LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Announcements
->Multipage format
This page
Previous weekFollowing week
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for November 4, 2010ELCE: The state of embedded LinuxIt is something of a tradition to have a "State of Embedded Linux" talk at each Embedded Linux Conference (ELC), and the recently concluded ELC Europe did not disappoint. In his keynote, MIPS architecture maintainer Ralf Baechle looked at the "pain points" for embedded developers, as well as what was being done to address them. He also looked to the future and made some predictions of what was coming for the embedded Linux landscape. Baechle started working with MIPS Linux in 1993 or 1994, but was using Linux on x86 even earlier than that. He started off his talk by reporting on two embedded Linux summits that were recently held. One was at LinuxCon Japan and another was held in Cambridge, UK two days before his talk. There were a large number of companies represented at the summits, and "a lot of the big players". There were 16 attendees at the Tokyo summit and 12 at the one in Cambridge. The summits had "fairly good representation of the industry", he said, along with a bunch of architecture maintainers and users. The summits were organized to talk about problems, Baechle said, as "the good stuff doesn't need to be talked about". The meetings were held "off the record" so that the discussions could be candid. The attendees identified a number of pain points for embedded Linux.
The first is the problem with "IP blocks", which are particular components
that are licensed for use in system-on-chip (SoC) devices. A typical SoC
"consists of a number of licensed IP blocks", and it is very
hard for the kernel to determine which blocks are
Another problem area is "legal pain", mostly surrounding the
GPL. That has caused developers to look at alternatives to glibc because
There is also a fair amount of "kernel pain" in the embedded community, starting with the "huge version gap" among the kernels used in embedded Linux devices. Kernels from 2.6.11 up through recent kernels were mentioned as being used, and "not even 2.4 is really really dead", he said. But, Linux is finding its way into more and more products. There is a large company that has made it a policy to put Linux in any of its products that will need to be supported for more than 10 years. Another part of the kernel pain is the large amount of out-of-tree code that embedded Linux developers are working with. Part of the problem comes from multiple groups within companies, each with its own fairly small set of patches. There is little communication between those groups, so that causes a "huge group of patches to build up" within the company. But the single largest patchset that is carried around by embedded Linux developers is the RT_PREEMPT patchset and the summit participants "really would like to see it go upstream", he said. There may be an effort among the participating companies to try to help make that happen. But, there were not only pains discussed at the summits, there was also discussion of various things that had been added to the kernel recently, many of them with the support of the CE Linux Forum (CELF). SquashFS, which is a compressed read-only filesystem, was merged, as was LZO support for it. LZMA support for the filesystem made it as far as -next before that particular implementation was rejected by Linus Torvalds. There is hope for the YAFFS2 flash filesystem to be merged as it is now being cosponsored by CELF and Google. A way to remove unused functions from kernel builds (i.e. -ffunction-sections support) for saving space is getting close to being merged as well, though it is currently held up by some PA-RISC linker problems. Using that can result in savings of around 7% of the kernel size, he said. While the merger of CELF and the Linux Foundation was not known until the Cambridge summit, Baechle expressed optimism that it would be good for the embedded Linux community. Linaro presented itself at one of the summits. It considers itself a "community facing group", he said, that is working to reduce pain in the ARM world. It has 70 full-time engineers doing open source work. Right now, Linux can "at best produce one image per SoC family", which results in some projects needing as many as 50 images, all of which are slightly different variations. Linaro wants to reduce that pain so that companies can "differentiate themselves not by fixing random bugs, but by adding new features". One thing that may help reduce the proliferation of slightly different variations is the device tree work. Device trees describe the buses, devices, memory, interrupts, and so on for a particular SoC. That tree gets passed to the kernel at boot time, which will allow kernels to support more SoCs within a single image. It is currently being used by Power PC across all of its platforms and MIPS is using it as of 2.6.37-rc1. Baechle said that ARM maintainer Russell King is "not quite convinced" about device trees, but he believes that King eventually will be. Virtualization is a hot topic in the embedded Linux world these days, but it is "not going to be for everybody". Systems that are too resource constrained will not be interested in virtualization, but others will be. He went through various virtualization technologies available for Linux including containers, Xen, KVM, and two proprietary solutions from Wind River and MontaVista. Each has its place, but containers for OS-level virtualization and KVM for full virtualization are likely to be the dominant players for embedded devices, at least partially because they are part of the mainline kernel. Baechle sees virtualization as a game changer for larger embedded systems. For example, high availability systems can use a pair of guests that can fail over to each other. That will also allow in-service software upgrades. Alternatives to glibc were next on the agenda. Embedded developers are looking for those alternatives because glibc is "the size of an aircraft carrier". It complies with all of the standards but that comes at a heavy price. uClibc is one alternative, but the problem is that it is "yet another API" that application developers need to support. But Embedded GLIBC (EGLIBC) offers an alternative for embedded developers that doesn't require a separate API. It is a variant of glibc that is maintained by CodeSourcery and is "embedded friendly". Unlike glibc (whose maintainer "says 'embedded crap' frequently"), it can be configured without some features, which leads to a reduction in code size, while still allowing applications that don't use those features to run without modification. In many cases, the same application can run on the desktop or the embedded device and there aren't two different toolchains required. EGLIBC is another game changer, according to Baechle, though it is not for the smallest systems. But it simplifies development which leads to "instant ISV [independent software vendor] happiness". In a look at the mobile distribution space, Baechle was clearly impressed with MeeGo. He thinks that it will be a "fairly hot commodity in the future" because it uses the typical Linux software stack. Android, on the other hand, "feels alien", though Google does a good job with its development tools. Because MeeGo is stewarded by the Linux Foundation, it is in more neutral hands than Intel's would be, he said. The "working upstream" policy of MeeGo is very important, he said. That policy is increasing the pressure on other embedded Linux community members to get their code upstream. MeeGo has the most push from the industry and a tremendous amount of money behind it. He is optimistic about its future, saying that "MeeGo is going to change the game a little bit". The embedded world is changing, Baechle said. "Embedded" used to be a synonym for "resource-constrained", with functionality that was reasonably easy to implement. But, modern devices are multi-functional that share a lot of technology with desktop and server systems. There are devices using the NUMA code to get good performance from multiple memory banks, for example. SMP was originally developed for servers, moved into the desktop world, and is now being used by embedded devices. In wrapping up his talk, Baechle looked into his crystal ball and made a few predictions. Over the next year or so, he believes that three more architectures will get merged, as will YAFFS2, but that the RT_PREEMPT patchset won't be. The pressure to work upstream will continue to increase which will lead embedded companies to rethink how they handle source code and how they put together their development teams. "Feature-wise, Linux has become rather mature [and] very stable", but "the complexity of the code has increased quite dramatically over the last few years", Baechle said. There has been progress made everywhere in the kernel, with no one feature that stands out. That is likely to continue over the next few years, and we will be seeing Linux in even more devices.
New Hugin release does more than just panoramasHugin, the open source photo blending-and-stitching tool, made its second major release of 2010 this week. Among the bullet points are new visualization features, more automation for tricky parts of the image-alignment process, and two new major modes that continue to extend Hugin's functionality beyond the "panorama generator" label it typically wears. Several release cycles ago, the Hugin project adopted a hybridized version-numbering scheme that blends release dates and traditional incremental numbering; as a result last Monday's release is designated Hugin 2010.2.0, which means it is the second stable release made in 2010 (rather than, for example, a February 2010 release). Source code packages as well as Mac OS X and Windows binaries are available for download directly from the project. Linux users can either consult compilation instructions tailored by distribution on the download page, or look for third-party builds. Regular snapshots and nightly builds are available for Fedora and Ubuntu. Installation and setup issuesHugin depends on a suite of external tools for the core tasks of remapping, stitching, blending, and exposure-fusing photographs. These include PanoTools library, which as of Hugin 2010.2.0 deprecates libpano12 in favor of libpano13, Enblend and Enfuse, and several OpenGL libraries (freeglut, libGLU, and GLEW). Those users compiling from source will also need version 2.7.0 or newer of the wxWidgets toolkit. ![[Hugin control points]](/images/2010/hugin2010-controlpoints-sm.png)
An ongoing struggle for the project is the lack of a patent-unencumbered tool to automatically find and mark "control points" in images — scene features shared between neighboring images in a panorama, which Hugin uses to calculate the transformations that warp overlapping regions together. This is particularly important for community distributions (such as Fedora) with rules prohibiting patented software packages. The default control point generator is Autopano-SIFT, which is covered by a patent. For distributions that don't have Autopano-SIFT, it and other options can be installed manually, or users can simply pick control points by hand. I tested Hugin 2010.2.0 on Ubuntu using the Hugin PPA repository. On Ubuntu, a full update includes not just the hugin, hugin-tools, and hugin-data packages, but also the libpano13 library package, without which the Hugin build will install, but fail to run due to a missing linked library. Also important to note is the autopano-sift-c package. Autopano-sift-C is a C rewrite of the original C# Autopano-SIFT utility; the autopano-sift-c package advertises that it replaces autopano-sift, but installing it does not update Hugin's preferences to point to the updated binaries. You must open "File -> Preferences -> Control Point Detectors" and select the new package, or else Hugin's automated panorama assistant will fail at run time. Hugin presents a tabbed interface to the user, with separate tabs for the individual steps of a typical panorama-creation workflow: rearranging component images, assigning control points, calculating the "optimal" settings for remapping the images, and stitching the result into the desired format, whether that is a single combined image, a set of individual TIFFs, or any intermediate step. There is an assistant tab that automates the basic panorama-creation process, but for fine adjustments, you will have to delve into the individual tabs. The same is true when using Hugin for other purposes, such as perspective correction. Improvements![[Hugin preview]](/images/2010/hugin2010-preview-sm.png)
The most noticeable change for most Hugin users will be the improvements to the fast panorama preview window. This window uses OpenGL to render a small preview of the current panorama project. In addition to its value as a visualization tool, though, it can now be used to adjust the position, centering, rotation, and cropping of the final image. Left-clicking and dragging allows the user to reposition the panorama, and right-clicking allows the user to rotate it around the origin. It can even be used to make rough adjustments to individual images by de-selecting all but the desired images from a list in the toolbar. The preview window also includes a "Layout" tab that displays thumbnails of the images in a graph, with colored edges connecting images that overlap. Gray lines denote overlapping images without control points assigned, while green, yellow, and red lines denote images with good, fair, and poor control point matching, respectively. Toolbar buttons provide one-click access to center, fit-to-window, and straighten the panorama. Collectively, all of these changes combine to make the fast preview window a useful tool for large-scale correction to a panorama project. Without them, the user is at the mercy of the raw numbers generated by Hugin's control point and optimization routines. You can still examine the raw numbers, but it takes considerable experience to draw real meaning from them when Hugin's final output appears wildly distorted or otherwise unexpected. Furthermore, if you make the basic image alignment in the fast preview window first (before running the control point generator), you will save time, because Hugin will only attempt to find control points between images that overlap in the preview. This behavior is configurable through Hugin's preferences. Under the hood, Hugin also supports a wider range of camera lenses for its perspective- and distortion-correction routines. In addition to the normal and fisheye lens support of previous releases, it can correct orthographic, stereographic, and equisolid lenses. New featuresHugin developers have added entirely new, non-panoramic features to the application in previous releases, such as the ability to remap a photograph into an architectural projection, correct perspective distortion in normal photos, remove chromatic aberration, and calibrate lenses. Two new use cases debut in 2010.2.0: linked bracketing and mosaic stitching. Linked bracketing builds on Hugin's exposure fusion functionality, with which the program can combine bracketed exposures into a combined high-dynamic-range (HDR) image (much like Luminance HDR can). In previous releases, Hugin needed to use control points and align the images before attempting the exposure fusion. With linked bracketing, the user instead simply selects the images in Hugin's "Images" tab, clicks "New stack," and moves to the final output step. Obviously, the selected images need to be aligned in-camera (such as taken from a tripod), but for those photographers who use Hugin primarily for exposure fusion, this saves considerable time. While linked bracketing can be used in panoramic workflows, mosaic stitching represents an entirely new technique. In a panorama, the camera remains in virtually the same spot, and rotates to capture different views of the 360-degree scene. Mosaic stitching tackles the opposite situation, when the subject of the photo remains still, but you must move the camera around to photograph it. The canonical example is photographing a large floor or wall; the subject is flat, but too large to be captured in one frame. To stitch such a mosaic in Hugin, the photographer imports the individual images, but adjusts them using the "Mosaic" mode in the Fast preview window's "Move/Drag" tab. This permits shifting the image without recalculating its position in 3-D, as is required with panoramic shots. ![[Hugin masking]](/images/2010/hugin2010-mask-sm.png)
A supporting function introduced with 2010.2.0 is masking support. In Hugin's "Masks" tab, you can draw a polygonal mask around objects in any image that you wish to be excluded from the stitched final output. When stitching, Hugin uses samples from the other overlapping images. This can be used to cut out passersby walking through the frame, but as the site's tutorial explains, it can also be used to remove stationary objects from mosaic stitching scenes. Weighing the changesThis release incorporates work started in several Google Summer of Code projects, and represents a good mix of new features, improvements of existing functionality, and user interface refinements. For example, I have used Hugin for several years, but this is the first release where I was happy with the control points automatically selected by the panorama "assistant" (a much friendlier alternative to a "wizard"). Similarly, the new visualization and image arrangement tools in the OpenGL-based fast panorama preview window actually make the application significantly easier to use. In fact, the fast preview window arguably includes enough tools now that it probably deserves a promotion in name. Yet it remains in the toolbar, next to the non-OpenGL panorama preview window (which I suppose should be called the "slow" preview by comparison). Hugin's arrangement of tools is probably its main weak point. As listed in the beginning of the previous section, there are around a half-dozen image correction tasks that the application can perform, but panorama stitching is the only one that has earned a step-by-step "assistant." The existence of mosaic stitching would probably go undiscovered by anyone who did not read the project's tutorial site regularly, and the individual tools needed for lens calibration are similarly hidden, scattered among the application tabs and windows. The setting that controls Hugin's ability to skip control point generation for non-overlapping images is buried three preference windows deep, and must be set for every individual control point generator. A side effect of the multi-tab approach taken in the Hugin UI is that even for straightforward tasks, it is often necessary to jump back and forth between the tab several times, repeating optimization on some parameters in one run, and others in another. To the inexperienced user it is difficult to see that changes made in one tab affect the contents of other tabs. For example, panoramic photographer Yuval Levy has a detailed tutorial on his site about using the new Mosaic stitching workflow. By my count, it involves at least six visits to the "Optimizer" tab; perhaps more, depending on the number of images. Maybe Hugin is restricted somewhat in its user interface because it builds on a set of several discrete tools, but the improvement seen in the panorama assistant show that they can be linked together in a manner that is accessible even to newcomers. I hope that in the future, the project will expose more of its non-panorama functionality in a similar manner. The other area in which Hugin could still use improvement is helping the user diagnose problems. It is fairly common to attempt to "optimize" a panorama project and be presented with a warning dialog alerting you that "very high" distortion coefficients have been found. The only options at that point are to continue, or to revert the optimization entirely. If the logic exists that allows Hugin to "know" that the coefficients are bad, assisting the user in finding and fixing the source of the trouble should not be far behind. To put it another way, although the "assistant" approach does a good job of walking the user through a successful project, it is just as important to walk the user through troubleshooting a project. Still, no one who needs any of Hugin's image-manipulation magic has any reason to not install the 2010.2.0 update. The visualization tools in the fast panorama preview allow drastically faster adjustments than can be performed in the "Optimizer", "Exposure", and "Stitcher" tabs. Recent builds have enabled the use of GPUs for some calculations, which is a tantalizing prospect to consider while waiting for a long optimization or stitching routine to complete. While I was still able to crash Hugin once or twice when working on large, multi-image panorama stitching tasks, it was significantly more stable than the 2009 release I had been using beforehand. It still takes a time investment to produce quality work — but that is always true with photography.
A report from OpenSQLCampWhat do you get when you put together 80 to 100 hard-core database geeks from ten different open source databases for a weekend? OpenSQLCamp, which was held most recently at MIT. Begun three years ago, OpenSQLCamp is a semi-annual unconference for open source database hackers to meet and collaborate on ideas and theories in the industry. It's held at various locations alternately in Europe and the United States, and organized and run by volunteers. This year's conference was organized by Sheeri Cabral, a MySQL community leader who works for PalominoDB.This year's event included database hackers who work on MySQL, MariaDB, PostgreSQL, VoltDB, Tokutek, and Drizzle. In contrast to the popular perception that the various database systems are in a no-holds barred competition for industry supremacy, most people who develop these systems are more interested in collaborating with their peers than arguing with them. And although it's OpenSQLCamp, programmers from "NoSQL" databases were welcome and present, including MongoDB, Membase, Cassandra, and BerkeleyDB. While the conference was mainly database engine developers, several high-end users were present, including staff from Rackspace, GoDaddy, VMWare, and WidgetBox. The conference's location meant the participation of a few MIT faculty, including conference co-chair Bradley Kuzsmaul. While few of the students who registered actually turned up, attendees were able to learn informally about the software technologies which are now hot in universities (lots of work on multi-processor scaling, apparently).
FridayThe conference started with a reception at the WorkBar, a shared office space in downtown Boston. After a little drinking and socializing, participants slid immediately into discussing database and database industry topics, including speculation on what Oracle is going to do with all of its open source databases (answer: nobody knows, including the people who work there), recent releases of PostgreSQL and MySQL, and how VoltDB works. Whiteboard markers came out and several people shifted to technical discussions and continued the discussion until 11pm. Jignesh Shah of VMWare brought up some interesting SSD testing results. In high-transaction environments, it seems that batching database writes actually reduces throughput and increases response times, completely contrary to performance on spinning disks. For example, Jignesh had experimented with asynchronous commit with large buffers, which means that the database returns a success message to the client and fsyncs the data in batches afterward. This reduced database write throughput, whereas on a standard spinning disk RAID it would have increased it up to 30%. There was a great deal of speculation as to why that was. A second topic of discussion, which shifted to a whiteboard for comprehensibility, was how to put the "consistency" in "eventual consistency" without increasing response time. This became a session on Sunday. This problem, which is basic to distributed databases, is the question of how you can ensure that any write conflict is resolved in exactly the same way on all database nodes for a transactional database which is replicated or partitioned across multiple servers. Historical solutions have included attempting to synchronize timestamps (which is impossible), using centralized transaction counter servers (which become bottlenecks), and using vector clocks (which are insufficiently determinative on a large number of nodes). VoltDB addresses this by a two-phase commit approach in which the node accepting the writes checks modification timestamps on all nodes which could conflict. As with many approaches, this solution maintains consistency and throughput at a substantial sacrifice in response times.
SaturdayThe conference days were held at MIT, rather ironically in the William H. Gates building. For those who haven't seen Frank Gehry's sculptural architecture feat, it's as confusing on the inside as it is on the outside outside, so the first day started late. As usual with unconferences, the first task was to organize a schedule; participants proposed sessions and spent a long time rearranging them in an effort to avoid double-scheduling, which led to some "concurrency issues" with different versions of the schedule. Eventually we had four tracks for the four rooms, nicknamed "SELECT, INSERT, UPDATE and DELETE". As much as I wanted to attend everything, it wasn't possible, so I'll just write up a few of the talks here. Some of the talks and discussions will also be available as videos from the conference web site later. I attended and ran mostly discussion sessions, which I find to be the most useful events of an unconference. Monty Taylor of Drizzle talked about their current efforts to add multi-tenancy support, and discussed implementations and tradeoffs with other database developers. Multi-tenancy is another hot topic now that several companies are going into "database as a service" (DaaS); it is the concept that multiple businesses can share the same physical database while having complete logical separation of data and being unaware of each other. The primary implementation difficulty is that there is a harsh tradeoff between security and performance, since the more isolated users are from each other, the less physical resources they share. As a result, no single multi-tenancy implementation can be perfect. Since it was first described in the early 80's, many databases have implemented Multi-Version Concurrency Control (MVCC). MVCC is a set of methods which allow multiple users to read and modify the same data concurrently while minimizing conflicts and locks, supporting the "Atomicity", "Consistency", and "Isolation" in ACID transactions. While the concept is conventional wisdom at this point, implementations are fairly variable. So, on request, I moderated a panel on MVCC in PostgreSQL, InnoDB, Cassandra, CouchDB and BerkeleyDB. The discussion covered the basic differences in approach as well as the issues with data garbage collection. Jignesh Shah of VMWare and Tim Callagan of VoltDB presented on current issues in database performance in virtualized environments. The first, mostly solved issue was figuring out degrees of overcommit for virtualized databases sharing the same physical machine. Jignesh had tested with PostgreSQL and found the optimal level in benchmark tests to be around 20% overcommit, meaning five virtual machines (VMs) each entitled to 25% of the server's CPU and RAM. One work in progress is I/O scheduling. While VMWare engineers have optimized sharing CPU and RAM among multiple VMs running databases on the same machine, sharing I/O without conflicts or severe overallocation still needs work. The other major unsolved issue is multi-socket scaling. As it turns out, attempting to scale a single VM across multiple sockets is extremely inefficient with current software, resulting in tremendous drops in throughput as soon as the first thread migrates to a second socket. The current workaround is to give the VMs socket affinity and to run one VM per socket, but nobody is satisfied with this. After lunch, Bradley ran a Q&A panel on indexing with developers from VoltDB, Tokutek, Cassandra, PostgreSQL, and Percona. Panelists answered questions about types of indexes, databases without indexes, performance optimizations, and whether server hardware advances would cause major changes in indexing technology in the near future. The short answer to that one is "no". As is often the case with "camp" events, the day ended with a hacking session. However, only the Drizzle team really took advantage of it; for most attendees, it was a networking session.
SundayElena Zannoni joined the conference in order to talk about the state of tracing on Linux. Several database geeks were surprised to find out that SystemTap was not going to be included in the Linux kernel, and that there was no expected schedule for release of utrace/uprobes. Many database engineers have been waiting for Linux to provide an alternative to Dtrace, and it seems that we still have longer to wait. The VoltDB folks, who are local to Boston, showed up in force and did a thorough presentation on their architecture, use case, and goals. VoltDB is a transactional, SQL-compliant distributed database with strong consistency. It's aimed at large companies building new in-house applications for which they need extremely high transaction processing rates and very high availability. VoltDB does this by requiring users to write their applications to address the database, including putting all transactions into stored procedures which are then precompiled and executed in batches on each node. It's an approach which sacrifices response times and general application portability in return for tremendous throughput, into the 100,000's of transactions per second. Some of the SQL geeks at the conference discussed how to make developers more comfortable with SQL. Currently many application developers not only don't understand SQL, but actively hate and fear it. The round-table discussed why this is and some ideas for improvement, including: teaching university classes, contributing to object-relational mappers (ORMs), explaining SQL in relation to functional languages, doing fun "SQL tricks" demos, and working on improving DBA attitudes towards developers. In the last track of the day, I mediated a freewheeling discussion on "The Future of Databases", in which participants tried to answer "What databases will we be using and developing in 2020?" While nobody there had a crystal ball, embedded databases with offline synchronization, analytical databases which support real-time calculations, and database-as-a-service featured heavily in the discussion.
Wrap-upWhile small, OpenSQLCamp was fascinating due to the caliber of attendee; I learned more about several new databases over lunch than I had in the previous year of blog reading. If you work on open-source database technology, are a high-end user, or are just very interested in databases, you should consider attending next year. Watch the OpenSQLCamp web site for videos to be posted, and for the date and location of next year's conferences in the US and Europe.
Security Gathering session cookies with FiresheepThe recent release of Firesheep—a Firefox extension that captures others' cookies on open WiFi networks—has set off something of a firestorm. The particular hole that Firesheep exploits is not anything new, we looked at an EFF-sponsored workaround for the problem back in July, but the particulars of the Firesheep implementation are fairly eye-opening. It would seem that Firesheep developer Eric Butler was wildly successful in doing what he set out to do: increase the visibility of insecure session cookie handling by major web sites. It is fairly standard for web sites to protect their login screens by using HTTPS (i.e. SSL/TLS encrypted connections) so that usernames and passwords cannot be intercepted. But once the login has been completed, a session is created, and sites typically hand out a cookie—a (hopefully) opaque value that the server can use to associate a request with a particular session (i.e. user). Each time the user's browser sends a request to the site, it also sends any cookies that have been set by that site. Those cookies are valid for a server-selectable period of time, and while they are valid, they can be used by anyone to appear to the server as the user who logged in. The problem is that the cookies are often transmitted via unencrypted HTTP. So Firesheep, which was released at ToorcCon 12 on October 24, can intercept these cookie values for various high-profile web sites (e.g. Facebook, Twitter, Amazon, Google, Github, and so on). It does the cookie interception by sniffing the network traffic on open WiFi networks, and once it has them, it offers the user the ability to connect to those services using the captured cookies. So someone sitting in a coffeeshop can run Firesheep and potentially access Facebook as some other unsuspecting customer. The ability to do a one-click takeover of someone's account is clearly Firesheep's most controversial feature. But it certainly serves the purpose of alerting the public to this particular problem. Packaging the program as a Firefox extension is also a clever touch. There is no reason that Firesheep couldn't be a standalone program, but making it available in the browser eases the installation process so that it can get in the hands of more (ab)users. Butler's intent is to shame (or scare) web site operators into switching to HTTPS. It is the same end goal that the EFF had with its HTTPS Everywhere Firefox extension, but Firesheep definitely grabbed a lot more attention than the EFF's tool did. HTTPS Everywhere uses rules to rewrite http:// URLs to https:// URLs, which is useful—but not particularly striking, at least to casual users and the press. People have expressed ethical concerns about the release of Firesheep, but like many security-oriented tools, it can be used for good or ill. There are also reports that Microsoft's anti-virus software is marking Firesheep as a threat. This firestorm has caused Butler to strongly defend Firesheep and its release:
In addition to questioning Firesheep's legality, some people have
questioned the ethics of its release. Similar tools have existed for years,
so big companies, especially Facebook and Twitter, cannot claim they are
unaware of these issues. They have knowingly placed user privacy on the
back burner, and I'd be interested to hear some discussion about the ethics
of these decisions, which have left users at risk since long before
Firesheep.
Web sites can fix the problem by converting over to HTTPS and marking their session cookies as HTTPS-only, but it's not quite as simple as just flipping a switch. HTTPS will definitely require more server resources to encrypt and decrypt all of its traffic, but there are other potential problem areas as well. Various internal links in existing content may need to be converted or handled by the web server rewrite engine, and there is a class of content that web site operators may not have any control over: advertisements. Ad networks run by Google and others often do not offer HTTPS for serving ads. That results in a warning from many web browsers because there is insecure (i.e. HTTP) content in an HTTPS page. The last thing many web site operators want is for their new users to be greeted with a scary warning about the site. We have been running some experiments here at LWN and plan to have HTTPS-only cookies soon, though we haven't quite figured out how to handle the Google ad problem. It is really something we (and lots of other sites) should have done a long time ago. Thanks to Firesheep, there are now even more compelling reasons to make that switch happen.
New vulnerabilities clamav: code execution
cups: code execution
cvs: code execution
dovecot: restriction bypass
dovecot: multiple vulnerabilities
gnucash: arbitrary code execution
libguestfs: possible host corruption
luci: authentication bypass
Mozilla products: remote code execution
pam: privilege escalation
php: multiple vulnerabilities
proftpd: arbitrary code execution
python: multiple vulnerabilities
Page editor: Jake Edge Kernel development Brief items Kernel release statusThe current development kernel is 2.6.37-rc1, released on November 1. The 2.6.37 merge window is now closed. "There's a lot of changes there - just shy of 10k commits since 2.6.36 - despite the slightly shortened merge window. Way too many to list. But the part that I think deserves some extra mention is that we've finally largely gotten rid of the BKL (big kernel lock) in all the core stuff, and you can easily compile a kernel without any BKL support at all. It's been a long road, and thanks to Arnd and others who did it." Full details can be found in the long-format changelog.Stable updates: the 2.6.27.55, 2.6.32.25, and 2.6.35.8. stable updates were released on October 29; each contains a long list of important fixes. Greg has let it be known that there will be one more 2.6.35 update before support for that kernel ends.
Quotes of the week
i have theorized in the past that the problem we face is that an
insufficient number of axe murderers are attending those kinds of
research meetings.
-- Theo de Raadt on IPv6
And yes, maybe it's just me showing my insecurities again. I have
various mental hangups, and liking to feel like I know roughly what
is going on is one of them. Doing the merges and looking at the
code that clashes makes me feel like I have some kind of awareness
of how things are interacting in the development process.
-- Linus Torvalds
This is cool stuff - it's been a long haul. One day we'll be
nearly-finished and someone will write a book telling people how to
use it all and lots of people will go "holy crap". I hope.
-- Andrew Morton
Kernel development news The 2010 Kernel SummitThe 2010 Kernel Summit was held on November 1 and 2 in Cambridge, MA, USA. Some seventy or so top-level kernel developers gathered there to discuss a wide range of topics which are of interest to the wider kernel community. Your editor was there, frantically taking notes. Reports from the first day's sessions can be found below:
The sessions which were held on the second day of the summit are:
The Kernel Summit was followed by a joint reception with the Linux Plumbers Conference. An election for the Linux Foundation's Technical Advisory Board was held there. The five open seats were won by James Bottomley and Chris Mason (both incumbents), joined by newcomers John Linville, Grant Likely, and Hugh Blemings.
The second half of the 2.6.37 merge windowThe 2.6.37-rc1 prepatch has been released, so the merge window is now closed. Nearly 3100 changesets were merged between last week's summary and the closing of the window; there were 9518 non-merge changesets merged in total for 2.6.37. The most significant user-visible changes include:
Changes visible to kernel developers include:
Now the stabilization period begins; the final 2.6.37 release will almost certainly happen in January.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Architecture-specific
Page editor: Jonathan Corbet Distributions openSUSE Conference 2010: The future of LibreOfficeThe OpenOffice.org track at this year's openSUSE conference spontaneously changed to a LibreOffice track after the news of the OpenOffice.org fork. That shouldn't be a surprise: Novell's Michael Meeks was previously responsible for Go-oo, which will be obsoleted by LibreOffice. At the openSUSE conference, developers of the young fork presented the current state of LibreOffice and discussed the direction of development. Some numbersThe LibreOffice track was opened by Florian Effenberger, a Founding Member of The Document Foundation who resigned from his position as the OpenOffice.org Marketing Project Lead two days after his talk. He emphasized that the 10th anniversary of OpenOffice.org was an important date for The Document Foundation: "We see LibreOffice not as a split but as an evolution and the next logical major step for the next decade." An important part of this is lowering the barrier for new contributors, e.g. by not requiring formal paperwork before contributing code, such as a copyright assignment. Florian gave some numbers to put the young LibreOffice community in perspective. Currently, it has 15 full-time developers from Novell and Red Hat, and already 65 new code contributors (people that have never contributed a single line before to OpenOffice.org). The announce mailing list has 4,000 subscribers and the discussion lists 1,500. There are 51 world-wide mirrors that are distributing LibreOffice, and in the first week, the LibreOffice beta had already been downloaded more than 80,000 times. Although most of the LibreOffice supporters seem to be linked to a Linux distribution, Florian was clear about the target platforms: "Most of the OpenOffice.org and LibreOffice downloads are for Windows: these are people migrating from Microsoft Office. So Windows support will not be dropped in LibreOffice." Moreover, he maintained that end users will very soon pick the fruits of the more open development model of LibreOffice: "Because Oracle limits the development of OpenOffice.org with their copyright assignment, we will get more code in and thus become better feature-wise soon." LibreOffice 3.3 will be available this fall, and it will be integrated into openSUSE soon. Easy hacks![[Cédric Bosdonnat]](/images/2010/osc-bosdonnat-sm.jpg)
In his talk "LibreOffice Easy Hacks", Cédric Bosdonnat — who is a LibreOffice developer for Novell — gave some hints about how to find interesting parts of the LibreOffice code to hack on, and talked about some tricks and tools to help developers. His main goal was to tell people that coding on LibreOffice isn't impossible; there's a lot of simple stuff out there. The Document Foundation's wiki even has a page with a list of these easy hacks, and some of them have already been completed. Many of these easy hacks are a form of code cleanup: translating German comments that have been there since the StarDivision days, removing code that is commented out, removing duplicated code, and so on. According to Cédric, the latter is a bad habit among OpenOffice.org developers at Sun/Oracle: many specialists are working on their own module and are not collaborating. As a consequence, OpenOffice.org has, for example, three different line-drawing implementations: one for Writer, one for a Calc cell or table, and one for an Impress table. "When I wanted to add dashed borders, I had to hack three places, so eventually I merged them,", Cédric concluded. The OpenOffice.org code base also has six classes for a string, and according to Cédric it should be reduced to just two (for Unicode vs. 8-bit encoding). But the easy tasks are not only about code cleanup; Cédric also mentioned some more interesting hacks. For example, one could create an XML file fuzzer: a component that takes an existing, complex ODF document, swaps the contents randomly, and loads the result in LibreOffice to see if it crashes. The goal is to make LibreOffice more robust: prevent it from crashing on arbitrary ODF files. Another interesting hack would be to use the C library libxslt instead of the current Java libraries for XSLT (Extensible Stylesheet Language Transformations). And last but not least, intrepid collaborators could help improving the build system. Cédric also listed some useful development tools. For quick searches in the LibreOffice git repositories, there's the OpenGrok source browser (for now still on the Go-oo.org domain), and there's also partial source code documentation generated by Doxygen. As for an IDE, Cédric warns about using one of the big ones: There is no full-fledged integrated development environment that can handle that much code. This includes Eclipse, NetBeans, and KDevelop. Instead, I prefer using Emacs or Vim with a C/C++ configuration, supplemented with an index and search tool like ctags. For such a big code base, searching with grep isn't useful, and therefore we have also set up a make tags make target.
Of course, you can also start coding on LibreOffice when you encounter a crash that prevents you from using it ("scratch your own itch"). Then you have to use GDB, Valgrind, or your other favorite debugger and let the backtrace show the code. Cédric gave a tip for this situation: you don't need to build the complete LibreOffice suite with debug symbols for this. Just rebuild the specific module the crash is in with debug symbols. Another place to start your hacking adventures is the user interface: when you see where you'd want to add a feature, look for a user interface string in the same window, e.g. with OpenGrok. But whatever you do, Cédric emphasized that you should get in touch with the LibreOffice developer community when you start coding. Don't work alone, but communicate on the #libreoffice IRC channel on irc.freenode.net or on the LibreOffice mailing list, and find the right experts to assign any bugs to. Building LibreOfficeNovell's Jan Holesovsky described in his session how to get the source code of LibreOffice, how to build it, and how to get your patches back to the developers. Most of this information can also be found in the Development section of the Document Foundation's wiki, e.g. the "How to build LibreOffice" page. An especially interesting tip that Jan gave was about distributed building. If you have more than one machine, you can install and configure icecream, a distributed build system created by SUSE developers. And with Kiwi-LTSP you can PXE boot computers to add them easily to your build farm. Jan also talked briefly about improvements of the LibreOffice build process that are being worked on. In the near future, the build directory will be simplified and the translations (or at least the help texts) will be put into a separate build. In the far future, a split build will be made possible: there will be a separate build of the libraries and applications. For example, at the moment you have to build the whole of LibreOffice completely before you can work on a specific application, e.g. Calc. After that, you can just rebuild Calc each time you change it. But in the future, the initial complete build shouldn't be needed anymore. Next stepsNovell's Thorsten Behrens brainstormed with his audience about what the next steps for LibreOffice's development should be. According to him, QA should definitely become a priority: Historically the code base had not much unit tests, so if you changed something you needed to test it manually. Moreover, the only unit tests that are present are for base libraries. It's really important to have more unit tests, to feel sure that if you change something you don't break things.
Then he asked for some input from the audience, which resulted in a number of interesting ideas. One of the proposed ideas was to make a LibreOffice viewer, especially for mobile devices such as Android. This could fill a gap, because there don't seem to be that many ODF viewers for mobile devices. If it carried the LibreOffice brand, people would trust that the viewer supports ODF well. Better compatibility with Microsoft Office's file formats and a way to import clip art from Microsoft Office (if the license permits) were other proposals. Another request was that bug reporting should be made simpler. One commenter complained that it takes approximately half an hour for every bug you file. You have to first search if the bug has already been reported by trying a couple of search strings, and then you have to click a lot of buttons with the risk that you choose the wrong options. Michael Meeks chimed in: he sees some value in a simple bug reporting work flow for users. For conversion errors, this could ask the user to take a screen shot of a file in Microsoft Office and the same file in LibreOffice, so that the developers can try to find out where the conversion went wrong. With such a simple work flow, instead of a daunting bug reporting tool with countless options, users may file many more bugs. A project like Officeshots might also be helpful for bug reporting. A welcoming community![[Contributor graph]](/images/2010/osc-graph-sm.png)
Although the LibreOffice community has a daunting task, a lot of OpenOffice.org contributors have resigned and decided to spend their time instead on the new fork. To visualize this, Cédric Bosdonnat created a graph showing the contributors by week, using the gitdm tool created by Jonathan Corbet and Greg Kroah-Hartman. He also created a video of the first week of coding on LibreOffice, as visualized by Gource. It surely seems like a successful start for LibreOffice, but it remains to be seen whether the project can keep up that pace. One thing is clear, though, from the talks at the openSUSE conference: the LibreOffice community is very welcoming and does its best to lower the barriers for new contributors.
Brief items Distribution quotes of the week
Just because we're
a community of volunteers doesn't mean we don't have to treat each other
professionally. If people spoke to their co-workers the same way they
sometimes speak to each other on Fedora lists, there would be consequences,
and justifiably so. I've always thought that Fedora's "code of conduct"
could be as simple as "don't be a jerk", but I support the mandate of the
soon-to-be-formed CWG [Community Working Group] to decide otherwise.
-- Max Spevak
I have now been doing Fedora Release Engineering for nearly 5 years. My
first task was to rebuild every Fedora Core package for a gcc change
leading up to the release of Fedora Core 5 (hey look, a --turbo
option!). I've seen us through 10 releases, the merger of Core and Extras,
countless mass rebuilds, the creation of Live Media and the explosion of
spins, an unfortunate security incident, many evolutionary changes in our
development process, the creation and growth of a release engineering
volunteer team, the creation of release criteria, the migration of source
control, and the creation of a plethora of Standard Operating Procedures
for release engineering. It has been a challenging and very rewarding 5
years. But I need a break.
-- Jesse Keating resigns
Announcing the release of Fedora 14Fedora 14 has been released along with several official spins (KDE, XFCE, LXDE, SoaS, Security, ...) Some of the new features in this release include libjpeg-turbo, Spice, the D programming language, Python 2.7, and much more.
MeeGo 1.1 releasedThe MeeGo 1.1 release is available; the netbook, "in-vehicle infotainment," and handset versions have all been updated. "The 1.1 Core OS provides a complete set of enabling technologies for mobile computing. The MeeGo stack contains Linux Kernel 2.6.35, X.org server 1.9.0, Web Runtime, Qt 4.7, and Qt Mobility 1.0.2, supporting the contacts, location, messaging, multimedia, and sensor and service frameworks. It also includes a number of leading edge components, such as the oFono telephony stack, the ConnMan connection manager, the Tracker data indexer, the Telepathy real-time communications framework, the Buteo sync framework, and many more."
OpenBSD 4.8 releasedOpenBSD 4.8 has been released. The announcement (click below) contains lengthy list of new features and improvements in this release. The announcement also looks at the new features and bug fixes in OpenSSH
DragonFly BSD 2.8The DragonFly team has announced the release of DragonFly 2.8. This release features a working X environment, a Packet Filter update, a port of FreeBSD's WiFi stack, and better multprocessor performance.
Debian Installer 6.0 Beta1 releaseThe Debian Installer team has announced the first beta release of the installer for Debian GNU/Linux Squeeze. "This release is dedicated to Frans Pop, who worked as Debian Installer Release Manager for several years. Even after he stepped out from this responsibility in 2007, Frans continued to be heavily involved in several aspects of D-I until he passed away."
Distribution News Debian GNU/Linux Debian sprint programDebian Project Leader Stefano Zacchiroli has been working toward having more sprints. "The main principles of the program are that: (1) sprints are good to both get work done and strengthen our community; and (2) there are responsibilities of transparency towards the rest of the Project, so we need to communicate before, during, and after a sprint about what is happening."
Fedora ATrpms for Fedora 14; upcoming EOL for Fedora 12ATrpms is a 3rd party general purpose package repository for Fedora. Packages for Fedora 14 are now available with repositories for "stable", "testing" and "bleeding". The Fedora Project will end support for Fedora 12 in about a month and ATrmps will also end their support for Fedora 12 at the same time.
Cooperative Bug Isolation for Fedora 14The Cooperative Bug Isolation Project (CBI) is an ongoing research effort to find and fix bugs in the real world, by distributing specially modified versions of popular open source software packages that monitor their own behavior. CBI is now available for Fedora 14.
Fedora to (try to) remove setuid files for F15The report from the October 26 FESCO meeting (click below for the whole thing) includes the news that the remove setuid feature has been approved for the Fedora 15 release. "File Capabilties have been present in the Operating System for a few releases now, it is time that we remove setuid applications and just assign the capabilities required by an application. This should make the applications and the Operating System more secure." Implementing this should be an interesting challenge.
Looking for help with Fedora ElectionsThe Fedora project is looking for people to help out with the elections that are coming up later this month. "Helping out with this elections process is a great opportunity to get started as a free software contributor, especially if you're unable or prefer not to write code."
Fedora 15 Release NameThe release name for Fedora 15 has been selected. It is Lovelock.
SUSE Linux and openSUSE openSUSE Conference big successJos Poortvliet reports on the success of this year's openSUSE Conference. ""Collaboration Across Borders" - Under this moto the openSUSE Community received in Nuremberg several hundreds of Free Software enthusiasts and contributors. Giving a strong statement to it's moto, the openSUSE Conference received ambassadors from the Fedora Project and Debian Project as well as people from Mandriva/Mageia, Slackware, Skolelinux and many other distributions. Moreover, many downstream projects presented their work, seeking cooperation with the openSUSE community."
openSUSE Conference results overviewAndreas Jaeger presents an overview of the recent openSUSE Conference. Links to additional resources are included for the tracks and the overall conference results.
Ubuntu family A short summary of UDS-NAllison Randal wraps up the recent Ubuntu Developer Summit for the Natty Narwhal release. "We had a productive and fun week at UDS-N! Thanks to all who participated on-site and remotely, or contributed ideas in advance on the list. To help navigate the information overload, here are some important highlights from the summit."
Live from UDS (Linux.com)Gerry Carr, head of platform marketing at Canonical, has been blogging live from UDS (Ubuntu Developer Summit) at Linux.com. Here's Day 1, Day 2, Day 3, Day 4, and Day 5.
Minutes from the Ubuntu Technical Board meeting, 2010-11-02Click below for the minutes from the November 2 meeting of the Technical Board. Topics include Dynamic "per package upload permissions" for Debian Developers and a micro release exception request for Chromium.
New Distributions MintPPCMintPPC is a Linux distribution for 32-bit PowerPC computers. It is based on Linux Mint LXDE, ported to Debian/PPC. The idea behind MintPPC is to have a fast good looking lightweight desktop manager, which runs well on older G3 and G4 machines. It aims to be easy to use and complete. MintPPC is not affiliated with Linux Mint but it uses the same underlying source code. MintPPC was first released as Linux Mint LXDE Debian Lenny in May 2010. MintPPC 9, based on Linux Mint LXDE 9 (Isadora) and Debian Squeeze is now available.
Newsletters and articles of interest Distribution newsletters
Fedora 14 Dives Deeply into Memory DebuggingRed Hat News continues its series on Fedora 14 with this article looking at some of the developer tools in this release. "Another innovation anticipated in Fedora 14 builds on the Python scriptability Red Hat engineers contributed to GDB. This capability allows developers to create new and richer functionality for this powerful debugger. The new GDB "heap" command, for instance, helps a developer dive down into the memory that is allocated for use by a program."
Fedora 14 Has Its Head in the CloudRed Hat News takes a look at the availability of Fedora 14 for use with Amazon EC2. ""Offering Fedora on Amazon EC2 is a way to to deploy Fedora on a wider scale. Anyone will be able to have multiple Fedora virtual machines at his or her fingertips quickly," said Garrett Holmstrom, a Fedora Cloud SIG community member. "On the opposite end of the spectrum, this will give faster and easier access to a dedicated Fedora instance that is accessible from anywhere in the world. People without persistent Internet access will be able to host their web sites using Fedora. Anyone will be able to try out Fedora from a server perspective without needing to install, boot, or even download it themselves.""
Page editor: Rebecca Sobol Development Wine gets better, but not perfect, with ageThe Wine project doesn't get the kind of attention it used to, but the project is still chipping away at being compatible with the majority of Windows applications. One one hand, Wine faces a moving target in keeping up with changes to Microsoft's platforms. On the other, Wine has become less relevant to users in the face of virtualization. Despite the challenges and competition, Wine still is still proving successful as a project and as a commercial venture. The Wine Project recently released the stable 1.2.1 and unstable 1.3.5 branches with a number of fixes and new features. Like its namesake, Wine has continued to improve with age. A look at the most recent vintage, however, shows that the project still has a long way to go before it's ready to tackle any and all Windows applications. Wine was once widely considered a very important piece of software for the success of Linux on the desktop. The theory being that if users could run Windows applications more or less flawlessly on Linux, it would encourage people to switch. Assuming an application runs under Wine, it would even have advantages over Windows because one could leverage the strong points of Unix/Linux with a popular Windows application. That hasn't quite worked out as planned, though. Wine has been a useful tool for many users, but its adoption and influence on the spread of Linux has been fairly limited. After nearly 17 years of development, running Windows applications on Wine is still tricky business. Some applications and games run flawlessly, while others run only with several tweaks. In testing Wine 1.2.1 and Wine 1.3.5, a few applications installed and ran without any problems — like Notepad++ and Evernote. As CodeWeavers founder and CEO Jeremy White says, "we've hit a point where you have a better than 50/50 chance of your app working. And if your app is simple/small enough, there is a good chance it will work perfectly." And that seems accurate. In testing some other big and complex applications, there was little joy to be had. Microsoft Office 2010, for instance, doesn't get past the the installer. Safari for Windows fails immediately after installation, and the Internet Explorer beta fails as well. Internet Explorer 8 installs, but does not work correctly. This is not to fault the Wine developers too much, however. The fact that complex Windows applications run at all is a commendable feat. Seeing a Windows application like Evernote running flawlessly on Linux is deeply impressive. But it's not necessarily useful if a user wishes to run Word 2010 instead. Commercial variants and concerns for WinePart of the challenge with Wine is that it's very capable, but complex to configure. Users who are willing to spend the time and effort can make many applications run that don't run "out of the box." To that end, several commercial offerings have developed over the years to help users more easily harness Wine. First and foremost, there's CodeWeavers, which does the bulk of development work on Wine and employs its lead developer, Alexandre Julliard as CTO. There's also Cedega, which is developed by TransGaming off a fork of Wine created in 2000. TransGaming has not been a significant contributor to Wine, and has gone so far as to ask projects not to make it easier to build from their CVS tree. CodeWeavers, on the other hand, has been extremely generous to the Wine Project and community. White says that it's company policy for "all work [to] go into Wine *first*." He does acknowledge that there are a few differences between CodeWeavers Wine and the Wine Project, but not many. "CrossOver has a few proprietary hacks^H^H^H^H^Hadvantages that enable specific applications (e.g. MS Office) to function better, but by and large the code base is identical." If you're hearing less about Wine these days, it's probably because most users now turn to virtualization instead of emulation to run Windows applications. White says "candidly, virtualization is kicking our rear end. In the Mac space, we're probably outsold 25 or more to 1 by things like VMware and Parallels, even when Wine would run a given user's application." White acknowledges that virtualization has an advantage in that it works "in a predictable fashion," and says users have "a really hard time accepting and working within" Wine's limitations. The other factor working against Wine is the sheer ubiquity of virtualization and the fact that today's desktop and laptop computers can comfortably run two or three OSes without a significant performance cost. Still, White says it's frustrating that more users don't at least try Wine to see if their applications will run. "I always hate when someone jumps to use virtualization without ever having tried Wine or CrossOver. This probably flows from the fact that we're a technology company, with a passion for Free Software; if we had instead a passion for Marketing, we'd probably be in better shape..." What kind of shape is CodeWeavers in? The company probably won't be raking in Apple-sized revenue anytime soon, but White says that CodeWeavers is doing well. "Of course, you always think you can do better, but we're doing well." The business comes from a split of individual subscriptions and businesses. White says "a bit more" than half comes from individuals, and a "very nicely growing business doing ports; using Wine and CrossOver to do a very fast port can be a great business case." Though Wine has been considered a major application for Linux, much of the revenue that's supporting Wine development is coming from Mac users. White says that "the Mac business is now a bit more than half of our business as well. That's good for Linux — without that revenue, we wouldn't have been able to contribute as much to Wine lately as we've been able to." Where Wine is goingFor CodeWeavers, White says the company will put emphasis on its porting services for Windows applications in the near future. What's on the horizon for Wine 1.4? Firm release criteria haven't been set, according to the Wine wiki but unfinished release criteria from 1.2 indicate several priorities. One is the implementation of Direct3D 10 for DirectX, and fixing a mouse problem in the interaction between X11 and Wine/Windows applications that means Wine has to fake the position of the mouse by calculating the difference between its absolute position and how far it's moved. This is a problem when the mouse moves to a window not controlled by Wine. Another target is to ship Mono with Wine to run .Net applications. The project, or at least Andre Hentschel, is also working on ARM processor support, which first shipped in 1.3.4, which might be important for ARM-based netbooks. Interested in helping with Wine development? The project has an extensive TODO list and docs on how to become a developer. They even have a list of "fun" projects. Though Wine doesn't seem to be the Holy Grail to pave the way for widespread desktop usage of Linux, it still plays an important role for quite a few users. Given the continually shifting and changing Windows platform that the Wine Project has had to target, the current state of Wine is very impressive. It will probably never achieve 100% compatibility, but it does many things very well and means that many users need not pay Microsoft for Windows licenses they don't want in order to use a few Windows-only applications.
Brief items Quotes of the week
We stand at a corner of FOSS history, where the realization that
projects led by one vendor only tend to fail, unless the vendor
itself puts others in charge of the projects and gives free reins
to its community. Look at what's happening with Fedora with respect
to its ditching of copyright assignments. Experiences in other
projects show that the "protection" that such assignments provide
is at best minimal, and most of the times quickly abused, most of
the time by its steward.
-- Charles-H Schulz
Let's merge Qt and the KDE development platform. Let's put all KDE
libraries, support libraries, platform modules into Qt, remove the
redundancies in Qt, and polish it into one nice consistent set of
APIs, providing both, the wonderful KDE integration, consistency
and convenience, as well as the simplicity and portability of the
Qt platform.
-- Cornelius Schumacher
GParted 0.7.0 ReleasedGParted 0.7.0 has been released. "GParted is the Gnome Partition Editor for creating, reorganizing, and deleting disk partitions." Along with bug fixes, the major new feature in this release is support for the btrfs filesystem.
KDE Community Ships November UpdatesKDE has released version 4.5.3, with updates to the Plasma Desktop and Netbook workspaces, the KDE Applications and the KDE Platform. This release contains bugfixes and translation updates for the KDE 4.5 series.
libguestfs 1.6.0 has been releasedThe latest stable release of libguestfs, version 1.6.0, has been released. "libguestfs is tools and a library for accessing and modifying virtual machine disk images." Many new features have been added including a 4-5x performance boost when creating appliances, support for LUKS whole-disk encryption in guests, PHP bindings, copy-in and copy-out commands for recursively copying files and directories, and more. There are also two security fixes in the release.
monotone 0.99 releasedVersion 0.99 of the monotone source code management system has been released. New features include reworked selectors, a new URI syntax, a cleaned-up command-line interface, new automate commands, and more. The 1.0 release, which will contain only bug fixes on top of 0.99, is expected by the end of the year. Note that this release has one serious bug which affects 64-bit users.
notmuch release 0.4 now availableAfter a long break, we have a new release of the notmuch mail client. "It may sound foolhardy, but I really would like to have releases happen as often as once per week. My plan is to start each week by simply looking to see if new code has landed, and if so, push it out in a new release. Let's see how well that works. In the meantime, enjoy this release which provides some important new command-line functionality, (notmuch search --output, notmuch show --format=mbox), lots of emacs interfaces (all sent messages now saved to mail store by default), and one fairly critical bug fix (avoid a possibility for a corrupt database if "notmuch new" is interrupted)."
pixman major release 0.20.0 now availableVerion 0.20.0 of pixman, the "pixel-manipulation library for X and cairo" is now available. This is a major release with improvements to radial, conical, and large linear gradient rendering, as well as performance improvements for image scaling, affine transformations, ARM NEON, and SSE2.
PyQt v4.8.1 ReleasedPyQt 4.8.1 has been released. "PyQt is a comprehensive set of bindings for the Qt application and UI framework from Nokia. It supports the same platforms as Qt (Windows, Linux and MacOS/X). " It supports Python v2.3 and higher, including Python v3. "The highlight of this release is full support for Qt v4.7.0 including the ability to integrate Python with QML, the new declarative markup language for building highly dynamic user interfaces."
Rockbox 3.7 releasedThe Rockbox 3.7 release is available. There's a long list of new features, including support for more platforms, a number of new plugins, WMA Pro codec support, and more.
VP8 codec SDK "Aylesbury" releasedThe VP8 codec SDK—the codec used by WebM—has been released. Also known as libvpx, "Aylesbury" is the first of planned quarterly releases.
For Aylesbury the theme was faster decoder, better encoder. We used our May 19, 2010 launch release of libvpx as the benchmark. We're very happy with the results (see graphs below):
Newsletters and articles Development newsletters from the last week
Page editor: Jonathan Corbet Announcements Non-Commercial announcements Stormy Peters: Changing rolesStormy Peters has announced that she is leaving her position as the executive director of the GNOME Foundation. "I'm going to Mozilla to head up their developer engagement program, focused on the open web! As many of you know, I think we have a complete free and open source solution for the desktop but we still have a lot of work to do on the web. Many of us now depend on web applications that are not only not free but don't even let us download and protect our own data in reasonable ways. Working on developer engagement at Mozilla will let me dedicate more of my resources to making sure developers have the tools and knowledge they need to create applications on the open web."
GNOME Project Receives $15,000 for Accessibility WorkThe GNOME Project has received two grants for a total of $15,000 from Mozilla and from the F123.org-Mais Diferenças partnership for accessibility work. "Mozilla has once again stepped up to support GNOME accessibility (a11y) work with a $10,000 grant. The F123-Mais Diferenças partnership has awarded a grant of $5,000 in total. This is the second accessibility grant that GNOME has received from Mozilla in the 2010 calendar year."
China Mobile Goes All in on LinuxTelecom operator China Mobile has joined the Linux Foundation, becoming the first Chinese enterprise to do so. "China Mobile is the world's largest telecom operator by market value. It also ranks as the largest carrier in the world in terms of customer base and the scale of its network, through which it provides mobile services including voice data, IP telephony and multimedia. China Mobile has recently been investing in Linux, in its OPhone mobile operating system, and has developed a cloud computing system based on open source software. Its membership in The Linux Foundation shows its further commitment to the Linux platform."
FSFE seeks to end non-free advertisementsThe Free Software Foundation Europe started a campaign a month ago to get rid of advertisements for non-free software on public websites. Click below for a progress report. "But the FSFE won't stop with a list of institutions. In the coming weeks, FSFE will send letters to the institutions to draw their attention to their unfair advertising. In the name of the signatories of the petition, FSFE will ask the institutions to either remove any recommendation for non-free software from their website, or give a choice of several programs."
Commercial announcements Band from Vienna publishes album produced with Free SoftwareThe band XBloome from Vienna has announced their third album, "X marks the spot". "As maybe the first album ever, "X marks the spot" was produced exclusively using Free Software (Open Source) and without a professional studio or graphic designers. With this 'proof of concept' album, XBloome have debunked several prejudices about feasability, professionality and quality of free and self-made productions."
Articles of interest Open vs closed source software: The quest for balance (Voxeu.org)This article on Voxeu.org explores recent studies suggesting that open source (OSS) and proprietary software (CSS) strengthen each other and should co-exist. "Furthermore, von Engelhardt and Maurer (2010) provide an important clue to choosing this mix. They point out that the existence of CSS code increases OSS output and vice versa. To see why, consider an all-OSS world in which each company offers consumers exactly the same shared code as every other company. By definition no company can then compete by writing more OSS code than its rivals. This lack of competition suppresses code production for the same reason that cartels suppress output. Conversely, a wide range of generic models predict that software production should peak when roughly 15% to 20% of all companies adopt OSS methods." (Thanks to Alex Burr)
Community Rights and Community Wrongs (The Standards Blog)Andy Updegrove argues that Free/Open Source licenses are not enough to protect free/open source projects. "As recent events have demonstrated, the powers of developers are limited when compared to the power of a Fortune 500 company, like Oracle, if that company does not care whether independent developers continue to support the projects that it acquired. What developers are now realizing is that the license-based action options of large and diverse pools of code contributors are difficult to pursue, and not necessarily very attractive."
Fork off: mass exodus from OOo as contributors join LibreOffice (ars technica)Ars technica looks at the growing support for LibreOffice. "The OpenOffice.org (OOo) community has declared independence from Oracle as members have joined the LibreOffice project, a fork of the open source office suite. In an open letter published on the OOo mailing list, a group of over 30 contributors affirmed their intention to abandon Oracle's code base in favor of LibreOffice. They say that the fork's more inclusive environment and community-driven management offer a powerful opportunity to advance the software."
Resources The Linux Foundation's compliance checklistThe Linux Foundation has announced the publication of a license compliance checklist for companies. "Companies can use the Self-Assessment Checklist confidentially to assess progress in implementing a rigorous open source compliance process. The checklist can help you prioritize process improvement efforts on the areas of greatest payoff. You can also use the checklist during supplier selection to assess a supplier's compliance practices and gauge the likely reliability of its open source disclosures." Registration is required to download the actual checklist.
Calls for Presentations Linux Audio Conference - Call for ParticipationThe Linux Audio Conference 2011 will take place May 6-8, 2011 in Maynooth, Ireland. Paper-submission, call-for-music and registration are now open.
PostgreSQL@FOSDEM 2011 - Call for talksThe PostgreSQL project will have a devroom at FOSDEM (February 5-6, 2011). "We're looking for developers, users and contributors to submit talks for inclusion on the program. Any topic related to PostgreSQL is acceptable as long as it is non-commercial in nature." Submission deadline is December 20, 2010.
Upcoming Events O'Reilly Announces Global Ignite Week 2011O'Reilly Media has announced Global Ignite Week 2011. "From February 7-11, over 100 cities will host community-powered Ignite events attended by upwards of 12,000 technologists, entrepreneurs, DIYers, and creative professionals on at least six continents. Participating cities include Seattle, Boston, Phoenix, Mumbai, Manila, Bucharest, Amsterdam, Bristol, Sydney, and Wellington."
Events: November 11, 2010 to January 10, 2011The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it.
Page editor: Rebecca Sobol
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Group photo]](/images/2010/ks2010-sm.jpg)