LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Announcements
->Multipage format
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for July 15, 2010Free software in production use on Ben Franklin DayThe Journal Register Company (JRC) owns newspapers around the United States, and like many print media companies is looking to adapt its business and news-gathering models for the Internet era. On July 4th, 18 of JRC's papers published print and online editions using a "free" and "open" workflow, in homage to the Independence Day holiday. Dubbed the Ben Franklin Project, the effort combined crowdsourcing, interactive news gathering, and free software. JRC's Vice President of Content Jon Cooper provided an overview of the processes used by the various papers, including letting citizens suggest story ideas and improvements, posting story budgets, incorporating interactive online content, and using social media tools to gather news, not just to publicize it. That dimension focused mostly on engaging the local community with the newsroom staff, in a sense opening the process of producing the news. Of more interest to LWN readers, perhaps, was the decision to only use a free toolchain to produce the final product. Slashdot picked up a blog post from one of the papers, The Saratogian, which outlined the use of the desktop publishing tool Scribus, the SeaShore image editor (a Mac OS X raster editor based originally on GIMP code), WordPress, and Google Docs. The story submitter and several commenters seemed to come away from the post with the impression that the newspaper found the software not-ready-for-prime-time, latching on to a quote four paragraphs in that said: "The proprietary software is designed to be efficient, reliable and relatively fast for the task of producing a daily newspaper. The free substitutes, not so much." Scribus and other free software applicationsWhen you look at the reports of all of the participating papers and JRC itself, however, it is clear that the above comment is not to be taken too seriously. All eighteen participating papers published their Scribus-built editions on time, and with positive results. To be sure, a few encountered trouble along the way. The Delaware County Times live-blogged page layout, noting at one point that the program was crashing whenever the editor attempted to import a particular image, and mentioning the time involved in finding specific fonts, but the staff ultimately finished the issue. The Saratogian noted that the most time-consuming process was reproducing the paper's page templates in Scribus. But the New Haven Register, Oneida Dispatch, the Daily Local News, the other papers, and JRC management reported that the experiment was a success. The papers spent a month prior to Ben Franklin Day training staff on Scribus, both with the official documentation and with third-party online tutorials. Editor Jack Kramer of the New Haven Register said that the staff adapted to Scribus "pretty quickly," but that, although the documentation was important, what proved more important were the in-house training and support groups that the paper formed, which worked together and "perfected the program usage." Karl Sickafus of the Daily Local called Scribus "arguably, the single most valuable find of the Ben Franklin project" and wrote that his staff even went so far as to write custom scripts to import content from the paper's database directly into Scribus. He then speculated that such a system could easily replace the proprietary ad tracking, advertising, and editorial systems JRC uses today. Kramer and several of the other editors mentioned using both GIMP and SeaShore for image editing, though Kramer noted that his photo editor was not "totally satisfied" with SeaShore. All of the participating papers published their content to a mirror site running Wordpress in addition to their regular web site. In an interesting footnote, the Slashdot debate veered into an argument over the oft-cited issue that the name "The Gimp" (though the project uses "GIMP" these days) is off-putting or offensive, and drives potential users away without even trying it. When asked whether anyone at the New Haven Register was bothered by the name, Kramer replied simply "not at all." Google Docs and other missing piecesSome of the papers (such as The Morning Sun) used Open Office for story writing, but Google Docs was widespread. Predictably, in the Slashdot story and in several of the comment threads on the individual newspaper sites, free software advocates took issue with the decision to use Google Docs in a "free software" experiment, noting accurately that the tool is not open source or free software. Indeed, several of the papers blur the line between "free to use" and "software freedom," a mistake certainly not limited to this particular field. An anonymous New Haven Register staffer provided more background on that decision in a comment on the paper's blog, saying "We ordinarily write our stories in a content-management system that costs money for us to use, and its purpose is to manage content for the print edition only — not our website." Because it was used to replace a content management system (CMS), presumably the critical feature of Google Docs was collaborative editing in this case, so the lack of it in the other open source tools led to Google Docs adoption. That includes WordPress, which the papers used to publish their online editions. Although multi-user editing is possible in WordPress, the newsrooms evidently found it lacking. The newsroom-oriented CMS Campsite may simply have been overlooked. It is also interesting to note what other free-to-use proprietary applications were selected; this is real-world feedback that the open source community should take note of. Most of the papers used existing social networks like Facebook and Twitter to solicit feedback from the local community. Almost all used video, but chose proprietary video editing and hosting tools. Finally, though the papers used SeaShore to edit photographs, it appears that none used a free raw conversion tool — perhaps because, as SeaShore indicates, the photo staff is equipped with Mac OS X, for which the free raw converters do not provide regular builds. News for tomorrowHaving read all of the available accounts of open source's performance on Ben Franklin Day (some papers have yet to publish results online), Scribus and the other applications seem to have performed well. What happens next is the challenge. Sickafus observed: We can literally do EVERYTHING we do using nothing but freeware. We just proved that. But, what are we going to do with than newly generated energy? Are we going to go back to doing the "things we do" the same way we are accustomed to, while reminiscing of the long forgotten Ben Franklin project? That would make absolutely no sense what so ever.
He advocates devoting financial resources that would be spent on proprietary content management and ad systems instead to adapting open source solutions. Reporter Ron Nurwisah recommends essentially the same thing, looking at the cost of dozens of licenses for Adobe products. Neither position would surprise long-time free software advocates; still, it is refreshing to witness an industry realize the potential of open source software. JRC has kept its Ben Franklin Project WordPress site active since July 4th, posting discussions on where the company needs to go next, and exploring other open source applications. In addition, Cooper recently wrote to the Scribus mailing list to initiate a dialog with the development team about what the papers had learned. There is still no official announcement from any of the papers about the permanent addition of open source to their newsrooms. Based on the results so far, though, an announcement like that may not be all that far off. [ Our thanks to Jay R. Ashworth for pointing us in the direction of this topic. ]
A guide to successful FOSS conference presentationsWe just wrapped up the Ohio LinuxFest call for presentations, so pitching presentations is on my mind. Regional, volunteer-run conferences are not only a good way for people without a travel budget to see some big names in open source, they're also a way for first-time or inexperienced speakers to hone their presentation skills. Regional conferences also provide an excellent forum to educate users about your favorite project or topic. But competition for speaking slots can be fierce. Established conferences like SCALE, Ohio LinuxFest, and others receive many more proposals than available slots. For example, the 2010 call for presentations for Ohio LinuxFest received about 120 proposals for less than 30 speaking slots. Some of the talks for regional conferences will quickly go to experienced speakers who have presented at the show before and/or have established a name for themselves as a topic expert and competent presenter. But most presentation committees for community shows also try to select local talent who are new to presenting, and those slots will go to the speakers with the best proposals. Pitching your Proposal"Submit early and often" is a good rule of thumb. Speakers should develop at least two presentation ideas, and submit them as early as possible — certainly well before the deadline. It's usually a bad idea to wait until the last minute to submit a proposal. In some cases, the committee takes note of which talks come in early. Even if that isn't the case, waiting until right before the deadline usually means that the proposal you submit will not be of the same quality as a proposal developed over the space of a few days. Submitting multiple talks boosts your chances if the committee likes you as a speaker, but doesn't like one of your topics or has to choose between you and another speaker who submitted a similar topic. Presentation titles should be descriptive, short, and ideally something that will grab the attention of the presentation committee. A title like "Improving Kernel Contributions" is good, but "Anatomy of a Failure" was likely to garner more attention. No matter how good the presentation title, the abstract has to live up to it, provide the committee with enough information to understand what the talk is about, and convince them that you'll put in the preparation time. There's little confidence that a prospective speaker who submits a one-sentence proposal is going to put in the time necessary to deliver a really excellent talk. And that is the goal of any good presentation committee: filling the schedule with talks that are not merely adequate, but ones that are excellent. An excellent abstract explains what the topic is, the scope of the talk, and what the audience will learn during the presentation. The last is particularly important. Many submissions merely describe the topic, but the best submissions explain what the audience will gain from attending the talk. Most calls for presentations will also seek a biography. Writing a biography is often an unpleasant exercise, but it's the best opportunity to show the presentation committee that you are actually the right person to present a given topic. Or not. If two people submit an "Introduction to Fedora" presentation, one of them being Paul Frields, guess who's most likely to be awarded the slot? This is another reason to think hard about your topic, pitch more than one idea, and try to choose something unique. Feel free to contact the chair of the presentation committee if they're listed on the Web site and you need clarification on what the committee is looking for. Preparing the TalkDon't make the mistake of starting with slides when preparing a presentation. In fact, you probably shouldn't be at the computer at all when preparing the first draft of your presentation. Instead of firing up OpenOffice.org Impress or creating slides using LaTeX's Beamer class, grab a stack of index cards and head off to somewhere quiet. For most presentations, you should have an introduction that describes what the audience will learn and the key ideas or information you want to impart. For a standard 60-minute slot, you should focus on no more than three to five major ideas. Once you've mocked up your talk on paper, then it's time to start preparing slides. Use whatever tool you're most comfortable with but avoid writing out the entire talk on your slides. Your audience is not there to read your presentation, they're there to watch and hear you. Many presenters tend to cram slides with information and then stand in front of the audience reading the slides. This is a sure sign of a talk that will put the audience to sleep. If your audience can glean as much information from the slides as your actual presentation, you're not doing your job as a presenter. With some exceptions, such as highly technical talks that require code examples or other supporting text, your slides should be uncluttered and only contain the basic ideas of what you're saying. Slides exist to support the speaker, not the other way around. Also, a word of advice about technical problems. Come prepared to give your talk with no slides at all. If your laptop fails, the projector dies, or any other audio/visual catastrophe occurs, you should be able to give a talk with no slides at all. The best bet is to have index cards or a bulleted list of ideas that you can use to refresh your memory if showing the slides fails for some reason. Again, if by the day of your presentation you're not ready to do the presentation sans slides, you have failed to prepare adequately. This is a lesson I learned the hard way at FOSDEM. Giving a talk on openSUSE, I was too used to referring to the slides and not comfortable giving the talk extemporaneously — despite knowing the topic cold. The projector and sound system developed a major glitch, so I was forced to work with no slides. I gave a substandard talk because I didn't have adequate paper backup and hadn't practiced the talk enough. Max Spevack followed my talk and had the same A/V problems that I had, but was able to do a fine talk using his notes. That was the last time I walked into a room to present without being fully prepared to give a talk with no slides at all. The more practice you have, the better. Don't simply read through slides at the computer. Stand up and practice delivering your presentation out loud, preferably while looking at a mirror. If you have a willing audience, practice in front of them. Focus on making eye contact, smiling, and speaking at a slower pace than usual. Remember that people are far more likely to remember the overall tone of the talk and general topics than details. If you're hoping to impart every detail of developing with Django in 60 minutes, you'll probably fail. Emphasize a few key concepts that you'd want attendees to remember, and focus on delivering an enjoyable presentation. Timing is extremely important. Practice the timing so that you have enough material to fit the time, minus time for questions and answers, and no more. A common mistake is to show up with far more material than is possible to present in the time allotted. This not only robs the audience of the chance to ask questions, but also means you probably won't do a good job of presenting all of the material. PresentingThe other reason to practice extensively is to calm your nerves. Most people find public speaking unsettling to some degree, but knowing the presentation (and topic) backwards and forwards goes a long way towards making public speaking more comfortable. See Scott Berkun's Confessions of a Public Speaker for some excellent anecdotes and rationale why people find public speaking so uncomfortable, as well as expansive advice on improving speaking skills. It's important to remember that most audiences are friendly and wish to see a good talk. They do not expect you to be a great entertainer or to exhibit unnatural brilliance. Focus on making eye contact, speak slowly, and pause from time to time to gather your thoughts. Don't be afraid of a moment or two of silence. Do be conversational and vary your tone; try to engage the audience. Don't be afraid to ask questions, as it's a good idea to try to get the audience to focus on you rather than the slides or (worse) their cell phones and laptops. Giving a good presentation is not rocket science, or even kernel development. It is, however, a fair amount of work. Expect to spend at least ten to fifteen hours developing and practicing a good presentation. If it's your first, you might want to put in even more time. This might sound like a lot of work for an hour in front of an audience, but it's well worth it. You'll find that you learn a great deal about a topic, even one you're an expert in, by preparing to deliver a presentation.
Author interview: UNIX and Linux System Administration HandbookOne of the best references for Linux and UNIX system administrators over the years has been the "Handbooks" (either Linux Administration Handbook (LAH) or UNIX System Administration Handbook (USAH) at various points). But the last edition was published in 2000 (as USAH), and included information on then-current Red Hat Linux 6.2 and FreeBSD 3.4. A new, updated version, UNIX and Linux System Administration Handbook, Fourth Edition (ULSAH), is due out any day now, and the principal authors, Evi Nemeth, Garth Snyder, Trent R. Hein, and Ben Whaley, agreed to answer some questions for LWN readers. Below are their answers on the book, the impact of Linux, the future for UNIX and Linux, and more. LWN: Could you all please introduce yourselves? What are you working on when you're not writing system administration books? Ben: I wear a bunch of different hats as an engineer at AppliedTrust in Boulder. In addition to consulting on architecture and operations in UNIX and Linux environments, I think a lot about next generation technologies. Virtualization (in its myriad forms), application security, and the adoption of open source are all of interest. I also have a interest in the history of computing generally, and of UNIX and Linux in particular. Outside of computing, I enjoy the republic of Boulder as much as possible. Garth: I was one of the original authors of the UNIX book lo these many years ago, but I've spent time on a variety of projects since then. Over time, I've actually done more software development than administration. Evi: I'm Evi Nemeth, former Computer Science faculty at the University of Colorado. I'm now out of the UNIX/Linux/CS world altogether; I retired, bought a sailboat, took off and am currently in French Polynesia, half way across the Pacific en route to New Zealand. I'm working on making my boat single-hander-friendly for when I run out of crew. I do have email on the boat via my ham radio; it's like uucp at about 100 characters per minute. Trent: I'm a scientist at heart, and I love understanding all the layers of a system. When I'm not writing, I'm deep in the trenches working on IT infrastructure issues that range from low-level technical issues to policy and management.
Ben: We anticipate a mid to late July shelf date. There is loads of new material in this combined UNIX and Linux edition, including new chapters on virtualization, scripting, and green IT practices. I'm very pleased with the new set of cartoons and cover art. Also, I'm thrilled to be included as a new author after contributing to the 2nd edition of the Linux book. Garth: Many of the existing chapters have had near-complete rewrites as well. You might think that long-standing, basic technologies like disk storage and email would be relatively stable, but that's not true at all. The way that most sites manage these resources has changed completely just in the last five years or so. Evi: LAH and USAH have merged back together. It's due out sometime soon (July 2010). I'm most excited that it's finally done; I left the boat in Panama and came back to Colorado for a year to work full time on the book — it's a huge amount of work. Trent: It better be in bookstores in the next 2 weeks!! I'm super excited about the new Green IT section — it presents opportunities for sysadmins to make a huge difference to our planet. LWN: What led to the decision to combine the UNIX and Linux versions of the book? Ben: Linux is recognized as an enterprise-grade operating system that has proven its capabilities throughout the explosion of computing in the last twenty years. It has significant momentum behind it, much more so than other leading UNIX variants. One could argue that UNIX lives on but looks to Linux as its leader. It has enough in common with traditional UNIX that it make sense to cover it all in one place. Garth: One factor that's helped make it possible to reintegrate is the dramatic shakeout in the UNIX market. There simply aren't as many major versions of Unix around as there were ten years ago. We've seen a similar consolidation in the Linux arena as well, with most activity consolidating around a few major distributions. Evi: Personally, I'm not sure we should ever have separated UNIX and Linux into 2 books. We thought that conditional text (if Linux, blah, blah, else ...) would make it easy to manage both books with minimal effort. Not true. We also feel that this is probably the last edition that will be on paper and maybe the last edition period, so if we are doing one last book, let's cover all the systems we can. I'm sorry we didn't manage to include MacOS too. Trent: Combining the books makes sense because system administrators manage both UNIX and Linux systems ... organizations shouldn't be separating duties for these platforms since they're so similar. LWN: A lot of old-time Unix folks were taken by surprise when Linux hit the scene. You've seen a lot of Unix variants come and go; what, do you think, accounts for the way that Linux has been able to displace Unix in so many settings? Evi: I think the fact that Linux ran on PCs instead of the special vendor specific hardware of most UNIX systems gave Linux a leg up. University students ran Linux on their PCs, graduated, and went to work in corporate America (Europe, etc.). Linux also embraced (or tolerated) Windows more than the UNIX vendors and found ways for the systems to co-exist peacefully. Trent: The community. It's a lot easier to support Linux these days because if there's any issue, there are hundreds or thousands of people to turn to on the 'net for help. It's a lot easier than sitting on hold with a vendor's call center for hours. LWN: What do you think is the future of "true" Unix? Ben: In the near term I believe that UNIX environments will continue as they have, serving as venerable, tenured systems with proven stability and some powerful capabilities. Most of the UNIX systems I work with run heavy databases or specific enterprise applications. OpenSolaris is an impressive system with advanced features that don't exist elsewhere. In the longer term, it seems to me that Linux will displace UNIX. All the major vendors contribute to Linux's development (as LWN's own data suggests) and even promote standardization. Garth: Traditional Unix vendors don't have the resources to compete against Linux on every front, so they've had to pick their battles and concentrate on distinguishing themselves through enterprise features such as database or filesystem performance. However, the number of domains in which it's possible to demonstrate a proprietary advantage over Linux is continuously shrinking. I don't see any reason for the current trends to change, so I'm pessimistic about the future of traditional Unix. Evi: UNIXes that run on PC hardware will survive in niches — FreeBSD in embedded systems, OpenBSD in security conscious spots, Open Solaris if Oracle leaves it alone, etc., but systems on proprietary hardware (AIX, HP-UX, Solaris) will continue to decline in market share. Note that each of these three vendors is hedging their bets with a Linux product or with a Linux that runs on their hardware. Trent: There's such a large installed base that I think Unix is going to be around for a very long, long time. But, I can tell you that almost all the new infrastructure I build is on Linux. LWN: Is the success of Linux a good thing? Or would we be better off now if some version of Unix had established itself more strongly in the open-source era? Ben: I was introduced to Linux before UNIX, and I suspect that I wouldn't be on the same path that I'm on today without it. In fact, I grew up from adolescence using Linux and today I look at closed systems as a broken, legacy model of development. I love the creativity and community that open systems offer. To me it's a great thing that has kept UNIX alive. Garth: In some ways, this is like asking, "The rise of humanity: good or bad?" Linux has warts, but so do the alternatives. It's not the solution so much as the context in which other things happen. Outside of a thousand minor differences, there really isn't a dime's worth of difference between the various Unix-like operating systems. They are all basically the same. (Well, except perhaps for AIX. Whatever else one might say about it, it's definitely not the same.) Fundamental, game-changing advances — such as Solaris's ZFS filesystem — are few and far between. Evi: Yes, the success of Linux is a very good thing. Each open source "Unix" has strengths. Linux is quick to see a cool idea in another system, re-engineer it, and voila, it's part of Linux too. Trent: Linux is great!! In a way, Linux is really UNIX for the people. We needed that. It's forced the entire industry to be more open, which I'm not sure a more established open-source UNIX would have achieved because it's inspired a shift in mindset. LWN: If you could command the Linux development community to do one thing that would make life easier for system administrators, what would it be? Ben: Settle on a few more standards, such as log formats, command line arguments, configuration file syntax, and extensibility. As always, the more documentation, the better. Active communities where developers and users interact are extremely valuable. Garth: Unix and Linux developers have traditionally designed software to be as flexible and configurable as possible. A good example of this approach is the original sendmail, which knew practically nothing about email addressing or transport until you manually programmed that knowledge into its configuration file. Many common systems still take that general approach: here's the tool kit, build whatever you like. Have fun! This approach has its advantages, but it also imposes a cognitive burden on everyone downstream of the developers. I'd like to see more focus on simplicity and predictability in Linux distributions and less concern about hypothetical scenarios and edge cases. A Linux server may be a lot more complicated than an iPhone, but it surely doesn't need to be 1000 times more complicated, as it currently is. Unfortunately, it's especially hard to promote simplicity and clarity in the open source world. It's easy to accept patches that add incremental features but hard to remove anything or break compatibility. Reaching design consensus on future developments is hard enough without revisiting the messes of the past. Evi: Standardize! Make command names, arguments, and behavior the same. Get rid of the not-invented-here attitude. Trent: Keep it simple. The early success of both UNIX and Linux can be attributed to their simple, modular approach. Too often these days folks are developing packages that are like a giant corn maze (but I won't name any names!). We'll all get farther if the development community is focused on simplicity and modularity. LWN: The world is now full of Linux users and administrators who have never touched a traditional Unix machine. What lesson from Unix do these folks risk missing in a Linux-only world? Garth: The Linux community has put a lot of effort into strip-mining the UNIX systems of the past and digging out the nuggets of value that weren't nailed down. So no, I don't think administrators unfamiliar with traditional UNIX systems are missing too much. On the other hand, we do seem to be stuck in about 1990 with respect to our basic idea of what an operating system should be. Look at all the incredible developments we've seen over the last 20 years in application and web development; software is completely different now. I hope the triumph of UNIX and Linux don't lock us into the POSIX API indefinitely. Evi: This generation of Linuxites have used UNIX, Linux is a UNIX system. It has commands that you type to a shell instead of driving thru a zillion menus, it has all the important concepts of UNIX, like pipes and input output redirection, it has man pages, ... Trent: Process adherence. In the UNIX world of yesterday, we had giant machines that filled an entire room, and dozens or hundreds of users shared them. In order to achieve a reasonable service level, system administrators had to be very process-focused, else they would impact many users if a mistake occurred. Today, a single user may have dozens of systems, physical and virtual. System administrators still need to have a well-developed, well-followed set of processes to maintain them to provide an even higher level of service. LWN: The world is also full of energetic new developers for whom open source has always just been part of the environment. These developers will be creating our next generation of systems. What kind of operating systems do you hope they will build, and what advice would you offer them on their way? Ben: The cloud is clearly the direction that is currently leading the pack, and I'm anxious to see what happens next in the space. I hope that open source development continues to thrive. It will also be interesting to see what happens with security. People are paying a lot of attention to it these days, and we're well positioned to fix the less secure, trust-based models of earlier systems. Evi: A fundamental principle of UNIX-ish operating systems is that they provide commands that do one thing well and then the plumbing to hook them together to get a final result. Windows-ish operating systems try to think of everything a user might want to do and make a command or option for it. If the Windows developer didn't think of the thing you need to do, you are out of luck. Next generation operating systems need the UNIXy approach. Keep things simple, take small steps, but do it well. Trent: I hope they build operating systems that perform well. Back in the day, we had to optimize for every last cycle, because cycles were few. Some new OS developers have had the luxury of hardware being abstracted from them, and it's easy to forget what really happens at that layer. It's easy to fall into a pattern of slapping layer upon layer, resulting in a lot of kernel and application bloat. Keep it simple, and think about how to optimize for performance. LWN: Anything else you would like to say to LWN's readers? Ben: I'm a lurker on LWN and I've learned a lot from both the articles and the comments. I appreciate the active open source community on the site. Thanks for reading. Garth: I'm excited about Btrfs and really looking forward to its debut as a production system. Check it out! Evi: I need crew. Is there anyone out there (between jobs maybe) who isn't busy between September and November 2010? We share expenses on consumables; I pay for boat maintenance. Trent: I hope in UNIX and Linux System Administration Handbook (4th Edition) we teach folks how to be good system administrators and find answers on their own, rather than providing every possible answer for them. System administrators need knowledge acquisition and problem solving skills more than anything. We would like to thank Evi, Garth, Trent, and Ben for taking the time to answer our questions.
Security An interesting DNSSEC amplificationA recent report clearly demonstrates that computer security is not exempt from the "law of unintended consequences". As DNSSEC (Domain Name System Security Extensions) is rolled out, we will likely see various kinds of unanticipated problems in that system which is meant to secure the internet name resolution process. One of the concerns about DNSSEC has always been the amount of additional traffic it would generate, as well as the processing burden on DNS servers—both of those came into play here. The report from Cisco reads a bit like a detective story. A particular DNS server saw a sudden 2-3x increase in its traffic, which at first glance appeared to be some kind of denial of service (DoS) attack. Further investigation showed that the query rate jumped from tens of queries per second (qps) to around 3000 qps. Because it was a DNSSEC signed zone, each query required two responses—a key resource record (DNSKEY RR) and a signature RR (RRSIG RR)—totaling more than 1K in size. That led to response traffic of 35 megabits per second (3000+ queries x 1K+ bytes). When a small amount of data can be sent that generates a much larger response, there is an "amplification" effect going on. That means that an attacker can use much less of a resource, bandwidth say, than the victim must use to respond. So, a small bandwidth investment, spread out over a large number of attackers (in a DDoS, distributed DoS), can easily cause a victim to generate more traffic than it can handle. Because DNS typically uses UDP to eliminate the connection establishment overhead of TCP, it also makes it easier for attackers, as they don't need to use state-tracking resources on their end. These kinds of amplification attacks are well-known for the existing DNS. It is also understood that DNSSEC adds other amplification possibilities, but those known cases were not the cause of the problem that Cisco investigated. In analyzing the data from this event, it was determined that a very small fraction of clients (1,000 out of 500,000-1,000,000 daily unique clients) were making repeated queries for the same DNSKEY RR. It could have been from some kind of bug in certain DNS clients, but because the event was so sudden, it suggested that there was some kind of "external trigger". An obvious trigger would be a change to the DNS information being served and that was in fact the case: the cryptographic keys had been changed on the day of the traffic increase. Normally, a key rollover is handled by keeping both keys around for an overlap period and signing resource records with both keys during that time. Either key can be used to verify the signature during the overlap, and eventually the old key can be deprecated and then removed. Keys are signed by a parent server's key (i.e. example.com's key is signed by the .com server's key), all the way up to the key used to sign the root keys. Today, those root keys are often stored locally by the client as "Trust Anchor". If a client cannot verify a signature with a key that it has in its cache, it will request a new key from the parent, because it assumes the key has changed. Before it requests a key from the parent, though, it re-requests the key from the server it is talking to, because it assumes that it is getting bogus responses from some kind of attack. If it really were an attack, that would be the right response, but if there were some misconfiguration on the part of the client, it would just make the problem worse. It turns out that some clients were distributed with a static set of Trust Anchors. Once those keys were rolled over, those clients were out of date and could no longer resolve names associated with those parts of the DNS hierarchy. But, the amplification turns out to be quite a bit larger than just a handful of retries for an affected server. When a client cannot verify a signature, it will do a depth-first search of the alternative name servers, querying each server to try to find keys that it can use. There are 14 .com name servers, and potentially several name servers for example.com. This leads to a combinatorial explosion of sorts, where a query for a single host name (test.example.com for example) in a simple configuration (two example.com name servers) leads to 844 separate queries. Other, much worse, scenarios are described in the report. It is interesting that perfectly reasonable behavior by clients who have ended up with outdated information can lead to such a huge increase in the traffic that DNS servers, especially the root servers, may have to handle. The conclusion from the Cisco report is certainly eye-opening:
It is an inherent quality of the DNSSEC deployment that in seeking to
prevent lies, an aspect of the stability of the DNS has been weakened. When
a client falls out of synchronization with the current key state of DNSSEC,
it will mistake the current truth for an attempt to insert a lie. The
subsequent efforts of the client to perform a rapid search for what it
believes to be a truthful response could reasonably be construed as a
legitimate response, if indeed this instance was an attack on that
particular client. Indeed, to do otherwise would be to permit the DNS to
remain an untrustable source of information. However, in this situation of
slippage of synchronized key state between client and server, the effect is
both local failure and the generation of excess load on external
servers-and if this situation is allowed to become a common state, it has
the potential to broaden the failure state to a more general DNS service
failure through load saturation of critical DNS servers.
This aspect of a qualitative change of the DNS is unavoidable, and it places a strong imperative on DNS operations and the community of the 5 million current and uncountable future DNS resolvers to understand that "set and forget" is not the intended mode of operation of DNSSEC-equipped clients. The last paragraph is particularly worrisome. One would guess that a few years down the road, most clients will be DNSSEC-equipped. And most will be in the hands of users who know nothing about key rollover, amplification, DoS, or, for that matter, DNS or DNSSEC. It will be up to the vendors and distributors to ensure that the "forget" part of "set and forget" doesn't happen. It is not hard to envision some kind of nasty apocalypse lurking for DNSSEC if that's not the case.
Brief items Quotes of the week
Yay
Brazil!. They're making it illegal to use DRM to prevent
"fair dealing" with copyrighted works, or access to works which are in the
public domain. It's also legal to "crack" DRM if you're only doing it for
the purpose of "fair dealing".
-- David
Woodhouse
For years we've been bombarded with scare stories about terrorists wanting to shut the Internet down. They're mostly fairy tales, but they're scary precisely because the Internet is so critical to so many things.
-- Bruce
Schneier on the "internet kill switch"
Why would we want to terrorize our own population by doing exactly what we don't want anyone else to do? And a national emergency is precisely the worst time to do it.
New vulnerabilities abrt: unnecessary setuid
cups: multiple vulnerabilities
ghostscript: multiple vulnerabilities
gnomine: unnecessary setgid
gv: multiple vulnerabilities
kernel: multiple vulnerabilities
kernel: multiple vulnerabilities
libmikmod: arbitrary code execution
libtiff: denial of service
libtiff: multiple denial of service flaws
opera: multiple vulnerabilities
pam: local root privilege escalation
python-cjson: denial of service
python-mako: cross-site scripting
qt: multiple vulnerabilities
scsi-target-utils: denial of service
w3m: man-in-the-middle attack
znc: denial of service
Page editor: Jake Edge Kernel development Brief items Kernel release statusThe current development kernel is 2.6.35-rc5, released on July 12. "And I merged the ARM defconfig minimization thing, which isn't the final word on the whole defconfig issue, but since it removes almost 200 _thousand_ lines of ARM defconfig noise, it's a pretty big deal." We looked at the ARM defconfig issue a few weeks back, and Linus has pulled from Uwe Kleine-König's tree that provides a starting point for the defconfig cleanup. The short-form changelog is appended to the announcement, and all the details are available in the full changelog. Five stable kernels were released on July 5: 2.6.27.48, 2.6.31.14, 2.6.32.16, 2.6.33.6, and 2.6.34.1.
Quotes of the week
hrmpf, one of those wonderful messages where neither it nor its source
code give you any clue regarding what caused it nor how to fix it.
-- Andrew Morton
This has been an especially interesting year in the field. We've landed the
infrastructure for generic runtime power management, glued that into PCI
and started implementing that at the driver level. pm_qos is being reworked
to improve performance and scalability as we start seeing more drivers that
need to express their own constraints. And, of course, we had the
wakelock/suspend blockers conversation that didn't end in a terribly
satisfactory manner, although Rafael is now working on an implementation
that presents equivalent functionality with a different userspace API.
-- Matthew Garrett
gives an overview of the world of Linux power management
Kernel development news Kernel development statistics for 2.6.35In the tradition of summarizing the statistics of the Linux kernel releases before the actual release of the kernel version itself, here is a summary of what has happened in the Linux kernel tree over the past few months. This kernel release has seen 9460 changesets from about 1145 different developers so far. This continues the trend over the past few kernel releases for the size of both the changes as well as the development community as can be seen in this table:
Perhaps our years of increasing developer activity — getting more developers per release and more changes per release — has finally reached a plateau. If so, that is not a bad thing, as a number of us were wondering what the limits of our community were going to be. At around 10 thousand changes per release, that limit is indeed quite high, so there is no need to be concerned, as the Linux kernel is still, by far, the most active software development project the world has ever seen. In looking at the individual developers, the quantity and size of contributions is still quite large:
Uwe Kleine-König, who works for Pengutronix, dominates the "changed lines" list due to one patch that Linus just pulled for the 2.5.35-rc5 release that deleted almost all of the ARM default config files. Linus responded when Uwe posted his patch with:
Well, I can hardly refuse a pull that removes almost 200k lines. So
I'd happily pull it. Just this single line in your email is a very
very powerful thing:
> 177 files changed, 652 insertions(+), 194157 deletions(-) Other than that major cleanup, the majority of the work was in drivers. Ralph Campbell did a lot of Infiniband driver work, I did a lot of cleanup on some staging drivers, and Stepan Moskovchenko and Arnaud Patard contributed new drivers to the staging tree. Mauro Carvalho Chehab contributed lots of Video for Linux driver work — rounding out the top 6 contributors by lines of code changed. Continuing the view that this kernel is much like previous ones, 177 different employers were found to have contributed to the 2.6.35 kernel release:
But enough of the normal way of looking at the kernel as a whole body. Let's try something different this time, and break the contributions down by the different functional areas of the kernel. The kernel is a bit strange in that it is a mature body of code that still changes quite frequently and throughout the whole body of code. It is not just drivers that are changing, but the "core" kernel as well. That is pretty unusual for a mature code base. The core kernel code — those files that all architectures and users use no matter what their configuration is — comprises 5% of the kernel (by lines of code), and you will find that 5% of the total kernel changes happen in that code. Here is the raw number of changes for the "core" kernel files for the 2.6.35-rc5 release.
Note that the percent deleted are a bit off because of the huge defconfig delete by Uwe as described above. So, if the changes are made in a uniform way across the kernel, does that mean that the same companies contribute in a uniform way as well, or do some contribute more to one area than another? I've broken the kernel files down into six different categories:
Here are the top companies contributing to the different areas of the kernel:
The companies contributing to the core kernel files are not surprising. These companies have all contributed to Linux for a long time, and it is part of their core strategy. Wind River has a high number of lines changed due to all of the KGDB work that Jason Wessel has been doing in getting that codebase cleaned up and merged into the main kernel tree.
Because the drivers make up over 50% of the overall size of the kernel, the contributions here track the overall company statistics very closely. The company AudioScience Inc. sneaks onto the list of changes due to all of the work that Eliot Blennerhassett has been doing on the asihpi sound driver.
Filesystem contributions, like drivers, match up with the different company strengths. New Dream Network might not be a familiar name to a lot of people, but their development on the Ceph filesystem pushed it into the list of top contributors. The University of Michigan did a lot of NFS work, bringing that organization into the top ten.
Like the filesystem list, networking also shows the University of Michigan's large contributions as well as many of the other common Linux companies. But here a number of not-so-familiar companies start showing up. SFR is a French mobile phone company, and contributed lots of changes all through the networking core. ProFUSION is an embedded development company that did a lot of Bluetooth development for this kernel release. Katalix Systems is another embedded development company and they contributed a lot of l2tp changes. Astaro is a networking security company that contributed a number of netfilter changes.
With the architecture-specific files taking up the second largest chunk of code in the kernel, the list of contributing companies is closer to the list of overall contributors as well, with more hardware companies showing that they contribute a lot of development to get Linux working properly on their specific processors.
The rest of the various kernel files that don't fall into any other major category show that Red Hat has done a lot of work on the userspace performance monitoring tools that are bundled with the Linux kernel. As for overall trends in the different categories, Red Hat shows that they completely dominate all areas of developing the Linux kernel when it comes to the number of contributions. No other company shows up in the top ten contributors for all categories like they do. But, by breaking out the kernel contributions in different areas of the kernel, we see that a number of different companies are large contributors in different, important areas. Normally these contributions get drowned out by the larger contributors, but the more specialized contributors are just as important to advancing the Linux kernel.
A brief history of union mountsSeveral weeks ago, I mentioned on my blog that I planned to move out of programming in the near future. A few days later I received this email from a kernel hacker friend: At first, I thought we were losing a great hacker... But then I read on your blog: "Don't worry, I'm going to get union mounts into mainline before I change careers," and I realized this means you'll be with us for a few years yet! :) How long has union mounts existed without going into the mainline Linux kernel? Well, to put it in a human perspective, if you'd been born the same year as the first Linux implementation of union mounts, you'd be writing your college application essays right now. Werner Almsberger began work on the Inheriting File System, one of the early ancestors of Linux union mounts, in 1993 - 17 years ago! BackgroundA union mount does the opposite of a normal mount: Instead of hiding the namespace of the file system covered by the new mount, it shows a combination of the namespaces of the unioned file systems. Some use cases include a writable live CD/DVD-based system (without a complicated mess of symbolic links, bind mounts, and writable directories), and a shared base file system used by multiple clients. For an extremely detailed review of unioning file systems in general, see the LWN series:
This article will provide a high-level overview of various implementations of union mounts from the original 1993 Inheriting File System through the present day VFS-based union mount implementation and plans for near-term development. We deliberately leave aside unionfs, aufs, and other non-VFS implementations of unioning, in large part because the probability of merging a non-VFS unioning file system into mainline appears to be even lower than that of a VFS-based solution. readdir() reduxThroughout this article, we will place special emphasis on the evolution of readdir(), since historically it has been the greatest stumbling block for any implementation of union mounts. A summary from the first article in the LWN unioning file systems series:One of the great tragedies of the UNIX file system interface is the enshrinement of readdir(), telldir(), seekdir(), etc. family in the POSIX standard. An application may begin reading directory entries and pause at any time, restarting later from the "same" place in the directory. The kernel must give out 32-bit magic values which allow it to restart the readdir() from the point where it last stopped. Originally, this was implemented the same way as positions in a file: the directory entries were stored sequentially in a file and the number returned was the offset of the next directory entry from the beginning of the directory. Newer file systems use more complex schemes and the value returned is no longer a simple offset. To support readdir(), a unioning file system must merge the entries from lower file systems, remove duplicates and whiteouts, and create some sort of stable mapping that allows it to resume readdir() correctly. Support from userspace libraries can make this easier by caching the results in user memory. Union mounts development time lineAs mentioned earlier, one of the first implementations of a unioning was the Inheriting File System. In a pattern to be repeated by many future developers, Werner quickly became disenchanted with the complexity of the implementation of IFS and stopped working on it, suggesting that future developers try a mixed user/kernel implementation instead: Well, I completed it to the point where it was a nice proof of concept, but still with problems (leaks inodes, probably has a few races left, was also a bit too liberal with locking, etc.). Then I looked back at what I did and was disgusted by its complexity. So I decided that, before I might even consider proposing inclusion into the mainstream kernel, I'd have to see how much poorer (performance-wise) a user-space implementation would be. I did some initial hacking on NFS until I convinced myself that userfs might be the better approach. Unfortunately, I never found the time to work on that. Many other kernel developers agreed with Werner. One of Linus Torvalds' earliest recorded NAKs of a kernel-based union file system came in 1996:
While at USENIX, I saw the _correct_ way to do a union FS. It was done
as a pre-loaded shared library, and because of that it was a lot more
flexible than any kernel implementation would ever be [...] After
having seen that, I don't think I necessarily would even want a kernel
implementation. It simply was so much better done in user space.
In 1998, Werner updated his IFS page to suggest working on a unioning file system as a good academic research topic: Sounds like a very nice master's thesis topic for some good Linux hacker ;-) [...] So far nobody has taken the challenge. So, if you're an aspiring kernel hacker, aren't afraid of complexity, have a lot of time, and are looking for an interesting but useful project, you may just have found it :-) Around 2003 - 2004, Jan Blunck took up the gauntlet Werner threw down and began working on union mounts for his thesis. The union mount implementation Jan produced lay dormant until 2007, when discussion about merging unionfs into mainline triggered renewed interest in a VFS-based version of unioning. At that point, Bharata B. Rao took the lead and began working with Jan Blunck on a new version of union mounts. Bharata and Jan posted several versions in 2007. The first version posted in April 2007 used Jan's original strategy of keeping two pointers in the dentry for each directory, one pointing to the directory below this dentry's in the union stack, and one to the dentry of the topmost directory. The drawback to this implementation is that each file system can only be in one union stack at a time, since dentries are shared between all mounts of the same underlying file system. The second version posted in May 2007 implemented yet another minor variation on in-kernel readdir(), this time using per file pointer cookies. From the patch set's documentation: When two processes issue readdir()/getdents() call on the same unioned directory, both of them would be referring to the same dentries via their file structures. So it becomes necessary to maintain rdstate separately for these two instances. This is achieved by using a cookie variable in the rdstate. Each of these rdstate instances would get a different cookie thereby differentiating them. In June 2007, Bharata and Jan posted a third version with an important and novel change to the way union stacks are formed. They replaced the in-dentry links to the topmost and lower directories with an external structure of pointers to (vfsmount, dentry) pairs. For the first time, a file system could be part of more than one union mount. From the patch set's documentation: In this new approach, the way union stack is built and traversed has been changed. Instead of dentry-to-dentry links forming the stack between different layers, we now have (vfsmount, dentry) pairs as the building blocks of the union stack. Since this (vfsmount, dentry) combination is unique across all namespaces, we should be able to maintain the union stack sanely even if the filesystem is union mounted privately in different namespaces or if it appears under different mounts due to various types of bind mounts. In July 2007, Jan posted a fourth version with some relatively minor changes to the way whiteouts were implemented, among a few other things. Jan says, "I'm able to compile the kernel with this patches applied on a 3 layer union mount with the [separate] layers bind mounted to different locations. I haven't done any performance tests since I think there is a more important topic ahead: better readdir() support." In December 2007, Bharata B. Rao posted a fifth version that implemented another in-kernel version of readdir(): In this approach, the cached dirents are given offsets in the form of linearly increasing indices/cookies (like 0, 1, 2,...). This helps us to uniformly define offsets across all the directories of the union irrespective of the type of filesystem involved. Also this is needed to define a seek behaviour on the union mounted directory. This cache is stored as part of the struct file of the topmost directory of the union and will remain as long as the directory is kept open. However, this approach had multiple problems, including excessive use of kernel memory to cache directory entries and to keep the mapping of indices to dentries. readdir() continued to be a stumbling block, and union mounts development slowed down for most of 2008. In April 2008, Nagabhushan BS implemented and posted a version of union mounts with most of the readdir() logic moved to glibc. "I went through Bharata's RFC post on glibc based Union Mount readdir solution (http://lkml.org/lkml/2008/3/11/34) and have come up with patches against glibc to implement the same." However, moving the complexity to user space wasn't the panacea everyone had hoped for. The glibc maintainers had many objections, the kernel interface was an obvious kludge (returning whiteouts for "." to signal a unioned directory), and no one could figure out how to handle NFS sanely. In November 2008, Miklos Szeredi posted a simplified version of union mounts that implemented readdir() in the kernel. The directory entries are read starting from the top layer and they are maintained in a cache. Subsequently when the entries from the bottom layers of the union stack are read they are checked for duplicates (in the cache) before being passed out to the user space. There can be multiple calls to readdir/getdents routines for reading the entries of a single directory. But union directory cache is not maintained across these calls. Instead for every call, the previously read entries are re-read into the cache and newly read entries are compared against these for duplicates before being they are returned to user space. This implementation only worked for file systems that return a simple increasing offset in the d_off field for readdir(). So ext2 worked, but any file system with a modern directory hashing scheme did not. In early 2009, I started to get interested in union mounts. I talked to several groups inside Red Hat and asked them what they needed most from file systems. I heard the same story over and over: "We really really need a unioning file system, but for some reason no one at Red Hat will support unionfs..." I did some research on the available implementations and decided to go to work on Jan Blunck's union mount patch set. In May 2009, Jan Blunck and I posted a version of union mounts that implemented in-kernel readdir() using a new concept: the fallthru directory entry. The basic idea is that the first time readdir() is called on a directory, the visible directory entries from all the underlying directories are copied up to the topmost directory as fallthru directory entries. This eliminated all the problems I knew of in previous readdir() implementations, but required the topmost file system to always be read-write. This implementation also was limited to only two layers: one read-only file system overlaid with one read-write file system because we were concerned with lock ordering problems. In October 2009, I posted a version of union mounts that implemented some of the more difficult system calls, such as truncate(), pivot_root(), and rename(). However, implementing chmod() and other system calls that modified files without opening them turned out to be fairly difficult with the current code base. We thought the hard part was copying up file data in open(), rename, and link(), but it turned out they were somewhat easier to implement because they already looked up the parent directory of the file to be altered. For union mounts, we need the parent directory's dentry and vfsmount in order to create a new version of the file in the topmost level of the union file system if necessary. open(), rename, and link() also needed the parent directory in order to create new directory entries, so we just reused the parent in the union mount in-kernel copyup code. But system calls like chmod() that only alter existing files did not bother to lookup the parent directory's path, only the target. Regretfully, I decided to start on a major rewrite. In March 2010, I posted a rewrite of the pathname lookup mechanism for union mounts, taking into account Al Viro's recent VFS cleanups and removing a great deal of unnecessary code duplication. In May 2010, I posted the first version of union mounts that implemented nearly all file related system calls correctly. The four exceptions were fchmod(), fchown(), fsetxattr(), and futimensat(), which will fail on read-only file descriptors. (UNIX is full of surprises; none of the VFS experts I talked to knew that these system calls would succeed on a read-only fd.) The central primitive in this version is a function called user_path_nd(). It is a combination of user_path(), which looks up a pathname and returns the corresponding dentry and vfsmount, and user_path_parent(), which looks up the parent directory of the file or directory given by the pathname and returns the struct nameidata for the parent. (struct nameidata is too complex to describe in full here, but suffice to say it is usually needed to create an entry in a directory.) user_path_nd() returns both the parent's nameidata and the child's path. Once we have both these pieces of information, we can do an in-kernel copyup of a file in chmod() or any other system call that modifies a file. Unfortunately, user_path_nd() is also the weakest point in this version of union mounts: it's racy, inefficient, and copies up files even if the system call fails. The day after I posted that version, I flew to North Carolina for a long-anticipated in-person code review with Al Viro. We spent three days in his office painfully reviewing the entire union mount implementation. Al immediately figured out how to delete a third of the code I'd spent the last year carefully massaging, and then outlined how to rewrite the other two-thirds of the code more elegantly, including user_path_nd(). As a result of this code review marathon, Linux has a feature-complete implementation of union mounts that has undergone a full code review by the Linux VFS maintainer for the first time. Of course, the resulting todo list is long and complex, and some problems may turn out to be insoluble, but it's an important step forward. The biggest design change Al suggested was to move the head of the union stack back into the dentry, while keeping the rest of the union stack in a singly linked list of struct union_dir's allocated external to the dentries for the read-only parts of the union stack. This combines the speed and elegance of Jan Blunck's original design using in-dentry pointers to the union stack, with the flexibility of Bharata B. Rao's (vfsmount, dentry) pairs, which allow file systems to be part of many read-only layers. This change removed the entire union stack hash table and the associated lookup logic and shrunk the union_dir struct from 7 members to 2. I posted this hybrid linked list version on June 15, 2010. Most recently, on June 25th, 2010, I posted a version that implemented submounts in the read-only layers, as well as allowed more than two read-only layers again. Then I went on a two week vacation - the longest vacation I've had since I started working on union mounts - and tried to forget everything I knew about it. Future WorkThe next step is to implement the remainder of Al Viro's review comments. The last big-ticket item is rewriting user_path_nd() and the in-kernel file copyup boilerplate. After that, it's back for another round of code review from Al and the other VFS maintainers. The 2010 Linux Storage and File Systems workshop is in early August. With luck we can hash out any remaining architectural problems face-to-face at the workshop and possibly merge union mounts into mainline before it's old enough to vote. Or it might languish for another 17 years outside the kernel. Such are the vicissitudes of Linux kernel development. Acknowledgments: I want to extend special thanks to the following people: Kevin Roderick, who provided moral support, Tim Bowen, who gave me a free day at the Spoke6 co-working space while I worked on this article, and, of course, Jake Edge, whose editorial suggestions were, as usual, right on.
The USB composite frameworkLinux is widely used in mobile devices, which should not come as a surprise. It is a powerful and versatile system, and one of its strengths is its support for USB devices of all kinds. That includes "gadgets" — devices that act as USB slaves — like USB flash drives (i.e. pendrives). The USB composite framework makes writing drivers for these kinds of devices relatively easy. As users keep more data on their mobile devices, the demand for interoperability with desktop computers increases. No one wants to buy a special cable or a "docking station" just to copy a few photos. What users want is to connect the device via a USB cable and get it working out of the box. Linux can give that to them. Have you ever wondered how this actually works? What happens behind the scenes when a USB connection is established? Better yet, have you wondered how to write a USB gadget for your new and shiny embedded evaluation board? In this article, I will try to shed some light on that topic. USB overviewThe Universal Serial Bus (or USB) standard defines a master-slave communication protocol. This means that there is one control entity (a master or a host), which decides who can transmit data through the wire. The other entities (slaves, devices, or gadgets) must obey and respond to the host's requests. Slaves do not communicate with each other. A host is usually a desktop computer, while the gadgets are devices such as mice, keyboards, phones, printers, etc. People are used to seeing Linux systems in the master or host role on a USB bus. But the Linux USB stack also provides support for the slave or gadget role — the device at the other end of the wire. For example, when one connects a pendrive to a Linux host, it handles it with a usb-storage driver. However, if we had a Linux machine with a USB Device Controller (or UDC), we could run Alan Stern's File Storage Gadget (or FSG). FSG is, as its name implies, a gadget driver which implements the USB mass storage device class (or UMC). That would allow the machine in question to act as a USB drive (aka pendrive). When a device is connected, an enumeration process begins. During this process, the device is assigned a unique 7-bit identifier used for addressing. As a consequence, up to 127 slaves (including hubs) can be connected to a single host. Communication is based on logical pipes which join the master with one of a slave's endpoints (or EPs). There can be up to 16 endpoints (numbered from 0 to 15) on a device. Endpoint zero (or EP0) is reserved for setup requests (eg. a query for descriptors, request to set a particular configuration, etc.). Pipes are unidirectional (one-way) and data can go to (via an IN endpoint) or from (via an OUT endpoint) the host. (It is important to remember that from a slave's point of view, an IN endpoint is the one it writes to and an OUT endpoint is the one it reads from.) There are also four transfer modes: bulk, isochronous, interrupt, and control. ![[USB Gadget's descriptors structure]](/images/2010/usb-gadget.png)
Endpoints are grouped into interfaces which are then grouped into configurations. Different configurations may contain different interfaces, as well as have different power demands. All that information is saved in various descriptors requested by the host during enumeration. One can see them using the lsusb tool. Here is the stripped-down (and annotated) output for a Kingston pendrive:
Bus 001 Device 004: ID 0951:1614 Kingston Technology
Device Descriptor:
idVendor 0x0951 Kingston Technology
idProduct 0x1614
bNumConfigurations 1 [only one configuration]
Configuration Descriptor: [the first and only config]
bNumInterfaces 1 [only one interface]
MaxPower 200mA
Interface Descriptor: [the first and only intf.]
bNumEndpoints 2 [two endpoints]
bInterfaceClass 8 Mass Storage
bInterfaceSubClass 6 SCSI
bInterfaceProtocol 80 Bulk (Zip)
Endpoint Descriptor: [the first endpoint]
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Usage Type Data
Endpoint Descriptor: [the second endpoint]
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Usage Type Data
After the host receives the descriptors and learns what kind of a gadget has been connected, it can choose a configuration to be used and start communicating. At most one configuration can be active at a time. Linux USB composite frameworkThere is, however, another module that implements UMC: my Mass Storage Gadget (or MSG). The obvious question is, why there are two drivers that seem to do the very same thing. This has something to do with the Linux USB composite framework. The "old way" of creating gadgets is to get the specification and implement everything as a single, monolithic module. Gadget Zero, File Storage Gadget, and GadgetFS are examples of such gadgets. This approach has two rather big disadvantages:
For those reasons, David Brownell came up with the composite framework which has two advantages over the old approach:
![[USB Composite Gadget's descriptors
structure]](/images/2010/usb-composite-gadget.png)
From a composite gadget's perspective, a device has some functions grouped into configurations. One function may be present in any number of configurations. Each function may have several interfaces and other descriptors but that is transparent to the kernel module. Put on top of the "raw" USB descriptors structure, a USB composite function can be regarded as an abstraction for a group of interfaces. That is another excellent property of the framework — most implementation details are hidden "under the hood" and one does not need to think about them when developing a gadget. Instead of thinking about endpoints and interfaces, one thinks about functions. Therefore, FSG is a gadget developed in the "old way", whereas MSG is a composite gadget which uses only one composite function — the Mass Storage Function (or MSF). As a matter of fact, MSF has been created from FSG to allow for the creation of more complicated drivers that would have UMC as part of their functionality. Overall driver structureIn this article, I will try to explain how to create a mass storage composite gadget. It is in the kernel already, but let's forget that FSG and MSG exist for a moment. What is great about Linux, is that a lot has already been done and one can get results with relatively little effort. As such, I will show how to create a working driver using MSF and some "composite glue". I will start with the structure of the module, while skipping the details of the Mass Storage Function. The first step is to define a device descriptor. It stores some basic information about the gadget:
static struct usb_device_descriptor msg_dev_desc = {
.bLength = sizeof msg_dev_desc,
.bDescriptorType = USB_DT_DEVICE,
.bcdUSB = cpu_to_le16(0x0200),
.idVendor = cpu_to_le16(FSG_VENDOR_ID),
.idProduct = cpu_to_le16(FSG_PRODUCT_ID),
};
The usb_device_descriptor structure has some more fields but they are not required or not important for our module. What has been set is:
The next step is to define an USB configuration which will be provided by the driver. It is described by a usb_configuration structure which, among other things, points to a bind callback function. Its purpose is to bind all USB composite functions to the configuration. Usually, it is a simple function, as most of the job is done prior to its invocation. Put together it looks as follows:
static struct usb_configuration msg_config = {
.label = "Linux Mass Storage",
.bind = msg_do_config,
.bConfigurationValue = 1,
.bmAttributes = USB_CONFIG_ATT_SELFPOWER,
};
static int __ref msg_do_config(struct usb_configuration *c)
{
return fsg_add(c->cdev, c, &msg_fsg_common);
}
The msg_config object specifies a label (used for debug messages), the bind callback, configuration's number (each configuration must have a unique, non-zero number), and indicates that the device is self powered. All that the msg_bind does is bind the MSF to the configuration. That definition is then used by the msg_bind() function, which is a callback to set up composite functions, prepare descriptors, add all configurations supported by the device, etc.:
static int __ref msg_bind(struct usb_composite_dev *cdev)
{
int ret;
ret = msg_fsg_init(cdev);
if (ret < 0)
return ret;
ret = usb_add_config(cdev, &msg_config);
if (ret >= 0)
set_bit(0, &msg_registered);
fsg_common_put(&msg_fsg_common);
return ret;
}
The msg_bind() function does the following: initializes the Mass
Storage Function, adds the previously defined configuration to the USB
device, and (at the end) puts the msg_fsg_common object.
. If everything succeeds, it sets the msg_registered
flag so it is recorded that the gadget has been registered and
initialized.
With all of the above, a composite device can be defined. For this purpose, the usb_composite_driver structure is used. Besides specifying the name, it points to the device descriptors and the bind callback:
static struct usb_composite_driver msg_device = {
.name = "g_my_mass_storage",
.dev = &msg_dev_desc,
.bind = msg_bind,
};
At this point, all that is left are the init and exit module functions:
static int __init msg_init(void)
{
return usb_composite_register(&msg_device);
}
static void msg_exit(void)
{
if (test_and_clear_bit(0, &msg_registered))
usb_composite_unregister(&msg_device);
}
They use the usb_composite_register() and usb_composite_unregister() functions to register and unregister the device. The msg_registered variable is used to ensure the device is unregistered only once. To sum things up:
Mass Storage FunctionWith the big picture in mind, lets get into the finer details: the inner workings of the Mass Storage Function. There are a couple of things to watch out for when dealing with it. First of all, because MSF can be bound to several configurations, it needs to share some data between the instances and at the same time store information specific for each configuration. The fsg_common structure is used for shared data. An instance of this structure needs to be initialized prior to binding MSF. Because the common object is used by several MSF instances, it has no single owner thus a reference counter is needed to decide when it can be destroyed. That's the reason for the fsg_common_put() call at the end of msg_bind() function. Closely connected with the fsg_common structure is a worker thread which MSF uses to handle all the host's requests. When a fsg_common object is created, a thread is started as well. It terminates either when the fsg_common object is destroyed or when it is killed with an INT, TERM, or KILL signal. In the latter case, the fsg_common object may still exist even after worker's death. Whatever reason, when thread exits a thread_exits callback is invoked. It is important to note that a signal may terminate the worker thread, but why would one want to do that? The reason is simple. As long as MSF is holding any open files, the filesystems which those files belong to cannot be unmounted. That is bad news for a shutdown script. What Alan Stern came up with in FSG, is to close all backing files when the worker thread receives an INT, TERM, or KILL signal. Because MSF is to be used with various composite gadgets, rather than hardcoding that behavior a callback has been introduced. The last thing to note is that MSF is customizable. The UMC specification allows for a single device to have several logical units (sometimes called LUNs, which is strictly speaking incorrect since LUN stands for Logical Unit Number). Each logical unit may be read-only or read-write, may emulate a CD-ROM or disk drive, and may be removable or not. All of this configuration must be specified when the fsg_common structure is initialized. The fsg_config structure is used for exactly that purpose. In most cases, a module author does not want to fill it themselves, but rather let a user of the module decide the settings. To make it as easy as possible, an fsg_module_parameters structure and an FSG_MODULE_PARAMETERS() macro are provided by the MSF. The former stores user-supplied arguments, whereas the latter defines several module parameters. Having an fsg_module_parameters object, one may use fsg_config_from_params() followed by fsg_common_init() to create an fsg_common object. Alternatively, fsg_common_from_params() can be used which merges the call to the other two functions. Here is how it all works when put together:
static struct fsg_module_parameters msg_mod_data = { .stall = 1 };
FSG_MODULE_PARAMETERS(/* no prefix */, msg_mod_data);
static struct fsg_common msg_fsg_common;
static int msg_thread_exits(struct fsg_common *common)
{
msg_exit();
return 0;
}
static int msg_fsg_init(struct usb_composite_dev *cdev)
{
struct fsg_config config;
struct fsg_common *retp;
fsg_config_from_params(&config, &msg_mod_data);
config.thread_exits = msg_thread_exits;
retp = fsg_common_init(&msg_fsg_common, cdev, &config);
return IS_ERR(retp) ? PTR_ERR(retp) : 0;
}
The msg_exit() function has been chosen as MSF's thread_exits callback. Since MSF is nonoperational after the thread has exited, there is no need to keep the composite device registered, instead the gadget is unregistered. At this point, it should become obvious why the msg_registered flag is being used. Since usb_composite_unregister() can be called from two different places, a mechanism to guarantee that it will be called only once is needed — atomic bit operations are perfect for such tasks. And that would be it. We are done. One can grab the full source code and start playing with it. The beauty of the composite framework is that all the really hard stuff has been already written. One can write devices and experiment with different configurations without deep knowledge of the USB specification or the Linux gadget API. At the same time, it is a perfect introduction to some more serious USB programming. RunningTo use the gadget, one needs to provide a disk image that will act as a real USB device to the USB host. Using dd on the device is perfect for creating one:
# dd if=/dev/zero of=disk.img bs=1M count=64
With disk image in place, the module can be loaded:
# insmod g_my_mass.ko file=$PWD/disk.img
Connecting the device to the host should produce several messages in the host system log, among others:
usb 1-4.4: new high speed USB device using ehci_hcd and address 8
usb 1-4.4: New USB device found, idVendor=0525, idProduct=a4a5
usb-storage: device scan complete
sd 6:0:0:0: [sdb] Attached SCSI removable disk
sd 6:0:0:0: [sdb] 131072 512-byte logical blocks: (67.1 MB/64.0 MiB)
sdb: unknown partition table
All that is left is creating a partition with a filesystem and starting using the pendrive:
# fdisk /dev/sdb
...
# dmesg -c
sd 6:0:0:0: [sdb] Assuming drive cache: write through
sdb: sdb1
# mkfs.vfat /dev/sdb1
mkfs.vfat 3.0.9 (31 Jan 2010)
# mount /dev/sdb1 /mnt/
# touch /mnt/foo
# umount /mnt
As has been shown, the gadget works like a charm. ConclusionThe Linux USB composite framework provides a way to add USB devices in a fairly straightforward way. Before the composite framework came along, developers needed to implement all USB requests for each gadget they wanted to add to the system. The framework handles basic USB requests and separates each USB composite function, which allows gadget authors to think in terms of functions rather than low-level interfaces and communication handling. As one might guess, this article just scratches the surface of what the composite framework can do. The driver that was shown is a single-configuration, single-function gadget, so the advantages over non-composite gadgets is not readily apparent. A future article may look at drivers for more powerful gadgets using the composite framework.
Patches and updates Kernel trees
Build system
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Page editor: Jake Edge Distributions Linux on PowerPCUntil not so long ago, your author's main computer was a PowerPC machine, but the number of Linux distributions that officially support this platform is diminishing year by year. So is it still viable to run Linux on a PowerPC computer these days? We'll explore the options, which are roughly subdivided into three categories: PowerPC ports of Linux distributions, PowerPC-specific Linux distributions, and PowerPC ports of non-Linux free operating systems (the BSDs). When Apple still sold Macs based on the PowerPC processor, the architecture was relatively well supported by mainstream Linux distributions. In 2010, PowerPC seems to have fallen off the radar. The number one reason is that there are currently not many PowerPC systems for desktop users on the market. For a time, Terra Soft Solutions sold PowerPC-based workstations, such as the YDL PowerStation, but the product has been discontinued after Fixstars Solutions acquired the company. Another popular PowerPC system for Linux users was the PlayStation 3, but Sony removed Linux support in April of this year. So, at this point, there doesn't seem to be a mainstream PowerPC desktop system you can buy. Luckily, owners of used Macs and other PowerPC systems are not left out in the cold, as they can still run free operating systems. The Power of the communityUbuntu supported the PowerPC platform officially until version 6.10 ("Edgy Eft"). From 7.04 on, it has still been available, but as a community port. In February 2007, Matt Zimmerman explained the decision in the ubuntu-announce mailing list: The Ubuntu Technical Board has decided to reclassify PowerPC as an unofficial architecture, rather than a fully supported architecture, for Ubuntu 7.04 and subsequent releases. This means that packages and ISO images will continue to be produced, but releases will not be delayed due to problems which are specific to PowerPC, and the quality of the PowerPC release itself will depend very much on the extent to which members of the Ubuntu community drive PowerPC testing and bug fixes.
At the moment, Canonical has still one supported PowerPC release: the server edition of Ubuntu 6.06 LTS, which will be supported on PowerPC until June 2011. The Ubuntu community picked up PowerPC maintenance for the other releases, and interested users can still download ISO images for the 7.10 through 10.04 releases in the ports section of the main Ubuntu mirror. Ubuntu's wiki contains a FAQ and a list of known issues for PowerPC users, although the information is slightly outdated. OpenSUSE dropped official support for PowerPC in its 11.2 release in November 2009. This was done rather quietly: openSUSE 11.2 was released on November 12 without repositories and ISO files for PowerPC, but without any official word that PowerPC support had been removed. After a bug report, Novell's Michael Loeffler gave the official response: We (Novell/SUSE employees) won't provide a ppc distribution anymore. The effort for such a code stream is not justified by 0.3% out of all installations (see Distribution of architecture at http://en.opensuse.org/Statistics).
Nevertheless we will support anyone who'd like to take over the task to build an openSUSE ppc distribution.
This essentially made the openSUSE PowerPC port a community effort. Stephan Kulow clarified what this required from the community: We have powerpc.opensuse.org to host it and build.opensuse.org will happily build the ISOs for you. But we need people to fix bugs and to test on a regular base the installation system and use factory on power to find power specific issues.
More than half a year later, no one seems to have picked up development and maintenance of the PowerPC port. OpenSUSE has still a POWER@SUSE wiki page with some general information. This page states that Novell is still planning a PowerPC port for SUSE Linux Enterprise Server. OpenSUSE users can discuss PowerPC-related matters in the opensuse-ppc mailing list, but, not surprisingly, discussions died out this year. More recently, Fedora 13 dropped official PowerPC support. More specifically, PowerPC has been moved to Fedora's secondary architectures, which means that a build failure on the PowerPC platform doesn't hold back a Fedora release. Moreover, neither Fedora nor Red Hat provide hosting space or build servers for secondary architectures. In a response to a user's outcry, Red Hat's Tom Callaway explained the reason of the move to the secondary architectures: The reason that PPC was dropped as a Primary Architecture was because very few people were doing this work. Many packages were being built but didn't work, many more were just not building. In addition, these build failures were preventing otherwise successful builds on x86/x86_64, which is where the majority of the Fedora userbase is.
It is important to keep in mind that just because Fedora won't automatically do a PPC release for Fedora 13 and beyond does _NOT_ mean that there will not be a PPC release for Fedora 13 and beyond. If the PPC Architecture Team does the work and makes the release, then it will happen.
In short, it's up to the community to maintain the PowerPC port of Fedora if they want it to continue, but so far they don't seem to have the necessary infrastructure. More information can be found on the fedora-ppc mailing list. Other Linux distributions with a PowerPC portSo among the Linux distributions that dropped official PowerPC support, only Ubuntu has managed to keep it alive as a community effort. But there are still a handful of distributions with "official" PowerPC support. The most important among them is Debian. This is actually the Linux distribution that your author has been running on his PowerMac G5 for years after he ditched Mac OS X. As can be seen on the debian-powerpc mailing list, there's still a lot of activity going on in Debian PPC land. The Debian PowerPC port began in 1997 and was first officially released with Debian GNU/Linux 2.2 ("Potato"). A completely 64-bit environment doesn't exist, though. On 64-bit processors such as the G5, Debian PPC uses a 64-bit kernel with 32-bit user space. This is because the 64-bit PowerPC processors have no "32-bit mode" like the Intel 64/AMD64 architecture. Hence, 64-bit PowerPC programs that do not need 64-bit mathematical functions will run somewhat slower than their 32-bit counterparts because 64-bit pointers and long integers consume twice as much memory, fill the CPU cache faster, and thus need more frequent memory accesses. There is, however, a Debian PPC64 port in development, offering a complete 64-bit user space for those that want it. Gentoo Linux also has a PowerPC port, both for 32 and 64 bits. The most recent ISO image is from October 2009, while the most recent stage3 file (the Gentoo base system tarball) is from May. As can be expected from Gentoo, the project has an extensive PPC handbook and FAQ. Users that get into trouble can find help on the gentoo-ppc-users mailing list. While Arch Linux is focused on the i686 and x86-64 architectures, there is a separate spin-off project for PowerPC machines: Arch Linux PPC. The port offers a 32-bit user space, but it has various kernels for 64-bit machines. The most recent release for which an ISO file can be downloaded is 2010.02.26 with a 2.6.33 kernel. In addition, Arch Linux PPC has a special install guide for PowerPC machines. CRUX has the same approach: the distribution is focused on the i686 architecture, but some users wanted a PowerPC port and just made it happen: CRUX PPC. Note, however, that the team is small and development is slow. The latest release is CRUX PPC 2.6 and it dates from January. There are both 32-bit and 64-bit ISO images available. In the same style as Gentoo, CRUX PPC has an extensive handbook and FAQ, as well as a cruxppc mailing list, but it is not very active. Another general-purpose Linux distribution that supports PowerPC is T2 SDE. The project has a small but dedicated community, and the PowerPC (32-bit and 64-bit) platform is well supported. The main developer René Rebe is using it on some of his machines. Users that want to install T2 SDE on their Mac can download the recently released minimal ISO images for T2 SDE 8.0 or build the ISO file themselves. T2 SDE is not an easy-to-use Linux distribution (it's comparable to Gentoo Linux), but your author has been testing it for some time on his PowerMac G5 and was interested by the clean source-based approach. Yellow Dog Linux (YDL), a Linux distribution specifically developed for the PowerPC architecture, closes out the list. It is based on CentOS and uses Enlightenment as its default desktop environment, although GNOME and KDE can also be installed. Before Apple's transition to the Intel architecture, Terra Soft Solutions was the only company licensed by Apple to resell Apple computers with Linux pre-installed, so it has a history with PowerPC machines. The latest version is 6.2, released in June 2009. Users can download a big DVD ISO image from one of the mirrors. There is a list of supported hardware, which also includes non-Apple PowerPC machines, a lot of documentation about the installation and configuration, and some HOWTOs about various topics. Meanwhile, Terra Soft Solutions has been acquired by Fixstars, which refocused its Linux distribution on high performance computing and GPU systems. So, while YDL 6.2 still supports PowerPC-based Apple machines, it's main target is now the Sony PlayStation 3 and IBM pSeries platforms. The Power to serveFor users that don't mind leaving the Linux ecosystem, there are some other options in the BSD world. FreeBSD, OpenBSD and NetBSD all have a PowerPC port, and most of the supported software is the same as on a Linux distribution, so for most practical purposes it doesn't matter if you're running Linux or BSD. NetBSD (the operating system with the motto "Of course it runs NetBSD") has different ports for various Power PC systems: ofppc, macppc, evbppc, mvmeppc, bebox, sandpoint, and amigappc. The relevant port for Mac Users is of course macppc, which was introduced in NetBSD 1.4. There is a complete list of supported hardware by the NetBSD/macppc port, and there is an extensive FAQ, which includes a list of supported peripherals. The installation procedure for NetBSD/macppc is documented well to help users get NetBSD on their Mac. As for mailing lists, issues specific to NetBSD on Apple's PowerPC machines are discussed on the port-macppc mailing list, while port-powerpc is about issues relevant to all PowerPC-based NetBSD ports. The OpenBSD/powerpc port initially supported Motorola computers, but later refocused on Apple hardware, based on code from the NetBSD/macppc port. For OpenBSD 3.0 it was renamed to OpenBSD/macppc. Support for the 64-bit G5 processor (with a 32-bit user space) was added in OpenBSD 3.9. The port's web page has an extensive list of supported hardware and peripherals, and it lists some caveats: sleep/suspend on laptops is not supported, Bluetooth and FireWire are not supported, and SATA doesn't work yet on PowerMac G5 and Xserve G5 systems. The latest OpenBSD/macppc 4.7 release has some installation instructions and users can discuss their problems on the ppc mailing list of OpenBSD. Last but not least, FreeBSD officially supports the PowerPC port since version 7.0, although it's still a Tier 2 platform. This means that FreeBSD's security officer, release engineers, and toolchain maintainers don't fully support it yet. Nathan Whitehorn has published some installation instructions, and users can discuss matters in the freebsd-ppc mailing list. Since FreeBSD 8.0, the PowerMac G5 and iMac G5 are supported, and the upcoming 8.1 release also supports the Xserve G5 and the late 2005 model of the PowerMac G5. Previous PowerPC Macs are already supported since version 7.0. There are some caveats, however: the current 32-bit PPC port only supports 2 GB of RAM, and 64-bit PPC support (with support for more RAM) will only be appearing in FreeBSD 9. ConclusionWhile at first sight PowerPC seems to be a dying platform, there's actually still a lot of choice for users that want to run a free operating system on their aged Mac. In the last 10 years, your author has prolonged the life of two PowerPC-based Macs by swapping Mac OS X for a Linux distribution: one time Gentoo Linux, the other time Debian. These are also the two distributions that seem to have the best PowerPC support while still being all-round enough and having a community that is big enough to be of any help. For more adventurous users, there are a lot of other options, with the source-based T2 SDE or NetBSD as notable examples.
New Releases Mandriva Linux 2010 Spring releasedMandriva has announced the release of Mandriva Linux 2010 Spring. It contains various recent free software packages (KDE 4.4.3, GNOME 2.30.1, Firefox 3.6.6, and Xorg Server 1.7.7 for example), and has some unique features including: "'Smart Desktop', a unique technology, which offers dynamic access to all files by labelling them and grading photos, documents, emails and videos whilst safeguarding personal data through a customised approach. Ginkgo, the new graphical interface for managing data semantics, can create and explore the links between their personal data such as mails, documents, files, Web pages".
MeeGo 1.0 update for NetbooksThe first update for the Netbook experience of MeeGo v1.0 has been released. It includes an update to kernel 2.6.33.5, faster detection of USB storage devices, improved 3D performances, fixes to the web browser and email client, and more. "Many of you were quick to install our recent release of MeeGo v1.0 on your netbook. We appreciate all of the community help from those of you who tested our release and filed bugs. In fact, this update has over 100 bug fixes and is recommended for all users running MeeGo 1.0 for Netbooks." Click below for the full announcement.
Lunar Linux 1.6.5-rc1Lunar Linux has announced the first release candidate for Lunar Linux 1.6.5. ISO images are available for i686 and x86-64. "While news and updates on our main site may have been next to nil we assure you that the wheels have been turning behind the scenes. The Lunar team have been busy keeping the modules up to date. The new ISO is also a proof that we are still in the game. Come on and help us test 1.6.5-rc1 and don't be afraid to give us suggestions on how to make Lunar even better!"
Distribution News Ubuntu family Minutes from the Ubuntu Technical Board meetingClick below for the minutes from the June 29, 2010 meeting of the Ubuntu Technical Board.
New Distributions FemtoLinuxFemtoLinux is a new distribution optimized for real-time embedded systems. It aims to have a low system call and interrupt-to-application latency and overhead, achieved by allowing critical Linux applications to run in kernel mode. It is currently available for ARM with MIPS and PowerPC ports in the works.
New Linux OS REMnux Designed For Reverse Engineering Malware (threat post)Threat post introduces a new distribution called REMnux. "A security expert has released a stripped-down Ubuntu distribution designed specifically for reverse-engineering malware. The OS, called REMnux, includes a slew of popular malware-analysis, network monitoring and memory forensics tools the comprise a very powerful environment for taking apart malicious code."
Newsletters and articles of interest Distribution newsletters
Mandriva Linux avoids bankruptcy; we test the new version (ars technica)Ars technica takes a look at Mandriva 2010 Spring. "The OS ships with KDE 4.4.3 and version 2.6.33.5 of the Linux kernel. Mandriva has its own custom user interface theme that is used across both KDE and GNOME, and its default KDE configuration deviates from that of upstream KDE. It uses a Folder View containment as the default activity and it has a conventional application menu instead of KDE's Kickoff menu. These changes are intended to make KDE 4 feel more like the classic user experience of the KDE 3.5.x series."
OpenSolaris governing board threatens dissolution (The H)The H reports that the OpenSolaris governing board (OGB) is considering dissolution and may relinquish control of OpenSolaris to Oracle. "At yesterday's OGB meeting, Simon Phipps, previously Sun's 'Open Source Evangelist', stated that collaboration between Oracle and the OpenSolaris community was just not happening. In his opinion, in its present form, the community no longer serves a useful purpose."
Spotlight on Linux: Pardus Linux 2009.2 (Linux Journal)Susan Linton takes a look at Pardus Linux. "Pardus hails from Turkey, so at first boot of either image the user will find themselves faced with the Turkish language. But have no fear, F2 brings up the language selector where one can choose English. Pardus is developed by the Scientific & Technological Research Council of Turkey, an advisory office to the Turkish government, which is probably why this distribution feels so professionally done. Original tools and graphics appear throughout giving Pardus a very consistent look and feel."
Page editor: Rebecca Sobol Development Python's Mercurial migrationBig projects switching to a distributed version control system (DVCS) is pretty common occurrence these days, but it is not always easy or straightforward. Guido van Rossum first announced that Python would move to Mercurial (aka Hg) in March 2009, but the project is still using Subversion (aka svn) more than a year later. While the conversion is still in the works, the schedule for the switch is still up in the air. Recent discussions have pushed it back until sometime later this year, or possibly early next year. There appear to be a number of different things that got in the way of adopting Hg, but clearly the biggest has been problems with how it handled end-of-line (EOL) conventions. As described by Brett Cannon, the Python folks were under the impression that Hg had ways to handle EOL conventions that would make it act like Subversion's svn:eol setting. When that turned not to be the case, it set the conversion back. Efforts were made to design a Mercurial extension—which is written in Python after all—that would "do the right thing" for line-endings on Windows, Linux, and Mac OS X, while not making a mess of binary files. That culminated in an EOL Extension that was released as part of Mercurial 1.5.4 in June of this year. Some of the time it took to get from a design to a working, released extension can be blamed on Mercurial hacker Martin Geisler's PhD work, which is something of a recurring theme. Cannon, who did much of the work in evaluating Git, Bazaar, and Mercurial before Python chose a DVCS, was delayed shortly after the decision by work on his PhD. That led Dirkjan Ochtman to step in and write Python Enhancement Proposal (PEP) 385, which describes the migration path from svn to Hg. Now Ochtman is unavailable to work on the transition until some time in August due to work on his Master's thesis. It is a tad amusing to note that projects might be best-served by contributors who either already have advanced degrees or have decided not to pursue them, but that, of course, is a trivialization. There does seem to be a lack of people interested in making the transition, at least in any hurried fashion, or perhaps there is a lack of pressure to make the change from the development community side. In some ways, it would seem that Mercurial has moved into the "nice to have, but not required" bucket, at least for now. The timing of making a change to a different VCS can be tricky. There are lots of dependencies for ongoing release efforts and the like. The unavailability of Cannon and Ochtman led Martin v. Löwis to put out a call for volunteers. "If nobody volunteers, I propose that we release 3.2 from Subversion, and reconsider Mercurial migration next year." The first alpha of 3.2 is scheduled for early August, while the final release is planned for January of next year. Waiting until after 3.2 would likely mean that the Hg transition will have taken Python around two years. Some folks did volunteer, and there was talk of releasing the first 3.2 alpha from svn, with later releases coming out of Hg, but no firm decision seems to have been made. There is also some resistance to phasing out svn. Anatoly Techtonik is concerned about moving away:
I would put [an] accent on keeping [a] mirror of Subversion as [an] easy way to
contribute for those who are not yet ready for DVCS. Subversion also
provides greater interoperability. Assuming that any modern DVCS tool
may act as Subversion client, we will gain more contributors if we
won't try to force people use Python and Mercurial.
But Stephen J. Turnbull disagrees with that assessment. The transition was planned because it would make developers' lives easier:
It also is clearly going to make more effective workflows for many of
the core developers. AFAIK, assuming the issues that have been raised
in PEP 385 and the tracker are resolved, other core developers agree
that the transition will have an acceptably low impact on them.
Turnbull notes that a "new proponent and supporting cast" are actively being sought for the transition. In addition, he is optimistic about the timing:
There is no reason at this point to suppose the transition can't be
complete by the end of summer. However, as always, the devil is in
the details, and one of them may be a showstopper. We'll just have to
see about that.
At this point, it is in the hands of the Python team. Before the completion of the EOL Extension, it was relatively easy to find other things to work on while awaiting the extension. Now that the ball is firmly back in their court, the importance of Mercurial to the Python hackers will likely become more clear. If the team is unable to find the time to make that switch, it is by no means the end of the world, it is just an indicator that many are fairly comfortable with their current workflow. That may be a little surprising to some, but each project has its own way of working and some are more suited to a DVCS development style than others. Python has always been fairly rigorous in its processes, with PEPs for all major—and many minor—decisions, and a pretty conservative development style. Moving unhurriedly to switch to Mercurial may fit in with that just fine.
Brief items Quote of the week
Open source licenses do take part into a trust
relationship -- however it is trust between corporate entities with
too many lawyers who wouldn't trust the open source development
communities otherwise. Their worries are mainly about people
contributing tainted material to open source projects which then later
can be used to place pressure on deep pockets (see the SCO UNIX suit
for example).
-- Guido van Rossum
A secondary reasoning for some open source licenses might be to prevent others from running off with the good stuff and selling it for profit. The GPL is big on that, but it's never motivated me with Python (hence the tenuous relationship at best with the FSF and GPL software).
App Inventor for AndroidGoogle has introduced App Inventor for Android. It's still in closed beta, but you can request access through the website. "To use App Inventor, you do not need to be a developer. App Inventor requires NO programming knowledge. This is because instead of writing code, you visually design the way the app looks and use blocks to specify the app's behavior." (Thanks to Keith Edmunds)
Campsite 3.4Campsite 3.4 has been released. "Campsite, the free, open source, multilingual content management system for news websites has been released in version 3.4 and features over fifty bug fixes and improvements. Building upon the stability and security improvements in June's 3.3.6 release, this latest version includes dramatically improved search options (both internally and for external search engines), a clean up of the graphical interface (new-look icons and admin interface) and easier installation." LWN looked at Campsite in March 2009.
Announcing FOSSology 1.2.0 ReleaseThe FOSSology Project has announced the release of FOSSology 1.2.0. "FOSSology is a Free Open Source Software (FOSS) project built around an open and modular architecture for analyzing software. Existing modules include license analysis, meta data extraction, Copyright/URL/email scanner, RPM and Debian package analysis, and MIME type identification. This open source software tool analyzes a given set of software packages, and reports items such as the software licenses used by these packages."
GNOME 2.31.5 unstable releaseThe GNOME 2.31.5 development release is available. "2.31.5 is out and features a lot of modules ported to GTK+ 3; oh sure there are bugs, and disabled features, but 1) this is temporary, and 2) this should be seen as an opportunity for sleepless nights in The Hague. Isn't it a wonderful world?"
GNOME Shell 2.31.5 releasedGNOME Shell 2.31.5 is now available. "Note: This release changes the GTK+ dependency to the GTK+ 3.0 development series. Mutter must now be built with the --with-gtk=3.0 option to work correctly with GNOME Shell."
GTK+ 2.21.5 releasedGTK+ 2.21.5 is the latest stable release of GTK+. "GTK+ 2.22 is planned to be the last stable GTK+ 2.x release, to be released in parallel with GTK+ 3. It will not receive major feature work beyond API additions that are required to facilitate porting to GTK+ 3."
GTK+ 2.90.5 releasedGTK+ 2.90.5, a development release leading toward 3.0, is now available. "GTK+ 3 will be parallel installable with GTK+ 2.x, and this release has been prepared to test this by renaming all .pc files, libraries, include paths, and so forth, to include a '3.0' component."
KDE SC 4.5 RC2 OutKDE has announced the second release candidate of the upcoming KDE Software Compilation 4.5. "The final version will be available in August 2010 and this RC is intended for testers and early adopters who can help by finding and reporting bugs. It will also interest those who want an early look at what is coming to their desktops and netbooks this summer."
libguestfs 1.4.0libguestfs 1.4.0 is a major new release of libguestfs. "libguestfs is a library and a set of tools for accessing and modifying disk images and virtual machines. You can use this for viewing and editing files inside guests, scripting changes to VMs, monitoring disk used/free statistics, P2V, V2V, performing partial backups, cloning VMs, and much more."
SeaMonkey 2.1 Alpha 2SeaMonkey 2.1 Alpha 2 is available for testing. "Please note that this pre-release version is still intended for developers and testers only. As always, we appreciate any feedback you may have and encourage users to help us by filing bugs."
Newsletters and articles This week's newsletters
Page editor: Rebecca Sobol Announcements Non-Commercial announcements Python Software Foundation is sponsoring sprintsThe Python Software Foundation has put out a call for requests for funding assistance for coding sprints. Up to $250 is available for each sprint, and more information can be found on the Python sprints blog or by clicking below for the full announcement. "Whether you call them Sprints, Hackfests, Hack-a-thons, or any other name, they're a great way to hang out with like-minded developers and work on common code. Sprints are an unbeatable way to build friendships and contacts that will last for years to come, and they're a great way to learn about something new if you're just starting out. [...] The Python Software Foundation has set aside funds to be distributed to world-wide sprint efforts. We're anticipating 2-3 events per month focused on covering topics to help the entire community".
KDE e.V. Quarterly Reports RelaunchedKDE.News looks at the relaunch of KDE e.V. quarterly reports. "KDE e.V. is the legal body which holds our finances and represents the project in a range of issues. Our Quarterly Reports have restarted with a special bumper issue covering 2009 Q2 to 2010 Q1. It covers the many sprints which e.V. organises for our contributors to get together in person with their KDE teams. It also covers events e.V. has helped KDE to attend and the working groups it oversees."
Articles of interest Open Source Hardware Definition released, first Open Hardware SummitBoingBoing covers the launch of the "Open Source Hardware Definition" and the announcement of the first Open Hardware Summit. "Open Source Hardware (OSHW) is a term for tangible artifacts -- machines, devices, or other physical things -- whose design has been released to the public in such a way that anyone can make, modify, distribute, and use those things. This definition is intended to help provide guidelines for the development and evaluation of licenses for Open Source Hardware."
Multi-Touch Sugar on XO-1.75 ARM Laptop Coming Soon (OLPC News)OLPC News reports on news of the XO-1.75 laptop. The article mostly quotes from an email by Chris Ball of OLPC, in which he mentions a touchscreen for XO-1.75 and continuing to use Fedora as the distribution, even though the new hardware is ARM-based. In addition, Sugar will get multitouch: "We've begun working on modifications to Sugar to enable touchscreen and multitouch use (the XO-1.75 will have a touchscreen, as will future OLPC tablets based on its design), and we'll continue to do so. The first outcome from this work is Sayamindu Dasgupta's port of the Meego Virtual Keyboard to Sugar".
Supposed 'Proof' Of SCO's Infringement Claims Against Linux Seem Lacking (Techdirt)In what should come as no surprise to most folks, the alleged "proof" of SCO's infringement claims, as recently posted by SCO lawyer Kevin McBride—Darl's brother—is weak, at best. Techdirt takes a look and is unimpressed. "If you look through the files, you don't have to be a programmer to start questioning the copyright claims. Most of the lines are not direct copies at all, and seem to be on really, really, really basic functions -- the type of thing that just about anyone would program to create that functionality. In other words, it's difficult to see how there would be any copyright on that code at all, since it was hardly original or requiring any form of creativity. Others in the Slashdot comments point out that some of the code appears to have originated in BSD code, outside of what SCO was claiming it held rights to, and others suggest at least parts of the code came from a separate third party. Furthermore, even looking through the files it's difficult to find many cases where you could even claim 'cut-and-paste copying' as was alleged." Much (all?) of it seems like the same stuff that was debunked back in 2003.
Weir: ISO/IEC JTC1 Revises Directives, Addresses OOXML AbusesOn his blog, Rob Weir looks at changes to the ISO standardization process, that would eliminate some of the abuses that were seen in the OOXML standardization effort. In 2007 and 2008, Microsoft pushed its office document format (OOXML) through the ISO fast track process, which allowed it to become a second ISO standard—the first was Open Document Format (ODF). "On July 1st, 2010 a new set of rules (directives) took effect in ISO/IEC JTC1 including new processing and voting rules for JTC1 Fast Track submissions. If these rules had been in effect back in 2007, OOXML would have died after its initial ballot." (Thanks to Martin Jeppesen.)
New Books Ubuntu for Non-Geeks, Fourth Edition--New from No Starch Press"Ubuntu for Non-Geeks", 4th Edition, is available from No Starch Press.
MySQL High Availability--New from O'Reilly"MySQL High Availability", Tools for Building Robust Data Centers, is available from O'Reilly.
JavaScript Cookbook--New from O'Reilly"JavaScript Cookbook", Programming the Web, is available from O'Reilly.
Event Reports Ruby on Rails Community Shines at RailsConf 2010O'Reilly Media takes a look at last June's Ruby on Rails conference. "Chairs Chad Fowler and Ben Scofield created a program that highlighted the vibrant and expanding nature of the Rails community itself. While the exploration of Rails 3 attracted many, the conference explored many other areas of the Rails landscape. Featured speakers at RailsConf 2010 included Michael Feathers of Object Mentor, Inc., David Heinemeier Hansson of 37signals, Yehuda Katz of Engine Yard, Inc., Bob Martin of Object Mentor, Inc., Derek Sivers of Thoughts, Ltd., and Gary Vaynerchuk of VaynerMedia."
Calls for Presentations Linux Plumbers Conference call for working session submissions now openThe Linux Plumbers Conference (LPC) has opened up its call for the submission of working session topics that would become part of the "micro-conferences" that make up LPC. Each micro-conference has a number of related working sessions centered around a particular topic (Power Management, Virtualization, Mono, Desktop, Tracing, and so on) and is a half-day in length. "The topics that will actually have working sessions scheduled at the LPC will depend on the submissions to the microconference and on the ability of its respective community to organize a successful working session; see the "Responsibilities of a working session leader" page on the LPC wiki for more details." LPC will be held in Cambridge, Massachusetts November 3-5.
Kiwi PyCon 2010 Call for ParticipationKiwi PyCon will be held in Paihia/Waitangi in the Bay of Islands November 20-21, 2010. Proposals are due by August 2, 2010.
DeepSec 2010 - Call for PapersDeepSec In-Depth Security Conference 2010 will be held in Vienna, Austria, November 23-26, 2010. The call for papers closes July 31, 2010. "Additionally we call for [submission] from young security researchers of 21 years and younger for exhibits of their own research during the conference."
Upcoming Events Events: July 22, 2010 to September 20, 2010The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it.
Page editor: Rebecca Sobol
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[ULSAH book
cover]](/images/2010/ULSAH4-cover.png)