LWN.net Weekly Edition for May 6, 2010

A binary analysis tool for GPL compliance investigations

There are thousands of embedded devices running Linux today, with more released hourly it seems. Many of those are in full compliance with the licenses for the free software that they ship, but some, sadly, are not. In most cases, it is probably due to ignorance, but sometimes arrogance or even malfeasance play a role. A new Apache-licensed Binary Analysis Tool from Armijn Hemel and Shane Coughlan is meant to help developers and others interested in GPL compliance in determining whether Linux or BusyBox are present in a particular device.

There are multiple levels to GPL compliance investigations. If the device is not shipped with source, nor an offer to provide it, one can assume that it contains no GPL code. In that case, just detecting the presence of the Linux kernel or BusyBox is enough to identify a problem. For devices that do ship or offer source, there is another step: determining whether the source code and configuration that was provided corresponds to the code on the device. That process was described by Hemel and Coughlan in a series of LWN articles (part 1, part 2, and part 3).

The first step is to extract any filesystems that exist in a firmware image, so that they can be investigated further. The Binary Analysis Tool provides the bruteforce.py script to detect various kinds of filesystems, including those that are compressed, and to extract them from the image. It then digs down inside the filesystem to find "interesting" files. Right now, the output is terse, but that is slated to change "in the near future", according the README file.

Beyond that, there are scripts to look at BusyBox and kernel binaries to extract configuration information. Running:

    python busybox.py --binary=/path/to/busybox

on a BusyBox binary results in a list of configuration options that shows which of the applets were built into the binary:

    CONFIG_ADDGROUP=y
    CONFIG_ADDUSER=y
    CONFIG_ADJTIMEX=y
    ...

BusyBox configuration is important because it can be a clue as to whether or not the source corresponds to the binary. In fact the tool provides an automated way to compare the configuration found in a binary with one that is included in the source: busybox-compare-configs.py.

The tool uses a database of sorts for BusyBox configurations going back to the 0.52 release. The busybox-version.py command can be used to manually determine the version of a binary, or the other tools will do so automatically—though it can be overridden on the command line. In addition, the busybox.py script can check for applets in a binary for which there is no configuration option in the official BusyBox sources, which would indicate that additional code (for which source must be released) has been added.

There are also scripts to extract configuration and strings from a Linux kernel. extractkernelstrings.py is used on a provided kernel source tree and generates a database of strings that should be present in the kernel image. findkernelstrings.py then uses that database and the kernel image file to find matches, and, more importantly, things that do not match. Once again, this can lead to a determination that the source code and shipped binaries are either not the same, or not configured in the same way.

Due to various reverse engineering laws worldwide, the Binary Analysis Tool does not do any kind of decompilation or disassembly of the code that it finds. It strictly looks at the symbol tables and strings stored in the binaries to do its work. For much the same reason, it does not try to "crack" any encryption or DRM that might be protecting the firmware image or its contents.

The tool is still a bit rough around the edges, but does come with fairly extensive documentation, both as PDF Quick Start and User guides and various documentation files in the source tree. It comes as a tarball or can be grabbed from an svn repository. The list of dependencies seems a bit large for a program of this type. For the kernel strings database, it includes the PyLucene Python library for accessing the Java-based Lucene text searching and indexing, which necessitates installing OpenJDK and Ant. More obvious dependencies for things like python-magic for magic numbers, e2tools and squashfs tools for accessing filesystems, and various compression utilities are required as well.

The development of the Binary Analysis Tool was supported by the NLnet Foundation and the Linux Foundation, and it was created by Hemel as part of his work at Loohuis Consulting and by Coughlan at OpenDawn. It is still being actively developed with releases scheduled for May and July. Contributions of bug reports, development time, or money to continue development are welcome.

While the scripts will be useful as a starting point for those who are investigating GPL compliance, there is still quite a bit of work to be done. The tool provides a framework for looking at two of the most common GPL-licensed components appearing in embedded devices, but there are others. It's no coincidence that that the tool focuses on BusyBox and the Linux kernel, which have been the most successful at enforcing license compliance in the last several years. As other projects are used more widely in embedded devices, there will be a need to expand the coverage of tools like this.

There are uses for the tool beyond those of developers trying to ensure that their code is used properly. Embedded device manufacturers will also find it useful. There have been numerous cases of OEMs getting code from their suppliers without the proper source files—or even notice that it contains GPL code. Companies can also test their competitor's products for compliance to help level the playing field. Any tool that makes it easier to spot license compliance problems is a boon for developers, users, and device makers.

Comments (8 posted)

Koha community squares off against commercial fork

Koha is the world's first open source system for managing libraries (the books and periodical variety, that is), and one of the most successful. In the ten years since its first release, Koha has expanded from serving as the integrated library system (ILS) at a single public library in New Zealand to more than 1000 academic, public, and private libraries across the globe. But the past twelve months have been divisive for the Koha community, due to a familiar source of argument in open source: tensions between community developers, end users, and for-profit businesses seeking to monetize the code base. As usual, copyrights and trademarks are the legal sticks, but the real issue is sharing code contributions.

Koha was originally written in 1999 by New Zealand's Katipo Communications, spearheaded by developer Chris Cormack. Katipo was contracted to build an ILS for the Horowhenua Library Trust (HLT) to replace its aging (and Y2K-bug-vulnerable) system, and to release the code under an open source license. The name Koha is a Māori word for a reciprocal gift-giving custom.

The first public release was made in 2000. Over the years, Koha usage grew, and several businesses popped up to provide support and customization services for Koha-using libraries; as with many infrastructure applications, the ongoing support of an ILS is the real expense. An ILS not only serves as an electronic "card catalog" system for library patrons, but handles acquisitions, circulation tracking, patron account management, checkout, search, and integration with other cataloging systems for inter-library loan. Libraries do not change ILS vendors quickly or lightly.

One of these support businesses was US-based LibLime, founded in 2005 by Koha developer Joshua Ferraro. In 2007, LibLime purchased Katipo Communications' assets in Koha, including its copyright on the Koha source code, and took over maintenance of the koha.org web site. For several years, life continued on as it had before; koha.org was the home of the project, and LibLime participated in Koha's ongoing development as did several other support-based businesses, many individuals, and many libraries.

The fork

The first signs of trouble began to appear in mid-2009, when LibLime announced that it would be providing its customers with a version of Koha built from a private Git repository, instead of the public source code maintained by the community as a whole. Many in the community regarded this as an announcement that LibLime was forking the project, a claim that Ferraro denied. The company cited several factors as its reasons for maintaining a separate code base, including the need to deliver on Koha contract work on its own deadlines, lack of quality control in community code contributions, and customer data it could not make public.

Ferraro stated that LibLime would publish its enhancements to Koha, that it was "100% committed to the open-source movement", and that its integration with the main code repository would be "seamless." However, no such publication took place; as of today, the most recent source code for LibLime's products that is available on the web site are from June of 2009, and the LibLime source code repository remains inaccessible to the public.

LibLime's enhanced version of Koha is named LibLime Enterprise Koha (LLEK), runs on Amazon's EC2 cloud platform, and sports a list of features not present in the 3.0.2 "community" release. Meanwhile, the community has continued to develop Koha, making point releases to the 3.0.x branch, and is readying a major update in version 3.2.

Enough people in the Koha community were concerned about the project's future and about practical matters like the web site and Git repository that they decided to migrate to a new domain, koha-community.org, to be managed by a committee and legally held by Koha's original sponsors, HLT. Those migrating included Cormack, many other core developers, and several of the other Koha support vendors.

2010 started off with a ray of hope for commercial and community reconciliation, when Progressive Technology Federal Systems, Inc. (PTFS), another Koha support vendor, announced in January that it was acquiring LibLime. PTFS was a relatively recent convert to the Koha community; it started out as a proprietary-only ILS vendor catering to government and military institutions. But it selected Koha as its open source product of choice in 2008, in part for its ability to integrate with PTFS's profitable digital content management products. PTFS engineers had been active on the mailing list and IRC channel, and submitted patches back to the community, so the community was optimistic that they would continue to participate, and the LLEK fork would be merged back into the main branch.

In April, PTFS asked the community — developers, documentation and translation teams, release managers — to return to the koha.org domain, and set up a new repository with the intent of merging the code. As community members explained in the thread, they did not like those terms and instead asked PTFS to either turn the koha.org domain over to the community or to bring its code and participants to the koha-community.org site.

Unfortunately, what could have been a simple disagreement over hosting and domain name relevance deteriorated further. PTFS asked HLT's Koha committee for a conference call under a non-disclosure agreement, but the committee asked for a public email or IRC discussion instead. PTFS then responded with a press release (copied to the Koha mailing list) publicly criticizing the committee, calling it "new to business matters," "one-sided," and "inaccurate," and touting its own version of Koha as superior. Judging by the responses on the list, that action served only to further alienate the already-suspicious Koha community at large.

Code, Trademarks, Copyrights, and Names

Koha is far from the first project to go through such a divisive conflict. In fact, forks of free software projects are not wrong in and of themselves, and can lead to improvements in the code. What caused the major split between the Koha community and LibLime was the company's decision to keep its fork private and not give back. It promised to do so, but instead withdrew from the Koha community altogether.

Naturally there is no way to prevent individuals or companies from acting with hostility, but the Koha project was vulnerable to LibLime's behavior on a couple of fronts. First, as it recognized, LibLime controlled the ostensibly community-run koha.org site — prompting the community to re-launch the content in a new location.

What is more troubling is that, based on its actions, LibLime evidently believed that it had the right to create a closed-source fork of Koha due to its acquisition of Katipo Communications's Koha assets, including the latter company's copyrights. But whether or not Katipo's copyrights constituted the whole of Koha in 2009 when LibLime forked the project is questionable. Cormack and other developers point to the Git repository's commit statistics, which show the percentages by individual authors. How to interpret those statistics is an open question, but there was no copyright assignment required to participate in Koha development. In the absence of such an agreement, Koha contributors retain copyrights for their work; as a result, taking the code proprietary is not an easy option for anybody.

It is still unclear whether or not LibLime provided the full source code to its LLEK product to its paying customers, as is required by the upstream Koha project's GPLv2+ license. Koha is written mostly in Perl, which is presumably distributed in source form, but the GPL source requirement does include all the source necessary to build the software, include supporting libraries and compilation scripts — a requirement that might affect support libraries needed to support LLEK's EC2 environment.

Muddying the waters still further is the issue of who can legally call their code "Koha" at all. LibLime filed for a registered US trademark on the name in October 2008; it was granted in May of 2009. European support vendor BibLibre filed for an EU trademark on "Koha" in December of 2008; it is still undergoing review. Finally, LibLime filed for the Koha trademark in New Zealand itself in February of 2010; it too is still undergoing review. Yet "Koha" has been used as the name of the open source project itself, not a vendor package or support product, since 2000.

The Software Freedom Law Center's Karen Sandler said that such trademark-based disputes are common, enough so that SFLC has published a primer on the subject for projects. Without commenting on the specifics of the Koha situation, she noted that although registration constitutes "legal presumption of ownership," if another party can prove it was using the mark first, it retains the right to use the mark. In addition, she added,

The community's unstructured approach to the project in past years does not make up for PTFS's very public missteps, however. The company may indeed have meant to put the community back together into a functioning whole when it initiated talks about the web site, but it clearly underestimated the ire that LibLime had earned through its actions over the previous year, and the derisive press release would be considered a mistake under any circumstances. If there was any hope of drawing the larger Koha community back to koha.org, it probably died when that message went out.

Cormack observed on his blog that any vendor has the right to try and turn its Koha offering into a superior product for customers in order to increase sales — the harm was inflicted because of the way LibLime chose to carry out that business decision.. Whether you agree with that or not, however, it seems that the project would have been better equipped to cope with LibLime's withdrawal from the community had the domain name, trademarks, and perhaps even copyrights been held by a trusted entity such as HLT. Taking those legal steps is something few projects seem to consider when things are running smoothly. They are no doubt time-consuming and tedious, perhaps even expensive. But so is trying to do them in a hurry, ten years after the project launches, with hostile players going after your name.

[ Thanks to Lars Wirzenius for pointing us toward this topic. ]

Comments (16 posted)

A conference on software patents and free software

On April 29, the University of Colorado held a conference on patents and free software. Your editor, having spent the morning getting some significant dental work done, figured that an afternoon devoted to software patents would appropriately continue the day in the same theme - only without the anesthetic. The following is not a comprehensive report of the event; instead, it focuses on a few of the more interesting moments.

Pamela Samuelson is a professor of law at the University of California at Berkeley; she also serves on the boards of organizations like the Electronic Frontier Foundation, the Electronic Privacy Information Center, and Public Knowledge. At the conference, she presented some results on her research into the idea of software patents as an incentive for innovation. A survey was done back in 2008, with 15,000 surveys sent out to a large number of firms. 1,333 of them - representing over 700 companies - came back. The numbers that came out were interesting, if arguably unsurprising.

According to this survey, 65% of software companies have no interest in software patents; they do not see patents as an important part of doing business. That compares with 82% of non-software companies which said they were working toward the acquisition of patents. It is worth noting that companies with venture capital backing had a higher level of interest in software patents than those without.

When companies do go for software patents, their motivations tend to be to enhance their reputation and make it easier to secure investments. Preventing litigation was also cited as a reason. But, when it comes to the question of what makes a software business successful, patents were at the very bottom of the list. Being first to market was the most important success factor. In summary: software patents are a weak incentive - at best - toward innovation.

So, do software patents matter for new companies? Lawyer Jason Haislmaier said that they can be important, especially with venture-backed companies, because they are relatively attractive to investors. Venture capitalist Jason Mendelson disagreed, though, saying that he didn't care about patents in the companies that he evaluates. In fact, if a company is focused on getting patents, he sees it as a reason not to invest: the company should be putting resources into its products instead.

Stormy Peters, director of the GNOME Foundation, noted that community developers tend to be strongly anti-patent; a company with a patent-heavy focus may find it hard to work with the community or hire developers. Stormy also worries that the current trend toward cloud computing may make the issue of open source software moot. The convenience of free web services has, she says, distracted the community from the issue of freedom. There needs to be a means by which truly free and open services can be defined.

Patent litigation was the subject of a different panel. Lucky Vidmar started with the observation that patent suits against open source software still tend to be rare, and that suits against individual developers are not really happening. In general, he says, the lawsuits which have come about have little to do with open source; they are just more in a long series of software patent suits. But suits against open-source companies do tend to get a lot of negative attention, something which potential plaintiffs may well keep in mind.

Julie DeCecco, a litigator for Oracle (by way of Sun), noted that patent litigation is very expensive. That alone makes it unlikely that open source projects will be sued; the exposure to legal action is proportional to the amount of money being made. "Follow the money," she says, and you'll see where the lawsuits are happening. Attorney David St. John-Larkin suggested that open source might be more vulnerable to these suits due to the public nature of its development.

Jason Schultz and Jennifer Urban are both from the Samuelson Law, Technology and Public Policy Clinic at Berkeley; Schultz previously did a stint at the EFF. They presented a concept they have been working on as a way of mitigating the software patent threat called the Defensive Patent License, or DPL. This work is in an early stage, and the DPL text is not yet available, but it should be forthcoming in the near future.

The core idea behind the DPL is that software patents can serve in a useful, defensive role. They can be used to negotiate cross-licensing agreements, and they can be used for countersuits if need be. But defensive patents are not as heavily used as they could be, especially in the open source area. There are a couple of possible reasons for this: defensive patents require a concentration of resources that doesn't always exist in our community, and there tends to be a certain amount of distrust toward the acquisition of patents for defensive purposes.

[PULL QUOTE: The DPL would promote the defensive use of software patents in a way which reinforces the free software community's norms; it is meant to be similar in spirit to the GPL. END QUOTE] The DPL would promote the defensive use of software patents in a way which reinforces the free software community's norms; it is meant to be similar in spirit to the GPL. A company which buys into the DPL will put all of its patents under that license. Any other DPL licensee could then automatically obtain a royalty-free license for any of those patents. The license is irrevocable - unless the licensee sues another DPL licensee or withdraws from the pact. Withdrawal is possible with advance notice (six months was suggested), but any licenses granted to others would remain valid.

If this idea takes off, it will encourage the creation of a growing network of cross-licensed patents; eventually, the value of joining the pool will be far higher than remaining outside of it. Since patents in this scheme cannot be used to attack other participants, they will be limited to defensive uses only. Among other things, that should keep DPL-covered patents out of the hands of patent trolls.

There are a lot of details to be worked out yet, and it is far from clear that the idea will really take off. It is hard to imagine that large companies with extensive patent portfolios would be willing to commit the entire set to the DPL. The concept is interesting, though; we will see where it goes.

The discussion danced around a number of issues, including patent shakedowns that are settled without the filing of lawsuits, current litigation, or the general problem of low-quality patents. With regard to the last two, your editor asked about Apple's attack against HTC, which is using some highly dubious patents as a weapon against Linux. Nobody wanted to talk about the Apple case, but Julie DeCecco said that the best weapon against low-quality patents is reexamination actions in the patent office. They are relatively cheap (at a mere $20K or so) and are often at least partially successful.

Jason Schultz said that he participated in a number of these actions while at the EFF. They can be effective, but there are a lot of bad patents out there, and there's no way to challenge them all.

Your editor would note that, when talking with people more directly involved in the defense of free software, he has found the reexamination option to be held in relatively low repute. The actions are risky and might serve to make the patent stronger; this has happened with the VFAT patent. And, in the best of scenarios, it is still not possible to truly kill a patent this way; they can always come back after further rewriting by the patent holder.

There was a panel on the intersection of open source, patents, and standards; much of it was about as exciting as sitting on one of the standards committees themselves. The audience did hear an interesting presentation from Steve Mutkoski of Microsoft, who asserted that patent-encumbered standards are entirely compatible with most open source licenses. In fact, "only the GPL family of licenses" is truly problematic in this regard. It is, he suggested, more of a problem with the GPL than with patents.

Also, Steve made the claim that a lot of people who complain about patent-encumbered standards really just don't want to pay royalties. That may well be true, but it's not relevant to the larger discussion. Unfortunately, there did not seem to be anybody on the panel who understood free software well enough to try to correct that point of view.

There was an interesting suggestion that, perhaps, we need some concept of "fair use for patents." That is especially true in situations where the government has mandated the use of a patent-encumbered standard in some situation. Nobody tried to fill in the idea of how fair use might work in this setting, though.

In summary, your editor found the event to be somewhat frustrating. It was dominated by lawyers of the academic variety with a small venture capital presence; Stormy Peters was the only community representative on the panels. Even so, it is interesting to see how the problem is viewed by people who are a few steps removed from it.

Comments (16 posted)

Results from the LWN reader survey

As part of our "media kit" project, we put together a reader survey that ran for the last two weeks of April. Over 1800 readers filled out the survey—our thanks to all of them—and, as promised, here is a summary of the responses.

The vast majority (90%) of respondents were subscribers, and almost all of those folks intend to continue. Less than 5% of responses either never planned to subscribe or may not resubscribe. Three-quarters of subscribers were likely to continue their current level if there were a subscription price increase, with 8% overall likely to drop to a lower subscription level and 16% being less likely to subscribe or renew.

As for LWN content, the weekly edition front and kernel pages are by far the most popular, with 90% reading them frequently. The daily news page (71%), weekly development (70%), security (61%), and distributions (52%) pages were all fairly popular as well. Less so were the yearly timeline (33%), weekly announcements page (27%), and the events calendar (10%).

Pages and features that readers could live without had responses that, unsurprisingly, mirrored those above. No more than 25% of readers could live without any of the daily or weekly pages, with the exception of 45% who would be fine without the announcements page. The events calendar (57%) and timeline (34%) didn't fare as well.

The clear winner for areas that readers would like to see more coverage is "Languages and development tools" at 57%. Roughly 40% would like to see more system administration and desktop Linux coverage, while approximately one-third saw embedded systems and virtualization as areas for expanded coverage. "The business of Linux and free software" was only chosen by 25% of respondents and it would seem that we, perhaps, have the right amount of coverage of legal issues and conferences as only 20% thought those should increase.

Formatting LWN for mobile device display was the most popular choice for that question, with 30% saying that they would personally use it. A PDF version of the weekly edition was next at 17%, but EPub (7%) and Kindle (2%) were not particularly interesting to respondents.

The question about regularly used distributions led to some interesting results, with Ubuntu (54%) and Debian (44%) far ahead of any of the rest. The next tier was led by Fedora (24%), followed by Red Hat Enterprise Linux (21%), other OS (20%), CentOS (19%), and other Linux (15%). All of the rest came in at less than 10%: Gentoo, openSUSE, SUSE Linux Enterprise Server, Mandriva, and Oracle Unbreakable Linux (with 13 respondents) in that order.

In the single-choice "primary desktop" question, GNOME came out way ahead with 50%. KDE had a 23% share and the numbers drop off quickly from there. 8% use some Linux desktop environment that we didn't list and 7% use another OS entirely for their primary desktop. No desktop environment (5%) was just ahead of Xfce (4%), while LXDE is only used by ten of our readers who responded.

As we move forward, and look at changes we might make—for content, features, and coverage—we will definitely keep these answers in mind. There are some things, like the events calendar, that we do as a service to the community and are likely to stay, even if they are somewhat sparsely used. But when thinking about article assignments and where to focus our efforts, these answers will come in very handy. Thanks again to all who responded.

Comments (39 posted)

Page editor: Jonathan Corbet

Security

Qubes: security by virtualization

The Polish security researcher Joanna Rutkowska is specialized in low-level security, including hardware-based attacks, kernel exploits, rootkits, and virtualization malware. Among other things, she has discovered leaks in the Windows Vista kernel, the Xen hypervisor, and Intel's Trusted Execution Technology (TXT). In 2007 Joanna founded Invisible Things Lab and subsequently her team has changed strategies: they decided to use the knowledge they have gained in breaking systems to create a new operating system that improves security for users.

Last month, Invisible Things Lab presented the first result of this: it launched an alpha version of a new secure open source operating system, Qubes. The project aims at building a secure operating system for desktop users. The main idea is that different applications are isolated from each other, but without any big impediments to usability. To implement this idea, Qubes uses the isolation capabilities of the Xen hypervisor, together with modern hardware technologies such as Intel VT-d (Virtualization Technology for Directed I/O) and TXT.

Virtualization is the cornerstone of the Qubes security architecture because it allows creating containers that are much better isolated than the standard processes in typical operating systems. If the user's web browser gets compromised in a typical operating system, it's difficult to prevent other processes or the user's data being compromised as well. If the compromised process is a core system component such as a WiFi driver or network stack, the security of the whole system is at stake.

Of course this architecture means that the choice of the hypervisor is critical for the security of the whole system. The Qubes developers have chosen Xen for a clear reason: the hypervisor itself is very simple, and it doesn't provide services like a network stack or filesystems that could be an attack vector. A security audit of the Xen hypervisor is therefore much easier to perform than for other solutions like KVM. A more thorough explanation of why the Xen hypervisor architecture better suits the needs of Qubes can be found in the Qubes OS Architecture [PDF] document.

Isolating domains

Users can divide their tasks and resources into several virtual machines, called AppVMs (the "cubes"). Which AppVMs they choose depends on the user's work environment, but there are some typical examples. A "bank" VM could be set up exclusively for access to the user's bank web site, only allowing HTTPS access to the web site and nothing else. Work and personal stuff can be isolated in their own virtual machines. And a "random" VM could be used for watching YouTube movies and playing games.

Qubes provides some virtual machines for system-wide services by default, called SystemVMs. For example, all networking code (network stack and drivers) is sandboxed in an unprivileged "network" VM. The unprivileged code gets safe direct access to specific PCI devices (the network cards) using VT-d technology. The privileged Dom0 (the "host" operating system of Xen which runs the management stack) doesn't contain any networking code. As only the network VM is granted direct access to the networking hardware, each AppVM uses a virtual network interface created by the Xen network frontend. The other side of this virtual interface, in the network VM, is connected to the physical interface via the Linux packet filter, which also blocks any direct inter-VM traffic. This setup prevents the scenario where a lesser-privileged VM can compromise more-privileged VMs by exploiting a bug in privileged driver code.

Another possible attack vector is Dom0, which is almost as privileged as the hypervisor: although it cannot modify the hypervisor's memory, it has access to the memory of all the other virtual machines. So if a certain AppVM can attack Dom0, it can also modify other AppVMs. However, by placing the network code in an unprivileged domain, the likelihood of such an attack is minimal. The only really security-sensitive code in Dom0 that is accessible by the AppVMs is the XenStore daemon (which contains information about where various storage devices are located) and the GUI. If a malicious program can mimic starting and operating AppVMs, they can trick the user into thinking they are running their application securely — much like a phishing scam on a web site.

Secure storage

If all user applications are hosted in AppVMs, it could require a lot of memory and storage: each virtual machine requires an operating system (e.g. a Linux distribution) and one or more applications. However, Qubes makes a special effort to save disk space. Instead of replicating the full OS image for each VM, all AppVMs based on the same distribution share the same read-only root filesystem (/boot, /bin, /etc, /lib, /usr, and so on). The AppVM distribution in Qubes is a lightweight Linux distribution (with a roughly 400 MB footprint) without a desktop environment (as the user's desktop environment is run in the Dom0 operating system), and it only uses a minimal X server.

Because read-only access is not enough, Qubes uses the device mapper to create a copy-on-write device on top of this. This device is discarded when the AppVM shuts down, so (possibly malicious) changes to the root filesystem will not be preserved: even if a virtual machine is compromised, it will boot the next time with a clean state.

For VM-specific data, a separate writable block device is used, containing directories such as /home, /usr/local, and /var. Executable files on this disk, such as browser plugins in the user's home directory or manually installed programs in /usr/local/bin are a risk, because this device is not discarded after use. However, a security audit becomes much easier because exploitable files are limited to this device.

The VM-specific devices (both the copy-on-write image and the private data image) are encrypted with an AppVM-specific key, known only to the AppVM and Dom0. This encryption is done by LUKS (Linux Unified Key Setup). The read-only device used for the root filesystems is signed, and each AppVM verifies this signature when using the device. To prevent an attacker that compromised the storage domain from providing a modified kernel or initrd, the kernel and initrd files are explicitly specified in Dom0 to ensure that the initrd verifies the signature of the root filesystem before mounting it.

Centralized updates of all AppVMs are possible because they share the same root filesystem: the only thing that's needed is a special UpdateVM virtual machine with read-write access to the root filesystem and the signing key to re-sign the device. This obviously makes UpdateVM a weak spot, so it should be secured with much care.

Marrying isolation with usability

This all sounds nice in theory, but if the system is too cumbersome, users will not use it and render their system insecure. Fortunately, Qubes integrates the AppVMs seamlessly on the desktop: the various applications are just shown on the same desktop, although they are hosted in different virtual machines. Copying and pasting text between virtual machines also works, but Qubes has taken care that AppVMs have no direct access to the clipboard: the user has to initiate the copy/paste operation. Of course this could still lead to some data leaks, but it is up to the user to enforce a policy on inter-VM data flows.

Transferring files between virtual machines is a bit more cumbersome. The user has to open the Dolphin file manager in one VM, open the context menu for the file, choose "Send to VM", enter the name of the destination VM and then authorize the file transfer in the destination VM. The files are never automatically copied into the destination's filesystem, but made available in a virtual "pen drive" that is mounted in the destination. The last step is copying the files from the virtual pen drive to the right location in the VM's filesystem. As cumbersome as this procedure is, this prevents an AppVM from forcing another AppVM to automatically accept some files, which could lead to attacks.

The Qubes project is currently in alpha, and is not suitable for production use, although Joanna is using Qubes now as her main operating system. A stable version is expected to appear towards the end of this year. In the meantime, intrepid users can follow the installation guide, which covers the installation of Qubes on top of a Fedora 12 system with KDE.

After installing a template image that will be used for all the AppVMs, as well as the image for the network service VM, the user creates AppVMs with the qvm-create command. Icons for the AppVMs are then created in the KDE start menu of Dom0. When the user starts an application from an AppVM for the first time, Qubes automatically starts the AppVM before starting the application, which introduces a delay, but this delay disappears when the user starts a second application in the same AppVM. Obviously, Qubes needs a lot of RAM: 4 GB is recommended.

Each application gets a label, which is the name of the virtual machine, such as "work" or "shopping". Moreover, the window manager shows a colored frame around the application's window to show which AppVM it is part of. Applications are not allowed to maximize to full screen to prevent a malicious application from spoofing the decorations of other AppVMs.

Most of the documentation about the Qubes project can be found in the wiki. The architecture document linked above has a thorough explanation of the inner workings of Qubes (including an analysis of potential attack vectors), and there's also some practical information in a presentation by Joanna [PDF]. The source code is available in a Git repository and the project welcomes contributions.

The future

Qubes is still under development, and a lot of additions are planned. For example, there will be an unprivileged storage domain — similar to the network domain — that holds all storage drivers and filesystem code, and will get safe direct access to the disk controller. So even if a low-level storage driver or protocol stack gets compromised, it won't result in a full system compromise.

Another feature that is planned is support for Intel's Trusted Execution Technology. This will prevent modification of the system's boot code. So if the storage domain is compromised and a backdoor or rootkit is installed in the boot code, the Qubes system will become unbootable to protect itself.

Currently, the Qubes prototype is using Linux as the operating system running in the AppVMs, but there is nothing that would prevent support for other guest operating systems, such as Windows, as long as they support running as a Xen DomU. Of course Qubes must be adapted then, for example to support the shared root filesystem, but this should be possible. According to the FAQ, support for Windows-based AppVMs might become a commercial extension. In the same way, the general architecture could be used with any hypervisor, as long as it supports the features that the Qubes architecture requires, such as unprivileged driver domains. The developers are also thinking about a slimmed-down version of Xen for more security.

It's interesting to see that one of the best security breakers in the world has now become a builder. The architecture of Qubes is well-thought-out and based on years of system-level security research. The concept of virtualization to isolate potentially unsafe processes is certainly not new (look at FreeBSD jails, OpenSolaris zones, or Linux containers), but it's refreshing to see it implemented in a (relatively) user-friendly way. When the project reaches version 1 later this year, security-conscious Linux users should definitely give it a try.

Comments (23 posted)

Brief items

Quotes of the week

-- Ed Felten

-- Dan Walsh introduces the Fedora Kiosk spin

-- Bruce Schneier

Comments (16 posted)

Google releases buggy "Jarlsberg" web application

Google has announced the release of a web application called Jarlsberg, which is meant as a demonstration of various types of vulnerabilities in web applications. "The maxim, 'given enough eyeballs, all bugs are shallow' is only true if the eyeballs know what to look for. To that end, the security bugs in Jarlsberg are real bugs - just like those in many other applications. The Jarlsberg source code is published under a Creative Commons license and is available for use in whitebox hacking exercises or in computer science classes covering security, software engineering or general software development."

Comments (21 posted)

New vulnerabilities

kernel: denial of service

Package(s):	kernel	CVE #(s):	CVE-2010-1085
Created:	May 5, 2010	Updated:	June 4, 2010
Description:	The snd-hda-intel ALSA driver contains a divide-by-zero bug, allowing a local user to force a kernel oops.
Alerts:	CentOS CESA-2010:0398 2010-05-28 CentOS CESA-2010:0394 2010-05-08 Red Hat RHSA-2010:0398-01 2010-05-06 Red Hat RHSA-2010:0394-01 2010-05-05 Ubuntu USN-947-2 2010-06-04 Ubuntu USN-947-1 2010-06-03

Comments (none posted)

kernel: privilege escalation

Package(s):	kernel	CVE #(s):	CVE-2010-0729
Created:	May 5, 2010	Updated:	May 10, 2010
Description:	A flaw in the ptrace() implementation - on the ia-64 architecture only - might allow unprivileged processes to trace unrelated processes.
Alerts:	CentOS CESA-2010:0394 2010-05-08 Red Hat RHSA-2010:0394-01 2010-05-05

Comments (none posted)

mediawiki: cross-site request forgery

Package(s):	mediawiki	CVE #(s):	CVE-2010-1150
Created:	May 4, 2010	Updated:	May 5, 2010
Description:	From the Debian advisory: It was discovered that mediawiki, a website engine for collaborative work, is vulnerable to a Cross-Site Request Forgery login attack, which could be used to conduct phishing or similar attacks to users via affected mediawiki installations.
Alerts:	Debian DSA-2041-1 2010-05-03

Comments (none posted)

opendchub: arbitrary code execution

Package(s):	opendchub	CVE #(s):	CVE-2010-1147
Created:	April 30, 2010	Updated:	May 5, 2010
Description:	From the Red Hat bugzilla: Pierre Nogues found a stack overflow flaw, in the way Open DC Hub sanitized content of user's MyINFO message. Remote attacker, with valid Open DC Hub account, could send a specially-crafted MyINFO message to another user / all users connected to particular Direct Connect network, leading into denial of service (opendchub crash) or, potentially, to arbitrary code execution with the privileges of the user running opendchub.
Alerts:	Fedora FEDORA-2010-6426 2010-04-13 Fedora FEDORA-2010-6415 2010-04-13

Comments (none posted)

openttd: multiple vulnerabilities

Package(s):	openttd	CVE #(s):	CVE-2010-0401 CVE-2010-0402 CVE-2010-0406
Created:	May 4, 2010	Updated:	May 5, 2010
Description:	From the openttd advisories: CVE-2010-0401: It is possible to circumvent the server password of a network game. It is possible in two cases: 1. you know the company password of one of the companies, 2. one of the companies has no password CVE-2010-0402: In multiple places in-game commands are not properly validated that allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. The bug is exploitable only in-game so the attacker must have access to the server: his IP must not be banned, he must know the password if it has been set and the server must not be full. CVE-2010-0406: Upon a client downloading the map from the server a file is allocated. If this download fails for any reason at the client side, e.g. lost connection or the player cancelling the download, a file descriptor is lost. Repeating this process enough times can cause OpenTTD to run out of file descriptors and as a result crash OpenTTD.
Alerts:	Fedora FEDORA-2010-7885 2010-05-04 Fedora FEDORA-2010-7800 2010-05-04

Comments (none posted)

samba: privilege escalation

Package(s):	samba	CVE #(s):	CVE-2010-0747
Created:	May 4, 2010	Updated:	May 5, 2010
Description:	From the Mandriva advisory: client/mount.cifs.c in mount.cifs in smbfs in Samba allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file
Alerts:	Mandriva MDVSA-2010:090 2010-05-04

Comments (none posted)

sudo: arbitrary command execution

Package(s):	sudo	CVE #(s):
Created:	May 3, 2010	Updated:	May 5, 2010
Description:	From the Red Hat bugzilla: It was discovered that the original upstream fix for the sudo's sudoedit privilege escalation flaw known as CVE-2010-0426 did not fully resolve the issue. In configurations where sudo's ignore_dot option was set to off (default is on), the user allowed to sudoedit some file with the privileges of some user could run arbitrary command with the privileges of that user.
Alerts:	Fedora FEDORA-2010-6749 2010-04-16 Fedora FEDORA-2010-6701 2010-04-16

Comments (none posted)

Page editor: Jake Edge

Kernel development

Brief items

Kernel release status

The current development kernel is 2.6.34-rc6, released on April 29. This prepatch includes a lot of fixes, supplemented by the VMware balloon driver (discussed briefly here in early April) and the ipeth driver which facilitates USB tethering to iPhones. The short-form changelog is in the announcement, or see the full changelog for the details.

Stable updates have been nonexistent over the last week.

Comments (none posted)

Quotes of the week

-- Andrew Morton

-- Red Hat Enterprise Linux Team

-- Ted Ts'o

-- David Miller

Comments (18 posted)

A rough restart for checkpoints

Back in February, the checkpoint/restart patch set was brought to the kernel mailing list with a request for inclusion in the -mm tree. That was immediately prior to the 2.6.34 merge window, so there were limited amounts of developer attention available for review. At that time, Andrew Morton suggested:

The checkpoint/restart developers did post the the patches in March, to relatively little response. Shortly before the 2.6.35 merge window, they reposted the whole thing as a 100-patch series. Unsurprisingly, there have been some complaints about the massive mailing, but there is another outcome which is less fortunate: the patches are not being looked at.

That, too, is unsurprising. The amount of developer time available for patch review is insufficient in the best of times, and it gets worse as the merge window approaches. Even the most seasoned reviewer is going to be a bit intimidated by a 100-patch series which pokes its fingers into almost every part of the core kernel. Most of them will decide that they have more important things to do elsewhere.

So, once again, checkpoint/restart is likely to be put on hold until after the next merge window. After that, if it comes back in more manageable pieces, the developers might truly get to work.

Comments (6 posted)

De-bloating tracepoints

Support for tracing in the Linux kernel has made great strides over the last couple of years. One of the key features of a mature tracing system, though, is a long list of well-defined, well-documented tracepoints which allow a system administrator to hook into kernel events without understanding the kernel code itself. The kernel has slowly been gaining those tracepoints, but, as Steven Rostedt has pointed out, there is a problem: each tracepoint adds something between 1KB and 5KB to the size of the kernel. When one starts to think about adding hundreds (or more) tracepoints, that overhead starts to add up.

Steven, of course, is as good a person as any to blame for this problem, so he has set out to fix it. His nine-part patch moves some information to shared locations and eliminates unneeded stuff; the result was a 100KB size reduction in the size of his kernel. Needless to say, this seems like a savings worth having; it makes it that much more likely that tracepoints will actually be enabled in production kernels.

Of course, most of us will have to take Steven's word for it that the patches make sense; they are written in that special dialect of C preprocessor macros that mere kernel hackers fear to touch. So most of us are likely to take the memory savings, but won't look too closely at how they are achieved.

Comments (7 posted)

Kernel development news

Cleancache and Frontswap

Dan Magenheimer's transcendent memory patch was examined here last July. This patch creates a special class of memory which is not directly accessible to the rest of the kernel, allowing a number of special tricks to be played. Since then, transcendent memory has seemingly disappeared from view - until now, at least. Dan has returned with a pair of new abstractions - called "Cleancache" and "Frontswap" - each of which encapsulates a part of what transcendent memory does.

Cleancache is the less controversial of the two. Dan describes it as "a page-granularity victim cache for clean pages," which should be crystal-clear to most LWN readers. For those who need a few more words: Cleancache provides a place where the kernel can put pages which it can afford to lose, but which it would like to keep around if possible. A classic example is file-backed pages which are clean, so they can be recovered from disk if need be. The kernel can drop such pages with no data loss, but things will get slower if the page is needed in the near future and must be read back from disk.

In such situations, the kernel could, instead of dropping the page, put it into the Cleancache system with:

    int cleancache_put_page(struct page *page);

At some future point, if there is a need for the page, it can be retrieved with:

    int cleancache_get_page(struct page *page);

The key point is that there is never any guarantee that cleancache_get_page() will actually succeed in getting the page back. The Cleancache code (or whatever mechanism sits behind it) is free to drop the page at any time if it needs the memory for some other purpose. So Cleancache users must be prepared to fall back to the real backing store if cleancache_get_page() fails.

While Cleancache holds the page, it can do creative things with it. Pages with duplicate contents are not uncommon, especially in virtualized situations; often, significant numbers of pages contain only zeroes. The backing store behind Cleancache can detect those duplicates and store a single copy. Compression of stored pages is also possible; there is currently work afoot to implement ramzswap (CompCache) as a Cleancache backend. It might also be possible to use Cleancache as part of a solid-state cache in front of a normal rotating drive.

Dan's patches include the addition of hooks to commonly-used filesystems so that they will use Cleancache automatically.

The other half of the equation is Frontswap; unlike Cleancache, Frontswap is meant to deal with dirty pages that the kernel would like to get rid of. Once again, there is an interface for moving pages into and out of the system:

    int frontswap_put_page(struct page *page);
    int frontswap_get_page(struct page *page);

The rules are a bit different, though: Frontswap is not required to accept pages handed to it (so frontswap_put_page() can fail), but every page it accepts is guaranteed to be there later when the kernel asks to get it back.

Like Cleancache, Frontswap can play tricks with the stored pages to stretch its memory resources. The real purpose behind this mechanism, though, appears to be to enable a hypervisor to respond quickly to memory usage spikes in virtualized guests. Dan put it this way:

Reviewers have been more skeptical of this mechanism. To some, it looks like a way for dealing with shortcomings in the balloon driver, which is already charged with implementing hypervisor decisions on how much memory is to be made available to guests. If that is the case, it seems like fixing the balloon driver might be the better approach. Dan's response is that balloon drivers cannot respond quickly to memory needs, and that regulating guest memory with a balloon driver can lead to swap storms. This is, apparently, a real problem encountered by virtualized systems in the field. If, instead, the hypervisor maintains a pool of pages for Frontswap, it can make them available quickly when the need arises, mitigating memory-related performance problems.

Beyond that, Avi Kivity complains that memory given to guests with Frontswap can never be recovered by the hypervisor if those guests choose to hang onto it. Since operating systems tend to be written to take advantage of all of the memory resources available to them, it seems possible that Frontswap memory could fill quickly and would stay full, leaving the hypervisor starving for memory while maintaining pages it cannot get rid of. Avi also dislikes the page-at-a-time, synchronous nature of the Frontswap API. Dan's response here is that per-guest quotas will keep any guest from using too much Frontswap space and that the API is better suited to the problem being solved.

Complaints notwithstanding, Cleancache and Frontswap already appear to be in reasonably wide use; they are shipping in OpenSUSE 11.2, Oracle's VM virtualization product, and with Xen. Such distribution certainly stretches the "upstream first" rule somewhat, but it also shows that there is apparently a real use case for these features. Given that the patches are not particularly intrusive and that the features have no cost if they are not used, it seems that something along these lines should make it into the mainline sooner or later.

Comments (1 posted)

Reworking pm_qos

Aggressive power management is increasingly used to reduce the power requirements of our systems. Sometimes, though, power management can, through the creation of excessive latencies, get in the way of work which needs to be done. One way to avoid problems is to have latency-sensitive parts of the kernel express their requirements, which can then be taken into account by the power management code. Tracking these requirements is the task of the pm_qos ("power management quality of service") code. Chances are that pm_qos will see a significant API change in 2.6.35.

The pm_qos code currently defines three quality of service parameters for which requirements may be specified: CPU latency (PM_QOS_CPU_DMA_LATENCY), network response latency (PM_QOS_NETWORK_LATENCY), and network throughput (PM_QOS_NETWORK_THROUGHPUT). The first two are specified in microseconds; throughput is specified in KB/sec. Currently, CPU latency requirements are observed by the cpuidle subsystem, and network latency is observed only by the mac80211 layer. Any requests for a minimum network throughput will fall on deaf ears in current kernels; given the effectiveness of asking your editor's ISP for better service, one assumes that the ignoring of throughput requests is simply a clever elimination of useless work by the networking hackers.

The API for specifying quality of service parameters is:

    #include <linux/pm_qos_params.h>

    int pm_qos_add_requirement(int qos, char *name, s32 value);
    int pm_qos_update_requirement(int qos, char *name, s32 value);
    void pm_qos_remove_requirement(int qos, char *name);

For each of the above functions, qos is one of the parameters listed above, name identifies the subsystem specifying the requirement, and value is the new requirement. The name string is used to identify a specific request in pm_qos_update_requirement() and pm_qos_remove_requirement(); it must match the value given when the requirement was first added.

Kernel code which may make decisions affecting quality of service should pay attention to the current requirements. There are two ways of doing that, one of which being to just ask pm_qos what the tightest requirement in effect is:

    int pm_qos_requirement(int qos);

The alternative is to register a notifier which is called whenever a given requirement changes, using:

    int pm_qos_add_notifier(int qos, struct notifier_block *notifier);
    int pm_qos_remove_notifier(int qos, struct notifier_block *notifier);

This API has been around for some time, though it remains lightly used within the kernel. One complaint which has been made is that the use of strings to identify requirements leads to inefficient behavior: changing a requirement involves walking a list and doing a bunch of string comparisons. Requirements are, by their nature, specified by latency-sensitive code, so it makes sense that the process should be fast. The use of arbitrary strings also opens up a distant possibility of confusion should two developers accidentally choose the same name.

In response to these problems, pm_qos hacker Mark Gross has proposed some changes to the API. With the new version, "requirements" would become "requests," and the use of strings to identify them would be removed. The new API for the specification of requirements requests is:

    struct pm_qos_request_list *pm_qos_add_request(int qos, s32 value);
    void pm_qos_update_request(struct pm_qos_request_list *pm_qos_req,
			       s32 new_value);
    void pm_qos_remove_request(struct pm_qos_request_list *pm_qos_req);

The pm_qos_request_list structure type is opaque to callers; it serves only as a handle to identify a specific request. Changes and removals can now be done with no list traversals and no string comparisons. On the other side, pm_qos_requirement() becomes pm_qos_request(), but the API is otherwise unchanged.

This change seems uncontroversial, and it should address the criticisms which have been made against this API. Unless something surprising happens, the new API will probably be merged for 2.6.35.

Comments (2 posted)

Kernel development statistics for 2.6.34 and beyond

As of this writing, the current kernel prepatch is 2.6.34-rc6. A couple more prepatches are most likely due before the final release, but the number of changes to be found there should be small. In other words, 2.6.34 is close to its final form, so it makes sense to take a look at what has gone into this development cycle. In a few ways, 2.6.34 is an unusual kernel.

This kernel has seen the addition of 9100 non-merge changesets from just over 1100 developers. That makes it somewhat smaller than its predecessors, as can be seen in this table:

Kernel	Patches	Devs
2.6.29	11,600	1170
2.6.30	11,700	1130
2.6.31	10,600	1150
2.6.32	10,800	1230
2.6.33	10,500	1150
2.6.34	9,100	1110

Developer participation in this development cycle was slightly lower than the usual, but not in any significant way. But, it seems, those developers had a bit less than usual that they needed to get done. One might be tempted to chalk that up to the shorter-than-usual merge window at the beginning of this cycle, but the fact of the matter is that Linus let enough new material in after 2.6.34-rc1 to make the merge window effectively as long as it ever was.

The lists of the most active developers suggest that perhaps something else was going on: many of the developers who traditionally put large amounts of code into the kernel essentially sat out this cycle.

Most active 2.6.34 developers

By changesets Sage Weil 212 2.3% Joe Perches 169 1.9% Paul Mundt 153 1.7% Uwe Kleine-König 109 1.2% Mark Brown 102 1.1% Ben Dooks 96 1.1% Rafał Miłecki 88 1.0% Dan Carpenter 84 0.9% Alex Deucher 83 0.9% H Hartley Sweeten 80 0.9% Christoph Hellwig 75 0.8% Johannes Berg 74 0.8% Arnaldo Carvalho de Melo 72 0.8% Bartlomiej Zolnierkiewicz 64 0.7% David S. Miller 63 0.7% Magnus Damm 63 0.7%

By changed lines Sage Weil 30233 4.1% Vladislav Zolotarov 23119 3.2% Jarod Wilson 19689 2.7% Mark Brown 18513 2.5% Dimitris Michailidis 13919 1.9% Manuel Lauss 11831 1.6% Jörn Engel 10810 1.5% Kukjin Kim 10142 1.4% Alex Deucher 9785 1.3% Amit Kumar Salecha 9391 1.3% Michael Chan 9336 1.3% Joe Perches 8738 1.2% Paul Mundt 8438 1.2% Haojian Zhuang 8403 1.1% Magnus Damm 8320 1.1% Matthias Benesch 7739 1.1%

Sage Weil jumped to the top of both lists with the merger of the Ceph distributed filesystem and the subsequent bug-fixing activity. Joe Perches is the new king of the trivial patch; his work includes lots of checkpatch fixups, reworking print statements in network drivers, and no less than 37 patches implementing a rather belated cleanup of the floppy driver. Paul Mundt's work falls almost exclusively within his role as the maintainer of the Super-H architecture. Uwe Kleine-König works mostly within the ARM architecture code, and Mark Brown continues as the source of large amounts of sound driver and embedded processor code.

On the "lines changed" side, Vladislav Zolotarov only contributed nine patches, all with the Broadcom NetXtreme II driver - but they included a large replacement of the in-tree firmware. Jarod Wilson's count was even smaller - three patches; he contributed the Broadcom Crystal HD driver to the staging tree. Dimitris Michailidis earned his place on the list with the new Chelsio Communications T4 Ethernet driver.

Just over 180 employers were identified as having contributed to 2.6.34 - almost exactly the same as 2.6.33. With the 2.6.33 summary, your editor suggested that Red Hat's position as the top contributor may soon be threatened; let's see how that prediction worked out for 2.6.34:

Most active 2.6.34 employers

By changesets (None) 1455 16.0% (Unknown) 959 10.5% Red Hat 934 10.3% Intel 472 5.2% IBM 354 3.9% Novell 329 3.6% (Consultant) 274 3.0% Nokia 248 2.7% New Dream Network 237 2.6% Renesas Technology 188 2.1% Texas Instruments 180 2.0% Pengutronix 154 1.7% Oracle 144 1.6% HP 128 1.4% (Academia) 125 1.4% Analog Devices 123 1.4% AMD 121 1.3% Fujitsu 121 1.3% Marvell 120 1.3% Wolfson Microelectronics 101 1.1%

By lines changed Red Hat 75235 10.3% (None) 75160 10.3% (Unknown) 67541 9.2% Broadcom 56595 7.7% Intel 33175 4.5% New Dream Network 31501 4.3% (Consultant) 29140 4.0% Novell 24217 3.3% Wolfson Microelectronics 20660 2.8% Renesas Technology 16205 2.2% Chelsio 13937 1.9% IBM 13618 1.9% QLogic 13182 1.8% MSC Vertriebs GmbH 12545 1.7% Samsung 12224 1.7% Marvell 11914 1.6% Texas Instruments 11228 1.5% Analog Devices 11047 1.5% AMD 10894 1.5% Nokia 10217 1.4%

Looking at absolute numbers, Red Hat's contributions declined considerably from 2.6.33: 1223 changesets dropped to 934. Everybody else declined even further, though; Intel's changeset count was less than half of its value from 2.6.33. So Red Hat stays firmly at the top of the list. Many of the other companies on the list will be unsurprising, but readers may be forgiven for wondering about New Dream Network; that is a business co-founded by Ceph developer Sage Weil.

If we look at non-author signoffs, we get a view of who the most active gatekeepers for the kernel are. Here, there are no surprises at all:

Most non-author signoffs
By developer David S. Miller 1034 13.0% Greg Kroah-Hartman 780 9.8% Andrew Morton 546 6.9% John W. Linville 546 6.9% Ingo Molnar 348 4.4% Mauro Carvalho Chehab 330 4.2% James Bottomley 244 3.1% Dave Airlie 150 1.9% Ralf Baechle 144 1.8% H. Peter Anvin 141 1.8%	By employer Red Hat 2865 36.1% Novell 1293 16.3% Intel 565 7.1% Google 547 6.9% (None) 365 4.6% IBM 289 3.6% (Consultant) 194 2.4% Wind River 145 1.8% Atomide 130 1.6% Oracle 128 1.6%

Ten development cycles ago (2.6.24), Andrew Morton was the most active gatekeeper, signing off on almost 1700 patches. His role as subsystem maintainer of last resort has declined over the years as more maintainers manage their own repositories and push patches directly to Linus. Speaking of Linus, he not only didn't make the list above, but he wasn't even close: his 71 signoffs put him in the 22nd position. Dave Airlie's position on the list is an indication of how much activity we are currently seeing in the graphics area.

Once again, over 50% of the patches heading into the mainline kernel pass through the hands of somebody employed by either Red Hat or Novell.

Looking forward

As of this writing, the opening of the 2.6.35 merge window can be expected sometime in the next 1-3 weeks. By the stated rules of the kernel development process, the bulk of the code intended for that merge window should already be in the linux-next tree. With that in mind, your editor pulled down the May 4 edition of linux-next to see what was up. There are currently 5144 non-merge changesets in that tree, representing 758 developers. The top contributors are:

Most active linux-next developers
By changesets Mauro Carvalho Chehab 245 4.8% Eric Paris 103 2.0% Alexander Graf 84 1.6% Johannes Berg 59 1.1% Juuso Oikarinen 59 1.1% Jean-François Moine 58 1.1% Luis R. Rodriguez 58 1.1% Greg Kroah-Hartman 52 1.0% Sujith 52 1.0% Dan Carpenter 51 1.0%	By changed lines Mauro Carvalho Chehab 28743 6.2% Eliot Blennerhassett 18429 4.0% Bob Beers 11703 2.5% Luis R. Rodriguez 10507 2.3% Steve Wise 9447 2.0% Viresh Kumar 9426 2.0% Jason Wessel 8739 1.9% Sjur Braendeland 8685 1.9% Stephen Rothwell 7908 1.7% Matthias Benesch 7739 1.7%

Mauro Carvalho Chehab has had a busy development cycle; beyond large amounts of Video4Linux work, he's jumped into the Nehelem EDAC (memory error detection and correction) code and is adding a new core for the management of infrared controllers. Eric Paris has done a bunch of security cleanup work; he also has the fanotify subsystem queued up. Eliot Blennerhassett, instead, has a single patch: a driver for AudioScience sound devices.

It will be interesting to see how this list changes by the end of the 2.6.35 merge window. Even more interesting, arguably, will be the list of top non-author signoffs:

Most non-author signoffs (linux-next)
Mauro Carvalho Chehab	651	13.8%
John W. Linville	507	10.8%
David Miller	462	9.8%
Greg Kroah-Hartman	411	8.7%
Ingo Molnar	170	3.6%
Avi Kivity	156	3.3%
James Bottomley	155	3.3%
Reinette Chatre	98	2.1%
David Woodhouse	93	2.0%
Marcelo Tosatti	72	1.5%

Subsystem maintainers are the folks who are charged with getting work into linux-next, so, if they all are doing their jobs, this list should not change much through the merge window.

If the numbers do hold, 2.6.35 looks like another relatively subdued development cycle without huge amounts of exciting new stuff. Things do tend to change during the merge window, though, and surprises always show up from somewhere. So, even with resources like linux-next, it's hard to tell what the next development cycle will truly bring.

Comments (14 posted)

Patches and updates

Kernel trees

• Linus Torvalds: Linux 2.6.34-rc6 . (April 30, 2010)

• Thomas Gleixner: 2.6.33.3-rt17 . (April 30, 2010)

• Thomas Gleixner: 2.6.33.3-rt19 . (May 3, 2010)

Core kernel code

• Arve Hjønnevåg: Suspend block api (version 6) . (May 1, 2010)

• John Stultz: Add clocksource_register_hz/khz interface . (May 1, 2010)

• Oren Laadan: Kernel based checkpoint/restart . (May 3, 2010)

• Con Kolivas: BFS cpu scheduler v0.316 . (May 3, 2010)

• mark gross: PM QOS refresh against next-20100430 . (May 4, 2010)

• Tejun Heo: cpu_stop: implement and use cpu_stop, take#2 . (May 4, 2010)

Development tools

• Hitoshi Mitake: perf bench: prepare framework for parallel oriented benchmarking . (May 3, 2010)

• Tejun Heo: sched,perf: unify tracers in sched and move perf on top of TP . (May 4, 2010)

• Steven Rostedt: tracing: Lowering the footprint of TRACE_EVENTs . (May 4, 2010)

Device drivers

• Florian Tobias Schandinat: viafb suspend & resume, v2 . (May 3, 2010)

• Jonathan Corbet: Third OLPC viafb patch series (camera driver) . (May 5, 2010)

• Rabin Vincent: mfd: add TC35892 MFD core . (May 3, 2010)

• Laurent Pinchart: UVC gadget driver . (May 3, 2010)

• Matti J. Aaltonen: TI WL1273 FM Radio Driver v2. . (May 3, 2010)

• Alan Cox: PATCH: RAR support - bring ready to move from staging . (May 4, 2010)

• Michael Lawnick: i2c: Multiplexed I2C bus core support . (May 4, 2010)

• Arnd Bergmann: BKL conversion in tty layer . (May 5, 2010)

• Michal Nazarewicz: The FunctionFS composite function . (May 5, 2010)

Documentation

• Mathieu Desnoyers: Common Trace Format Requirements (v1.2) . (May 3, 2010)

Filesystems and block I/O

• Kent Overstreet: Bcache: version 4 . (May 1, 2010)

• David Woodhouse: Updating btrfs RAID[56] support . (May 3, 2010)

• Valerie Aurora: Union mounts with xattrs . (May 4, 2010)

• Sukadev Bhattiprolu: : Checkpoint/restart file locks and leases . (May 5, 2010)

Memory management

• Andrea Arcangeli: Transparent Hugepage Support #22 . (May 3, 2010)

• Andrea Arcangeli: Transparent Hugepage Support #23 . (May 5, 2010)

• Nitin Gupta: ramzswap: Eliminate stale data in compressed memory . (May 5, 2010)

Networking

• Amerigo Wang: netpoll: add generic support for bridge and bonding devices . (May 5, 2010)

• Amerigo Wang: net: reserve ports for applications using fixed port numbers . (May 5, 2010)

Architecture-specific

• Michael Cree: alpha: Implement Hardware Performance Events . (May 1, 2010)

• Avi Kivity: x86 FPU API . (May 3, 2010)

• Anton Vorontsov: Support for Cavium Networks CNS3xxx machines . (May 3, 2010)

• Mika Westerberg: Initial implementation of kdump for ARM . (May 5, 2010)

• Mika Westerberg: kexec-tools: ARM kernel crashdump support . (May 5, 2010)

Virtualization and containers

• Eric W. Biederman: netns support in the kobject layer . (May 5, 2010)

Benchmarks and bugs

• Rafael J. Wysocki: 2.6.34-rc6-git2: Reported regressions from 2.6.33 . (May 5, 2010)

Page editor: Jonathan Corbet

Distributions

News and Editorials

Fedora and feature inclusion

Projects like to see new features get highlighted in in the press, but when a feature is misunderstood or misinterpreted—at least from the project's perspective—it can be seen as a bad thing. The inclusion of Zarafa (and to a lesser extent Déjà Dup) into Fedora 13 ran into exactly that kind of problem, but rather than just gnashing their teeth, Fedora developers set out to correct the record and try to turn it into a positive. Because the conversation took place on the open fedora-marketing mailing list, we get a glimpse inside the thinking of the project and how it handled a somewhat delicate task.

Zarafa is a free software replacement for Microsoft Exchange. According to the Fedora wiki feature page, it provides a web application with a "look and feel" that is similar to what users of Microsoft Outlook have come to expect. It also includes calendar, contacts, and task list features while integrating with an existing Linux mail server. It is, in short, a feature that many different organizations would be likely to find useful, but it is also an "open-core" solution.

The idea behind open-core licensing is fairly straightforward: release the core of the application as free software, while adding other features to versions that come with a price tag. As might be guessed, it has its proponents and detractors, but it is becoming increasingly popular as a way to generate revenue for a (mostly) open source company. As long as the free software core is not "crippleware"—deliberately leaving out features that are crucial to actually using the application—and can be further modified and distributed, it is generally, though not universally, considered to be a useful addition to a distribution. But open-core can certainly be seen as something of an advertisement for the more-feature-rich version, which may lead to charges of commercialism. Or it might be seen as an indication of Red Hat's future intentions for groupware.

Neither of those interpretations were quite what the project had in mind. Adam Williamson noted that the inclusion of Zarafa is "being read in ways in which we certainly didn't intend", and wondered if the description of the feature should be clarified. David Nalley thought the project should be playing up the inclusion: "this (Zarafa's inclusion in Fedora) is a wonderful success story that I think we should use the opportunity to highlight that a community member (or two) worked to get this feature in the distribution".

Unlike Zarafa, Déjà Dup is not open-core licensed, and just provides a GUI for the Duplicity backup tool. Duplicity allows sending backups to the Amazon S3 "cloud", among several other choices like ssh/scp, rsync, ftp, and WebDAV, which Déjà Dup then provides an interface to. The S3 choice was portrayed in the article as more evidence of the commercialization of Fedora.

Lumping the inclusion of those two packages into Fedora 13 with some of the recent Ubuntu moves, like Ubuntu One and the Ubuntu music store, was something that irked various thread participants. Fedora project leader Paul Frields put it this way:

But, as Frields noted in another part of the thread, it gives "an opportunity for us to learn about how marketing materials might be interpreted by others". It led him to clarify some of the Fedora 13 marketing materials as well as leaving a comment on the article to correct things for other readers. In a related thread, he also said that the article which said that Red Hat chose Zarafa for Fedora, rather than it being chosen by the project itself, had been updated after his correction.

The discussion also sparked an idea about communicating how the feature process itself works. John Poelstra described it this way: "To me these stories show that we might need to do a better job explaining how our releases processes work and that *anyone* (regardless of employer) can submit a feature for inclusion in a Fedora release." Frields agreed and added it to the "marketing brain dump" on the Fedora wiki.

Taking what was perceived as a negative—misleading or incorrect information in the press—and looking at it carefully to see what the project could have done better is an excellent approach. While Zarafa and Déjà Dup may clearly be on one side of the commercialization line, other efforts, which may come closer to—or cross—that line, may be proposed in the future. This incident has likely helped Fedora better understand where to draw that line, and better ways to communicate how and why it makes its feature inclusion decisions. Because it played out in the open, other projects can also learn from the experience, not necessarily to follow exactly in Fedora's footsteps, but to see where to draw their own lines and communicate them effectively.

Comments (3 posted)

New Releases

Mandriva Linux 2010 Spring Beta2 is available

The second beta release of Mandriva 2010 Spring is available for testing. This beta release features updates and improvements in data encryption, parental control, network profiles, and more.

Comments (none posted)

openSUSE 11.3 Milestone 6: The Dust Begins to Settle

The sixth milestone release of openSUSE 11.3 is available for testing. "Milestone 6 (of 7), a snapshot of the Factory "work in progress" build, leading up to openSUSE 11.3 release in July, is now available for download. M6 is the first release during the "Stablizing Freeze": focus has transitioned away from the inclusion of new features and applications toward increasing stability and usability. To that end, 162 bugs were resolved during the M5 - M6 timeframe!"

Full Story (comments: none)

Ubuntu 10.04 LTS ("Lucid Lynx") released

Ubuntu has announced the release of "Lucid Lynx", Ubuntu 10.04 LTS, for both desktops and servers. It is available in 29 languages, and is the basis for 10.04 releases of Kubuntu, Xubuntu, Edubuntu, UbuntuStudio, and Mythbuntu. From the Canonical press release: "'Ubuntu 10.04 LTS challenges the perceptions of the Linux desktop, bringing a whole new category of users to the world of Ubuntu,' said Jane Silber, CEO, Canonical. 'Changes like the new look and feel and the addition of a music store, layered on top of our relentless focus on delivering an intuitive and attractive user experience for new and existing Ubuntu users -- these are the bridging elements to the mainstream market that our community, our partners and our users really want. Long-term support makes Ubuntu 10.04 LTS very attractive to corporate IT as well.'" Click below for the announcement email.

Full Story (comments: 15)

Ubuntu Rescue Remix

Version 10.04 (Lucid Lynx) of the Ubuntu Rescue Remix has been announced. "This release of Ubuntu-Rescue-Remix features a full command-line environment with up-to-date versions of the most powerful free/libre open-source data recovery software including GNU ddrescue, Photorec, The Sleuth Kit and Gnu-fdisk. Packages new to the Rescue Remix include aoetools, array-info, ext3-grep, gptsync, kpartx, and scrounge-ntfs."

Comments (none posted)

Distribution News

Debian GNU/Linux

PGP v3 key support to be dropped from Debian keyring

Jonathan McDowell reports that Debian keyring-maint is in the process of removing all keys generated with PGP v3. Keys should be generated with PGP v4 instead. "So, on 1st July 2010 keyring-maint will remove all v3 keys from the active Debian keyring; debian-keyring.pgp will become an empty file (we will cease to generate it at all once DSA and ftp-master have confirmed none of their tools are using it any longer)."

Full Story (comments: none)

Fedora

Dan Walsh: Introducing the Fedora Kiosk Spin

Dan Walsh introduces the Fedora Kiosk Spin. "Imagine a machine sitting at a library, that had no operating system on it, except a livedvd. The livedvd has a disabled root account, and the only user account is xguest. The xguest account can only talk to web ports and when you logout all files and processes get destroyed so there is nothing left in the user account for the next user to search for. And since all processes are destroyed on logout, you can be assured no one left a process to watch your keystrokes. If the machine gets hosed up for any reason, the library can just reboot the machine and have a clean system."

Comments (none posted)

Fedora 14 release name voting information

Fedora 14 release name voting is open until May 10, 2010. "To vote, you must have a valid Fedora Contributors License Agreement (CLA) and be a member of at least one non-CLA group."

Full Story (comments: 1)

Fedora Board Recap 2010-04-29

Click below for a recap of the April 29, 2010 meeting of the Fedora Advisory Board. Topics include MeeGo status, License agreement for fedora-uk.org, and Short list of F14 names.

Full Story (comments: none)

Red Hat Enterprise Linux

Red Hat Enterprise Linux 6 Kernel: An Overview and Genealogy

Red Hat News looks at the process of creating a RHEL kernel. "When Red Hat announces a new major Red Hat Enterprise Linux release, such as with the recent Beta availability of Red Hat Enterprise Linux 6, invariably among the first questions asked is, "What is the kernel version number?" The answer to this question is never a simple one-number reply. The construction of an enterprise-caliber kernel is an extremely complex exercise that requires close evaluation of hundreds of individual features and interactions. This blog outlines how we create our Red Hat Enterprise Linux kernels."

Comments (none posted)

Red Hat Enterprise Linux 3 - 6-Month End Of Life Notice

Red Hat has announced that RHEL 3 will reach its end of life in six months. "In accordance with the Red Hat Enterprise Linux Errata Support Policy, the regular 7 year life-cycle of Red Hat Enterprise Linux 3 will end on October 31, 2010. After this date, Red Hat will discontinue the regular subscription services for Red Hat Enterprise Linux 3. Therefore, new bug fix, enhancement, and security errata updates, as well as technical support services will no longer be available..."

Full Story (comments: none)

Ubuntu family

Shuttleworth: Window indicators

Mark Shuttleworth takes a look at another use for the right side of the window title bar. "We've carefully placed all the panel indicators on the right, and we've carefully put the window controls and window title on the left. So now we have all this space on the right. As a pattern, it would fit to put the window indicators there. Cody Russell is leading some work in Canonical around the technology which actually draws the window title bar and borders. It's called "client side window decorations". We are moving the rendering of the window decorations into the app itself, so that you don't have the window manager and application drawing those pieces separately. That simplifies certain things (of course it also makes some things harder)."

Comments (78 posted)

Minutes from the Ubuntu Technical Board meeting, 2010-05-04

Click below for the minutes from the May 4, 2010 meeting of the Ubuntu Technical Board. Topics include Action review, Request for Kubuntu Unseeded Packages Team, Scope of Canonical's acquired ffmpeg patent licenses for derivatives, and Default sync source for Maverick.

Full Story (comments: none)

Distribution Newsletters

CentOS Pulse #1003

The CentOS Pulse for May 1, 2010 is out. This edition contains an interview with Frank Cox, the release of Red Hat Enterprise Linux 6 Beta, and several other topics.

Comments (none posted)

Debian Project News

The Debian Project News for May 3, 2010 is out. "Topics covered in this issue include: * New Debian Project Leader * Special funding for DebConf Newbies * Debian welcomes Google Summer of Code students * ... and much more."

Comments (none posted)

DistroWatch Weekly, Issue 352

The DistroWatch Weekly for May 3, 2010 is out. "The main event of the week was, of course, the release of Ubuntu 10.04, together with a plethora of official and unofficial Ubuntu variants. The tradition dictates that we take a look at the new release. What has changed during the past six months? And would we recommend it to new Linux converts? Read on to find out. In the news section, the Linux Mint development team announces the imminent release of a candidate for version 9, Fedora develops a custom spin designed for public kiosks, and Linux Journal reviews SUSE Studio, an easy-to-use tool for developing specialist distributions and appliances. Also in this issue, good news for Linux Mint fans with a spare PowerPC-based Apple machine and a quick opinion piece about the status of OpenSolaris since it was acquired by Oracle. Finally, we are pleased to announce that the recipient of the DistroWatch.com April 2010 donation is the Bacula project. Happy reading!"

Comments (none posted)

Fedora Weekly News 223

The Fedora Weekly News for April 28, 2010 is out. "In Project announcements, a Fedora Community Gaming session this Friday/Saturday, correction on Fedora 11 EOL, and details on the latest round of Fedora elections. In news from the Planet Fedora, details on updates to MobileManager, a look at KDE 4 on Fedora, and jQuery for educational gaming. Marketing provides coverage of recent discussion on keyword optimization to the main Fedora Project web site and a Joe "Zonker" Brockmeier IRC Classroom. Fedora In the News returns with recent coverage of Fedora in the trade press and blogs over hte past week, while the Ambassadors beat features an event report from FLISoL of Santo Andre, Brazil. In QA news, details on last week's Test Day on Anaconda (the Fedora installer)'s storage support, a proposal on new release criterion stating that it must be possible to install a system in such a way that it is immediately remotely accessible and Fedora 13 testing activities. In Artwork team news, details on final art push for Fedora 13, while Security Advisories returns after a week away, providing security-related packages released for Fedora 11, 12 and 13. Our issue wraps up with updates from the Fedora Summer Coding activities. Enjoy FWN 223!"

Full Story (comments: none)

openSUSE Weekly News/121

The May 1, 2010 issue of the openSUSE Weekly News is out. "Welcome to issue # 121 of openSUSE Weekly News. Now the seventeenth Week goes to the End, and we are pleased to announce our new issue. Every week we have some interesting news to read, so it is difficult to decide what should go into the Weekly News. But we have finished it for this Issue. We're looking ever for new sources. If you have an own Blog, and you would like to have your Blog as new source, just write to us. Otherwise you can add your Blog into planet.opensuse.org. Then your Blog is aggregated by the Planet. So we're hoping, that you like the new Weekly News. Enjoy it..."

Comments (none posted)

Ubuntu Weekly Newsletter #191

The Ubuntu Weekly Newsletter for May 1, 2010 is out. "In this issue we cover, Ubuntu 10.04 LTS released, Getting Started with Ubuntu 10.04 released!, Operation Lucid - Ubuntu in London, A global menu for Ubuntu 10.10 Netbook Edition, Ubuntu Open Week, Ubuntu 8.10 reaches end-of-life, Una Fiesta MUY Lucida..., Lucid Release Party Recap, Launchpad News, Ubuntu Forums News, Thank You Everyone For Ubuntu 10.04, ZaReason to sponsor the Ubuntu Women World Play Day Competition, Blogging Against Disablism Day 2010: Accessibility & Ubuntu, Ubuntu Up and Running, Canonical Announces, Canonical to roll out independent Ubuntu Certified Professional certification for Ubuntu 10.04 LTS, Ubuntu: Matt Asay Discusses Canonical Revenue Strategy, Frugal Tech Show: Matt Zimmerman, CTO of Canonical (Ubuntu Linux), System76 Ships Ubuntu 10.04 Systems May 3, ZaReason Ships Ubuntu 10.04 Systems, Full Circle Magazine #36,Ubuntu-UK podcast: Bughouse Bellhops, and much, much more!"

Full Story (comments: none)

Distribution reviews

An In-Depth Look at Gentoo Linux (Kernel News)

Kernel News has a review of Gentoo Linux. "The genius behind the Gentoo Linux Distribution is it's package management utility, Portage. Basically, you tell Portage to compile so and so program and it will calculate all of the dependencies that the software needs, compile those dependencies (if any), then compile the program that you specified. Finally, it adds that program into the database of installed applications so in the future when an updated version is released it will give you the option of compiling and installing the updated software."

Comments (3 posted)

Seven Reasons to Upgrade to Ubuntu Lucid Lynx (Linux.com)

Joe "Zonker" Brockmeier takes a look at the final release of Ubuntu's Lucid Lynx (10.04). "Unless you really enjoy being on the cutting edge of open source software, there's usually very little reason to upgrade with every release. This hasn't always been true. When I first started using Linux, each new release was chock full of major new features and better hardware support. Linux has evolved to the point now where you'll still find lots of new stuff, but it's generally in smaller increments. And Lucid Lynx is full of those types of improvements. You'll find the latest release of GNOME, Firefox and OpenOffice.org; improvements that come with the newer Linux kernel; and whatnot. But Lucid also brings several really noteworthy features that make it a good choice for a long term desktop OS."

Comments (none posted)

Page editor: Rebecca Sobol

Development

An early look at Glide

Good presentations, and good presenters, are not a result of good software. But bad presentation software can make creating a good presentation much more challenging. Rather than complaining about poor presentation-ware, Robert Carr and Amy Wieliczka have been working on Glide: a Clutter/GTK-based presentation application to fill the gap.

Sponsored by the Rensselaer Center for Open Source Software, Glide is a GNOME presentation program in its earliest stages. Glide is licensed under the GPLv3, is written in Vala and C, and attempts to do away with some of the baggage of standard presentation applications.

Why yet another presentation program? OpenOffice.org is a relatively adept effort at replicating PowerPoint (circa 2003, before Microsoft introduced the infamous ribbon interface) for Microsoft Office users. It has most of the bells and whistles that are expected for business presentations, but it's slow, cumbersome, and not particularly intuitive for non-Office users. The complexity of OpenOffice.org makes it a duck out of water on the GNOME desktop. One can find more lightweight presentation applications for the Linux desktop, but they typically require the user to work with HTML or another markup language. For example, for those comfortable with HTML, there's Dave Raggett's Slidy, and LaTeX fans can make use of the LaTeX beamer class. But standalone presentation apps have not fared well. Many of the efforts have gone unmaintained, such as MagicPoint and Pointless.

Glide isn't the first attempt at a GNOMEish presentation application. Agnubis and Criawips came and went before seeing a 1.0 release, and neither has had a release since 2005. In short, there seems to be widespread consensus that a kinder and simpler presentation application is needed but widespread disagreement on how to get there.

And so Glide is the next contender. Whether it will go the distance remains to be seen. At first blush it looks promising, but it's in a shaky state so far. Getting it compiled and working can be a bit of a challenge. Development is moving quickly and the master branch doesn't always compile or work properly. Glide requires Vala, Clutter, and a number of other packages to compile. On Fedora 13 and Ubuntu 10.04 it should compile, but it requires editing the configure.ac to replace clutter-gtk-0.90 with clutter-gtk-0.10.

The most recent branch is in a state of flux and really crash-prone. In fact, the current master is pretty much unusable to create slides at all, though the initial release seemed OK. However, even at this early stage it's possible to get an idea where Carr is going with the application and the general design. But it would be unwise to plan a presentation to the board of directors using Glide in the near future.

Glide offers a much smaller set of functionality than OpenOffice.org, but it's unlikely that the full range of features would be missed by the average user. For example, how many users actually work with the "Fontwork Factory" to distort text or create custom animations. Better yet, should those features even exist? Presentations are not improved by glitz and fancy transitions, but are supported by simple and clean design.

And this is what Glide offers. Glide features a three-pane interface with a toolbar for standard operations (saving, opening, inserting text or pictures, instigating the slideshow mode) and very little clutter. The controls for managing pictures, text, background images, and transitions are docked on the right-hand side of the interface as tabs. So, when tweaking the font size it's necessary to switch to the font tab. When setting transitions, one has to switch to that tab. Adding a foreground image or background image are in separate tabs as well. The tab layout seems like a good interface decision at first, but when actually putting together a slide with several elements it can be annoying switching between the tabs frequently.

In addition to the instability, Glide is currently missing a few features that are or should be mandatory for any acceptable presentation program. For instance, Glide currently lacks the ability to re-arrange slides or export them to well-formed HTML or a video format. Carr has indicated that there will be a timeline editor soon, so this oversight should be addressed quickly. Glide does feature an export to PDF feature or to export to a directory of images, but it'd be a good thing to have the ability to export to HTML so users could post on a blog or Web site natively. Glide also lacks a system for creating slide templates, but this can be worked around by creating a single "master" slide and copying and pasting it as needed, which is what many users (myself included) already do in order to get around OpenOffice.org's ridiculously complex system for creating templates. Carr has also indicated on his blog that this feature is likely to be present in Glide sometime after the first official release.

The text controls currently lack the ability to add bullets easily. Users have easy control of font, size, color, and alignment, but no bullets. This may be more of a feature than a bug, since too many presenters fall into the unfortunate habit of bulleting their audience into a stupor. The number and type of transitions seems reasonable without too much focus on providing fancy transitions. The program is also lacking one of the better features in OpenOffice.org, the split presenter/presentation display that allows the presenter to see all slides while showing a slide on the projector or second monitor.

One possible mistake in the design of Glide is the decision to pursue another file format for the presentations. Carr has written that one of the next stages for Glide is to implement an archive file format to hold the resources for presentations, but seems to have decided not to utilize or support the Open Document Format (ODF) for presentations (ODP). This is a shame, since it seems wasteful to create yet another file format.

Overall, Glide does look promising for simple presentations once it stabilizes. Having created and given dozens of presentations, it seems to have most of the meat and potatoes features that anyone would need to create a simple and effective presentation. Since Glide is already hosted on GNOME's Git repository, one hopes it will soon see contributions from others. One of the initial complaints voiced on Carr's blog is that Glide was being written in C as opposed to GNOME favorites Python or Vala, but he seems to be going back and re-writing at least some components in Vala. Glide seems to have a bit of momentum and interest in the GNOME community, so let's hope that this push continues. It's not yet close to production quality, but with a little more work and a few more hands it could become a suitable replacement for bulkier applications.

Comments (8 posted)

Brief items

Quotes of the week

-- Peter Hutterer

-- Lennart Poettering

Comments (none posted)

New top-level Apache projects named

The Apache Software Foundation has announced the naming of a set of new top-level development projects. These include the Traffic Server, Mahout, Nutch, Avro, HBase, and Tika. "Apache Tika is an embeddable, lightweight toolkit for content detection, and analysis. Powering by MIME standards from IANA, advanced language detection features and on the ability to rapidly unify existing parser libraries, Tika provides a one-stop shop for navigating the modern information landscape."

Comments (4 posted)

Facebook releases Flashcache

Facebook has released a kernel module called Flashcache that it uses to speed up MySQL by caching data in SSD disks. The code is available on Github, but only tested for kernel versions 2.6.18 and 2.6.20. "We built Flashcache to help us scale InnoDB/MySQL, but it was designed as a generic caching module that can be used with any application built on top of any block device. For InnoDB, when the working set does not fit in the InnoDB buffer pool, read latency is significantly improved due to caching more of the working set in faster media, such as SSD's. We also improve write performance by first caching writes in SSD's and lazily flushing the data back to disk." (Thanks to Ray Van Dolson.)

Comments (12 posted)

KDevelop 4.0 released

The KDevelop 4.0 release is available. "KDevelop comes with lots of innovative features, even though many features from the 3.5 series were dropped due to a nearly complete rewrite. In particular the developers have focused on building an excellent C++ IDE instead of trying to integrate lots of languages and features halfheartedly. Of course KDevelop 4 also builds an excellent basis for other languages, the best proof for that is the PHP plugin that is released alongside KDevelop 4.0."

Comments (12 posted)

PostgreSQL 9.0 Beta 1 available

The first PostgreSQL 9.0 beta release is available. "Version 9.0 is the first version of PostgreSQL to include built-in real-time binary database replication with query scale-out, consisting of two features, Hot Standby and Streaming Replication. Combined with its other major features, version 9.0 will expand adoption of PostgreSQL by new users and in new types of applications." Now is the time for interested PostgreSQL users to help find the remaining problems and ensure a stable 9.0 release.

Full Story (comments: 8)

Poettering: Rethinking PID 1

Lennart Poettering has put up a lengthy post describing the "systemd" project, which is creating a new init system. "Now, if that's all they are waiting for, if we manage to make those sockets available for connection earlier and only actually wait for that instead of the full daemon start-up, then we can speed up the entire boot and start more processes in parallel. So, how can we do that? Actually quite easily in Unix-like systems: we can create the listening sockets before we actually start the daemon, and then just pass the socket during exec() to it. That way, we can create all sockets for all daemons in one step in the init system, and then in a second step run all daemons at once. If a service needs another, and it is not fully started up, that's completely OK: what will happen is that the connection is queued in the providing service and the client will potentially block on that single request. But only that one client will block and only on that one request." The whole thing is an interesting discussion of how system initialization should work.

Upstart maintainer Scott James Remnant has posted a response to the announcement. "So it's great to see some Fedora and OpenSuSE guys working on this too, and bringing some different ideas to the table!"

Comments (134 posted)

RedNotebook 0.9.4 released

RedNotebook is a graphical journal and diary system with an integrated calendar and cute "word cloud" displays. The 0.9.4 release is out; it has a number of new features, but the biggest would appear to be drag-and-drop support.

Full Story (comments: none)

Newsletters and articles

Development newsletters from the last week

• Caml Weekly News (May 4)
• OpenMoko Community Updates (May 1)
• PostgreSQL Weekly News (May 2)
• Python-URL! (May 5)
• Tcl-URL! (May 1)

Comments (none posted)

Can't Program, won't Program? Then Mash the Web with Mozilla's Ubiquity (Free Software Magazine)

Free Software Magazine has a look at Mozilla's Ubiquity. "The addon has been described, variously, as the social command line for the browser, a Web 3.0 mashup, verbing the internet and many more superlatives. Mozilla itself describes Ubiquity as a unique pseudo-natural-language input method and with numerous iterations Ubiquity is trying to move to the point where entirely natural language can be used to interact with the internet—obviating the need for specialist programming skills. Ubiquity 'hides' the relative complexities of Javascript and HTML-based API."

Comments (2 posted)

Aaron Seigo: i don't need no stinking nepomuk .. right?

Aaron Seigo takes a look at KDE's Nepomuk, a "social-semantic desktop project". "For me, Nepomuk's ability to index my files is a nice feature. It's also one I currently have turned off due to personal preference. Nepomuk's real feature comes in the form of all the indexing and, more importantly, correlation services it provides for all the more ephemeral data and workflow that happens on my computer. Right now Nepomuk is using less than 2MB of unshared memory on my laptop (yes, including the Akonadi bits). That's a fair price in my eyes for that functionality."

Comments (96 posted)

Haas: Big ideas [for PostgreSQL]

Robert Haas contemplates development ideas for PostgreSQL once the 9.0 release is done. "When I first started using PostgreSQL, the product had a reputation for being slow, principally because of issues relating to VACUUM. That reputation wasn't entirely justified even back then, and I think we've made enormous progress here in 8.3 and 8.4, but there might be more improvements we can make. Where are the remaining bottlenecks?"

Comments (17 posted)

Totem Gains New Features For GNOME 3.0 (Phoronix)

Phoronix takes a look at the upcoming development release of GNOME 3.0. "The first development milestone for GNOME 3.0 is expected to be reached tomorrow with the release of the unstable GNOME 2.31.1 package set. While Zeitgeist, the GNOME Shell, and Mutter are among the most talked about changes for the GNOME 3.0 desktop, many mature packages are receiving new features and work too. GNOME's Movie Player, Totem, is one of these packages receiving some attention."

Comments (22 posted)

Page editor: Jonathan Corbet

Announcements

Non-Commercial announcements

UNRWA chooses OLPC Laptops with Sugar for Major Education Project in Mideast

The United Nations Relief and Works Agency for Palestine Refugees in the Near East (UNRWA) has announced a three-year program to provide a laptop loaded with the Sugar Learning Platform to Palestine refugee children in the West Bank and Gaza, Lebanon, Syria, and Jordan. ""Empowering the next generation through knowledge and learning is central to UNRWA's education projects. We are teaching 500,000 children in the Middle East every day and having all of them with a laptop will be huge contribution to bridging the technology and knowledge gap in one of the most troubled regions of the world", said Chris Gunness, UNWRA Spokesman."

Full Story (comments: 3)

Collabora joins the GNOME Foundation Advisory Board

Collabora has joined the GNOME Foundation advisory board. "A long time supporter of GNOME and member of the GNOME community, Collabora contributes directly to GNOME projects like Empathy, PiTiVi, Totem and Epiphany."

Full Story (comments: none)

Announcing GNOME Board of Directors Foundation Elections Spring 2010

Nominations are open for the GNOME Board of Directors Foundation Elections until May 23, 2010. Voting begins May 30, 2010. Only valid GNOME foundation members may vote.

Full Story (comments: none)

Commercial announcements

Linux Fund UK Business Credit Card Available

The Linux Fund has announced the availability of a European credit card that supports Open Source projects and events with every card purchase. Businesses can apply for the card at www.linuxfund.org.

Full Story (comments: none)

Legal Announcements

Red Hat and Novell fend off a patent troll

LWN covered the IP Innovations patent infringement suit back in 2007. Now Groklaw reports that defendants Red Hat and Novell have won that suit by virtue of having invalidated the patents. "This is the result we expected and we are gratified that the jury recognized the tremendous innovative value of open source software. The jury knocked out three invalid patents that were masquerading as a new and important inventions, when they were not."

Comments (15 posted)

EFF Seeks to Protect Innovation for Social Network Users

The Electronic Frontier Foundation (EFF) has filed an amicus brief urging a federal judge to dismiss Facebook's claims that criminal law is violated when its users opt for an add-on service that helps them aggregate their information from a variety of social networking sites. "EFF argues in an amicus brief filed Monday that users have the right to choose how they access their data, and turning any violation of terms of use into a criminal law violation would leave millions of Facebook users unwittingly vulnerable to prosecution."

Full Story (comments: none)

Articles of interest

Sony Sued For Removal Of Linux Support From PS3 (IGN)

A class-action lawsuit has been filed against Sony for its removal of the "Other OS" feature from the PlayStation 3. "The suit, filed on April 27 by Anthony Ventura of California, seeks to redress Sony for the 'intentional disablement of the valuable functionality originally advertised as available' for the Playstation 3. The disabling of Linux support is not only in breach of the sales contract between Sony and its customers, the suit says, but also a deceptive business practice 'perpetrated on millions of unsuspecting customers.'" For a somewhat less neutral—potentially amusing—look see "Linux Users Spam Courts With Pointless Lawsuits" at totalplaystation.com.

Comments (17 posted)

Charlie Stross: The real reason why Steve Jobs hates Flash

Science fiction author Charlie Stross peers into the future to try to understand the latest Adobe vs. Apple squabbling. In particular, he's referring to Steve Jobs's recent missive about Flash. "Apple are trying desperately to force the growth of a new ecosystem — one that rivals the 26-year-old Macintosh environment — to maturity in five years flat. That's the time scale in which they expect the cloud computing revolution to flatten the existing PC industry. Unless they can turn themselves into an entirely different kind of corporation by 2015 Apple is doomed to the same irrelevance as the rest of the PC industry — interchangable suppliers of commodity equipment assembled on a shoestring budget with negligable profit."

Also of note is a reinterpretation of Jobs's statement (seen at BoingBoing) which substitutes "Apple" for "Adobe" and "closed" for "Flash", with amusing results: "Apple's closed products are 100% proprietary. They are only available from Apple, and Apple has sole authority as to their future enhancement, pricing, etc. While Apple's closed products are widely available, this does not mean they are open, since they are controlled entirely by Apple and available only from Apple. By almost any definition, closed is a closed system."

Comments (19 posted)

Dianne Hackborn: Multitasking the Android Way

Android developer Dianne Hackborn looks at how Android does multitasking. "A common misunderstanding about Android multitasking is the difference between a process and an application. In Android these are not tightly coupled entities: applications may seem present to the user without an actual process currently running the app; multiple applications may share processes, or one application may make use of multiple processes depending on its needs; the process(es) of an application may be kept around by Android even when that application is not actively doing something."

Comments (12 posted)

Roy: Jobs on Theora

Hugo Roy has posted an email said to be from Steve Jobs on Ogg Theora: "All video codecs are covered by patents. A patent pool is being assembled to go after Theora and other 'open source' codecs now. Unfortunately, just because something is open source, it doesn't mean or guarantee that it doesn't infringe on others patents. An open standard is different from being royalty free or open source."

Comments (98 posted)

Total victory for open source software in a patent lawsuit (opensource.com)

Red Hat assistant general counsel Rob Tiller writes about the IP Innovation case on opensource.com. "It was clear during jury selection that our jurors had no prior knowledge of, or experience with, open source. Plaintiffs attempted to exploit this inexperience by arguing that open source software involved behavior that was, if not downright illegal, at least ethically dubious. They promoted the fallacy that open source distributors unfairly take the property of others and thereby unfairly profit. They also suggested that Red Hat's public criticisms of the U.S. patent system as it relates to software and related calls for legal reform were un-American and indicated a secret fondness for the writings of Karl Marx."

Comments (14 posted)

Nokia and Intel defensive on MeeGo Linux patents (Register)

The Register ponders the future of MeeGo with an emphasis on patent issues. "Ari Jaaksi, Nokia's vice president of MeeGo devices, told The Reg Tuesday that Intel and Nokia could 'guarantee and promise' that MeeGo is safe from any and all patent claims because of the size and breadth of the companies' patent portfolios, and also because of the size of Intel and Nokia themselves."

Comments (12 posted)

H.264, patent licensing, and you (Engadget)

Engadget tries to clarify the patent situation around the H.264 codec. "So the real choice for most companies is to sign up with H.264 and the MPEG-LA in return for a baseline level of legal protection and broad compatibility with a codec that's been widely adopted in the market, or to go with Theora, save the money upfront and risk a patent lawsuit down the road while shipping a potentially inferior product. Depending on your point of view, that's either quite a racket the MPEG-LA's got going or it's just ruthless tech industry business as usual, but there's the fundamental situation."

Comments (25 posted)

Resources

CE Linux Forum Newsletter: April 2010

The April 2010 edition of the CELF newsletter covers Embedded Linux Conference 2010 report, LinuxCon Japan 2010 - Call for Participation Closes on May 14, Call for Presentations: Embedded Linux Conference Europe (ELCE) 2010, CELF Announces Contract Work for 2010, eLinux wiki Editor Contest, and Recent Content Added To The eLinux wiki.

Full Story (comments: none)

Contests and Awards

FSFE founder Georg Greve awarded German Cross of Merit

Georg Greve, founding president of the Free Software Foundation Europe, has received the Cross of Merit from the Federal Republic of Germany. Georg received this award from the German President for his work on Free Software and Open Standards. ""FSFE is very proud to have a 'knight' among its team," says FSFE's president Karsten Gerloff. "Georg's tremendous dedication to freedom in technology has been a driving force for Free Software in Europe and around the world. He has put Free Software on the political agenda, and has created the structures to harness the community's energy towards our common goals. His hard work over more than a decade has brought enormous progress for Free Software.""

Full Story (comments: none)

Event Reports

MeeGo Presentations from the Linux Foundation Collaboration Summit

Linux.com's MeeGo Blog collects all the MeeGo presentations from the Linux Collaboration Summit. "The MeeGo project was featured in two keynotes and an all day session during the Linux Foundation Collaboration Summit."

Comments (none posted)

Calls for Presentations

ELC-EUROPE call for proposals

CE Linux Forum has announced the Embedded Linux Conference Europe (ELC-E) will take place October 27-28, 2010, in Cambridge, UK. Proposals for presentations, demos and Birds-of-a-Feather sessions must be received by June 30, 2010.

Full Story (comments: none)

Upcoming Events

Community Leadership Summit, July 17-18, Portland

On Linux.com, Jono Bacon posted a reminder about the Community Leadership Summit, which will be held just before OSCON, July 17-18 in Portland, Oregon. "This is the second incarnation of the popular event designed to bring together community leaders and managers and the projects and organizations that are interested in growing and empowering a strong community. The event provides an unconference style schedule in which attendees can discuss, debate and explore topics. This is augmented with a range of scheduled talks, panel discussions, networking opportunities and more."

Comments (none posted)

GStreamer Conference 2010 Announced

The first GStreamer Conference will take place in Cambridge, United Kingdom on October 26, 2010. "In conjuction with the CE Linux Conference Europe we are happy to host and arrange the first full day conference focusing on GStreamer and related technologies. Speakers from a wide range of companies and fields will attend to speak about available GStreamer technologies and future developments."

Comments (none posted)

Events: May 13, 2010 to July 12, 2010

The following event listing is taken from the LWN.net Calendar.

Date(s)	Event	Location
May 10 May 14	Ubuntu Developer Summit	Brussels, Belgium
May 17 May 21	Fourth African Conference on FOSS and the Digital Commons	Accra, Ghana
May 18 May 21	PostgreSQL Conference for Users and Developers	Ottawa, Ontario, Canada
May 24 May 25	Netbook Summit	San Francisco, CA, USA
May 24 May 26	DjangoCon Europe	Berlin, Germany
May 24 May 30	Plone Symposium East 2010	State College, PA, USA
May 27 May 30	Libre Graphics Meeting	Brussels, Belgium
June 1 June 4	Open Source Bridge	Portland, Oregon, USA
June 3 June 4	Athens IT Security Conference	Athens, Greece
June 7 June 9	German Perl Workshop 2010	Schorndorf, Germany
June 7 June 10	RailsConf 2010	Baltimore, MD, USA
June 9 June 11	PyCon Asia Pacific 2010	Singapore, Singapore
June 9 June 12	LinuxTag	Berlin, Germany
June 10 June 11	Mini-DebConf at LinuxTag 2010	Berlin, Germany
June 12 June 13	SouthEast Linux Fest	Spartanburg, SC, USA
June 15 June 16	Middle East and Africa Open Source Software Technology Forum	Cairo, Egypt
June 19	FOSSCon	Rochester, New York, USA
June 21 June 25	Semantic Technology Conference 2010	San Francisco, CA, USA
June 22 June 25	Red Hat Summit	Boston, USA
June 23 June 24	Open Source Data Center Conference 2010	Nuremberg, Germany
June 26 June 27	PyCon Australia	Sydney, Australia
June 28 July 3	SciPy 2010	Austin, TX, USA
July 1 July 4	Linux Vacation / Eastern Europe	Grodno, Belarus
July 3 July 10	Akademy	Tampere, Finland
July 6 July 9	Euromicro Conference on Real-Time Systems	Brussels, Belgium
July 6 July 11	11th Libre Software Meeting / Rencontres Mondiales du Logiciel Libre	Bordeaux, France
July 9 July 11	State Of The Map 2010	Girona, Spain

If your event does not appear here, please tell us about it.

Page editor: Rebecca Sobol