The 2007 Linux and free software timeline

Welcome to the tenth annual LWN Linux and free software timeline. In what has become a longstanding tradition, LWN finishes each year with a collection of the most important events from the last twelve months.

This is version 1.0 of the 2007 timeline. There are certainly errors and omissions; if you find any, please send them to timeline@lwn.net rather than posting them as comments.

The development of the LWN.net Linux Timeline was supported by LWN subscribers; if you like what you see, please consider subscribing to LWN.

January: Nouveau driver pledge, GPL Second Life, LCA, ... February: Bitfrost, 2.6.20, RTLinux, Robbins, Raymond, ... March: RSDL, RHEL5, Murdock, Beryl/Compiz, ... April: OpenBSD, Debian 4.0, CFS, 2.6.21, ... May: Python 3000, 235 violated patents, Indiana, Fedora 7, ... June: Emacs, Microsoft deals, Btrfs, GPLv3, ...

July: Slackware 12, 2.6.22, CUPS, CPAL, ... August: SCO loses, ClamAV, OpenBSD, ... September: NetAPP/Sun, Kernel summit, ATI opens up, SCO bankruptcy, ... October: 2.6.23, openSUSE 10.3, Gutsy, GNOME/OOXML, ... November: Fedora 8, KDE 4.0-rc, lawsuits, ... December: RHE-MRG, qmail, HTML5 without Theora, ...

This year, we are pleased to announce the return of the one big page version as well.

Thanks to the following people for suggestions which have improved this year's timeline:

• Xavier Bestel
• Chromatic
• Norman Gaywood
• Jim Gettys

For the historically minded, the timelines for the previous nine years remain available:

1998

1999

2000

2001

2002

2003

2004

2005

2006

Comments (4 posted)

Wild predictions for 2008

It's that time of year again: the beginning of the new year - along with the lack of much else going on - inspires editors to make predictions about what they think may happen in the coming months. Your editor is not immune to these forces, and he has long since ceased to fear the possibility of looking like a fool in front of thousands of people. He's used to looking like a fool in front of thousands of people. So, without further ado, here's a set of wild guesses about what may await us in 2008.

Development

Support for Flash media will reach a usable state in 2008 - at least, on the playback side. The ability to waste time on video sites using only free software will doubtless prove appealing for many Linux users, while the ability to display Flash-based advertising may prove less so. But Flash is an important medium for video content and various types of interaction; good, free support for this medium is an important prerequisite for true World Domination. Arguably even more important is the ability to create Flash media on Linux, but that will take a little longer to come around.

KDE 4.0 will be released early in the year. This is a huge, milestone release for the KDE development community, but the developers who have worked so hard toward this goal may find the user community's response a little disappointing. For all of the great work which has gone into 4.0, it remains a dot-zero release, and a big one at that. The remaining bugs and missing features are certain to put off some early adopters. One need only think back to the early GNOME 2.x releases, though, to realize that this is a normal part of the development process and that things will get much better quickly.

The focus on power consumption will intensify this year, continuing a trend from 2007. Linux should, by all rights, consume less power than competing systems on the same hardware - but it doesn't. We now have the tools to identify and track down the worst offenders in this area, and we have the low-level support needed to make low-power Linux possible. Mobile applications may continue to drive this push, but there may be even more low-hanging fruit on fixed systems. There is just no end of reasons to reduce power consumption on all systems running Linux, and we're now in a position to get that job done.

The merging of the realtime Linux tree will be substantially complete by the end of the year. Your editor is out on a limb here; the remaining realtime code includes some of the most intrusive changes. But distributors are shipping this code now, and it has been well tested in a number of environments. So it seems likely that, by the end of 2008, the mainline Linux kernel will be fully capable of running in a realtime mode.

Legal issues and related overhead

The OOXML standardization debate will continue, and Microsoft may well prevail in getting its document format recognized as a standard by the end of the year. The free software community will react as it always has - it's just another data format to support.

More projects will move to GPLv3 in 2008, creating occasional fallout at the distributor level when newly-created licensing conflicts are found. The most interesting potential change is the GNU C library, which remains at LGPL 2.1 as of this writing. A GPLv3-licensed glibc would have to be user-replaceable, which could be problematic on locked-down devices. So, if this change happens, expect a increased interest in alternative C libraries for embedded applications.

GPL enforcement activities will continue and may even increase. Patience with companies which use the code without complying with its license is at a low point, and that will not change. Chances are that, once again, almost every company which is confronted on GPL-violation issues will come into compliance without going to court.

There will be no more Microsoft patent deals, at least with companies of any significance. Those who are inclined to make such agreements have already done so; the holdouts are unlikely to change their minds at this point.

Commercial and related

The OLPC project will start to think seriously about the successor to the XO. There will be many opportunities to build a platform which can be even more empowering for small children; for example, the GNU Radio folks are already pondering ways to bring software-defined radio capabilities to this machine. Meanwhile, deployments of the XO will continue to happen and we'll see the first effects of putting truly free systems into the hands of children. Some of those effects will certainly surprise us.

The days of hardware support hassles will be over. By the end of 2008, we should have good support for ATI graphics adapters, Atheros wireless chipsets, and even, via the Nouveau project, NVidia adapters. There will always be exceptions, but the rule will be clear: we will be able to buy hardware secure in the knowledge that it will work with our Linux systems.

Competition between distributors will grow in intensity. We saw some hints of this in the sniping between Red Hat and Novell toward the end of 2007; there will be more as these businesses increase their focus on the bottom line. Ubuntu will also push harder, though, interestingly, it often seems like that distributor's biggest perceived competitor is Fedora. Your editor believes (and hopes) that cooperation at the development level will remain strong despite increasing drama at the public relations level.

Along these lines, expect intensified competition from Sun, which will continue to try to aggressively push Solaris into Linux shops while simultaneously presenting a friendly face to the community. We may also see more of the less-friendly side of the BSD community for similar reasons.

Community

There will be a major technical Linux event in the United States - the first in some years. The Linux Plumbers Conference, planned for mid-September, will be unique in its focus on the kernel and the software layers immediately surrounding it. Getting the "greater kernel ecosystem" together in one place is an overdue move which should help integration and development of the plumbing we all depend on.

Participation in the development community will grow. That, of course, has been true every year for at least two decades. In 2008, though, we can expect to see a stronger push to encourage developers from parts of the world which traditionally have not contributed so strongly to our community; Asia, in particular, should continue to increase its presence. We will also continue to see companies in the embedded systems area figure out that, if they do not participate in the development of the code they use, others will have a much stronger influence on how that development goes.

Tolerance for anti-social behavior on mailing lists, IRC channels, etc. will continue to drop as development communities try to attract and provide a welcoming environment for more participants. Many communities have formal codes of conduct now; others may well try to adopt them. But even less-formal groups will increasingly understand that a harsh and unfriendly environment hurts the project as a whole.

As usual, we'll come back to these predictions at the end of the year and mock them without mercy. Until then, best wishes for a great 2008 from the LWN editorial team!

Comments (20 posted)

The Grumpy Editor's video journey part 3: DVD authoring

As readers of the first part of this series will remember, your editor has set out on a project to digitize a set of old video tapes and turn them into properly-formatted DVD media suitable for handing out to the grandparents. Part 1 was about the task of capturing this data to disk; part 2 covers the video editors available for turning the captured data into something watchable, and part 3 covers the task of creating a DVD from the edited video.

Attentive readers may have noticed that part 2 has not yet been written; there are more editors available than your editor had expected (currently under review are Cinelerra CV, Kino, PiTiVi, LiVES, and Avidemux), so that process is taking longer than expected. For the purposes of this article, let us assume that your editor has a disk full of video clips which have been edited and properly formatted into the MPEG2/AC3 video object files expected by DVD players. There will be a discussion of the best ways to get those files there in the near future, promise.

Many of us have burned CDs and found the process to be relatively straightforward - the biggest obstacle is often just getting past the grumpiness built into cdrecord and its latter-day derivatives. Creating data DVDs is not a whole lot harder. So one might be inclined to approach the task of creating a video DVD with a "this will be easy" attitude. It is, in fact, a task just about anybody can learn to do, but it is on a different order of complexity than creating a CD full of music. A video DVD is, in truth, a program complete with its own hierarchical structure, menus, and code written for the simple virtual machine lurking within every DVD player. Creating a playable DVD requires writing that program.

If DVDs are programs, then the one compiler available for Linux systems is the command-line dvdauthor tool. Regardless of how one builds a DVD, dvdauthor will be involved in the process at some point. This tool requires a collection of video objects representing the actual video titles and also implementing the menus, subtitles, and more. It's all tied together via a complex XML file (example) which is compiled by dvdauthor to create the final product.

It is possible to create all of these pieces by hand, and, doubtless, Real Linux Video Jocks would not do it any other way. One can use dvdauthor to help with the generation of parts of the XML file. There is documentation which seems fairly complete, if a bit terse. But the fact of the matter is that most people attempting to use this tool directly will give up in despair. There is no reason why DVD authors should have to work at this level; dvdauthor is essentially an assembler which, while being absolutely essential to do most of the heavy lifting, should be hidden from most polite company. DVD creation is a visual task; there should be visually-oriented tools for this job. The good news is that these tools do, indeed, exist.

DVDStyler

The first of these tools is DVDStyler, a GTK-based application. There are three basic tabs which are used to work through the tasks of piecing together a DVD; they are labeled "Directories," "Backgrounds," and "Buttons." The directories tab pulls up a simple internal directory browser, useful for adding objects to the DVD. So, if the DVD author has a collection of VOB files containing video data, they can be found by way of this tab and added, one by one, to the DVD. Each object shows up in the bottom pane of the window, generally with an unhelpful annotation like "Title 2". There is no easy way to see what each of those titles is; one must query their properties and look at the associated file name.

As a grumpy aside, your editor must note that the directory browser uselessly starts at $HOME. One need not work with much video data before realizing that special provisions must be made for its storage; video objects are unlikely to be kept in the home directory. Your editor has a hard time understanding why tools like this are unable to start file searches in the current working directory, which is a much more likely place to find things of interest. Switching to $HOME is not just a least-surprise violation; it actively makes things harder for the user.

The "Backgrounds" tab helpfully offers a dozen or so canned background images which can be used for the DVD menus. They are nice backgrounds, and they might just be useful for somebody struggling through the process of creating a DVD for the first time. Your editor, though, suspects that most users, by the time they create their second (working) DVD, might just want to supply their own background images. They will look for that option under the "Backgrounds" tab in vain, though. It is possible to supply a custom image: go to the large (video screen) pane, right-click, select "properties," and set an image there. It's easy, once you've figured it out. But one would think that, having gone to the trouble to provide an entire mode dedicated to background images, the developer would have thought to toss in a "none of the above" button.

The hardest part of creating a DVD (once one has suitable video in place, obviously) is getting the menus to work. DVDStyler starts with an empty main menu in place; it is up to the user to add entries which will do interesting things. That is done by way of the "Buttons" tab. There's a selection of arrows available, as well as the ability to add basic text buttons. The button of interest can be simply dragged to the right spot on the menu, sized appropriately, and configured to do the right thing. There are also "empty" buttons for more complicated situations where the real button text (or image) is found on the menu's background image.

Having added a button, the author must tell the system what happens in response to events on that button. To that end, there is a separate "properties" dialog. Usually one wants a button to cause a certain video title to be played, and that is easily configured. If more than one menu has been created, buttons can also be set to jump from one menu to the next. There is a "custom" blank for the harder cases which require direct entry of code to be executed by the DVD virtual machine. In DVDStyler, the selection of relatively obscure options (subtitles, languages, camera angles) can only be set up in this way.

Also required is a specification of what happens when one of the directional arrows is pressed. The default "auto" setting leaves that up to the player, which will probably do the right thing - the down arrow, for example, will move the focus to the next button below the current one. Anybody who is concerned about the user interface provided by the resulting DVD will probably want to set these actions explicitly, though - a somewhat tedious and time-consuming task.

Eventually, the time comes to actually create the DVD. Most first-time users will probably go to the DVD menu for this task, but the "burn" option is not there - it's under the "file" menu instead. The resulting dialog works nicely, giving the user the option to stop after generating the ISO image or to run a preview application (xine by default) before actually writing to the disk. Underneath this dialog is a whole set of helper commands which are run; those can be configured if need be, but most users will not tread there.

All told, your editor found DVDStyler to be the easier tool to use for quickly putting together a video disk. There is just one little problem: those disks never quite worked right on your editor's ancient DVD player. Somehow, a misunderstanding about how the menus should work crept in. Your editor suspects, perhaps, that overlapping buttons may have something to do with it; the other application reviewed by your editor (QDVDAuthor) detected and corrected that situation, but DVDStyler did not. In any case, newer players had no problem with the generated disks, so this may not be a problem that most people need to be concerned with.

'Q' DVD-Author

The other DVD authoring application considered here is 'Q' DVD-Author (or qdvdauthor from here on out in an effort to save your editor's typing fingers). This is a Qt-based application aimed at providing complete DVD authoring capability. It is arguably more complete and mature than DVDStyler, but more complex as well.

Qdvdauthor provides a three-paned window with areas for the current set of audio/video objects, the DVD hierarchy, and the menu designer. The audio/video pane, on the left end, is clearly a work in progress. There is a thumbnail area which shows the opening frame of the associated video - sometimes. Other times it stays green and qdvdauthor silently leaves an mplayer process desperately cranking away in the background. It was only when the load average on your editor's system got to around 20 that he figured that one out. There is a "play" button which pops up a cheery "not yet implemented" button. The run time of each video title is also displayed. All told, it is a more useful display than what DVDStyler offers, with the potential to be quite a bit better yet.

The middle pane shows the current hierarchy of objects making up the DVD. It is a helpful display, given that DVDs truly are hierarchical objects. It likes to reset itself to the top, though, making it necessary to scroll repeatedly toward the bottom when the DVD gets more complex. The right pane shows one of the DVD menus - or a couple of other things we'll see later on. One very nice feature is the little display at the bottom showing how much data has been committed to the DVD so far and how much room remains.

Video titles are easily added using the prominent "add movie" button. Once attention turns to the menu creation process, one notices that there is no separate "backgrounds" tab - but there is a button for adding a custom background image, which is what is really needed anyway. Your editor found that dragging a thumbnail from the video pane over to the menu area created a picture button which would play the associated title - a nice feature.

The creation of text buttons (or those from a separate image) is a bit more labor-intensive, requiring the user to right-click on the background, select "add text", draw a rectangle to define the text area, fill in a rather gaudy text dialog (shown left) with the actual text (and tweak fonts and such), right-click on the newly-added text and select "define as button", then fill in the button properties dialog (shown right). That last step involves setting the button name (necessary - it would be nice if it defaulted to the button text) and picking the various associated actions. It takes a while.

Eventually, the time comes to commit all of that work to an actual DVD. A click on the associated button gets that process going. If one has been sloppy in drawing out buttons, the first thing to come up will be a warning that some of the buttons overlap, accompanied by an offer to fix the problem automatically. One can also decline the offer (aborting the process) to fix the problem manually.

This is as good a point as any to note that moving and resizing buttons in qdvdauthor is a real exercise in pain. The button areas have the usual grab points for moving, dragging edges and corners, or rotating the button. But none of those are visible until the user has clicked the mouse and committed himself to doing something. The end result is that attempts to drag a button often do something else - like rotating them to some strange angle. The basic interaction modes for operating on graphical objects in a display have been well understood for years; one can only imagine that whoever designed this interface was engaging in some sort of sadistic exercise which was sponsored by purveyors of strong drink.

Once the buttons have been sorted out, selecting the burn operation brings up a rather intimidating dialog showing all of the commands which will be executed to get the job done. It's at this point that one realizes just how much behind-the-scenes magic is going on to make the DVD creation process actually happen. There are options to disable specific parts of the process (actually burning the disk, for example), and the adventurous can edit the commands before they run. Most people, though, will probably just hit the "OK" button at the bottom and watch the process unfold. Which it does, just as one would expect.

There's a few other nice features hidden in this application. The menu pane can be made to show the XML file which will be generated for dvdauthor; it can also be put into a garish and complex dialog which facilitates the addition of subtitles. There is a template mechanism for menus, and a network-based repository from which qdvdauthor can download new templates. There is an operation which will convert the entire DVD between the NTSC and PAL formats - your editor has not yet exercised this option, but, given that some of the grandparents for whom this work is intended live in Europe, it will eventually come in handy. There is a little-used plugin mechanism and a theme feature as well; long-neglected Motif users will be glad to know there is a style for them. The addition of audio to menus and intro/outro sequences to titles is relatively straightforward. There is also an option to make DVD slideshows out of a series of still images.

Conclusion

Either one of these applications can get the job done. They both show the best of how an application on a Unix-like system can add power by using existing tools. Neither DVDStyler nor qdvdauthor actually does much of the work of creating menus or burning DVDs; they mostly just put together fiendishly-complex command lines and call out to the tools which have been designed to do that work well. Overall, the combination works reasonably well.

A feature which is lacking from both tools is a "hold my hand" mode for people who are not - and do not want to be - experts in DVD creation. A sequence of screens which would set up an initial menu, import titles, and create buttons for each would be most helpful in this regard. As it is, users must have their own internal checklist in mind when creating DVDs, and it is easy to miss things. Your editor, while certainly slower than most, is unlikely to be the only one to have created an impressive pile of coasters before finally producing a DVD which actually worked as intended.

While the tools edited here are, in your editor's opinion, the best available for Linux for this task, there are some others to be aware of:

• Tovid is a set of command-line tools for the creation of DVD menus and putting the whole structure together. They hide much of the underlying complexity and may prove useful for users not wanting to work with a graphical interface.

• VideoLink is an interesting tool which enables the creation of DVD menus in HTML. It then renders them with a web browser and prepares the result for burning to a DVD.

• Kino (which will be covered in depth in part 2) can produce a simple dvdauthor script to make a no-menu DVD with a single title.

• KDE DVD Authoring Wizard is a kdialog script which steps the user through the creation of a simple DVD. It provides the handholding mentioned above, but, arguably, simplifies out too much of the process.

Of all these tools, it must be said that qdvdauthor is, at this time, the most complete and capable. It provides access to almost any capability supported by current DVD players, is relatively easy to use, and works most of the time. With luck, the developers (who released the 1.0.0 version reviewed here in November, 2007) will devote themselves to smoothing out the remaining rough edges, leaving us with a tool which DVD authors at any level can use.

Comments (22 posted)

The future of unencrypted web traffic

Hypertext transfer protocol (http) is the heart of the web, providing the means to retrieve content from remote servers. It is an unencrypted, text-based protocol which allows malicious intermediaries to snoop on and potentially modify the traffic. Unfortunately, internet service providers (ISPs) are getting increasingly bold in manipulating the traffic that they carry. This has lead some to call for the elimination of http, in favor of encrypted http (aka secure http or https).

An ISP is perfectly situated to gather an enormous amount of information about its users, their website preferences and habits (often called clickstream data). Some have reportedly been selling some of that data in a thinly-anonymized form to advertisers and others. As AOL's well-intentioned, but poorly implemented, release of search queries showed, it is rather easy to analyze this kind of data and pierce the anonymity, deriving the specific user.

Another recent ISP trick is to modify a retrieved web page to display other information – under the control of the ISP – which looks like it comes from the website itself. Canadian ISP Rogers Internet has been testing a system to add content to the Google homepage for their customers who are near their monthly bandwidth limits. There are also plans afoot for ISPs to use clickstream data to target advertising – though just where those ads would show up is far from clear.

This kind of manipulation is unlikely to be what internet users expect – to the extent they think about it all. The model folks tend to use is that of a phone company; we do not expect them to sell our call records to the highest bidder, nor do we give them license to modify our calls. Various telecommunications privacy laws protect that data, but those laws have not (yet) been applied to internet traffic. In addition, ISPs tend to have a monopoly or near-monopoly, which restricts alternative, less-intrusive ISPs from competing.

Fortunately, there are technical solutions possible in the internet realm that would be difficult or impossible to implement network-wide in the phone system. Encrypting website traffic will go a long way towards eliminating this kind of ISP abuse, though it is no panacea. As more of these kinds of privacy invasions occur, we should see more routine use of https by websites.

Currently, https is almost exclusively used for e-commerce transactions; typing in credit card numbers and the like. Authentication via username and password is another area that sees widespread encrypted pages. Sites may start to use https for their entire site to combat clickstream and page rewriting abuse – though there will still be some information leakage as the ISPs can still see what sites are being visited.

In order to make an https connection, the server must have a certificate with its public key. Typically those are signed by an authority recognized by browsers which allows the browser to authenticate that the certificate belongs to the host visited. Getting signed certificates is a bit cumbersome, costs some money, and they need to be renewed periodically – all of which adds up to a headache for a site, especially a small, non-commercial site, that wants to switch to using https. Self-signed certificates are an alternative, but because they are susceptible to man-in-the-middle attacks, browsers warn their users when they receive one.

Another problem with this approach is the extra processing required on the server to support encrypting each and every request. There is a non-trivial amount of extra work that must be done per request and cannot be cached. Sites that wish to avoid the problems that some ISPs are introducing will just have to bear that cost.

Pushing bits is not very glamorous, but that is really what one hires an ISP to do. Since they seem to be finding new and exciting ways to interfere with those bits – Comcast messing with BitTorrent traffic for example – internet users will have to find ways to thwart their schemes and encryption will be a big part of that effort. Using https site-wide is only one step, other services will also need to be protected from ISP abuse. What if an ISP started manipulating the results returned from DNS queries, perhaps routing some to a server they control?

Comments (32 posted)

LWN adds a Security index

LWN has added a new index to complement the existing Kernel index. The Security index covers security articles we have published since the start of 2007. Hopefully this will be a useful resource for our readers and, as always, we value your comments. Please send them to lwn-AT-lwn.net.

Comments (none posted)

autofs: privilege escalation

Package(s):	autofs	CVE #(s):	CVE-2007-6285
Created:	December 21, 2007	Updated:	January 14, 2008
Description:	The default configuration for autofs 5 (autofs5) on Red Hat Enterprise Linux (RHEL) 4 and 5 does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server.
Alerts:	Mandriva MDVSA-2008:009-1 autofs 2007-01-12 Mandriva MDVSA-2008:009 autofs 2007-01-11 Fedora FEDORA-2007-4707 autofs 2007-12-21 Fedora FEDORA-2007-4709 autofs 2007-12-21 Red Hat RHSA-2007:1177-01 autofs5 2007-12-20 Red Hat RHSA-2007:1176-01 autofs 2007-12-20

Comments (1 posted)

bind: insecure permissions

Package(s):	bind	CVE #(s):	CVE-2007-6283
Created:	December 21, 2007	Updated:	July 10, 2008
Description:	Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
Alerts:	Fedora FEDORA-2008-6281 bind 2008-07-09 Red Hat RHSA-2008:0300-02 bind 2008-05-21 Fedora FEDORA-2008-0903 bind 2008-01-22 Fedora FEDORA-2007-4655 bind 2007-12-20 Fedora FEDORA-2007-4658 bind 2007-12-20

Comments (1 posted)

clamav: mystery vulnerability

Package(s):	clamav	CVE #(s):	CVE-2007-6337
Created:	December 31, 2007	Updated:	January 22, 2008
Description:	Clamav contains "an unspecified vulnerability" associated with the bzip2 decompression code.
Alerts:	Fedora FEDORA-2008-0115 clamav 2008-01-22 Fedora FEDORA-2008-0170 clamav 2008-01-22 SuSE SUSE-SR:2008:001 libexiv2 dvips libsndfile squid rsync clamav xen 2008-01-09 Mandriva MDVSA-2008:003 clamav 2007-01-08 Gentoo 200712-20 clamav 2007-12-29

Comments (1 posted)

exiftags: multiple vulnerabilities

Package(s):	exiftags	CVE #(s):	CVE-2007-6354 CVE-2007-6355 CVE-2007-6356
Created:	December 31, 2007	Updated:	April 1, 2008
Description:	From the Gentoo advisory: Meder Kydyraliev (Google Security) discovered that Exif metadata is not properly sanitized before being processed, resulting in illegal memory access in the postprop() and other functions (CVE-2007-6354). He also discovered integer overflow vulnerabilities in the parsetag() and other functions (CVE-2007-6355) and an infinite recursion in the readifds() function caused by recursive IFD references (CVE-2007-6356).
Alerts:	Debian DSA-1533-2 exiftags 2008-04-01 Debian DSA-1533-1 exiftags 2008-03-27 Gentoo 200712-17 exiftags 2007-12-29

Comments (none posted)

exiv2: integer overflow

Package(s):	exiv2	CVE #(s):	CVE-2007-6353
Created:	December 21, 2007	Updated:	October 15, 2008
Description:	Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
Alerts:	Ubuntu USN-655-1 exiv2 2008-10-15 Mandriva MDVSA-2008:119 exiv2 2007-06-19 Debian DSA-1474-1 exiv2 2008-01-23 Mandriva MDVSA-2008:006 exiv2 2007-01-10 SuSE SUSE-SR:2008:001 libexiv2 dvips libsndfile squid rsync clamav xen 2008-01-09 Gentoo 200712-16 exiv2 2007-12-29 Fedora FEDORA-2007-4591 exiv2 2007-12-20 Fedora FEDORA-2007-4551 exiv2 2007-12-20

Comments (none posted)

gallery2: multiple vulnerabilities

Package(s):	gallery2	CVE #(s):	CVE-2007-6685 CVE-2007-6686 CVE-2007-6687 CVE-2007-6688 CVE-2007-6689 CVE-2007-6690 CVE-2007-6691 CVE-2007-6692 CVE-2007-6693
Created:	December 27, 2007	Updated:	February 12, 2008
Description:	Versions of the Gallery photo management application before 2.2.4 have the following vulnerabilities: (1) an unauthorized album creation and file upload, (2) a local file inclusion vulnerability, (3) several cross site scripting vulnerabilities, (4) a web-accessibility protection problem, (5) problems with checks for disallowed file extensions with file uploads, (6) missing permissions checks on GR commands, (7) several information disclosures, (8) an arbitrary URL redirection problem and (9) a proxied request weakness.
Alerts:	Gentoo 200802-04 gallery 2008-02-11 Fedora FEDORA-2007-4778 gallery2 2007-12-26 Fedora FEDORA-2007-4777 gallery2 2007-12-26

Comments (none posted)

Ganglia: cross-site scripting

Package(s):	ganglia	CVE #(s):
Created:	December 21, 2007	Updated:	January 2, 2008
Description:	Ganglia is a scalable, real-time monitoring and execution environment with all execution requests and statistics expressed in an open well-defined XML format. The Ganglia web frontend is vulnerable to cross-site scripting.
Alerts:	Fedora FEDORA-2007-4584 ganglia 2007-12-20 Fedora FEDORA-2007-4562 ganglia 2007-12-20

Comments (none posted)

imlib: denial of service

Package(s):	imlib	CVE #(s):	CVE-2007-3568
Created:	December 28, 2007	Updated:	January 2, 2008
Description:	The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0.
Alerts:	Fedora FEDORA-2007-4561 imlib 2007-12-28 Fedora FEDORA-2007-4594 imlib 2007-12-28

Comments (none posted)

kernel: information leak, denial of service

Package(s):	linux-2.6	CVE #(s):	CVE-2007-6206 CVE-2007-6417
Created:	December 21, 2007	Updated:	September 1, 2010
Description:	Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. (CVE-2007-6206) Hugh Dickins discovered an issue in the tmpfs filesystem where, under a rare circumstance, a kernel page maybe improperly cleared, leaking sensitive kernel memory to userspace or resulting in a DoS (crash). (CVE-2007-6417)
Alerts:	SUSE SUSE-SA:2010:036 kernel 2010-09-01 Red Hat RHSA-2008:0787-01 kernel 2009-01-05 Red Hat RHSA-2009:0001-01 kernel 2009-01-08 CentOS CESA-2008:0885 kernel 2008-09-25 Red Hat RHSA-2008:0885-01 kernel 2008-09-24 SuSE SUSE-SA:2008:032 kernel 2008-07-07 SuSE SUSE-SA:2008:030 kernel 2008-06-20 Mandriva MDVSA-2008:112 kernel 2007-06-12 CentOS CESA-2008:0211 kernel 2008-05-07 Red Hat RHSA-2008:0211-01 kernel 2008-05-07 Mandriva MDVSA-2008:086 kernel 2008-04-15 Debian DSA-1503-2 kernel-source-2.4.27 2008-03-06 Debian DSA-1504 kernel-source-2.6.8 2008-02-22 Debian DSA-1503 kernel-source-2.4.27 2008-02-22 Ubuntu USN-578-1 linux-source-2.6.15 2008-02-14 SuSE SUSE-SA:2008:007 kernel 2008-02-12 Mandriva MDVSA-2008:044 kernel 2008-02-12 rPath rPSA-2008-0048-1 kernel 2008-02-08 SuSE SUSE-SA:2008:006 kernel 2008-02-07 Ubuntu USN-574-1 linux-source-2.6.17/20/22 2008-02-04 Red Hat RHSA-2008:0055-01 kernel 2008-01-31 Red Hat RHSA-2008:0089-01 kernel 2008-01-23 Debian DSA-1436-1 linux-2.6 2007-12-20

Comments (none posted)

mt-daapd: multiple vulnerabilities

Package(s):	mt-daapd	CVE #(s):	CVE-2007-5825 CVE-2007-5824
Created:	December 31, 2007	Updated:	September 1, 2008
Description:	From the Gentoo advisory: nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The ws_addarg() function contains a format string vulnerability, as it does not properly sanitize username and password data from the "Authorization: Basic" HTTP header line (CVE-2007-5825). The ws_decodepassword() and ws_getheaders() functions do not correctly handle empty Authorization header lines, or header lines without a ':' character, leading to NULL pointer dereferences (CVE-2007-5824).
Alerts:	Debian DSA-1597-2 mt-daapd 2008-08-30 Debian DSA-1597-1 mt-daapd 2008-06-12 Gentoo 200712-18 mt-daapd 2007-12-29

Comments (none posted)

mysql: denial of service

Package(s):	mysql-dfsg-5.0	CVE #(s):	CVE-2007-6304
Created:	December 21, 2007	Updated:	April 7, 2008
Description:	Philip Stoev discovered that the the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service.
Alerts:	Gentoo 200804-04 mysql 2008-04-06 SuSE SUSE-SR:2008:003 java, nss_ldap, cairo, geronimo, moodle, SDL_image, python, mysql, nx, xemacs 2008-02-07 Mandriva MDVSA-2008:028 mysql 2007-01-29 Mandriva MDVSA-2008:017 mysql 2008-01-19 Debian DSA-1451-1 mysql-dfsg-5.0 2008-01-06 Ubuntu USN-559-1 mysql-dfsg-5.0 2007-12-21

Comments (none posted)

peercast: buffer overflow

Package(s):	peercast	CVE #(s):	CVE-2007-6454
Created:	December 28, 2007	Updated:	May 21, 2008
Description:	A heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
Alerts:	Debian DSA-1583-1 gnome-peercast 2008-05-20 Gentoo 200801-22:02 peercast 2008-01-30 Debian DSA-1441-1 peercast 2007-12-28

Comments (none posted)

syslog-ng: denial of service

Package(s):	syslog-ng	CVE #(s):	CVE-2007-6437
Created:	December 31, 2007	Updated:	January 21, 2008
Description:	The syslog-ng daemon does not properly handle messages containing an unterminated time stamp, resulting in the dereferencing of a NULL pointer and subsequent crash.
Alerts:	Fedora FEDORA-2008-0523 syslog-ng 2008-01-16 Fedora FEDORA-2008-0559 syslog-ng 2008-01-16 Debian DSA-1464-1 syslog-ng 2008-01-15 Gentoo 200712-19 syslog-ng 2007-12-29

Comments (1 posted)

typo3-src: SQL injection

Package(s):	typo3-src	CVE #(s):	CVE-2007-6381
Created:	December 28, 2007	Updated:	January 2, 2008
Description:	SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Alerts:	Debian DSA-1439-1 typo3-src 2007-12-28

Comments (none posted)

wireshark: multiple vulnerabilities

Package(s):	wireshark	CVE #(s):	CVE-2007-6111 CVE-2007-6112 CVE-2007-6113 CVE-2007-6115 CVE-2007-6116 CVE-2007-6119
Created:	December 21, 2007	Updated:	January 2, 2008
Description:	Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector. (CVE-2007-6111) Buffer overflow in the PPP dissector Wireshark 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. (CVE-2007-6112) Wireshark 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP packet. (CVE-2007-6113) Buffer overflow in the ANSI MAP dissector for Wireshark 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. (CVE-2007-6115) The Firebird/Interbase dissector in Wireshark 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors. (CVE-2007-6116) The DCP ETSI dissector in Wireshark 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. (CVE-2007-6119)
Alerts:	Fedora FEDORA-2007-4690 wireshark 2007-12-21 Fedora FEDORA-2007-4590 wireshark 2007-12-20

Comments (none posted)

wireshark: lots of dissector vulnerabilities

Package(s):	wireshark	CVE #(s):	CVE-2007-6111 CVE-2007-6112 CVE-2007-6113 CVE-2007-6114 CVE-2007-6115 CVE-2007-6116 CVE-2007-6117 CVE-2007-6118 CVE-2007-6119 CVE-2007-6120 CVE-2007-6121 CVE-2007-6438 CVE-2007-6439 CVE-2007-6441 CVE-2007-6450 CVE-2007-6451
Created:	December 31, 2007	Updated:	February 22, 2008
Description:	Wireshark has disclosed another long list of dissector vulnerabilities; see this advisory for details.
Alerts:	SuSE SUSE-SR:2008:004 xdg-utils, clamav, wireshark, pcre 2008-02-22 Red Hat RHSA-2008:0058-01 wireshark 2008-01-21 Red Hat RHSA-2008:0059-01 wireshark 2008-01-21 Mandriva MDVSA-2008:001-1 wireshark 2007-01-08 rPath rPSA-2008-0004-1 tshark wireshark 2008-01-03 Debian DSA-1446-1 wireshark 2008-01-03 Mandriva MDVSA-2008:1 wireshark 2007-01-02 Gentoo 200712-23 wireshark 2007-12-30

Comments (1 posted)

Kernel release status

The current 2.6 prepatch is 2.6.24-rc6, released by Linus on December 20. "The regression list keeps shrinking, so we're still on track for a full 2.6.24 release in early January. Assuming we don't all overeat during the holidays and nobody gets any work done. But we all know that the holidays are really the time when we get away from the boring 'real work', and can spend 24/7 on kernel hacking instead, right?" The long-form changelog has the details.

The current -mm tree is 2.6.24-rc6-mm1. Recent changes to -mm (beyond failing to work on i386 systems) include a bunch of low-level driver model changes, some tmpfs reworking, some ext4 updates, and the beginning of the removal of the fastcall function attribute.

For older kernels: 2.4.36 was released on January 1 with a number of fixes.

For crazy people: 0.01 was released by Abdel Benamrouche on January 1.

Comments (1 posted)

Quote of the week

-- David Miller

Comments (4 posted)

Some snags for SLUB

The SLUB allocator is a new implementation of the kernel's low-level page allocator; it is a replacement for the long-lived slab allocator. SLUB was merged for 2.6.22 and made the default allocator for 2.6.23. The long-term plan has always been for SLUB to eventually displace the older slab allocator entirely. That may yet happen, but SLUB has run into a couple of difficulties on its way toward being the one true kernel memory allocator.

The first problem had to do with performance regressions in a few specific situations. It turns out that the hackbench benchmark, which measures scheduler performance, runs slower when the SLUB allocator is being used. In fact, SLUB can cut performance for that benchmark in half, which is enough to raise plenty of eyebrows. This result was widely reproduced; there were also reports of regressions with the proprietary TPC-C benchmark which were not easily reproduced. In both cases, SLUB developer Christoph Lameter was seen as being overly slow in getting a fix out; after all, it is normal to get immediate turnaround on benchmark regressions over the end-of-year holiday period.

When Christoph got back to this problem, he posted a lengthy analysis which asserted that the real scope of the problem was quite small. He concluded: "given all the boundaries for the contention I would think that it is not worth addressing." This was not the answer Linus was looking for:

About this time, the solution to this problem came along in response to a note from Pekka Enberg pointing out that, according to the profiles, an internal SLUB function called add_partial() was accounting for much of the time used. The SLUB allocator works by dividing pages into objects of the same size, with no metadata of its own within those pages. When all objects from a page have been allocated, SLUB forgets about the page altogether. But when one of those objects is freed, SLUB must note the page as a "partial" page and add it to its queue of available memory. This addition of partial pages, it seems, was happening far more often than it should.

The hackbench tool works by passing data quickly between CPUs and measuring how the scheduler responds. In the process, it forces a lot of quick allocation and free operations and that, in turn, was causing the creation of a lot of partial pages. The specific problem was that, when a partial page was created, it was added to the head of the list, meaning that the next allocation operation would allocate the single object available on that page and cause the partial page to become full again. So SLUB would forget about it. When the next free happened, the cycle would happen all over again.

[PULL QUOTE: Once Christoph figured this out, the fix was a simple one-liner: partial pages should be added to the tail of the list instead of the head. END QUOTE] Once Christoph figured this out, the fix was a simple one-liner: partial pages should be added to the tail of the list instead of the head. That would give the page time to accumulate more free objects before it was once again the source for allocations and minimize the number of additions and removals of partial pages. The results came back quickly: the hackbench regression was fixed. There have been no TPC-C results posted (the license for this benchmark suite is not friendly toward the posting of results), but it is expected that the TPC-C regression should be fixed as well.

Meanwhile, another, somewhat belated complaint about SLUB made the rounds: there is no equivalent to /proc/slabinfo for the SLUB allocator. The slabinfo file can be a highly effective tool for figuring out where kernel-allocated memory is going; it is a quick and effective view of current allocation patterns. The associated slabtop tool makes the information even more accessible. The failure of slabtop to work when SLUB is used has been an irritant for some developers for a while; it seems likely that more people will complain when SLUB finds its way into the stock distributor kernels. Linux users are generally asking for more information about how the kernel is working; removing a useful source of that information is unlikely to make them happy.

Some developers went as far as to say that the slabinfo file is part of the user-space ABI and, thus, must be preserved indefinitely. It is hard to say how such an interface could truly be cast in stone, though; it is a fairly direct view into kernel internals which will change quickly over time. So the ABI argument probably will not get too far, but the need for the ability to query kernel memory allocation patterns remains.

There are two solutions to this problem in the works. The first is Pekka Enberg's slabinfo replacement patch for SLUB, which provides enough information to make slabtop work. But the real source for this information in the future will be the rather impressive set of files found in /sys/slab. Digging through that directory by hand is not really recommended, especially given that there's a better way: the slabinfo.c file found in the kernel source (under Documentation/vm) can be compiled into a tool which provides concise and useful information about current slab usage. Eventually distributors will start shipping this tool (it should probably find a home in the util-linux collection); for now, building it from the kernel source is the way to go.

The final remaining problem here has taken a familiar form: the dreaded message from Al Viro on how the lifecycle rules for the files in /sys/slab are all wrong. It turns out that even a developer like Christoph, who can hack core memory management code and make 4096-processor systems hum, has a hard time with sysfs. As does just about everybody else who works with that code. There are patches around to rationalize sysfs; maybe they will help to avoid problems in the future. SLUB will need a quicker fix, but, if that's the final remaining problem for this code, it would seem that One True Allocator status is almost within reach.

Comments (2 posted)

Rationalizing scatter/gather chains

The chained scatterlist API was arguably the most disruptive addition to 2.6.24, despite being a relatively small amount of code. This API allows kernel code to chain together scatter/gather lists for DMA I/O operations, resulting in a much larger maximum size for those operations. That, in turn, leads to better performance, especially in the block I/O subsystem. The idea of scatterlist chaining is generally popular, but there have been some complaints about the current implementation. As things stand, any code wanting to work with chained scatterlists must construct the chains itself - an error-prone operation. So there is interest in making things better.

One approach to improving the situation is the sg_ring API, proposed by Rusty Russell. This patch does away with the current chaining approach; there are no more scatterlist entries which are actually chain pointers in disguise. Instead, Rusty introduces struct sg_ring:

    struct sg_ring
    {
	struct list_head list;
	unsigned int num, max;
	struct scatterlist sg[0];
    };

The obvious change here is that the chaining has been moved out of the scatterlist itself and made into an explicit linked list. There are also variables tracking the current and maximum sizes of the list, which help reduce explicit housekeeping elsewhere. Some versions of the patch also add an integer dma_num field to hold the number of mapped scatter/gather entries, which can differ from the number initially set up by the driver.

An sg_ring with a given number of scatterlist entries can be declared with this macro:

    DECLARE_SG_RING(name, max);

A ring should then be initialized with one of:

    void sg_ring_init(struct sg_ring *ring, unsigned int max);
    void sg_ring_single(struct sg_ring *ring, const void *buf,
                        unsigned int buflen);

The latter form is a shortcut for cases where a single-entry ring needs to be set up with a given buffer.

Constructing a multi-entry ring is a matter of allocating as many separate sg_ring entries as needed and explicitly chaining them together using the list field. There is a helper macro for stepping through all of the entries in a ring while hiding the boundaries between the individual scatterlists:

    struct sg_ring *sg;
    int i;

    sg_ring_for_each(ring, sg, i) {
	/* *sg is the scatterlist entry to operate on */
    }

Rusty has posted patches converting parts of the SCSI subsystem over to this API. As he points out, the conversion removes a fair amount of logic associated with the construction and destruction of large scatterlists.

Jens Axboe, the creator of the chained scatterlist code, has responded that the current API was aimed at minimizing the effect on drivers for 2.6.24. It is not, he says, a finished product, and things are getting better. A look at his git repository shows some API additions with a very similar goal to Rusty's work.

Jens's work retains the current chaining mechanism, but wraps a structure and some helpers around it to make it easier to work with. So, in this view of the world, drivers will work with struct sg_table:

    struct sg_table {
	struct scatterlist *sgl;        /* the list */
       	unsigned int nents;             /* number of mapped entries */
       	unsigned int orig_nents;        /* original size of list */
    };

An sg_table will be set up with:

    int sg_alloc_table(struct sg_table *table, unsigned int nents,
                       gfp_t gfp_flags);

This function does not allocate the sg_table structure, which must be passed in as a parameter. It does, however, allocate the memory to use for the actual scatterlist arrays and deal with the process of chaining them all together. So a driver needing to construct a large scatter/gather operation can now just do a single sg_alloc_table() call, then iterate through the list of scatterlist entries in the usual way. When the operation is complete, a call to

    void sg_free_table(struct sg_table *table);

will free the allocated memory.

Sometime around the opening of the 2.6.25, a decision will have to be made on the direction of the chained scatterlist API. It may not be one of the most closely-watched kernel development events ever, but this decision will affect how high-performance I/O code is written in the future. As the author of the current chaining code, Jens probably starts with an advantage when it comes to getting his code merged. The nature of kernel development is such that nobody can ever be entirely sure, though; if a consensus builds that Rusty's approach is better, that is the way things will probably go. Stay tuned through the next merge window for the thrilling conclusion to this ongoing story.

Comments (none posted)

What is RCU? Part 2: Usage

Introduction

Read-copy update (RCU) is a synchronization mechanism that was added to the Linux kernel in October of 2002. RCU is most frequently described as a replacement for reader-writer locking, but it has also been used in a number of other ways. RCU is notable in that RCU readers do not directly synchronize with RCU updaters, which makes RCU read paths extremely fast, and also permits RCU readers to accomplish useful work even when running concurrently with RCU updaters.

This leads to the question "what exactly is RCU?", a question that this document addresses from the viewpoint of someone using it. Because RCU is most frequently used to replace some existing mechanism, we look at it primarily in terms of its relationship to such mechanisms, as follows:

1. RCU is a Reader-Writer Lock Replacement
2. RCU is a Restricted Reference-Counting Mechanism
3. RCU is a Bulk Reference-Counting Mechanism
4. RCU is a Poor Man's Garbage Collector
5. RCU is a Way of Providing Existence Guarantees
6. RCU is a Way of Waiting for Things to Finish

These sections are followed by conclusions and answers to the Quick Quizzes.

RCU is a Reader-Writer Lock Replacement

Perhaps the most common use of RCU within the Linux kernel is as a replacement for reader-writer locking in read-intensive situations. Nevertheless, this use of RCU was not immediately apparent to me at the outset, in fact, I chose to implement something similar to brlock before implementing a general-purpose RCU implementation back in the early 1990s. Each and every one of the uses I envisioned for the proto-brlock primitive was instead implemented using RCU. In fact, it was more than three years before the proto-brlock primitive saw its first use. Boy, did I feel foolish!

The key similarity between RCU and reader-writer locking is that both have read-side critical sections that can execute in parallel. In fact, in some cases, it is possible to mechanically substitute RCU API members for the corresponding reader-writer lock API members. But first, why bother?

Advantages of RCU include performance, deadlock immunity, and realtime latency. There are, of course, limitations to RCU, including the fact that readers and updaters run concurrently, that low-priority RCU readers can block high-priority threads waiting for a grace period to elapse, and that grace-period latencies can extend for many milliseconds. These advantages and limitations are discussed in the following sections.

Performance

The read-side performance advantages of RCU over reader-writer lock are shown on the following graph for a 16-CPU 3GHz Intel x86 system.

Note that reader-writer locking is orders of magnitude slower than RCU on a single CPU, and is almost two additional orders of magnitude slower on 16 CPUs. In contrast, RCU scales quite well. In both cases, the error bars span a single standard deviation in either direction.

A more moderate view may be obtained from a CONFIG_PREEMPT kernel, though RCU still beats reader-writer locking by between one and three orders of magnitude. Note the high variability of reader-writer locking at larger numbers of CPUs. The error bars span a single standard deviation in either direction.

Of course, the low performance of reader-writer locking will become less significant as the overhead of the critical section increases, as shown in the following graph for a 16-CPU system.

However, this observation must be tempered by the fact that a number of system calls (and thus any RCU read-side critical sections that they contain) can complete within a few microseconds. In addition, as is discussed in the next section, RCU read-side primitives are almost entirely deadlock-immune.

Deadlock Immunity

Although RCU offers significant performance advantages for read-mostly workloads, one of the primary reasons for creating RCU in the first place was in fact its immunity to read-side deadlocks. This immunity stems from the fact that RCU read-side primitives do not block, spin, or even do backwards branches, so that their execution time is deterministic. It is therefore impossible for them to participate in a deadlock cycle.

An interesting consequence of RCU's read-side deadlock immunity is that it is possible to unconditionally upgrade an RCU reader to an RCU updater. Attempting to do such an upgrade with reader-writer locking results in deadlock. A sample code fragment that does an RCU read-to-update upgrade follows:

  1 rcu_read_lock();
  2 list_for_each_entry_rcu(p, head, list_field) {
  3   do_something_with(p);
  4   if (need_update(p)) {
  5     spin_lock(&my_lock);
  6     do_update(p);
  7     spin_unlock(&my_lock);
  8   }
  9 }
 10 rcu_read_unlock();

Note that do_update() is executed under the protection of the lock and under RCU read-side protection.

Another interesting consequence of RCU's deadlock immunity is its immunity to a large class of priority inversion problems. For example, low-priority RCU readers cannot prevent a high-priority RCU updater from acquiring the update-side lock. Similarly, a low-priority RCU updater cannot prevent high-priority RCU readers from entering an RCU read-side critical section.

Realtime Latency

Because RCU read-side primitives neither spin nor block, they offer excellent realtime latencies. In addition, as noted earlier, this means that they are immune to priority inversion involving the RCU read-side primitives and locks.

However, RCU is susceptible to more subtle priority-inversion scenarios, for example, a high-priority process blocked waiting for an RCU grace period to elapse can be blocked by low-priority RCU readers in -rt kernels. This can be solved by using RCU priority boosting.

RCU Readers and Updaters Run Concurrently

Because RCU readers never spin nor block, and because updaters are not subject to any sort of rollback or abort semantics, RCU readers and updaters must necessarily run concurrently. This means that RCU readers might access stale data, and might even see inconsistencies, either of which can render conversion from reader-writer locking to RCU non-trivial.

However, in a surprisingly large number of situations, inconsistencies and stale data are not problems. The classic example is the networking routing table. Because routing updates can take considerable time to reach a given system (seconds or even minutes), the system will have been sending packets the wrong way for quite some time when the update arrives. It is usually not a problem to continue sending updates the wrong way for a few additional milliseconds. Furthermore, because RCU updaters can make changes without waiting for RCU readers to finish, the RCU readers might well see the change more quickly than would batch-fair reader-writer-locking readers, as shown in the following figure.

Once the update is received, the rwlock writer cannot proceed until the last reader completes, and subsequent readers cannot proceed until the writer completes. However, these subsequent readers are guaranteed to see the new value, as indicated by the green background. In contrast, RCU readers and updaters do not block each other, which permits the RCU readers to see the updated values sooner. Of course, because their execution overlaps that of the RCU updater, all of the RCU readers might well see updated values, including the three readers that started before the update. Nevertheless only the RCU readers with green backgrounds are guaranteed to see the updated values, again, as indicated by the green background.

Reader-writer locking and RCU simply provide different guarantees. With reader-writer locking, any reader that begins after the writer starts executing is guaranteed to see new values, and readers that attempt to start while the writer is spinning might or might not see new values, depending on the reader/writer preference of the rwlock implementation in question. In contrast, with RCU, any reader that begins after the updater completes is guaranteed to see new values, and readers that end after the updater begins might or might not see new values, depending on timing.

The key point here is that, although reader-writer locking does indeed guarantee consistency within the confines of the computer system, there are situations where this consistency comes at the price of increased inconsistency with the outside world. In other words, reader-writer locking obtains internal consistency at the price of silently stale data with respect to the outside world.

Nevertheless, there are situations where inconsistency and stale data within the confines of the system cannot be tolerated. Fortunately, there are a number of approaches that avoid inconsistency and stale data, as discussed in the FREENIX paper on applying RCU to System V IPC [PDF] and in my dissertation [PDF]. However, an in-depth discussion of these approaches is beyond the scope of this article.

Low-Priority RCU Readers Can Block High-Priority Reclaimers

In Realtime RCU, SRCU, or QRCU, each of which is described in the final installment of this series, a preempted reader will prevent a grace period from completing, even if a high-priority task is blocked waiting for that grace period to complete. Realtime RCU can avoid this problem by substituting call_rcu() for synchronize_rcu() or by using RCU priority boosting, which is still in experimental status as of late 2007. It might become necessary to augment SRCU and QRCU with priority boosting, but not before a clear real-world need is demonstrated.

RCU Grace Periods Extend for Many Milliseconds

With the exception of QRCU, RCU grace periods extend for multiple milliseconds. Although there are a number of techniques to render such long delays harmless, including use of the asynchronous interfaces where available (call_rcu() and call_rcu_bh()), this situation is a major reason for the rule of thumb that RCU be used in read-mostly situations.

Comparison of Reader-Writer Locking and RCU Code

In the best case, the conversion from reader-writer locking to RCU is quite simple, as shown in the following example taken from Wikipedia.

 1 struct el {                          1 struct el {
 2   struct list_head list;             2   struct list_head list;
 3   long key;                          3   long key;
 4   spinlock_t mutex;                  4   spinlock_t mutex;
 5   int data;                          5   int data;
 6   /* Other data fields */            6   /* Other data fields */
 7 };                                   7 };
 8 rwlock_t listmutex;                  8 spinlock_t listmutex;
 9 struct el head;                      9 struct el head;

 1 int search(long key, int *result)    1 int search(long key, int *result)
 2 {                                    2 {
 3   struct list_head *lp;              3   struct list_head *lp;
 4   struct el *p;                      4   struct el *p;
 5                                      5
 6   read_lock(&listmutex);             6   rcu_read_lock();
 7   list_for_each_entry(p, head, lp) { 7   list_for_each_entry_rcu(p, head, lp) {
 8     if (p->key == key) {             8     if (p->key == key) {
 9       *result = p->data;             9       *result = p->data;
10       read_unlock(&listmutex);      10       rcu_read_unlock();
11       return 1;                     11       return 1;
12     }                               12     }
13   }                                 13   }
14   read_unlock(&listmutex);          14   rcu_read_unlock();
15   return 0;                         15   return 0;
16 }                                   16 }

 1 int delete(long key)                 1 int delete(long key)
 2 {                                    2 {
 3   struct el *p;                      3   struct el *p;
 4                                      4
 5   write_lock(&listmutex);            5   spin_lock(&listmutex);
 6   list_for_each_entry(p, head, lp) { 6   list_for_each_entry(p, head, lp) {
 7     if (p->key == key) {             7     if (p->key == key) {
 8       list_del(&p->list);            8       list_del_rcu(&p->list);
 9       write_unlock(&listmutex);      9       spin_unlock(&listmutex);
                                       10       synchronize_rcu();
10       kfree(p);                     11       kfree(p);
11       return 1;                     12       return 1;
12     }                               13     }
13   }                                 14   }
14   write_unlock(&listmutex);         15   spin_unlock(&listmutex);
15   return 0;                         16   return 0;
16 }                                   17 }

More-elaborate cases of replacing reader-writer locking with RCU are beyond the scope of this document.

RCU is a Restricted Reference-Counting Mechanism

Because grace periods are not allowed to complete while there is an RCU read-side critical section in progress, the RCU read-side primitives may be used as a restricted reference-counting mechanism. For example, consider the following code fragment:

  1 rcu_read_lock();  /* acquire reference. */
  2 p = rcu_dereference(head);
  3 /* do something with p. */
  4 rcu_read_unlock();  /* release reference. */

The rcu_read_lock() primitive can be thought of as acquiring a reference to p, because a grace period starting after the rcu_dereference() assigns to p cannot possibly end until after we reach the matching rcu_read_unlock(). This reference-counting scheme is restricted in that we are not allowed to block in RCU read-side critical sections, nor are we permitted to hand off an RCU read-side critical section from one task to another.

Regardless of these restrictions, the following code can safely delete p:

  1 spin_lock(&mylock);
  2 p = head;
  3 head = NULL;
  4 spin_unlock(&mylock);
  5 synchronize_rcu();  /* Wait for all references to be released. */
  6 kfree(p);

The assignment to head prevents any future references to p from being acquired, and the synchronize_rcu() waits for any references that had previously been acquired to be released.

Of course, RCU can also be combined with traditional reference counting, as has been discussed on LKML and as summarized in an Overview of Linux-Kernel Reference Counting [PDF].

But why bother? Again, part of the answer is performance, as shown in the following graph, again showing data taken on a 16-CPU 3GHz Intel x86 system.

And, as with reader-writer locking, the performance advantages of RCU are most pronounced for short-duration critical sections, as shown in the following graph for a 16-CPU system. In addition, as with reader-writer locking, many system calls (and thus any RCU read-side critical sections that they contain) complete in a few microseconds.

However, the restrictions that go with RCU can be quite onerous. For example, in many cases, the prohibition against sleeping while in an RCU read-side critical section would defeat the entire purpose. The next section looks at ways of addressing this problem, while also reducing the complexity of traditional reference counting, in some cases.

RCU is a Bulk Reference-Counting Mechanism

As noted in the preceding section, traditional reference counters are usually associated with a specific data structure, or perhaps a specific group of data structures. However, maintaining a single global reference counter for a large variety of data structures typically results in bouncing the cache line containing the reference count. Such cache-line bouncing can severely degrade performance.

In contrast, RCU's light-weight read-side primitives permit extremely frequent read-side usage with negligible performance degradation, permitting RCU to be used as a "bulk reference-counting" mechanism with little or no performance penalty. Situations where a reference must be held by a single task across a section of code that blocks may be accommodated with Sleepable RCU (SRCU). This fails to cover the not-uncommon situation where a reference is "passed" from one task to another, for example, when a reference is acquired when starting an I/O and released in the corresponding completion interrupt handler. (In principle, this could be handled by the SRCU implementation, but in practice, it is not yet clear whether this is a good tradeoff.)

Of course, SRCU brings a restriction of its own, namely that the return value from srcu_read_lock() be passed into the corresponding srcu_read_unlock(). The jury is still out as to how much of a problem is presented by this restriction, and as to how it can best be handled.

RCU is a Poor Man's Garbage Collector

A not-uncommon exclamation made by people first learning about RCU is "RCU is sort of like a garbage collector!". This exclamation has a large grain of truth, but it can also be misleading.

Perhaps the best way to think of the relationship between RCU and automatic garbage collectors (GCs) is that RCU resembles a GC in that the timing of collection is automatically determined, but that RCU differs from a GC in that: (1) the programmer must manually indicate when a given data structure is eligible to be collected, and (2) the programmer must manually mark the RCU read-side critical sections where references might legitimately be held.

Despite these differences, the resemblance does go quite deep, and has appeared in at least one theoretical analysis of RCU. Furthermore, the first RCU-like mechanism I am aware of used a garbage collector to handle the grace periods. Nevertheless, a better way of thinking of RCU is described in the following section.

RCU is a Way of Providing Existence Guarantees

Gamsa et al. [PDF] discuss existence guarantees and describe how a mechanism resembling RCU can be used to provide these existence guarantees (see section 5 on page 7). The effect is that if any RCU-protected data element is accessed within an RCU read-side critical section, that data element is guaranteed to remain in existence for the duration of that RCU read-side critical section.

Alert readers will recognize this as only a slight variation on the original "RCU is a way of waiting for things to finish" theme, which is addressed in the following section.

RCU is a Way of Waiting for Things to Finish

As noted in the first article in this series, an important component of RCU is a way of waiting for RCU readers to finish. One of RCU's great strengths is that it allows you to wait for each of thousands of different things to finish without having to explicitly track each and every one of them, and without having to worry about the performance degradation, scalability limitations, complex deadlock scenarios, and memory-leak hazards that are inherent in schemes that use explicit tracking.

In this section, we will show how synchronize_sched()'s read-side counterparts (which include anything that disables preemption, along with hardware operations and primitives that disable irq) permit you to implement interactions with non-maskable interrupt (NMI) handlers that would be quite difficult if using locking. I called this approach "Pure RCU" in my dissertation [PDF], and it is used in a number of places in the Linux kernel.

The basic form of such "Pure RCU" designs is as follows:

1. Make a change, for example, to the way that the OS reacts to an NMI.

2. Wait for all pre-existing read-side critical sections to completely finish (for example, by using the synchronize_sched() primitive). The key observation here is that subsequent RCU read-side critical sections are guaranteed to see whatever change was made.

3. Clean up, for example, return status indicating that the change was successfully made.

The remainder of this section presents example code adapted from the Linux kernel. In this example, the nmi_stop function uses synchronize_sched() to ensure that all in-flight NMI notifications have completed before freeing the associated resources. A simplified version of this code follows:

  1 struct profile_buffer {
  2   long size;
  3   atomic_t entry[0];
  4 };
  5 static struct profile_buffer *buf = NULL;
  6 
  7 void nmi_profile(unsigned long pcvalue)
  8 {
  9   atomic_t *p = rcu_dereference(buf);
 10 
 11   if (p == NULL)
 12     return;
 13   if (pcvalue >= p->size)
 14     return;
 15   atomic_inc(&p->entry[pcvalue]);
 16 }
 17 
 18 void nmi_stop(void)
 19 {
 20   atomic_t *p = buf;
 21 
 22   if (p == NULL)
 23     return;
 24   rcu_assign_pointer(buf, NULL);
 25   synchronize_sched();
 26   kfree(p);
 27 }

Lines 1-4 define a profile_buffer structure, containing a size and an indefinite array of entries. Line 5 defines a pointer to a profile buffer, which is presumably initialized elsewhere to point to a dynamically allocated region of memory.

Lines 7-16 define the nmi_profile() function, which is called from within an NMI handler. As such, it cannot be preempted, nor can it be interrupted by a normal irq handler, however, it is still subject to delays due to cache misses, ECC errors, and cycle stealing by other hardware threads within the same core. Line 9 gets a local pointer to the profile buffer using the rcu_dereference() primitive to ensure memory ordering on DEC Alpha, and lines 11 and 12 exit from this function if there is no profile buffer currently allocated, while lines 13 and 14 exit from this function if the pcvalue argument is out of range. Otherwise, line 15 increments the profile-buffer entry indexed by the pcvalue argument. Note that storing the size with the buffer guarantees that the range check matches the buffer, even if a large buffer is suddenly replaced by a smaller one.

Lines 18-27 define the nmi_stop() function, where the caller is responsible for mutual exclusion (for example, holding the correct lock). Line 20 fetches a pointer to the profile buffer, and lines 22 and 23 exit the function if there is no buffer. Otherwise, line 24 NULLs out the profile-buffer pointer (using the rcu_assign_pointer() primitive to maintain memory ordering on weakly ordered machines), and line 25 waits for an RCU Sched grace period to elapse, in particular, waiting for all non-preemptible regions of code, including NMI handlers, to complete. Once execution continues at line 26, we are guaranteed that any instance of nmi_profile() that obtained a pointer to the old buffer has returned. It is therefore safe to free the buffer, in this case using the kfree() primitive.

In short, RCU makes it easy to dynamically switch among profile buffers (you just try doing this efficiently with atomic operations, or at all with locking!). However, RCU is normally used at a higher level of abstraction, as was shown in the previous sections.

Conclusions

At its core, RCU is nothing more nor less than an API that provides:

1. a publish-subscribe mechanism for adding new data,

2. a way of waiting for pre-existing RCU readers to finish, and

3. a discipline of maintaining multiple versions to permit change without harming or unduly delaying concurrent RCU readers.

That said, it is possible to build higher-level constructs on top of RCU, including the reader-writer-locking, reference-counting, and existence-guarantee constructs listed in the earlier sections. Furthermore, I have no doubt that the Linux community will continue to find interesting new uses for RCU, as well as for any of a number of other synchronization primitives.

Acknowledgements

We are all indebted to Andy Whitcroft, Jon Walpole, and Gautham Shenoy, whose review of an early draft of this document greatly improved it. I owe thanks to the members of the Relativistic Programming project and to members of PNW TEC for many valuable discussions. I am grateful to Dan Frye for his support of this effort.

This work represents the view of the author and does not necessarily represent the view of IBM.

Linux is a registered trademark of Linus Torvalds.

Other company, product, and service names may be trademarks or service marks of others.

Answers to Quick Quizzes

Quick Quiz 1: WTF??? How the heck do you expect me to believe that RCU has a 100-femtosecond overhead when the clock period at 3GHz is more than 300 picoseconds?

Answer: First, consider that the inner loop used to take this measurement is as follows:

  1 for (i = 0; i < CSCOUNT_SCALE; i++) {
  2   rcu_read_lock();
  3   rcu_read_unlock();
  4 }

Next, consider the effective definitions of rcu_read_lock() and rcu_read_unlock():

  1 #define rcu_read_lock()   do { } while (0)
  2 #define rcu_read_unlock() do { } while (0)

Consider also that the compiler does simple optimizations, allowing it to replace the loop with:

i = CSCOUNT_SCALE;

So the "measurement" of 100 femtoseconds is simply the fixed overhead of the timing measurements divided by the number of passes through the inner loop containing the calls to rcu_read_lock() and rcu_read_unlock(). And therefore, this measurement really is in error, in fact, in error by an arbitrary number of orders of magnitude. As you can see by the definition of rcu_read_lock() and rcu_read_unlock() above, the actual overhead is precisely zero.

It certainly is not every day that a timing measurement of 100 femtoseconds turns out to be an overestimate!

Back to Quick Quiz 1.

Quick Quiz 2: Why does both the variability and overhead of rwlock decrease as the critical-section overhead increases?

Answer: Because the contention on the underlying rwlock_t decreases as the critical-section overhead increases. However, the rwlock overhead will not quite drop to that on a single CPU because of cache-thrashing overhead.

Back to Quick Quiz 2.

Quick Quiz 3: Is there an exception to this deadlock immunity, and if so, what sequence of events could lead to deadlock?

Answer: One way to cause a deadlock cycle involving RCU read-side primitives is via the following (illegal) sequence of statements:

idx = srcu_read_lock(&srcucb);
synchronize_srcu(&srcucb);
srcu_read_unlock(&srcucb, idx);

The synchronize_rcu() cannot return until all pre-existing SRCU read-side critical sections complete, but is enclosed in an SRCU read-side critical section that cannot complete until the synchronize_srcu() returns. The result is a classic self-deadlock--you get the same effect when attempting to write-acquire a reader-writer lock while read-holding it.

Note that this self-deadlock scenario does not apply to RCU Classic, because the context switch performed by the synchronize_rcu() would act as a quiescent state for this CPU, allowing a grace period to complete. However, this is if anything even worse, because data used by the RCU read-side critical section might be freed as a result of the grace period completing.

In short, do not invoke synchronous RCU update-side primitives from within an RCU read-side critical section.

Back to Quick Quiz 3.

Quick Quiz 4: But wait! This is exactly the same code that might be used when thinking of RCU as a replacement for reader-writer locking! What gives?

Answer: This is an effect of the Law of Toy Examples: beyond a certain point, the code fragments look the same. The only difference is in how we think about the code. However, this difference can be extremely important. For but one example of the importance, consider that if we think of RCU as a restricted reference counting scheme, we would never be fooled into thinking that the updates would exclude the RCU read-side critical sections.

It nevertheless is often useful to think of RCU as a replacement for reader-writer locking, for example, when you are replacing reader-writer locking with RCU.

Back to Quick Quiz 4.

Quick Quiz 5: Why the dip in refcnt overhead near 6 CPUs?

Answer: Most likely NUMA effects. However, there is substantial variance in the values measured for the refcnt line, as can be seen by the error bars. In fact, standard deviations range in excess of 10% of measured values in some cases. The dip in overhead therefore might well be a statistical aberration.

Back to Quick Quiz 5.

Quick Quiz 6: Suppose that the nmi_profile() function was preemptible. What would need to change to make this example work correctly?

Answer: One approach would be to use rcu_read_lock() and rcu_read_unlock() in nmi_profile(), and to replace the synchronize_sched() with synchronize_rcu(), perhaps as follows:

  1 struct profile_buffer {
  2   long size;
  3   atomic_t entry[0];
  4 };
  5 static struct profile_buffer *buf = NULL;
  6 
  7 void nmi_profile(unsigned long pcvalue)
  8 {
  9   atomic_t *p;
 10 
 11   rcu_read_lock();
 12   p = rcu_dereference(buf);
 13   if (p == NULL) {
 14     rcu_read_unlock();
 15     return;
 16   }
 17   if (pcvalue >= p->size) {
 18     rcu_read_unlock();
 19     return;
 20   }
 21   atomic_inc(&p->entry[pcvalue]);
 22   rcu_read_unlock();
 23 }
 24 
 25 void nmi_stop(void)
 26 {
 27   atomic_t *p = buf;
 28 
 29   if (p == NULL)
 30     return;
 31   rcu_assign_pointer(buf, NULL);
 32   synchronize_rcu();
 33   kfree(p);
 34 }

Back to Quick Quiz 6.

Comments (16 posted)

Kubuntu LTS and KDE4

Ubuntu and its siblings are preparing for the next Long Term Support (LTS) release, v8.04 (April 2008) - the Hardy Heron. Ubuntu's first release was announced in September 2004, with a (then) brand new GNOME 2.8 desktop. Since then Ubuntu releases have been tied pretty closely to GNOME releases.

Now, of course, we have Kubuntu for KDE fans, and Xubuntu for Xfce fans. That's great, but Ubuntu releases aren't timed for new versions of those desktops. And that's why it seems that Kubuntu 8.04 will not be a LTS release after all.

The final release of KDE 4.0 will be out in January and a Kubuntu 7.10 live CD with KDE 4 RC2 is getting plenty of downloads. Interest in KDE 4.0 is high. Jonathan Riddell, Kubuntu project lead, writes: "Since KDE 4 is a major change to the platform, it is not currently at one of these natural rest points so would not be suitable for long term support. Instead, due to the very high interest, development efforts will be directed towards KDE 4 and releasing Kubuntu 8.04 with the option of using either KDE 3.5 or KDE 4."

Basically, it seems that Canonical, Kubuntu's parent company, thinks that KDE 3.5 is stable enough for a LTS release, but upstream support will be dropping off before the full three-year period promised for a LTS release. KDE 4.0 is currently popular, and will be supported upstream, but its not quite stable enough for a LTS release.

Richard A. Johnson presents his viewpoint. "Kubuntu 8.04 will not be LTS, unless after all of this hoopla something changes. Honestly, I do not see why the KDE 3.5 release can't be LTS, but as Jonathan said, that is Canonical's calling." He continues, "If we were to continue to redirect 100% of our efforts to KDE 3.5, come this time next year, we will be so far behind the rest of the distributions pushing KDE 4. We, Kubuntu Development Team, do not have the resources to do both a KDE 3.5 LTS release as well as a KDE 4 release at the same time. We cannot afford to neglect KDE 4 as a distribution. If we were to neglect it now, we could never catch up to distributions such as Fedora, openSUSE, and others who are just swarming with developers."

Kubuntu is sometimes seen a "second class citizen" compared to Ubuntu and if Kubuntu does not release a LTS version that perception will only be strengthened. But the developer pool is small and Canonical must decide what they can realistically support for a 3 year time period, as opposed to the usual 18 month period for most releases.

In another post, Richard A. Johnson writes: "Don't get me wrong, I am torn between LTS and non-LTS for a multitude of reasons. I know people want LTS and just as many, if not more, want KDE 4. I am afraid that if we do the LTS way, we will miss out on KDE 4 and the hype behind it. At the same time I worry about those who were looking forward to an LTS release. At the same time, I also realize we do 6 month releases, and majority of our users follow our releases and typically upgrade on release day, the amount of noise created in the past about dist-upgrade breakage supports this."

Krzysztof Lichota comments:

Others agree that focusing on KDE 3.5 for a LTS release is the way to go. Unsupported live CDs with KDE 4 could be made available. And six months after the Hardy release comes Kubuntu 8.10, which will certainly feature KDE 4.

Scott James Remnant notes: "The community's input was actually sought on several points, and many members of the Kubuntu community provided answers and insight that contributed to the decision. It is difficult for this decision to be made by the community because the community's stake in Kubuntu is one of personal achievement and pride, whereas Canonical's is financial and of commercial commitments. Had Canonical simply asked the community "should Kubuntu 8.04 be an LTS?", the answer would not be based on the same terms: instead more direct questions were asked such as "how long will upstream work on KDE 3.5?""

Version 8.04 is only the second LTS release (the first being 6.06, aka Dapper Drake), so this situation really hasn't come up before. It is bound to come up again though. There may be other times in the future when not all the Ubuntu siblings will have the same support cycle. It doesn't necessarily make them second class, it just makes them more supportable.

Comments (30 posted)

Debian GNU/Linux 4.0 updated

The Debian project has announced the second update of its stable distribution Debian GNU/Linux 4.0 (codename etch). This update mainly adds corrections for security problems to the stable release, along with a few adjustments to serious problems.

Full Story (comments: none)

Debian GNU/Linux 3.1 updated

The Debian project has announced the seventh update of its old stable distribution Debian GNU/Linux 3.1 (codename `sarge'). This is the first sarge update since etch was released. This update mainly adds corrections for security problems to the old stable release, along with a few adjustments to serious problems.

Full Story (comments: none)

Unofficial Debian+XFCE build

An unofficial build of Debian "etch" with Xfce4 is available for the OLPC XO system. "It includes Firefox, Thunderbird, a suite of development tools (python, git, gcc, gdb, flex, bison, automake, autoconf, libtool), a music player (XMMS), IRC client (irssi) and a graphical wireless AP selector. The entire build takes up 250MB of flash. I optimized the Firefox window layout to give you maximum screen estate, and configured a number of keyboard shortcuts. Feedback welcome. Standard disclaimer applies."

Full Story (comments: none)

Fedora Unity announces Fedora 8 Re-Spin

The Fedora Unity Project has announced the release of new ISO Re-Spins (DVD and CD Sets) of Fedora 8. These Re-Spin ISOs are based on the officially released Fedora 8 installation media and include all updates released as of December 18th, 2007. The ISO images are available for i386 and x86_64 architectures via jigdo.

Full Story (comments: none)

Stable LFS LiveCD 6.3-r2160 released

Linux From Scratch has released an updated live CD with version 6.3 of the LFS book. Click below to see the changes since the initial 6.3 release.

Full Story (comments: none)

Announcing NetBSD 4.0

The NetBSD Project has announced the release of v4.0 of the NetBSD operating system. "Major achievements in NetBSD 4.0 include support for version 3 of the Xen virtual machine monitor, Bluetooth, many new device drivers and embedded platforms based on ARM, PowerPC and MIPS CPUs. New network services include iSCSI target (server) code and an implementation of the Common Address Redundancy Protocol. Also, system security was further enhanced with restrictions of mprotect(2) to enforce W^X policies, the Kernel Authorization framework, and improvements of the Veriexec file integrity subsystem, which can be used to harden the system against trojan horses and virus attacks."

Comments (none posted)

openSUSE Build Service Version 0.5 Release

The openSUSE project has released version 0.5 of the openSUSE Build Service. This code provides the functionality as provided on https://build.opensuse.org/ for the first time as an official tar ball release. Pointsettia provides the complete infrastructure to build single hardware architecture distributions. System images can be created via KIWI.

Full Story (comments: 1)

SimplyMEPIS 7.0 released

MEPIS has announced the release of SimplyMEPIS 7.0. "Some of the important packages included with the 7.0 release are: an updated and security patched 2.6.22.14 kernel, Xorg 7.1.0, KDE 3.5.8, OpenOffice 2.3.0, Firefox 2.0.0.11, Thunderbird 2.0.0.6, Digikam 0.9.2, Sun Java 6.00, Amarok 1.4.7, mplayer 1.0.rc1, fuse driver 2.7.0, ntfs-3g 1.710, madwifi-ng Atheros driver 0.9.3.2, wpa-supplicant 0.6.0, ALSA sound drivers 1.0.15, libglib2.0 2.14.0, libgtk2.0 2.10.13, and QT 4.3.1-1."

Comments (none posted)

Hardy Alpha 2 released

The second alpha of Ubuntu's Hardy Heron, v8.04, is available for testing. "This is quite an early set of images, so you should expect some bugs. For a list of known bugs (that you don't need to report if you encounter), please see: http://www.ubuntu.com/testing/hardy/alpha2"

Full Story (comments: 2)

VectorLinux v5.9 GOLD

VectorLinux has announced the release of VectorLinux v5.9 standard GOLD. "This release follows our legendary tradition of stability (inherited from SlackWare-12), blazing speed on even modest hardware and simplicity of design and function. The release features fully working browser plugins including Flash, java, mp3, real media, Windows media, pdf and Quick time. Additional features include: X.org 7.3, Linux kernel 2.6.22.14, fully customized Xfce 4.4.2, Fluxbox, Jwm, SeaMonkey Internet Suite 1.1.7, Firefox 2.0.0.11 and Opera 9.5.0 beta1 (so you'll be sure to have your favorite browser!). Abiword and Gnumeric for your office tasks."

Comments (none posted)

Status of GCC 4.3 on Alpha (Debian)

Martin Michlmayr has been compiling the Debian archive on Alpha with GCC 4.3. There are a few issues still, but overall the status is good.

Full Story (comments: none)

Debian 2007 timeline

Romain Francoise has started a Debian 2007 timeline to track the significant events of the year in the Debian Project.

Full Story (comments: none)

Happy new year from Slackware

Slackware starts the new year off right, with some new timezone data.

Full Story (comments: none)

SUSE Linux Desktop 1.0 has reached End of Life

The last maintenance update for SUSE Linux Desktop 1.0 has been released. "SUSE Linux Desktop 1.0 is now at its End Of Life, support is discontinued, and no more updates will be published."

Full Story (comments: none)

Welcome New OpenPKG Year 2008!

OpenPKG wants to wish everyone a happy new year and let you know about some adjustments. "Following our good tradition, the turn of the year is the prominent point in time where we adjust the official OpenPKG world order to the current organizational and technological circumstances." Click below to find out more about the current adjustments.

Full Story (comments: none)

Source Mage 2008 Project Lead Nominations

Nominations are open for the position of Source Mage project leader. See the Voting Policy for more information. Nominations are open until January 9, 2008.

Full Story (comments: none)

Foresight Newsletter Issue 9

The December 2007 edition of the Foresight Newsletter is out. "This month we take a look at the initial launch of the GNOME Developer Kit based on Foresight Linux, a look back at the year in review in the world of Foresight, an update on the next alpha version of the 2.0 release, updates to developer documentation, and news from Foresight's marketing and infrastructure teams."

Comments (none posted)

Ubuntu Weekly Newsletter #71

The Ubuntu Weekly Newsletter for December 29, 2007 is out. "In this issue: Dell adds DVD playback, Ubuntu Live Conference proposals, Hardy Alpha 2, Ubuntu Desktop training course, a community approach to commercial training, Kubuntu 8.04 LTS status, Full Circle Magazine Issue #8, new Kubuntu members, IRSeek, a new Official Ubuntu Book, and much, much more!!"

Full Story (comments: none)

The Linux Libertine Open Fonts Project

The Libertine Open Fonts Project, which first showed up on LWN in May, 2006, is an open source font project. The project's leader is Philipp H. Poll. The Libertine project description states:

The Libertine license information states:

The Libertine font files are available as both TTF (TrueType) and OTF (OpenType) fonts. The Linux-compatible LaTeX typesetting system supports the Libertine fonts. See the Libertine LaTeX document [PDF] for usage and installation instructions. Libertine includes a wide variety of Font Styles. Numerous languages are supported, and many special characters are available. For a look at some of the LaTeX accessible font characters, see the glyph list document [PDF].

Version 2.7.9 of the Libertine font project was recently announced. This release adds hinting, which allows the fonts to be used with Microsoft Word. Other changes include improved kern pairs for better typography, some minor tweaks and some bug fixes.

The libertine fonts are available for download here. The fonts come in a standard .tgz file which includes all of the font collections as both .ttf and .otf files. The Fontforge source files are also available. Fontforge is an open-source outline font editor.

Comments (9 posted)

Areca Backup: 5.5.4 released (SourceForge)

Version 5.5.4 of Areca Backup has been announced, it includes a fix for a recovery bug. "Areca Backup is a file backup tool written in java. It supports data compression & encryption, incremental backup, file history explorer and many other features."

Comments (none posted)

release 2.1.3 of Linux-HA is now available

Stable release 2.1.3 of the Linux-HA cluster management software has been announced. "It includes some new manageability features, and a few new and improved resource agents and STONITH plugins, and nearly 400 bug fixes and lesser enhancements."

Full Story (comments: none)

Postgres Weekly News

The December 23, 2007 edition of the Postgres Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

Postgres Weekly News

The December 30, 2007 edition of the Postgres Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

Release of iptables 1.4.0 final

Version 1.4.0 final of iptables has been announced. "This is the first final release of the new iptables branch 1.4. This release contains lots of bugfixes and improvements for the previous release candidate which strongly improves IPv6 support. Please, upgrade!"

Full Story (comments: none)

Zenoss Core 2.1.2 Available (SourceForge)

Version 2.1.2 of Zenoss Core has been announced, it includes numerous bug fixes. "Zenoss Core is an enterprise network and systems management application written in Python/Zope. Zenoss provides an integrated product for monitoring availability, performance, events and configuration across layers and across platforms."

Comments (none posted)

Aqualung 0.9beta9 released

Version 0.9beta9 of the Aqualung music player has been announced. "This is a major release bringing significant new functionality and many important fixes. All users are encouraged to upgrade."

Full Story (comments: none)

QjackCtl 0.3.2 released

Version 0.3.2 of QjackCtl, a GUI control panel for the JACK Audio Connection Kit, is out with a long list of new capabilities.

Full Story (comments: none)

Traverso 0.42.0 announced

Version 0.42.0 of Traverso is out with new features and bug fixes. "Traverso is a GPL licensed, cross platform program for recording and mixing music, speech, and sounds on the computer".

Full Story (comments: none)

OpenXava: 2.2.4 released (SourceForge)

Version 2.2.4 of OpenXava has been announced, it includes new features and bug fixes. "OpenXava is a framework to develop Java Enterprise/J2EE applications rapidly and easily. It's based in business component concept. Feature rich and flexible since it's used for years to create business applications with Java."

Comments (none posted)

GNOME 2.21.4 released

Version 2.21.4 of the GNOME desktop has been announced. "This is the third release of the GNOME 2.21.x series, heading towards the stable GNOME 2.22.x release."

Full Story (comments: none)

GARNOME 2.21.4 announced

Version 2.21.4 of GARNOME, the bleeding edge GNOME distribution, is out. "This release includes all of GNOME 2.21.4 plus a whole bunch of updates and fixes that were released after the GNOME freeze date."

Full Story (comments: none)

GNOME Software Announcements

The following new GNOME software has been announced this week:

• Alarm Clock Applet 0.1 (initial release)
• Beagle 0.3.2 (new features, bug fixes and translation work)
• cheese 0.3.0 (new features, bug fixes and translation work)
• GLib 2.15.0 (new features, bug fixes and translation work)
• glibmm 2.15.0 (new features and bug fixes)
• gnome-control-center 2.21.4 (new features, bug fixes and translation work)
• gnome-mag 0.15.0 (bug fixes and translation work)
• Gnome Specimen 0.4 (new features, bug fixes and translation work)
• gvfs 0.1.0, eel and nautilus 2.21.1 (new features)
• metacity 2.21.5 (new features and bug fixes)
• pypoppler 0.6.2 (new features and bug fixes)
• Rhythmbox 0.11.4 (new features, bug fixes and translation work)
• Tinymail pre-release 0.0.6 (new features and bug fixes)

You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE Commit-Digest (KDE.News)

The December 16, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "A Sonnet-based spellcheck runner, and icons on the desktop in Plasma. Continued work revamping KBugBuster, more work towards KDevelop 4. GetHotNewStuff support for downloading maps in Marble. Image and audio dockers in Parley. The start of Glimpse, a new scanning application based on libksane. The beginnings of a generic resource display framework for NEPOMUK..."

Comments (none posted)

KDE Commit-Digest (KDE.News)

The December 23, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "Trolltech-sponsored development continues on Phonon backends. Support for saving to remote URL's in Gwenview. A "Now Playing" data engine and applet, and the train clock returns in Plasma. "Switch Tabs on Hover" can now be disabled, and other refinements in Kickoff for KDE 4.0. Work on a debugger (with a SpeedCrunch-inspired interface) for KHTML. Work to support the most recent release of the Flash (version 9) multimedia plugin in Konqueror. SOCKS support in KTorrent. Device handling fixes in KPilot..."

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week:

• Amarok ices script 0.1 (initial release)
• amaroK Web Collection 1.0.3 (code optimization)
• amaroK Web Collection 1.0.4 (bug fixes)
• amaroK Web Collection V xmms x1.0.4 (bug fixes)
• Avi 2 iPod / PSP (mp4) 2.0 (new features and bug fixes)
• Avi 2 iPod / PSP (mp4) 2.1 (new features)
• cueIt .05 (initial release)
• cueIt .06 (unspecified)
• digiKam 0.9.3 (new features)
• FALF Player 1.0/1.1dev (new features and bug fixes)
• indywiki 0.9.6 (bug fixes)
• Kaffeine Screenshot to Kopete Avatar 1.01B (unspecified)
• KAlarm 1.4.21 / 1.9.9 beta2 (new features and bug fixes)
• Kalva 0.8.90 (new features)
• KGraphViewer and KGraphEditor 1.0.4 and 1.99.1 (new features and bug fixes)
• Kim 0.9.5 (new feature)
• kipi-plugins 0.1.5 rc1 (new features and bug fixes)
• KleanSweep 0.2.9 (initial release)
• Kraft 0.23 (bug fixes)
• KTorrent 3.0beta1 (new features)
• kvpnc 0.9.0 (new features and bug fixes)
• libkdcraw 0.1.3 (new features and new camera support)
• Manslide v1.9.1 (unspecified)
• MountISO 0.9.2 (new features, bug fixes and translation work)
• MountISO 0.9.3 (bug fixes and translation work)
• MountISO 0.9.3.1 (translation work)
• Qosmic 1.2 (new features and bug fixes)
• ScroogLyrics 0.5.1 (bug fixes)
• ScroogLyrics 0.7.2 (bug fix)
• Snippits 0.5.1 (bug fixes and documentation work)
• Xbox Live Gamercard Plasmoid 0.1 (initial release)

You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

Xorg Software Announcements

The following new Xorg software has been announced this week:

• xf86-video-ati 6.7.197 (new features and bug fixes)
• xf86-video-radeonhd 1.1.0 (new features and bug fixes)

More information can be found on the X.Org Foundation wiki.

Comments (none posted)

GnuPG 1.4.8 released

Stable version 1.4.8 of GNU Privacy Guard (GnuPG) has been announced. "Note that this version is from the GnuPG-1 series and thus smaller than those from the GnuPG-2 series, easier to build and also better portable. In contrast to GnuPG-2 (e.g version 2.0.8) it comes with no support for S/MIME or other tools useful for desktop environments. Fortunately you may install both versions alongside on the same system without any conflict."

Full Story (comments: none)

GnuPG 2.0.8 released

Version 2.0.8 of GNU Privacy Guard (GnuPG) has been announced, it includes new features and bug fixes.

Full Story (comments: none)

Uniconvertor 1.1.0 released

Version 1.1.0 of UniConvertor, a multi-platform vector graphics translator, has been released. This version improves memory usage.

Full Story (comments: none)

GNUmed 0.2.8.0 released (LinuxMedNews)

Version 0.2.8.0 of the GNUmed medical record system has been announced. Changes include: "A report generator to visualize query results with gnuplot has been added. Exception handling has been improved. The Snellen Chart has been reactivated. KVK handling has officially been included. More hooks and an improved example hook script were added. Demographics handling has been extended to now really support multiple names, addresses, comm channels, and external IDs..."

Comments (none posted)

OpenClinica 2.2 Provides Enhanced Features for Popular Open Source Electronic Data Capture Software (LinuxMedNews)

LinuxMedNews notes the release of OpenClinica 2.2. "Akaza Research announces a new production release of the OpenClinica clinical research software designed for electronic data capture and clinical data management. This new release provides a long list of enhancements across numerous areas of the software."

Comments (none posted)

AZR3-JACK released

The initial release of AZR3-JACK has been announced. "This JACK program is a port of the free VST plugin AZR-3. It is a tonewheel organ with drawbars, distortion and rotating speakers. The original was written by Rumpelrausch Täips."

Full Story (comments: none)

Qsynth 0.3.2 (unstable-qt4) is out

Version 0.3.2 of Qsynth has been announced, it adds new capabilities and bug fixes. "Yes, it's about time. Much as the long due FluidSynth 1.0.8 release, really "Its about funky time!". Time also for season greetings and some gift exchange."

Full Story (comments: none)

Rosegarden 1.6.1 released

Version 1.6.1 of Rosegarden, an audio and MIDI sequencer and musical notation editor, has been announced. "This is a bug fix release, fixing a couple of significant bugs in the recent 1.6.0 feature release. Users are advised to upgrade forthwith."

Full Story (comments: none)

OpenOffice.org Newsletter

The December, 2007 edition of the OpenOffice.org Newsletter is out with the latest OO.o office suite articles and events.

Full Story (comments: none)

SynCE: vdccm 0.10.1 released (SourceForge)

Version 0.10.1 of vdccm, part of SynCE, has been announced. "The purpose of the SynCE project is to provide a means of communication with a Windows CE or Pocket PC device from a computer running Linux, *BSD or other unices. vdccm 0.10.1 has been released. This is a point release mainly to fix a security vulnerability that was presented to us by Core Security Technologies."

Comments (none posted)

Q3C: 1.4.1 was released (SourceForge)

Version 1.4.1 of Q3C has been announced. "Q3C means QuadTree Cube. This is the plugin for PostgreSQL to work with large astronomical catalogues (or just the catalogues of objects on the sphere). It allows you to do easily the cone searches, polygonal searches on the sphere and fast cross-matches."

Comments (none posted)

Mozilla Firefox 3 Beta 2 Released (MozillaZine)

MozillaZine has further coverage of the recently released Mozilla Firefox 3 Beta 2 web browser. "The second beta of the next major Firefox version offers around 900 bug fixes over Beta 1, including several feature enhancements and fixes to improve speed, stability, security and memory usage. Perhaps the most striking change is the redesigned Location Bar autocomplete menu, which now highlights which parts of the page title and/or URL match the entered text. The Downloads window has also been improved".

Comments (none posted)

Mozilla Links Newsletter

The December 20, 2007 edition of the Mozilla Links Newsletter is online, take a look for the latest news about the Mozilla browser and related projects.

Full Story (comments: none)

Mozilla Links Newsletter

The December 27, 2007 edition of the Mozilla Links Newsletter is online, take a look for the latest news about the Mozilla browser and related projects.

Full Story (comments: none)

OpenKM announces version 1.2

Version 1.2 of OpenKM has been announced. "Openkm is a open source document management system licenced on GNU GPL V2 based on java technologies ( Jboss, Jackrabbit, Lucene, GWT- Google Web Toolkit ) useful for any enterprises intented to organize and share documents."

Full Story (comments: 1)

A New Year, a New Zimbra (MontanaLinux.org)

Scott Dowdle's blog looks at the recently released Zimbra 5.0 messaging and collaboration suite. "Zimbra Collaboration Suite 5.0 GA came out today or was it yesterday / last year? After reading the release notes(PDF) and doing a complete backup, I upgraded both my work and personal Zimbra servers. I have been using Zimbra for as my work and personal email server for... oh... something close to two years now. Over that time there have been a number of upgrades and they have always gone smoothly." The new version has not yet been announced on the official Zimbra site.

Comments (none posted)

Caml Weekly News

The January 1, 2008 edition of the Caml Weekly News is out with new articles about the Caml language.

Full Story (comments: none)

A Perl 6 status update

Remember Perl 6? Here is a status update by Patrick Michaud on the development of this new language. "Even though the new implementation is only a couple of weeks old, we already see huge gains in the quality and extensibility of the compiler, and in the ability for others to participate in its development. Because the current implementation is so new, I'm reluctant to hazard a guess as to an anticipated pace of development going forward, other than to say it should be much faster than what has been. I do tend to think that we'll be reaching the 'workable implementation' stage in a matter of weeks instead of months or years."

Comments (57 posted)

Python-URL! - weekly Python news and links

The December 28, 2007 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Python-URL! - weekly Python news and links

The December 31, 2007 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Tcl/Tk 8.5 released

Version 8.5 of Tcl/Tk has been announced. "This is the first stable release of Tcl/Tk 8.5."

Full Story (comments: none)

Tcl-URL! - weekly Tcl news and links

The December 31, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

qgit-2.1 and qgit-1.5.8 announced

Two new versions of qgit have been announced. "Stable qgit-1.5.8 has only maintenance fixes, not a lot indeed, it happens to be already very stable. New stuff is in qgit-2.1".

Full Story (comments: none)

ugit: the pythonic git gui

A new release of ugit is out with lots of new features. "ugit, the pyqt-based git gui, has been taking shape as of late. First off, I'd like to thank everyone that replied with suggestions and criticism. This list is extremely helpful with regards to providing honest software critiques."

Full Story (comments: none)

2007 Top Ten Free and Open Source Legal Issues (Law & Life)

Law & Life: Silicon Valley has a column on the top-ten 2007 legal issues relevant to free software. "In August, the district court in San Francisco surprised many lawyers by ruling that the remedies for breach of the Artistic License were in contract, not copyright. Most lawyers believe that the failure to comply with the major terms of an open source license means that the licensee is a copyright infringer and, thus, can obtain “injunctive relief" (which means that the court orders a party to cease their violation). On the other hand, if the remedy is limited to contract remedies, then the standard remedy would be limited to monetary damages. Such damages are of limited value to open source licensors."

Comments (none posted)

Samba Team receives Microsoft protocol documentation (Groklaw)

Groklaw reports on the release of Microsoft protocol information. "The Protocol Freedom Information Foundation has just signed an agreement with Microsoft to receive the protocol documentation needed to fully interoperate with the Microsoft Windows workgroup server products and to make them available to Samba and other Free Software projects. No. This isn't a bit like the Novell-Microsoft agreements. This is for access to Microsoft's protocols, as ordered by the EU Commission and agreed to by Microsoft. It's a good thing, in my opinion, and the Samba guys worked really hard to make this as good as it gets."

Comments (10 posted)

Samba's Big Step (ComputerWorld UK)

Over at ComputerWorld UK, Glyn Moody analyzes the recent news from the Samba world, finding it mostly positive. "First, it confirms that there are groups within Microsoft who are willing to work in good faith with the free software world – whatever their chair-hurling boss may say. Judging by Tridge's comments – and contrary to my own impressions – it also demonstrates that there are people within the European Commission who really get this open source stuff, and want to nurture it. That's something that goes well beyond this agreement, since it is likely to impact future decisions too."

Comments (13 posted)

SCO Delisted as of Today (Groklaw)

Groklaw reports that SCO has been delisted from the NASDAQ. "All those Mesirow and legal hours working on the SEC delisting did not pay off. SCO announces today that Nasdaq has sent them a letter. SCO will be delisted as of December 27. They found out on the 21st, it seems, but they tell us today. Here's the press release, where they once again describe themselves as "a leading provider of UNIX software technology and mobile services"."

Comments (5 posted)

Open-Sourcing Fibre Channel over Ethernet (eWeek)

eWeek covers Intel's release of GPLv2-licensed Fibre Channel over Ethernet (FCoE) code for Linux. "FCoE's purpose is to enable data centers to consolidate LAN and SAN (storage area network) traffic over 10GB Ethernet. FC, which comes in speeds from 2 to the just arriving 8G bps, is commonly used in data center SANs. In recent years it's been challenged by iSCSI. Fibre, which, despite the name can run both on copper and fiber-optic cables, is seen as faster and more reliable, while iSCSI is commonly thought of as less expensive. Intel, along with FCoE's founder Cisco Systems, is hoping to combine the virtues of both Fibre and iSCSI with this new high-speed, dual-purpose network fabric." Further: "Unlike iSCSI, FCoE does not run on the TCP/IP stack. This is Fibre Channel on Ethernet without the overhead or the management and analysis tools of TCP/IP."

Comments (10 posted)

Red Hat has a great quarter; CEO leaves (Linux-Watch)

Linux-Watch looks at Red Hat's financial results for its third fiscal quarter. "For Red Hat's share owners, the net income for the quarter came out to a healthy $20.3 million. That works out to a dime per diluted share. Last quarter saw 9 cents per diluted share and 7 cents per diluted share in the equivalent 2006 quarter. At the same time that Red Hat was making money, the company has also been saving money. Its total cash and equivalents at quarter's end was $1.3 billion."

Comments (2 posted)

Signposts of GNU/Linux Growth in 2007, Part 1 (Datamation)

Datamation takes a look at areas where Linux has gained ground in 2007. "As time goes by, appliances might inherit the important role of traditional desktops. Mobile and ultra-mobile devices could gradually replace laptops and servers to become more predominant owing to Web-based software, which also moves storage toward the back end. Let's explore how GNU/Linux fits this broader vision and discover just how ubiquitous it is, with growth consistently on the upside."

Comments (3 posted)

Technology in 2008 (Economist)

The Economist makes some predictions for 2008 which reveal an interesting view of causality in the Linux world. "The [SCO/Novell] verdict removed, once and for all, the burden that had been inhibiting Linux's broader acceptance. Linux is now accepted as being Unix-like, but not a Unix-derivative. Bulletproof distributions of Linux from Red Hat and Novell have long been used on back-office servers. Since the verdict against SCO, Linux has swiftly become popular in small businesses and the home."

Comments (26 posted)

MIT spinoff's little green laptop a hit in remote Peruvian village (Chicago Tribune)

The Chicago Tribune is carrying a look at one of the first OLPC deployments in Peru. "The children of Arahuay prove One Laptop's transformative conceit: that you can revolutionize education and democratize the Internet by giving a simple, durable, power-stingy but feature-packed laptop to the worlds' poorest kids. 'Some tell me that they don't want to be like their parents, working in the fields,' first-grade teacher Erica Velasco says of her pupils. She had just sent them to the Internet to seek out photos of invertebrates - animals without backbones.'"

Comments (13 posted)

News about LANCOR v. OLPC (Groklaw)

Groklaw looks at a lawsuit filed by LANCOR against OLPC. "Yes, it's begun in a Nigerian court. LANCOR has actually done it. Heaven only knows it makes me want to drink. Guess what the Nigerian keyboard makers want from the One Laptop Per Child charitable organization trying to make the world a better place? $20 million dollars. I kid you not. $20 million dollars in "damages". And an injunction blocking OLPC from distribution in Nigeria."

Comments (10 posted)

Interview with Opera's CEO, CTO and General Counsel (Groklaw)

Groklaw has an interview with several Opera executives on the Opera Software complaint to the EU Commission. "This interview is with Opera's CEO Jon S. von Tetzchner, Jason A. Hoida, Deputy General Counsel, and CTO, Håkon Wium Lie. I have yet to see a media report that gets all the story right, so let's let them speak for themselves in their own words: why file a complaint now, what is it about, what remedies are being sought, which standards are involved, and how does failure to implement standards affect the public, and much more." The Free Software Foundation Europe has announced support for Opera's complaint against Microsoft.

Comments (none posted)

Linux for everyone (CPILive.net)

CPILive.net interviews Mark Shuttleworth. "Free software is part of a broader phenomenon, which is a shift toward recognising the value of shared work. Historically, shared stuff had a very bad name. The reputation was that people always abused shared things, and in the physical world, something that is shared and abused becomes worthless. In the digital world, I think we have the inverse effect, where something that is shared can become more valuable than something that is closely held, as long as it is both shared and contributed to by everybody who is sharing in it."

Comments (none posted)

Interview with ECIS's Thomas Vinje Regarding Opera's Complaint (Groklaw)

Groklaw presents an audio interview with Thomas Vinje. "Groklaw's Sean Daly has been busy getting more information for us about the recent announcement by Opera that it has filed a complaint with the European Commission against Microsoft. He's done two interviews. This one is with Thomas Vinje, the lawyer for the European Committee for Interoperable Systems [ECIS], who is helping to represent Opera before the Commission."

Comments (none posted)

Commercial Sound And Music Software For Linux, Part 2 (Linux Journal)

Dave Phillips presents more commercially available music and sound software for Linux. "As one reader pointed out, "commercial" doesn't necessarily mean closed-sources, just as "proprietary" doesn't necessarily mean "for sale". The question of how to make money from free software development was the instigation for this article, and I discovered that there are income possibilities other than the traditional exchange of goods for money. Two popular channels are the service/support contract and the subscription model."

Comments (none posted)

Building A Linux Music Studio (LinuxPlanet)

LinuxPlanet looks at audio applications for Linux. "This is a great time to be your own recording and sound engineer. There are all kinds of great digital recording gear, from tiny portable recorders to multi-channel mixer-recorders with CD burners, and Linux has a wealth of good-quality audio recording and editing programs. The hard part is figuring out where to start because there is so much to choose from. I'll talk a bit about the different types of digital recorders, and then run through recording a live performance and making a CD using Linux."

Comments (3 posted)

The Sound Of Linux 2007 (Linux Journal)

Dave Phillips highlights the best Linux audio achievements of the year in the Linux Journal. "If I had to select one piece of software that I consider to be crucial to Linux audio development, it'd be JACK. Almost all the software mentioned above either requires it or performs best with it. Some of JACK's notable improvements in 2007 include direct support for MIDI, improved support for multi-processor systems, and a new version for Windows. Linux can claim a variety of excellent sound and music applications, but JACK truly holds the keys to the kingdom."

Comments (8 posted)

My Very Own OLPC XO Laptop (Groklaw)

PJ got her very own OLPC XO laptop. "I have one!!! Finally I get to play with the OLPC laptop. It was a gift, and it was given to me in a restaurant, where it created a stir, so there's a story to tell you. I met, at their suggestion, a couple at a restaurant that has wireless, and there it was. My very own XO. It's so tiny. So light. So cute. It's not all green, by the way. When it's closed, it's white with green trim, with a textured finish so it's not slippery, and it's soooo darling. It draws you. I couldn't even eat until I tried it out."

Comments (21 posted)

The top Linux/FOSS events of 2007 (ITWire)

ITWire looks back at 2007. "OpenMoko hasn't received the same hype as, say, the Apple iPhone but it is truly remarkable in terms of the product itself as well as the philosophy of the company who freely give away all the keys to let anyone do anything with the phone. Perhaps in time a new release of the Neo may replicate the success of the ASUS Eee in the mobile world. I certainly think this is one product and company to keep an eye on."

Comments (1 posted)

Tech Predictions for 2008 (PC World)

PC World presents some technology predictions for 2008. "As Vista continues to limp toward wider adoption, Linux will make major inroads into the enterprise, as well as in government IT. At the same time, the leaner OS will become a more attractive option for home users and in consumer electronics, spurred by the Open Handset Alliance and the advent of Google's Android mobile platform, which will be built on the Linux kernel. Jim Zemlin, the president of the Linux Foundation, sees 2008 as a "really interesting, breakthrough year for Linux," and we think he's right about that."

Comments (none posted)

Trying to predict 2008 (ZDNet)

Here is a bizarre 2008 prediction posted by "Paul Murphy" at ZDNet. "At the top of the list of continuations is SCO. No matter how the legal action pans out, it will continue to dominate direction setting in the Linux community - and until or unless IBM gets its collective head straight on the issue and cleans house, the polarization this case has led to will continue to undermine Linux legitimacy." LWN's 2008 predictions - to be posted soon - do not mention SCO at all; one wonders if there is anybody else on the planet who thinks this way.

Comments (14 posted)

FSFE supports new antitrust investigation against Microsoft

The Free Software Foundation Europe has sent out a press release announcing its support for antitrust investigation against Microsoft in the EU. ""Microsoft should be required openly, fully and faithfully to implement free and open industry standards," is the message of a letter by the Free Software Foundation Europe (FSFE) to European Competition Commissioner Neelie Kroes. To help achieve this goal, FSFE offered its support for a possible antitrust investigation based on the complaint of Opera Software against Microsoft. The complaint was based on anti-competitive behaviour in the web browser market."

Full Story (comments: none)

GnuPG Celebrates 10 Years

The GNU Privacy Guard encryption software project has announced its 10 year anniversary. "It's been a decade now that the very first version of the GNU Privacy Guard [0] has been released. This very first version was not yet known under the name of GnuPG but dubbed "g10" as a reference on the German constitution article on freedom of telecommunication (Grundgesetz Artikel 10) and as a pun on the G-10 law which allows the secret services to bypass these constitutional guaranteed freedoms."

Full Story (comments: 12)

Samba team gets Microsoft protocol documents

The Samba team has announced the signing of an agreement with Microsoft which will result in the delivery of Microsoft's protocol documentation. "We will be able to use the information obtained to continue to develop Samba and create more Free Software. We are hoping to get back to the productive relationship we had with Microsoft during the early 1990's when we shared information about these protocols. The agreement also clarifies the exact patent numbers concerned so there is no possibility of misunderstandings around this issue."

Comments (5 posted)

EU antitrust case over: Samba receives interoperability information

The Free Software Foundation Europe has sent out a press release concerning the winning of interoperability information by the Samba project. "In 2004 the European Commission found Microsoft guilty of monopoly abuse in the IT marketplace and demanded that complete interoperability information be made available to competitors. Microsoft objected to this decision and was overruled in September 2007 by the European Court of First Instance (CFI). The CFI found Microsoft guilty of deliberate obstruction of interoperability and upheld the obligation for Microsoft to share its protocol information. The Samba Team has decided to make use of Micrsoft's obligation under the European judgements. Through the Protocol Freedom Information Foundation (PFIF), network interoperability information has been requested and a one-time access fee of 10.000 EUR is being paid to give Samba team full access to important specifications."

Full Story (comments: 1)

dimdim partners with SugarCRM

dimdim has announced a partnership with SugarCRM. "dimdim, the world's leading open source web meeting company, today announced that it will be a Premium Provider on SugarExchange, the SugarCRM Marketplace. SugarCRM, the world's leading provider of commercial open source customer relationship management (CRM) software has been integrated with dimdim's open source web meeting software, giving companies of all sizes an integrated collaboration and CRM system that is the most fully-functioned, cost-efficient, and customizable solution available anywhere."

Comments (none posted)

A message from Matthew Szulik

Here's a message from Matthew Szulik in the wake of his abrupt decision to step down as CEO of Red Hat. "I take pride when customers and industry types comment to me that the people of Red Hat are 'different.' Not like the cylons who have come to dominate the industry of technology. Through our actions, the open source community and the people of Red Hat are defining a modern economic relationship between developer and customer. Collaboration. Transparency and value delivered. Our customers and marketplace are responding as evidenced by our financials and strong market potential."

Comments (none posted)

Webot announces media player for Nokia N810 Internet Tablet

Webot has announced a media player for the Nokia N810 Internet Tablet. "To build the media player, Webot tailored its existing media search, sharing, and player technologies to the unique design of the tablet. With a tap of the screen, users can play any song from any of their computers, anywhere in the world. The system also offers digital picture frames that are automatically updated as new photos arrive, and the ability to share photo albums with family and friends."

Comments (none posted)

Prototype and script.aculo.us--New from Pragmatic Bookshelf

Pragmatic Bookshelf has published the book Prototype & script.aculo.us by Christophe Porteneuve.

Full Story (comments: none)

Packt Publishing announces Qmail Quickstarter

Packt Publishing has published the book Qmail Quickstarter by Kyle Wheeler.

Full Story (comments: 2)

OLPC News 2007-12-30

The December 30 edition of the One Laptop Per Child project news is out. There is a lot going on, naturally, but the big news is that Mary Lou Jepsen, the creator of the unique display used on the OLPC XO, is moving on to other ventures. "Mary Lou was OLPC employee Number One, both in terms of when she joined the organization and in terms of the breadth and depth of her contributions. Thank you and best of luck with your adventures in a new role and new year."

Full Story (comments: none)

Quantum cryptography on the OLPC

The OLPC XO laptop is supposed to be for kids, but, as can be seen on this page, the grownups have been having fun with it as well. "After a few hours of tinkering with the kernel config, timezones (the xo's had to be synchronized with an accuracy of at least 0.5 sec) and the dependencies, the team successfully tested the first 'entanglement based quantum key distribution' between two xo laptops!"

Full Story (comments: none)

Black Hat Briefings Call for Papers

Calls for papers have gone out for several Black Hat Briefings events. "Black Hat is proud to be holding Trainings and Briefings in Washington D.C., Amsterdam, Las Vegas, Japan, and a mystery location in 2008."

Full Story (comments: none)

CFP CISIS '08

The first call for papers has gone out for the International Workshop on Computational Intelligence in Security for Information Systems (CISIS'08). The event will be held in Genova, Italy on October 23-24, 2008, submissions are due by March 14.

Full Story (comments: none)

FOSDEM 2008: Devroom Talks Wanted (KDE.News)

KDE.News has announced a call for speakers for the FOSDEM 2008 Devroom Talks. "As always, KDE will have a presence at next year's FOSDEM in Belgium on 23-24 February 2008. FOSDEM is a European meeting of free software developers, to listen to a plethora of interesting talks about anything related to free software. We are looking for people to give a talk in the KDE or cross-desktop devroom. On Sunday, we will be sharing a room with the developers from Gnome. This means that just like last year, we are also interested in talks that transcend free desktops generally."

Comments (none posted)

LinuxWorld conference CFP

A call for papers has gone out for the LinuxWorld conference, the submission deadline is February 22, 2008. The conference will take place on August 4-7, 2008 in San Francisco, CA. "Do you have a topic that would add important content to LinuxWorld? conference program? Then submit your speaking proposal by completing the online form. Prior to filling out the form, please review the content tracks, guidelines, evaluation criteria and other important facts regarding speaking opportunities."

Full Story (comments: none)

First OCaml users group meeting in Paris

The first Paris OCaml users group meeting will be held on January 26, 2008.

Full Story (comments: none)

QualiPSo Conference 2008

The QualiPSo Conference 2008, the first international conference on Open Source Software quality, will take place in Rome, Italy on January 16-17, 2008.

Comments (none posted)

SCALE Early Bird Registration Ends Jan 5th.

The sixth annual Southern California Linux Expo (SCALE) has announced two new keynote speakers, Jono Bacon of Canonical and Stormy Peters of OpenLogic in conjunction with a reminder about early bird registration. SCALE will be held 8-10 February 2008 at the Los Angeles airport Westin hotel. Click below for more information.

Full Story (comments: none)

SCALE is Full

The Southern California Linux Expo has announced its speakers. The event takes place on February 8-10, 2008 in Los Angeles, CA. "The So Cal Linux Expo has filled all available speaker slots for not only the SCALE 6X main conference, but also all three Friday specialty conferences. Over the Friday and Saturday of SCALE there are 36 speaker slots. The SCALE committee received over 75 submittals for the main conference, which were gradually weeded down to those that the committee felt most matched SCALE's goals. Information on the selected session topics is available on the SCALE website".

Full Story (comments: none)

Events: January 10, 2008 to March 10, 2008

The following event listing is taken from the LWN.net Calendar.

Date(s)	Event	Location
January 11 January 13	FUDCon Raleigh 2008	Raleigh, NC, USA
January 16 January 17	QualiPSo Conference 2008	Rome, Italy
January 17 January 19	KDE 4 release event	Mountain View, CA, USA
January 24	Federal DBA Day	Washington DC, USA
January 28 February 2	Linux.conf.au 2008	Melbourne, Australia
January 28 February 1	Ruby on Rails Bootcamp with Charles B. Quinn	Atlanta, Georgia, USA
January 29 January 31	Solution Linux 2008	Paris, France
February 1	Open Island	Belfast, United Kingdom
February 6 February 10	O'Reilly Money:Tech Conference	New York, NY, USA
February 7	Frozen Perl 2009	Minneapolis, United States
February 8 February 10	Southern California Linux Expo	Los Angeles, USA
February 10 February 13	NDSS Symposium 2008	San Diego, CA, USA
February 11	Florida Linux Show 2008	Jacksonville, Florida, USA
February 11	Open Source Software (OSS) and the U.S. Department of Defense (DoD)	Alexandria, VA, USA
February 13 February 15	German Perl-Workshop	Regionales Rechenzentrum Erlangen, Germany
February 16	Frozen Perl 2008 Workshop	Minneapolis, USA
February 19 February 20	Linux Developer Symposium	Beijing, China
February 19 February 20	Files and Backup	London, UK
February 22 February 24	freed.in/2008	Delhi, India
February 23 February 24	Free/Open Source Developers' European Meeting 2008	Brussels, Belgium
February 23 February 26	Linux World Mexico	Mexico City, Mexico
February 25 February 26	2008 Linux Storage and Filesystem Workshop	San Jose, CA, USA
February 25 February 29	NEW PHP 5 and PostgreSQL Bootcamp with Mark Fenoglio	Atlanta, Georgia, USA
February 25 February 27	German Perl Workshop	Frankfurt, Germany
February 28 March 1	Linux Audio Conference	Cologne, Germany
March 1 March 2	Chemnitzer Linux-Tage 2008	Chemnitz, Germany
March 3 March 6	O'Reilly Emerging Technology Conference	San Diego, CA, USA
March 3 March 6	Drupalcon Boston 2008	Boston, MA, USA
March 4 March 9	CeBIT Germany	Hannover, Germany
March 8 March 14	Asia OSS Conference & Showcase 2008	Guangzhou, China

If your event does not appear here, please tell us about it.

Samba/Windows interoperability news: Jeremy Allison (LinuxWorld)

LinuxWorld has an audio interview with Jeremy Allison. "One of the lead developers at the popular Samba project, which implements Microsoft file and print sharing, talks about today's protocol documentation announcement." (Thanks to Don Marti).

Comments (3 posted)