Sponsored link
Serve your customers, not your servers, with VERIO Linux VPS. Full-access test-drive here.
| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
LWN.net Weekly Edition for June 26, 2008
Notes on the Fedora board election
The Fedora Project recently held an election to fill four seats on its governing board. This is the first vote to happen since Red Hat decided to let the community elect the majority of the board's members. The results of this vote surprised the Fedora community in a couple of ways, leading to an extended discussion on how this community should be governing itself - and whether it can do that at all.In the end, Tom Callaway, Jesse Keating, and Seth Vidal were elected to the board for two release cycles, and Jef Spaleta for one cycle. The fifth elected seat is currently held by Matt Domsch; three of the appointed seats are currently held by Bill Nottingham, Karsten Wade, and Harald Hoyer. Red Hat has not yet announced who will be put into the fourth appointed seat. The newly-elected members are all well-known Fedora contributors who have done a lot for the project. So why are there questions? It comes down to two points:
- Three of the four representatives elected to the board are employed
by Red Hat. So, while Red Hat has given up its ability to directly
appoint the majority of the board, that board will still be dominated
by Red Hat employees.
- Of the 4069 Fedora community members who were entitled to vote in this election, only 250 actually turned in ballots. A 6% turnout strikes many as being somewhat lower than one would expect from a fully-engaged community.
Though nobody said so directly, some people apparently suspected that Red Hat employees voted in rather larger numbers than anybody else, and that they duly elected some of their own to fill the board seats. The truth of the matter is probably not so simple; what we are seeing is a middle stage in the Fedora Project's ongoing effort to become a more open, community-oriented effort.
A few possible reasons for the low turnout were put forward. One had to do with how the election was conducted. The self-nomination process evidently does not sit well with some people, who would rather see candidates nominated by their peers. The range voting mechanism used by the project seems complex and intimidating - though it still seems simple compared to the Condorcet scheme employed by Debian. There were also some complaints that the election was not run in a sufficiently high-profile manner, to the point that many community members might not have known that an election was underway at all.
Greg DeKoenigsberg put forward a different hypothesis to explain why so few people voted:
I myself almost didn't vote. Why? Because I liked the entire slate of candidates.
In this point of view, everybody is so happy that there's no need to get involved in the process. There is a contrary point of view which is also worth considering, though:
By this line of reasoning, instead of everybody being happy, the community is in despair and sees no point in participating in a process which seems unlikely to change anything.
The truth of the matter is almost certainly somewhere in between. The Fedora project has clearly opened considerably in recent years, to the point that it is one of the most transparent and active distributions out there. The community contributes a lot of work and certainly participates in discussions about the future of the project. But Red Hat still holds considerable sway; the fact that it employs a great number of Fedora developers is, by itself, enough to ensure that.
Red Hat's large presence is also enough to explain the large number of Red Hat employees elected to the board. Those are the people who have the luxury of working on Fedora full time; it is not surprising that they tend to be the most prominent developers in the community. Additionally, there is a certain tendency for outsiders who become strong community members to eventually become Red Hat employees as well. Red Hat has been increasing its investment in Fedora and hiring a number of people to work on it; the fact that they would be inclined to hire people who are already doing good work with Fedora should not be surprising.
So when Fedora developers look at a ballot and think about the names found there, chances are good that they will vote for the people they have seen working hard and accomplishing things within the community. And those people, at this point, are likely to be Red Hat employees. Until a time comes when other companies find it worthwhile to pay full-time Fedora developers, this situation is not likely to change much.
The free software community is full of examples of company-dominated projects. The bulk of these projects are subject to a high degree of control by the sponsoring company. That is natural; these companies have specific needs which they expect their development projects to meet. Making such projects truly open can be hard. Red Hat has gone farther than many in its efforts to make Fedora open, even if said efforts have come later than some would like.
Hopefully Red Hat will continue to follow that path, but, to a great extent, the next steps have to be taken by others. When the investment into Fedora from outsiders exceeds Red Hat's investment, Red Hat will be less of a dominant force. Until then, efforts to increase the number of people voting board elections - while being worthwhile and welcome - are unlikely to significantly change the results of those elections.
A belated look at the Red Hat/Firestar patent settlement
On June 11, Red Hat announced that it had reached a settlement in the software patent lawsuit it was defending against Firestar Software, Inc. and DataTern, Inc. This settlement is of interest to the community; it may point toward how how such cases may go in the future. Unfortunately, the amount of information which has been released so far leaves as many questions as answers, including the fundamental question of whether this settlement is as good for the community as Red Hat is claiming.The suit involves patent #6,101,502, which claims the concept of creating an impedance-matching layer to connect relational databases to object-oriented applications. The first claim reads like this:
- selecting an object model;
- generating a map of at least some relationships between schema in the database and the selected object model;
- employing the map to create at least one interface object associated with an object corresponding to a class associated with the object oriented software application; and
- utilizing a runtime engine which invokes said at least one interface object with the object oriented application to access data from the relational database.
One might well wonder how object-oriented programmers managed before 1998, when this patent was filed. Firestar claimed that a piece of JBoss violated the patent and duly filed suit; Red Hat has been fighting back ever since. The June 11 announcement appears to bring an end to this particular dispute.
While Red Hat has not agreed that it was in violation of this patent, the company did not reach a settlement which clears it of infringement. Instead, Red Hat agreed to license the patent for itself and for its customers. The thing that makes this settlement a little more interesting is that Red Hat did not stop there; it also obtained a license for the project's upstream developers. From the settlement FAQ posted by the company:
The press release adds:
So, in other words, this license and covenant covers the "predecessor versions" of any package shipped by Red Hat. Once a particular project finds its way into RHEL, it's part of the deal.
This very carefully-worded text leaves one very interesting question open: what about users of the software who are not Red Hat customers? It would appear that developers are covered, presumably even as they develop the program beyond the "predecessor version" shipped by Red Hat. It has been made abundantly clear that Red Hat's customers are covered. There is a lot of text in the press release and FAQ suggesting that non-customer users should be protected too, but that is never said explicitly. An omission like that in a carefully-written, lawyer-vetted document can speak loudly; one must wonder what is going on.
Another interesting question is this: what about all of the other projects out there which are using object-relational glue layers? One can only assume that this set includes just about every object-oriented application which is using a relational database. The language makes it pretty clear that this patent has not been licensed for free software in general; it only applies to the specific piece of JBoss which was under dispute. The press release claims that the settlement covers derivative works, leading one to imagine that it would be possible incorporate some small function from JBoss into an entirely unrelated project and get the patent license with it. But there is no way to know whether this interpretation matches the real settlement or not.
And therein lies the real problem at this time: the actual terms of the settlement, and of the licenses and covenants, have not been published. One presumes that will change at some point; your editor queried Red Hat on when that might be, but did not receive an answer by the time this article was written. Without knowing what the actual agreement is, nobody can really assume that they have received any protection at all.
One other claim from the FAQ merits attention:
All of this is somewhat debatable, and needs to be questioned. As noted above, the actual breadth of the protection obtained is yet to be disclosed. The more relevant question, though, is: did Red Hat really "stand up for the community" in this case, and will it discourage these cases in the future? Your editor is not convinced of either.
The way to stand up against this patent aggressor would have been to invalidate the patent and put an end to it forevermore. A quick trip to your editor's bookshelf turned up David Taylor's Business Engineering With Object Technology, dated 1995, which discusses difficulty with relational databases and impedance-matching layers. Grady Booch's Object Solutions (1996) says: "Thus, it is reasonable to approach the design of a data-centric system by devising a thin object-oriented layer on top of a more traditional relational database technology." Or look at Object-Oriented Modeling and Design by Rumbaugh et. al. (1991), which has an entire chapter on mapping objects into relational databases.
In other words, there can be no shortage of prior art in this case; this is not an idea which was first conceived in 1998. But, rather than take this approach, Red Hat chose to settle. It is not said anywhere, but chances are good that some money changed hands here, and, by accepting a license for this patent, Red Hat has given it some legitimacy. Other free software projects - those which Red Hat does not ship - have apparently been left open to the same attack. Is this really the way to "discourage future similar cases"?
Of course, such criticism is easy to make from the sidelines; it's easy for those of us not directly involved in the suit to claim that Red Hat should have taken the higher-risk, higher-expense road and fought this case to the end. There is no doubt that such an approach would be better for the community - assuming Red Hat prevailed - but Red Hat's management must make its own choices about which battles it is to fight. Given that it chose to settle, Red Hat clearly tried to do the right thing by obtaining some sort of protection for the community beyond its customer base. Time will tell how well that will work out and whether it will serve as a model for future settlements or not.
Symbian to be another open mobile platform
The already crowded open source mobile phone software market just got more so as Nokia has announced plans to open up the Symbian operating system. Symbian currently has the biggest installed base of any mobile OS, which makes this announcement somewhat more surprising—market leaders generally do not radically change their successful methods. What it means for the various Linux mobile phone initiatives is unclear, but it certainly shakes things up a bit.
Nokia, along with many of the biggest players in the mobile phone market, has formed the Symbian Foundation to provide its members with the OS on a royalty-free basis. Several other components are being donated to the foundation as well, to create a complete platform for mobile applications. The plan is for all of the code to be released using the Eclipse Public License over the next two years.
In order to own the code, Nokia is purchasing the 52% of Symbian Limited that it does not currently own for more than $400 million. This will allow Nokia to donate Symbian, along with its S60 smartphone platform, which runs atop Symbian, to the foundation. Sony Ericsson and Motorola will donate their UIQ user interface layer, while NTT DoCoMo will donate its Mobile Oriented Application Platform (MOAP).
Nearly two dozen companies have come together to form the foundation, including handset makers, mobile carriers, and chip manufacturers. Interestingly, there is substantial overlap between Symbian Foundation members and those of the Open Handset Alliance—the umbrella organization for Google's Android effort—and the LiMo Foundation. Whether this reflects impatience with the pace of Android/LiMo development or just an effort to hedge their bets remains to be seen.
Membership in the foundation is open to all who are willing to pay the $1500 annual membership fee. That fee will allow the use of all of the components that make up the Symbian platform on a royalty-free basis. Any developers that wish to create software for the platform need not join as there will be a developer program available at no charge. The foundation is expected to start operations in 2009.
Opening up Symbian is seen as a reaction to Android and other free software efforts in the mobile phone space. One of the advantages touted for Linux solutions is the zero cost—particularly the lack of per-unit royalties. By moving Symbian to this model, the foundation undercuts that advantage. Because Symbian is already a dominant player in the smartphone market—with a large development community—there are some who believe it will redirect efforts currently focused on Linux to Symbian.
That remains to be seen, of course, but Linux-based smartphones are still in their infancy. MontaVista's Mobilinux has been installed in more than 35 million mobile devices, mostly in Asian markets, but, perhaps because of it being controlled by a single company, hasn't really generated a large developer community. It may also be targeting mobile carriers who are not very interested in allowing users to customize their phones—at least not to the extent Android and others envision.
There is a widening rift between the "free" and "locked down" camps for mobile devices. With this move, Nokia—and the other foundation members—seem to be moving toward allowing users more freedom, though undoubtedly some handset makers and carriers will opt for locking down their phones regardless of the openness of the underlying OS. One need look no further than the iPhone for an example of a tightly controlled application environment that is, at least so far, very popular with consumers.
In the long run, it is hard to imagine that mobile device users will be willing to stick with the limited choices of applications provided by their carrier or phone maker. As more open alternatives become available, there will be a pushback from handset buyers that will be harder for the carriers to resist. For many, their mobile phone is the most sophisticated computer they own and the history of personal computers would indicate that a thriving ecosystem of the third-party applications is an important part of the purchasing decision. That requires developers.
The current proliferation of open mobile phone software platforms is, in many ways, a battle for developer mindshare. LiMo, Android, and OpenMoko are all Linux-based development platforms that support multiple hardware devices, which should allow applications to run on many different mobile devices with minimal porting. How well that works in practice is still an open question.
For many of the established players in the mobile device market, Symbian is a known quantity. It has shipped on countless devices—its strengths and weaknesses are well understood. Turning it into a free software release will allow, at least potentially, members to move the Symbian code in the direction they want. But will that stop, or substantially slow down, the adoption of Linux-based solutions?
In order for that to happen, Symbian itself will need some kind of developer community, something like what currently exists for the kernel and user space applications on Linux. Whether the opening of the code will be enough to attract that community is an open question. It may be that developers at the member companies will be forced to form that community—something that could affect the bottom line.
One of the key problems that the various Linux-based efforts face is that of fragmentation. The vendors of royalty-based mobile platforms—primarily Microsoft and Palm—tend to point to the multiple incompatible Linux efforts as proof. They tout the control that a single vendor provides to ensure compatibility. Others, like Apple and RIM (maker of Blackberry email phones), do not license their software to others so they tightly control the hardware, which tends to avoid fragmentation.
Within a particular initiative, fragmentation is likely to be a very bad thing, but having multiple platform choices tends to provide healthy competition and thus help consumers. Over time, some of the current Linux-based platforms may fall by the wayside to leave fewer choices, but that will likely happen due to technical considerations, part of which will be determined by the third-party application developers.
One questions remains though: what happens with Qt, or more specifically the Qtopia Phone Edition? Nokia bought Trolltech early this year, at least partially for their mobile toolkit. Will they port it to Symbian and donate it to the foundation? They could, of course, port it but keep it separate, but that would seem to lead down the path toward fragmentation. It seems somewhat unlikely that they would change Trolltech's successful hybrid of GPL and commercial licenses, but before this announcement few thought that Symbian would be freed. Nokia has certainly adopted a more open-friendly stance of late—they clearly see it as a way to generate more business—so it certainly is not out of the realm of possibility.
While opening up Symbian may inhibit Linux adoption on mobile devices, it can only be seen as a good thing for consumers and the free software community as a whole. In many ways, it validates the free software development model along with the idea of freedom for users and developers. The competition between Linux and Symbian will also likely help both improve. Expect lots of interesting devices and applications in the next few years because of it.
Page editor: Jonathan Corbet
Security
Leaking browser history
Browser history is fairly sensitive information for most people. If there were a way for random web sites to grab a list of other sites you have visited recently, it would cause a fair amount of concern. Unfortunately, a longstanding problem in the HTML Document Object Model (DOM) makes for an information leak nearly as bad as that.
The problem stems from the handy feature that browsers implement to show you which links you have already visited. The way that they show links in a different color if you have visited them is by turning on the "visited" style for the link. Many sites, such as LWN, then change the default colors for both visited and non-visited links via the site's Cascading Style Sheet (CSS). This information gets recorded in the DOM for the page which can be queried from Javascript.
Because of the nature of the leak, scripts cannot get a full dump of the browser's history, but they can get the visited status for a set of sites they are interested in. A web site that wishes to gather this kind of information need only add a link to each site of interest—often in an unreadable font size or color—and send over a bit of Javascript to read the DOM status for each link.
While this problem has been known since at least 2002, there is no easy fix while still being compliant with the CSS standard. Because of that, most or all browsers are vulnerable. It has recently been in the news because it is being used in a benign, or at least semi-benign, way.
These days many news sites and blogs have small images that correspond to various social networking sites—digg, reddit and the like—that allow voting on particular stories or postings. Those images are buttons that register a vote or submission of the site that displays them. With the proliferation of these sites, a great deal of screen real estate was being taken up by these icons, many of which were not useful because the person viewing them never visited those particular sites.
To reduce the clutter, Aza Raskin created some Javascript code to determine which of the social networking sites a particular user had visited so that only the icons for those sites were displayed. Many people would find that to be a useful hack, one that was fairly minimally intrusive, which it is at some level. Others, with a more strict personal privacy desire, might find it more than a bit creepy.
Reducing clutter is one thing, but this technique can be used to gather much more sensitive information than which of the many social networking "news" sites you visit. It is tempting to remind readers of the NoScript Firefox extension, but it has become increasingly difficult to do nearly anything on the web without enabling Javascript. Many sites essentially hide their content behind a Javascript test, refusing to display it unless Javascript is enabled.
This makes it difficult to avoid giving away some of your browsing history to dodgy sites—or those with cross-site scripting vulnerabilities—other than by avoiding them entirely. It is an unfortunate side effect of a useful property that, as the discussion on the Mozilla bugzilla shows, will be difficult to completely eliminate. It should be noted that the links do not have to be obfuscated—by adding a dash of Javascript LWN could know whether you have visited digg or reddit. But, of course, we don't force Javascript on our readers.
New vulnerabilities
clamav: denial of service
| Package(s): | clamav | CVE #(s): | CVE-2008-2713 | ||||||
| Created: | June 23, 2008 | Updated: | June 25, 2008 | ||||||
| Description: | Versions of clamav prior to 0.93.1 can be made to perform an out-of-bounds read with a specially-crafted file, leading to a denial of service vulnerability. | ||||||||
| Alerts: |
| ||||||||
fetchmail: denial of service
| Package(s): | fetchmail | CVE #(s): | CVE-2008-2711 | |||||||||
| Created: | June 20, 2008 | Updated: | June 30, 2008 | |||||||||
| Description: | From the CVE entry: fetchmail 6.3.8 and earlier, when running in -v -v mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which is not properly handled when using vsnprintf to format log messages. | |||||||||||
| Alerts: |
| |||||||||||
gallery: multiple vulnerabilities
| Package(s): | gallery | CVE #(s): | CVE-2008-2720 CVE-2008-2721 CVE-2008-2722 CVE-2008-2723 CVE-2008-2724 | ||||||
| Created: | June 23, 2008 | Updated: | June 25, 2008 | ||||||
| Description: | Gallery suffers from a number of vulnerabilities, including cross-site scripting, information disclosure, permission escalation, and authentication bypass. Version 2.2.5 fixes these problems; see the release announcement for details. | ||||||||
| Alerts: |
| ||||||||
horde: cross-site scripting
| Package(s): | horde | CVE #(s): | |||||||
| Created: | June 25, 2008 | Updated: | June 25, 2008 | ||||||
| Description: | The Horde application framework suffers from a cross-site scripting vulnerability which is exploitable by authenticated users. The 3.2.1 release fixes the problem. | ||||||||
| Alerts: |
| ||||||||
IBM JDK/JRE: multiple vulnerabilities
| Package(s): | ibm-jdk-bin | CVE #(s): | ||||
| Created: | June 25, 2008 | Updated: | June 25, 2008 | |||
| Description: | The IBM Java development kit and runtime environment (prior to versions 1.5.0.7 and 1.4.2.11) suffer from a number of remotely-exploitable code execution vulnerabilities. | |||||
| Alerts: |
| |||||
kernel: information disclosure
| Package(s): | kernel | CVE #(s): | CVE-2008-2729 | ||||||||||||
| Created: | June 25, 2008 | Updated: | June 27, 2008 | ||||||||||||
| Description: | The kernel memory copy routines (on the x86_64 architecture only) do not always zero memory at the destination location, potentially leaking data. | ||||||||||||||
| Alerts: |
| ||||||||||||||
kernel: information disclosure
| Package(s): | kernel | CVE #(s): | CVE-2008-0598 | ||||||||||||
| Created: | June 25, 2008 | Updated: | June 27, 2008 | ||||||||||||
| Description: | From the Red Hat advisory: Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data. | ||||||||||||||
| Alerts: |
| ||||||||||||||
kernel: denial of service
| Package(s): | kernel | CVE #(s): | CVE-2008-2365 | ||||||
| Created: | June 25, 2008 | Updated: | June 27, 2008 | ||||||
| Description: | A race condition in the ptrace() system call can be exploited by a local user to hang the system. | ||||||||
| Alerts: |
| ||||||||
nasm: off-by-one error
| Package(s): | nasm | CVE #(s): | CVE-2008-2719 | |||
| Created: | June 23, 2008 | Updated: | June 25, 2008 | |||
| Description: | From the CVE entry: Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow. | |||||
| Alerts: |
| |||||
phpMyAdmin: cross-site scripting
| Package(s): | phpMyAdmin | CVE #(s): | |||||||
| Created: | June 25, 2008 | Updated: | June 25, 2008 | ||||||
| Description: | phpMyAdmin suffers from cross-site scripting vulnerabilities in several library scripts. From the advisory: "We were able to reproduce this only on systems where both of these conditions are true: the PHP register_globals setting is 'on' and the web server does not apply the settings contained in the .htaccess file that we placed in /libraries." | ||||||||
| Alerts: |
| ||||||||
ruby: multiple vulnerabilities
| Package(s): | ruby | CVE #(s): | CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 | ||||||||||||||||||
| Created: | June 25, 2008 | Updated: | July 3, 2008 | ||||||||||||||||||
| Description: | The ruby language suffers from a number of denial-of-service and code execution vulnerabilities; see this advisory for details. | ||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||
sblim: arbitrary code execution
| Package(s): | sblim | CVE #(s): | CVE-2008-1951 | ||||||
| Created: | June 24, 2008 | Updated: | June 25, 2008 | ||||||
| Description: | From the Red Hat advisory: It was discovered that certain sblim libraries had an RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. This RPATH pointed to a sub-directory of a world-writable, temporary directory. A local user could create a file with the same name as a library required by sblim (such as libc.so) and place it in the directory defined in the RPATH. This file could then execute arbitrary code with the privileges of the user running an application that used sblim (eg tog-pegasus). | ||||||||
| Alerts: |
| ||||||||
Page editor: Jake Edge
Kernel development
Release status
Kernel release status
The current 2.6 development kernel is 2.6.26-rc8, released by Linus on June 24. "It hasn't been a week, I know, and this is a pretty small set of changes since -rc7, but I'm going to be mostly incommunicado for the next week or so, so I just released what will hopefully be the last -rc." See the long-format changelog for all the details.2.6.26-rc7 was released on June 20; it contains another set of fixes and support for some new graphics cards.
As of this writing, no patches have been merged into the mainline git repository since 2.6.26-rc8.
The current stable 2.6 kernel is 2.6.25.9, released on June 24. It contains a small set of fixes, a couple of which have security implications. 2.6.25.8 was released on June 21 with about a dozen fixes.
Kernel development news
Quotes of the week
A position statement on closed-source kernel modules
A position statement on the distribution of closed-source kernel modules has been issued and signed by a long list of developers. "We, the undersigned Linux kernel developers, consider any closed-source Linux kernel module or driver to be harmful and undesirable. We have repeatedly found them to be detrimental to Linux users, businesses, and the greater Linux ecosystem. Such modules negate the openness, stability, flexibility, and maintainability of the Linux development model and shut their users off from the expertise of the Linux community. Vendors that provide closed-source kernel modules force their customers to give up key Linux advantages or choose new vendors. Therefore, in order to take full advantage of the cost savings and shared support benefits open source has to offer, we urge vendors to adopt a policy of supporting their customers on Linux with open-source kernel code." Click below for associated information and the names of the signatories.
Linux Graphics, a Tale of Three Drivers
James Bottomley has posted an essay on graphics drivers on the Linux Foundation site. "For Linux, the best way of demonstrating user satisfaction objectively is with the kerneloops project, which tracks reported problems with various kernels (an oops is something that's equivalent to a panic on Unix or blue screen on windows). For instance looking at the recently released 2.6.25 kernel one can see that both the binary Nvidia driver and binary ATI firegl driver account for positions in the top 15 oopses. If one follows the history, one finds that the binary drivers are always significant contributors to this list, whereas open source drivers appear and disappear (corresponding to people actually seeing the bugs and fixing them). This provides objective support for a significant kernel developer contention that it's harder to get fixes for binary drivers. The other bright spot is that the Intel graphics drivers rarely figure at all in the list also showing that if you want graphics to 'just work' then Intel is the one to choose."
A day in the life of linux-next
The merge window phase of the kernel development cycle is a hectic time. Over a period of about two weeks, between 5,000 and 10,000 changesets find their way into the mainline git repository. Simply managing that many patches would be hard enough, but the job is made more complicated by the fact that these changesets are not all independent of each other. The first changes to be merged can change the code base in ways that cause later patches to fail to apply. So merge windows have traditionally required maintainers to rework their queued patches to resolve conflicts which arise as other trees are merged. Given the tight time constraints (patches which aren't ready when the merge window closes generally sit out until the next cycle starts), this integration process has been known to put a fair amount of pressure on subsystem maintainers.The other person feeling the stress was Andrew Morton; one of his many jobs was to bash subsystem trees together in his -mm releases. That took a lot of his time and didn't really solve the problem in the end; much of the work which shows up in -mm isn't necessarily intended for the next development cycle. The end result of all this is that each merge window brought together large amounts of code which had never been integrated before.
Back in February, the linux-next tree was announced as a way to help ease some of these problems. We are now nearing the end of the first full development cycle to use linux-next, so it's worth taking a look to see how it is working out.
The idea behind this tree is relatively simple. Linux-next maintainer Stephen Rothwell keeps a list of trees (maintained with git or quilt) which are intended to be merged in the next development cycle. As of this writing, that list contains 95 trees, all full of patches aimed at 2.6.27. Once a day, Stephen goes through the process of applying these trees to the mainline, one at a time. With each merge, he looks for merge conflicts and build failures. The original plan for linux-next stated that trees causing conflicts or build failures would simply be dropped. In reality, so far, Stephen usually takes the time to figure out the problem; he'll then fix up or drop an individual patch to make everything fit again.
When this process is done, he releases the result as the linux-next tree for the day. Others then grab it and perform build testing on it; some people even boot and run the daily linux-next releases. All this results in a steady stream of problem reports, small fixes, patches moving from one tree to another, and so on - various bits of integration work required to make all of the pieces fit together nicely.
There is an interesting sort of implicit hierarchy in the ordering of the trees. Subsystem trees which are merged early in the process are less likely to run into conflicts than those which come later. When two trees do come into conflict, it's the owner of the later tree - the one which actually shows the conflict - who feels the most pressure to fix things up. The history so far, though, shows that there has been very little in the way of finger-pointing when conflicts arise, as they do almost every day. All of the developers understand that they are working on the same kernel, and they share a common interest in solving problems.
[PULL QUOTE: One aspect of this whole system remains untested, though: the movement of patches from linux-next into the mainline. END QUOTE] So, thus far, linux-next appears to be functioning as intended. It is serving as an integration point for the next kernel and helping to get many of the merging problems out of the way ahead of time. One aspect of this whole system remains untested, though: the movement of patches from linux-next into the mainline. As things stand now, there is no automatic movement between the trees; instead, maintainers will send their pull requests directly to Linus as always. If Linus refuses to merge certain trees, or if he merges them in an order different from their ordering in linux-next, integration problems could return. In the end, it seems like linux-next will have to drive the final integration process more than is anticipated now, but it will probably take a few development cycles to figure out how to make it all work.
Meanwhile, anybody who is interested in 2.6.27 can, to a great extent, run it now by grabbing linux-next. This tree has clarified one aspect of the development process: the 2-3 month "development cycle" run by Linus is, in fact, just the tip of the kernel development iceberg. It is the final integration and stabilization stage. Linux-next nearly doubles the length of the visible development cycle by assembling the next kernel long before Linus starts working on it. And even linux-next only comes into play toward the end of a patch's life.
In the past, Linus has pointedly worked to avoid overlapping the development and stabilization phases of the development cycle. There was no development tree at all for almost a year while 2.4 was beaten into reasonable shape. This separation was maintained out of a simple fear that an open development tree would distract developers from the more important task of finding and fixing bugs in the current stable release.
That separation is a thing of the past now; there are literally dozens of development trees which are open for business at all times. That can only be worrisome to those who are concerned about the quality of kernel releases; why should developers concern themselves with 2.6.26 bugs when 2.6.27 is being assembled and 2.6.28 is already on the radar? Whether such concerns are valid is likely to be a matter of ongoing debate.
Meanwhile, however, linux-next appears to have settled in as a long-term feature of the kernel development landscape. It is serving its purpose as a place to find and resolve integration problems; it has also had the effect of taking much of that integration work off of Andrew Morton's shoulders. And that, in turn, should free him to spend more time trying to get developers to fix all those bugs.
(See the linux-next wiki for more information on how to work with this tree).
What's AdvFS good for?
On June 23, HP announced that it was releasing the source for the "Tru64 Advanced Filesystem" (or AdvFS) under version 2 of the GPL. This is, clearly, a large release of code from HP. What is a bit less clear is what the value of this release will be for Linux. In the end, that value is likely to be significant, but it will be probably realized in relatively indirect and difficult-to-measure ways.AdvFS was originally developed by Digital Equipment Corporation for its version of Unix; HP picked it up when it acquired Compaq, which had acquired DEC in 1998. This filesystem offers a number of the usual features. It is intended to be a high-performance filesystem, naturally. Extent-based block management and directory indexes are provided. It does journaling for fast crash recovery. There is an undelete feature. AdvFS is also designed to work in clustered environments.
Much of the thought that went into AdvFS was concerned with avoiding the need to take the system down. There is a snapshot feature which can be used to make consistent backups of running systems. Defragmentation can be done online. There is a built-in volume management layer which allows storage devices to be added to (or removed from) a running filesystem; files can also be relocated across devices. The internal volume manager can perform striping of files across devices, but nothing more advanced than that; AdvFS will happily work on top of a more capable volume manager, though.
There are a few things which AdvFS does not have. There is no checksumming of data, and, thus, no ability to catch corruption. Online filesystem integrity checking does not appear to be supported. The maximum filesystem size (16TB) probably seemed infinite in the early 1990's, but it's starting to look a little tight now. In general, AdvFS looks like something which was a very nice filesystem ten or fifteen years ago, but it has little that is not either available in Linux now, or in the works for the near future. And AdvFS doesn't even work with Linux - no porting effort has been made, and it's not clear that one will be made. So is this release just another dump of code being abandoned by its corporate owner?
One could make a first answer by saying that, even if this were true, it would still be welcome. If a company gives up on a piece of code, it's far preferable to put it out for adoption under the GPL than to let it rot until nobody can find it anymore. But there may well be value in this release.
Even if there is no point in trying to make it work under Linux, the AdvFS code is the repository of more than a decade of experience of making a high-end filesystem work in a commercial environment. Your editor had stopped working with DEC systems by the time AdvFS came out, but the word he heard from others is that the early releases were, shall we say, something that taught administrators about the value of frequent backups. But after a few major releases, AdvFS had stabilized into a fast, solid, and reliable filesystem. The current code will embody all of the hard lessons that were learned in the process of getting to that point.
Chris Mason, who is currently working on the Btrfs filesystem, puts it this way:
Having that code licensed under the GPL is especially useful: any code which is useful in its current form can be pulled quickly into Linux. And, even when the code itself cannot be used, the ideas that it embodies can be borrowed without fear. And that is exactly what HP was hoping to encourage with this release:
And that would appear to be likely to happen. Over time, the best ideas and experience from AdvFS should find their way into the filesystems supported by Linux, even if AdvFS, itself, never becomes one of those filesystems. So HP has made a significant contribution to the kernel development process, one which will probably never show up in the changeset counts and other easily-obtained metrics.
(Those interested in learning more about AdvFS would be well advised to grab the documentation tarball from the AdvFS sourceforge page. The "Hitchhiker's guide" is a good starting place, though, at 229 pages, it's not for hitchhikers who prefer to travel light.)
Freezing filesystems and containers
Freezing seems to be on the minds of some kernel hackers these days, whether it is the northern summer or southern winter that is causing it is unclear. Two recent patches posted to linux-kernel look at freezing, suspending essentially, two different pieces of the kernel: filesystems and containers. For containers, it is a step along the path to being able to migrate running processes elsewhere, whereas for filesystems it will allow backup systems to snapshot a consistent filesystem state. Other than conceptually, the patches have little to do with each other, but each is fairly small and self-contained so a combined look seemed in order.
Takashi Sato proposes taking an XFS-specific feature and moving it into the filesystem code. The patch would provide an ioctl() for suspending write access to a filesystem, freezing, along with a thawing option to resume writes. For backups that snapshot the state of a filesystem or otherwise operate directly on the block device, this can ensure that the filesystem is in a consistent state.
Essentially the patch just exports the freeze_bdev() kernel function in a user accessible way. freeze_bdev() locks a file system into a consistent state by flushing the superblock and syncing the device. The patch also adds tracking of the frozen state to the struct block_device state field. In its simplest form, freezing or thawing a filesystem would be done as follows:
ioctl(fd, FIFREEZE, 0);
ioctl(fd, FITHAW, 0);
Where fd is a file descriptor of the mount point and the argument is ignored.
In another part of the patchset, Sato adds a timeout value as the argument to the ioctl(). For XFS compatibility—though courtesy of a patch by David Chinner, the XFS-specific ioctl() is removed—a value of 1 for the pointer argument means that the timeout is not set. A value of 0 for the argument also means there is no timeout, but any other value is treated as a pointer to a timeout value in seconds. It would seem that removing the XFS-specific ioctl() would break any applications that currently use it anyway, so keeping the compatibility of the argument value 1 is somewhat dubious.
If the timeout occurs, the filesystem will be automatically thawed. This is to protect against some kind of problem with the backup system. Another ioctl() flag, FIFREEZE_RESET_TIMEOUT, has been added so that an application can periodically reset its timeout while it is working. If it deadlocks, or otherwise fails to reset the timeout, the filesystem will be thawed. Another FIFREEZE_RESET_TIMEOUT after that occurs will return EINVAL so that the application can recognize that it has happened.
Moving on to containers, Matt Helsley posted a patch which reuses the software suspend (swsusp) infrastructure to implement freezing of all the processes in a control group (i.e. cgroup). This could be used now to checkpoint and restart tasks, but eventually could be used to migrate tasks elsewhere entirely for load balancing or other reasons. Helsley's patch set is a forward port of work originally done by Cedric Le Goater.
The first step is to make the freeze option, in the form of the TIF_FREEZE flag, available to all architectures. Once that is done, moving two functions, refrigerator() and freeze_task(), from the power management subsystem to the new kernel/freezer.c file makes freezing tasks available even to architectures that don't support power management.
As is usual for cgroups, controlling the freezing and thawing is done through the cgroup filesystem. Adding the freezer option when mounting will allow access to each container's freezer.state file. This can be read to get the current freezer state or written to change it as follows:
# cat /containers/0/freezer.state
RUNNING
# echo FROZEN > /containers/0/freezer.state
# cat /containers/0/freezer.state
FROZEN
It should be noted that it is possible for tasks in a cgroup to be busy
doing something that will not allow them to be frozen. In that case, the
state would be FREEZING. Freezing can then be retried by
writing
FROZEN again, or canceled by writing RUNNING. Moving the
offending tasks out of the cgroup will also allow the cgroup to be
frozen. If the
state does reach FROZEN, the cgroup can be thawed by writing
RUNNING.
In order for swsusp and cgroups to share the refrigerator() it is necessary to ensure that frozen cgroups do not get thawed when swsusp is waking up the system after a suspend. The last patch in the set ensures that thaw_tasks() checks for a frozen cgroup before thawing, skipping over any that it finds.
There has not been much in the way of discussion about the patches on linux-kernel, but an ACK from Pavel Machek would seem to be a good sign. Some comments by Paul Menage, who developed cgroups, also indicate interest in seeing this feature merged.
Patches and updates
Kernel trees
- Linus Torvalds: Linux 2.6.26-rc8. (June 25, 2008)
- Linus Torvalds: Linux 2.6.26-rc7. (June 20, 2008)
- Greg KH: linux-staging for 2.6.26-rc7. (June 22, 2008)
- Greg KH: Linux 2.6.25.9. (June 24, 2008)
- Greg KH: Linux 2.6.25.8. (June 22, 2008)
- Steven Rostedt: 2.6.25.8-rt7. (June 24, 2008)
- Steven Rostedt: 2.6.24.7-rt14. (June 23, 2008)
Core kernel code
- Bernhard Walle: Introduce userspace interface for Firmware-provided memory map. (June 23, 2008)
- Nathan Lynch: sched: allow arch override of cpu power. (June 23, 2008)
- Miklos Szeredi: splice: cleanups and fixes. (June 23, 2008)
- Gregory Haskins: RT: scheduler newidle enhancements. (June 24, 2008)
Development tools
- Huang, Ying: lockdep: add lock_class information to lock_chain and output it. (June 20, 2008)
- Vegard Nossum: softirq softlockup debugging. (June 22, 2008)
- Mathieu Desnoyers: Tracepoint proposal. (June 23, 2008)
- Tim Bird: add diffconfig utility (v2). (June 24, 2008)
- Haavard Skinnemoen: dmatest: Simple DMA memcpy test client. (June 25, 2008)
Device drivers
- Dmitry Baryshkov: Add support for power_supply on tosa. (June 22, 2008)
- Alan Cox: tty updates proposed for 2.6.27. (June 23, 2008)
- David Altobelli: HP iLO driver. (June 23, 2008)
- Nicolas Pitre: DMA engine driver for Marvell XOR engine. (June 23, 2008)
- Ben Dooks: DM9000 for next kernel release.. (June 25, 2008)
Documentation
- Michael Kerrisk: man-pages-3.01 is released. (June 25, 2008)
Filesystems and block I/O
- Xose Vazquez Perez: AdvFS released under GPLv2. (June 23, 2008)
- Takashi Sato: freeze feature ver 1.6. (June 24, 2008)
- Al Viro: vfs patches. (June 25, 2008)
- Joe Peterson: UTC timestamp option for FAT filesystems. (June 25, 2008)
Janitorial
- Jonathan Corbet: fasync() BKL pushdown. (June 23, 2008)
Memory management
- Balbir Singh: memrlimit improve error handling. (June 23, 2008)
- Timur Tabi: Add alloc_pages_exact() and free_pages_exact(). (June 24, 2008)
Networking
- Henrique de Moraes Holschuh: rfkill rework for 2.6.27 (v2). (June 23, 2008)
- Ben Greear: RFC: Patch to add support for multiple multicast routing tables.. (June 25, 2008)
- Adam Langley: Long options. (June 25, 2008)
Security-related
- David Howells: Introduce credentials [ver #4]. (June 23, 2008)
- David Howells: Linux Credentials document, first draft. (June 23, 2008)
Virtualization and containers
- menage@google.com: CGroup Files: Add write_string control file method. (June 23, 2008)
- Matt Helsley: Container Freezer: Reuse Suspend Freezer. (June 24, 2008)
- sukadev-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org: Save/restore pipe state. (June 24, 2008)
- Nadia.Derbey-6ktuUTfB/bM@public.gmane.org: [RFC PATCH 0/6] SYSVIPC/semaphores - allow saving/restoring a process' semundo_list. (June 25, 2008)
- Jeremy Fitzhardinge: [PATCH 00 of 36] x86/paravirt: groundwork for 64-bit Xen support. (June 25, 2008)
Benchmarks and bugs
- Rafael J. Wysocki: 2.6.26-rc7-git2: Reported regressions from 2.6.25. (June 23, 2008)
Page editor: Jonathan Corbet
Distributions
News and Editorials
Debian Lenny and the Eee PC?
The ASUS Eee PC, a subnotebook computer, was first introduced at at COMPUTEX Taipei 2007. The first models came with a modified version of the Xandros operating system. Xandros has roots in Debian, and strives to be easy-to-use for first time Linux users and Windows-centric businesses. The company has never been afraid of using proprietary components to make that happen, which has made it less popular with free software fans.The little PCs, meanwhile, proved to be very popular. According to Wikipedia, ASUS sold over 300,000 units in 2007. Microsoft must have felt left out, so the next generation of the little notebooks were available with a modified version of XP. At the 2008 COMPUTEX DistroWatch noted that "not all was well at the ASUS stand. As a visitor interested in Linux, I was disappointed to find just one of the products on display running the open source operating system. Even worse was the fact that the entire area was plastered with advertisements displaying large Windows and Microsoft logos. The only flyer available at the stand was a Microsoft one entitled "It's better with Windows"."
Naturally, the free software community has been working on free Linux variants to run on these small boxes. The most notable projects are EeeDora, a Fedora based variant and the DebianEeePC project.
Now it seems the Debian effort may have a chance at becoming an official OS for the 2009 Eee PC. In a recent post to the Debian-eeepc-devel mailing list, Ben Armstrong says, "I just received an encouraging note from Ellis Wang of Asus in Taiwan following up on Martin Michlmayr's suggestions to Asus about how they could work more closely with the Debian community. Ellis has assigned Robert Huang the task of putting a working relationship in place between Asus and Debian, with backup provided by five other Asus employees."
It would be great if ASUS would make pre-installed Debian Eee PC models. But even if they don't, free software enthusiasts can install their choice of EeeDora or custom Debian for themselves.
New Releases
openSUSE 11.0 GM released
The openSUSE 11.0 GM release is available. "The 11.0 release of openSUSE includes more than 200 new features specific to openSUSE, a redesigned installer that makes openSUSE even easier to install, faster package management thanks to major updates in the ZYpp stack, KDE 4, GNOME 2.22, and much more." See this page for some of the highlights from this release.
CentOS 5.2 released
CentOS 5.2 is out for the i386 and x86_64 architectures, with PowerPC, IA64, and Sparc to follow. "CentOS-5.2 is based on the upstream release EL 5.2.0, and includes packages from all variants including Server and Client. All upstream repositories have been combined into one, to make it easier for end users to work with. And the option to further enable external repositories at install time is now available in the installer."
BackTrack 3 Final has been released
BackTrack, a live CD for penetration testing, has released v3. "As usual, updated, sharpened, SVN'ed and armed to the teeth. This release we have some special features such as spoonwep, fastrack and other cool additions."
Distribution News
Debian GNU/Linux
A report from the Debian Testing security team
The security team for the Debian Testing distribution has sent out a status report; it seems that there is now almost complete security update coverage for Testing. "The only remaining blocker for full security support at this point is the kernel. We are talking to the kernel security team about providing testing-security support, but at the moment this task lacks manpower. If you are willing to work on this, please feel free to contact us. Otherwise, in terms of security at this point we recommend using the stable kernel or if that is not an option, the unstable kernel."
Gentoo Linux
Gentoo Council nominations are now closed
Gentoo Council nominations are closed and voting has begun. Click below for the list of nineteen candidates and other details.
SUSE Linux and openSUSE
GNOME Helping Hands Project Launches
The openSUSE-GNOME Team has announced the launch of the Helping Hands Project. The first event will be the Helping Hands Grand Opening in the #opensuse-gnome channel on the FreeNode IRC network, June 27th. "The Helping Hands Project is designed to bring together experts from various areas of the GNOME environment with users who want to learn more about openSUSE-GNOME and applications that run in the GNOME environment. Helping Hands Experts will present on the topic of the week and then open the floor up for questions and answers from users."
Other distributions
The NetBSD Foundation Moves to a Two Clause BSD License
Better late than never: the NetBSD Foundation has moved to the simplified, two-clause license used by most other BSD-related projects. "We have seen organisations and people concerned about the old clause 3 (the advertising clause) in the license, to the extent where NetBSD code could not be used in commercial products; the new license means that these concerns are no longer valid." (Thanks to Rick Moen).
Distribution Newsletters
Ubuntu Weekly Newsletter #96
The Ubuntu Weekly Newsletter for June 21, 2008 covers how to run a Bug Jam, French Live CD derivative, new core developers, Jalapa (Nicaragua) government migrates to Ubuntu, Pennsylvania LoCo featured on local radio, Ubuntu in the Debian Packages Tracking System, Launchpod episode #4, new edition of the Official Ubuntu Book, and much more.
DistroWatch Weekly, Issue 258
The DistroWatch Weekly for June 23, 2008 is out. "openSUSE 11.0, Firefox 3.0, Red Hat Summit - these were the main events that kept the Linux news sites busy over the past week. The latest release of Novell's community distribution resulted in a large number of first-look reviews, the authors of which seemed to be impressed with the effort of the developers. Fast and pretty? Definitely. Bleeding-edge? Maybe. Unstable? Absolutely not. Despite the many experimental technologies, KDE 4 and other new features, openSUSE 11.0 appears to be a much improved, well-tested and meticulously designed operating system that should please even the most demanding desktop Linux user. In other news, Mandriva announces a release plan for its upcoming version 2009, Red Hat extends support for its enterprise distributions, Debian and ASUS cooperate on a new Debian solution for the Eee PC, and Ubuntu's Netbook Remix gets a thumbs up from a satisfied user. Finally, the DistroWatch's package database receives a number of new additions - read on for details."
Distribution meetings
FUDCon report from the Fedora Project Leader (Red Hat Magazine)
Red Hat Magazine is carrying a report from FUDcon written by project leader Paul Frields. "Last night, Infrastructure team leader Mike McGrath announced a one-two punch of free software goodness for Fedora. First, our Fedora Account System is now an OpenID provider. This means that the identity you create in the Fedora Project can be used across thousands of web sites. The other big announcement was the new Fedora telephony system, 'Fedora Talk,' based on the juggernaut free software VoIP project Asterisk."
Page editor: Rebecca Sobol
Development
The Elastix PBX system
Elastix is a Linux-based telephone Private Branch eXchange (PBX) telephony system that is built on the CentOS Linux distribution. Elastix uses the Asterisk PBX software as its base and adds a number of extensions. Elastix is being developed by PaloSanto Solutions.
From the Elastix User Manual [pdf]:
Some of the Elastix features include:
- A web-based user interface.
- A built-in help interface.
- Modular design for easy management of features.
- Support for multiple virtualized systems on one platform.
- Can present a variety of system status reports.
- A built-in voicemail system.
- Support for VoIP telephony.
- Support for faxes with fax to email conversion.
- Support for instant messaging.
- a built-in mail server.
- Support for video phones.
- A billing interface.
- Support for automatic outgoing telemarketing calls.
- Multi-language support.
Stable version 1.1 of Elastix was recently announced:
![[Elastix]](/images/ns/Elastixlogo.png)
An Elastix 1.1 CD image was downloaded and burned onto a CDROM. The CD was installed onto an old 1.4 Ghz Athlon system with a 15GB hard drive. To actually use the system, an Asterisk-compatible telephone interface card should be installed on the host machine. The system installed with no problems, booted up and the login screen came up with a message to access the system via the web on the DHCP-supplied LAN address.
The Elastix web interface was accessed from another local machine. At this point, the documentation (still at version 0.9) fell short due to a lack of information on the required username/password. A little searching on Google revealed the answer (admin/palosanto) from the online Elastix PBX Installation instructions.
Once logged into the web interface, clicking through the many different pages showed that the system appeared to be functioning normally. An incredible array of capabilities exist in the system and it looks to be fairly easy to master. It was not possible to test any real telecom uses due to the lack of a telephone interface card, however adding and configuring a card can be done after the system has been installed.
If you have a need for a low cost PBX, or simply want an easy way to play with Asterisk, Elastix is a good way to proceed.
System Applications
Database Software
PostgreSQL Weekly News
The June 22, 2008 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
Web Site Development
Midgard 1.9.0 alpha1 released
Version 1.9.0 alpha1 of the Midgard web content management system has been announced. "Midgard 1.9 has been designed as a version easing the transition from Midgard 1.x to Midgard 2. To aid developers, the release includes both the classic Midgard APIs that are now deprecated, and the new schema-based Midgard 2 APIs. This means that the release can be used to run both Midgard 1 applications like the version 2.8 of the MidCOM component framework, and Midgard 2 applications like MidCOM 3. Some new and experimental features of Midgard 2 series like D-Bus signaling on I/O events is also available on Midgard 1.9."
Midgard 2.0.0 alpha2 released
Version 2.0.0 alpha2 of the Midgard web content management system has been announced. "The second alpha of the Midgard 2.0 branch is targeted at web framework and desktop developers. This release does not consist of the CMS components, but instead targets at providing the development tools for building a modern web framework. Framework based not only on one tool, but which can connect multiple technologies and languages. This is also the first Midgard release which doesn't provide Apache module. The version 3 of MidCOM web content management components for PHP5 are currently in the process of being ported to the Midgard 2.0 platform."
nginx 0.7.5 released
Version 0.7.3 of the nginx web server has been announced, it adds some new functionality and a bug fix. See the CHANGES file for details.
Desktop Applications
BitTorrent Applications
aria2: 0.14.0 released (SourceForge)
Version 0.14.0 of aria2 has been announced. "aria2 is a utility for downloading files. The supported protocols are HTTP(S),FTP, BitTorrent, Metalink. It can download a file from multiple sources/protocols and utilizing your download bandwidth to the maximum. This release adds epoll support for linux and the ability to limiting the number of files to be opened to support more than 1024 files in multi file torrent."
Desktop Environments
GARNOME 2.23.4 released
Version 2.23.4 of GARNOME, the bleeding edge GNOME distribution, has been announced. "This is the third development release on our trip to GNOME 2.24, which will be out in September. This release is for anyone who wants to get his hands dirty on the development branch, or who'd like to get a peek at future features. If you want to help spot issues in GARNOME, this release is for you as well."
GNOME Software Announcements
The following new GNOME software has been announced this week:- Evince 2.23.4 (new features, bug fixes and translation work)
- gtkmm-utils 0.3.2 (new features and bug fixes)
- nemiver 0.5.4 (bug fixes and translation work)
- PaperBox 0.3.1 (bug fix)
- Tasque 0.1.6 (new features and bug fixes)
KDE 4.1 Beta 2 ready for testing (KDE.News)
KDE.News notes the availability of the second beta of KDE 4.1. "Another milestone on the road towards KDE 4.1 has been packaged and put online for testing. The release notes highlight some features in Dolphin and Gwenview, as well as additional information on where to get the release, make sure you also check your distributor's websites as well. While there are some bugs left, the release already works quite solidly on most people's machines."
KDE Software Announcements
The following new KDE software has been announced this week:- AerX 1.0 (initial release)
- FALF Player 1.2/1.3dev (new features and bug fixes)
- KAlarm 1.5.3 / 2.0.0 beta (bug fixes and translation work)
- KMLDonkey 0.11 for KDE3 (new features and bug fixes)
- KTrafficAnalyzer 0.4.0-1 (new features and bug fixes)
- ManDVD 2.5-0 (bug fixes)
- MPlayerThumbs 1.0 (new features and bug fixes, first stable release)
- NoteFinder 2.1 (usability improvements)
- QVideoConverter 0.2 (new features)
- simon 0.1-alpha-2 (new features and bug fixes)
- SMILE 0.1.3 (performance improvements and bug fixes)
- YouTube Downloader+ 1.7 (unspecified)
Xorg Software Announcements
The following new Xorg software has been announced this week:- pixman 0.11.6 (new feature and bug fix)
- xf86-input-diamondtouch 0.3.0 (new features, bug fixes and documentation work)
- xf86-input-evdev-2.0.1 (bug fixes)
- xf86-video-ati 6.8.192 (new features, bug fixes and documentation work)
Fonts and Images
Linux Libertine version 2.8.14 released
Version 2.8.14 of the Linux Libertine font set has been announced. "Recent changes are: - TTF-Hinting improvements because of better TTF-Instruction of FontForge - some small kerning improvements - glyphs U+02BE and U+02BF are no combining charakters > corrected - kerning problem with 9 in italic corrected - some small corrections as usual - slavonic church signs added - Added cartouches for numbers between 0 and 99 at uniE128 till uniE12A - Change punctuationspace to width of fullstop (.) It is now 450 of width and not 350. New is furthermore our XeTex tutorial"
Mail Clients
Sylpheed 2.5.0 released
Stable version 2.5.0 of the Sylpheed mail client has been announced. "2.5.0 includes several new features and feature improvements. Stability has been also improved."
Multimedia
Gnash 0.8.3 released
Version 0.8.3 of the Gnash flash player has been announced. "Improvements since 0.8.2 release are: * Native fullscreen support (from AS) implemented. * Long command-line options properly supported. * View detailed movie information from GTK gui. * Added an option in Preferences to initially display a movie as a blank ("Click here to start") screen. * Added "dump" GUI to dump a movie to disk. * Improved Cairo rendering performance. * Fix support for OpenOffice Impress SWF exporter (malformed..)"
Music Applications
libsmf 1.1 released
Version 1.1 of libsmf has been announced. "Libsmf is a library for loading and writing Standard MIDI Files, i.e. files with the ".mid" extension. The only dependancy is glib. It was tested under Linux, FreeBSD and Solaris."
Office Applications
Chandler Desktop 0.7.7 released
Version 0.7.7 of Chandler Desktop, a networked information management system, has been announced. "For more information on the 0.7.7 release of Chandler Desktop, including a link to the list of bugs fixed, see the following blog post".
Languages and Tools
Caml
Caml Weekly News
The June 24, 2008 edition of the Caml Weekly News is out with new articles about the Caml language.
Haskell
Haskell Weekly News
The June 18, 2008 edition of the Haskell Weekly News is out with new Haskell language articles.
Perl
Parrot 0.6.3 released
Version 0.6.3 of Parrot has been announced, it includes several new capabilities, performance improvements and bug fixes. "On behalf of the Parrot team, I'm proud to announce Parrot 0.6.3 "Beautiful Parrot." Parrot is a virtual machine aimed at running all dynamic languages."
This Week on perl5-porters (use Perl)
The June 7-13, 2008 edition of This Week on perl5-porters is out with the latest Perl 5 news.
Python
Python 2.6b1 and 3.0b1 are available
Versions 2.6b1 and 3.0b1 of Python have been announced. "On behalf of the Python development team and the Python community, I am happy to announce the first beta releases of Python 2.6 and Python 3.0. Please note that these are beta releases, and as such are not suitable for production environments. We continue to strive for a high degree of quality, and these releases are intended to freeze the feature set for Python 2.6 and 3.0. From now until the planned final releases in September 2008, we will be fixing known problems and stabilizing these new Python versions. You can help by downloading and testing them, providing feedback and hopefully helping to fix bugs"
Realizing Jython 2.5 (Front Range Pythoneering)
Jim Baker discusses the latest Jython progress on his blog. Jython is an implementation of Python written in Java. "Jython 2.5 is really, finally, unbelievably coming together. This is the next release of Jython, after last summer's 2.2. In a nutshell, we have completed all new language features using an Antlr parser, except for absolute imports. All bytecode generation work, now using an ASM backend, is done. Of course, there are many outstanding bugs."
Sphinx 0.4 released
Version 0.4 of Sphinx has been announced, some new capabilities have been added. "Sphinx is a tool that makes it easy to create intelligent and beautiful documentation for Python projects (or other documents consisting of multiple reStructuredText source files)."
Python-URL! - weekly Python news and links
The June 24, 2008 edition of the Python-URL! is online with a new collection of Python article links.
Tcl/Tk
Tcl-URL! - weekly Tcl news and links
The June 19, 2008 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.
IDEs
Pydev and Pydev Extensions 1.3.18 released
Version 1.3.18 of Pydev and Pydev Extensions have been announced, some new features have been added. "PyDev is a plugin that enables users to use Eclipse for Python and Jython development -- making Eclipse a first class Python IDE -- It comes with many goodies such as code completion, syntax highlighting, syntax analysis, refactor, debug and many others."
Version Control
GIT 1.5.6 released
Version 1.5.6 of the GIT distributed version control system is out with a number of new capabilities and some bug fixes.
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Open Source Data Recovery Tools To The Rescue (InformationWeek)
InformationWeek has posted a lengthy look at open source data recovery tools. "The authors of TestDisk have created an excellent file-carving tool called PhotoRec, which recovers many common file formats from pretty much any type of media. This is about as essential a standalone file-recovery tool as you're going to get. I tried it out on a camera card I'd written off as wiped out after a recent trip, and managed to recover literally everything from the card -- both pictures and video. It wasn't able to recover some of the actual filenames, but the files themselves were all perfectly readable."
Trade Shows and Conferences
Virtualization and Linux: Red Hat unveils new vision (IDG.no)
IDG.no reports on Red Hat's latest virtualization software moves. "Three strategic virtualization initiatives were the stars of the show as Linux powerhouse Red Hat opened its Red Hat Summit Wednesday in Boston. What do the Red Hat moves mean to you? More options in open source virtualization tools and a new open source effort around virtualization security, for starters. The Red Hat move that will catch the eye of most users is the Embedded Linux Hypervisor, oVirt. This is a lightweight, embeddable hypervisor that currently lets you run Red Hat Enterprise Linux and Microsoft Windows VMs (virtual machines) on Linux."
Red Hat Enterprise Linux 4 and 5 get another year of TLC (The Register)
The Register reports that Red Hat has extended the support for RHEL. "Red Hat Enterprise Linux (RHEL) versions 4 and 5 are going to stick around in full support mode a full year longer. Red Hat outlined its complex release roadmap during the Red Hat Summit in Boston. It plans to extend the initial "intensive enablement" release phase of both RHEL versions 4 and 5 from three years of earnest support to an even four years."
Linux at Work
Linux-powered, clarinet-playing robot wins prize (ComputerWorld)
ComputerWorld Kenya takes a look at a Linux-powered, clarinet-playing robot. "The robot is controlled via an off-the-shelf microcontroller board from embedded systems company, Gumstix. "To get networking we plugged in a daughter board, and another board for the console, so we ended up with a stack of boards. The Gumstix board is an ARM processor running an Open Embedded Linux distribution," [Dr John] Judge told Computerworld."
Reviews
Hotwire: a combined terminal/GUI for GNU/Linux (Free Software Magazine)
Free Software Magazine looks at a new application called Hotwire. "Whenever I first stumbled across upon Hotwire (released under the GPL 2 for the user interface and a permissive MIT-style licence for everything else), certain childhood rhymes sprang irresistibly to mind: Jack of all trades, master of none, Jack Spratt could eat no fat, his wife could eat no lean, amongst them. The problem is actually trying to give a pithy and accurate definition of Hotwire without tripping up yourself, so who better to describe it than its developer, Colin Walters of Red Hat, who has described Hotwire as "an object oriented hypershell" and "a modern Python-based extensible crossplatform shell environment"."
First look: OpenSUSE 11 out, offers best KDE 4 experience (ars technica)
ars technica has a quick review of OpenSUSE 11. "This is a very strong OpenSUSE release with a lot of compelling improvements. OpenSUSE 11 offers the best KDE 4 experience out there and will continue to be our reference distribution for KDE testing. OpenSUSE 11 is also an increasingly solid choice for GNOME users—its unique GNOME customizations add a nice level of polish, and the inclusion of Banshee and Beagle ensure that it provides a better set of default applications out of the box than Ubuntu and Fedora."
Run Windows Apps in Linux with Wine 1.0 (LifeHacker)
LifeHacker reviews Wine 1.0. "Wait, before I try this, will X program run okay in Wine? Good question—luckily, there's probably an answer. The Wine AppDB lists all the programs that run and don't run under Wine, and to what degrees. You'll see rankings randing from "Platinum" (runs pretty much flawlessly) to "Bronze" (some functions may not work at all, but otherwise runs) to "Garbage" (don't bother). In general, any apps that rely on other Windows apps or functions, or interact with the Windows desktop, won't work as well, if at all. That means Adam's super-useful Texter app doesn't work in Wine, for example."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
Announcing Bitbucket
Jesper Noehr has announced the Bitbucket project. "Bitbucket is a place for you and your team to host and follow your Mercurial projects. Mercurial is a so-called DVCS, or Distributed Version Control System, a new paradigm in version control, rapidly substituting the likes of Subversion and CVS."
Liberty Alliance Marks Policy and Privacy Milestone for Identity-Enabled Applications
Liberty Alliance has announced the release of the Liberty Identity Assurance Framework (IAF) and the Liberty Identity Governance Framework (IGF). The IAF defines a global standard framework and necessary support programs for validating trusted identity assurance service providers. The IGF is a declarative policy framework for managing identity flows within organizations. The implementation is ongoing at OpenLiberty.org. More details on the IGF can be found in this press release.
Over 8,000,000 Mozilla Firefox 3 Downloads in 24 Hours (MozillaZine)
MozillaZine reports on the download rate for the newly released Firefox 3 browser. "The official Mozilla Blog reports that there were over eight million downloads of Mozilla Firefox 3 in the twenty-four hours after release, despite the widespread server availability problems. The Spread Firefox Download Day 2008 page has an interactive map showing the numbers of downloads in different countries and Mozilla Corporation CEO John Lilly has a weblog post with more statistics from Firefox 3's first twenty-four hours."
NoTA Embedded Device Communication Architecture open-sourceed
The NoTA Embedded Device Communication Architecture has been released as open-source software. "We have released an open-source version of "NoTA", which is a new communications architecture for embedded devices. Publication took place during the first NoTA Conference, on June 11th in Helsinki."
EFF wants help busting the Seer patent
The Electronic Frontier Foundation has sent out a call for prior art relating to a digital music sequencing patent held by Seer Systems. "We are especially interested in prior art (before 1997) relating to downloading and playing parts of 'musical work files' in real time. One such example might be a system for streaming media files by taking the file one piece at a time and downloading the necessary sound files and musical data for that part before playing it and moving on to another section."
The Symbian Foundation launches
The Symbian Foundation has announced its existence. The foundation's plan is to make the Symbian S60 handset platform available royalty-free to its members - for now. "Also, it will commit to moving the platform to open source during the next two years, with the intent to use the Eclipse Public License. This will make the platform code available to all for free, bringing additional innovation to the platform and engaging even a broader community in future developments." This is all a result of Nokia's purchase of Symbian.
UKUUG appeals the initial court decision on BSI's OOXML action
The UK's Unix & Open Systems User Group (UKUUG) has announced that it will appeal a legal decision on OOXML. "The High Court has rejected the UKUUG's application for a Judicial Review of BSI's actions in voting 'yes' to the fast-tracking of the Microsoft sponsored DIS29500 (OOXML) in April 2008. UKUUG is appealing that decision since it believes that the judge was wrong in his reading of the papers. The matter will now be heard in open court. UKUUG believe that problems in OOXML might be resolved but only after a thorough and open examination of over 1,000 technical and several legal issues by experts in this field from all interested stakeholders. Only some 20% of issues initially found were adequately discussed at the BRM, OOXML is thus riddled with technical holes; no one can implement it." (Thanks to Alain Williams).
Commercial announcements
Black Duck on GPLv3 adoption
Black Duck Software observes the first anniversary of GPLv3 with a press release about its study of adoption of this license. "Since the release of GPLv3, 2,345 open source projects have opted to use the license. The number of projects covered by GPLv3 has been growing at a rate of about 20 percent per month over the past six months. Ubuntu, SugarCRM, Samba and Funambol are a few of the widely used projects that have selected GPLv3." Version 2 is still the dominant license, though.
Komodo IDE 4.4 and Komodo Edit 4.4 released
ActiveState has released version 4.4 of Komodo IDE and Komodo Edit. "Komodo IDE is a commercial multi-platform integrated development environment for dynamic languages (Python, Ruby, Perl, PHP, JavaScript) and web tech (HTML, CSS, XML, XSLT): full-featured debuggers; code browsing; Subversion, CVS and Perforce integration, regular expression toolkit (Rx); interactive shells; and everything in Komodo Edit."
Openmoko signs five distributors for Freerunner mobile phone
Openmoko has announced the signing of five new Distributors for its Freerunner open-source mobile phone. "Today, Openmoko will begin shipping the next generation Neo Freerunner to Pulster, Golden Delicious Computers and TRIsoft located in Germany, Bearstech in France and IDA Systems based in India."
SLES10 Installer now available for Open-Xchange Server 5
A new Open-Xchange Server installer is available for SLES 10. "Sterne&Co. LLC is proud to announce the release of an installer for Open-Xchange Server 5 for SUSE Linux Enterprise Server 10. This 64-bit installer was developed and funded by Sterne&Co. LLC in response to customer demand. This third party installer is NOT a supported product of Open-Xchange Inc. nor Novell Inc. Open-Xchange Server 5 is an email and groupware software application based on open source technology. Until now, OpenExchange Server 5 was only available on SUSE Linux 9 or Red Hat 4."
Yamaha announces Linux-based Internet Piano
Yamaha Corporation of America has announced version 3.0 of their Linux-based Yamaha Disklavier Piano. ""When a piano comes with a hard drive, Ethernet jack, video output, stereo speakers, audio/microphone input, CD and floppy drives, USB jacks and an open-source Linux operating system, all kinds of new tricks are possible." -- David Pogue, New York Times, April 17, 2008"
New Books
Essential SQLAlchemy - New from O'Reilly
O'Reilly has published the book Essential SQLAlchemy by Rick Copeland.
The Ultimate HTML Reference--New from SitePoint
SitePoint has published the book The Ultimate HTML Reference by Ian Lloyd.
Calls for Presentations
CfP: First International Conference on Software Language Engineering
A call for papers has gone out for the First International Conference on Software Language Engineering (SLE 2008). The conference takes place in Toulouse, France on September 29-30, 2008, submissions are due by July 14, 2008.
IFIP Working Conference on Domain Specific Languages cfp
A call for papers has gone out for the IFIP Working Conference on Domain Specific Languages. The event takes place in Oxford, England on July 15-17, 2009, submissions are due by December 14, 2008.
make art 2008 Call for projects
A call for projects has gone out for make art 2008. "Make Art is an international festival dedicated to the integration of Free/Libre Open Source Software (FLOSS) in digital art. The third edition of make art - OpenOS - will take place in Poitiers (FR), from the 24th to the 30th of November 2008. make art offers performances, presentations, workshops and an exhibition, focused on the blurred line between art and software programming. We're currently seeking new, innovative FLOSS based works and projects: music and audiovisual performances, presentations, software demos, and installations."
Upcoming Events
EFMI Special Topic Conference on Open Source (LinuxMedNews)
The EFMI Special Topic Conference on Open Source has been announced.