LWN.net: a ten-year timeline (part 1)

LWN is about to celebrate a birthday. Picking the true anniversary of an enterprise like LWN can be a bit tricky - there are many points which could be said to mark the true birth of the organization. After some thought, we have decreed that LWN.net was born on January 30, 1998. So we have a tenth anniversary coming up. That's a long time - far longer than any of us thought we would be doing this. Life is funny that way, somehow.

One cannot let a date like this go by without at least partially taking advantage of its hype-creation possibilities. So there will be a few things happening to celebrate our decade of writing about Linux, culminating with some sort of celebration on the 30th, when your editor will be speaking at this year's (sold-out!) linux.conf.au in Melbourne, Australia. One of those will be a short series of articles - starting with this one - looking back at those ten years. What a long, strange trip it has been.

Back in early 1997, your editor was the manager of a software development, system administration, and data delivery group at the National Center for Atmospheric Research. He had, at that point, been using Linux for a few years. It was running on a number of servers, of course, but we had also deployed it on desktops and used it for the acquisition and display of meteorological data, including high-bandwidth (for the time) doppler radar data. Don't let anybody tell you that real-time Linux is a new thing.

At this time, your editor was seeing two futures: (1) an increasingly dilbertesque life spent mostly in meetings, and (2) the clearly bright future of Linux. So he was actively looking for ways to move out of conference rooms and toward Linux, and talking over schemes with a number of friends. An early idea - to commercialize one of the first weather stations ever put on the World Wide Web with LWN editor Forrest Cook, never quite took off. But that thought process continued.

During that same time, Elizabeth Coolbaugh had just left a very similar position at the same institution; she was looking for a new project for the next phase of her life. After some discussions, Liz and your editor settled on a business idea which seemed to have some promise. It was not to be the last silly decision they were to make.

You see, at that time there was a struggling Linux distributor named Red Hat which was beginning to get the sense that there might be a market for its boxed Linux product in the corporate world. But companies need support, and Red Hat lacked the ability to provide that support. So the company's management came up with the "support partner" concept. Upon being accepted into this program, partner companies would be able to sell Red Hat-backed support certificates, which Red Hat would help to market. This widespread network of Linux experts would be able to provide local support to clients and would, for the hardest problems, be able to get help from Red Hat itself. It looked like a winner for everybody involved.

That program was not yet operational at this time, though - but Red Hat promised it would be Real Soon Now. Your soon-to-be editors, not yet having done much business with Red Hat beyond ordering an occasional CD, believed this promise. But it still made sense to do something productive while waiting. The idea that emerged after some talk was to put up a regular newsletter about what was happening in the fast-evolving Linux community. Even back then, keeping up with everything was hard, so we figured that the service would be valuable. As an added bonus, it would attract attention to this new support company (called Eklektix) and show just how blindingly smart and up on Linux we were.

Discussion of details occurred slowly through much of 1997. On January 22, 1998, the first issue of LWN was posted; it talked about the 2.1.79 kernel, the brand-new spinlock mechanism, the devfs debate, the creation of Red Hat Advanced Development Labs, and attempts to bring Java to Linux. The January 29, 1998 issue changed the format and led off with Netscape's announcement that it would be releasing the source code for its browser. We also found all of two news articles about Linux (we posted every one we found in those days) and talked about NFS problems, the devfs debate, the Debian 2.0 release roadmap, and gcc 2.8 problems.

At this point, we had posted two issues, but had not actually told anybody about them. Unsurprisingly, traffic was low. That changed on January 30, when our announcement made it out to the comp.os.linux.announce newsgroup - the best way to get the news out at that time. As promotional text the announcement was rudimentary at best, but it had the desired result - we got over 1000 page views on that first day, which seemed like a lot at the time. LWN was off and running.

Some highlights from the early days of LWN:

• February 12, 1998: Eric Raymond starts pushing "open source" instead of free software. Worries over whether Intel's proposed "Merced" architecture would support Linux.

• February 19, 1998: Richard Stallman fights back against Open Source. SCO claims to be the largest provider of Unix-based servers. Jesse Berst's famous "could you get fired for choosing Linux?" article runs. Jaroslav Kysela launches the "Ultra" (later ALSA) sound driver project.

• March 12, 1998: Ralph Nader suggests that Dell should sell Linux-installed systems.

• March 19, 1998: Bruce Perens resigns from the Debian project, saying: "I'm sorry it had to be this way, but I feel that my mission to bring free software to the masses really isn't compatible with Debian any longer, and that I should be working with one of the more mainstream Linux distributions." Sendmail, Inc. was launched.

• April 2, 1998: the Mozilla source release happens. Alan Cox joins Red Hat. The feature freeze for the 2.2 kernel is announced. The Open Group announces that use of the X Window System will requires fees - but Linux users had XFree86 and didn't care.

It's fair to say that we didn't entirely grasp the significance of the events reported in the April 2 edition. The hiring of Alan Cox was one of the first in a long series - before then, almost nobody actually had a job which involved developing Linux. The Open Group's attempt to relicense X was thoroughly defeated by the existence of a free version with an active development community - a story which would be repeated a number of times in the coming years.

• April 30, 1998: Red Hat gets around to launching its support program, with Eklektix as one of the four they had managed to sign up. Kernel development halts as a result of the birth of Linus's second child.

• May 28, 1998: LWN moves to its own domain at LWN.net. The Linux Standard Base is proposed. Your editor first describes himself as "grumpy" after producing LWN by himself (Liz was at Linux Expo). PC Week calls Linux "a communist operating system in a capitalist society" and predicts its demise. Red Hat 5.1 is released.

• July 16, 1998: KDE 1.0 is released; KDE v. GNOME flamewars spread across numerous mailing lists and web sites.

• July 23, 1998: Oracle ports some of its products to Linux. Linus decrees that 8MB of memory will be needed for the 2.2 kernel.

The Oracle announcement seems mundane now, but the existence of Oracle products for Linux was a specific indicator that many people were looking for. It was an indication that Linux was a "serious" platform. Richard Stallman, of course, thought that Oracle's announcement was terrible news.

• July 30, 1998: Debian 2.0 is released. Rumors circulate that IBM is considering Linux. Linux-Mandrake is launched.

• August 13, 1998: the Open Source Initiative is launched, flame wars result. Richard Stallman calls for free documentation for free software. The kernel goes into a "hard code freeze" - not the first or last time that a Linus-decreed freeze would prove to be less hard than anticipated. The devfs discussion continues. Red Hat states that it cannot legally ship Qt or KDE.

• August 20, 1998: Red Hat launches Rawhide. Bruce Perens bails out of the Linux Standard Base effort.

• October 1, 1998: Intel and Netscape (and two venture capital firms) invest in Red Hat. Also notable this week was the first of the big "Linus burnout" episodes, making it clear that something in the kernel development process needed to change.

Let us now pause for a moment. From this distance, it may be hard to appreciate just how big the news of the Red Hat investments was. For all that had happened, Linux was still a somewhat obscure phenomenon, unknown to much of the information technology world. When Intel put money into Red Hat, it became clear to all that both Linux and Red Hat were headed toward success. This was, in some real sense, the point where Linux entered the dotcom bubble, though the real action was still a year away.

The 2.1.123 release failed to compile as a result of some merging errors; developers got upset about the state of affairs and a long, inflammatory discussion resulted. Linus stormed out of the virtual room and took a vacation. It was a somewhat scary series of events which foreshadowed more to come; getting the kernel development process to scale as the community grew was a multi-year process.

During this time, LWN was also growing in both readership and size; it was taking increasing amounts of time. We eventually had to move the server from its initial location (behind an ISDN line in your editor's basement) to a proper hosting facility. But, remember, LWN was not the main endeavor; it was an attention attractor for the support services offered by Eklektix, Inc. This business plan was not going particularly well. Those who dealt with Red Hat in that era know that, as a company, it was a rather chaotic place. The marketing for the support partners never happened, and the backup services for the support plans the partners were able to sell themselves were, shall we say, less than the customers thought they deserved given what they had paid. The support partner program was not a big success for anybody involved.

As a result, one of the first things Red Hat did with its new pile of cash was to cancel this program and start building its own, internal support operation. Eklektix continued to push its own support offerings for a while, but the fact of the matter is that it was not a fun business: it seemed to mostly consist of cleaning up after low-budget ISPs which could not be bothered to install security updates. So the search for alternatives began. Meanwhile:

• October 16, 1998: Larry McVoy contacts LWN and describes his upcoming "BitKeeper" software as a way of making Linus "scale". Debian takes an official position against KDE.

• November 5, 1998: The Halloween Memo.

• November 19, 1998: The Qt library becomes available under the new QPL, eliminating roadblocks for the distribution of KDE. VA Research (also known as VA Linux VA Software SourceForge) gets a big venture capital infusion. Red Hat hires Matthew Szulik as CEO.

• The first LWN Linux timeline was released at the end of 1998.

• January 28, 1999: LWN's first anniversary. The 2.2 kernel is released, complete with a trivially-exploited security hole. Linus decrees that 32-bit Linux will never support more than 2GB of memory. The TCP-wrappers distribution is compromised. The Windows refund movement gathers steam.

• February 11, 1999: perhaps the first big discussion of binary-only modules.

• February 25, 1999: IBM announces support for Red Hat Linux on its systems.

About this time, Eklektix announced that its new line of business would be training - and Linux system administration training in particular. The announcement was timed for the first ever LinuxWorld conference; both LWN editors spoke there, with Jon delivering a system administration tutorial to 450 attendees. It was the start of a new phase - though it was not much more successful than the one which came before.

If the investments in Red Hat were the beginning of the Linux bubble, LinuxWorld was where the inflation began in earnest. The amount of money on display there was impressive to say the least. The Red Hat party will live forevermore in the memory (or lack of memory, as the case may be) of all who attended. LinuxCare, which was supposed to be the big support success story for Linux, was unveiled at this conference. Never had there been so much overt commercial interest around Linux.

• March 25, 1999: It turns out that BitKeeper is to come out under a not-really-open-source license.

• April 8, 1999: Discouraged Mozilla developers resign from the project - there was a time when it seemed like a usable Mozilla browser would never come. Dell buys a piece of Red Hat. Al Gore claims to have an open source presidential campaign. RMS battles for "GNU/Linux" on linux-kernel.

• April 15, 1999: the Mindcraft study. It turned out that some of Mindcraft's criticisms were right, but we fixed the problems in a hurry.

• April 27, 1999: The last Linux Expo is held in Raleigh.

It is interesting to note that, during this time, LWN got its first acquisition offer: from Red Hat. We turned it down: the terms of the offer looked much like indentured servitude under firm Red Hat control. But we did work a deal with the company to supply news items for its portal site. Yes, during this time, Red Hat's business model was aiming toward becoming the dominant network portal for Linux-related information. Remember, this was 1999.

• June 10, 1999: Red Hat files for its IPO. VA Linux bulks up on free software developers.

• July 1, 1999: Slashdot is acquired by Andover.net. Eric Raymond and Richard Stallman feud over "open source."

• July 22, 1999: Red Hat gives Linux hackers an opportunity to buy pre-IPO stock.

• August 12, 1999: Red Hat goes public, with great success. Andover acquires Freshmeat.net. The second LinuxWorld conference is held.

The Red Hat IPO was the beginning of a new phase: clearly somebody was making a lot of money from Linux, even if who wasn't exactly clear. What was clear is that Eklektix was not on the list. When we planned out the training offering, we had a set of spreadsheets with some truly wonderful numbers on the income which was sure to result. Somehow reality failed to match the spreadsheets. So we came to realize that we needed to look in other directions.

At this time, advertising was beginning to bring in some actual money. But, more to the point, as the market heated up, companies were showing increasing amounts of interest in anybody who had any sort of Linux credibility or mindshare. We had some of that credibility at that time. So we decided to see what would happen if we let the word out that LWN was for sale. Suffice to say that the result was a far wilder ride than we could have ever anticipated. But that will be the topic of next week's installment.

Comments (26 posted)

Development issues part 1: Project communication

Free software projects, like all projects, live and die by their communications; developers must be able to talk to each other easily so that a consistent, coherent result emerges. But developers have differing ideas about what methods to use. A discussion on the Emacs development list provides a nice contrast between two of the main communications methods used by projects today.

Traditionally, developer communications have been handled by the venerable mailing list, but that is changing, at least for some projects. Internet relay chat (IRC) has become the tool of choice for newer projects, which may leave those who are not inclined towards realtime communication out of the loop. Development methodologies are evolving, and some are adopting the new ways more quickly than others – some may never adopt them at all.

The difference between communicating in IRC or via a mailing list is in some ways like the difference between text messaging and email. Email has its advantages, in that the recipient chooses the time to read and respond to the message, but it is often seen as slow. Text messaging or IRC have the advantage of speed; people receive a message and generally respond immediately. But that speed comes at a cost – interrupting the recipient. It also requires a full-time internet connection.

While email archives are somewhat cumbersome to use, they are usable. IRC logs are exceedingly painful as they are not subject-based; they just cover a specific time span of all conversation on the channel. Email conversations may play out over days or weeks, but they are generally easier to follow compared to the multiple interleaved conversations that occur on IRC channels. It is in the nature of the medium: IRC conversations are meant to be used immediately, not reread weeks later.

It is, in some ways, a culture clash. Younger developers tend to be more inclined towards realtime communications, while older hackers tend to be more comfortable with mailing lists. In what would seem to be an uphill battle, Eric S. Raymond has been advocating a more "modern" development style for GNU Emacs. His messages, appearing on Emacs-devel, champion a development style that includes IRC communication, a bug tracking system, and a version control system (VCS) more advanced than CVS.

Raymond's experiences working with the Battle for Wesnoth development team exposed him to some of the newer techniques used in project communication, particularly IRC. He reached a somewhat surprising conclusion about IRC:

The Wesnoth project uses IRC for all day-to-day design and development decisions, leaving the mailing list for more complicated discussions and white papers. This has the effect of excluding interested developers who are not able or willing to monitor an IRC channel throughout their day, but that is unlikely to be the intent. The reverse is also true: the perceived slow pace of mailing-list only projects has the effect of excluding those with a strong preference for a faster style of development. As Raymond shows, though, there is hope that members of one school can retrain – if they wish – for the other.

While decision making by IRC does not seem to be in the cards any time soon for Emacs, an upgrade to something other than CVS seems to have gained more traction. Richard Stallman has been asking a lot of questions about git while other developers discuss other distributed version control systems (DVCS), like darcs, monotone, arch, and Mercurial. Raymond is working on a survey of the VCS landscape that, once completed, he and others hope will guide the project into a better VCS choice.

One of the main DVCS features that seems of interest to Stallman is the "offline" capabilities. Having the entire history of a project and being able to do commits of work in progress while being disconnected from the internet are features that CVS does not have. Stallman is adamant that the tools used to develop Emacs be usable by those who are not always connected to the net which makes a DVCS rather attractive.

The Emacs project is one of the oldest free software projects in existence; it is, like its founder, fairly resistant to change. While Emacs itself is used by hackers everywhere, it is increasingly falling behind its competitors, at least partially because of the slow pace at which it is developed. Raymond's belief is that by upgrading the tools used to take advantage of advances made since CVS and mailman were new, the time between Emacs releases could be reduced to something more sane. Doing that could go a long way towards making Emacs more relevant to younger hackers:

It is unlikely that just some tool changes will be enough to resurrect the flagging popularity of Emacs, but there are hopeful signs. Some of Raymond's suggestions met a warmer reception than one might have expected. It is clear that a fair number of Emacs fans and developers are frustrated with the current state of affairs. It may be that "just some tool changes" are enough to reinvigorate the project to a point where it attracts more developers and users. That can only be a good thing for Emacs.

Comments (18 posted)

Development issues part 2: Bug tracking

Once upon a time, free software was a relatively rare commodity, and there was a real novelty in being able to run a free package for a specific purpose. The availability of a free C compiler, for example, was cause for celebration. The fact that said compiler was not always the most reliable program on the system did little to reduce enthusiasm; many of us persisted in irrational endeavors (like trying to use gcc to build the X Window System) despite the occasionally painful (and predictable) consequences. And, in the process, we helped to make both programs more reliable.

There comes a time, though, when even the most die-hard free software proponent wishes that things would just work. As our software finds its way into more situations where failures are unwelcome (at best), the level of tolerance for bugs is falling. The desire for fewer flaws, however, runs counter to the desire for increasingly capable (and thus more complex) software. Somehow we have to find ways to simultaneously grow our systems and reduce the total number of bugs. To this end, a few projects have been having some interesting discussions on the tracking and fixing of bugs.

As has been discussed in this companion article, Eric Raymond has been busily stirring up trouble on the Emacs development list. His point, deemed reasonable by your editor, is that Emacs must adopt a number of relatively modern development practices if it is to have any hope of remaining relevant at all. One of his key points is that Emacs needs to have a real bug tracking system. Says Eric:

While some of Eric's suggestions appear to be non-starters - imagine trying to get Richard Stallman to hang out on an IRC channel - the bug tracker suggestion might just go somewhere. Certainly it could only be an improvement for a project of that size to have some sort of idea of what the current list of outstanding bugs looks like. It might even help bring about another Emacs release before the end of the decade.

Bug trackers are not a magical solution to the bug problem, though; in fact, they can create some problems of their own. The Fedora project, which does have a bug tracker, is currently trying to figure out what to do with the contents of that tracker. It seems that said tracker contains over 13,000 bugs, almost 10,000 of which apply to Fedora 7 and later.

A bug database of this size is simply overwhelming to anybody who tries to do something about it. As a result, Fedora users are filing bugs, only to see nothing happen in response. Not even a "thanks for your report" message. This situation is discouraging for everybody involved, causing Fedora users to give up on reporting bugs and developers to fear looking at the tracker.

In the Fedora case, there appears to be a near-consensus that the biggest problem is in triaging bug entries. This is not a job which can be automated; somebody has to go through bug submissions, weed out the duplicates, identify those which are really "features," figure out which developer should be notified, etc. Tying bug entries to those found in upstream trackers would be a highly useful bonus. Without this sort of effort, the bug tracker quickly fills with low-quality entries which help nobody.

For the most part, nobody is doing this job for Fedora now. Red Hat is not paying for a staff member to triage bugs, and the wider community has not filled this gap. In the short term, any sort of solution looks like it will have to come from the community, so the Fedora folks are wondering what can be done to encourage more participation. Simply asking for help is the obvious first step, as is making sure that the process is easy. Then they may consider the tactics adopted by other large projects - Mozilla's policy of expressing its appreciation by sending a T-shirt, for example.

As an aside, one of the more useful bits of information to come from this discussion was the existence of this family of URLs:

    http://bugz.fedoraproject.org/<package-name>

Fill in the name, and the result is an immediate list of open bugs for the given package. Thus, for example, a visit to bugz.fedoraproject.org/gcc yields a list of compiler bugs. This result can be had directly from bugzilla, of course, but this interface is faster and easier.

The Fedora developers have discussed a number of related issues, such as whether the Fedora bug database should be separated from the RHEL system and what can be done to make Red Hat better appreciate the value of doing more of its quality assurance work in the Fedora repository. But the core problem is just getting human attention applied to the bug reports. Digging through bug databases is a relatively unglamorous job; it is not an easy path toward rock-star hacker status. But it is an important and relatively easy way to help make free software better.

Just in time to serve as an example of how well bug management can work, the GNOME project has posted its annual bugzilla statistics. It seems that over 110,000 GNOME bugs were filed in 2007, almost 109,000 of them were closed. The top bug-closers for the year were:

14254	Andre Klapper
9800	Tom Parker
7047	Susana Pereira
6882	Bruno Boaventura
6649	Pedro Villavicencio

It is worth pondering for a moment on the amount of energy required to close over 14,000 bugs in a year - that's almost 40 per day, every day, without a break. This kind of energy does exist within our community, and some projects are putting it to very good use.

While it is easy to get a contrary impression, the kernel does, in fact, have a bug tracker; there is also, in the form of Natalie Protasevich, somebody who handles the care and feeding of that tracker. But, as a recent episode shows, that still is not always sufficient to actually get the bugs fixed.

On November 13, 2007, a bug in the SCSI subsystem was reported to the linux-kernel mailing list. It was put into the tracker as bug 9370 on the same day. Some developers looked at it over the next few days, but, even though a specific commit which appeared to cause the bug had been identified, no solution was forthcoming. Discussion eventually died out. At least until January 2, when Ingo Molnar decided to stir the pot by posting a patch to revert the seemingly guilty commit. At that point the discussion picked up and a reliable way of reproducing the bug was found. The commit which was said to have caused the problem was, in fact, not guilty; it had just caused an older bug to come to light. The discussion did not stop there, though.

A number of charges went back and forth which do not require discussion here. But one core point is this: as long as the bug report sat in the tracker, nothing much appeared to be happening with it - though, it seems, the SCSI developers had not forgotten it and were trying to figure out what was really going on. But once the problem came back to the linux-kernel list in the form of a brute-force solution, the root cause was found in short order. The key here was bringing the problem to the attention of a wider group of people; the crucial recipe for reproducing the problem came from a developer who had not been looking at the problem previously.

In the kernel context, at least, giving wide exposure to a bug often helps immensely in getting that bug fixed. That is especially true for the sort of hard-to-reproduce bugs which tend to come up in kernel programming. So, while bug trackers are a useful tool for ensuring that problems do not fall through the cracks, it seems that one of the most potent anti-bug tools we have - discussing the problem via a widely-distributed email list - is the same tool we have been using for decades.

Comments (16 posted)

Yet another advertising update

In our continuing efforts to keep our readers informed, we wanted to update you on our recent advertising initiative. We are focusing our efforts this year (and hopefully beyond) on banner (or image) advertising. We won't neglect other opportunities, but we do want to more fully explore banner ads. To that end, we are currently running ads in a new location on the daily page, just to the right of the second entry. We also have plans to add more locations for banner ads of various sizes throughout the site.

Unfortunately, the need to "keep the lights on" here requires us to generate more income than we currently do. To start with, as with any business, our income must be greater than our expenses. Even with a great deal of fiscal restraint, low salaries, and very low overhead, that is not, yet, happening. We would like to see the business grow beyond just a minimal, break-even operation – we think our readers agree – which will take some time and experimentation.

We hope to strike the right balance between revenue generation and annoying our readers; we feel sure that you will let us know if we cross the line. We are always open to constructive suggestions (to lwn@lwn.net) about advertising and its placement on the site, but the most common suggestion, so far, is not particularly workable. A "no animated ads" policy becomes, essentially, a "no ads" policy. For better or worse, image ads are almost always animated.

Readers do have the ability to change things at their end. Firefox provides a means (by setting the image.animation_mode in about:config to "none") to turn off animations – other browsers do as well. Firefox plugins (or add-ons) give even more control over the display of images and ads. In addition, subscribers at the project leader level have the ability to turn off all ads on the site.

We have always tried to treat our readers with respect – as we would want to be treated – and will continue to do so. We do, however, need to find a way to make this enterprise sustain itself financially. We want to keep bringing you the excellent Linux and free software content that you have come to expect from LWN for many years to come.

Comments (57 posted)

Hiding open ports with shimmer

Open TCP or UDP ports on an internet-facing host can be worrisome to an administrator, they almost feel like an invitation to an attacker. If an unknown or unpatched vulnerability is running behind the port, the host could be compromised. Admins have come up with some reasonable ways to deflect the simplest of these attacks: changing the well-known port or port knocking. The new shimmer project provides a twist, by using cryptographic techniques to choose the port to open.

The basic idea is that one port (within a chosen range) will be open to real traffic of the service that the admin wants to hide – ssh or a private web server for example. The number of that port will be able to be calculated by both client and server using a secret that they share. A client that connects to the proper port gets forwarded to the real service. In addition to the proper port, 15 other ports are opened and connected to a blacklist service. Any connection made to those ports will result in the source IP address being banned for 15 minutes. The server redoes the calculation each minute, coming up with a new set of 16 ports – one good and 15 bad.

In order to calculate the port number, the shared secret (key) is combined with the time (to the nearest minute), and the name of the service, then hashed using SHA-256. The hash is used as an AES key to encrypt the numbers 0 through 15. Those values are mapped into the port range and serve as the 16 port numbers for that minute. In order to handle small clock variations between client and server, the server actually keeps each set of 16 open for three minutes – adding the set for the minutes before and after the current one.

While this seems like it provides a great deal of security to hide an open port behind, in reality it is more showy than useful. As with simple port knocking, or changing the well-known port number, it is vulnerable to an attacker that can monitor traffic to the server and observe successful connections. Shimmer leaves three ports wide open at any given time with 45 ports that will cause an IP to get blacklisted. Depending on the size of the port range chosen, the odds aren't that bad of randomly guessing the right port. Someone with few thousand IP addresses to use probably won't have any difficulty.

Much like the other techniques, shimmer will likely deflect all but the most determined of attackers, but is unlikely to provide much in the way of a barrier against those. It sounds attractive and uses cryptographic terms and techniques which may make it seem more secure than it really is. Using it without understanding this could lead to a false sense of security.

Comments (9 posted)

PostgreSQL releases critical security patches

The PostgreSQL team has released a set of patches for five critical security vulnerabilities. Two privilege escalation flaws and three denial of service vulnerabilities were fixed. "Today the PostgreSQL Global Development Group is releasing updated versions which patch five security vulnerabilities. These releases update all current PostgreSQL versions, including 8.2, 8.1, 8.0, 7.4 and 7.3. They are considered CRITICAL and PostgreSQL DBAs and sysadmins should install the update as soon as they reasonably can." Click below for more details.

Full Story (comments: none)

Asterisk: denial of service

Package(s):	asterisk	CVE #(s):
Created:	January 4, 2008	Updated:	January 9, 2008
Description:	Asterisk has issued a security advisory on a remote crash vulnerability in the SIP channel driver.
Alerts:	Fedora FEDORA-2008-0199 asterisk 2008-01-03 Fedora FEDORA-2008-0198 asterisk 2008-01-03

Comments (none posted)

cups: buffer overflow

Package(s):	cups	CVE #(s):	CVE-2007-5848
Created:	January 7, 2008	Updated:	February 27, 2008
Description:	From the CVE entry: Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service. From the rPath advisory: Previous versions of the cups package contain a buffer-overflow weakness. It is not believed that this weakness can be exploited to execute malicious code.
Alerts:	Mandriva MDVSA-2008:050 cups 2008-02-26 SuSE SUSE-SR:2008:002 tog-pegasus, xine, libxml2, libqt4, XFree86/X.Org, krb5, libexif, openafs, Apache, MozillaThunderbird, Xen 2008-01-25 SuSE SUSE-SA:2008:002 cups 2008-01-10 rPath rPSA-2008-0008-1 cups 2008-01-05

Comments (1 posted)

dovecot: multiple vulnerabilities

Package(s):	dovecot	CVE #(s):	CVE-2007-6598
Created:	January 3, 2008	Updated:	October 7, 2008
Description:	Dovecot has multiple vulnerabilities including an issue involving the confusion between LDAP-authenticated logins across users with the same password and a denial of service involving a connecting user.
Alerts:	SuSE SUSE-SR:2008:020 dovecot, GraphicsMagick, openssh, mercurial 2008-10-07 Red Hat RHSA-2008:0297-02 dovecot 2008-05-21 Ubuntu USN-567-1 dovecot 2008-01-10 Debian DSA-1457-1 dovecot 2008-01-09 rPath rPSA-2008-0001-1 dovecot 2008-01-03

Comments (none posted)

libcdio: buffer overflows

Package(s):	libcdio	CVE #(s):
Created:	January 3, 2008	Updated:	January 9, 2008
Description:	The libcdio CD-ROM access library has two buffer overflow vulnerabilities involving long Joliet file names and the cdio buffer.
Alerts:	Fedora FEDORA-2008-0136 libcdio 2008-01-03 Fedora FEDORA-2008-0104 libcdio 2008-01-03

Comments (none posted)

mantis: cross-site scripting

Package(s):	mantis	CVE #(s):	CVE-2007-6611
Created:	January 7, 2008	Updated:	March 4, 2008
Description:	From the CVE entry: Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename.
Alerts:	Gentoo 200803-04 mantisbt 2008-03-03 Debian DSA-1467-1 mantis 2008-01-19 Fedora FEDORA-2008-0353 mantis 2008-01-07 Fedora FEDORA-2008-0282 mantis 2008-01-07

Comments (none posted)

maradns: denial of service

Package(s):	maradns	CVE #(s):	CVE-2008-0061
Created:	January 4, 2008	Updated:	January 30, 2008
Description:	MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) record from resolving, aka "improper rotation of resource records."
Alerts:	Gentoo 200801-16 maradns 2008-01-29 Debian DSA-1445-1 maradns 2008-01-03

Comments (none posted)

opera: multiple vulnerabilities

Package(s):	opera	CVE #(s):	CVE-2007-6520 CVE-2007-6521 CVE-2007-6522 CVE-2007-6523 CVE-2007-6524
Created:	January 7, 2008	Updated:	January 9, 2008
Description:	From the SUSE advisory: CVE-2007-6520: Fixed an issue where plug-ins could be used to allow cross domain scripting, as reported by David Bloom. Details will be disclosed at a later date. CVE-2007-6521: Fixed an issue with TLS certificates that could be used to execute arbitrary code, as reported by Alexander Klink (Cynops GmbH). Details will be disclosed at a later date. CVE-2007-6522: Rich text editing can no longer be used to allow cross domain scripting, as reported by David Bloom. See our advisory. CVE-2007-6523: Fixed a problem where malformed BMP files could cause Opera to temporarily freeze. CVE-2007-6524: Prevented bitmaps from revealing random data from memory, as reported by Gynvael Coldwind. Details will be disclosed at a later date.
Alerts:	SuSE SUSE-SA:2008:001 opera 2008-01-07

Comments (none posted)

PostgreSQL: multiple vulnerabilities

Package(s):	postgresql	CVE #(s):	CVE-2007-6600 CVE-2007-4772 CVE-2007-6067 CVE-2007-4769 CVE-2007-6601
Created:	January 9, 2008	Updated:	January 17, 2013
Description:	Several vulnerabilities have been found in the PostgreSQL database manager. The developers call the fixes "critical," but also note that, as of the time of the update, none of them were known to be exploited; see this advisory for more information.
Alerts:	SUSE SUSE-SU-2016:0677-1 postgresql94 2016-03-07 openSUSE openSUSE-SU-2016:0578-1 postgresql94 2016-02-25 SUSE SUSE-SU-2016:0555-1 postgresql94 2016-02-24 SUSE SUSE-SU-2016:0539-1 postgresql93 2016-02-22 openSUSE openSUSE-SU-2016:0531-1 postgresql93 2016-02-21 Oracle ELSA-2013-0122 tcl 2013-01-12 CentOS CESA-2013:0122 tcl 2013-01-09 Scientific Linux SL-tcl-20130116 tcl 2013-01-16 Mandriva MDVSA-2009:251-1 postgresql8.2 2009-12-08 Red Hat RHSA-2009:1461-01 Red Hat Application Stack 2009-09-23 CentOS CESA-2009:1485 postgresql 2009-10-07 Fedora FEDORA-2009-9473 postgresql 2009-09-11 Fedora FEDORA-2009-9474 postgresql 2009-09-11 Red Hat RHSA-2009:1484-01 postgresql 2009-10-07 Red Hat RHSA-2009:1485-01 postgresql 2009-10-07 CentOS CESA-2009:1484 postgresql 2009-10-09 CentOS CESA-2009:1484 postgresql 2009-10-30 Mandriva MDVSA-2008:059 tcl 2007-03-05 Red Hat RHSA-2008:0134-01 tcltk 2008-02-21 Red Hat RHSA-2008:0040-01 postgresql 2008-02-01 Gentoo 200801-15 postgresql 2008-01-29 rPath rPSA-2008-0016-1 postgresql 2008-01-15 Ubuntu USN-568-1 postgresql 2008-01-14 Debian DSA-1463-1 postgresql-7.4 2008-01-14 Debian DSA-1460-1 postgresql-8.1 2008-01-13 Fedora FEDORA-2008-0552 postgresql 2008-01-11 Fedora FEDORA-2008-0478 postgresql 2008-01-11 Red Hat RHSA-2008:0039-01 postgresql 2008-01-11 Red Hat RHSA-2008:0038-01 postgresql 2008-01-11 Mandriva MDVSA-2008:004 postgresql 2008-01-09

Comments (none posted)

python-cherrypy: unauthorized file access via malicious cookie

Package(s):	python-cherrypy	CVE #(s):	CVE-2008-0252
Created:	January 9, 2008	Updated:	February 6, 2008
Description:	From the Fedora advisory: Malicious cookies may allow access to files outside the session directory.
Alerts:	Debian DSA-1481-1 python-cherrypy 2008-02-05 Gentoo 200801-11 cherrypy 2008-01-27 rPath rPSA-2008-0030-1 CherryPy 2008-01-24 Fedora FEDORA-2008-0333 python-cherrypy 2008-01-07 Fedora FEDORA-2008-0299 python-cherrypy 2008-01-07

Comments (none posted)

qt4: security restriction bypass

Package(s):	qt4	CVE #(s):	CVE-2007-5965
Created:	January 3, 2008	Updated:	February 21, 2008
Description:	Trolltech Qt has a privilege escalation vulnerability. An error can be triggered in QSslSocket when verifying SSL certificates, attackers can use this to bypass the SSL certificate verification and acquire unauthorized access to a vulnerable application.
Alerts:	Ubuntu USN-579-1 qt4-x11 2008-02-20 Mandriva MDVSA-2008:042 qt4 2008-02-07 SuSE SUSE-SR:2008:002 tog-pegasus, xine, libxml2, libqt4, XFree86/X.Org, krb5, libexif, openafs, Apache, MozillaThunderbird, Xen 2008-01-25 Fedora FEDORA-2007-4285 qt4 2008-01-03 Fedora FEDORA-2007-4354 qt4 2008-01-03

Comments (1 posted)

tcpreen: denial of service

Package(s):	tcpreen	CVE #(s):	CVE-2007-6562
Created:	January 3, 2008	Updated:	January 9, 2008
Description:	The tcpreen TCP connection monitoring tool has multiple buffer overflow vulnerabilities, these may be used to cause a denial of service.
Alerts:	Debian DSA-1443-1 tcpreen 2008-01-03

Comments (none posted)

tog-pegasus: stack buffer overflow

Package(s):	tog-pegasus	CVE #(s):	CVE-2008-0003
Created:	January 8, 2008	Updated:	January 12, 2008
Description:	During a security audit, a stack buffer overflow flaw was found in the PAM authentication code in the OpenPegasus CIM management server. An unauthenticated remote user could trigger this flaw and potentially execute arbitrary code with root privileges.
Alerts:	Fedora FEDORA-2008-0572 tog-pegasus 2008-01-11 Fedora FEDORA-2008-0506 tog-pegasus 2008-01-11 Red Hat RHSA-2008:0002-01 tog-pegasus 2008-01-07

Comments (none posted)

unp: code execution via malicious file names

Package(s):	unp	CVE #(s):	CVE-2007-6610
Created:	January 9, 2008	Updated:	January 9, 2008
Description:	The unp unpacking tool (prior to version 1.0.14) does not properly check file names, allowing the execution of shell commands.
Alerts:	Gentoo 200801-01 unp 2008-01-09

Comments (none posted)

wordpress: multiple vulnerabilities

Package(s):	wordpress	CVE #(s):	CVE-2007-6013 CVE-2007-6318
Created:	January 3, 2008	Updated:	January 9, 2008
Description:	The Wordpress online publishing and weblog utility has multiple SQL injection vulnerabilities in versions 2.3.1 and earlier. Remote attackers can use this to execute arbitrary SQL commands via the s parameter.
Alerts:	Fedora FEDORA-2008-0103 wordpress 2008-01-03 Fedora FEDORA-2008-0126 wordpress 2008-01-03

Comments (none posted)

wzdftpd: denial of service

Package(s):	wzdftpd	CVE #(s):	CVE-2007-5300
Created:	January 7, 2008	Updated:	January 9, 2008
Description:	From the CVE entry: Off-by-one error in the do_login_loop function in libwzd-core/wzd_login.c in wzdftpd 0.8.0, 0.8.2, and possibly other versions and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buffer overflow.
Alerts:	Debian DSA-1452-1 wzdftpd 2008-01-06

Comments (none posted)

Kernel release status

The current 2.6 prepatch is 2.6.24-rc7, released by Linus on January 6. It contains a fair number of fixes and an implementation of /proc/slabinfo for the SLUB allocator (which was discussed in last week's Kernel Page). About the long release cycle, he says "I'll be charitable and claim it's because it's all stabilizing, and not because we've all been in a drunken stupor over the holidays." The short-form changelog can be found in the release announcement; see the long-format changelog for all the details.

The mainline git repository contains, as of this writing, a few dozen post-rc7 patches.

The current stable 2.6 kernel is 2.6.23.13, released on January 9. This update is only of interest to people using the w83627ehf hardware monitoring driver, but they should be very interested: "I have had a private report that this bug might have caused permanent hardware damage. There is no definitive proof at this point, but unfortunately due to the lack of documentation I really can't rule it out."

For older kernels: 2.6.16.58-rc1 was released on January 6 with about a dozen fixes, a few of which are security-related.

Comments (none posted)

Quotes of the week

-- Al Viro shows how to debug kernel problems

-- Ted Ts'o shows how to respond with class to trolls

Comments (4 posted)

2.6.24 - some statistics

As of this writing, the 2.6.24 kernel is getting close to a release - though there is likely to be one more -rc version to look at first. The rate of change has slowed significantly, though, and the final regressions are being chased down. So it seems like a suitable time to look at the patches which went into this kernel and where they came from.

This is, in many ways, a record-breaking development cycle. Over 10,000 individual changesets have been merged this time around, with a net growth of almost 300,000 lines of code. 950 developers contributed this code; of those, 358 contributed just one patch. By comparison, the previous cycle (2.6.23) merged some 6200 patches from about 860 developers. Given that, it's not surprising that the 2.6.24 cycle has been a little longer than some of its predecessors.

Without further ado, here is the list of top contributors to this kernel:

Most active 2.6.24 developers

By changesets Thomas Gleixner 362 3.6% Bartlomiej Zolnierkiewicz 205 2.0% Adrian Bunk 190 1.9% Ralf Baechle 176 1.8% Pavel Emelyanov 146 1.5% Ingo Molnar 141 1.4% Tejun Heo 138 1.4% Paul Mundt 131 1.3% Johannes Berg 119 1.2% Al Viro 116 1.2% Takashi Iwai 115 1.1% Jeff Garzik 107 1.1% David S. Miller 102 1.0% Matthew Wilcox 97 1.0% Jens Axboe 89 0.9% Krzysztof Helt 89 0.9% Stephen Hemminger 86 0.9% Rusty Russell 86 0.9% Alan Cox 85 0.8% Herbert Xu 84 0.8%

By changed lines Thomas Gleixner 46358 5.9% Zhu Yi 35133 4.5% Auke Kok 25861 3.3% Michael Buesch 24480 3.1% Ivo van Doorn 22178 2.8% Matthew Wilcox 20416 2.6% Adrian Bunk 19050 2.4% Larry Finger 15003 1.9% David S. Miller 14315 1.8% Andy Gospodarek 13814 1.8% Nathanael Nerode 12821 1.6% Jeff Dike 11103 1.4% Johannes Berg 10118 1.3% Ralf Baechle 9555 1.2% Scott Wood 9328 1.2% Krzysztof Helt 8162 1.0% Kumar Gala 8002 1.0% Jeff Garzik 7689 1.0% David Gibson 7284 0.9% Michael Hennerich 7181 0.9%

By either method of counting, Thomas Gleixner comes out at the top of the list by virtue of his work on the i386/x86_64 architecture merger. Bringing those architectures together and making the result work well was a huge job; this effort will continue into future development cycles. (For the curious, simply renamed files were not counted as "changed lines" in the generation of these numbers). Note that many of these patches also carry a signoff by Ingo Molnar, but git only stores the name of a single "author" for a changeset.

Other contributors of large numbers of changesets in 2.6.24 include Bartlomiej Zolnierkiewicz (lots of IDE driver patches), Adrian Bunk (cleanups all over the kernel tree), Ralf Baechle (MIPS architecture work), Pavel Emelyanov (mostly network and PID namespaces), Tejun Heo (serial ATA and a number of sysfs cleanups), Johannes Berg (wireless networking), and Al Viro (mostly annotation patches and related fixes). If one looks at the number of changed lines, the list of developers changes almost completely: Zhu Yi (iwlwifi driver), Auke Kok (e1000 driver), Michael Buesch (wireless networking and the b43 driver), Ivo van Doorn (rt2x00 wireless driver), Matthew Wilcox (SCSI, especially advansys and sym53c8xx drivers), Adrian Bunk (cleanups and code deletions), Larry Finger (mainly addition of the b43 legacy driver), and David Miller (networking and SPARC64).

If one assigns developers' contributions to employers and totals the results, the following numbers emerge (note that these tables have been updated since initial publication to fix an error):

Most active 2.6.24 employers

By changesets (None) 1417 14.1% (Unknown) 1108 11.1% Red Hat 1045 10.4% IBM 819 8.2% Novell 680 6.8% Intel 446 4.5% linutronix 369 3.7% Oracle 240 2.4% SWsoft 212 2.1% CERN 205 2.0% Movial 190 1.9% Linux Foundation 190 1.9% MIPS Technologies 176 1.8% Renesas Technology 140 1.4% (Academia) 132 1.3% Freescale 126 1.3% MontaVista 122 1.2% Analog Devices 115 1.1% (Consultant) 112 1.1% NetApp 101 1.0%

By lines changed (None) 140730 18.0% (Unknown) 121511 15.5% Intel 114990 14.7% Red Hat 58858 7.5% IBM 51777 6.6% linutronix 47968 6.1% Novell 29856 3.8% Movial 19093 2.4% Freescale 15262 1.9% Analog Devices 14971 1.9% MIPS Technologies 11726 1.5% SWsoft 8331 1.1% Linux Foundation 7917 1.0% Oracle 7777 1.0% Atmel 7125 0.9% CERN 6618 0.8% Renesas Technology 6414 0.8% Google 6373 0.8% MontaVista 6026 0.8% NetApp 5620 0.7%

In many ways, these lists look similar to those posted for past kernels. But there are a few things which jump out this time around:

• Intel has made it to the top of the "by lines changed" list - and not just by a little bit. This happened by virtue of the work done by four of the top-20 developers, but also by dozens of others who contributed to the 2.6.24 kernel. Intel has a lot of people working on the kernel, many of whom spend little time in the limelight.

• Movial found its way onto the list for the first time as a result of having hired a very active developer.

• The amount of work done by people known to be hacking on their own time has grown a bit. This change is mostly a result of more complete information on our side - many developers have moved out of the "unknown" category. Quite a bit of the no-employer work this time around was done on the wireless networking tree; since much of the interesting work in this area currently involves reverse engineering, perhaps it is not surprising that relatively few companies are willing to sponsor it.

All told, some 130 distinct employers were identified for the contributors to 2.6.24. That is a lot of companies to be working on one body of code.

Looking at the Signed-off-by headers of patches is always interesting; if one removes the signoffs added by the authors themselves, what is left is a list of the gatekeepers - those who channel the code into the mainline. The people who signed off on the most patches which they did not write are:

Sign-offs in the 2.6.24 kernel

By developer Andrew Morton 1679 17.6% David S. Miller 894 9.4% Jeff Garzik 631 6.6% Ingo Molnar 626 6.6% John W. Linville 413 4.3% Mauro Carvalho Chehab 367 3.9% Greg Kroah-Hartman 337 3.5% Paul Mackerras 305 3.2% Jaroslav Kysela 284 3.0% James Bottomley 260 2.7% Linus Torvalds 250 2.6% Thomas Gleixner 216 2.3% Bryan Wu 166 1.7% Takashi Iwai 115 1.2% Jens Axboe 113 1.2% Len Brown 113 1.2% Avi Kivity 107 1.1% Roland Dreier 107 1.1% Ralf Baechle 96 1.0% Adrian Bunk 88 0.9%

By employer Red Hat 2935 30.2% Linux Foundation 1929 19.9% (None) 823 8.5% (Unknown) 736 7.6% Novell 636 6.6% IBM 584 6.0% Intel 318 3.3% linutronix 216 2.2% Analog Devices 175 1.8% SGI 141 1.5% Oracle 133 1.4% Cisco 107 1.1% Qumranet 107 1.1% NetApp 106 1.1% MIPS Technologies 96 1.0% Movial 88 0.9% (Consultant) 85 0.9% Renesas Technology 84 0.9% Cendio 43 0.4% CERN 40 0.4%

There are not a lot of changes here from previous development cycles. While quite a few developers add signoffs to code and pass it on, they work for a relatively small number of companies - 7 employers account for 70% of the non-author signoffs.

Finally, given that we are starting a new year, it is worth taking a quick look back at the entirety of 2007. In 2007, Linus merged just over 30,000 changesets (more than 80 per day, every day) from 1900 developers working for (at least) 200 companies. All told, they changed over 2 million lines of code, growing the kernel by more than 750,000 lines. The kernel developers are, in other words, touching over 5,000 lines of code every day - that is a high rate of change.

The top contributors over the course of the year (by changesets) were:

Top contributors in 2007

By developer Ralf Baechle 507 1.7% Thomas Gleixner 485 1.6% David S. Miller 468 1.6% Adrian Bunk 439 1.5% Tejun Heo 394 1.3% Ingo Molnar 351 1.2% Paul Mundt 351 1.2% Al Viro 337 1.1% Bartlomiej Zolnierkiewicz 330 1.1% Andrew Morton 319 1.1% Stephen Hemminger 302 1.0% Patrick McHardy 277 0.9% Alan Cox 270 0.9% Takashi Iwai 269 0.9% Trond Myklebust 256 0.9% David Brownell 254 0.8% Avi Kivity 229 0.8% Jeff Dike 227 0.8% Jeff Garzik 216 0.7% Jean Delvare 215 0.7%

By employer (None) 4881 16.2% Red Hat 3441 11.4% (Unknown) 2933 9.7% IBM 2379 7.9% Novell 2054 6.8% Intel 1060 3.5% Linux Foundation 784 2.6% Oracle 677 2.2% (Consultant) 631 2.1% MIPS Technologies 507 1.7% linutronix 507 1.7% Renesas Technology 394 1.3% (Academia) 392 1.3% SWsoft 384 1.3% SGI 368 1.2% MontaVista 342 1.1% CERN 330 1.1% Freescale 291 1.0% NetApp 279 0.9% Astaro 277 0.9%

It should be noted that the employer numbers are more approximate than usual. Some developers changed employers in 2007, but LWN, as a matter of policy, does not maintain a database of developers and their employers over time. Still, the picture is relatively constant - the same companies continue to contribute approximately the same percentage of the patches going into the kernel over relatively long periods of time.

Overall, the picture that results from all these numbers is one of a widespread and healthy development community. There appears to be no shortage of jobs for kernel developers, but also room for those who work outside of the office. The kernel truly is a common resource, with literally thousands of people working to improve it. And it shows no signs of slowing down anytime soon.

Your editor would like to profusely thank Greg Kroah-Hartman for his help in improving these statistics.

Comments (6 posted)

The Linux trace toolkit's next generation

Instrumenting a running kernel for debugging or profiling is on the wish list of many administrators and developers. Advocates of OpenSolaris like to point to DTrace as a feature that Linux lacks, though SystemTap has started to close that gap. The Linux Trace Toolkit next generation (LTTng) takes a different approach and was recently submitted for inclusion in the kernel (in two patches: arch independent and arch dependent).

LTTng relies upon kernel markers to provide static probe points for its kernel tracing activities. It also provides the ability to trace userspace programs and combine that data with kernel tracing data to give a detailed view of the internals of the system. Unlike other tools, LTTng takes a post-processing approach, storing the data away as efficiently as possible for later analysis. This is in contrast to SystemTap and DTrace which have their own mini-languages that specify what to do as each trace point is reached.

One of the major design goals of LTTng is to have as little impact on the system as possible, not only when it is actually tracing events, but also when it is disabled. Kernel hackers are quite resistant to debugging solutions that add any significant performance penalty when not in use. In addition, any significant delays while enabled may change the system timing such that the bug or condition being studied does not occur. For this reason, LTTng does not take the path that various dynamic tracing solutions have used and avoids the expense of a breakpoint interrupt by using the static markers.

Another major design goal is to provide monotonically increasing timestamp values for events. The original LTT uses timestamps derived from the kernel Network Time Protocol (NTP) time, which can fluctuate somewhat as adjustments are made – sometimes going backward. LTTng uses a timestamp derived from the hardware clocks that will work on various processor architectures and clock speeds. In addition, the timestamps can be correlated between different processors in a multi-processor system.

As LTTng gathers its data, it uses relayfs to get the data to a userspace daemon (lttd) that writes the data to disk. The daemon is started from the lttctl command-line tool, which controls the tracing settings in the kernel via a netlink socket. A user wishing to investigate tracing could use lttctl to start and stop a trace; once the trace is complete, the data could be viewed and analyzed.

The LTT viewer (LTTV) is the program that is used to analyze the data gathered. It provides both GUI and text-based viewers to interpret the binary data generated by LTTng and present it to the user. Multi-gigabyte files of tracing data are not uncommon when using LTTng, so a tool like LTTV is indispensable for visualization and filtering to allow the user to focus on the events of interest. LTTV has a plugin mechanism that allows users to develop their own display and analysis tools, while using the LTTV framework and filtering capabilities.

An advantage of using static probe points – though some may see it as a disadvantage – is that they can be maintained with the kernel code they are targeting. If the kernel markers patch is merged, subsystems can add probe points at places they find interesting or useful and those markers will be carried along in the kernel source; updated as the kernel changes. Other solutions rely on matching an external list of probes with the version of the running kernel, which can result in mismatches and incorrect traces. Also, SystemTap will be able to use any markers that get added to the kernel as is, so users who want the abilities that it provides will also benefit.

LTTng is being developed at the École Polytechnique de Montréal with support from quite a few Linux companies. It has the looks of a very well thought out framework that builds upon the tracing work that has been done before. It certainly won't make it into 2.6.24, but it would seem to have a good chance of making it into a future mainline kernel.

Comments (2 posted)

RCU part 3: the RCU API

[Editor's note: this is the third and final installment in Paul McKenney's "What is RCU?" series. The first and second parts remain available for those who might have missed them. Many thanks to Paul for letting LWN run these articles.]

Introduction

Read-copy update (RCU) is a synchronization mechanism that was added to the Linux kernel in October of 2002. RCU is most frequently described as a replacement for reader-writer locking, but has also been used in a number of other ways. RCU is notable in that RCU readers do not directly synchronize with RCU updaters, which makes RCU read paths extremely fast, and also permits RCU readers to accomplish useful work even when running concurrently with RCU updaters.

This leads to the question "what exactly is RCU?", a question that this document addresses from the viewpoint of the Linux kernel's RCU API.

1. RCU has a Family of Wait-to-Finish APIs

2. RCU has Publish-Subscribe and Version-Maintenance APIs

3. So, What is RCU Really?

These sections are followed by a references section and the answers to the Quick Quizzes.

RCU has a Family of Wait-to-Finish APIs

The most straightforward answer to "what is RCU" is that RCU is an API used in the Linux kernel, as summarized by the pair of tables in this section (the first table shows the wait-for-RCU-readers portions of the API, while the second table shows the publish/subscribe portions of the API). Or, more precisely, RCU is a family of APIs as shown in the first table, with each column corresponding to a member of the RCU API family.

If you are new to RCU, you might consider focusing on just one of the columns in the following table. For example, if you are primarily interested in understanding how RCU is used in the Linux kernel, "RCU Classic" would be the place to start, as it is used most frequently. On the other hand, if you want to understand RCU for its own sake, "SRCU" has the simplest API. You can always come back for the other columns later.

If you are already familiar with RCU, the following pair of tables can serve as a useful reference.

Attribute	RCU Classic	RCU BH	RCU Sched	Realtime RCU	SRCU	QRCU
Purpose	Original	Prevent DDoS attacks	Wait for hardirqs and NMIs	Realtime response	Sleeping readers	Sleeping readers and fast grace periods
Availability	2.5.43	2.6.9	2.6.12	Aug 2005 -rt	2.6.19
Read-side primitives	rcu_read_lock() rcu_read_unlock()	rcu_read_lock_bh() rcu_read_unlock_bh()	preempt_disable() preempt_enable() (and friends)	rcu_read_lock() rcu_read_unlock()	srcu_read_lock() srcu_read_unlock()	qrcu_read_lock() qrcu_read_unlock()
Update-side primitives (synchronous)	synchronize_rcu() synchronize_net()		synchronize_sched()	synchronize_rcu() synchronize_net()	synchronize_srcu()	synchronize_qrcu()
Update-side primitives (asynchronous/callback)	call_rcu()	call_rcu_bh()		call_rcu()	N/A	N/A
Update-side primitives (wait for callbacks)	rcu_barrier()			rcu_barrier()	N/A	N/A
Read side constraints	No blocking	No irq enabling	No blocking	No blocking except preemption and lock acquisition	No synchronize_srcu()	No synchronize_qrcu()
Read side overhead	Preempt disable/enable (free on non-PREEMPT)	BH disable/enable	Preempt disable/enable (free on non-PREEMPT)	Simple instructions, irq disable/enable	Simple instructions, preempt disable/enable	Atomic increment and decrement of shared variable
Asynchronous update-side overhead (for example, call_rcu())	sub-microsecond	sub-microsecond		sub-microsecond	N/A	N/A
Grace-period latency	10s of milliseconds	10s of milliseconds	10s of milliseconds	10s of milliseconds	10s of milliseconds	10s of nanoseconds in absence of readers
Non-PREEMPT_RT implementation	RCU Classic	RCU BH	RCU Classic	N/A	SRCU	N/A
PREEMPT_RT implementation	N/A	Realtime RCU	Forced Schedule on all CPUs	Realtime RCU	SRCU	N/A

Quick Quiz 1: Why are some of the cells in the above table colored green?

The "RCU Classic" column corresponds to the original RCU implementation, in which RCU read-side critical sections are delimited by rcu_read_lock() and rcu_read_unlock(), which may be nested. The corresponding synchronous update-side primitives, synchronize_rcu(), along with its synonym synchronize_net(), wait for any currently executing RCU read-side critical sections to complete. The length of this wait is known as a "grace period". The asynchronous update-side primitive, call_rcu(), invokes a specified function with a specified argument after a subsequent grace period. For example, call_rcu(p,f); will result in the "RCU callback" f(p) being invoked after a subsequent grace period. There are situations, such as when unloading a module that uses call_rcu(), when it is necessary to wait for all outstanding RCU callbacks to complete. The rcu_barrier() primitive does this job.

In the "RCU BH" column, rcu_read_lock_bh() and rcu_read_unlock_bh() delimit RCU read-side critical sections, and call_rcu_bh() invokes the specified function and argument after a subsequent grace period. Note that RCU BH does not have a synchronous synchronize_rcu_bh() interface, though one could easily be added if required.

Quick Quiz 2: What happens if you mix and match? For example, suppose you use rcu_read_lock() and rcu_read_unlock() to delimit RCU read-side critical sections, but then use call_rcu_bh() to post an RCU callback?

In the "RCU Sched" column, anything that disables preemption acts as an RCU read-side critical section, and synchronize_sched() waits for the corresponding RCU grace period. This RCU API family was added in the 2.6.12 kernel, which split the old synchronize_kernel() API into the current synchronize_rcu() (for RCU Classic) and synchronize_sched() (for RCU Sched). Note that RCU Sched does not have an asynchronous call_rcu_sched() interface, though one could be added if required.

Quick Quiz 3: What happens if you mix and match RCU Classic and RCU Sched?

The "Realtime RCU" column has the same API as does RCU Classic, the only difference being that RCU read-side critical sections may be preempted and may block while acquiring spinlocks. The design of Realtime RCU is described in the LWN article The design of preemptible read-copy-update.

Quick Quiz 4: What happens if you mix and match Realtime RCU and RCU Classic?

The "SRCU" column displays a specialized RCU API that permits general sleeping in RCU read-side critical sections, as was described in the LWN article Sleepable RCU. Of course, use of synchronize_srcu() in an SRCU read-side critical section can result in self-deadlock, so should be avoided. SRCU differs from earlier RCU implementations in that the caller allocates an srcu_struct for each distinct SRCU usage. This approach prevents SRCU read-side critical sections from blocking unrelated synchronize_srcu() invocations. In addition, in this variant of RCU, srcu_read_lock() returns a value that must be passed into the corresponding srcu_read_unlock().

The "QRCU" column presents an RCU implementation with the same API structure as SRCU, but optimized for extremely low-latency grace periods in absence of readers, as described in the LWN article Using Promela and Spin to verify parallel algorithms. As with SRCU, use of synchronize_qrcu() can result in self-deadlock, so should be avoided. Although QRCU has not yet been accepted into the Linux kernel, it is worth mentioning given that it is the only RCU implementation that can boast deep sub-microsecond grace-period latencies.

Quick Quiz 5: Why do both SRCU and QRCU lack asynchronous call_srcu() or call_qrcu() interfaces?

Quick Quiz 6: Under what conditions can synchronize_srcu() be safely used within an SRCU read-side critical section?

The Linux kernel currently has a surprising number of RCU APIs and implementations. There is some hope of reducing this number, evidenced by the fact that a given build of the Linux kernel currently has at most three implementations behind four APIs (given that RCU Classic and Realtime RCU share the same API). However, careful inspection and analysis will be required, just as would be required for one of the many locking APIs.

RCU has Publish-Subscribe and Version-Maintenance APIs

Fortunately, the RCU publish-subscribe and version-maintenance primitives shown in the following table apply to all of the variants of RCU discussed above. This commonality can in some cases allow more code to be shared, which certainly reduces the API proliferation that would otherwise occur.

Category	Primitives	Availability	Overhead
List traversal	list_for_each_entry_rcu()	2.5.59	Simple instructions (memory barrier on Alpha)
List update	list_add_rcu()	2.5.44	Memory barrier
	list_add_tail_rcu()	2.5.44	Memory barrier
	list_del_rcu()	2.5.44	Simple instructions
	list_replace_rcu()	2.6.9	Memory barrier
	list_splice_init_rcu()	2.6.21	Grace-period latency
Hlist traversal	hlist_for_each_entry_rcu()	2.6.8	Simple instructions (memory barrier on Alpha)
Hlist update	hlist_add_after_rcu()	2.6.14	Memory barrier
	hlist_add_before_rcu()	2.6.14	Memory barrier
	hlist_add_head_rcu()	2.5.64	Memory barrier
	hlist_del_rcu()	2.5.64	Simple instructions
	hlist_replace_rcu()	2.6.15	Memory barrier
Pointer traversal	rcu_dereference()	2.6.9	Simple instructions (memory barrier on Alpha)
Pointer update	rcu_assign_pointer()	2.6.10	Memory barrier

The first pair of categories operate on Linux struct list_head lists, which are circular, doubly-linked lists. The list_for_each_entry_rcu() primitive traverses an RCU-protected list in a type-safe manner, while also enforcing memory ordering for situations where a new list element is inserted into the list concurrently with traversal. On non-Alpha platforms, this primitive incurs little or no performance penalty compared to list_for_each_entry(). The list_add_rcu(), list_add_tail_rcu(), and list_replace_rcu() primitives are analogous to their non-RCU counterparts, but incur the overhead of an additional memory barrier on weakly-ordered machines. The list_del_rcu() primitive is also analogous to its non-RCU counterpart, but oddly enough is very slightly faster due to the fact that it poisons only the prev pointer rather than both the prev and next pointers as list_del() must do. Finally, the list_splice_init_rcu() primitive is similar to its non-RCU counterpart, but incurs a full grace-period latency. The purpose of this grace period is to allow RCU readers to finish their traversal of the source list before completely disconnecting it from the list header -- failure to do this could prevent such readers from ever terminating their traversal.

Quick Quiz 7: Why doesn't list_del_rcu() poison both the next and prev pointers?

The second pair of categories operate on Linux's struct hlist_head, which is a linear linked list. One advantage of struct hlist_head over struct list_head is that the former requires only a single-pointer list header, which can save significant memory in large hash tables. The struct hlist_head primitives in the table relate to their non-RCU counterparts in much the same way as do the struct list_head primitives.

The final pair of categories operate directly on pointers, and are useful for creating RCU-protected non-list data structures, such as RCU-protected arrays and trees. The rcu_assign_pointer() primitive ensures that any prior initialization remains ordered before the assignment to the pointer on weakly ordered machines. Similarly, the rcu_dereference() primitive ensures that subsequent code dereferencing the pointer will see the effects of initialization code prior to the corresponding rcu_assign_pointer() on Alpha CPUs. On non-Alpha CPUs, rcu_dereference() documents which pointer dereferences are protected by RCU.

Quick Quiz 8: Normally, any pointer subject to rcu_dereference() should always be updated using rcu_assign_pointer(). What is an exception to this rule?

Quick Quiz 9: Are there any downsides to the fact that these traversal and update primitives can be used with any of the RCU API family members?

So, What is RCU Really?

At its core, RCU is nothing more nor less than an API that supports publication and subscription for insertions, waiting for all RCU readers to complete, and maintenance of multiple versions. That said, it is possible to build higher-level constructs on top of RCU, including the reader-writer-locking, reference-counting, and existence-guarantee constructs listed in the companion article. Furthermore, I have no doubt that the Linux community will continue to find interesting new uses for RCU, just as they do for any of a number of synchronization primitives throughout the kernel.

Finally, a complete view of RCU would also include all of the things you can do with these APIs.

Acknowledgements

We are all indebted to Andy Whitcroft, Jon Walpole, and Gautham Shenoy, whose review of an early draft of this document greatly improved it. I owe thanks to the members of the Relativistic Programming project and to members of PNW TEC for many valuable discussions. I am grateful to Dan Frye for his support of this effort.

This work represents the view of the author and does not necessarily represent the view of IBM.

Linux is a registered trademark of Linus Torvalds.

Other company, product, and service names may be trademarks or service marks of others.

References

This section gives a short annotated bibliography describing using RCU, Linux-kernel RCU implementations, background, and historical perspectives. For more information, see Paul E. McKenney's RCU Page.

Using RCU

1. Overview of Linux-Kernel Reference Counting (McKenney, January 2007) [PDF]. Overview of Linux-kernel reference counting (including RCU) prepared for the Concurrency Working Group of the C/C++ standards committee.

2. RCU and Unloadable Modules (McKenney, January 2007). Describes how to unload modules that use call_rcu(), so as to avoid RCU callbacks trying to use the module after it has been unloaded.

3. Recent Developments in SELinux Kernel Performance. James Morris describes a performance problem in the SELinux Access Vector Cache (AVC), and its resolution via RCU in a patch by Kaigai Kohei.

4. Using Read-Copy-Update Techniques for System V IPC in the Linux 2.5 Kernel (Arcangeli et al., June 2003) [PDF]. Describes how RCU is used in the Linux kernel's System V IPC implementation.

Linux-Kernel RCU Implementations

1. The design of preemptible read-copy-update (McKenney, October 2007). Describes a high-performance RCU implementation for realtime use.

2. Sleepable RCU (McKenney, October 2006). Description of SRCU.

3. Using Promela and Spin to verify parallel algorithms (McKenney, August 2007). Description of the QRCU patch.

4. RCU dissertation (McKenney, July 2004) [PDF].
   • Section 2.2.20 (pages 62-64) gives a history of RCU-like mechanisms, a very brief summary of which can be found below.
   • Chapter 4 (pages 71-98) and Appendix C (pages 326-345) review a number of different types of RCU implementations, summarizing a number of earlier papers.
   • Chapter 5 (pages 137-178) gives an overview of a number of "design patterns" guiding use of RCU.
   • Chapter 6 (pages 179-234) describes some early uses of RCU.

5. Using RCU in the Linux 2.5 Kernel (October 2003). Brief summary of why RCU can be helpful, along with an analogy between RCU and reader-writer locking.

6. Anyone who is laboring under the misapprehension that the Linux community would never have independently invented RCU should read this netdev posting and this one as well. Both postings pre-date the earliest known introduction of RCU to the Linux community.

Background

1. Real-Time Linux Wiki. Provides much valuable information on the -rt patchset for both kernel and application developers.

2. Home of the -rt kernel patchsets.

3. Memory Ordering in Modern Microprocessors (McKenney, August 2005) [PDF]. Gives an overview of how Linux's memory-ordering primitives work on a number of computer architectures.

Historical Perspectives on RCU and Related Mechanisms

1. Tornado: Maximizing Locality and Concurrency in a Shared Memory Multiprocessor Operating System (Gamsa et al., February 1999) [PDF]. Independent invention of a mechanism very similar to RCU. Tornado is a research operating system developed at the University of Toronto. This operating system uses its analog to RCU pervasively. Some of the University of Toronto students brought this operating system with them to IBM Research, where it was developed as part of the K42 project.

2. Read-Copy Update: Using Execution History to Solve Concurrency Problems (McKenney and Slingwine, October 1998) [PDF]. First non-patent publication of DYNIX/ptx's RCU implementation.

3. Passive Serialization in a Multitasking Environment (Hennessey et al., February 1989). This patent describes an RCU-like mechanism that was apparently used in IBM's VM/XA mainframe hypervisor. This is the earliest known production use of an RCU-like mechanism.

4. Concurrent Manipulation of Binary Search Trees (Kung and Lehman, September 1980). The earliest known publication of an RCU-like mechanism, using a garbage collector to implicitly compute grace periods.

Answers to Quick Quizzes

Quick Quiz 1: Why are some of the cells in the above table colored green?

Answer: The green API members (rcu_read_lock(), rcu_read_unlock(), and call_rcu()) were the only members of the Linux RCU API that Paul E. McKenney was aware of back in the mid-90s. During this timeframe, he was under the mistaken impression that he knew all that there is to know about RCU.

Back to Quick Quiz 1.

Quick Quiz 2: What happens if you mix and match? For example, suppose you use rcu_read_lock() and rcu_read_unlock() to delimit RCU read-side critical sections, but then use call_rcu_bh() to post an RCU callback?

Answer: If there happened to be no RCU read-side critical sections delimited by rcu_read_lock_bh() and rcu_read_unlock_bh() at the time call_rcu_bh() was invoked, RCU would be within its rights to invoke the callback immediately, possibly freeing a data structure still being used by the RCU read-side critical section! This is not merely a theoretical possibility: a long-running RCU read-side critical section delimited by rcu_read_lock() and rcu_read_unlock() is vulnerable to this failure mode.

This vulnerability disappears in -rt kernels, where RCU Classic and RCU BH both map onto a common implementation.

Back to Quick Quiz 2.

Quick Quiz 3: What happens if you mix and match RCU Classic and RCU Sched?

Answer: In a non-PREEMPT or a PREEMPT kernel, mixing these two works "by accident" because in those kernel builds, RCU Classic and RCU Sched map to the same implementation. However, this mixture is fatal in PREEMPT_RT builds using the -rt patchset, due to the fact that Realtime RCU's read-side critical sections can be preempted, which would permit synchronize_sched() to return before the RCU read-side critical section reached its rcu_read_unlock() call. This could in turn result in a data structure being freed before the read-side critical section was finished with it, which could in turn greatly increase the actuarial risk experienced by your kernel.

In fact, the split between RCU Classic and RCU Sched was inspired by the need for preemptible RCU read-side critical sections.

Back to Quick Quiz 3.

Quick Quiz 4: What happens if you mix and match Realtime RCU and RCU Classic?

Answer: That would be up to you, because you would have to code up changes to the kernel to make such mixing possible. Currently, any kernel running with RCU Classic cannot access Realtime RCU and vice versa.

Back to Quick Quiz 4.

Quick Quiz 5: Why do both SRCU and QRCU lack asynchronous call_srcu() or call_qrcu() interfaces?

Answer: Given an asynchronous interface, a single task could register an arbitrarily large number of SRCU or QRCU callbacks, thereby consuming an arbitrarily large quantity of memory. In contrast, given the current synchronous synchronize_srcu() and synchronize_qrcu() interfaces, a given task must finish waiting for a given grace period before it can start waiting for the next one.

Back to Quick Quiz 5.

Quick Quiz 6: Under what conditions can synchronize_srcu() be safely used within an SRCU read-side critical section?

Answer: In principle, you can use synchronize_srcu() with a given srcu_struct within an SRCU read-side critical section that uses some other srcu_struct. In practice, however, doing this is almost certainly a bad idea. In particular, the following could still result in deadlock:

idx = srcu_read_lock(&ssa);
synchronize_srcu(&ssb);
srcu_read_unlock(&ssa, idx);

/* . . . */

idx = srcu_read_lock(&ssb);
synchronize_srcu(&ssa);
srcu_read_unlock(&ssb, idx);

Back to Quick Quiz 6.

Quick Quiz 7: Why doesn't list_del_rcu() poison both the next and prev pointers?

Answer: Poisoning the next pointer would interfere with concurrent RCU readers, who must use this pointer. However, RCU readers are forbidden from using the prev pointer, so it may safely be poisoned.

Back to Quick Quiz 7.

Quick Quiz 8: Normally, any pointer subject to rcu_dereference() must always be updated using rcu_assign_pointer(). What is an exception to this rule?

Answer: One such exception is when a multi-element linked data structure is initialized as a unit while inaccessible to other CPUs, and then a single rcu_assign_pointer() is used to plant a global pointer to this data structure. The initialization-time pointer assignments need not use rcu_assign_pointer(), though any such assignments that happen after the structure is globally visible must use rcu_assign_pointer().

However, unless this initialization code is on an impressively hot code-path, it is probably wise to use rcu_assign_pointer() anyway, even though it is in theory unnecessary. It is all too easy for a "minor" change to invalidate your cherished assumptions about the initialization happening privately.

Back to Quick Quiz 8.

Quick Quiz 9: Are there any downsides to the fact that these traversal and update primitives can be used with any of the RCU API family members?

Answer: It can sometimes be difficult for automated code checkers such as "sparse" (or indeed for human beings) to work out which type of RCU read-side critical section a given RCU traversal primitive corresponds to. For example, consider the following:

rcu_read_lock();
preempt_disable();
p = rcu_dereference(global_pointer);

/* . . . */

preempt_enable();
rcu_read_unlock();

Is the rcu_dereference() primitive in an RCU Classic or an RCU Sched critical section? What would you have to do to figure this out?

Back to Quick Quiz 9.

Comments (5 posted)

GoboLinux

GoboLinux is an alternative distribution that redefines the entire filesystem hierarchy. The distribution joined the LWN Distributions List in late October 2003 at version 007. Now at version 014, the project has made quite a bit of headway. The website has been translated into several major languages, along with much of the documentation.

An early article written by GoboLinux creator Hisham Muhammad explains how the distribution evolved from a custom Linux From Scratch installation, and the motivation for changing the directory structure.

I downloaded the 014 release and stuck the CD into my ancient Sony Vaio laptop. After booting I was first prompted for my preferred language and keyboard settings and then taken to a console screen with text advising me to "run startx to run the live CD or you can install from here." I ran startx and soon was looking at a familiar KDE desktop. This release features KDE 3.5.8, Glibc 2.5 and Xorg 7.2. From here you'll find a desktop icon for GParted and another to install GoboLinux, so you can easily create a separate partition for GoboLinux before an installation.

I ran it as live CD and brought up a Konsole so I poke about the filesystem hierarchy. The home directory looks much like any other Linux system, but a cd /, followed by ls -al reveals something else entirely. There are only six subdirectories here: Depot, Files, Mount, Programs, System, and Users. Depot proved to be empty, but the other directories have their own subdirectories, which branch further as necessary. For example, I found everything need to compile the linux kernel for a variety of architectures under /Files/Compile/Sources/linux-2.6.23.8/ (the version used by this release). To see all the installed programs just look at /Programs where each package has it's own subdirectory. Different versions of the packages can also be easily installed without conflict, since the directory structure includes the version number, e.g. /Programs/Xorg/7.2/.

The home directory for users is under /Users instead of /home, but it works just the same. As a long time Unix/Linux user I'm used to the old hierarchy, with cryptic names like /etc and /bin. I thought I might have a hard time getting used to GoboLinux. Instead, I found it intuitive and easy to work with. Next time you are looking for something different in a desktop, give GoboLinux a try.

Comments (19 posted)

gOS 2.0 "Rocket", the Second Major Release of the Friendly Linux OS

Good OS has announced the release of gOS 2.0 "Rocket". "gOS Rocket introduces gBooth, the first of many web apps to come specially customized for gOS. gBooth is powered by gOS spin-off, meebooth, a browser-based web cam application that makes it fun and easy to capture photos, add special effects, and share across Facebook, YouTube and other web services. To introduce a gOS compatible web cam, gOS and meebooth partnered with leading web cam manufacturer Ezonics to create the "gCam," a web cam compatible with gOS and gBooth."

Full Story (comments: none)

Announcing Fedora Directory Server 1.1.0

A new version of the Fedora Directory Server is out, with some new features and improvements. Click below for an overview.

Full Story (comments: none)

Mandriva CEO on 2007

Mandriva CEO François Bancilhon takes a look at what Mandriva accomplished in the 2007, with a look forward to 2008. "We drastically changed our traditional Linux distribution business: the product line was simplified, a strong focus was put on our free products (Mandriva Linux One and Mandriva Linux Free) and on their easy download, prices were drastically reduced, Mandriva Club membership became free, we invested a lot in improving our relationship with the community and our contributors and a complete new web site was put in place. We got a globally warm response to all these changes."

Comments (none posted)

SUSE Linux 10.0 has reached End of Life

SUSE Linux 10.0 was released begin of October 2005, and now it has received the last update and support has been discontinued.

Full Story (comments: 2)

Happy birthday and Elive Plans

Elive, a Debian based distribution featuring the Enlightenment window manager, has some plans for 2008. "Elive is 5 years old. We have decided to count the age of Elive from the real development instead of the releases with the name "Elive". The first system made was a livecd called Tezcatlipotix based on Knoppix 3.1 lite. A desktop livecd for personal use with Enlightenment in the same spirit as Elive. After that, the decision to make this system for the public was made. The name was changed to Elive and a project was then hosted on debianitas.net, which soon switched to it's own server and project."

Comments (none posted)

Fedora Weekly News Issue 114

The Fedora Weekly News for December 31, 2007 looks at "FUDCon Raleigh 2008", "Fedora Unity announces Fedora 8 Re-Spin", Planet Fedora articles "Red Hat's New CEO", "bugz.fedoraproject.org" and "Fedora Xfce Spin", and much more.

Full Story (comments: none)

openSUSE Weekly News, Issue 4

The fourth issue of the openSUSE Weekly News covers all things during the Christmas holidays, including A look at openSUSE's accomplishments in 2007, openSUSE 11.0 now Scheduled, openSUSE Education goes Gold, and Jeff Jaffe, Novell CTO, on the openSUSE Project.

Comments (none posted)

Ubuntu Weekly Newsletter #72

The Ubuntu Weekly Newsletter for December 30 through January 5th covers Alpha 3 Freeze, Kubuntu Tutorials Day, Ubuntu Live Conference videos, a new Kubuntu member, the success of Inkscape with Launchpad, Ubuntu Forum News, Ubuntu Tutorial of the Week, and much more.

Full Story (comments: none)

DistroWatch Weekly, Issue 234

The DistroWatch Weekly for January 7, 2008 is out. "Yes, this is the first full week of 2008, which means that in just a few days the long-awaited KDE 4.0 should be out and ready. Although the initial release might not be as stable and functional as the current KDE 3.5 series, it will lay down foundations for a truly modern desktop environment that could power many computers into the next decade. But how many of us will be using it by the end of 2008? Only time will tell. In the news section, Red Hat appoints a new Chief Executive Officer, Canonical drops long-term support goal in Kubuntu 8.04, PCLinuxOS announces new low-cost desktop computer and start of a 2008 release cycle, and Linux Mint and Elive promise new editions of their respective products. Finally, don't miss the feature story of this week's issue - a report about your DistroWatch maintainer's visit to the Mandriva headquarters and a brief meeting with Gaël Duval, the founder of Mandrake Linux."

Comments (none posted)

The Linux Project: Gentoo revisited (OpEdNews)

OpEdNews looks at Gentoo. "Gentoo Linux is more than a computer operating system, it's an experience. From the time you first boot that CD, until the time you finally declare your system in the state which you desire, you will learn more about Linux than you ever thought you could."

Comments (none posted)

Ubuntu Linux: Built-in apps get an "A", wireless support an "F" (CNET)

Dennis O'Reilly reviews Ubuntu 7.10. "It didn't take long after installing Canonical Ltd.'s Ubuntu 7.10 version of Linux for me to decide I liked what I saw. A quick tour of the Applications, Places, and System menus indicated that converting from Windows to Linux would be relatively seemless. The only fly in the ointment was my inability to get any of three wireless adapters to work with the OS."

Comments (21 posted)

The launch of RPM 5.0

Stable version 5.0.0 of RPM, the rpm package manager, formerly known as the Red Hat package manager, has been announced. RPM5 is a fork of RPM; it should not be confused with the version used by Red Hat, Fedora, SUSE, and others, which can still be found at rpm.org.

The project description states:

The RPM5 developers certainly have a high opinion of what this release brings:

RPM Version 5.0.0 differs in numerous ways from other versions. As noted above, the project aims to be cross-platform. Much of the code is said to have been cleaned up and numerous bugs have been fixed. The RPM build process has been completely rewritten to improve portability. The code base has been ported to all of the major UNIX-based platforms and Windows. All of the most widely used open-source and proprietary compilers are now supported. Supported compression formats now include bzip, bzip2 and LZMA. Initial support has been added for XAR, the XML Archive file format, while support for the old RPMv3 format has been removed. New package specification features have been added and RPM 5 can now automatically track vendor distribution files.

In the last several years, the RPM project has been plagued by a bit of controversy. The issues mainly centered around maintenance of the code and which version was used by Red Hat. In August, 2006, LWN asked Who maintains RPM? More recently, Ralf S. Engelschall from the OpenPKG distribution has posted a blog entry that discusses the project's history and considers which version is "official". Lastly, the initial RPM 5.0.0 announcement on LWN produced some lively discussion of RPM issues.

The much-trumpeted release of RPM5 seems unlikely to put an end to this controversy, to say the least. RPM5 would appear to have a certain amount of development energy and momentum, but it is not used by any major distributions and it is not at all clear that this will change; in particular, Red Hat and Fedora seem highly unlikely to drop their version of RPM for RPM5. So this fork - and the bad feelings that go along with it - will probably persist indefinitely. That's not what anybody would wish for a crucial (and normally relatively boring) system tool like rpm.

Comments (5 posted)

NCReport 2.0 (beta2) is available! (SourceForge)

Version 2.0 beta2 of NCReport has been announced. "NCReport is lightweight, fast, easy to use SQL report engine written in C++ based on Qt toolkit. Report definition using XML format - stored as file or in sql database. Generated document ready to print or (fast) preview The new NCReport 2.0 has been released. The project is fully re-written from the bases. It has many new features and improvements. The new Designer application also included."

Comments (none posted)

PostgreSQL version 8.3 RC1 available

Version 8.3 RC1 of the PostgreSQL DBMS has been announced. "Currently there are no major outstanding issues (and only a couple of minor ones) for 8.3, so we may not build a Release Candidate 2. This means that it's critical that you download and test 8.3RC1 this week in order to catch any further issues, since any bugs you miss could end up in 8.3.0."

Full Story (comments: none)

Postgres Weekly News

The January 6, 2008 edition of the Postgres Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

BusyBox 1.9.0 released

Unstable version 1.9.0 of BusyBox has been announced. "lash is deleted from this release. hush can be configured down to almost the same size, but it is significantly less buggy. It even works on NOMMU machines (interactive mode and backticks are not working on NOMMU, though). "lash" applet is still available, but it runs hush."

Comments (none posted)

Announcing Allmydata-Tahoe 0.7.0

Version 0.7.0 of Allmydata-Tahoe, a secure, decentralized, fault-tolerant filesystem, has been announced. "This is an exciting release of Tahoe. With this release, it is fully decentralized (at least as far as the actual storage part), and it has a FUSE plugin."

Full Story (comments: none)

Apache SpamAssassin 3.2.4 is available

Version 3.2.4 of Apache SpamAssassin has been announced. "3.2.4 is a major bug-fix release, with a few minor new features."

Full Story (comments: none)

BINViz: New Release (SourceForge)

Version 0.5.2 of BINViz has been announced. "BINViz(Bidirectional Interactive Network Visualization) is a JavaScript library for network and graph visualization. The goal of this tool is to provide a better way to visualize complex graphical models and the underlying data in a web-based environment A new version (0.5.2) of BINViz is released on Jan 4th, 2008. New features like multi-colored edges are now available! A package with some examples is also added to the download web page."

Comments (none posted)

Vigilog: 1.3 is released (SourceForge)

Version 1.3 of Vigilog has been announced. "Vigilog, an easy-to-use and attractive log file viewer just released version 1.3. It now includes a webstart version, ability to use log4j or logback plain text files and much more."

Comments (none posted)

Synfig Irregular News

The January 2, 2008 edition of the Synfig Irregular News covers the latest news from the Synfig 2D vector animation studio project.

Comments (none posted)

Audacious 1.4.5 and Audacious-Plugins 1.4.4 released

New versions of Audacious, an audio player, and Audacious-Plugins have been announced. "Audacious-Plugins 1.4.3.2 was released to fix a regression caused by an incomplete backport. AGAIN."

Comments (none posted)

Rivendell v0.9.84 announced

Version 0.9.84 of the Rivendell radio station automation software has been announced. "A major new subsystem has been added that permits automated generation and posting of audio podcasts from RDCatch, as well as a new RDCastManager module for manual content posting and management of existing podcast episodes." Many other changes have been added.

Full Story (comments: none)

Zimbra Collaboration Suite 5.0 GA released

Version 5.0 GA of the Zimbra Collaboration Suite has been announced. Scott Dowdle's blog has a review of the new release, here is the change summary: "Briefcase - A file storage area with a nice file manager. Tasks - Create to-do lists and manage tasks through to completion. Instant Messaging - Beta - User to user chat. More sharing - Mail folders can be shared, new HTTP calendar sharing, share Briefcase files. Documents - Now out of beta... online text and spreadsheet documents. Faster login - They split up the javascript into functional pieces so you don't have to load everything at login time. Little touches - folder summaries, public or private calendar entries, updated help system, email priorities, enhanced tagging, and automatic http to https redirection."

Comments (none posted)

Chandler Server 0.11 released

Version 0.11 of Chandler Server has been announced. "Chandler Server is a server and Ajax web UI for managing and sharing calendars, events, and tasks. It implements open data standards including CalDAV, WebDAV, Atom, and Atompub. This is a bugfix release for Chandler Server 0.10.1 and is recommended for general usage. The improvements include better support for account signup and odd usernames, better error messages, and a variety of other fixes."

Full Story (comments: none)

matplotlib 0.91.2

Version 0.91.2 of matplotlib, a python 2D plotting library, has been announced. Changes include enhanced mathtext, better configuration, support for writing to file-like objects, record array support, new pylab plotting functions, maskedarray support, plotfile support, and bug fixes. See the What's new document for more information.

Comments (none posted)

GNOME Software Announcements

The following new GNOME software has been announced this week:

• Clutter development snapshot 0.5.0 (new features and bug fixes)
• Deskbar-Applet 2.20.3 (bug fix)
• Devhelp 0.17 (bug fixes and translation work)
• Eye of GNOME 2.20.4 (bug fixes and translation work)
• GDM2 2.20.3 (new feature, bug fixes and translation work)
• GLib 2.14.5 (bug fixes and translation work)
• GLib 2.15.1 (portability and bug fixes, translation work)
• gnome-applets 2.20.1 (bug fixes and translation work)
• gnome-control-center 2.20.3 (new features, bug fixes and translation work)
• Gnome Games 2.20.3 (bug fixes and translation work)
• gnome-keyring 2.20.3 (bug fixes and translation work)
• Gnome Subtitles 0.7.2 (bug fixes, documentation and translation work)
• GQ LDAP Client 1.2.3 (bug fix)
• GQ LDAP Client 1.3.3 (bug fixes)
• gThumb 2.10.8 (bug fixes and translation work)
• GTK+ 2.12.4 (bug fixes and translation work)
• GTK+ 2.12.5 (bug fix)
• libspectre release 0.2.0 (new features)
• Orca 2.20.3 (bug fix and translation work)
• PyGTK 2.12.1 (new features and bug fixes)
• PyGObject 2.14.1 (bug fixes)
• rarian 0.7.1 (bug fixes)
• Seahorse 2.20.3 (translation work)
• Simple Root Actions Menu 1.2 (translation work)
• Tomboy 0.9.3 (new features, bug fixes and translation work)
• yelp 2.21.2 (bug fixes and translation work)

You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

Aaron Seigo on KDE 4.0

KDE developer Aaron Seigo has posted a lengthy "talking bluntly" message on KDE 4.0. "KDE 4.0 isn't yet 'better than good enough'; so why don't we just release more betas? When one perpetually releases alphas/betas a few things happen: people don't test it aggressively enough, third party developers don't get involved, core developers continue doing blue sky development rather than focusing on release qualities."

Comments (8 posted)

A First Look at the Unreleased KDE 4.0.0 (KDE.News)

KDE.News covers the upcoming KDE 4.0.0. "Markus Mauder on his blog posts a look at the soon to be released KDE 4.0.0 complete with screenshots and a review of some of the significant changes. "I hope you enjoy this preview and come to share my opinion that KDE 4 is going to rock!" He also has an album of screenshots on Picasa that expand on the ones in the article. The big release happens on Friday, join us in #kde4-release-party on Freenode to celebrate."

Comments (none posted)

KDE Commit-Digest (KDE.News)

The December 30, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "Furious last-minute application of polish across the board in preparation for the tagging of KDE 4.0 Final next week. Work towards threading GDB operations support in KDevelop. Support for media players employing the MPRIS standard in the Plasma "Now Playing" data engine, with the import of a Flickr Plasmoid. A style manager, support for Karbon gradients and lots of colourspace work in Krita. Various improvements in the Eigen2 math vector library. Continued progress in the KBugBuster rewrite..."

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week:

• Amarok Atom Syndication 0.1.4 (unspecified)
• cueIt .07 (new feature)
• Dragon Player 2.0-beta1 (unspecified)
• EyesG 0.9 (unspecified)
• indywiki 0.9.7 (new features and bug fixes)
• KAlarm 1.4.21 / 1.9.10 beta (new features and bug fixes)
• kAnyRemote 4.3 (bug fix)
• kcrtusr 1.0 (initial release)
• KDVDCreator 0.1 (initial release)
• kids puzzle 0 (game proposal)
• KIO Slave appinfo:/ 0.1 (initial release)
• K Raid Monitor 0.4 (new features)
• Krsync 0.4-RC1 (bug fixes)
• Krsync 0.4-RC2 (translation work)
• Manslide 1.9.3 (new features and code cleanup)
• Manslide 1.9.4 (bug fixes and code cleanup)
• Manslide v1.9.5 (bug fixes and code cleanup)
• MountISO 0.9.3.1 (translation work)
• MountISO 0.9.5 (new features and bug fixes)
• Print Selected Images kde 3.x (unspecified)
• Qontacts 1.0.2 (unspecified)
• Qtractor 0.1.0 (new features and bug fixes)
• ScroogLyrics 0.10 (new feature and bug fixes)
• Simple Root Actions Menu 1.2 (translation work)
• Simple Root Actions Menu 1.3 (new features and translation work)
• TorK 0.26 (new features and bug fixes)
• Transcogg 1.2 (new feature and bug fix)
• Transcogg 1.3 (translation work)
• trix 0.93 (unspecified)
• Zhu3D 3.4.0 (new features, bug fixes and documentation work)

You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

Scribus 1.3.3.10 released

Version 1.3.3.10 of the Scribus page layout application has been announced. "This stable release adds the following: Several fixes and improvements to text frames and the Story Editor. New Arabic Translation. More translation and documentation updates. Many improvements to PDF Forms exporting and non-Latin script handling in PDFs. Several fixes to protect against possible crashes. Improved Color Managed Display in some cases. Some fixes to the Scripting plugin. One of the major additions to this release is the final complete German translation of the Scribus documentation by Christoph Schäfer and Volker Ribbert."

Full Story (comments: none)

Covered 20080103 released

Development version 20080103 of Covered, a Verilog code coverage analyzer, has been announced. "This is primarily a bug fix and performance enhancement release over the last development release of Covered with a few new feature additions."

Comments (none posted)

gEDA/gaf 1.3.0-20071229 released

Version 1.3.0-20071229 of gEDA/gaf has been announced. "The v1.3.0 development snapshot of gEDA/gaf has been released. This release rolls up the last three months of development. Many thanks to everybody involved. Note, this is a development snapshot so it should not go into any distributions."

Comments (none posted)

GnuCash 2.2.3 released

Version 2.2.3 of GnuCash has been announced. "The GnuCash development team proudly announces GnuCash 2.2.3, the third bug fix release in a series of stable releases of the GnuCash Free Accounting Software."

Full Story (comments: none)

iTrade: 0.4.6 Nausicaa2 Official Release (SourceForge)

Version 0.4.6 of iTrade has been announced. iTrade is a: "Trading & Charting system written in Python including Quotes Management, Historic Data, Live Data, Import/Export, Charting, candlestick and Technical analysis, automated alerts, portfolio management, risk management, and much much more".

Comments (none posted)

Announcing LedgerSMB 1.2.11

Version 1.2.11 of LedgerSMB, a web based accounting system, has been announced. This release fixes a denial of service security issue and addresses a number of bugs.

Full Story (comments: none)

SQL-Ledger 2.8.11 released

Version 2.8.11 of SQL-Ledger, a web-based accounting system, has been announced. Changes include: "added login and password check to disallow non-alphanumeric characters. fixed update bug for AR/AP Transaction when scheduling transaction. fixed missing statement handle for restocking assembly function."

Comments (1 posted)

Tileable Models (WorldForge)

The WorldForge virtual world game project presents an article on Tileable Models. "Here is a proposal for a powerful mechanism which I think will allow is to do neat dynamic things without having to add lots of special case code, scripts or data to the client. Everyone who works with graphics should be familiar with the concept of tiles images or textures where the same image is repeated in order to cover an area large than the original image. The concept of tiled models aims to do something similar, but by rendering multiple instances of a 3D model adjacent to each other to represent a larger entity."

Comments (none posted)

Wine 0.9.52 released

Version 0.9.52 of Wine has been announced. Changes include: Improved graphics tablet support, Support for RPC context handles, Fixes for some longstanding screen depth issues, Implementation of "My Network Places" shell folder and Lots of bug fixes.

Comments (none posted)

GNUmed 0.2.8.1 released

Version 0.2.8.1 of GNUmed has been announced. "GNUmed is a comprehensive scalable software solution for electronic medical practices with an emphasis on privacy protection, secure patient centric record sharing, decision support, and ease of use. It is intended to become a sophisticated decision support system that will elevate the quality of medical care that can be delivered. Release focus: Major bugfix release".

Full Story (comments: none)

dssi-vst 0.6 announced

Version 0.6 of dssi-vst has been announced. "dssi-vst is a DSSI plugin wrapper for Win32 VST effects and instruments with GUI support, allowing them to be loaded into any DSSI host. The 0.6 release contains a single fix to a crash on startup in the vsthost program."

Full Story (comments: none)

jack-keyboard 2.2 announced

Version 2.2 of jack-keyboard has been announced. "jack-keyboard is a virtual MIDI keyboard - a program that allows you to send JACK MIDI events (play ;-) using your PC keyboard. It's somewhat similar to vkeybd, except it uses JACK MIDI instead of ALSA, and the keyboard mapping is much better".

Full Story (comments: none)

Qtractor 0.1.0 released

Version 0.1.0 of Qtractor, an Audio/MIDI multi-track sequencer, has been announced. "Since its primordial presentation on the LAC2007@TU-Berlin, almost one year ago, I guess it's finally ready for an official public release. So here it goes."

Full Story (comments: none)

wcnt 1.26-pre released

Version 1.26-pre of wcnt has been announced, many new features and improvements have been added. "wcnt is a not-real-time commandline text-file-based modular synth/sequencer/sampler for GNU/Linux to generate WAV audio files."

Full Story (comments: none)

ODF-XSLT Project Announcement

the ODF-XSLT Project has been launched. "The ODF-XSLT Document Generator is a library written in PHP 5 that brings the full power of XSLT to your OpenDocument files. It enables you to use ODF files as if they were plain XSLT templates. It also includes a few extra parsing options that allow you to edit the XSLT parts of these ODF from within your favourite office suite. ODF-XSLT is developed by Tribal Internet Marketing and is released by Lone Wolves as Free Software under the GNU General Public License, version 3."

Full Story (comments: none)

eSpeek 1.30 announced

Version 1.30 of eSpeek, a text to speech converter, has been announced. Changes include new language support, intonation changes for exclamations, new intonation style options, improved sound quality, faster speed, an option for changing gaps between words, better English support and more.

Comments (none posted)

Mozilla Links Newsletter

The January 3, 2008 edition of the Mozilla Links Newsletter is online, take a look for the latest news about the Mozilla browser and related projects.

Full Story (comments: none)

MediaInfo: 0.7.5.7 released (SourceForge)

Version 0.7.5.7 of MediaInfo has been announced. "MediaInfo supplies technical and tag information about video or audio files (MKV/AVI/MOV/MPEG1, 2, 4/M4A/M4V/MP3/AAC/RM/...) There are several versions: Graphical interface, Command line, or DLL for third-party software developers (like emule). GUI is multi-language. In this release: SWFv9, DVR-MS and DCII support and some speed improvements."

Comments (none posted)

AspeCt-oriented C (ACC) version 0.8 announced

Version 0.8 of AspeCt-oriented C has been announced. "The ACC 0.8 release includes several bug fixes and feature enhancements."

Full Story (comments: none)

GCC 4.3.0 Status Report

The January 2, 2008 GCC 4.3.0 Status Report has been published. "We are in Stage 3. When we reach 100 open regressions, we will go to regression-only mode. When we approach the 4.3.0 release, we will create a branch, and open Stage 1 for 4.4.0."

Full Story (comments: none)

Caml Weekly News

The January 8, 2008 edition of the Caml Weekly News is out with new articles about the Caml language.

Full Story (comments: none)

Gfortran annual report

The Gfortran annual report has been published. "Gfortran maintainers have kept up the momentum of 2006 and the number of known F95 bugs has gone down sharply, the diagnostic capability has increased and new F2003/8 features added. Hopefully, the contributors can continue to move forward with bug fixes, conformance to Fortran 95 standard, and the implementation of Fortran 2003/8 features. However, this needs new blood in the ranks".

Full Story (comments: none)

Haskell Communities and Activities Report

The December, 2007 edition of the Haskell Communities and Activities Report has been published. Take a look for a long list of new articles on the Haskell language.

Comments (none posted)

Announcing Brandweg: Classpath fused with OpenJDK patches

Andrew John Hughes has announced the Brandweg project. "Over the past few days, a few of us (myself, dalibor, rkennke and mjw) have been discussing the possibility of creating a project (BrandWeg) in a similar vein to IcedTea but working in the opposite direction i.e. instead of patching the binary plugs in OpenJDK with GNU Classpath code, we use OpenJDK code to fill some of the remaining gaps in Classpath."

Full Story (comments: none)

OpenSwing: 1.4.1 released (SourceForge)

Version 1.4.1 of OpenSwing has been announced. "OpenSwing is a component library that provides a rich set of advanced graphics components and a framework for developing java applications based on Swing front-end. It can be applied both to rich client applications and Rich Internet Applications."

Comments (none posted)

PHP 4.4.8 released

Version 4.4.8 of PHP has been announced. "The PHP development team would like to announce the immediate availability of PHP 4.4.8. It continues to improve the security and the stability of the 4.4 branch and all users are strongly encouraged to upgrade to it as soon as possible. This release wraps up all the outstanding patches for the PHP 4.4 series, and is therefore the last normal PHP 4.4 release."

Comments (none posted)

Cookin' with Ruby on Rails - Integration Tests (O'Reilly)

Bill Walton discusses Ruby integration testing on O'Reilly. "Paul: Hi, CB. Been fighting fires. I been trying to get over here, but I wanted Boss to come along so we could introduce him to Rails's Integration tests like you suggested. Unfortunately, he's been caught up in the same mess as me. It looks like we've got it under control now, so here we are! The upside of the last few weeks is that Boss' interest in automated tests probably couldn't be any higher than it is right now. I'm convinced we could have avoided most of this latest mess if we'd been doing the kind of testing you and I've been working on."

Comments (none posted)

Tcl-URL! - weekly Tcl news and links

The January 3, 2008 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Tcl-URL! - weekly Tcl news and links

The January 9, 2008 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

IcedTea 1.5 released with PPC support

Version 1.5 of IcedTea has been announced, it adds support for PPC and PPC64. "The IcedTea project provides a harness to build the source code from OpenJDK using Free Software build tools and provides replacements libraries for the binary plugs with code from the GNU Classpath project."

Full Story (comments: none)

CTK: Version 0.73 is released. (SourceForge)

Version 0.73 of Cell ToolKit has been announced. "CTK (Cell ToolKit) is a C/C++ toolkit library for multi-core programming on the Cell/B.E. We're pleased to announce the release of CTK Version 0.73, a minor bug-fix release of the CTK v0.7X."

Comments (none posted)

OpenVRML: 0.17.2 (SourceForge)

Version 0.17.2 of OpenVRML has been announced. "OpenVRML is a cross-platform VRML and X3D browser and C++ runtime library. OpenVRML 0.17.2 has been released. This release fixes a crash in relative URL resolution and enables support for gzip-encoded VRML/X3D in openvrml-player."

Comments (none posted)

GIT 1.5.3.8 released

Version 1.5.3.8 of the GIT distributed version control system has been announced. "Hopefully this will be the last maintenance of 1.5.3 series, as we are nearing -rc3 on the 1.5.4 front."

Full Story (comments: none)

Is Red Hat still relevant? You bet. (Montana Linux)

Scott Dowdle examines the continued relevance of Red Hat. "I recently attended a Linux Installfest and the primary distribution recommended by those heading up the event was Ubuntu. That's all well and good but during their Linux dog-and-pony-show a statement was made regarding Red Hat that struck me. I don't recall the exact wording that was used but it was something along the lines of... Red Hat used to be very popular but not anymore. I wasn't really offended by the statement nor do I completely disagree with it... but a lot remains to be said about the importance of Red Hat within the Linux community. Red Hat is certainly king in the "Enterprise" space with Novell a respectable second."

Comments (2 posted)

Signposts of GNU/Linux Growth in 2007, Part 2 (Datamation)

Datamation's Roy Schestowitz completes his survey of areas of Linux growth in 2007. "Another important mistake is to assume that all GNU/Linux servers are sold, as opposed to deployed. As stated earlier, Google is estimated to have approximately one millions servers, but the number remains unknown due to corporate secrecy. Google is able to build and even distribute its own servers, so such server usage can easily go below the radar of industry analysts, whose definitions are strictly controlled by those who commission studies for vanity and marketing purposes."

Comments (none posted)

CES 2008: GP2X Linux-Based Handheld Game Console (Wired)

The folks at Wired found a fun Linux-based gadget at the Consumer Electronics Show which starts today in Las Vegas. It is a games console in a Playstation Portable form factor that looks rather interesting. "Unfortunately, no actual games were installed on it to see how it performed, but just getting to fondle it fills me with determination: I shall acquire one and exhaustively test it. Wikipedia says it runs other emulators up the Wazoo: everything from the Amstrad to original arcade games."

Comments (2 posted)

Intel Leaves Group Backing Education PCs (NY Times)

The New York Times reports on Intel's decision to part ways with the OLPC project. "On Thursday an Intel spokesman said the company shared with O.L.P.C. the vision of putting computers into the hands of children, but the two were not able to work out what he described as 'philosophical' differences."

Comments (12 posted)

Old-school SUSE executives take over Open-Xchange (Linux-Watch)

Linux-Watch looks at the new management at Open-Xchange. "Rafael Laguna, who played a major role in merging SUSE with Novell, is now Open-Xchange's president and CEO. And former SUSE CEO Richard Seibt is now OX's chairman of the board. While at SUSE, Laguna and Seibt worked closely together and are widely credited for helping SUSE's transformation into one of the world's major Linux distributors."

Comments (6 posted)

Open source infiltrates government IT worldwide (LinuxWorld)

LinuxWorld talks with the directors of a couple of organizations dedicated to promoting open source in governments. "The Munich migration is the largest public sector complete migration in Europe. Approximate size is 16,000 users, 14,000 desktops, 300 pieces of software including 170 business applications. It is a complete migration, both server-side and desktop side. The server-side is built around Open LDAP and Samba. The desktop, around Debian and KDE. The migration has now reached the halfway stage, and is due to complete in 2009. 5000 workstations are running Open Source on top of Microsoft Windows, 660 have taken the next step to Linux, and almost a third of all users are now trained to use Open Source."

Comments (9 posted)

The Haven for Linux (VietNamNet Bridge)

The VietNamNet Bridge reports that Linux use is growing locally. "Not so much popular as Microsoft, but Linux will surely win the top place on the local market, following instructions from the Government and other central agencies promoting the use of open source software this year. So leading computer manufacturers have begun to install the Linux operating system on PCs supplied to all State agencies and schools."

Comments (none posted)

OLPC Tells Nigerian Court: We Don't Use LANCOR's Keyboard (Groklaw)

Groklaw follows the OLPC vs. LANCOR case. "I'll show you the filings in the Nigerian case, but you can sum them up like this: OLPC doesn't use LANCOR's keyboard, its keyboards are based on public domain techniques, and the plaintiffs misled the court in a number of particulars to get an injunction it doesn't deserve. OLPC asks that the case be tossed, describing it as "wholly incompetent, vexatious and a gross abuse of the process of court"."

Comments (none posted)

Interview with OLPC's Founding CTO Mary Lou Jepsen, by Sean Daly (Groklaw)

Groklaw has an interview with Mary Lou Jepsen. "Mary Lou Jepsen will go down in history as the founding Chief Technology Officer of One Laptop Per Child. She has recently announced that she is starting her own for-profit company, Pixel Qi, to commercialize some of the technologies she invented at OLPC while extending them. She calls it "a spin-out from One Laptop per Child." And so naturally we had questions. Does this mean we will all soon be able to get an XO-like laptop for adults, no matter where we live? Sean Daly had the opportunity to conduct an email interview with Jepsen, and so we were able to get some answers to that and many other questions."

Comments (1 posted)

Bruce Almighty: Schneier preaches security to Linux faithful (ComputerWorld)

The Australian ComputerWorld interviews Bruce Schneier, who will be doing a keynote talk at linux.conf.au. "The most important thing Linux has done to improve security is to be competition for Windows. Monopolies are complacent, and by being an alternative, Linux forces Microsoft to improve its own operating system."

Comments (1 posted)

On the record with Jim Whitehurst, Red Hat's new CEO: 'I must have a mission' (CNET)

Over at CNET, Matt Asay interviews new Red Hat CEO Jim Whitehurst. Many will be as surprised as Asay at the free/open source software ideals coming from someone with seemingly no connection to that world. Whitehurst comes from Delta Airlines. "Red Hat appealed to me. Red Hat is different. By doing well as a company at Red Hat, we are doing good. Open source is a way to focus on the customer, letting us grow, succeed, and change the technology landscape...all while doing something that is fundamentally good. Fighting for open standards and open formats. These things will change society. I'm thrilled to be here."

Comments (3 posted)

Application development for the OLPC laptop (IBM developerWorks)

IBM developerWorks presents a tutorial on programming the OLPC. "In this tutorial, you learn about the XO laptop and how to write a Python activity using the Sugar UI. Along the way, you learn more about the XO laptop, its architecture, internals, and use."

Comments (none posted)

Wistron Shows Google Android Phone (PC Magazine)

PC Magazine plays with a phone that may become the first Android phone. The GW4 from Wistron will be running the Android software by March – which could make it the first – though the version described runs MontaVista Linux. "The GW4 we saw had surprisingly low specs, but that's a testament to the efficiency of Linux, Wistron execs said. The GW4 is based on a TI OMAP 1710 chipset with a 216-MHz processor and only 64 MB of program memory, yet the model we saw ran the Opera Web browser, played video and flipped between a range of Web widget applications like weather and stocks. The user interface was very responsive."

Comments (13 posted)

Tiny UMPC runs Linux (LinuxDevices)

LinuxDevices.com takes a look at ultra-mini PCs from LimePC. "A Chinese firm will introduce a line of Linux-based ultra-mini PCs (UMPC), one of which is said to be the size of a pack of playing cards. LimePC says its self-named product suite will be based on Freescale Semiconductor's MPC5121e system-on-chip (SoC). Although details are sketchy, the LimePC products will include "UMPCs, pad-style PCs with large touchpad LCD screens, notebook and desktop PCs, and mini-ITX developer kits," says Beijing-based Tsinghua Tongfang (THTF). THTF's Korean subsidiary, LimePC, is designing the products. The products will all be equipped with one or more MPC5121e processors, and will offer USB 2.0, 802.11g WiFi and Bluetooth 2.1, as well as 10/100 Ethernet for the desktop models."

Comments (6 posted)

New Hack Could Enable Linux on the Wii (Wired)

This Wired blog features a video that describes an effort to open up access to the Nintendo Wii game platform. "Wii fans hang on to your hats, as the video above explains, hackers have found a way around the Wii's encryption keys which opens the widely popular console up to home brewed games, open source ports and potentially even a full version of Linux running on your Wii. The video comes from the 24th Chaos Communication Congress and demonstrates a Wii console running arbitrary code. As Tysoe_J explains in the WiiLi forums, “Nintendo wouldn’t be able to patch this with a firmware update,” since doing so would also break the backwards compatibility with with Game Cube games."

Comments (1 posted)

2008: Not the year of the Linux desktop (iTWire)

Sam Varghese attempts to define what the year of the Linux desktop really means, in an iTWire article. "What exactly do people mean when they say that a particular year will be the year of the Linux desktop? Do they mean that the number of people using Linux on the desktop will outnumber those using Windows? Even the most ardent Linux advocate and fanboy would say no. Then is the year of the Linux desktop, the year when Linux becomes a mainstream operating system, the year when it is offered for sale by big computer sellers and resellers? If so, 2007 fits the bill very well with even Dell starting to sell both desktops and laptops with Linux installed."

Comments (12 posted)

Evaluating prospects for Linux growth in 2008 (ars technica)

It may not be the Year of the Linux Desktop, but this article has some predictions for growth in 2008. "Vast legions of open-source software enthusiasts and industry analysts eagerly proclaim every twelve months that the elusive Year of the Linux Desktop is finally upon us. These prognosticators imagine scenarios in which the disgruntled techno-proletariat casts off the grim shackles of Microsoft oppression and embraces the sweet liberation of peerless, penguin-powered performance and productivity. Although these prophecies have obviously yet to be fulfilled and Linux adoption on the desktop remains limited, the open-source OS is rapidly gaining immense traction in the mobile and embedded space."

Comments (none posted)

Open Source Applications Foundation restructures

The Open Source Applications Foundation, which still plans to produce the "Chandler" personal information manager someday, has announced a set of changes. Founder Mitch Kapor is moving away from the foundation, and will not be funding it at the same level. "OSAF will maintain a smaller staff during the next phase of the project. While figuring out the new funding model, it is prudent for the organization to reduce expenses. OSAF's paid staff will go from 27 people to 10 people. While I expect that most former staff members will move on to other endeavors, we certainly welcome them to remain involved with OSAF and Chandler in some capacity. Developers will retain commit privileges, for example."

Full Story (comments: 5)

Everex Unveils CloudBook Ultra-Mobile PC at CES

Everex has announced a new Ultra-Mobile PC. "Measuring 9" in length and 2 pounds in weight, the Everex CloudBook caters to users seeking the latest in mobile computing. With its 1.2GHz VIA C7-M ULV mobile processor, the laptop averages 5 hours of battery life on a 4-cell, lithium-ion battery. Unlike many of its competitors, the CloudBook also features 30GB of internal storage, digital video output (DVI-I), 4-in-1 card reader and 1.3MP webcam."

Comments (none posted)

Guardian Digital promotes Least Privilege security

Guardian Digital is promoting the Least Privilege security method. "Guardian Digital, the developer's behind EnGarde Secure Linux, the worlds first open source security platform, are announcing today that 2008 will showcase a huge resurgence in the exposure and awareness of 'least privilege' engineering as a metric for vendor security. The company states this future re-emphasis on application access is likely, especially considering the increased effectiveness of targeted phishing attacks made possible from social networking sites."

Full Story (comments: none)

John Lilly becomes Mozilla Corp. CEO

From current Mozilla Corp. CEO Mitchell Baker's blog, comes the announcement that she will no longer be the CEO. She is moving into a different role within the organization and current COO John Lilly will be the new CEO. "As a result I've asked John to take on the role of CEO of the Mozilla Corporation, and John has agreed. In reality John and I have been unconsciously moving towards this change for some time, as John has been providing more and more organizational leadership. It is very Mozilla-like to acknowledge the scope of someone's role after he or she has been doing it for a while, and this is a good part of what is happening here."

Comments (16 posted)

OpenMoko Launched as Mobile Device Company

OpenMoko has announced its incorporation. "OpenMoko, creator of the first completely integrated open source mobile platform, today announced it is now a separate company of world leading motherboard, graphics and mobile manufacturer, FIC."

Full Story (comments: none)

Open-Xchange announces new CEO and board positions

Open-Xchange has announced a new CEO and a new board of directors member. "Open-Xchange Inc., the leading independent provider of open source collaboration software, today named co-founder and chairman of the board, Rafael Laguna as the company's new president and CEO. Former SUSE CEO and Open-Xchange board member Richard Seibt becomes chairman of the board. The company also announced that former Nixdorf CEO Bernhard Woebker joined the board of directors as a new member."

Full Story (comments: none)

Purple Labs Joins LiMo Foundation

Purple Labs has announced its joining with the LiMo Foundation. "Purple Labs, a leading supplier of embedded Linux solutions for mobile phones, announced today that it has joined the LiMo Foundation and will support the organisation's mission to develop a world-class Linux-based software platform for mobile devices. In joining the LiMo Foundation as an Associate member, Purple Labs becomes the first commercial Linux platform for feature phones in the consortium, thereby extending the LiMo initiative to mass-market mobile handsets."

Full Story (comments: none)

Splashtop shipping on ASUS motherboards

DeviceVM has announced the availability of its Splashtop platform on four new ASUS motherboards. "Built into a computer's motherboard, Splashtop uses Linux to run users' favorite programs seconds after they turn on their computer. Programs included in Splashtop are customized for each manufacturer. In the case of ASUS Express Gate, they include a web browser, Skype, a VoIP and Instant Messaging client and the ability for ASUS to update Splashtop remotely. "We've seen a great response to our initial Splashtop products and we're excited to be partners with an innovative leader like DeviceVM," says Jackie Hsu, President of ASUS Computer International."

Comments (none posted)

Head First JavaScript and Head First Software Development--New from O'Reilly Media

O'Reilly has published the book Head First JavaScript & Head First Software Development by Dan Pilone and Russ Miles.

Full Story (comments: none)

Install, Configure, Manage and Administer Xen Servers with New book on Xen

Xen Virtualization is a new book from Packt Publising that helps Linux administrators to use Xen virtualization for development, testing, virtual hosting or operating systems training. Written by Prabhakar Chaganti this book is a practical guide for supporting multiple operating systems with the Xen hypervisor.

Full Story (comments: none)

451 Group: Open source funding fell in 2007

The 451 Group has put up an article on the fall in funding for open source companies in 2007. "Disclosed funding deals were down 40.7% to $323.87m for the full year, compared to $546.3m in 2007. While a reduction in funding had been expected after the huge levels seen in 2006, a dramatic reduction in funding during the fourth quarter meant that total funding for 2007 was also lower than the $334.82m raised in 2006."

Comments (3 posted)

An Open Software License 3.0 explanation

Lawrence Rosen has posted a lengthy explanation (and advocacy piece) on version 3.0 of the Open Software License. "Compare the patent provisions of OSL 3.0 to the patent provisions of the GPL variants; OSL 3.0 uses simpler and more precise language and reflects no political, anti-patent agenda. Further, it recognizes and respects patents and licenses them appropriately for open source purposes."

Comments (8 posted)

LinuxQuestions.org Members Choice Awards voting is open

The LinuxQuestions.org Members Choice Awards is accepting votes until February 21. "The Members Choice Awards allow the Linux community to select their favorite products in a variety of categories. Awards will be given out in 27 categories this year, including Server Distribution of the Year, Desktop Distribution of the Year, Browser of the Year, Office Suite of the Year, Desktop Environment of the Year and Database of the Year."

Full Story (comments: none)

Fosdem 2008 GNOME devroom call for talks

A call for talks has gone out for the GNOME devroom at FOSDEM 2008. "As for the last few years, we'll have a GNOME devroom at FOSDEM (23/24 feb in Brussels), and as always, we're looking for people who want to give talks in that devroom. This year, the half day dedicated to cross desktop talks has been extended to cover the whole Sunday, though talks that are appropriate for that day go from talks about actual cross desktop topics to talks which are gnome/kde specific but can be of interested to the other communities." Submissions are due by January 27.

Full Story (comments: none)

LinuxWorld San Francisco call for papers

The LinuxWorld conference and expo has put out a call for papers. The conference will be held in San Francisco in August 2008. "LinuxWorld Conference & Expo is the world’s most comprehensive marketplace for open source products and services. Combining in-depth educational sessions with displays of innovative products and solutions on the exhibit floor, LinuxWorld provides business decision-makers with information and resources to implement Linux and open source solutions into business infrastructure and enterprise networks."

Comments (5 posted)

PostgreSQL Conference East: Call for Papers

A call for papers has gone out for the PostgreSQL Conference East. "PostgreSQL Conference East is being held on the weekend of March 29th and 30th, 2008 in College Park, Maryland. The conference will have a series of talks, mini-tutorials and tutorials and we are now accepting submissions!"

Full Story (comments: none)

The Open Group announces additional presenters at EAP Conf

The Open Group has announced new speakers for the EAP Conference. "The Open Group, a vendor- and technology-neutral consortium focused on open standards and global interoperability within and between enterprises, today announced an expanded lineup of keynote presenters, panel discussions and expert case studies for its highly anticipated 17th Enterprise Architecture Practitioners Conference. David Linthicum, managing partner for ZapThink, will return to deliver the opening keynote address at the conference, to be held January 28-30, 2008 at the Fairmont Hotel in San Francisco. In addition, the plenary sessions will include end user panels and case studies featuring American Express, HSBC and Marriott International."

Comments (none posted)

What's new in PostgreSQL 8.3 - Breakfast with Bruce Momjian

PostgreSQL Community leader Bruce Momjian will be holding a group breakfast on January 24 in London, UK. "If you're interested in chatting about 'What's New in PostgreSQL 8.3', or just enjoying breakfast with peers, join PostgreSQL Community leader Bruce Momjian to learn more at this upcoming event. With the imminent general release of PostgreSQL 8.3, this is an ideal opportunity for PostgreSQL users and community members to learn more about the improvements being made to further strengthen the PostgreSQL solution."

Full Story (comments: none)

Podcast: LF interviews Linus Torvalds

The Linux Foundation has announced the launch of a series of podcasts with "open source visionaries"; the first such visionary is Linus Torvalds. The first half of the interview is available now (in MP3 or Ogg format); a transcript has also been posted. "I try to avoid using the word community because it's misleading in so many ways. It's misleading in the sense there is no one community; it's everybody tends to have their own issues that they care about and they may - may or may not have anything to do with another person who's ostensibly in the same community."

Comments (13 posted)