need for higher-order (multi-page) memory allocations whenever possible, with the result that most kernel functionality is not hurt by page fragmentation. But there are still situations where higher-order allocations are needed; code which needs such allocations can fail on a fragmented system.It's worth noting that, in one way, this problem is actually getting worse. Contemporary processors are not limited to 4K pages; they can work with much larger pages ("huge pages") in portions of a process's address space. There can be real performance advantages to using huge pages, mostly as a result of reduced pressure on the processor's translation lookaside buffer. But the use of huge pages requires that the system be able to find physically-contiguous areas of memory which are not only big enough, but which are properly aligned as well. Finding that kind of space can be quite challenging on systems which have been running for any period of time. Over the years, the kernel developers have made various attempts to mitigate this problem; techniques like ZONE_MOVABLE and lumpy reclaim have been the result. There is still more that can be done, though, especially in the area of fixing fragmentation to recover larger chunks of memory. After taking a break from this area, Mel Gorman has recently returned with a new patch set implementing memory compaction. Here we'll take a quick look at how this patch works. Imagine a very small memory zone which looks like this:
Here, the white pages are free, while those in red are allocated to some use. As can be seen, the zone is quite fragmented, with no contiguous blocks of larger than two pages available; any attempt to allocate, for example, a four-page block from this zone will fail. Indeed, even two-page allocations will fail, since none of the free pairs of pages are properly aligned. It's time to call in the compaction code. This code runs as two separate algorithms; the first of them starts at the bottom of the zone and builds a list of allocated pages which could be moved:
Meanwhile, at the top of the zone, the other half of the algorithm is creating a list of free pages which could be used as the target of page migration:
Eventually the two algorithms will meet somewhere toward the middle of the zone. At that point, it's mostly just a matter of invoking the page migration code (which is not just for NUMA systems anymore) to shift the used pages to the free space at the top of the zone, yielding a pretty picture like this:
We now have a nice, eight-page, contiguous span of free space which can be used to satisfy higher-order allocations if need be. Of course, the picture given here has been simplified considerably from what happens on a real system. To begin with, the memory zones will be much larger; that means there's more work to do, but the resulting free areas may be much larger as well. But all this only works if the pages in question can actually be moved. Not all pages can be moved at will; only those which are addressed through a layer of indirection and which are not otherwise pinned down are movable. So most user-space pages - which are accessed through user virtual addresses - can be moved; all that is needed is to tweak the relevant page table entries accordingly. Most memory used by the kernel directly cannot be moved - though some of it is reclaimable, meaning that it can be freed entirely on demand. It only takes one non-movable page to ruin a contiguous segment of memory. The good news here is that the kernel already takes care to separate movable and non-movable pages, so, in reality, non-movable pages should be a smaller problem than one might think. The running of the compaction algorithm can be triggered in either of two ways. One is to write a node number to /proc/sys/vm/compact_node, causing compaction to happen on the indicated NUMA node. The other is for the system to fail in an attempt to allocate a higher-order page; in this case, compaction will run as a preferable alternative to freeing pages through direct reclaim. In the absence of an explicit trigger, the compaction algorithm will stay idle; there is a cost to moving pages around which is best avoided if it is not needed. Mel ran some simple tests showing that, with compaction enabled, he was able to allocate over 90% of the system's memory as huge pages while simultaneously decreasing the amount of reclaim activity needed. So it looks like a useful bit of work. It is memory management code, though, so the amount of time required to get into the mainline is never easy to predict in advance.
RCU stringsThe sysctl mechanism has seen a lot of work in recent kernel development cycles, resulting in the removal of a lot of code and a reduction in big kernel lock usage. It turns out, though, that this work has also introduced some subtle and rare race conditions into the handling of string data exported to user space. In response, Andi Kleen has put together a new concept called "RCU strings," using the read-copy-update mechanism to eliminate the races without the introduction of new locks on the read path.There are a number of strings managed through sysctl. As an example, consider request_module(), which is used by kernel code to ask user space to load a module. A call to request_module() will result in an invocation of modprobe, but nobody wants to wire the name or location of modprobe in kernel code. So the sysctl variable /proc/sys/kernel/modprobe is used to contain the location of this utility. It will be set to "/sbin/modprobe" on almost any Linux system, but an administrator can change it if need be. Consider the case of a request_module() call which happens at exactly the same time as a change to /proc/sys/kernel/modprobe from user space. It is entirely possible that request_module() could end up with the path to modprobe which has been partially modified. The most likely result is a failed attempt to load the module, but worse things could happen. This situation is well worth avoiding. (One should note that these races are not, in general, potential security problems. The changing of sysctl variables is a privileged operation, so it cannot be done from arbitrary user accounts.) The read-copy-update mechanism was designed to ensure that data - especially data which is frequently read but rarely modified - remains stable while it is being used. So it seems well suited to the protection of sysctl strings which, likely as not, will never be changed over the lifetime of the system. RCU can be a bit tricky to use, though; the RCU string type is designed to make things a bit easier. The creation of an RCU string is accomplished through:
#include <linux/rcustring.h>
char *alloc_rcu_string(int size, gfp_t gfp);
The size parameter should be the maximum size that the string can be - null byte included. Following the normal RCU pattern, read access to this string is accomplished by way of a pointer to that string. Atomic readers - those which do not sleep - need only use rcu_read_lock() and rcu_dereference() to mark their use of the RCU-protected pointer. Any code which might sleep will have to take other measures, since the string could change while the code is not running. In this case, a copy of the string should be made with:
char *access_rcu_string(char **str, int size, gfp_t gfp);
Here, str is a pointer to the string pointer, and size is the size of the originally-allocated string. Using strlen() to get size would be a serious mistake, since the string could possibly change before the copy is made. The new string is allocated with kmalloc(); the given gfp flags are used for the allocation. The copied string should be freed with kfree() when it is no longer needed. Code changing an RCU string should use alloc_rcu_string() to allocate a replacement string, copy the data into it, then use rcu_assign_pointer() to make the new string visible to the rest of the system. The old string should be passed to free_rcu_string(), which will use RCU to free the memory once it is known that no references to that string can still exist. String variables tend to be exported through sysctl using proc_dostring(). To make life easier, Andi has added a new function, proc_rcu_string(), which handles most of the details of exporting an RCU string. It's a simple matter of initializing the appropriate ctl_table structure with a char ** pointer to the string pointer and setting the proc_handler entry to proc_rcu_string(). The initial value of the string is allowed to be a compile-time constant string; anything else is expected to be an RCU string. This code has been through a couple rounds of review and seems likely to be merged in the 2.6.34 development cycle.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Janitorial
Memory management
Architecture-specific
Security-related
Virtualization and containers
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet Distributions News and Editorials XtreemOSLast November the XtreemOS project announced XtreemOS 2.0, the second public release of its Grid operating system; motto "Making Grid Computing Easier". Grid computing is a form of distributed computing where computers are loosely coupled, heterogeneous, and may be geographically dispersed. In other words a grid consists of several different computers that may be located anywhere in the world. Clusters, on the other hand, are generally made up of several similar computers, co-located and on the same network. XtreemOS 2.0 is based on Mandriva 2009.0 but includes the tools to create a grid with laptops, desktops and servers or to create clusters. According to the release notes "XtreemOS is a Linux-based operating system providing the basic functionalities that are expected in a Grid system: Application Execution Management, Data Management and Virtual Organization Management." One unique feature of XtreemOS is its use of XtreemFS, a replicated and distributed object-based file system. According to the XtreemFS user guide, this file system is POSIX compliant, multi-platform, globally distributed, failure-tolerant, secure and customizable. XtreemFS 1.2 is the current version, announced last month. While XtreemOS is aimed at grid computing, it can also be used to create clusters using Kerrighed clustering technology. "Kerrighed is a Single System Image operating system for clusters. Kerrighed offers the view of a unique SMP machine on top of a cluster of standard PCs." Kerrighed is implemented as a set of modules and kernel patches, so it can be used on other Linux systems, but like XtreemFS it is nicely integrated into XtreemOS. Grid computing, at its simplest, could be a good collaboration tool, allowing you to distribute and replicate your files on a friend's computer or just use it to keep your laptop in sync with your desktop. Grid computing is certainly good for large computing tasks, but with XtreemOS you can easily play around with smaller grids. If you are attending the EuroSys conference (in Paris next April), there will be a half-day tutorial about XtreemOS.
Distribution News Debian GNU/Linux Bits from the Lintian maintainersClick below for some bits from the Debian Lintian maintainers. "The best news about Lintian is that Raphael Geissert has joined the team as an additional Lintian maintainer. Raphael has been making suggestions and contributing patches to Lintian since 2007 and has done a ton of work on as varying of areas as pedantic tag support, bashism detection, init script analysis, spelling checks, lintian.d.o archive area support, and the core checking infrastructure. Just merged for the next release is his refactoring of the unpacking of packages so that it can be better-managed by Lintian's internal ordering and dependency system." Also in these bits; Lintian 2.3.0 has been uploaded to Debian unstable.
Reactivating automatic security announcementsDebian is reactivating automatic security announcements for testing (Squeeze). "Note that this does not mean that security support for testing will increase like during lenny's release cycle. Most of the security work done for the testing distribution during the last months has been through unstable and a few occasional DTSAs, because of the team being understaffed."
Mandriva Linux Mandriva: nouveau now default NVIDIA driverMandriva has announced that Nouveau is now the default NVIDIA driver in Cooker (the development branch). "You can try nouveau by going to X Server settings in MCC (or running XFdrake), going to the graphics card list and selecting "nouveau" under "Xorg" (if you are up-to-date, selecting your card under "NVIDIA" and declining to use the proprietary driver has the same effect). You'll need to reboot or unload the nvidia kernel module."
Ubuntu family Call for votes: Ubuntu Developer Membership Board electionVoting is open for the newly established Developer Membership Board. "Voting has begun to determine who will hold the seats on the newly established Developer Membership Board, which is responsible for determining when, how and to whom to grant privileges related to Ubuntu development. In particular, the DMB will take over the membership functions previously held by the Technical Board and MOTU Council." The second call for votes has been announced. Voting ends January 18, 2010.
Distribution Newsletters Misc Debian developer news (#19)This issue of Debian developer news covers GPG key signing coordination moved to wiki.debian.org, + Debian OpenSSH VCS changeover, and call for help, + Easier for customization on LXDE now, + WNPP BTS report now categorized, and + Update about "3.0 (quilt)" source format.
DistroWatch Weekly, Issue 335The DistroWatch Weekly for January 4, 2010 is out. "We'll start the new year with a rather unusual review - a look at MINIX 3. An operating system that helped to inspire Linus Torvalds to create Linux (and whose creator, Andrew Tanenbaum, once famously described Linux as "obsolete" due to its monolithic design), continues to evolve in small steps, but is it still just a toy for students and those interested in operating systems design? Or has it finally become practical and usable for solving real-world problems? Read on to find out. The review is followed by a brief statistical look at the past year, where we'll highlight the winners and losers among the popular distributions. Then, in a more technical topic (although explained in a layman's language) we look at the possibilities of optimising 64-bit distributions with compiler flags. Finally, we are pleased to announce that the recipient of the December 2009 DistroWatch.com donation is the Krita project. Happy new year and happy reading!"
Openmoko Community UpdatesThe Openmoko Community Updates for December 31, 2009 are available. Topics include QtMoko [15+16], Hackable:1, and more.
openSUSE Weekly News/103The openSUSE Weekly News for December 27, 2009 is out. Topics include openSUSE News: Linux for Education Updated, * The Geek Stuff/Sasikala: Unix Sed Tutorial: 6 Examples for Sed Branching Operation, * Ben Kevan: Blogilo - The Blog Gigolo - KDE 4.4, * openSUSE Forums: X Not Starting (11.2), and * h-online/Thorsten Leemhuis: Kernel Log: Linux 2.6.33 enters test phase.
openSUSE Weekly News/104The openSUSE Weekly News for January 2, 2010 is out. Topics include TooManyTabs - Saves Your Memory 1.1.0, * Alcaro Soliverez/kde.news: First KMyMoney Beta Version Available for KDE 4 Platform, * Joe Brockmeier: Put some meat on it: Writing release announcements, * Sharing a /home Directory between Linux and Windows, and * kde.news/Dario Freddi: KDE Extends Polkit Support to polkit-1.
Ubuntu Weekly Newsletter #174The Ubuntu Weekly Newsletter for January 2, 2010 is out. "In this issue we cover: Edubuntu Council Elections Results, Call for votes: Ubuntu Developer Membership Board election, New IRC Council Appointments, Ubuntu User Days Announcement, Ubuntu will be at Anime Boston 2010, 2010 Launchpad Release Calendar, Trying Out Launchpad Translations, The Planet: Amber, Daniel, Matthew, Steven, and Daniel, Full Circle Magazine #32, December Team Reports, and much, much more!"
Page editor: Rebecca Sobol Development A look at Thunderbird 3It takes time to review a mail client, and one shouldn't rush to judgment. So, even though Thunderbird 3 has been out for about a month it takes a little time to truly explore. This is a major release for Mozilla Messaging, the first big update of Thunderbird since 2007. This release brings a new tabbed interface, search improvements, a few minor interface changes, and improved account setup, to name a few of the more eagerly anticipated features. ![[Account Setup]](/images/ns/AccountSetup-sm.png)
One of the major features in Thunderbird 3, and one of the first users will encounter if this is the first go-around with Thunderbird, is the Account Wizard. This has been redesigned from Thunderbird 2 to automatically attempt to set up an email account with minimal information from the user. While LWN readers may have little trouble specifying the servers, ports, and protocols to access their mail, many users don't know POP3 from fizzy cola. How robust is Thunderbird's account wizard? It had no problems at all setting up a stock GMail account for secure IMAP access, and found the proper settings to access mail via IMAP on a GroupWise server in less than a minute using nothing more than the email address and password. The wizard isn't perfect, of course. It got understandably confused when trying to set up a domain hosted on Google Apps, probably because the domain name and domain of the mail servers differ. Odds are, Thunderbird's account wizard will be able to correctly configure itself for most email accounts. Aside from the account wizard, not a lot has changed with the account settings in Thunderbird 3. Users can now add a signature in the account dialog rather than having to specify a separate file (though that's also still an option) but overall, not a lot of major changes from Thunderbird 2. Thunderbird preferences have largely gone untouched, with the exception of the Security tab. In Thunderbird 3, the Privacy tab is replaced with a Security tab, and there's a new dialog for handling cookies from Web content. Users familiar with Thunderbird 2 will have no problem finding their way around the latest release. New users should find Thunderbird 3 relatively easy to use as well. SearchingGMail has captured quite a few users while Mozilla took its time between version 2 and version 3. Part of that is the universal access to mail, since users can find their mail anywhere they can get an Internet connection and a browser. Thunderbird 3 tries to answer this with revamped search features, which are very useful but also much slower than the online equivalents — at least if the user is starting with an account of any size. ![[Search Messages]](/images/ns/SearchMessages-sm.png)
When testing Thunderbird against IMAP accounts, it took quite a while for it to index messages in the account folders. Initially, Thunderbird would report that a search term matched no messages, even when the message was plainly visible. After Thunderbird has had time to index the folders, however, a very rich search functionality becomes visible. In addition to just finding messages that match specific strings or search parameters, Thunderbird presents a detailed search page that displays the folder that a message was found in, the account it belongs to, snippets of the top results, and so on. Users can, for instance, search their mail accounts for a term like "openSUSE," and then narrow it down to the sender, account, whether it has attachments, or what folder it is in. ![[Search Amazon]](/images/ns/SearchAmazonmp3-sm.png)
Thunderbird even creates a timeline graph of mails that match terms, so users can narrow results by clicking through to years, months, or even days that have matches. It is far simpler than trying to specify date parameters as part of a search. It is possible to do many of the same things with GMail, of course, but Thunderbird does make it a bit easier. Users don't need to memorize search parameters. The tradeoff is that Thunderbird is a bit slower than GMail or other Webmail services with search functionality, but this is only natural. Webmail providers already have all the mail on disk that they want to search, but Thunderbird doesn't have the same advantage. Users with a lot of mail should plan to give Thunderbird some time to index messages before relying on search heavily. Everything in its placeOne of the most compelling features for Thunderbird 3 is the unified inbox. Each account has its own inbox and set of folders, but when Thunderbird is configured with two or more accounts it also sports a unified inbox that shows messages from all the account inboxes. This is actually a Smart Folder that is set up automatically, with a rule to display all messages from each inbox. Users can modify this to only display new messages or set additional rules, or create new smart folders that display any messages that fit certain parameters. For instance, it is possible to set up a smart folder to only display messages from a specific email address (like, say, one's manager) or the age of a message, or its status. Users who want everything in one place can also use Thunderbird for news groups and RSS feeds. The search features work not only with the mail, but also the RSS feeds, which is particularly useful. Setting up RSS feeds is easy enough when importing from an OPML file, but (oddly) Thunderbird isn't one of Firefox's default applications to subscribe to feeds. One might expect that the product teams would coordinate this a bit better. It is possible to configure Firefox to use Thunderbird to subscribe to feeds by choosing the Thunderbird binary as the RSS application after clicking the RSS icon in Firefox's awesome bar. Once that's done, adding RSS feeds to Thunderbird works just fine. One disappointment, Thunderbird didn't recognize the "folders" from Google Reader. So when importing more than 100 feeds in an OPML file exported from Google Reader, they were displayed as flat list of feeds in alphabetical order. Google Reader's OPML export seemed to contain the right information, so it looks like this is something not implemented in Thunderbird. ![[Tabbed Interface]](/images/ns/Tabbed_Interface-sm.png)
The much-anticipated tabs are a nice addition for users who have a lot of messages open at one time. By default Thunderbird will open each message in a new tab, though if a user prefers, it is possible to configure Thunderbird to open them in a new window instead. Search results are also displayed in tabs, and users can open folders and smart folders in tabs too or in new windows if the "old school" method is preferred. In addition to tabs, the layout of Thunderbird has changed a bit in this release. It's not bad, but it does take some getting used to. The toolbar for messages displayed in the tab has changed quite a bit. The reply, forward, junk, and delete buttons are now on the right-hand side of the interface. Previously they were displayed at the top of the message and on the top toolbar. It's hard to say whether the new layout is better or not from a usability perspective with all things being equal, but it's a step backwards for those of us who are already familiar with the old layout. For those who are familiar with the old layout, the Thunderbird team offers the old way of doing things. Go to Help -> Migration Assistance. One of the helpful tools on that page is a button to use the original toolbar. This can be switched back and forth easily. Likewise, the "smart folders" mode can be turned off as well for users who prefer the old way of doing things. When it comes to sending mail, very little has changed. The composition window is pretty much the same as in Thunderbird 2. One nice touch with this release, though, is the ability to easily add contacts to the addressbook. Just click on the contact and it's added, much in the same way as adding bookmarks in Firefox. Finally, there's the new "archive" button. It is possible to spend entirely too much time deciding where to file messages. Thunderbird offers an alternative in the "archive" button, which just whisks a message away into an archive folder. The only thing is it's not 100% clear to the user where messages are going. The first time an message is archived with an account, Thunderbird creates a folder for that year and places the message there. This is configurable via the account preferences, but it's non-obvious. It would be good if the Thunderbird team would spend some time making this a bit more intuitive for the next update. What's missingIt's worth noting that Thunderbird still lacks a visible mobile strategy. While the Firefox team has been heads down on delivering Fennec, there's no sign that Thunderbird will be available on mobile devices. For users who don't travel much or don't access mail on mobile devices, this isn't a problem. For the "road warriors," however, this is a big missing piece. A minor feature that would be nice to have is the ability to import mail from other sources more easily. Thunderbird will grab settings from previous releases of Thunderbird, but that's about it. One would expect that Thunderbird would be able to grab mail from, say, an mbox file or other common clients and mail formats. Thunderbird is a top-notch desktop mail client. The Thunderbird 3 release brings a fair number of new and interesting features that are worth checking out if you prefer a desktop client. Whether it's compelling enough to attract many users who have adopted Webmail — or in many cases have never used anything but Webmail — is another story.
System Applications Audio Projects mpd 0.15.7 releasedVersion 0.15.7 of mpd (music player daemon) has been announced. "This bugfix release fixes a few critical bugs and quite a few minor bugs across the board."
Clusters and Grids execnet 1.0.2 releasedVersion 1.0.2 of execnet has been announced. "execnet is a small stable pure-python library for working with local or remote clusters of Python interpreters, with ease. It allows to make use of multiple CPUs, connects to remote places via ssh and sockets and requires no prior installation on remote places. The 1.0.2 release is fully backward compatible and ..."
Database Software MySQL Community Server 5.1.42 has been releasedVersion 5.1.42 of MySQL Community Server has been announced. "MySQL 5.1.42 is recommended for use on production systems. For an overview of what's new in MySQL 5.1, please see http://dev.mysql.com/doc/refman/5.1/en/mysql-nutshell.html".
PostgreSQL Weekly NewsThe December 27, 2009 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
PostgreSQL Weekly NewsThe January 3, 2009 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
SQLite release 3.6.22Version 3.6.22 of the SQLite DBMS has been announced. "Changes associated with this release include the following: * Fix bugs that can (rarely) lead to incorrect query results when the CAST or OR operators are used in the WHERE clause of a query. * Continuing enhancements and improvements to FTS3. * Other miscellanous bug fixes."
Embedded Systems CE Linux Forum NewsletterThe December, 2009 edition of the CE Linux Forum Newsletter is out with the latest news from the embedded Linux software development community. Topics include: * ELC 2010 Call for Presentations deadline is approaching * 31st Japan Technical Jamboree * 2010 Japan Technical Jamboree Schedule * SquashFS LZMA support is now in linux-next.
Interoperability OpenChange 0.9 releasedVersion 0.9 of OpenChange, an open-source implementation of the Microsoft Exchange Server and Exchange protocols, has been announced. "Release notes for this version: Improved portability, including a focus on supporting FreeBSD, OpenSolaris and other systems that do not use GNU libraries / shells; and portability fixes for use of the Intel C Compiler and Sun Studio compiler. 64 bit architectures should be better supported in this release..."
Samba Team Blog #3: Getting to Samba 4The latest Samba Team Blog discusses Getting to Samba 4. "The Samba 4 code has been worked on for over five years, and the Active Directory code is reaching a state where it's being run in production at several test sites. When the Samba Team met at the CIFS conference this year, we had a meeting to put together a plan for shipping a production Samba 4 code-base. Here's how we think it might work."
Mail Software sendmail 8.14.4 is availableVersion 8.14.4 of the sendmail mail transfer agent has been announced. "Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.14.4. This version fixes some problems:"
SpamAssassin 3.3.0-rc1 releasedVersion 3.3.0-rc1 of SpamAssassin has been announced. "Upstream has not made a major release in over 2.5 years so this is a significant upgrade in both spam detection and stability improvements. Upstream believes 3.3.0-rc1 is very close to final. We hope to bring more attention to testing of this release candidate to validate for the final release during January 2010."
Happy New Year from SpamAssassinThose of you using SpamAssassin to filter your mail may want to watch things a bit more closely than usual; it seems that current versions still include the rule known as FH_DATE_PAST_20XX, which adds 2-3 points to any message with a 2010 date in the headers. Surprisingly enough, such dates have suddenly become common, with the result that SpamAssassin may be generating more false positives than usual. The fix is to add:
score FH_DATE_PAST_20XX 0.0
to the local.cf file.
Networking Tools conntrack-tools 0.9.14 releasedVersion 0.9.14 of conntrack-tools has been announced. "The Netfilter project presents another development release of the conntrack-tools. This release includes several fixes for the command line tool and lots of improvements for the daemon. Specifically I'd like to thank Hannes Eder, Vincent Jardin and Samuel Gauthier for their suggestions and contributions."
hostmap 0.2.1 releasedVersion 0.2.1 of hostmap has been announced. "In this version there are a lot of bug fixes and some new features. hostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby and licensed under GNU General Public License version 3 (GPLv3). It's goal is to enumerate all hostnames and configured virtual hosts on an IP address. The primary users of hostmap are professionals performing vulnerability assessments and penetration tests."
Package Management stdeb 0.5.0 releasedVersion 0.5.0 of stdeb has been announced, it includes some new functionality. "stdeb produces Debian source packages from Python packages via a new distutils command, sdist_dsc. Automatic defaults are provided for the Debian package, but many aspects of the resulting package can be customized. An additional command, bdist_deb, creates a Debian binary package, a .deb file."
Web Site Development Django 1.2 alpha 1 releasedVersion 1.2 alpha 1 of Django has been announced. "As part of the Django 1.2 release process, tonight we've released Django 1.2 alpha 1, a preview/testing package that gives a little taste of some of the new features coming in Django 1.2. As with all alpha and beta packages, this is not for production use, but if you'd like to try out some of the new goodies coming in 1.2, or if you'd like to pitch in and help us fix bugs before the final 1.2 release (due in April), feel free to grab a copy and give it a spin."
Midgard 8.09.7 releasedVersion 8.09.7 of the Midgard web platform has been announced. "Main changes from 8.09.6: * Fixed crashes in content replication * Fixed deleting Multilang objects (#1522) * Fixed installer crashes (#1421) * Admin and user UI fixes (#1141, #1415, #1447) * Improved page symlinks feature (#1548)".
Miscellaneous CMNDBOT 0.1 releasedVersion 0.1 of CMNDBOT has been announced. "CMNDBOT is a port of GOZERBOT to the Google Application Engine. It supports wave, web and xmpp. It has a plugin structure that lets you add commands or register callbacks for events."
Desktop Applications Audio Applications axonlib 0.0.0 releasedVersion 0.0.0 of axonlib, which is aimed at audio experimentation, has been announced. "axon guidance (also called axon pathfinding) is a subfield of neural development concerning the process by which neurons send out axons to reach the correct targets. axons often follow very precise paths in the nervous system, and how they manage to find their way so accurately is being researched."
JackEQ 0.5.8 releasedVersion 0.5.8 of JackEQ has been announced. "It's been almost 4 years since a release and this one comes with many useful new features including... - Save/Restore UI state (with autosave on exit/quit). - Shiny new meters merging gtkmeter and gtkmeterscale into one class. - Mute buttons on all channels, right click to enable/disable. - One click eq reset (well two actually for your safety) - A revised UI theme taking advantage of Cairo rendering engine in gtk. Mmmm gradients."
jcgui 0.4 initial releaseVersion 0.4 of jcgui has been announced. "I would announce the release of Jc_Gui. It's a little host wrapped around the fantastic convolution engine from Fons Adriaensen called jconvolver (zita-convolver) It's designed to search/load and run IR-*.wav files on a local machine with jconvolver. It include a settings widget, were gain, delay, min/max mem and mode can set and the used wave file and a part of it (offset/length) could choosed."
jcgui 0.6 releasedVersion 0.6 of jcgui has been announced, it includes better GUI functionality and a bug fix. "What is it for ? It's designed to search/load and run IR-*.wav files on a local machine with jconvolver. It include a settings widget, were gain, delay, min/max mem and mode can set and the used wave file and a part of it (offset/length) could choosed."
Listen: An Alternative Music Player for GNOME (Linux.com)Linux.com has an overview of the Listen music player. "Among the notable features of Listen are: Last.fm song submission, support for podcasts, Internet radio, OSD (on-screen display), Wikipedia info and lyrics fetching, upcoming concerts, cover fetching (either from the local directory or from Amazon.com), tags lookup, tag editing, support for plugins, song queue, system tray integration, and visualizations."
Desktop Environments GNOME 2.29.4 releasedVersion 2.29.4 of GNOME, a development release, has been announced. "And here comes 2.29.4, just in time for the holiday season. It's a few hours late, but there were several build issues this time. But if you take all the right tarballs, this should now be okay :-) And you'll enjoy some cool stuff, like an updated nautilus with its changed focus (see discussion on nautilus-list), or various modules like gnome-control-center with tons of bug fixes. You can also take a look at gnome-keyring which has changed quite a bit internally... There are definitely many changes in there, so it's a good time to do some deep testing!"
GNOME Software AnnouncementsThe following new GNOME software has been announced this week:
Seigo: ++2009;KDE hacker Aaron Seigo has a lengthy retrospective of KDE in 2009 on his blog. "2009 was also the year that we finally got rid of the old system tray protocol and replaced it with one that is infinitely more flexible and allows us to better service users and software developers alike. At least some GNOME implementations will be picking this up in 2010 as well as an added bonus. For me this was one of those important advancements not only on a practical level but also symbolically: the system tray was one of those systems designed in the 90s for the reality of the 90s. We are committed to designing software for the 2000s, and doing the hard work even for the 'small' things (and being able to actually pull it off successfully) shows that those aren't just words." A look forward at KDE in 2010 is promised for later in the week.
KDE Software AnnouncementsThe following new KDE software has been announced this week:
Xorg Software AnnouncementsThe following new Xorg software has been announced this week:
Electronics Gerbv 2.3.0 releasedVersion 2.3.0 of Gerbv, a viewer for Gerber electronic CAD files, has been announced. "Gerbv release 2.3.0 introduces mostly major bug fixes".
Geographical Software Major improvements to MapOSMaticThe MapOSMatic team has announced that a new version of the maposmatic.org website has been put online, with major improvements over the initial version announced in September 2009. "For the record, MapOSMatic is a website that allows to generate city maps from OpenStreetMap data. Each map is divided into squares to easily find streets and is delivered with the corresponding street index." Last September MapOSMatic only supported major cities in France. With this update, MapOSMatic now has support for the rest of the world.
GUI Packages SPTK 4.00 releasedVersion 4.00 of SPTK, the Simply Powerful ToolKit, has been announced. "Several small bugs were fixed since last release candidate, mostly discovered when tested on different OSes."
Math Applications Scilab 5.2.0 releasedVersion 5.2.0 of the Scilab numerical computation platform has been announced. "The main modification are: - Xcos provides a new state of the art user interface for Scicos (INRIA) which allows to take all advantages of the powerful simulator. - ATOMS is an embedded packaging system for Scilab modules (toolboxes). This system allows the user to install modules in few seconds. - This new version also provides many of top-notch features like LaTeX/MathMl in the Scilab graphics, new optimization functions, a unified and consistent API to extend Scilab, a new text editor, improved graphic exports, advanced scripting capabilities."
Medical Applications Breaking: VistA Open Source PMS (LinuxMedNews)LinuxMedNews reports on plans for a new VistA compatible medical Practice Management System. "Dr. Matthew King, Edgeware Technologies and Mr. Djien So have collaborated over the last 3 years to develop a VistA compatible, high quality, multi-featured Practice Management System. The PMS will be released with the Affero v3 GPL open source license."
Multimedia GeeXboX Enna Media Center is availableThe initial release of the GeeXboX Enna Media Center has been announced. "Enna relies, at least for its graphical part, on Enlightenment Foundation Libraries (EFL) and, as for its multimedia capabilities, on libplayer (an audio/video multimedia player abstraction framework, that provides seamless control over either MPlayer, Xine, VLC or GStreamer) and libvalhalla (a metadata extraction library which also provides external resources retrieval, such as covers, posters, fan arts, lyrics along with saving these info on an SQLite database), both being originated and developed by GeeXboX team."
Music Applications a2jmidid version 6 releasedVersion 6 of a2jmidid has been announced, it adds some new capabilities and bug fixes. "a2jmidid is a project that aims to ease usage of legacy ALSA sequencer applications, in a JACK MIDI enabled system."
ams 2.0.1 releasedVersion 2.0.1 of Alsa Modular Synth has been announced, it includes a number of bug fixes.
aseqmm 0.2.0 releasedVersion 0.2.0 of aseqmm has been announced. "aseqmm is a C++ wrapper around the ALSA library sequencer interface using Qt4 objects, idioms and style. ALSA sequencer provides software support for MIDI technology on Linux."
guitarix 0.05.6-1 releasedVersion 0.05.6-1 of guitarix, a guitar amplifier simulator, has been announced. "Release 0.05.6-1 changes: * add delay effect * fix build against Gtk+ ver.2.12 * optimize GUI thread and reworked GUI * various bugs fixed".
MMA 1.5b ready to testVersion 1.5b of MMA has been announced. "Some nice little changes and additions, bug fixes, etc. Got a beef, suggestion or found a bug? Let me know! Hope you all had a great year and holiday. All the best in 2010! MMA is a accompaniment generator -- it creates midi tracks for a soloist to perform with. User supplied files contain pattern selections, chords, and MMA directives."
Office Applications HylaFAX 6.0.4/4.4.6/4.3.9 releasesThree new versions of the HylaFAX fax modem control package have been announced. "The HylaFAX development team is pleased to announce maintenance releases of HylaFAX 6.0.4, 4.4.6 and 4.3.9."
Officeshots adds two new featuresThe Officeshots ODF interoperability project, covered on LWN last November, has announced two new features. ODF validators: "Every ODF document that is uploaded is run through several different ODF validators. If the converted documents are also ODF documents (when you are testing ODF round trips) then those results are also passed through these ODF validators." ODF Anonymiser: "The ODF Anonymiser tries to make your document completely anonymous while maintaining it's overall structure. All metadata is removed or cleaned. All text in the document is replaces with gibberish text that has approximately the same word length and word distribution. All images are replaced with placeholder images. All unknown content is removed." (Thanks to Koen Vervloesem).
Pyspread 0.0.13 releasedVersion 0.0.13 of Pyspread, a spreadsheet application that uses Python expressions, has been announced. "New features in 0.0.13: * Print framework now supports colors and drawn elements * Splash screen removed * Some drawing speed improvements".
Web Browsers Firefox 3.5.7 and 3.0.17 releasedTime for another set of Firefox updates. This time, though, the release notes (3.0.17, 3.5.7) don't note any security-related problems. Instead, there's a crash which appears to be Windows-specific and some changes to how Firefox nags users to upgrade to newer major releases. The bugzilla entry is illuminating: "We need to fix this immediately on all branches. Added bonus: we're about to goose our Firefox 3.5 numbers!"
Miscellaneous Forban - a p2p free software and e-books sharing applicationAlexandre Dulaunoy has announced the Forban project, a p2p e-books sharing application. "With the recent publisher's move to sell (or should I say "to rent") e-books to readers or bibliophile, it looks like the sharing of books is trapped in something difficult or impossible to conceive for any editor or publisher. Even the simple fact of moving your e-Books to one reader to another reader (at the end, just moving your book to another bookshelf) is trapped on an eternal tax of purchasing again and again the e-books."
RedNotebook 0.9.1 releasedVersion 0.9.1 of RedNotebook has been announced, it adds new features, performance improvements and more. "RedNotebook is a graphical diary and journal helping you keep track of notes and thoughts. It includes a calendar navigation, customizable templates, export functionality and word clouds. You can also format, tag and search your entries."
Languages and Tools Caml Caml Weekly NewsThe December 29, 2009 edition of the Caml Weekly News is out with new articles about the Caml language.
Caml Weekly NewsThe January 5, 2010 edition of the Caml Weekly News is out with new articles about the Caml language.
Perl A summary of 2009 Perl 6 activityMoritz Lenz has posted a summary of Perl 6 development activity for 2009. Lots of stuff like: "In January we also learned that *-1 constructs a closure, which means that Perl 6 has semi-automatic currying features built into most operators."
Python The January, 2010 Python:RagThe January, 2010 edition of the Python:Rag is available. "The Python: Rag is a monthly newsletter covering any aspect of the Python programming language."
Python-URL! - weekly Python news and linksThe December 26, 2009 edition of the Python-URL! is online with a new collection of Python article links.
Python-URL! - weekly Python news and linksThe December 31, 2009 edition of the Python-URL! is online with a new collection of Python article links.
cx_Freeze 4.1.2 releasedVersion 4.1.2 of cx_Freeze has been announced, it includes several bug fixes. "cx_Freeze is a set of scripts and modules for freezing Python scripts into executables in much the same way that py2exe and py2app do. It requires Python 2.3 or higher since it makes use of the zip import facility which was introduced in that version."
Numpy 1.4.0 releasedVersion 1.4.0 of Numpy, a Python math library, has been announced. "I am pleased to announce the release of numpy 1.4.0. The highlights of this release are: - Faster import time - Extended array wrapping mechanism for ufuncs - New Neighborhood iterator (C-level only) - C99-like complex functions in npymath, and a lot of portability fixes for basic floating point math functions".
PyDSTool 0.88 releasedVersion 0.88 of PyDSTool has been announced. "A new release of the dynamical systems modeling toolbox PyDSTool is available from Sourceforge".
pySerial 2.5-rc2 announcedVersion 2.5-rc2 of pySerial, a serial port driver for Python, has been announced. "Whats new since rc1: - Several small bugfixes. - updated RFC2217 implementation, client support. - changed Posix read implementation (error handling for disconnected devices)..."
pyxser 1.4r releasedVersion 1.4 of pyxser has been announced. "I'm pleased to announce pyxser-1.4, a python extension which contains functions to serialize and deserialize Python Objects into XML. It is a model based serializer."
Version Control Git 1.6.6 releasedVersion 1.6.6 of the Git distributed version control system has been announced. "In this release, "git fsck" defaults to "git fsck --full" and checks packfiles, and because of this it will take much longer to complete than before. If you prefer a quicker check only on loose objects (the old default), you can say "git fsck --no-full". This has been supported by 1.5.4 and newer versions of git, so it is safe to write it in your script even if you use slightly older git on some of your machines."
Mercurial 1.4.2 releasedVersion 1.4.2 of the Mercurial source code management system has been announced. "This is a minor bugfix release as part of our time-based release schedule."
Miscellaneous GNU patch 2.6.1 releasedVersion 2.6.1 of GNU patch has been announced. "The previous release was on 13 November. NEWS since then: * Support for diff3(1) style merges which show the old, original, and new lines of a conflict has been added (--merge=diff3). The default still is the merge(1) format (--merge or --merge=merge). * Bug and portability fixes."
Page editor: Forrest Cook Announcements Commercial announcements Red Hat Reports Third Quarter ResultsRed Hat has announced financial results for its fiscal year 2010 third quarter ended November 30, 2009. "Total revenue for the quarter was $194.3 million, an increase of 18% from the year ago quarter. Subscription revenue for the quarter was $164.4 million, up 21% year-over-year."
Legal Announcements The ongoing MySQL campaignMichael Widenius continues his campaign to keep Oracle from acquiring MySQL with a petition and a lengthy FAQ on what he sees the problems being. "If the deal is approved based on the fact that 'MySQL can be forked', that will be a big blow to open source Software. It means that open source software is not protected for anti-competitive measures and it will be ok for big companies to freely buy up their open source competitors and kill them. Note that not even PostgreSQL is safe from this threat! For example, Oracle could buy some companies developing PostgreSQL and target the core developers. Without the core developers working actively on PostgreSQL, the PostgreSQL project will be weakened tremendously and it could even die as a result."
Articles of interest ASUS Eee PC 1201N: Dual-Core Atom + ION FTW? (AnandTech)AnandTech reviews the ASUS Eee PC 1201N. "With a 12.1" LCD running at 1366x768, for me the problem of being too small is addressed. I can comfortably type on such a laptop, though I still prefer full-size ergonomic ("natural") keyboards. The resolution is enough that common tasks fit within the available area. As for the performance, we have moved from a single-core 900MHz Celeron CPU to the first (only) dual-core Atom netbook. With SMT, the Atom 330 is able to work on up to four threads simultaneously, and while we still wouldn't call it "fast" it's certainly faster. The CPU also gets some help in the memory department, with 2GB of DDR2 memory in a dual-channel configuration."
OLPC Unveils Radical Laptop Design for 2012 (eWeek)eWeek reports on the latest OLPC plans. "One Laptop Per Child is unveiling the development road map for its XO low-cost notebook through 2012, including one new XO powered by chips from Via due out in January 2010 and another with an ARM-designed processor aimed at 2011. OLPC also unveiled a one-panel laptop made of flexible plastic that is scheduled for launch in 2012."
Technology changes 'outstrip' netbooks (BBC)BBC has some predictions on the future of netbooks. "Arm hopes that many more netbook makers will be using one of its designs as a core processor and turn to Linux as the operating system. At the very least a crop of Arm-based netbooks might mean a big boost to battery life. Arm's mobile pedigree means it is designed to be parsimonious with power." The long-term prognosis for this class of computer is grim, though.
15 game-changing Linux moments of the decade (TechRadar)In a retrospective, TechRadar looks at Linux innovations over the last decade. "If you were sat at your Linux computer one dark evening in late 1999, things would have been considerably different. [...] Your machine would probably be running either Red Hat 6.1 or Mandrake 6. [...] Outside your window, the world was going crazy for all things dotcom. Microsoft was prepping both Windows 2000 and its ill-fated Millennium edition, while Apple had just released OS 9 and its Power Mac G4."
2009's Five Most Popular and Important Linux Stories (ComputerWorld)Steven J. Vaughan-Nichols lists his most popular and favorite Linux stories of 2009. "Before jumping into this, let me say that's what popular isn't the same thing as what's important. So, I'm giving you a twofer list. The first is the most popular of my stories, and then there are the stories, which I think are the most important for Linux's future."
10 reasons why Microsoft must buy Palm (Betanews)For some end-of-year amusement: Betanews advises Microsoft to buy Palm as a way of getting back into the smartphone market. "Microsoft should offer an open-source mobile operating system -- and WebOS would be it. A proprietary OS is less appealing when a good open-source alternative (Android) is available. Microsoft has too much valuable intellectual property tied into Windows Mobile for an open-source effort. But WebOS would be an easy open-source project."
Linux-running Pandora game handheld nears completion (Neoseeker)There is a brief update on the status of the Linux-based Pandora handheld gaming system over at Neoseeker. The first 3000 units have sold out and the system is undergoing final regulatory testing. Eventually, it will sell for $330. "The Pandora is about the size of PSP (with dimensions of 83mm by 140mm). It has a 600MHz ARM Cortex CPU, and a 800x480 display capable of OpenGL and 16.7 million different colors. A small qwerty keyboard, a touchscreen, and dual analogue controls will help you game, or use your Pandora for non-gaming: with Wifi, Bluetooth and a USB 2.0 host you'll be able to do a great deal with this game system. [...] Did we mention the Pandora runs on Linux? It runs a variation of Angstrom-Linux and is designed to be able to handle emulators (such as for the C64, NES and other older systems) in addition to being able to run Linux games such as Quake 3, and browsers such as Firefox."
A Small Business Guide to Linux Desktop Software (Small Business Computing)This SmallBusinessComputing.com article on desktop Linux has little to teach LWN readers - except how Linux distributions are seen by that particular audience. "If you have a limited IT vocabulary, it's probably better to stick with Red Hat and Novell. Choose the support option based on your needs and budget."
Resources Still Livin' La Vida Linux (Tux Deluxe)Jeremy Allison updates the world on his Linux-based multimedia device experiences on Tux Deluxe. "The Sonos platform is based on an embedded Linux kernel, but the user interface is completely custom, using separate Linux based controller devices to select play lists (although you can also use an iPhone). This is embedded Linux done right."
Learning is Childsplay (Linux Journal)Linux Journal reviews Childsplay. "After I finished my recent articles on Teaching with Tux and Learning with Gcompris, I received a couple of suggestions from readers that I take a look at Childsplay. I spent some time looking at Childsplay and if you have small children, I think you should too. As soon as I started the program, it started to play it's theme song and my 18 month old son came running, and he still comes running every time he hears that music. For most parents and educators, my review of this program could end right here, but I suspect that I should probably write a bit more."
Linux Gazette #170 is outDecember's possibly gloomy outlook for Linux Gazette seems to have turned around as the January issue is out with a full complement of articles. On the back page, editor-in-chief Ben Okopnik writes about the response to December's edition: "Last month, in this very space, I asked for you, our readers, to write in; to let us know that you were reading LG, that it mattered to you - in short, to tell us whether LG's continued existence was a value to the Linux community, as I believe it is. The response has been nothing short of phenomenal and tremendously heartening: for the last month, I've been buried under a huge pile of supportive email from all over the world, with a number of offers of help and ideas for improvement."
One Month Of Monitoring The Linux Kernel Performance (Phoronix)The Phoronix folks have launched a project to track Linux kernel performance on a daily basis. The results for the first month are now available. "For those that may have forgot, at the start of December we launched the Phoronix Kernel Test Farm to begin benchmarking the Linux kernel on a daily basis using the automated tools that we provide via the Phoronix Test Suite and Phoromatic. Towards the middle of December we then unveiled the Phoromatic Tracker, which exposes these test results in real-time to the public. Well, it's now been a month of monitoring the kernel's performance and the entire Linux 2.6.33 kernel development cycle thus far, with many interesting findings."
Open Source Business Resource, January issueThe January issue of the Open Source Business Resource is available, with a focus on "success factors." "The authors in this issue explore: the importance of well defined processes, the value of documentation to end users, the diverse tasks of a community manager, the value provided by participants who don't contribute code, and how a community can assist in creating training materials. Each concentrates on a particular success factor, and as a whole, provide a fuller picture of what to look for in a successful open source project or company."
OpenMovieEditor And Blender: More NLE Delights (Linux Journal)Dave Phillips reviews OpenMovieEditor and Blender in their video editing capabilities for the Linux Journal. "At first glance I wasn't too impressed with OpenMovieEditor, but after spending some time with it I've come to like it a lot. I still find its default appearance rather blocky (FLTK can look better), and the alternative "plastic" style and colors are too bright for my notebook's display. However, I also found OpenMovieEditor to be very easy to learn and use, steady as a rock (excepting the DV file load problem), and perfectly capable of fulfilling its stated goal as a basic NLE for desktop video production."
Calls for Presentations Bossa Conference 2010 submission deadline extendedThe submission deadline for Bossa Conference 2010 has been extended to January 17. "We're pleased to announce that the Bossa Conference 2010 will be held in Manaus, Brazil on March 07-10, 2010."
OSCON 2010: Call for ProposalsOSCON, the O'Reilly Open Source Convention, will be held July 19 - 23, 2010 in Portland, Oregon. The call for participation is open until February 1, 2010. "The OSCON Call for Participation is now open. If you have winning techniques, favorite lifesavers, war stories, productivity tips, or other ideas to share, we want to hear from you. We're especially on the look-out for ways to do more with less, design and usability best practices, mobile device innovations, cloud computing, parallelization, open standards and data, open source in government, business models, and beyond."
OSDC.TW calls for papers (use Perl)use Perl has announced the call for papers for OSDC.TW, submissions are due by January 31. "hcchien writes "We are glad to announce the OSDC.TW 2010 will be at 2010/4/24-25 in Acadmeia Sinica, Taipei. So it's time to call for papers now. If you work for any interesting open source projects. It is a good time to introduce your projects to the open source developers in Taiwan."
Upcoming Events First FOSDEM 2010 Speaker InterviewsInterviews with four of the speakers at FOSDEM 2010 are now available. FOSDEM will be held February 6-7 in Brussels, Belgium. This round of interviews includes David Fifield (Nmap), Greg Kroah-Hartman (Linux kernel), Richard Clayton (Evil on the internet), and Wim Remes (OSSEC). From David Fifield's interview: "The talk will be about the Nmap Scripting Engine, or NSE. This is an embedded Lua interpreter combined with networking libraries that have access to Nmap's internal data structures. After running a port scan, the scripts you select will run to get more information about the target. We have some simple scripts that do things like check for a readable /etc/passwd on a web server or get an SSL server certificate, and more complex ones that look up AS numbers, check for Windows vulnerabilities, or list NFS exports." More speaker interviews will be coming in the next few weeks.
LibrePlanet 2010 free software community conferenceThe FSF has announced the LibrePlanet 2010 free software community conference. "The three day event will be held in Cambridge, Massachusetts, at the Harvard University Science Center, from March 19th to March 21st, 2010."
Events: January 14, 2010 to March 15, 2010The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it.
Page editor: Forrest Cook
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Memory zone]](/images/ns/kernel/compaction1.png){kind=small}
![[Movable pages]](/images/ns/kernel/compaction2.png)
![[Movable and free pages]](/images/ns/kernel/compaction3.png)
![[Happy ever after]](/images/ns/kernel/compaction4.png){kind=small}