LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Announcements
->Multipage format
This page
Previous weekFollowing week
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for December 22, 2011Happy Holidays from LWNWelcome to the final LWN.net Weekly Edition for 2011. This issue contains some of our traditional backward-looking content, including the final installment on the 2011 timeline and a review of our predictions from January. Readers will also find our usual mix of kernel content, a look at openSUSE's struggles with its systemd transition, the GNOME accessibility challenge, and even a look at an alternative search engine.As is also traditional, we will be taking the final week of the year off from our usual publication schedule, so the next Weekly Edition will come out on January 5, 2012. There will be occasional daily updates during the break, but the news is usually slow in coming during that time, so updates will not come at a great pace either. We wish all of our readers a happy and restful holiday period, and we look forward to seeing you all again in 2012. Thanks for supporting LWN through another great year!
A look back at 2011It is that time of year again: your editor, having, as usual, delayed engaging with that whole "holiday shopping" thing until the last minute, can be counted on to be rather more grumpy than usual. Clearly what is needed is some comic relief, and there are few things more comic than a critical look back at the predictions made at the beginning of the year. As usual, some of those predictions worked out, while others proved to be badly wrong indeed; still others should have been made but were not.Things got off to a reasonably good start (prediction wise) with the assertion that the LibreOffice project would take off, while OpenOffice would languish. LibreOffice has, indeed, been successful in attracting developers, building enthusiasm, and getting the releases out; the project's fund-raising drive early in the year was highly successful. Distributors are picking it up almost universally; it is clearly a project that will be around for the long haul. What your editor didn't foresee was that Oracle would simply give up on OpenOffice.org and cast it off to "the community." The new project has struggled to come to terms with "the Apache way," review the licensing of all the code (eliminating non-Apache-compatible code along the way), figure out its mailing lists and web sites, and set up a working governance model. There have been no OpenOffice.org releases since 3.3.0 came out in January, 2011. This project hopes to start making releases again in early 2012; how many people will care remains to be seen. The thought that Mageia and IllumOS would do less well than they would have liked seems to have been mostly correct. Mageia did manage to get a release out, and it does have a dedicated core of developers, but things are moving slowly and adoption appears to be small. The Mageia developers continue their work, though, and a second release is in alpha test as of this writing. Meanwhile, traffic on the IllumOS lists has dwindled. IllumOS has developed some commercial life in the form of SmartOS, which includes a port of the KVM virtualization subsystem - your editor did not see that one coming. There is no real way to tell how well SmartOS is doing at this point. The predictions confidently claimed that MeeGo would be a surprisingly big success in 2011, which would meanwhile be an iffy year for WebOS. The WebOS prediction was just about right, clearly showing that your editor's crystal ball is still in good working order; there's no need to talk about that other prediction at all. It was indeed a "make or break" year for WebOS, with a heavy emphasis on the "break" part, though the decision to open-source it may yet give WebOS another life. So let's just think about WebOS and pay no attention to that MeeGo behind the curtain... Oh, OK, might as well rub it in. Perhaps it's true that your editor is dense enough to have been the only one to not see the "Elopcalypse" coming; once Nokia decided to go with Microsoft, any possibility of MeeGo continuing as a shared project came to an end. In truth, the seeds of MeeGo's demise may have been sown long before; Intel and Nokia seemed to have widely differing views on where that project should go. It is a shame; your editor still believes that MeeGo was a project with the potential to do great things. But that story appears to be at an end; "Tizen" may yet surprise us, but it would be a big surprise indeed. Did Google become a "major kernel contributor" as predicted in January? Since the release of 2.6.37 on January 4, Google has contributed 789 changes to the kernel - 1.6% of the total. That makes it the 13th biggest contributor of changes, ahead of companies like AMD, Microsoft and Oracle, but behind Nokia and Samsung. The numbers for 2010 (technically, 2.6.32-2.6.37, so just over one year) were 489 changes, 1.0% of the total. So Google has indeed increased its contributions, but your editor would like to believe that there is a lot more to come. ChromeOS was predicted to struggle in 2011. Some "Chromebooks" have found their way to the market, but ChromeOS has not, yet, taken the computing world by storm. Your editor predicted huge legal battles - a fairly easy prediction to make. Even so, your editor cannot claim to have foreseen just how bad the mobile patent wars would get. The thought that we might see a Stuxnet-like attack against Linux systems hasn't become reality - that we know about, anyway - even though the Linux community did endure some severe security-related problems this year. Alas, the hopeful thought that we would see a free driver for an embedded graphics chipset proved to be too hopeful; the slowly-improving gma500 driver in the staging tree doesn't quite count. What about the prediction that the tension between providing stable code and providing leading-edge code would increase? That one is hard to judge. The big fights within Fedora that inspired that prediction would appear to have simmered down without slowing Fedora's tendency to ship very new stuff. If one reinterprets the prediction as applying to the tension between "the way we've always done it" and new subsystems embodying new ideas, then the prediction certainly held true in 2011. Yes, that must certainly have been what your editor was trying to say. January's predictions finished out with a couple of ideas, the first being that openSUSE would adopt ultra-stable and leading-edge variants. On the stable side, the "Evergreen" project seems to be getting off to a slow start. The rolling "Tumbleweed" distribution, instead, has been active for some time and seems to have a small core of users. The final prediction was that business models depending on control over the code - things like "open core" and those based on copyright assignments - would fade away. It's not really clear that this has happened, but one can at least say that copyright assignment policies do not have the best reputation at the moment. So what did the January predictions miss entirely? One obvious candidate is the GNOME 3.0 release and the firestorm of criticism that followed it. At the end of the year, it would appear that the worst of that storm has passed; the 3.2 release has earned a better reception than its predecessor. Hopefully the GNOME project will be able to continue to woo back the users it has lost while gaining the large numbers of new users they hope for.
Predicting continued success for Android would have been an easy home run.
Even so, it would have been hard to imagine a world where Your editor predicted the demise of the big kernel lock in 2010 - just a bit ahead of his time, as usual. That prediction was not repeated this year, which was a mistake: the actual demise of the BKL came with 2.6.39 in 2011 - not a moment too soon. All told, it was a year with a lot of big ups and downs. Some things went poorly, to the point that some commentators have written the whole year off as a bad one. But one need not look too hard to realize that the free software community got a lot done in 2011, that it is as strong and vibrant as ever, and that we are poised to push even further in 2012. Legal hassles, failing projects, and clueless companies are nothing new. We have dealt with them before; there will be more of them to deal with in the future. None of these challenges have really slowed us down thus far; there is every reason to believe we will be equally successful in the future.
DuckDuckGo: A privacy-conscious search engineThe recent release of Linux Mint 12 surprised many by using the little-known DuckDuckGo (DDG) as its default search engine. Through a confidential agreement, Linux Mint will "share the revenue generated by the sponsored links" when users click on them using DDG. That arrangement is a creative way to help fund the distribution. On the other side, though, readers may wonder why, when Google, Yahoo!, and Bing so thoroughly dominate search engines, is DDG developing another one? DDG founder Gabriel Weinberg has a ready answer:
"[There are] things we think the bigger search engines don't do well for a
variety of
reasons (generally not technical, but legal, business, and cultural). These
areas of focus have been: way more instant answers, way less spam, real
privacy, and a less cluttered user interface.
Add an emphasis on using free software and being a good citizen within the community, and perhaps DDG has a chance to prosper, even though its 12 million searches per month are next to nothing compared to the December 2009 figures for some of the larger players: 88 billion for Google and 9.4 billion for Yahoo!. An MIT graduate with a master's degree from the Technology and Policy Program, Weinberg is a small-time angel investor with a strong interest in companies powered by open source technologies. Four years ago, he founded DDG, which has grown slowly to three employees, a number of part-time-contributors, and what he calls the "growing open source wing" of about twenty collaborators. Anticipating market directionsAccording to one of his blog entries in which he discusses his various investment strategies, Weinberg's approach with DDG is "to work within a big market and concentrate on where you think it is headed." Part of what this approach means is that DDG tries to improve the results returned on a search. Lacking the resources to do all its own web crawling, DDG relies on fifty other sites for its results, including Yahoo! and Bing, as well as more specialized sites. To a limited extent, users can control which sites are used through the combo box to the right of the search field, choosing, for example, to use Bing or Google for image searches. Users can also choose whether to order results by date or alphabetical order. Weinberg continued:
We believe that for any given search, there is usually a vertical search
engine out there (or API or data set) that does a better job at answering
that query than a general search engine. Our
long term goal is to get you information from that best source, ideally in
instant answer form.
From the initial results, DDG filters ad-heavy portal sites and presents results without bubbling — that is, ordering results in light of your previous searches. In fact, DDG claims that, unlike larger search engines, it doesn't collect information about user's searches at all. Instead, it attempts to order results by crowdsourcing, just as YaCy, another new and small search engine does. In fact, DDG makes some efforts to protect user privacy and to educate users about why they should care about privacy. Although no details are given, DDG claims to redirect a search request "in such a way so that it does not send your search terms to other sites. The other sites will still know that you visited them, but they will not know what search you entered beforehand." In addition, DDG uses an HTTPS version of a site when one is available. Weinberg described these features as offering users "real choice," adding:
Previously, there haven't been many real choices when it comes to
protecting privacy online. You could either disengage completely (not a
great option) or decide to give up significant privacy (another not great
option). We've taken it over as part of our mission to both a) help educate
people on issues and b) give people real control over their privacy, and
thus a real choice when it comes to search privacy.
Searches support the syntax users may know from other search engines, such as the use of quotations mark to search for an exact phrase, or a minus sign to exclude results that contain a specific word or phrase. Users can also filter results by toggling "safe search" or "meanings" (provides choices for ambiguous terms) settings, or using the region setting to filter results for increased relevance. By default, search results are topped with a red box, the so-called "zero click" or "instant answer" feature which tries to place the most important result first. When searching for a concept, the red box result might be a link to the basic definition; for a person, to their blog or web page. To the right of the red box, a list of suggestions for refining the search appears. Should the query have more than one meaning, suggestions similar to the disambiguation pages on Wikipedia are given. Another feature of DDG is !bang searches: automatic searches, somewhat similar to Google's "site:" searches, which are available for common sites like Amazon or YouTube. For instance, if you enter "!youtube pogues," DDG shows you the results on YouTube for The Pogues, saving you several additional clicks. Similarly, you could specify !openstreetmap at the start of your search to get results from OpenStreetMap or !monster to search Monster for a job description. These !bang searches include a wide variety of different categories, such as major corporations, domains, programming languages, shopping sites, tech domains, research topics, news, and online services. The only problem is that, if you haven't memorized a supported !bang search, you either have to take a chance that your site of choice is supported, or else look it up on the DDG site. DDG also includes the ability to do calculations, measurement and currency conversions, and to answer direct questions on weather, food, geography, and time-related topics such as tides or sunrises in a specific location. Also included on DDG is a small number of apps, as well as popup how-tos about adding DDG to common browsers. Many of these features, such as the ability to do calculations, are paralleled in major search engines. Others are unique to DDG. However, what stands out is not any particular feature so much as the total number of them. For some reason, DDG lacks a summary of total results, which is often used as a rough indication of a topic's importance (and for ego surfing), but, otherwise, the main drawback is that taking advantage of DDG's features requires a willingness to learn — a willingness that might be lacking in many who are only mildly curious about such a niche service. Interacting with the open source communityDDG has always relied on free software, as it is written in Perl and JavaScript, runs on FreeBSD, and uses nginx for a web server. However, according to Weinberg, DDG "started out as closed source and is slowly becoming more and more open source. We've been making much of our new pieces completely open source." These new pieces include the upcoming community platform, which Weinberg describes as a collection of "tools for communities to use to help participate." So far, the tools include a translation interface and a server for Extensible Messaging and Presence Protocol (XMPP), with "a data store to store settings and URL shortener" expected to follow. DDG is also encouraging contributions to expand and improve DDG's zero-click info repos, the source of the material in the red boxes at the top of search results. "As these contributions increase, the percentage of DDG that is open source is going up. I'm not sure about becoming completely open source for a variety of reasons (spam paramount among them), but we are certainly thinking about [the possibility]," Weinberg said. Even if DDG does not become completely free, Weinberg emphasized his determination to use free software "as much as possible." In particular, referring to DDG's multiple sources for results, he suggests that the use of free software is directly related to the availability of expert results: "If you know an esoteric piece of the query space really well, you should be able to develop for it." In other words, using free software not only produces more specialized sources, but also indirectly increases the accuracy and usefulness of DDG's results. Similarly, asked to comment on Katherine Noyes's suggestion that taking results from Microsoft's Bing might deliver results with an anti-open source bias to Linux Mint users, Weinberg pointed out that Bing is only one of over fifty sources. "I haven't seen any compelling evidence that we're biased against open source," Weinberg said. "And in fact, we're working on ways to essentially do the opposite." For example, DDG already uses Ask Ubuntu as a source for technical results, and is currently working on tighter integration with alternativeTo in order to increase the accuracy of free-software related queries. In return for bootstrapping off free software, Weinberg said, he would "very much like to help start a movement where companies that use open source give back in systematic ways to those communities." As a preliminary effort, he has established Foss tithe, a site on which corporate owners can pledge to donate a percentage of their net income to the community. The suggested tithe is ten percent. So far, only one other company (search [co.de]) has pledged to tithe, and Weinberg himself has not done much to develop the idea. However, he has made his own tithe, with half the donation decided upon by him and half by the DDG community. In 2010, for the corporate portion, he chose to give $482 to nginx and $475 to FreeBSD, two projects that he described as "an integral part of our architecture." Choosing security and privacy as a donation theme, the DDG community chose to donate $238 to each of Tor, Clamwin, Tahoe-LAFS, and OpenSSH. Whether DDG will ever be a major contender among search engines is doubtful. A buyout by a larger competitor is an obvious possibility, though it is unclear whether DDG's privacy policies and options would survive such an event. However, by seeking out closer ties with free and open source software, DuckDuckGo might just find itself the search engine of choice among a small, dedicated group of users with enough knowledge to appreciate its philosophy and features. That could be a path to success and financial sustainability for a smaller search engine like DDG.
2011 Linux and free software timeline - Q4Here is LWN's fourteenth annual timeline of significant events in the Linux and free software world for the year. We broke the timeline up into quarters, and this is our report on the final quarter, October-December 2011, though there may be an addition or two for December. The previous quarters can be found as follows: This is version 0.8 of the 2011 timeline. There are almost certainly some errors or omissions; if you find any, please send them to timeline@lwn.net. LWN subscribers have paid for the development of this timeline, along with previous timelines and the weekly editions. If you like what you see here, or elsewhere on the site, please consider subscribing to LWN. For those with a nostalgic bent, our timeline index page has links to the previous thirteen timelines and some other retrospective articles going all the way back to 1998.
Red Hat acquires Gluster, the makers of the open source GlusterFS (press release).
XML - the kudzu of the internet.
A rootkit that is alleged to be used for surveillance by the German government is analyzed by the Chaos Computer Club (CCC report, LWN blurb). WineHQ database is compromised leading to the exposure of users' encrypted passwords (announcement, LWN blurb).
openSUSE announces the first release of its openQA distribution testing
tool (announcement,
LWN article).
ownCloud 2 is released; ownCloud is a free cloud storage and synchronization web application (announcement).
So you need another heuristic to handle that, and of course "heuristic" is
an ancient african word meaning "maybe bonghits will make this problem more
tractable".
Plasma Active One, the KDE-based interface for touchscreen devices, is released (announcement, LWN article).
Samba changes its longstanding policy on corporate-copyrighted code,
which relaxes the requirement for personally copyrighted code (announcement, LWN look at the discussion from July).
Subversion 1.7.0 is released (announcement, release notes). The time zone database is briefly shut down due to copyright complaints from an astrology company (LWN blurb and article). KDE celebrates its 15th anniversary (reflections from Cornelius Schumacher, LWN article).
For a while people were promoting the idea that its good to be lenient in
what you accept as input and strict in what you send out. I think people
are starting to realize that was a horrid mistake since now they're getting
utter crap and people don't even know what right is anymore.
Ubuntu 11.10 ("Oneiric Ocelot") is released (announcement, release notes). Dennis Ritchie, of Unix and C fame, passes away (LWN blurb, Rob Pike's Google+ "obituary"). Linux 3.1 is released (announcement, KernelNewbies summary, A look at the 3.1 development cycle).
The 13th Realtime Linux Workshop is held in Prague, Czech Republic,
October 20-22 (Realtime minisummit
coverage, Proceedings).
The 2011 Kernel summit is held October 23-25 in Prague (LWN coverage).
Debian is pretty bad at making choices. Almost always, when faced with a
need to choose between alternative solutions for the same problem, we
choose all of them. For example, we support pretty much every init
implementation, various implementations of /bin/sh, and we even have at
least three entirely different kernels.
Lisp creator John McCarthy passes away at 84 (TechCrunch obituary). The second GStreamer conference is held in Prague, October 24-25 (LWN coverage: GStreamer 1.0 and 0.10 and Xiph.org). LinuxCon Europe is held in Prague, October 26-28 (LWN coverage: Kernel panel, UMMS, an audio/video abstraction layer and A btrfs update). The Embedded Linux Conference Europe is held in Prague, October 26-28 (LWN coverage: Till Jaeger on AVM vs. Cybits, The embedded long-term support initiative, and Sandboxing for automotive Linux; Conference videos).
OpenBSD 5.0 is released (release notes).
It's important not to show a smug expression on your face while printing if
users of non-Linux OSs are still dealing with driver CDs or vendor
downloads.
-- Don Marti The Trinity Desktop Environment releases 3.5.13 as a continuation of the KDE 3.5 series (announcement, LWN review).
Samba notes its first contribution from Microsoft employees, which
actually happened back in October (announcement).
Fedora 16 is released (announcement, release notes). Google announces the availability of the source code for Android 4.0 ("Ice Cream Sandwich"), after withholding the source to 3.x (announcement, LWN article).
They went out of their way to let researchers in, and now they're kicking
me out for doing research. I didn't have to report this bug. Some bad guy
could have found it instead and developed real malware.
-- Charlie Miller gets banned from Apple's developer program openSUSE 12.1 is released (announcement, release notes). AVM loses its case to restrict anyone from modifying the GPL-covered code in its routers (gpl-violations.org announcement). Barnes & Noble decries Microsoft's "trivial" patents used to fight Android (LWN blurb, Groklaw article).
A serious denial of service attack against BIND 9 is seen in the wild (ISC advisory).
I admire and respect the fact that you can make free software do exactly
what you want - that's precisely what I set out to support in founding
Ubuntu. What I did not set out to found was a project which pandered to the
needs of a few, at the cost to the many. Especially when the few can
perfectly well help themselves, and the many cannot.
Lennart Poettering and Kay Sievers unveil "the Journal" as an alternative to standard Linux unstructured logging; the announcement is not met with widespread acclaim (announcement, LWN article). YaCy, a peer-to-peer search engine, makes its 1.0 release (LWN article). Linux Mint 12 is released (announcement, LWN review). Cinepaint is resurrected and releases version 1.0 though it's rather unclear where the GIMP fork with support for 16 and 32 bits per channel will go from here (Libre Graphics World report).
Download.com is found to be bundling Nmap with adware/spyware for Windows users of the security scanner (announcement, update page).
Disclosing security vulnerabilities is good for security and good for
society, but vendors really hate it. It results in bad press, forces them
to spend money fixing vulnerabilities, and comes out of nowhere.
extensions.gnome.org launches as a site for GNOME Shell extensions
(announcement).
The LLVM compiler suite releases version 3.0 (announcement). The QEMU system emulator releases version 1.0 (announcement).
Ugh - and people continue to get exploited from a preventable,
fixable and already fixed VFS design flaw.
-- Ingo Molnar on the continued existence of symlink races
Facebook releases the HipHop virtual machine for faster PHP execution as
open source (announcement).
KDE announces the release of Plasma Active Two, the second iteration of its interface for touchscreen devices (announcement). Rockbox 3.10 is released on the tenth anniversary of the music player alternative firmware project (announcement).
Note that only a witless moron could ever actually be confused (rather
than simply annoyed) by "1 files". Unfortunately, we actually deal with
these witless morons on a daily basis: they're called computers. And as
it happens, they're actually much more likely to be confused by the
difference between "1 file" and "2 files", especially if we were to
switch to using the latter 6 years in.
-- Matt Mackall BT sues Google for patent infringement in Google Music and the Android Market (LWN blurb). CentOS 6.2 is released, right on the heels of RHEL 6.2 (announcement, release notes). The Android mainlining project is announced; progress is being made (announcement, LWN article).
Qt 4.8.0 is released (announcement).
Google and Mozilla agree to financial terms for Google to continue as the default Firefox search engine (announcement).
Security GNUnet adds VPN, direct wireless peering, and moreThe GNU project released version 0.9.0 of its GNUnet peer-to-peer (P2P) networking framework in late November. GNUnet allows users to create secure, decentralized P2P networks, akin to the technique used by Gnutella, in which every node is a peer with no central server coordinating the network. But GNUnet puts its emphasis on secure communication links and anonymity: when used for file-sharing, the files a user uploads to the network cannot be traced to their origin, and no one can monitor download activity. Version 0.9.0 breaks network compatibility with previous releases, but it also adds several architectural improvements, and is the first release to officially support an application other than file sharing. The birds-eye view of GNUnet makes it sound like yet another Napster clone, because the most easily understood use of P2P networks is sharing files — which many assume focuses on copyright-infringing media files. But GNUnet is more general; the project is interested in providing a secure network for people combating censorship or simply wishing to secure their own network traffic against prying eyes. Although sharing files is one use of a decentralized network, it is not the end goal. Privacy and anonymity are baked into the framework. Peers are identified solely by the SHA-512 hash of a public key; there is no mechanism to further identify anyone on the network — no usernames, or network-wide view of who is connected. Each peer keeps track of its connections to its neighbors, but the connection data is transient and regularly expires. Furthermore, when neighbors exchange messages, they use a mutually-authenticated, encrypted link (a separate link for each peer-to-peer pair). As long as a peer is being a good citizen and is helping to route traffic for the rest of the network, to any eavesdroppers the traffic that originates from the peer is hard to distinguish from traffic being routed between other hosts. In GNUnet's file-sharing application module, files uploaded by users are encoded using an encryption scheme called Encoding for Censorship-Resistant Sharing (ECRS). ECRS is independent from the link-level encryption, and splits file contents up into blocks that are distributed between the peers. This serves two purposes: fault-tolerance, and enabling faster transfers with Bittorrent-like multi-downloads. Whenever a file is uploaded, special "keyword" blocks associate its contents with potential search terms (which GNUnet refers to as "namespaces"). A distributed hash table keeps track of the namespaces and the files associated with them, so that users can search for files. On the down side, this setup means that all searches are probabilistic — there is no guarantee that a search query will turn up every chunk of the file you search for when you search for it. On the other hand, the GNUnet client software does not need to connect to the global network of all GNUnet users; it can also run in "Friend-to-Friend" mode to create a private network. In this mode, files uploaded are distributed and replicated in chunks only among the "friends," so the participants can speed up file transfers and enjoy a degree of fault-tolerance, all with a far better probability of finding the files they need available than they might in the global, distributed GNUnet network. Meet 0.9.0You can download GNUnet 0.9.0 from the GNU FTP site. There are separate source packages for the command-line GNUnet core and for the GTK+ GUI. As is generally the case with official GNU projects, the software is tested on Linux-based systems as well as FreeBSD, Mac OS X, and Windows — although one of the new features appears to work only on Linux. The configuration documentation is admirably thorough and is already update-to-date for 0.9.0. GNUnet depends on several other GNU projects, and this release requires some recent versions of some dependencies, so a quick check of the list is recommended. There are generic installation instructions as well, although the Autotools-based process is nothing out of the ordinary. The file-sharing module found in earlier releases is still provided, but version 0.9.0 is the first to provide another module: a virtual private network (VPN). The VPN module creates a virtual network interface on the client (named vpn-gnunet on Linux boxes), which the user can then use to route IP traffic over GNUnet. This traffic is encrypted between every pair of nodes and is anonymous, much like a Tor tunnel, and like Tor it requires that at least some peers act as "exit" nodes. GNUnet 0.9.0 introduces protocol changes that make it incompatible with 0.8.0 and earlier releases; in the release notes the project admits that this is inconvenient, but said that "productive development and readable code were considered more important." The protocol changes include a simplified peer-discovery message format (known as a "HELLO") and moving several of the required services (such as identity management and peer discovery) from separate plug-ins into a "core" module. A bigger architectural change in this release is a move to a multi-process model, with separate processes running data storage, peer messaging, and other services, along with a lightweight supervisor process (called the automatic restart manager or "ARM") overseeing all of the others. This removes the need to juggle mutexes and locks between a potentially large number of threads — which made earlier releases difficult to maintain — but it also opens the door to contributors writing GNUnet applications in languages other than C and C++. Last but by no means least, it should also make testing and debugging simpler. The new VPN system can actually do more than route basic IP traffic through GNUnet. It includes a DNS resolver configured to route the .gnunet pseudo-TLD to GNUnet, so it is possible to run GNUnet-only services by binding them to the GNUnet VPN virtual interface. The VPN module can also translate between IPv4 and IPv6 traffic, which makes it possible to use GNUnet to access IPv6 sites or applications from IPv4-only computers, and vice-versa. The project has a page of screencasts showcasing this feature; they use wget to fetch various sites over the VPN connection using several combinations of IPv4 and IPv6 networking. GNUnet's closest competitor in terms of features is probably Freenet, which also provides a decentralized, anonymous P2P network with encrypted traffic and storage. Like GNUnet, Freenet can function as a transport layer for applications beyond file-sharing, and already has several example applications in the wild. GNUnet points out a few differences between the frameworks on its site, the most notable of which is that GNUnet is capable of using any number of transport protocols. The list includes familiar application- and transport-layer options like TCP, UDP, HTTP, and HTTPS, but also the link-layer itself — starting with 0.9.0, GNUnet peers can talk to each other directly with 802.11 wireless LAN hardware, without going through an access point. The direct-over-WLAN code requires Linux (at least for the moment), and a supported WiFi card. It uses packet injection to exchange messages with other GNUnet WLAN peers, which requires a helper binary running with root privileges, but the technique allows the machine to remain connected to an access point at the same time. Currently the data rate is limited to around 1Mbps. 0.9.0 also improves GNUnet's peer discovery in some interesting ways. Users can bootstrap their connection to the wider GNUnet world by loading a list of hosts, but, starting with this release, GNUnet peers can also discover each other on the LAN with IPv4 broadcast messages and IPv6 multicast. Peers can also automatically traverse NAT using a variety of methods (including using Universal Plug and Play (UPnP) and ICMP hole punching). Finally, the project has made an effort to make this release more user-friendly to set up. As the cornucopia of protocols suggests, GNUnet is known for its flexibility, but that is not always simple to navigate. In addition to the connectivity settings, GNUnet can use MySQL, PostgreSQL, or SQLite for storage (both the long-term storage the user contributes to the distributed storage pool, and for the temporary data GNUnet keeps track of during a running session). The setup tool now automatically tests the network and database settings selected by the user and alerts if they do not work. Applications and all thatOn the surface, GNUnet's new functionality makes it more and more like Tor — namely through the availability of separate, anonymous in-network services. Practically speaking, GNUnet still lags behind both Tor and Freenet in terms of what is actually offered to end users; the other networks already support more applications. But GNUnet is making progress; in addition to the VPN code that debuted in 0.9.0, the developers have recently revived the dormant P2P chat application. At the technical level, GNUnet's main advantage over these other networks is the flexibility it offers in transport protocols — in the past, there were even more options, including a module to route traffic over SMTP (on the grounds that SMTP is rarely blocked by firewalls). Hopefully as the number of applications increases, we will see more and more uses for this flexible transport framework. Routing around censorship is one of the most important uses of this class of project, and the less flexible options — like Tor — are already beginning to be blocked in the wild.
Brief items Security quotes of the week
Biometrics will finally replace the password and thus redefine the word
"hack." Jokes aside, IBM believes multifactor biometrics will become
pervasive. "Biometric data-facial definitions, retinal scans, and voice
files-will be composited through software to build your DNA-unique online
password."
-- IBM
predicts the future
[...] "In five years, unsolicited advertisements may feel so personalized and relevant it may seem that spam is dead. At the same time, spam filters will be so precise you'll never be bothered by unwanted sales pitches again"
Before we fully release Whisper Systems' code to the public in the coming
months, we need to make sure it meets legal requirements and is consumable
by the open source community. The plan is to open source the code in an
iterative fashion, starting today with TextSecure, which
provides support for encrypted texts on Android devices. We hope
individuals will continue to find it useful and build upon it. If you have
any questions or suggestions, please use the Whisper Systems mailing list.
-- Twitter announces its plans for the newly acquired
Whisper Systems' code
[Konrad] Fellmann isn't surprised, based on his experience with
retailers. Weak passwords, such as "password," are one of the most common
things he discovers during POS [point-of-sale] penetration testing, he said. "Some people, you tell them what's required, and they'd rather not do it. They had the tools, and could have easily blocked [the attack]. If they were using a validated POS application, the vendor should provide an implementation plan, which would have included making sure you have a firewall in place." But, he said, "these people weren't thinking about point of sale security—they were just thinking about making a sandwich."
-- ars
technica reports on attacks against Subway customers' credit cards
Twitter releases TextSecureWhisper Systems, just acquired by Twitter, has announced that it has released TextSecure - an encrypted messaging client for Android - under GPLv3; the source is available on Github. "We've always been interested in the ability for individuals and organizations to communicate freely and securely. In the year and a half since Whisper Systems launched TextSecure, we've received an enormous amount of thanks, feedback, and encouraging stories from users who have employed TextSecure towards those ends. We hope that as an open source project, TextSecure will be able to reach even more people, with an even larger number of contributors working to make it a great product."
New vulnerabilities abrt: information disclosure
asterisk: multiple vulnerabilities
bzip2: insecure tmp file creation
dtc: multiple vulnerabilities
ejabberd: denial of service
libxml2: denial of service
lighttpd: denial of service and MITM vulnerabilities
mediawiki: multiple vulnerabilities
namazu: cross-site scripting
perl-PAR: insecure temporary file handling
phpMyAdmin: cross-site scripting
pidgin: multiple vulnerabilities
susestudio, kiwi: multiple vulnerabilities
tor: arbitrary code execution
xorg: restriction bypass
Page editor: Jake Edge Kernel development Brief items Kernel release statusThe current development kernel is 3.2-rc6, released on December 16. Linus was a bit grumpy about late merge requests, but sees the series calming down soon. "We're at -rc6 now, and while I can see myself doing an -rc7, I probably won't do an -rc8 unless something bad pops up. There doesn't seem to be any real reason to drag out this release any more, and we'll probably have the real 3.2 around new years."Stable updates: the 2.6.32.51, 3.0.14, and 3.1.6 stable kernels were released on December 21. Each contains another long list of important fixes; upgrading is recommended.
Quotes of the week
Hmm. This patch looks obviously correct. But it looks *so*
obviously correct that it just makes me suspicious.
-- Linus Torvalds
Nevertheless, being too afraid to stray from the beaten path
implies being too afraid to work on RCU. But there are times when
the RCU implementation needs a more sane approach. During those
times, I must find some other outlet for my insanity: To do
otherwise is to break RCU. Fortunately, this time around, an
appropriate outlet was readily available in the guise of Ubuntu's
new Unity window manager.
-- Paul McKenney
First version of kmod releasedA new library libkmod and set of tools (kmod-*) for handling kernel modules has been announced. The idea is to give early boot tools, installers, udev, and others an easy way to query and control kernel modules via a library, rather than using modprobe. "In a recent Linux Desktop (and also several embedded systems) when computer is booting up, udev is responsible for checking available hardware, creating device nodes under /dev (or at least configuring their permissions) and loading kernel modules for the available hardware. In a kernel from a distribution it's pretty common to put most of the things as modules. Udev reads the /sys filesystem to check the available hardware and tries to load the necessary modules. This translates in hundreds of calls to the modprobe binary, and in several of them just to know the module is already loaded, or it's in-kernel. With libkmod it's possible for udev with a few lines of code to do all the job, benefiting from the configurations and indexes already opened and parsed." The project also provides work-alike programs for insmod, lsmod, rmmod, and an incomplete version of modprobe that use libkmod, with plans to complete the set. (Thanks to Luis Felipe Strano Moraes.)
Pull requests with signed tagsOne of the ongoing echoes from the compromise of kernel.org is an increased interest in verifying the integrity of pull requests sent to Linus. One way of doing that is for the developer to add a cryptographic signature to the email containing the pull request. If the top commit ID is included in the message, the pull request (and the code it covers) can be authenticated, but the digital signature itself is not stored in the mainline repository, making it hard to re-verify requests at some future time.An alternative is to use git to create a signed tag, which stores the signature in the repository itself. In the future, that may become the accepted way to get code into the mainline. Linus has described some pending changes to git that make the capture and storage of that information simple. So simple, in fact, that there is no longer any need to worry about branches or unique tag names:
Everybody: you can now create a signed tag, and just point me at
it. You don't even have to have a separate branch for me to pull
any more, just the signed tag is fine.
So it would actually be nicer if you used temporary tag names the way you use temporary branch names when you ask me to pull. The tag *content* will be saved from now on (unless I screw up while traveling or something and pull with a machine that has an older git version), so there's very little advantage in then saving the tags separately by having ugly tag-names with long lifetimes. All of this evidently works now, with existing stable git releases; only the process of merging such a tag requires the newer code. So, soon, signed tags may be the standard way to identify changes to be pulled.
[CFP] Linux Storage, Filesystem & Memory Management Summit 2012The 2012 Linux Storage, Filesystem, and Memory Management Summit will be held on April 1 and 2 in San Francisco, California. The call for proposals for discussions has gone out, with a deadline of February 5.
Kernel development news Some numbers from the 3.2 development cycleThe 3.2 kernel development cycle always had the potential to be a little different. The prolonged kernel.org outage had left a number of subsystem trees scrambling for new homes; that led to a delayed opening of the merge window. The actual merging of changes happened mostly during the Kernel Summit in Prague. And, even before the normal process got disrupted, this looked like a more than usually active cycle. Despite these challenges, the 3.2 kernel process seems to have worked pretty much as it usually does once it got started.As of this writing (just after the release of 3.2-rc6), some 11,655 non-merge changesets have been pulled into the mainline kernel; these changesets were contributed by 1,289 developers. At that count, 3.2 is the fourth largest development cycle ever. Chances are good that it will surpass 2.6.29 (11,678 changes) to move up to the number-three position; getting past 2.6.30 (11,989) seems harder - if not impossible - at this point, while passing 2.6.25 (12,243) to become the busiest cycle ever seems quite unlikely. If we want to set a new record for changes merged, we're going to have to try harder. A lot of code was removed in this cycle, so the total growth of the kernel was 176,000 lines - a relatively modest number. The most active developers this time around were:
Larry Finger put a vast amount of work into cleaning up the rtl8192e driver in the staging tree, making it quite a bit smaller in the process. Paul Gortmaker split the EXPORT_SYMBOL* macros into <linux/export.h>; after that, many files no longer needed to include <linux/module.h>. The real advantage of that kind of work, beyond minimizing the interactions between various parts of the kernel, is that it makes the kernel compilation process faster. Mark Brown, as usual, wrote or improved vast numbers of audio drivers. Axel Lin did a lot of cleanup work, mostly in the audio driver subsystem, while K. Y. Srinivasan continued the seemingly unending task of getting Microsoft's "hv" drivers ready to move into the mainline. Arend van Spriel topped the list of "lines changed" by moving the brcm80211 driver from staging into the mainline tree. One could argue that this change should be accounted as a rename (which doesn't change any lines), but it does not show up that way in the source history: one patch added the drivers to mainline, while a separate patch removed them from staging. Kalle Valo removed the ath6kl driver from staging, since support for this hardware had been added to the mainline "ath" driver; as a result, he topped the list of developers who removed the most code from the kernel. Larry Finger's work has already been mentioned. Roland Vossen worked hard on the brcm80211 cleanup, and Edwin Rong added a driver for the Realtek RTS5139 cardreader to the staging tree. The top five entries in the "lines changed" column are all thus related to the staging tree. Some have argued in the past that staging should be excluded from these statistics. There is a valid point behind those arguments, but it should also be noted that much of the activity this time was around movement of code from staging into the mainline. That suggests that staging is working the way it was intended to, and that work done there benefits the mainline in the end. 191 employers were identified as having supported work on the 3.2 kernel. Among those, the most active were:
Red Hat remains the top corporate submitter of patches to the kernel, but its lead looks less commanding than it once was. Meanwhile, companies like Texas Instruments and Samsung continue to increase their contributions to the kernel - embedded systems vendors are now a huge part of the development community. There also seems to be an increase in the amount of code coming from industry consortia like Linaro - again, mostly focused in the embedded area. But, with over 190 companies participating, we clearly still have interest from beyond just the embedded realm. As of this writing, the 3.2 kernel looks likely to be released right around the end of the year, after one more -rc release. If that schedule holds, this cycle will have required less than 70 days, significantly shorter than the average (which is about 80 days) despite the large volume of changes. The process, in other words, appears to be working fairly well despite the kernel.org difficulties and the delayed start. Sooner or later, we are bound to run into a problem that will throw a significant wrench into the works - life is just like that - but that certainly hasn't happened this time around.
A common clock frameworkOne of the big problem areas that has been identified in the ARM kernel trees is the diversity of implementations for various things that could be shared—either within the ARM tree or more widely with the rest of the kernel. That problem has led to a large amount of duplicated code in the ARM tree, both via cut-and-paste and code that is conceptually similar but uses different data structures and APIs. The latter makes the creation of a single kernel image that can boot on multiple ARM platforms impossible, so there are efforts to consolidate these implementations. The common clock framework is one such effort. In a typical ARM system-on-chip (SoC), there can be dozens of different clocks for use by various I/O and other devices in the SoC. Typically those clocks are hooked together into elaborate tree-like structures. In those trees, child clocks can sometimes only change their frequency if the parent (and any other children) are correspondingly changed; disabling certain clocks will affect other clocks in the system and so on. Each ARM platform/SoC has its own way of encapsulating that information and presenting it to other parts of the system (like power and thermal management controllers), which makes it difficult to create platform-independent solutions. The first problem that a common clock framework faces is the sheer number of different struct clk definitions scattered throughout the ARM tree. There are more than two dozen definitions in arch/arm currently, but the proposal for a common framework not surprisingly reduces that number to one. Implementations can wrap the struct clk in another structure that holds hardware-specific data, but the common structure looks like:
struct clk {
const char *name;
const struct clk_hw_ops *ops;
struct clk *parent;
unsigned long rate;
unsigned long flags;
unsigned int enable_count;
unsigned int prepare_count;
struct hlist_head children;
struct hlist_node child_node;
};
The parent and children/child_node fields allow the clocks to be arranged into trees, while the rate field tracks the current clock frequency (in Hz). The flags field is used to describe the clock type (e.g. whether a rate change needs to be done on the parent clock, or that the clock must be disabled before changing the rate). The two *_count fields are for tracking calls to the enable and prepare operations, while the bulk of the "work" is done within the struct clk_hw_ops field (ops). Each of the entries in the clk_hw_ops structure correspond to a function in the driver-facing API for the clock framework. That API does some sanity checking before calling the corresponding operation from clk_hw_ops:
struct clk_hw_ops {
int (*prepare)(struct clk *clk);
void (*unprepare)(struct clk *clk);
int (*enable)(struct clk *clk);
void (*disable)(struct clk *clk);
unsigned long (*recalc_rate)(struct clk *clk);
long (*round_rate)(struct clk *clk, unsigned long,
unsigned long *);
int (*set_parent)(struct clk *clk, struct clk *);
struct clk * (*get_parent)(struct clk *clk);
int (*set_rate)(struct clk *clk, unsigned long);
};
clk_prepare() is used to initialize
the clock to a state where it could be enabled, and that call must be made
before clk_enable(), which actually starts the clock running.
clk_disable() and clk_unprepare() do the reverse and
should be called in that order. The difference is that
clk_prepare() can sleep, while clk_enable() must not, so
having two separate calls allows the clock initialization to be split into
atomic and non-atomic pieces.
clk_get_parent() and clk_set_parent() do what the names imply, simply returning or changing the parent field, though setting the parent only succeeds if the clock is not already in use (otherwise -EBUSY is returned). clk_recalc_rate() queries the hardware, rather than the cached rate field, for the current frequency of the clock. clk_round_rate() rounds a frequency in Hz to a rate that the clock can actually use, and can also be used to determine the correct frequency for the parent clock when changing rates. All of those are more or less helper functions for clk_set_rate(). clk_set_rate() changes the frequency of a clock, but it must take into account some other factors. If the CLK_PARENT_SET_RATE flag value is set for the clock, clk_set_rate() needs to propagate the change to the parent clock (which may also have that flag set, necessitating a recursive traversal of the tree, attempting to set the rate at each level). Drivers can also register their interest in being notified of rate changes with the clk_notifier_register() function. Three different types of notification can be requested: before the clock's rate changes, after it has been changed, or if the change gets aborted after the pre-change notifications have been called (i.e. PRE_RATE_CHANGE, POST_RATE_CHANGE, and ABORT_RATE_CHANGE). In each case, both the old and new values for the rate get passed as part of the notification callback. The patch to add notifications creates another operation in clk_hw_ops called speculate_rate(), which notes potential rate changes and sends any needed pre-change notifications as it walks the sub-tree. The patch set also exports the clock hierarchy into debugfs. Each top-level clock gets a directory in ../debug/clk that contains read-only files to report the clock's rate, flags, prepare and enable counts, and the number of notifiers registered. Subdirectories are created for each child clock containing the same information. The common clock framework has been around for some time in various forms. The current incarnation is being shepherded by Mike Turquette, but he notes that it is based on work originally done by Jeremy Kerr and Ben Herrenschmidt. Beyond that: "Many others contributed to those patches and promptly had their work stolen by me". Turquette has also posted a patch set with an example that replaces the OMAP4 clocks using the framework. The comments on the most recent iteration have been fairly light, but still substantive, so we are clearly a ways off from seeing a version in the mainline. It's clearly on the radar of ARM developers, and would clean up a fair amount of code duplication within that tree, so we should see something in the mainline soon—hopefully in one of the next few kernel releases.
Bringing Android closer to the mainlineThe agenda for the 2011 Kernel Summit did not include Android as a topic, but Android came up anyway. In a conclusion that surprised many, the group agreed that the bulk of the Android kernel code should probably be merged into the mainline. The past couple of years have made it clear that Android will not be going away; it has, in particular, done a good job of outlasting the resistance to merging its code. After the Summit things got quiet again on the Android front, but that does not mean that nothing has been happening.Tim Bird recently announced the existence of the Android mainlining project, an effort intended to help coordinate the various groups that have been working in this area. The project has the obligatory wiki and mailing list. The list is new and has not seen a whole lot of traffic - a situation which may well change in the near future. Toward the end of November, the core Android code was returned to the staging tree, from which it had been removed at the end of 2009. Since the code's return to staging, changes have been going in and the code has caught up to its state in the Android tree. The code has now reached a point where, as summarized by Greg Kroah-Hartman on December 16:
[T]he next linux-next Linux kernel
release should almost boot an Android userspace, we are only
missing one piece, ashmem, and that should hopefully land in my
staging-next tree next week. The patches are still being tested and
cleaned up by others.
Between the wiki and a look at drivers/staging/android in linux-next, one can get a fair idea of the state of the various patches. One notable patch that is not there is wakelocks (or "suspend blockers"), a feature which has been at the core of the controversy around the Android code. The wakelock concept will almost certainly return at some point, but much of the focus seems to be on the easier components at the moment. As Greg noted, wakelocks are not actually needed to boot an Android system - they're just necessary to keep that system from draining the battery too quickly. The pieces that exist in the linux-next staging directory now are:
The "ashmem" component was not in linux-next as of this writing, but, as Greg noted, its arrival there is expected in the near future. Ashmem is a shared memory mechanism that is able to discard some or all of its contents when memory pressure gets high. It could conceivably be replaced by the proposed POSIX_FADV_VOLATILE operation, but the latter does not, yet, seem to be a complete solution for Android's requirements. There are a number of Android-specific changes that do not appear on that list, and, thus, are not likely to be merged into the mainline in the near future. Some of them are so Android-specific that they may never get in; the "network security" tweaks fall into that category. Others, such as the alarm timer code, may be superseded by enhancements in the mainline. Then, of course, there is a long list of drivers for hardware found on Android devices. Quite a few of those drivers have found their way into the mainline already, and others are on their way. In summary: if all goes well, the 3.3 kernel should see the delta between Android kernels and the mainline go down considerably. That should make life easier for developers and for vendors wanting to provide Android-compatible hardware. Of course, it would be unsurprising if Android were to grow new subsystems of its own in the future; the Android developers have made it clear that they are unable and unwilling to wait for the mainlining process to run its course when they have products to ship. But, with any luck at all, the worst days of a significant fork that has caused a fair amount of ill will and difficult discussion should soon be behind us.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Virtualization and containers
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet Distributions Time for openSUSE to go all-in with systemd?Systemd was designed to bring better performance, better control, and easier configurability to the system initialization and service control task. According to many, it has succeeded in those goals. It also tends to bring a certain amount of unhappiness to those who see no driving reason to make fundamental changes to a key part of the system - especially if those changes sometimes break things. OpenSUSE is not the first distribution to transition to systemd, but its experience in some ways mirrors that of those who came before. Now the distribution is considering plans to move exclusively to systemd, leaving the old SYSV init system behind entirely. Needless to say, not everybody is amused.The current openSUSE release - 12.1, was the first to feature systemd, but it continues to support the SYSV init system as well. For better or for worse, though, the distribution developers made the decision that old systems, when upgraded to 12.1, would be transitioned to systemd automatically. That is where the trouble starts; there are, it would seem, a lot of things that do not yet work all that well with systemd. That has led to the automatic switch being added to the 12.1 most annoying bugs list, along with instructions on how to switch back to SYSV init. When Fedora made this transition, the Fedora 14 release was initially targeted as the first systemd-based release, but Fedora eventually decided to wait one more cycle to allow things to stabilize. That decision seems to have worked out reasonably well, even though Fedora users, arguably, are used to disruptive changes and could have handled it. In retrospect, perhaps openSUSE should have done the same thing and given systemd another release cycle to settle in. Or, failing that, they could have held off on the automatic switch to systemd, leaving it as an "opt-in" choice for their more adventurous users. But, as they say, hindsight is always 20-20. The end result is that, when Cristian Rodríguez posted a proposal to phase out SYSV init entirely in favor of systemd, he was not rewarded with universal acclaim. There was some substantial grumbling about the perceived instability of systemd-based installations and the desire to push users toward technology that is not yet ready for prime time. For example:
This would mean forcing systemd on users whether they want it or
not, whether it gives them something or not, even whether it works
for them or not. Please don't do it. Please show first that systemd
can work reliably and that it can give the users (admins) something
that the old solution didn't. This is the way to persuade people
that the new solution is better than the old one, not forcing it on
them and not giving them a choice.
The openSUSE developers seem to agree, at this point, that the transition was a bit premature and that it has caused some unneeded pain for users; some apologies have been seen on the list. But that still leaves them with the problem of figuring out where to go from here. One option would be to back out systemd entirely, write it off as a bad idea, and recommit to SYSV init (or switch to upstart). There does not appear to be any sign that this option is under consideration; for better or for worse, systemd appears to be seen as the future for openSUSE. Given that, there is no alternative to making systemd work better. Cristian proposed a three-phase plan to so do. The first step would be to address all known bugs in systemd itself, which makes sense: until the foundation is stable, it is hard to build stable structures on top of it. The second phase involves getting rid of purely hardware-related init scripts and adding systemd unit files to packages that need them. The final stage includes the removal of SYSV init and something called "profit". By all appearances, it is a straightforward plan to further the transition to systemd. Nobody disagrees with the idea of making systemd work better. But there was some real discomfort with a perceived haste to eliminate SYSV init. Once the old init system is gone, there will be no alternative to running systemd, like it or not, and it appears that some users do not like it. That puts openSUSE into a bit of a bind. There is a real cost to keeping SYSV init around and functioning; it is a complex and crucial system component that is easily broken if the distribution developers are not running it regularly. Maintaining both systems will also reduce the number of users and testers for systemd, with the result that bugs will take longer to find and to fix. The desire to keep a tried-and-true alternative around is understandable, but, at some point, the costs of doing so are likely to be to high. That said, there is no talk of removing SYSV init for the 12.2 release, and possibly for some time thereafter. Systemd, along with all the services that interact with it, needs to be brought up to a higher level of stability first. That should be enough work to keep the openSUSE developers busy for a little while yet. Experience suggests that systemd-based openSUSE should stabilize quickly enough, and soon this transition will just be a memory. The road to that place may yet have a rough spot or two, though.
Brief items CentOS 6.2 releasedThe CentOS 6.2 release is out, surprisingly quickly after the Red Hat Enterprise Linux 6.2 release that it is based on, and less than two weeks after the CentOS 6.1 release. "All updates released since upstream 6.2 release are also released to the CentOS-6.2 mirrors. With this release we are now back to a regular, managed and tested release path and time scales. However, for the time being, we are going to retain the CR/ repo in the event its needed in the future to push ahead-of-release updates." Some people must have worked very hard to get this release out so quickly; congratulations are in order.
Oracle Linux 6 .2Oracle has released Oracle Linux 6.2 for x86 and x86_64. Two kernels are available for this release. Both Oracle's Enterprise kernel and a Red Hat compatible kernel are installed by default, with the former booted by default.
Ubuntu disabling the Sun Java JDK browser pluginUbuntu has sent out an announcement that it will be pushing a security update that disables the Sun JDK browser plugin on all machines. It seems that there are several security issues with this plugin, but, due to a change in licensing by Oracle, it is no longer possible to create packages with the fixes. The best solution appears to be to switch to OpenJDK.
Distribution News Fedora Fedora 16 for IBM System z 64bit official releaseThe Fedora IBM System z (s390x) Secondary Arch team has announced the official release of Fedora 16 for IBM System z 64bit. The architecture specific release notes are here.
openSUSE openSUSE Board Election 2011 resultsThe latest election results for the openSUSE board have been posted. Pascal Bleser, Will Stephenson, and Andrew Wafaa are the newest members of the board.
Newsletters and articles of interest Distribution newsletters
McRae: Pacman Package Signing - 4: Arch LinuxBack in March 2011, LWN examined package signing (or the lack thereof) in the Arch Linux distribution. Things have advanced considerably since then. Allan McRae has now posted the fourth in a series of articles about the adoption of signed packages in Arch. "The Arch repos have been gradually preparing for the package signature checking in pacman-4.0. Support for uploading PGP signatures with packages was added in April and was made mandatory from the beginning of November. As of today, 100% of the packages in the [core] repo and approximately 71% of [extra] and 45% of [community] are signed."
Poortvliet: openSUSE and ownCloudJos Poortvliet writes about ownCloud and the tools offered in openSUSE 12.1 to make ownCloud management easier. "The freedom of software and data is very valuable to the openSUSE Project and we would like to help you escape the deceptive arms of those who offer you some convenience in exchange for control over your data. A first step was providing spideroak in openSUSE 11.4 which, unlike most competitors, encrypts your files and thus offers more protection for your privacy. But your data is still 'somewhere else' and we prefer to offer something you would really own. Fortunately there is a very appealing solution for that called ownCloud."
Puppy Has A Litter (OSnews)OSnews looks at Puppy Linux and some of its derivatives (or puplets) that have been built using the Woof build system.
Puppy has long provided user-friendly software for mastering your own Puppy live CD. Puppy comes with a desktop remastering tool that allows you to take a "snapshot" of your current system and instantly make a live CD of it. Woof is an alternative mastering tool. (It effectively replaces Puppy Unleashed, an earlier tool to create ISO images.) Beginners will prefer the simple CD-Remaster tool while those with more expertise will opt for Woof.
The result of these easy-to-use tools has been an explosion in Puppy Linux variants, commonly called Puplets. There's a Puplet for every interest, demographic, and taste. There are Puplets that default to specific GUIs, Window Managers and browsers; Puplets optimized for specific hardware; stripped down and barebones Puplets; Puplets for different languages and countries; and so on. This webpage lists 20 new Puplets with another 65 available. Pick from the list or develop your own. That's the fun of Puppy.
Page editor: Rebecca Sobol Development GNOME plans an accessibility push for 2012GNOME's accessibility efforts took a serious hit in 2010 when Oracle acquired Sun and cut developer jobs from Sun's Accessibility Program Office (APO). The APO had been home to full-time developers working on GNOME accessibility components like the Orca screen reader and the Accessibility Toolkit ATK. The GNOME Foundation is preparing a major accessibility push in 2012, beginning with a fundraising campaign that will direct donations towards needed development tasks. Because of the APO layoffs and the amount of time and effort required to release GNOME 3.0, many of the outstanding accessibility tasks were falling through the cracks. Some modules and changes had to be dropped, and some bugs and new work had to be pushed back. GNOME held an accessibility hackfest in March 2010 to reorganize the effort. Making 2012 the year of accessibilityEventually, others in the GNOME ecosystem took up some of the slack, however, including open source consulting firm Igalia, and developers from other Sun/Oracle offices. In an effort to further accelerate development, the GNOME Foundation is making accessibility the focal point of a new fundraising campaign, run through the foundation's "Friends of GNOME" (FoG) program. FoG allows individuals to make monetary donations in one-time or recurring monthly amounts. The new FoG site highlights the importance of accessibility, linking to a testimonial from Robert Cole, an IT student with a significant visual impairment. It also lists six areas where the GNOME Accessibility Team wishes to target development resources. First, the team wants to alleviate the performance hit that comes with running Orca or other assistive technologies, having noticed that sessions slow down whenever the assistive technology component is running, even if the application is not being used. Certainly some amount of overhead is to be expected when running an application like Orca, but the noticeable even-while-not-in-use performance degradation is frequently cited by third-party developers as a reason for not adding ATK support to their applications. There are also three applications that need specific feature work. One is adding cursor- and focus-tracking to GNOME Shell's built-in Magnifier, so that users do not need to manually move the magnified region while working. Another is adding awareness of document structure and formatting to the Evince PDF reader and the Poppler library that powers it. This amounts to making rich-text features available to a screen reader, so that it could move between headings or simply announce structural markers and formatting, rather than reading the text in "flat" form. A third is adding accessibility features to WebKitGTK+, which is the HTML component used by the GNOME help system and which may be incorporated into future versions of the Evolution mail client. Finally, there are project maintenance tasks needing work, such as improving accessibility regression-testing tools, and fixing a list of outstanding GNOME 3 accessibility bugs. Although that might sound like a long list, it still takes up only a fraction of the overall GNOME accessibility roadmap. GNOME Foundation Executive Director Karen Sandler said in an email that although the dates have slipped since the roadmap page was first written, its status information is current, and still reflects an up-to-date look at the project's accessibility progress. Accessibility hackfestOne item from the roadmap will be the subject of an accessibility hackfest to be held at Igalia's offices in A Coruña, Spain from January 18-22, 2012: augmenting ATK and ensuring that it is consistent across toolkits and applications. ATK is a set of interfaces that toolkits implement to expose the contents of GUI components in a standardized way, thus allowing accessibility tools (like Orca) to read and manipulate them. Each GUI toolkit — GTK+, Clutter, Mozilla's Gecko, etc. — builds its own implementation of ATK. The trouble comes when they do not all implement ATK in exactly the same way, such as emitting different signals for the same event. Orca maintainer Joanmarie Diggs, who is now an Igalia employee, said that this inconsistency is
largely the result of lack of documentation of the accessibility
APIs. After all, one cannot expect cross-toolkit consistency if exactly
what is expected of them is not stated clearly and/or the documentation
leaves too much up to implementer interpretation. Nonetheless, the end
result of the inconsistencies is that an AT [Assistive Technology] such as
a screen reader must do
toolkit specific handling, which is less than ideal.
Improving the ATK documentation so that it serves as a better guide for developers is one of the hackfest's primary goals. Developers from the GTK+, Qt, and Mozilla projects are already confirmed to attend. Qt, it should be noted, does not use ATK directly, but rather interfaces directly to the underlying Assistive Technology Service Provider Interface (AT-SPI). The other side of the ATK-augmentation coin is seeing where it makes sense to extend the ATK API itself. The roadmap document lists several issues, including adding additional information to certain events and objects. Diggs gave three examples: selection, text attributes, and table cells. Currently, she explained, when an application changes the selected region (expanding it or shrinking it), ATK only informs the screen reader that the selection has changed, not what letters or words were added or de-selected. Similarly, document editors do not send formatting information (such as the "bold" or "italicized" state of text) to accessibility applications, which makes editing difficult. In both cases, she said, the application already has the information in question, it just needs a mechanism to send it via ATK. Finally, table cells have their own set of problems, starting with the fact that a cell cannot report its row-and-column position via ATK. Diggs is quick to point out that these issues do not constitute design flaws in ATK, but areas for improvement that have come out of several years of real-world use. The list of topics for the hackfest also includes completing ATK's GObject introspection work, reviewing ATK usage in newer toolkits such as GNOME Shell's "ST" toolkit, and examining bindings for languages that do not use GType, such as C++ and Java. Up nextDuring the FoG accessibility campaign, all one-time donations will be earmarked by the GNOME Foundation specifically for accessibility work, as will the first month of all new subscription plans. Sandler said that the campaign would not last for the full 2012 calendar year, although it does not currently have an end date announced. "We wanted to get it going now, though," she added, "so that folks can donate and see their tax deductions this year, if that applies to them." The hackfest is open to any interested attendees; developers who plan on participating can add their names to the event's planning page on the GNOME wiki to indicate their intent. Although a schedule for the rest of the year has not been established, there is certainly no shortage of work needing attention. Accessibility improvements ultimately benefit all users; as Alan Coopersmith pointed out on the GNOME Marketing list, former "accessibility only" projects like speech recognition and on-screen keyboard technology are now indispensable parts of the mobile computing experience. But, even though everyone's eyesight will decline over the years with age, making software accessible today will obviously have a greater — more immediate — impact for those users who happen to have visual, auditory, or motor-control impairments.
Brief items Quotes of the week
Note that only a witless moron could ever actually be confused
(rather than simply annoyed) by "1 files". Unfortunately, we
actually deal with these witless morons on a daily basis: they're
called computers.
-- Matt Mackall
I think GNOME should really think about what is good for itself,
not how to keep the peace. Effectively, KDE has a lot more to gain
from a combined conference than GNOME has, the benefits of a joined
conference are very unbalanced. I strongly believe GNOME should
focus on what is good for GNOME, and much less on what is good for
whatever else exists in the Free Software world. Our interest
should be GNOME, and making GNOME great, and not at all making KDE
great too, and Enlightenment, and whatever else exists.
-- Lennart Poettering
I'd even go further than this: I believe one of the goals of GNOME should be to emphasize vertical integration (i.e. considering integration of our stack, the GNOME OS a core objective), but encouraging multiple variables on top of this stack makes that much more complex. I think it is against our interest encouraging KDE and other desktop environments.
We will not stop telling the world that we were the primary
contributors and inventors of OpenOffice.org. The development team
in Hamburg created it -- with the help of the OpenOffice.org
community -- and is happy to continue developing it. I don't think
that this is confusing users. It's the truth. The ASF should use
this as a weapon not as a threat. We will also defend ourselves
against malicious gossip or suspicion -- same like the ASF does.
-- Götz Wohlberg for Team OpenOffice.org
Amarok 2.5 releasedVersion 2.5 of the Amarok music player has been released. The headline features are GPodder.net podcast synchronization, a reworked USB mass storage module, and integration with the Amazon.com music store.
JACK 1.9.8 releasedVersion 1.9.8 of the JACK audio connection kit has been released. It features much improved MIDI support and a lot of other improvements. Note that this is the JACK2 version of JACK, written in C++; it differs entirely from JACK1. There is currently a busy discussion on the JACK list about how these two versions might be reconciled into a single version, but there are not, yet, a whole lot of conclusions to report.
Qt 4.8.0 releasedVersion 4.8.0 of the Qt toolkit has been announced. Significant changes include a new platform abstraction layer to make portability easier, threaded OpenGL support, multi-threaded HTTP, and a reworked (faster) filesystem I/O layer. Some more information can be found in this blog post.
Razor-qt 0.4 releasedRazor-qt is "an advanced, easy-to-use, and fast desktop environment based on Qt technologies. It has been tailored for users who value simplicity, speed, and intuitive interface." The 0.4 release is available; it adds a new application launcher, better removable media support, new configuration utilities, and more.
Newsletters and articles Development newsletters from the last week
Blender 2.61 released with GPU based rendering and motion tracking (LGW)Libre Graphics World has posted a video-heavy look at Blender 2.61 which, it says, is one of the most important Blender releases ever. "Top reason is, of course, Cycles, the new hardware accelerated rendering engine. Cycles can use both CUDA (preferred for NVidia) and OpenCL (naturally, AMD/ATI), but will work on CPU too. That imposes dramatic changes to workflows, even though Cycles is not quite complete yet."
Cracks in the Foundation (PHP Advent)The 2011 PHP Advent site has an article by Gwynne Raskind on the challenges facing PHP and how they are being addressed. "PHP has always been an evolving, almost-organic language. It has been rewritten from the bottom up at least four times, with massive internal changes to the engine at least twice more. Through all these mutations, however, its external interface - the language itself - has remained quite similar for a long time. Nearly everything that can be pointed to as different between PHP 3 and PHP 5.4 is an addition or extension to the language, not a change in existing behavior. There are exceptions, such as the new object model, but by and large, a PHP coder looking at PHP 5 code will be able to make complete sense of PHP 3, and vice versa. All of these versions share one flaw: there is no single specification of the language!"
Page editor: Jonathan Corbet Announcements Brief items Mozilla and Google sign a new dealThe Mozilla Foundation has announced that Google will continue to buy its position as the default Firefox search engine for the next three years. "The specific terms of this commercial agreement are subject to traditional confidentiality requirements, and we're not at liberty to disclose them."
IFOSSLR #5 availableThe fifth issue of the International Free and Open Source Software Law Review has been published. Topics covered in this issue include interoperability, patent licensing, patents in Europe, licensing notices in web platforms, the past and future of Groklaw, and more.
Articles of interest Apache: Open Letter to the Open Document Format EcosystemThe Apache Software Foundation Blog is carrying an "open letter to the ODF ecosystem" meant to clarify the Foundation's plans for OpenOffice.org. "Our license and open development model is widely recognised as one of the best ways to ensure open standards, such as ODF, gain traction and adoption. Apache OpenOffice offers much more potential for OpenOffice.org than 'just' an end-user Microsoft Office replacement. We offer a vendor neutral space in which to collaborate whilst enabling third parties to pursue almost any for-profit or not-for-profit business model."
BT Sues Google for Patent Infringements (Wired)Wired covers the latest entrant into the wireless lawsuit game: BT. "An example patent is 'Service provision system for communications networks,' which BT was awarded in the 1990s. It essentially boils down to an app figuring out whether a phone is connected to the web via Wi-Fi or 3G, and choosing to stream at a different bandwidth. Google infringes this in Google Music and the Android Market, BT alleges." Yes, this is the same BT that once claimed to have patented the hyperlink.
Yo Amazon: Please don't hijack the web on Kindle Fire (GigaOm)GigaOm discovers the value of free platforms the hard way while playing with a Kindle Fire. "When trying to browse the Google Android Market website in the Fire's web browser, the device instead opens up Amazon's Kindle Fire application store. Since the Fire doesn't officially have access to the Android Market, I can understand the device highlighting its own app store. But to specifically hijack a browser URL and redirect it is disturbing and sets an ugly precedent."
New Books Pragmatic Guide to Sass--New from Pragmatic BookshelfPragmatic Bookshelf has released "Pragmatic Guide to Sass" by Hampton Catlin and Michael Lintorn Catlin.
Calls for Presentations Android Open Starts Call for ProposalsAndroid Open will take place April 5-6, 2012 in San Francisco, California. "While our fall event is for the entire Android ecosystem (development, business, and marketing), this spring event is a more focused technical conference for developers. The Android world moves too quickly to wait a whole year between conferences." Proposals are due January 23.
OSCON 2012 Opens Call for ProposalsThe O'Reilly Open Source Convention (OSCON) will take place July 16-20, 2012 in Portland, Oregon. Proposals are due by January 12.
Upcoming Events Announcing FUDCon LATAM 2012 in VenezuelaThe 2012 Latin American FUDCon (Fedora Users and Developers Conference) will be held in Margarita Island, Venezuela. Further details will be announced later. Bids are open for the 2012 editions of FUDCon EMEA and FUDCon APAC.
Events: December 22, 2011 to February 20, 2012The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it.
Page editor: Rebecca Sobol
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[ownCloud logo]](/images/tl2011/owncloud-logo.png){kind=logo}
![[Subversion logo]](/images/tl2011/svn-logo.png){kind=logo}
![[Kernel summit]](/images/tl2011/large-ks-group.jpg)
![[Fedora logo]](/images/tl2011/fedora-logo.png){kind=logo}
![[ColorHug logo]](/images/tl2011/colorhug-logo.png){kind=logo}
Richard Hughes announces the ColorHug open hardware/software
colorimeter (![[LLVM logo]](/images/tl2011/llvm-logo.png){kind=logo}
![[webOS logo]](/images/tl2011/webos-logo.png){kind=logo}
HP announces that it will contribute the webOS code to the open source
community (![[Plasma Active logo]](/images/tl2011/plasma-active-logo.png){kind=logo}
![[Mozilla logo]](/images/tl2011/mozilla-logo.png){kind=logo}