LWN.net Weekly Edition for December 6, 2007
Development process latency
Your editor recently reached a point where a replacement of his main desktop system became imperative. The old one was showing certain signs of hardware flakiness, coupled with a basic inability to run some of the software your editor is trying to play with for a future article. Let's just say that the grumpy editor was becoming more so than usual. But, being a good US citizen, your editor knows how to deal with a bad mood: go shopping. So it seemed like maybe a good time to put a bit of money where the keyboard was and have a look at those Ubuntu-based systems being sold by Dell.That plan did not go too far, unfortunately; it would seem that those systems, while seeming like nice boxes, contain NVIDIA graphics adapters. Buying hardware which needs proprietary drivers was most emphatically not on the agenda. Fortunately, it was not necessary to look too far to find a no-system-installed box with integrated Intel graphics. Said box is now being used to write this article; the simple difference in noise levels between this one and its predecessor is enough to make your editor almost cheerful.
The Intel chipset in this box, as it turns out, is quite new, to the point that not all distributions support it. But Fedora 8 was able to use everything installed on this box from the very beginning, and some early experiments showed that Ubuntu 7.10 was just as happy. Once upon a time, full support for very-new hardware was a rare surprise. Now, one can almost just take it for granted. This happy result comes from a combination of factors:
- The hardware vendor (Intel) is strongly committed to shipping
free drivers for its products as soon as those products become
available. Your editor can now definitively say that this policy is
responsible for at least one sale for that vendor.
- The "new" (since 2005) kernel development model is strongly focused on
a short release cycle and getting code out to users quickly. Prior to
2.6.x, new kernel code could take years to get into an official stable
kernel release. Now three months is sufficient in many cases. So
Intel's drivers became immediately available with no need to hassle
with backports, driver disks, or other such inconveniences.
- Contemporary distributions, at least outside of the "enterprise" category, have gotten very good at packaging, integrating, and stabilizing leading-edge software. So those fresh kernels, along with a lot of other goodies, end up in a supported distribution surprisingly quickly.
The end result is that, increasingly often, things Just Work. It is hard to get grumpy about that.
Of course, not everything Just Worked. Many years ago, your editor spent some hours experimenting with the available bitmap fonts for X in the search for the one which provided the optimal combination of information density and readability. The resulting choice (one of the 75dpi Adobe Courier fonts) served well for a long time, even as various components on the desktop moved to more sophisticated font engines. In recent times, only Emacs was still using that font. Emacs is an important part of your editor's desktop, however, so this one remaining user was a crucial one.
That font vanished when the new system came in, with the result that editor windows could no longer simultaneously fit into their assigned screen space and provide highly readable text. Your editor became grumpy again.
What followed was a brief effort to figure out where the special font had gone, and why it did not appear to render the same way even when the requisite font files were brought over from the old system. But even your editor, who can be somewhat slow on the uptake, eventually asked himself: why, exactly, was it necessary to chase down bitmapped fonts from the early 1990's - fonts which he first used on a diskless Sun 3 system - in 2007?
In fact, it's not necessary to mess with those archaic fonts - as long as one isn't tied to the concept of stable releases. Support for the Xft font library in Emacs exists, and has for a while; here's a description in a weblog entry from 2005. This support is, even, in the Emacs code repository on Savannah. But it is not in the Emacs 22 release. It's not even in the development trunk yet.
With a bit of digging, your editor found this page which describes how to check out and build a version of Emacs with proper font support. The results are striking. Here's what standard emacs looks like:
![[emacs with bitmapped font]](https://static.lwn.net/images/ns/grumpy/emacs-bitmap.png)
And here is what the Xft-enabled version can do instead:
![[emacs with Deja Vu font]](https://static.lwn.net/images/ns/grumpy/emacs-dejavu.png)
Your editor is wishing he had investigated this code some time ago; perhaps it would not have been necessary to buy those new, stronger eyeglasses after all.
Building crucial tools directly from development repositories brings a certain thrill; it's part of the free software experience. This version of Emacs has not, yet, exploded in real use. But, all of that notwithstanding, there is something warm, fuzzy, and comforting about getting things like text editors in a stable, supported form from one's distributor. So one might well wonder: when are we likely to see Emacs 23, which will contain the Xft support (along with a lot of other things like proper Unicode support, the multi-term patches, etc.), in a stable form?
The history here is not encouraging: the Emacs 22 release was five years in the making. Richard Stallman, who still keeps a firm hand on Emacs development, is famously averse to making guesses about release dates, so there is little point in asking him when the next release might happen. But it is worth noting that there has been no public discussion of release timelines, or of any desire to tweak the process to get the next version out in less than five years. There is some very nice code sitting in the unicode-2 branch of the GNU Emacs repository; it has been there for a while, but most users may well not see it before the end of this decade.
Different free software projects have different management styles, and nobody would argue that things should be otherwise. Experience has shown that each project needs to develop in its own way. But experience has also shown, over quite a few years now, that confining useful code to development repositories for years on end brings little benefit to anybody. There is value in getting features into stable releases and out where people can make use of them.
Book review: Linux System Programming
"System programming" is not easily defined, but is typically considered to consist of programming at a lower level than regular application programming. As Robert Love points out in the introductory chapter of Linux System Programming, there is no technical difference between the two – the same system calls are used – it is more of a difference between programs that implement the infrastructure and programs that use it. Programmers faced with either task will find that understanding how to best use the system call interface is very important. Love sets out to provide that understanding in his book.
The book is organized into ten chapters: an introduction, three on I/O, two on process management, and one on each of file and directory handling, memory management, signals, and time handling. Each chapter does a good job of covering the subject matter at a level that will help programmers make good choices in the various trade-offs available. The main focus of each chapter is the system calls that Linux provides to perform tasks specific to that area.
The history of each call is described, along with information about which members of the UNIX family make it available, so that the right choices can be made for portability. Also, various historical (perhaps vestigial is more accurate) calls are documented, with readers being warned away from using them. Each call itself is given a treatment similar to a man page, but with greater detail. Where the book really shines is in its comparisons of "similar" system calls.
The trade-offs between using select() and poll() or the advantages and disadvantages of using mmap() vs. traditional file I/O mechanisms are just two of the comparisons presented. For example, after listing five bulleted advantages of poll(), select() gets its due:
- select() is more portable, as some Unix systems do not support poll().
- select() provides better timeout resolution: down to the microsecond. Both ppoll() and pselect() theoretically provide nanosecond resolution, but in practice, none of these calls reliably provides even microsecond resolution.
This is the kind of information that only comes with experience; this book will help a programmer get to that point more quickly. Even for experienced programmers, the comparisons will help crystallize some thoughts that have been floating around. It is definitely one of the better features of the book.
The book is not without its faults, though, especially in the example code. For each system call, a small example of calling it is provided, but the code snippets are simplistic and do not really provide much meat. There are very few code examples that tie together the various concepts. Had Love done that, there might have been complaints about the size of the resulting book, but the benefit to budding system programmers would be huge.
There are other problems with the book; for instance, the pirate motif in the examples did not seem to provide anything useful. More seriously, some of the major problems faced by system programmers: race conditions, concurrent data access synchronization, reentrant code, etc. were not covered in much detail. These topics are certainly something a system programmer will need to understand, but they will have to be found elsewhere.
The back cover of the book describes it as "an insider's guide to
writing smarter, faster code
" – it lives up to some of that, but not
all. It is a useful book, however, that will find a home on
the bookshelf of many Linux programmers. For those who are relatively new
to the topic, there will be a wealth of information. But, even for those who
are old hands, there will be useful tidbits, system calls that had escaped
notice, and lots of reference material.
Enterprise realtime and cooperative development
At the end of November, LWN posted a pointer to Novell's announcement for its SUSE Linux Enterprise Realtime offering. The resulting comments were surprisingly negative. Some readers took exception to the language of the release - though it really is just the standard tortured English which is seemingly required for press releases. But others question the need for realtime response in "enterprise" settings. Anybody who is still wondering about the value of that product will be doubly confused now that Red Hat has announced a realtime distribution service of its own. Clearly somebody sees a need for deterministic response in big corporate deployments.What's going on here is that corporate operations are, increasingly, being run by automated systems. One immediate example is in the financial trading field, where automated systems execute customer trades and, often, make the decisions to perform the trades in the first place. Often the conditions that make a particular trade advantageous last for very short periods of time - perhaps only as long as it takes for the first interested party to arrive on the scene. So predictably fast response to trading decisions is an absolute requirement. Losing too many milliseconds in the execution of an order can cost real money.
It does not take much imagination to see that, as these systems become more capable, more corporate dealings will happen via automatic agents which require lightning-fast response. So enterprise realtime has the look of a growth industry. It's not surprising that the two companies most interested in selling Linux-related services into the enterprise market have announced offerings within a week of each other.
What is surprising is the amount of silly sniping which has come with these releases. Consider this quote from the Red Hat side:
Despite their competitive relationship, Linux distributors have traditionally dealt with each other in a friendly, even cooperative manner. At the development level, things are still that way: developers for a given project work together and only very rarely does anybody care about who a given developer's employer is. Developers, it seems, are more polite than managers and PR people.
So who is forking the kernel? In fact, both distributors will be shipping something which is pretty far from the mainline. Back in October, LWN looked at the contents of the realtime tree, finding some 400 patches which have not yet made it into the mainline. Anybody who is shipping a true realtime kernel will have to include the bulk of those patches, and probably some others as well. In recent years, much work has been done to enable distributors to ship kernels which are much closer to the mainline, but these realtime offerings are a step in the opposite direction. They are, for all practical purposes, forked kernels.
That statement should not be taken as a criticism; there is no other way to
ship realtime Linux at this point. While much of the realtime code has
been merged, some of the deepest, most necessary components remain outside
of the mainline. The process of getting those patches merged has taken
quite a bit longer than anybody would have expected; among other things,
some of the core realtime developers have been distracted by small side
projects like the i386/x86_64 architecture merger. Until the process of
[PULL QUOTE:
Every attempt to take Unix and add hard real time to it has been a failure.
(Larry McVoy, 2004).
END QUOTE]
getting the realtime patches into the mainline runs its course - something
which could happen over the next year - anybody shipping realtime
distributions will necessarily have to roll their own kernels.
More than almost any other area of kernel development, the realtime code has been the subject of recurring debates over who deserves the credit for the work. See this LWN article from 2005 for an example. This time around, Red Hat would appear to be claiming ownership of the realtime work. In fact, much of this work, including the crucial low-level preemption work which got the current realtime effort going, was done at Red Hat. But other components have come from companies like MontaVista, Linutronix, TimeSys, and, yes, Novell (and others, of course). For these two companies to be arguing about credit is a little silly; both are clearly significant contributors to the kernel (and beyond).
We may see more of this kind of talk, though. This market looks like it could be big, so the companies working in that area are going to make a serious effort to be successful there. The result may well be that Linux ends up as the dominant system in the fast-moving, agent-driven world where much of corporate operations appears to be heading. That cause will be helped, though, if the relevant managers and spokespeople take a clue from the developers who are making all of this work actually happen. We are all building this system together; pointless mud slinging can only get in the way.
Security
Kernel-based malware scanning
Readers of LWN's Kernel Page have long been aware of the ongoing debate over the value of the Linux Security Module (LSM) framework and the security policies which have been implemented using it. One result from that discussion has been the removal of the modular interface in the upcoming 2.6.24 kernel. If that change stands (Linus has said that he could yet be talked out of it), security modules will have to be built into the kernel; there will be no way to load them at runtime. Arguments for this change include ending abuses of the LSM interface, the need to have a security policy in place when the kernel is first booted, and the fact that there is no safe way to unload most known security modules.On November 28, a message from an engineer at Sophos turned up on the kernel mailing list. It seems that Sophos has a security module (called "Talpa") which performs virus scanning; they would like for the LSM interface to remain so that this module can continue to be loaded. Of course, only free software modules are considered relevant for this discussion, but there is no problem with that: Talpa is available on SourceForge and has been since, well, November 23. Talpa was described this way:
So Talpa creates a hook whereby a (presumably proprietary) user-space process can scan file contents for bad stuff and, when it is found, block access to that stuff.
There was quite a bit of discussion about the approaches taken in this code, many of which are seen as being "significantly less nice." Suffice to say that any kernel running this module is not really Linux any more. But it also turns out that there is a lot of skepticism about the goal of this work, regardless of how it's implemented.
One might well be able to create a shiny, proprietary file scanner which can, with 100% accuracy, identify any file containing malware. But that still does not really solve the problem because it is very hard to guarantee that the file's contents as seen by the scanner match those which are later processed by an application. One can imagine a course of events something like this:
- A user asks the system administrator to look at a PDF file using some
sort of plausible reason probably involving the highly humorous content
which can be found inside.
- The administrator (as root, naturally) runs a PDF viewer application
which opens the file.
- The user-space malware-scanning application springs into action; after
extensive analysis it pronounces the file clean and allows the access
to continue.
- Before the PDF viewer gets going again, the evil user overwrites the
file with content crafted to exploit one of the several-hundred recent
PDF library vulnerabilities.
- The now-compromised viewer immediately repurposes the system toward the task of posting Ron Paul-related comments on weblogs worldwide.
The obvious thing might be to prevent the evil user from writing malware to the file by scanning data as it is written as well. Simple forms of this technique could be circumvented by jumping around the file and writing the bad stuff in small, seemingly innocuous pieces. A much easier and more effective approach, though, is for the attacker to simply mmap() the file, allowing it to be rewritten without the need for any system calls at all. One could try to enforce exclusive access to the file, but that would require an effective revoke() system call, which has proved to be tremendously hard to implement. At this time, there really is no effective defense against that sort of attack.
Defenders of active scanning respond that this sort of local-attacker scenario is not really part of their threat model. If one is concerned about the content of files which arrive on the system via a web browser, a web server, an email client, or something along those lines, then attacks which involve race conditions exploited by local bad guys are not really part of the picture. For this case, active file scanning might be sufficient to detect most potential attacks. In the end, no security mechanism is going to be perfect. A mechanism which makes attacks harder is the best which can be done, and it should, at least, succeed in raising the bar. The response to that assertion is that, for such a simple model, the requisite scanning could easily be done entirely in user space.
In the short term, the Talpa module is not going to get anywhere near the mainline kernel. There is clearly a demand for that sort of feature, though; some segments of the user community feel that it will improve their security and they are willing to pay for it. So the real question that comes out of this discussion is how to provide this kind of feature in a way which plays well with the rest of the kernel. The word is that some of the relevant people are getting together to talk about new approaches; expect this topic to return sometime soon.
New vulnerabilities
asterisk: possible SQL injection
| Package(s): | asterisk | CVE #(s): | CVE-2007-6170 | ||||||||||||
| Created: | December 3, 2007 | Updated: | April 15, 2008 | ||||||||||||
| Description: | Tilghman Lesher discovered that the logging engine of Asterisk, a free software PBX and telephony toolkit, performs insufficient sanitizing of call-related data, which may lead to SQL injection. | ||||||||||||||
| Alerts: |
| ||||||||||||||
cairo: integer overflow
| Package(s): | Cairo | CVE #(s): | CVE-2007-5503 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | November 29, 2007 | Updated: | April 10, 2008 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | Cairo has an integer overflow vulnerability in the PNG image processing code. If a user processes a specially crafted PNG image with an application that is linked against cairo, arbitrary code can be executed with the user's privileges. | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
htdig: cross-site scripting vulnerability
| Package(s): | htdig | CVE #(s): | CVE-2007-6110 | ||||||||||||||||||||||||
| Created: | November 29, 2007 | Updated: | December 12, 2007 | ||||||||||||||||||||||||
| Description: | The htsearch component in htdig 3.2.0b6 is vulnerable to a cross-site scripting attack. Attackers can inject web scripts and HTML code using the sort parameter. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
kernel: several vulnerabilities
| Package(s): | kernel | CVE #(s): | CVE-2007-2172 CVE-2007-3739 CVE-2007-4308 | ||||||||||||||||||||||||||||||||||||
| Created: | December 3, 2007 | Updated: | January 8, 2009 | ||||||||||||||||||||||||||||||||||||
| Description: | A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes
RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an
"out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2)
fib_props (fib_semantics.c, IPv4) functions. (CVE-2007-2172)
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors. (CVE-2007-3739) The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges. (CVE-2007-4308) | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
kernel: buffer overflows
| Package(s): | kernel | CVE #(s): | CVE-2007-5904 | ||||||||||||||||||||||||||||||||||||||||
| Created: | December 3, 2007 | Updated: | June 20, 2008 | ||||||||||||||||||||||||||||||||||||||||
| Description: | Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function. | ||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||
kernel: multiple vulnerabilities
| Package(s): | kernel | CVE #(s): | CVE-2007-3104 CVE-2007-3740 CVE-2007-3843 CVE-2007-6063 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | December 4, 2007 | Updated: | January 8, 2009 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | The sysfs_readdir function in the Linux kernel 2.6 allows local users to
cause a denial of service (kernel OOPS) by dereferencing a null pointer to
an inode in a dentry. (CVE-2007-3104)
The CIFS filesystem, when Unix extension support is enabled, did not honor the umask of a process, which allowed local users to gain privileges.(CVE-2007-3740) The Linux kernel checked the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request. (CVE-2007-3843) Buffer overflow in the isdn_net_setcfg function in isdn_net.c in the Linux kernel allowed local users to have an unknown impact via a crafted argument to the isdn_ioctl function. (CVE-2007-6063) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
openoffice.org: arbitrary code execution
| Package(s): | openoffice.org | CVE #(s): | CVE-2007-4575 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | December 5, 2007 | Updated: | September 10, 2008 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the OpenOffice advisory: A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
openoffice.org, hsqldb: arbitrary code execution
| Package(s): | openoffice.org, hsqldb | CVE #(s): | CVE-2003-0845 | ||||
| Created: | December 5, 2007 | Updated: | December 6, 2007 | ||||
| Description: | From the CVE entry: Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8. | ||||||
| Alerts: |
| ||||||
php5: multiple vulnerabilities
| Package(s): | php5 | CVE #(s): | CVE-2007-4657 CVE-2007-4660 CVE-2007-4662 | ||||||||||||||||||||||||||||
| Created: | November 30, 2007 | Updated: | July 4, 2008 | ||||||||||||||||||||||||||||
| Description: | Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4,
allow remote attackers to obtain sensitive information (memory contents) or
cause a denial of service (thread crash) via a large len value to the (1)
strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE:
this affects different product versions than CVE-2007-3996.
(CVE-2007-4657)
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. (CVE-2007-4660) Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors. (CVE-2007-4662) | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
pioneers: denial of service
| Package(s): | pioneers | CVE #(s): | CVE-2007-6010 | ||||
| Created: | November 30, 2007 | Updated: | December 5, 2007 | ||||
| Description: | Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933. | ||||||
| Alerts: |
| ||||||
rsync: restricted file access
| Package(s): | rsync | CVE #(s): | CVE-2007-6199 CVE-2007-6200 | ||||||||||||||||||||||||
| Created: | December 5, 2007 | Updated: | September 23, 2011 | ||||||||||||||||||||||||
| Description: | From the CVE entry: rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
wesnoth: directory traversal
| Package(s): | wesnoth | CVE #(s): | CVE-2007-5742 | ||||||||||||
| Created: | December 3, 2007 | Updated: | December 6, 2007 | ||||||||||||
| Description: | Directory traversal vulnerability in the WML engine preprocessor for Wesnoth before 1.2.8 allows remote attackers to read arbitrary files via ".." sequences in unknown vectors. | ||||||||||||||
| Alerts: |
| ||||||||||||||
Page editor: Jake Edge
Kernel development
Brief items
Kernel release status
The current 2.6 prepatch is 2.6.24-rc4, released by Linus on December 3. He says that the size of the patch is "a bit disheartening," and, in fact, there are quite a few changes which have been merged. They are almost all fixes, but there also the addition of a CPU accounting controller for monitoring the CPU usage of groups of processes. See the short-form changelog for the details, or the full changelog for lots of details.As of this writing, just under 100 changesets have gone into the mainline repository since the -rc4 release.
The current -mm tree is 2.6.24-rc4-mm1. Recent changes to -mm include the latest timerfd API, a new memory controller patch, and a reimplemented ramdisk driver.
Kernel development news
Quotes of the week
SELinux seems to be able to do most of the lifting around the problem as it can relabel a file into eric_t and constrain further access to it.
SEEK_HOLE or FIEMAP?
Sparse files have an apparent size which is larger than the amount of storage actually allocated to them. The usual way to create such a file is to seek past its end and write some new data; Unix-derived systems will traditionally not allocate disk blocks for the portion of the file past the previous end which was skipped over. The result is a "hole," a piece of the file which logically exists, but which is not represented on disk. A read operation on a hole succeeds, with the returned data being all zeroes. Relatively smart file archival and backup utilities will recognize holes in files; these holes are not stored in the resulting archive and will not be filled if the file is restored from that archive.The process of recognizing holes is relatively primitive, though: about the only way to do it in a portable way is to simply look for blocks filled with zeroes. This technique works, but it requires making a pass over the data to obtain information which the lower levels of the system already know. It seems like there should be a better way.
About two years ago, the Solaris ZFS developers proposed an extension to lseek() which would allow an application to find the holes in sparse files more efficiently. This extension works by adding two new "whence" options:
- SEEK_HOLE positions the file descriptor to the beginning of
the first hole which occurs after the given offset. For the purposes
of this operation, "hole" is defined as a region of all zeros of any
length, but the system is not required to actually detect all holes.
So, in practice, small ranges of zeroes will be skipped over, as will,
in all likelihood, large (multi-block) ranges which have actually been
written to disk.
- SEEK_DATA moves to the start of next region (after the given offset) which is not a hole.
This functionality has been part of Solaris for a while; the Solaris developers would like to see it spread elsewhere and become something more than a Solaris-only extension. To that end, Josef Bacik has recently posted an implementation of this extension for Linux. Internally, it adds a new member to the file_operations structure (seek_hole_data()) intended to allow filesystems to efficiently implement the new operations.
One might argue that anybody who wants to separate holes and data in a file can already do so with the FIBMAP ioctl() command. While that is true, FIBMAP is an inefficient way of getting this sort of information, especially on filesystems which support extents. A FIBMAP call returns the mapping information for exactly one block; mapping out a large file may require millions of calls when, once again, the filesystem should already know how to provide that information in a much more straightforward manner.
Even so, this patch looks relatively unlikely to make it into the mainline. The API is unpopular, being seen as ugly and as a change in the semantics of the lseek() call. But, more to the point, it may be interesting to learn much more about the representation of a file than just where the holes are. And, as it turns out, there is already a proposed ioctl() command which can provide all of that information. That interface is the FIEMAP ioctl() specified by Andreas Dilger back in October.
A FIEMAP call takes the following structure as an argument:
struct fiemap {
__u64 fm_start; /* logical starting byte offset (in/out) */
__u64 fm_length; /* logical length of map (in/out) */
__u32 fm_flags; /* FIEMAP_FLAG_* flags for request (in/out) */
__u32 fm_extent_count; /* number of extents in fm_extents (in/out) */
__u64 fm_end_offset; /* end of mapping in last ioctl */
struct fiemap_extent fm_extents[0];
};
An application wanting to learn something about how a file is stored will put the starting offset into fm_start and the length of the region of interest in fm_length. If fm_flags contains FIEMAP_FLAG_NUM_EXTENTS, the system call will simply set fm_extent_count to the number of extents used to store the specified range of bytes and return. In this form, FIEMAP can be used to determine how fragmented the file is on disk.
If the application is looking for more information than that, it will allocate enough space for one or more fm_extents structures:
struct fiemap_extent {
__u64 fe_offset;/* offset in bytes for the start of the extent */
__u64 fe_length;/* length in bytes for the extent */
__u32 fe_flags; /* returned FIEMAP_EXTENT_* flags for the extent */
__u32 fe_lun; /* logical device number for extent(starting at 0)*/
};
In this case, fm_extent_count should be set to the number of these structures before making the FIEMAP call. On return, these structures (as many as is indicated by the returned value of fm_extent_count) will be filled in with information on the actual file extents; fe_offset says where (on disk) the extent starts, and fe_length is the size of the extent. There are quite a few values which can appear in the fe_flags field:
- FIEMAP_EXTENT_HOLE says that there is no data for this
range of the file - it's a hole.
- FIEMAP_EXTENT_UNWRITTEN says that the space has been
allocated on disk, but that nothing has been written to that space.
Space which has been preallocated with fallocate() would be
marked this way.
- FIEMAP_EXTENT_UNMAPPED, instead, marks an extent where some
application has written data, but for which no disk blocks have been
allocated.
- FIEMAP_EXTENT_DELALLOC indicates that delayed allocation is
being done; this flag implies FIEMAP_EXTENT_UNMAPPED as well.
- FIEMAP_EXTENT_SECONDARY is an indication that the data for
this segment is in some sort of secondary storage; one would see this
flag on filesystems managed by some sort of hierarchical storage
manner. This flag, too, is likely to imply
FIEMAP_EXTENT_UNMAPPED.
- FIEMAP_EXTENT_NO_DIRECT says that the data cannot be accessed
directly - it requires processing (decompression or decryption, for
example) first.
- FIEMAP_EXTENT_LAST marks the final extent in a file.
- FIEMAP_EXTENT_EOF indicates that the requested range goes
beyond the end of the file.
- FIEMAP_EXTENT_ERROR marks an extent which has experienced some
sort of error; the fe_offset field will contain an error
number in this case.
- FIEMAP_EXTENT_UNKNOWN says that the data exists, but its location is unknown. This flag would describe much of your editor's personal file space, though it is unclear how the kernel would know that.
As can be seen, there is a wealth of information available from this new call, including details on how the file has been split up on disk, allocation strategies, and even the decisions made by a hierarchical storage engine. An implementation exists for the ext4 filesystem. None of this code has been pushed toward the mainline yet, but it would be surprising if that did not happen sometime in the relatively near future. Once that is done, the C library will be able to implement SEEK_HOLE and SEEK_DATA in user space, should that be desirable.
Memory access and alignment
When developing kernel code, it is usually important to consider constraints and requirements of architectures other than your own. Otherwise, your code may not be portable to other architectures, as I recently discovered when an unaligned memory access bug was reported in a driver which I develop. Not having much familiarity with the concepts of unaligned memory access, I set out to research the topic and complete my understanding of the issues.
Certain architectures rule that memory
accesses must meet some certain alignment criteria or are otherwise
illegal. The exact criteria that determines whether an access is suitably
aligned depends upon the address being accessed and the number of bytes
involved in the transaction, and varies from architecture to architecture.
Kernel code is typically written to obey natural alignment
constraints, a scheme that is sufficiently strict to ensure portability to
all supported architectures. Natural alignment requires that every N byte
access must be aligned on a memory address boundary of N. We can express
this in terms of the modulus operator: addr % N must be
zero. Some examples:
- Accessing 4 bytes of memory from address 0x10004 is aligned
(
0x10004 % 4 = 0). - Accessing 4 bytes of memory from address 0x10005 is unaligned
(
0x10005 % 4 = 1).
movb, movw, movl
in x86 assembly). It is relatively easy to relate these to C statements,
for example the instructions that are generated when the following code is
compiled would likely include a single instruction that accesses two bytes
(16 bits) of data from memory:
void example_func(unsigned char *data) {
u16 value = *((u16 *) data);
[...]
}The effects of unaligned access vary from architecture to architecture. On architectures such as ARM32 and Alpha, a processor exception is raised when an unaligned access occurs, and the kernel is able to catch the exception and correct the memory access (at large cost to performance). Other architectures raise processor exceptions but the exceptions do not provide enough information for the access to be corrected. Some architectures that are not capable of unaligned access do not even raise an exception when unaligned access happens, instead they just perform a different memory access from the one that was requested and silently return the wrong answer.
Some architectures are capable of performing unaligned accesses without having to raise bus errors or processor exceptions, i386 and x86_64 being some common examples. Even so, unaligned accesses can degrade performance on these systems, as Andi Kleen explains:
At the end of the day, if you write code that causes unaligned accesses then your software will not work on some systems. This applies to both kernel-space and userspace code.
The theory is relatively easy to get to grips with, but how does this apply
to real code? After all, when you allocate a variable on the stack, you
have no control over its address. You don't get to control the addresses
used to pass function parameters, or the addresses returned by the memory
allocation functions. Fortunately, the compiler understands the alignment
constraints of your architecture and will handle the common cases just
fine; it will align your variables and parameters to suitable boundaries,
and it will even insert padding inside structures to ensure the access to
members is suitably aligned. Even when using the GCC-specific packed
attribute (which tells GCC not to insert padding), GCC will
transparently insert extra instructions to ensure that standard accesses to
potentially unaligned structure members do not violate alignment
constraints (at a cost to performance).
In order to illustrate a situation that might cause unaligned memory
access, consider the example_func() implementation from
above. The first line of the function accesses two bytes (16 bits) of data
from a memory address passed in as a function parameter; however, we do not
have any other information about this address. If the data
parameter points to an odd address (as opposed to even), for example
0x10005, then we end up with an unaligned access. The main
places where you will potentially run into unaligned accesses are when
accessing multiple bytes of data (in a single transaction) from a pointer,
and when casting variables to types of increased lengths.
Conceptually, the way to avoid unaligned access is to use byte-wise memory
access because accessing single bytes of memory cannot violate alignment
constraints. For example, for a little-endian system we could replace the
example_func() implementation with the following:
void fixed_example_func(unsigned char *data) {
u16 value = data[0] | data[1] << 8;
[...]
}
memcpy() is another possible alternative in the general case,
as long as either the source or destination is a pointer to an 8-bit data
type (i.e. char). Inside the kernel, two macros are provided
which simplify unaligned accesses: get_unaligned() and
put_unaligned(). It is worth noting that using any of these
solutions is significantly slower than accessing aligned memory, so it is
wise to completely avoid unaligned access where possible.
Another option is to simply document the fact that
example_func() requires a 16-bit-aligned data parameter, and
rely on the call sites to ensure this or simply not use the
function. Linux's optimized routine for comparing two ethernet addresses
(compare_ether_addr()) is a real life example of this: the
addresses must be 16-bit-aligned.
I have applied my newfound knowledge to the task of writing some kernel documentation, which covers this topic in more detail. If you want to learn more, you may want to read the most recent revision (as of this writing) of the document. Additionally, the initial revision of the document generated a lot of interesting discussion, but be aware that the initial attempt contained some mistakes. Finally, chapter 11 of Linux Device Drivers touches upon this topic.
I'd like to thank everyone who helped me improve my understanding of unaligned access, as this article would not have been possible without their assistance.
The return of network channels
The network channels concept was first aired by Van Jacobson almost two years ago at linux.conf.au 2006. This idea promises much-improved networking performance by pushing processing of network data as close to the end point as possible - perhaps even into user space. By getting the kernel out of the packet processing business and by keeping that processing in a single place (on the same CPU), channel schemes hope to minimize cache misses, context switches, and other performance-degrading activities. Channels have had a rough encounter with the real world, though; when one starts to consider needs like packet filtering, address translation, and so on, it gets hard to maintain the simplicity upon which the performance of channels relies. So, two years later, there is no channels implementation which is even close to merging into the mainline.That does not mean that no work is happening in this area, though. Evgeniy Polyakov, perhaps the most discouragement-resistant hacker out there, continues to develop his channel patches; the 22nd release came out on December 4.
This version of the patch has a well-defined internal structure to allow kernel code to hook into channels. The best-developed mode, however, is the one which simply transfers packets to and from user space. To that end, there is a new system call:
int netchannel_control(struct unetchannel_control *ctl);
The full contents of the unetchannel_control structure can be seen in the patch. The more important fields are:
- cmd, describing the action that the calling process wishes
to execute. Unlike previous versions of the patch, the current code
only supports one action: NETCHANNEL_CREATE, which makes a
new channel.
- type, the type of the channel to create. At the moment, the
only implemented type is NETCHANNEL_COPY_USER, which copies
packets to and from user space.
- unc.data which describes the channel to be created: it contains source and destination addresses and ports and a protocol number.
Once a network channel is created, it is added to a search tree which is oriented toward blindingly-fast lookups. There is a new hook in the packet receive code which looks up each incoming packet in that tree; packets which do not turn up a hit there are processed normally by the kernel's networking stack. Any packet whose addresses, ports, and protocol are matched by an entry in the tree, however, is shunted over to the channel code before even being queued by the network stack.
The final piece (on the receive side) is a simple read() implementation. A process wishing to receive a packet from a network channel need only read the associated file descriptor and the next available packet will be copied into the supplied buffer. It would, of course, be nice to do away with that copy operation, but that is a hard trick to carry out: the packet must be received before its destination is known. There are network adapters which can direct packets based on their header information, but the current netfilter does does not have the driver API enhancements which would be required to use that capability for zero-copy packet reception.
Similarly, a write() operation causes the associated packet to be copied into the kernel and fed into the networking stack at a fairly low level. There is currently no zero-copy write support.
Evgeniy clearly has zero-copy operations in mind, though, probably using his network allocator patch. Even without that feature, though, the channel code, when used with his user-space network stack appears to be quite fast. Some posted benchmark results claim significant improvements over the core Linux networking stack - three times the maximum bandwidth with one-third of the CPU usage when small packets are being transferred. For larger (4096-byte) packets the performance improvements essentially disappear - most likely the cost of copying the packets into and out of the kernel is the dominating factor there.
Improvements in small-packet performance are welcome: there are a number of applications, including high-end financial trading, which require large numbers of small transfers. The addition of zero-copy logic has the potential to make the large-packet performance better as well. The real test, though, will be the addition of all of the other features expected by contemporary networking users, most of which are currently absent from the channels implementation. There are hooks in the code aimed at the insertion of per-packet processing; they could be used for filtering, address translation, traffic control, or any of the other things that one might want to have. Whether those hooks can be used without killing the performance advantages of channels remains to be seen, though. But one suspects that Evgeniy will not give up until he has an answer to that question.
Patches and updates
Kernel trees
Architecture-specific
Build system
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Virtualization and containers
Page editor: Jonathan Corbet
Distributions
News and Editorials
Customized and derived distributions
Not too long ago I ran across the GNU/Linux distro timeline version 7.6 (updated November 2007). Looking at the graphic it seems like most Linux distributions today have their roots in Slackware, Debian and Red Hat Linux. Slackware, of course, sprang from SLS which died out years ago. Debian and Red Hat were originals, not based on some other existing distribution.
A long time ago while studying computer science, many of my professors would repeat the old adage, "Don't reinvent the wheel". It's generally good advice, but some programmers would prefer to produce a cleaner implementation that doesn't have the cruft leftover from a previous implementation. Working with free software gives one the choice to reuse existing code or to start from scratch and maybe make a better wheel.
Some original distributions that are alive today are EnGarde, Puppy, SmoothWall and Yoper. None of these were around before 2000, though. There are only four distributions with origins in the early 1990s that are still alive today; Slackware, SUSE (a Slackware derivative), Debian and Red Hat Linux. Of those only Red Hat Linux and Debian succeeded in reinventing the wheel. What those four have in common is they evolved and remained relevant in an ever changing world of technology.
Red Hat Linux and SUSE (once S.u.S.E and then SuSE) have changed the most. Both have forked into dual Enterprise Linux with a community distribution base (Fedora and openSUSE). In the days of Red Hat Linux 5.2 through 7.3, RHL was the most common base for a derived distribution. The combined appeal of Fedora and RHEL, while substantial, do not match the popularity of the old RHL Many of the distributions inspired by RHL have taken their own path, forked the code, and remain popular distributions today. Mandrake and Conectiva were both based on RHL. Now combined and renamed, Mandriva is a notable example.
SUSE has never inspired many derivatives. Some of this may have been the proprietary nature of YaST, which is now free software. openSUSE would seem to be a good base, but it's also quite new. Perhaps we will see more openSUSE based distributions in the future.
Slackware has, perhaps, changed the least over the years. The packages change and Slackware evolves to use newer kernels and newer userspace applications, but otherwise remains much the same. Slackware derived distributions include Vector Linux, Zenwalk, SLAX, BlueWhite64, and several others.
Debian is now the most popular base for derived distributions. This is especially true when you consider that Knoppix and Ubuntu (both Debian based) have spawned many more distributions on their own. Debian's enormous package repository probably helps with that. Those who want to make a customized distribution have plenty of packages to chose from.
Making a customized Linux distribution has always been a popular pastime, at least among a subset of geeks. Linux From Scratch was developed to "scratch that itch". Source based distributions such as Rock Linux, Source Mage and Gentoo have always been about building the distribution of your dreams.
These days the tools that are available have become much more sophisticated. Fedora has an ever-growing suite of tools for creating custom spins. Ubuntu's Launchpad wraps up version control, bug tracking, translation tools and more, so that customizing and maintaining spin-offs is as easy as possible.
Open source/free software being what it is, the source code is out there. If you can build a better wheel then by all means do so. If not, start with a wheel you like and then customize to fit.
New Releases
Aurora SPARC Linux Build 2.99 (Beta 2 for 3.0)
The Aurora SPARC Linux project has released Build 2.99 (beta 2 for 3.0). If you want to see what Fedora looks like on Sparc architecture give it a try. "Barring some sort of miracle, Aurora 3.0 will be the last sparc32 supporting release. So, if you're still clinging to your sparc32 systems, please test this beta out. After 3.0, we're not even going to think about sparc32 (unless well bribed)."
CentOS-5.1 released
CentOS 5.1 is out. This release is, of course, based heavily on the RHEL 5.1 update. Some details can be found in the release notes. Update: If you downloaded a set of x86_64 ISOs and CD 2 didn't pass the test, try the refreshed images that are now available on all the mirrors.CNR.com Beta Software Delivery Service Released For Desktop Linux
Linspire, Inc. has announced the launch of CNR.com beta, a free standardized Web 2.0-based Linux software delivery service for desktop Linux users worldwide. CNR.com is designed to normalize the process of finding, installing, and updating Linux software for both Debian and RPM-based Linux distributions. The new and free beta CNR Service is currently available for Freespire 2.0, Linspire 6.0, Ubuntu 7.04 & 7.10 and will expand to provide support for all popular Linux distributions.Release announcement: Debian Edu / Skolelinux 3.0 Terra updated to 3.0r1
The Debian Edu / Skolelinux project has announced the 3.0r1 maintenance release, with bug fixes, security fixes, improved documentation and more. This release is based on Debian etch 4.0r1.EnGarde Secure Community 3.0.18
Guardian Digital has announced the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18), with bug fixes and feature enhancements.KDE Four Live 0.7.1
KDE Four Live is a live CD based on openSUSE 10.3 with KDE 4.0 RC 1.New 2008 Mandriva Flash 4GB Released
Mandriva has introduced the 2008 Mandriva Flash 4GB. 2008 Mandriva Flash includes a new functionality: ezBoot which reboots under Linux without going through BIOS settings, and the double utilization of Windows and Linux system.Ubuntu Hardy Alpha 1 released
For those who like living on the leading edge: the first alpha of the upcoming Ubuntu "Hardy Heron" release is available. There is some (not much) information on what's in Hardy on this page.
Distribution News
Debian GNU/Linux
French "Cahier de l'admin Debian Etch" published (Eyrolles)
Raphaël Hertzog's "Cahier de l'admin Debian", published in 2004, has recently been updated. Since it now covers the Etch version of Debian, and has been expanded quite a bit, it has also been renamed to "Cahier de l'admin Debian Etch", and is still published by Eyrolles.ftp.debian.org update
The site ftp.debian.org will be undergoing some changes. Please try a mirror site to get the latest Debian packages.Debian Policy 3.7.3.0 uploaded
Debian Policy version 3.7.3.0 is now available. "Since this is the first Policy release in a while, many of the changes are catching up to work that's already been done in the archive (~ in version numbers, for example). There are many Policy change proposals, including some obvious and uncontroversial ones, that didn't make it into this release. That doesn't mean they've been rejected, only that a Policy release was long-overdue and it was better to set a deadline and upload what was finished by that deadline than postpone it further."
Red Hat Enterprise Linux
Red Hat's Enterprise MRG
Red Hat has sent out a press release on its new "Red Hat Enterprise MRG" offering. MRG stands for "messaging, realtime, grid"; this distribution appears to be aimed at high-end financial operations and related uses. It contains all of the realtime patches, along with grid scheduling features and an implementation of the advanced message queuing protocol specification. More information can be found on the product page.New mailing list available, RHSA-announce@redhat.com
Red Hat has a new mailing list, RHSA-announce, that will be used to send out security advisories for every Red Hat product and service. Click below for subscription information.
Distribution Newsletters
Fedora Weekly News Issue 111
The Fedora Weekly News for November 26, 2007 covers Planet Fedora articles on "Free Creative Commons 5th Bday DEC 15 in San Francisco", "Testing Needed: mkinitrd bash-branch", "The plan for Xen kernels in Fedora 9", "Zagreb of Croatia Reporting" and "Official: FUDCon, Raleigh, January 11-13 2008", and several other topics.openSUSE Weekly News, Issue 1
The first issue of the openSUSE Weekly News has been published. "The aim of the newsletter is to summarise all the finer details occurring in and around the openSUSE Community. This issue covers: * YaST documentation now in public SVN * Joint GNOME/KDE public packaging day coming up * PulseAudio in the works for openSUSE * KWIN Composite updates * Distribution, Build Service and Communication Status Updates * In Tips and Tricks: How to install openSUSE on a Mac Mini, and how to get Screenlets on openSUSE."
openSUSE Weekly News, Issue 2
This edition of the openSUSE Weekly News covers ATI RadeonHD Driver: First Release!; YaST Gets Ported to Qt4; FOSDEM Main tracks talks and developer rooms, with an openSUSE room and stand, announced; In Planet SUSE: Mono on OS X, openSUSE KDE Developments, KDE4 Desktop Effects Video Tour; and in Tips and Tricks: Speed up Package Management. The newsletter is available in English and in German.PCLinuxOS Magazine - Issue 16
The December 2007 edition of PCLinuxOS Magazine is available. Articles include: A Guide to Multi-booting, How to open .docx files, Ndiswrapper, Hardware Database, Using Cron and Rsync, Camera Review, Open Wifi Opinion, and more.full circle #7 - for the Ubuntu community - is out
Full Circle magazine, an independent magazine for the Ubuntu community, has released issue 7. This issue covers Step-by-Step Ubuntu Studio install, How-To : Simply Install SSH, A Terminal on your Desktop, Easily Convert from Windows and Learning Scribus pt.7, Review : Wubi Installer, Top 5 - Audio/Video Apps, Interview with Howard County Library and more.Ubuntu Weekly Newsletter #68
The Ubuntu Weekly Newsletter for December 2, 2007 covers Full Circle Magazine #7, Hug Day, Hardy Heron Alpha 1, the release of JeOS 7.10 and Launchpad 1.1.11, newly approved teams and members, Ubuntu Server ads, and much more.DistroWatch Weekly, Issue 231
The DistroWatch Weekly for December 3, 2007 is out. "How many distributions have you installed? And what criteria do you use to evaluate them? Baris Paraskeva, a DistroWatch contributor, has summarised his experiences with many recent desktop distro releases in a grand overview - complete with ratings for ease of installation and use, package management and speed. In the news section, Ubuntu embarks on a new development journey, Mandriva announces two new products - Flash and Linutop, openSUSE launches a weekly newsletter, Mage Power interviews a leading developer of Source Mage GNU/Linux, and Foresight Linux unveils its plans for the upcoming version 2.0. Finally, we are pleased to announce that the November 2007 DistroWatch.com donation goes to MEPIS Linux."
Distribution meetings
DebConf 9 location: Extremadura, Spain
DebConf9, the 2009 Debian Conference will be held in the Extremadura region of Spain. "The estimated dates for the conference are currently planned to be September/October, but more details will be provided later on as they are available."
Newsletters and articles of interest
Creating Your Own Custom Ubuntu 7.10 Or Linux Mint 4.0 Live-CD With Remastersys (HowtoForge)
HowtoForge looks at creating a custom Live-CD from Ubuntu Gutsy or Linux Mint 4.0 with a tool called remastersys. "Remastersys is available in the Linux Mint romeo repository. You can customize your Ubuntu/Linux Mint system and then let remastersys create an iso image of it which you can then burn onto a CD/DVD."
Page editor: Rebecca Sobol
Development
The SquidBee open sensor network
SquidBee is a project that uses an open hardware design as well as
open-source software as a platform for remote control and sensing:
"SquidBee is an Open Hardware and Source wireless sensor device. The goal of SquidBee is getting an "open mote" to create Sensor Networks.
"
SquidBee uses the
ZigBee
self-organizing low power wireless mesh network protocol.
ZigBee operates in the unlicensed 2.4 GHz, 915 MHz and 868 MHz ISM bands
with data rates from 20-250 kbit/second, per channel.
ZigBee is optimized for super low power operation so that the devices
can be operated from battery power for long amounts of time.
For long-running outdoor applications, powering the devices from
photovoltaic panels would be an obvious technology choice.
Using the 1mW XBee power level, the XBee maximum device-to-device
range is 100 meters.
At the 100mW XBee pro power level, the range is extended to 1KM.
Each additional node can extend the range of the mesh network,
since data passes through the nodes.
![[SquidBee]](https://static.lwn.net/images/ns/squidbee.png)
ZigBee is supported by members of the
ZigBee Alliance:
"The ZigBee Alliance is an association of companies working
together to enable reliable, cost-effective, low-power, wirelessly
networked monitoring and control products based on an open global
standard
".
The operation of SquidBee is described:
![[Zigbee]](https://static.lwn.net/images/ns/zigbee.png)
SquidBee is built on top of the
Arduino open-hardware
prototyping platform:
"The Arduino board is a cheap, robust i/o board based on the ATmega168. It has 13 digital pins (6 of which allow PWM output) and 6 analog inputs. There are USB, serial, bluetooth, and mini versions, which you can buy or build yourself. Note: The reference designs for arduino are distributed under a Creative Commons license
".
An add-on MaxStream XBee Shield board and a power source are combined
with the Arduino board to create the SquidBee node.
See the
SquidBee Data-Sheet [PDF] and the
XBee Data-Sheet [PDF] for technical specifications.
Communication between a Linux machine and a network of SquidBee nodes can be accomplished by turning a SquidBee module into a gateway node and connecting the gateway to a Linux machine over the USB bus. The example Receiving data with the Gateway in Linux software shows how to achieve basic communication with the mesh network. The recently launched Zigbuzz project is working on an in-Kernel device driver for USB-connected ZigBee devices, no software has been released yet since it is still in the design phase. A Libelium MeshLium Router box can be used to connect a ZigBee wireless network to an 802.11 WiFi network. The SquidBee software page includes a control program for the Arduino board, other utilities and some example programs.
Some of the possible uses for the SquidBee technology include home automation, scientific data collection, remote control and security systems. The project has documentation (in some cases placeholders for documentation) on using a variety of I/O devices including: generic analog and digital sensors, light and temperature sensors, ultrasonic range finders, GPS modules, accelerometers, switches and LEDs, LCD displays and beepers. Although not listed, remote cameras, motion detectors and more weather sensors seem like obvious additions.
If you are looking for a convenient way to extend the reach of your system''s peripherals, SquidBee looks like the right project for the job.
System Applications
Database Software
Firebird 1.5.5 release candidate 1 announced
Version 1.5.5 release candidate 1 of the Firebird DBMS has been announced. "This sub-release introduces a few bug and security fixes backported from the Firebird 2.0.x branches."
PostgreSQL 8.4 Beta4 released
Version 8.4 Beta4 of the PostgreSQL DBMS has been announced. "Due to continued testing by our community we have found performance improvements, fixed bugs in PLperl and XML handling. We have also made many documentation improvements, particularly in the Partitioning section. We hope that this will be our last beta before release candidate so please download and continue testing. Testing is the only way to help ensure that any issues you find will be resolved. As always, our community is the first line of defense to help us find any "corner cases" of possible issues."
Postgres Weekly News
The December 2, 2007 edition of the Postgres Weekly News is online with the latest PostgreSQL DBMS articles and resources.SQLite version 3.5.3 released
Version 3.5.3 of SQLite, a light weight DBMS, is out. "Version 3.5.3 of SQLite is stable and is recommended for all users."
SQuirreL SQL Client version 2.6.2 released (SourceForge)
Version 2.6.2 of SQuirreL SQL Client has been announced, it features bug fixes. "SQuirreL SQL Client is a graphical SQL client written in Java that will allow you to view the structure of a JDBC compliant database, browse the data in tables, issue SQL commands etc."
Device Drivers
The first ATI r5xx/6xx X11 driver release
The announcement has gone out for the release of xf86-video-radeonhd 1.0.0 - the first free X11 driver for ATI Radeon R5xx and R6xx chipsets. The developers have gotten full modesetting, multiple monitor support, RandR 1.2, and more working. Note, though, the small print at the bottom: "No 2D & 3D acceleration, no XVideo yet. No TV, Component, and HDMI yet." This is clearly a release for early adopters, but it is an important milestone in the development of free high-end video support for Linux.
libfreebob 1.0.7 released
Version 1.0.7 of libfreebob, a driver for the BeBoB FireWire-based breakout boxes devices, is out. "A fresh new release from the FreeBoB project is available. It is only a maintenance release. It fixes a few bugs which were reported. If you don't have problems with the your current version of libfreebob, there is no reason to update to this one."
Libraries
radlib 2.7.1 released (SourceForge)
Version 2.7.1 of radlib, the Rapid Application Dev Library, is out with various improvements. "radlib is a rapid application development library for unix multi-process applications. It uses SYS V IPC facilities and FIFOs to provide an RTOS-like, event-driven, distributed framework. Processes may be run as daemons or have a controlling terminal."
Mail Software
qmail released into the public domain
The rumors have been circulating for a while, but now it's official: Daniel Bernstein has released qmail 1.03 (and a number of other packages) into the public domain.Sendmail 8.14.2 announced
Version 8.14.2 of the Sendmail MTA has been announced. "Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.14.2 which fixes some problems, e.g., * an important bug in the milter function smfi_chgfrom() which could cause the loss of a message body. * the handling of queued messages with 8 bit characters in From: or To: header which could be "mistaken" for internal control characters during a queue run and trigger various consistency checks. * the handling of lines longer than MAXLINE-1 characters in certain cases."
Tellmatic 1.0.7 released (SourceForge)
Version 1.0.7 of Tellmatic has been announced. "Tellmatic is a php and mysql based newsletter script to create, manage and send personalized newsletters or mass mails. uses wysiwyg and has a form editor. adresses and newsletter are stored in unlimited groups. handle bouncemails and failed adresses".
VPN Software
SSL-Explorer 1.0.0_RC10 released (SourceForge)
Version 1.0.0_RC10 of SSL-Explorer has been announced. "SSL-Explorer is a fully-featured, web-based SSL VPN server. This practicable remote access security solution includes SSL tunneling, intranet website proxying, access to multiple file systems and application launching/tunneling through a standard browser."
Desktop Applications
Audio Applications
Desktop Environments
GNOME 2.20.2 released
Version 2.20.2 of the GNOME desktop has been announced. "This is the second update to GNOME 2.20.0. The update fixes all known and unknown bugs and crashers. The next and last stable release for 2.20 branch will be 2.20.3."
GARNOME 2.20.2 released
Version 2.20.2 of GARNOME, the bleeding edge GNOME desktop distribution, is out. "This is the third release of the current stable GNOME branch, and the second bug-fixing release ironing out yet-more bugs, hopefully adding yet-more stability, and ships with the latest and greatest stable releases."
GNOME Software Announcements
The following new GNOME software has been announced this week:- Accerciser 1.1.3 (bug fix)
- Anjuta DevStudio 2.2.3 (bug fixes)
- Anjuta DevStudio 2.3.1 (unstable development release)
- Beagle 0.3.0 and Beagle-Xesam 0.1 (code rewrite, new features, bug fixes and translation work)
- cairo snapshot 1.5.4 (bug fixes and code improvements)
- Codename Nemo 0.1 alpha (initial release)
- Cutter 0.2.0 (initial release)
- Evince 2.21.1 (new features, bug fixes and translation work)
- Eye of GNOME 2.21.2 (new feature, bug fixes and translation work)
- gcalctool 5.21.3 (new features, bug fixes and translation work)
- gnome-applets 2.21.2 (new features, bug fixes, documentation and translation work)
- gnome-games 2.21.3 (new features, bug fixes and translation work)
- gnome-keyring 2.21.3 (new features and translation work)
- Gnome-schedule 1.2.1 (bug fixes)
- GTK+ 2.12.3 (new feature, bug fixes and translation work)
- MPlayer AppLnk 1.1 (unspecified)
- Orca 2.21.3 (bug fixes and translation work)
- Seahorse 2.21.3 (new features, bug fixes and translation work)
KDE 4.0 to be released in January (KDE.News)
KDE.News reports that the KDE 4.0 release has been delayed until January, 2008. "The KDE Release Team has decided to release KDE 4.0 this coming January. The release was originally planned for mid-December. The KDE developers want to solve a couple of essential issues before releasing. Having solved some of those issues, among which were glitches in the visual appearance, and in Konqueror, the KDE community hopes to have a KDE 4.0 that will live up to the high expectations for it."
KDE Commit-Digest (KDE.News)
The December 2, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "The beginnings of screen hotplug detection in Plasma, KRunner gets history support. Fifteen Pieces puzzle becomes the first Plasma applet in the game category. A block of bugfixing in KDevelop, with various other developments in areas such as a threaded debugger. Support for inequality constraints in Step, continued progress in the port of KEduca to KDE 4. Work on printing in okular. Work on Solid-based network management through NetworkManager. Various work towards Amarok 2. Milestones reached in the BitTorrent plugin for KGet. Subsystem rewrites (SSL, SFTP) in KFTP..."
KDE Software Announcements
The following new KDE software has been announced this week:- autoEqualizer 0.3 (bug fix)
- Beesoft Commander 4.0.06.beta (new feature and bug fixes)
- EncFs Service Menu 0.1 (initial release)
- Fresh Memory 0.3 (new features)
- KBib 0.6.3 (bug fixes)
- KDVD-RAM Tools 0.4.1 (new feature)
- Kid3 0.10 (new features and bug fixes)
- konqil.icio.us 2.0 (new feature and translation work)
- Kraft 0.22 (new features and bug fixes)
- kReiSSy 0.2.0 (unspecified)
- Krsync 0.4-Beta (new features and translation work)
- MPlayerThumbs horizontal 0.5b (style change)
- nmapsi4 0.1beta3 (new features and bug fixes)
- Pinky-tagger 2.0-1 (unspecified)
- PokerTH 0.6-rc (new features, bug fixes and translation work)
- pykeylicious 1.0 (initial release)
- pykeylicious 2.0 (new features)
- QtiPlot 0.9.2 (new features and bug fixes)
- Qtractor 0.0.9.778 (new features and bug fixes)
- rmThumbnails 1 (initial release)
- Stixi Pad 1.0.2 (unspecified)
- Swedish Internet Radio Stations 0.1 (initial release)
- Zhu3D 3.2.9 (new features and bug fixes)
- Zhu3D 3.3.0 (new features, bug fixes and translation work)
Xfce 4.4.2 released
Version 4.4.2 of Xfce, a light weight desktop environment, has been announced. "Sorry for the delay, but Xfce 4.4.2 is now available. It's the second maintenance release in the 4.4 stable series, focusing on fixing bugs and updating translations."
Electronics
kicad 2007-11-29-RC2 announced
Version 2007-11-29-RC2 of Kicad, an electronic CAD system, is available with bug fixes and other enhancements.gerbv 1.0.3 announced
Version 1.0.3 of gerbv, a viewer for Gerber CAD files, has been announced. "This is to announce the fourth release in the stable branch of gerbv, 1.0.3. This release represents a point release incorporating a few patches made against the 1.0.X source over the last 1 1/2 years."
Financial Applications
Adempiere Chart of Accounts Editor version 1.2 released (SourceForge)
Version 1.2 of the Adempiere Chart of Accounts Editor has been announced. The editor is a: "Small application to manage Compiere/Adempiere Chart of Accounts file format. Creates and modifies Accounting import files needed for client setup. An updated version with contributions from the Adempiere community and some minor usability improvements have been released."
Compiere 3.0 now available (SourceForge)
Version 3.0 of Compiere has been announced. "Compiere ERP+CRM is the leading open source ERP solution for Distribution, Retail, Manufacturing and Service industries. Compiere automates accounting, supply chain, inventory and sales orders. Compiere ERP is distributed under GPL V2 by Compiere, Inc."
Games
PCGen 5.13.5 alpha released (SourceForge)
Version 5.13.5 alpha of PCGen has been announced. "PCGen is a RPG character generator and maintenance program (d20 systems). All datafiles are ASCII so they can be modified by users for their own campaigns."
New WorldForge releases
The WorldForge multiplayer online role playing game project has announced Eris 1.3.13: "Eris is the WorldForge client-side session layer, used by many existing clients. This is a development release, as the API may change prior to the final release of Eris 1.4.0. However, any changes should be minor and easy to incorporate into clients; testing is recommended and appreciated."
WFMath 0.3.7
was also released this week:
"WFMath, or the WorldForge Math librarys main focus is geometric objects, and it has classes for several shapes as well as the basic math objects, points, vectors, matrices and quaternions. It is required by all WorldForge components.
"
Interoperability
Wine 0.9.50 released
Version 0.9.50 of Wine has been announced. "What's new in this release: Many copy protection fixes. GLSL is now the default for Direct3D.Lots of memory errors fixed thanks to Valgrind. Support for TOPMOST windows. Beginnings of an inetcomm dll implementation. Lots of bug fixes."
Music Applications
klick 0.5 announced
Version 0.5 of klick has been announced. "klick has been around for almost a year, but I figured no one will know about it if I don't tell anybody. So here's a new version, and the first official announcement. klick is an advanced command-line based metronome for JACK. It allows you to define complex tempo maps for entire songs or performances."
Office Suites
OpenOffice.org 2.3.1 released
OpenOffice 2.3.1 is out. This is a bugfix release with no new features; among other things it closes CVE-2007-4545, a code execution vulnerability associated with database documents.OpenOffice.org Newsletter
The November, 2007 edition of the OpenOffice.org Newsletter is out with the latest OO.o office suite articles and events.
RSS Software
DPNews 0.9 released (SourceForge)
Version 0.9 of DPNews has been announced. "DPNews is a rss based news aggregator module for dotProject. It enables you to rapidly view project relevant news from several sources. 0.9 is the first public GPL release of dp-news. It is considered beta until proven stability by the community, however it should be already stable enough to be reasonably used."
Web Browsers
Mozilla Firefox 2.0.0.11 Fixes Canvas Regression (MozillaZine)
MozillaZine has announced the release of Mozilla Firefox version 2.0.0.11. "The Mozilla Corporation today released Mozilla Firefox 2.0.0.11, the second minor update to the browser delivered this week. This upgrade has been rushed out to fix a regression introduced in Firefox 2.0.0.10, which broke the drawImage method of the canvas element (bug 405584)."
Mozilla Links Newsletter
The November 29, 2007 edition of the Mozilla Links Newsletter is online, take a look for the latest news about the Mozilla browser and related projects.SeaMonkey 1.1.7 released (MozillaZine)
Version 1.1.7 of SeaMonkey has been announced. "A stability and security update to SeaMonkey, the community-driven continuation of the all-in-one Mozilla Application Suite, has been released. As detailed in the SeaMonkey 1.1.7 section of the Mozilla Foundation Security Advisories page, the upgrade includes the same security patches as Mozilla Firefox 2.0.0.10, which was also made available this week. In addition to the security fixes, SeaMonkey 1.1.7 also includes several other small bug fixes".
Languages and Tools
Caml
Caml Weekly News
The December 4, 2007 edition of the Caml Weekly News is out with new articles about the Caml language.
Java
Announcing IcePick, a build framework for compiling the langtools
The IcePick project has been announced. "The aim of the IcePick project is to allow the language tools (javac, javadoc, javah, javap, apt) from the OpenJDK project to be built separately using any 1.5 compliant Java compiler. This is primarily motivated by a desire to allow these tools to be used with virtual machines that make use of the GNU Classpath library rather than simply as part of the larger IcedTea or OpenJDK distribution with the HotSpot or CACAO virtual machines."
Lisp
SBCL 1.0.12 has been released
Version 1.0.12 of Steel Bank Common Lisp has been released. "This version adds thread-safe hash tables, improves optimization of list subsequenses and string concatenations, and fixes many bugs. SBCL is a native compiling Common Lisp implementation, under MIT/Public Domain licence. It purports to conform to the ANSI Common Lisp standard, and features several non-standard extensions."
Perl
Perl 6 Design Meeting Minutes for 21 November 2007
The minutes from the November 21, 2007 Perl 6 Design Meeting have been posted. "The Perl 6 design team met by phone on 21 November 2007. Allison, Patrick, Will, Nicholas, Jesse, and chromatic attended."
Tcl/Tk
Tcl-URL! - weekly Tcl news and links
The December 1, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.
XML
Introducing E4X (XML.com)
Kurt Cagle introduces EAX on O'Reilly's XML.com. "ECMAscript for XML (more colloquially known as E4X) has had comparatively limited success of adoption in the face of the power of JSON, I suspect partially because of a general ambivalence that the JavaScript community has towards working with XML, but more so because there is comparatively little out there describing how best to take advantage of the features that E4X offers. E4X is an extension to JavaScript that is available to both Firefox and ActionScript developers that turns XML into a native data type on par with strings, arrays, objects, and regular expressions."
Cross Assemblers
gputils 0.13.5 released
Version 0.13.5 of gputils, the GNU PIC (microprocessor) utilities, is out with the following changes: "Added support for many new processors in all families. Added support for CONFIG directive on 18F devices. Support for new COFF format (MPASM default) in gpvo. Fixed bugs."
Libraries
Pantheios 1.0.1 beta 66 released (SourceForge)
Version 1.0.1 beta 66 of Pantheios has been announced. "Pantheios is an Open Source C/C++ Logging API library, offering an optimal combination of 100% type-safety, efficiency, genericity and extensibility. It is simple to use and extend, highly-portable (platform and compiler-independent) and, best of all, it upholds the C tradition of you only pay for what you use."
Version Control
GIT 1.5.3.7 announced
Version 1.5.3.7 of the GIT distributed version control system has been announced. "What's cooking for upcoming feature release v1.5.4 has been stablizing, and hopefully this will be the last of v1.5.3 maintenance series."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
MPAAs University Toolkit hit with DMCA takedown notice after GPL violation (ars technica)
Those stalwarts of copyright defense, the Motion Picture Association of America (MPAA), were caught distributing Linux without the source code in violation of the GPL. In a bit of irony, Ubuntu technical board member Matthew Garret had to resort to a DMCA takedown notice to get the "University Toolkit" removed from the MPAA website. ars technica has the coverage. "Although the MPAA's failure to comply with copyright law in this case is a delicious irony, it won't permanently prevent distribution of the antipiracy software toolkit. Oster told Ars that the MPAA would make sure that it fully complied with the GPL, and that the software would be available once again in 'short order.'"
One Laptop Per Child orders surge (Boston.com)
Boston.com looks at the current state of OLPC orders, noting that Peru has just signed up for 260,000 systems. "Robert Fadel, the foundation's director of finance and operations, said both programs are paying off. Since the Give One Get One program began Nov. 12, the foundation has received about $2 million in orders every day, he said. That works out to 190,000 laptops total, with at least half donated to children in developing countries. Fadel said many customers end up donating both the computers they buy."
Linux Adoption
Could Linux Help Bring Both Koreas Together? (Information Week)
Information Week reports that South and North Korea are teaming up to develop a version of Linux, tentatively named 'Hana Linux'. "People in South Korea speak of folks in North Korea more as lost brothers than bitter enemies. Over the years the two have made various rapprochements, but now it looks like North and South are teaming up on a whole new kind of joint project: a Korean-language Linux distribution."
Interviews
An Interview with Toby Segaran (O'ReillyNet)
O'Reilly features an interview with book author Toby Segaran. "Toby Segaran is the author of Programming Collective Intelligence. We recently spoke to him about his new book and why these kind of machine learning techniques are so important in the Web 2.0 era."
Interview with Brian Stevens (LinuxWorld)
LinuxWorld has an interview with Brian Stevens, President of Engineering and CTO at Red Hat. "What else can we expect to see from new Red Hat offerings? Should we just watch Fedora or where else can we learn about new stuff coming down the pipe? Everything that we have under development is happening in public. I think that we stand unique in that and that the media and our customers are usually well aware of technology that's going to be coming from Red Hat long before we productize it. So, Fedora 8, just made available in the last week, had 54,000 downloads and installs that we can even measure in the first four days, a vibrant development community around next generation technology whether that be KVM or appliances or spins or network manager improvements. So, Fedora is absolutely the place to watch the OS evolve."
Resources
A new GNOME Journal release
The occasional GNOME Journal has put out a new issue. There are three articles: an interview with Cheese developer Daniel G. Siegel, a review of Foundations of GTK+ Development, and an interview concerning a library which switched to Linux. "Our requests for help/help desk tickets have dropped by 40% since the Windows NT days. Most customers sit at the machine and work away, requiring no help. Customers who are less comfortable on a computer have questions, but they are not Linux-based. Instead, 'How do I bold text?' or 'How do I add a page break?' The kind we'd get with any application."
Linux Gazette #145 is out!
The December 2007 edition of Linux Gazette is out with articles on New Use for Old Hardware: Network RAID Backup, Linux on an ARM based Single Board Computer, Generating Postscript graphs using PyX, Review: User Interface Design for Mere Mortals, and more.Overcome multimedia hurdles in Linux (Tech Republic)
Jack Wallen discusses the playing of proprietary media types on Linux in a Tech Republic article. "Historically, Linux was unable to play files intended to only be playable with the Windows Media Player. However, with the help of codecs, Linux can play both audio and video files that were previously incompatible. Jack Wallen introduces the major players in the Linux multimedia party."
Reviews
Review: Asus Eee PC (smh.com.au)
The Sydney (Australia) Morning Herald reviews the Asus Eee laptop, which runs with a customized Xandros Linux distribution. "It does mean not being able to use your favourite Windows software but, fortunately, the Eee PC comes with dozens of programs, including the familiar Firefox web browser and Skype for online phone calls. Others on the roster cover email, instant messaging (for Windows Live, Yahoo and Google), playing music, video clips and organising your digital photos." (Thanks to Mark Tall)
Eaton announces UPS support for Ubuntu (Linux-Watch)
Linux-Watch reports on a Ubuntu-compatible UPS product from Eaton. "What's important about this is that it shows Ubuntu is being taken seriously by IHVs. Peripheral builders do not go to the trouble of making software for a Linux distribution, much less going to the additional expense and time of getting certification, unless they believe consumers and businesses are going to be adopting it in large, that is to say, profitable, numbers. That is especially true in the small margin, small volume world of less common peripherals such as UPSs."
Nokia N810 review (ars technica)
ars technica has posted an extensive review of the Nokia 810 tablet. "Although I'm relatively pleased with the software, I'm still not entirely sold on some of the hardware choices behind the N810. The value of built-in GPS support seems particularly questionable, especially when you add in the cost of the WayFarer software upgrade, which is required to actually use the GPS. One could probably buy an N800 and an external GPS unit with more features for less than the total cost of the N810 and the WayFarer software. The vast majority of users who want GPS functionality will only use it in a vehicle anyway, so is there really a compelling reason to integrate it into a handheld computer?"
RISC/DSP chip comes with Linux, targets HD video (LinuxDevices)
LinuxDevices takes a look at Texas Instruments' DaVinci family chip. "Texas Instruments (TI) announced a new DaVinci family chip claimed capable of transcoding high-definition video at line rates. The TMS320DM6467 system-on-chip (SoC) weds a 297MHz ARM9 core with a 600MHz C64+ DSP, and is available with a development board and software stack based on MontaVista Linux."
Miscellaneous
Open Document Format Can Evolve Without Foundation Input (eWeek)
Peter Galli considers the future of the Open Document Format on eWeek. "The recent demise of the OpenDocument Foundation is not expected to have any impact whatsoever on the progress and adoption of the Open Document Format. While the Foundation's legacy is the subject of much debate, several commentators say its greatest contribution to the ODF movement was its enthusiastic early support for the document format, and little else."
What Not to Buy in 2007 (PC Magazine)
PC Magazine has some helpful holiday shopping advice. "Don't buy: Linux. The world's cheapest operating system is the darling of every do-it-yourselfer and the potential bane of every cheapskate user. You'll save money and, I bet, lose your mind if you switch to Linux. Note to DIYers: This advice is intended for middle-of-the-road tech consumers. You, with the screwdriver in your hand, please feel free to download as many copies of Ubuntu as you want."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
Ted Ts'o goes to the Linux Foundation
The Linux Foundation has announced that longtime Linux kernel hacker Ted Ts'o has joined as its "chief platform strategist" for two years; he will be working to promote the Linux Standard Base and other Foundation initiatives.
Commercial announcements
Guardian Digital releases new EnGarde Secure Linux Community
Guardian Digital has announced a new release of EnGarde Secure Linux Community. "Used by security enthusiasts, businesses and global organizations worldwide for its ease of use, stability and security since 1999, it is just one part of Guardian Digital's complete Open Source security portfolio."
ZaReason joins the $199 gPC business
Everex, the company providing the $199 "gPC" sold by Wal-Mart, has announced that it has partnered with ZaReason to help deliver the sold-out systems. ZaReason seems to be an interesting company: "ZaReason is staffed almost entirely by volunteers and caters to the Linux enthusiast, offering branded desktop and notebook computers from $199 to $1499."
New Books
Head First C#--New from O'Reilly Media
O'Reilly has published the book Head First C# by Andrew Stellman and Jennifer Greene.The Book of PF--New from No Starch Press
No Starch Press has published The Book of PF, A No-Nonsense Guide to the OpenBSD Firewall by Peter N.M. Hansteen.
Resources
Report: free codecs for online video
Transmission.cc has posted a detailed report on the state of the art in free video codecs. "This research report seeks to outline the current state of Free and Open Source Software (FOSS) codecs and containers, particularly how they might evolve and be implemented by social justice organisations within the Transmission network for which this report was originally envisioned. Transmission is a network of citizen journalists, video makers, artists, researchers, programmers and web producers who are developing online video distribution tools for social justice and media democracy." (Via BoingBoing).
Contests and Awards
Les Trophées du Libre contest winners announced
The winners of the 2007 Les Trophées du Libre free software contest have been announced. "Since 2003, Cetril has organised the Trophées du Libre contest, with the support of various partners, to reward innovative free software in six different categories: Security, Games/Multimedia, Education, Scientific software, Public sector software, Enterprise software."
Vienna.pm Winter of Code (use Perl)
The Vienna.pm Winter of Code contest has been announced. "YAPC::Europe 2007 left Vienna.pm with quite a lot of money. We want to give part of this money back to the Perl community by hosting the Winter of Code (with apologies to Google...). You can find detailed information in our new and shiny Wiki. For those too lazy to follow links, here's the super-short summary: * We have about 20,000 to spend..."
Calls for Presentations
LAC2008 submission deadline extended
The submission deadline for the 2008 Linux Audio Conference has been extended until December 6. "We invite submissions of papers addressing all areas of audio processing based on Linux and open source software. Papers can focus on technical, artistic or scientific issues and can target developers or users. We are also looking for music that has been produced completely or mostly under Linux and/or with open source software from every genre: compositions, Electronica, Chill-Out, Ambient, etc."
Upcoming Events
YAPC::Europe 2008, Call for Attention (use Perl)
use Perl has an announcement for YAPC::Europe 2008. "jonasbn writes "The dates for the annual YAPC::Europe conference to be held in Copenhagen in 2008 have been settled. The hosts, Copenhagen Perl Mongers, are happy to inform you that the event will take place across 3 days, from Wednesday the 13th to Friday the 15th of August 2008, at the magnificent venue of Copenhagen Business School."
Events: December 13, 2007 to February 11, 2008
The following event listing is taken from the LWN.net Calendar.
| Date(s) | Event | Location |
|---|---|---|
| December 15 December 22 |
Unix Meeting 2007 | IRC, Worldwide |
| December 27 December 30 |
24th Chaos Communication Congress | Berlin, Germany |
| December 31 | Israeli Perl Workshop | Ramat Efal, Israel |
| January 11 January 13 |
FUDCon Raleigh 2008 | Raleigh, NC, USA |
| January 16 January 17 |
QualiPSo Conference 2008 | Rome, Italy |
| January 17 January 19 |
KDE 4 release event | Mountain View, CA, USA |
| January 24 | Federal DBA Day | Washington DC, USA |
| January 28 February 2 |
Linux.conf.au 2008 | Melbourne, Australia |
| January 28 February 1 |
Ruby on Rails Bootcamp with Charles B. Quinn | Atlanta, Georgia, USA |
| January 29 January 31 |
Solution Linux 2008 | Paris, France |
| February 1 | Open Island | Belfast, United Kingdom |
| February 6 February 10 |
O'Reilly Money:Tech Conference | New York, NY, USA |
| February 7 | Frozen Perl 2009 | Minneapolis, United States |
| February 8 February 10 |
Southern California Linux Expo | Los Angeles, USA |
| February 10 February 13 |
NDSS Symposium 2008 | San Diego, CA, USA |
If your event does not appear here, please tell us about it.
Page editor: Forrest Cook