|
|
Subscribe / Log in / New account

LWN.net Weekly Edition for July 3, 2008

More DTrace envy

By Jake Edge
July 2, 2008

Nearly a year ago, we looked at the status of SystemTap in the context of Sun's much-hyped DTrace tool. Since that time there has been progress, but the basic problem still remains: Linux does not have a good, ready-to-run answer to those wanting the equivalent functionality of DTrace. Due to an apparent disconnect between the developers of SystemTap and the kernel hackers, tracing for the Linux kernel—never mind user space programs—is not up to the competition.

Both SystemTap and DTrace are tools meant to help administrators track down performance and other problems on production systems by instrumenting the kernel. Because SystemTap has not matured to the point of easy usability, DTrace is often seen as a prime differentiator between Linux and Solaris. In a posting to the ksummit-2008-discuss mailing list—where Kernel Summit topics are considered—Matthew Wilcox brought up the subject based on his experience at a recent PostgreSQL conference:

There was a lot of buzz around DTrace. Sun and a couple of other companies have put DTrace hooks into postgres, so they now have some really useful canned queries. If you're running Solaris or MacOS, of course.

So there was a lot of talk about switching away from Linux. This can't possibly be a good thing for us. I don't personally know what the state of our competing projects are, but clearly they haven't got their hooks into postgres ... at least not upstream.

Typically Linux has been in the forefront of interesting new technologies for free operating systems. When Sun opened up Solaris, though, a few features jumped ahead of their Linux counterparts, in particular the ZFS filesystem and DTrace. SystemTap is supposed to provide the tracing functionality while Btrfs is the leading candidate for a "next generation" filesystem. But, so far, SystemTap has not lived up to its potential.

There are a few reasons for disappointment with SystemTap, some of which were pointed out by James Bottomley:

When I go around end users, I find people in two camps: The ones who've drunk the sun coolaid and won't take anything on linux that isn't a fully replicated dtrace (sort of like windows people who demand the availability of outlook on linux) and people who are migrating to Linux and trying to use systemtap for tracing. These latter seem to have a number of genuine concerns including latency, the time it takes to actually go from command executing to functional trace, the inability to trace user programs (dtrace can) and concerns about the amount of perturbation the probes actually place inside the kernel.

Those are all valid concerns, but the biggest problem for users is that, unless they are knowledgeable about kernel internals, it is difficult to know how to use SystemTap. A more simplified interface, one that is less reliant on kernel internals, needs to be created; the way to do that is through the placement of static trace points in the kernel and the creation of "tapsets" to make them easily usable. The SystemTap developers think the kernel hackers are in the best position to do that work. Ted Ts'o agrees but sees some barriers:

The big thing that are missing are the tapsets — the macro libraries that allow a system administrator to use it to find and solve performance problems without being a kernel developer, and more importantly, the documentation for said macro libraries so a system administrator can actually use it.

[ ... ] the real problem isn't as much kernel developers, it's that (a) it's too hard for many kernel developers to use (and so many kernel developers are [not] using it), and (b) there aren't enough tapsets. The latter is something that kernel developers can help solve, but unfortunately I'm not sure discussing it at the Kernel Summit will necessarily lead to making forward progress.

If the kernel developers have trouble using SystemTap, they are unlikely to add the tapsets that would make it more usable for system administrators and others who have some general kernel knowledge but not enough to sensibly instrument it. For people using distribution kernels—at least for the enterprise distributions and Fedora—it is only somewhat painful to get SystemTap up and running. But kernel hackers tend to run their own kernels, often many different versions in a short period of time, so they need to be able to be easily build one that works with SystemTap and includes all of the debugging information that it requires.

SystemTap developer Frank Ch. Eigler has a long reply to many of the complaints in the thread. It seems clear that the SystemTap folks and the kernel hackers have not been communicating—there are solutions to many of the problems that were cited. They are in various states of readiness, but are mostly working. So SystemTap is most of the way there for kernel tracing as long as you are well-versed in kernel internals, but that has been true for some time.

In order to get SystemTap to where it needs to be, the kernel hackers need to be involved. Building the infrastructure and waiting for tapsets to magically appear is not a recipe for success. The SystemTap hackers need to be engaging the kernel community, as well as distributions, to make the tool into something that gets used.

SystemTap can use static probe points, kernel markers—merged into 2.6.24—but it is notable that no one has, as yet, made use of them. A concerted effort needs to be made to make the tool more usable for the kernel developers who can, in turn, help make it more usable for others. There is a clear problem when folks like Ts'o regularly try, but find it too difficult to be useful:

But maybe as more people try using it, they'll discover some of these rough edges, and will start trying to fix it. Every couple of months, I've tried using it, and because it [h]as so many rough edges, I've normally found it less work to debug the kernel using manual methods rather trying to make Systemtap work on my system and with my kernel development workflow.

It is a commonly heard complaint that while SystemTap is difficult to use, DTrace "just works" for Solaris; Eigler responds:

Yeah, so I hear, but think about how different their target environment is. Their kernel hardly changes (several fixed APIs, ABIs): this has huge implications. Their kernel was willing to insert probes (~ markers), a bunch of build system changes (debug info subset transcribing). Here in linux land, we suffer multifaceted tensions and it is hard to go toward a goal without obstructions (well-meaning as they may be).

A bunch of third-party scripts are often conflated with "dtrace", which is just a matter of growing the user community enough, and giving them a good tool to build on top of. A growing set of runnable end-user scripts is already packaged with systemtap, intended for use by nonexperts, more help (e.g. concise problem statements about what you'd like to measure/see) would be welcome.

Many administrators and other users of tracing facilities are not necessarily interested in kernel-level tracing, but would really like to be able to use the instrumented versions of things like PostgreSQL. That is in the plan according to Eigler: "We aim to piggyback on these efforts by reusing the dtrace instrumentation calls embedded into postgres etc., if at all possible."

Until the rough edges can be smoothed on the kernel side, Bottomley wonders if it even makes sense to start considering user space:

Although there are differing opinions about what systemtap could and should do, it's clear that it's not working incredibly well for its design space: the kernel, so talking about extending it to userspace is a premature.

DTrace sounds like a nice working solution that has many uses and many happy users. If one can ignore the self-congratulatory postings from its lead developer, it might be worth having in Linux, but that simply is not going to happen. Paul Fox is working on a port of DTrace to Linux, but that ignores the licensing realities that would never allow it to become part of Linux. It also ignores the difficult path a DTrace port would face getting merged into the mainline. (We hope to have an article from Mr. Fox on his DTrace porting work soon, stay tuned).

For all of the talk out of Sun about how they would love to make DTrace a part of Linux, they clearly made a choice to ensure that could not happen. Even if any technical barriers were lifted, the CDDL is not compatible with the GPL. It is perfectly fine as a free software license, but if you wish to get things into Linux, they must be licensed in a GPL-compatible way. This was well understood at the time Sun freed Solaris, so this must have been a conscious decision. Given how much their marketing organization likes to tout DTrace, it would seem to be a choice that Sun is quite happy with.

Linux will eventually get the tracing support it needs, in a way that is easily accessible to users, but it may take some time. Conversations like the recent one on ksummit-2008-discuss are an important part of getting there. It would appear that better support for the use cases of kernel developers will be forthcoming. It is mostly a matter of documentation along with simplifying some of the building and installation issues. Once the kernel hackers actually start using it, progress is likely to be fairly swift.

This is the way free software development works; it generally does not track a straight path to a solution, but often wanders about in the solution space for a while. It is highly unlikely that a development like DTrace could have come about in the way that it did in a true community-developed operating system. For that you need everyone pulling in the same exact direction, which may be why Sun is reluctant to turn over much of the governance of Solaris to the community. That may help them develop things more quickly, because there will be fewer barriers, but it won't help them to foster the kind of development community that characterizes Linux.

Comments (84 posted)

Mozilla plans for Firefox 3 and beyond

July 2, 2008

This article was contributed by Lisa Hoover

The gift wrap is scarcely off Firefox 3 and the Mozilla community is already looking toward its next update. The first alpha release of Firefox 3.1, codenamed Shiretoko, may be released as early as this month, while its final release might see the light of day by year's end. Let's take a look at where this popular Internet browser is headed in the coming months, and what new features users can expect to see.

Several features were nearly included for Firefox 3.0 but didn't make the cut because they weren't completely ready. New features expected to be in version 3.1 include a history and bookmark organizer with unified search and smart folder capabilities, and visual tab switching that shows thumbnail images of the web sites opened in each tab when moused over, both of which were abandoned in lieu of other, more critical features.

According to an email sent to the mozilla.dev.planning mailing list, Mozilla's Vice President of Engineering, Mike Schroepfer, says there are other features expected to make it into version 3.1. For instance, native JSON DOM bindings (preferred by web developers over its JavaScript counterparts), an improved Awesomebar, support for cross-site XMLHttpRequest for the development of more powerful web applications, and better system integration are a few of the features Mozilla is anxious to get into the hands of users.

Schroepfer says, "This, along with the overall quality of Gecko 1.9 as a basis for mobile and the desire to get new platform features out to web developers sooner has [led us] to want to do a second release of Firefox this year."

In the event a feature isn't ready for version 3.1's targeted ship date, Schroepfer says rather than hold the release, it will simply be included in the next major release instead.

In a recent blog post, Schroepfer says the new decision to aim for shorter, date-driven release cycles is in large part due to Mozilla's desire to "deliver releases of the quality and impact of Firefox 3 with much greater frequency". More frequent indeed; the gap between the release of Firefox 2.0 and 3.0 was almost two years.

Not surprisingly, Firefox 4 is expected to usher in a whole host of changes, not the least of which is the introduction of Mozilla2, "an extensive update to the Mozilla platform to feature highlights like ActionMonkey, the merge of Mozilla's JavaScript engine (SpiderMonkey) and Tamarin, Adobe's JavaScript virtual machine open-sourced in late 2006."

Details of the features expected to ship with Firefox 4 are sketchy, but the Vice President of Mozilla Labs, Chris Beard, has two projects currently under development that he'd like to see included: Weave and Prism.

Weave is similar to the wildly popular browser synchronization add-on, Foxmarks. While Foxmarks only syncs an individual's bookmarks across machines, Weave's goal is to replicate a user's entire browsing experience — including bookmarks, favorites, passwords, and preferences — no matter where they access the Internet.

Prism takes aim at Google Gears by making browser functionality available even while offline. Previously known as WebRunner, Prism is based on an idea called site specific browsers (SSB) and is already implemented in Fluid for Mac OS X, Adobe Air, and Microsoft Silverlight. Prism team member Matthew Gertner explains, "Rather than running programs in normal web browsers like Firefox or Safari, wedged in a tab between New York Times articles and TechCrunch posts, each app is given its own dedicated browser, which is customized to include many of the desktop features that users know and love." For a taste of what Prism can do within Firefox 3, download this extension.

Of course, one of the biggest questions on the minds of many people these days is: what's up with the mobile version of Firefox? Although it looks like there's a ways to go before Mobile Firefox turns up on your Razr or BlackBerry, the rapid release cycle of Firefox will help push the project along. Schroepfer says, "There are already devices shipping with early versions of Gecko 1.9 at the core. More are coming soon and we'll be releasing milestones of full branded versions of Firefox (with XUL and the Firefox team taking a lead in the user experience) later this year. This lines up well with Firefox 3.1 and a synchronized release schedule will make everything run more smoothly."

The development team is working on sorting through some of the basic differences among mobile devices such as a touch screen versus non-touch screen interface, virtual versus tactile keyboards, and so on. If you're interested in trying out the prototypes, they're available on the team's wiki page.

Firefox 3 has been downloaded more than 8 million times since its release on June 17th, and more than 90% of users download the latest version of the browser within 7 days of its release. Clearly, Firefox has a large and growing user base, no doubt due in large part to Mozilla's willingness to offer new and useful features in a timely fashion.

Comments (12 posted)

Netgear's open router

By Jonathan Corbet
July 2, 2008
Your editor was recently reminiscing about an early stage of his career, which involved the administration of a VAX 11/780 computer. The VAX was a highly successful product, as was its native operating system VMS. Quite a few VAX customers chose to do without VMS, though, and put early versions of BSD Unix on them instead. Digital Equipment Corporation never entirely appreciated those customers. To DEC, every BSD installation looked like a lost VMS service contract.

The company should, instead, have seen those installations as an extra sale gained as a result of the VAX's ability to run a nice operating system.

Almost 30 years later, some parts of the computing industry have come to understand that there is value in selling hardware which can run operating systems provided by others. Microsoft made that point in a big way, of course, but there are also significant parts of the industry which benefit from making systems which can run Linux - and, in particular, a version of Linux which is not necessarily supplied by the vendor.

But other sectors still seem to see the ability for the customer to put (or replace) Linux on their systems the way DEC saw Unix in the early 1980's. They see no value in letting their customers make changes to their systems, choosing instead to lock those systems down and keep total control. Embedded systems are often singled out as an example of this type of behavior, and vendors of small routers tend to be especially inclined in this way. It is not a coincidence that a substantial portion of the high-profile GPL-enforcement cases to date have involved consumer-level routers.

Some vendors, at least, are getting smarter and doing what they need to do to avoid licensing problems. But relatively few of them welcome customers who want to replace the software on "their" devices. There are exceptions, though, and their number just grew with this announcement from Netgear. The WGR614L router looks like a fairly straightforward consumer wireless router, with the usual set of features. LWN readers will doubtless be glad to hear that it is "Works with Windows Vista" certified. It has a four-port Ethernet switch, an 802.11g access point, and a mighty 240 MHz CPU and 16MB of RAM. All of the stuff one would expect from an inexpensive desktop device.

But what makes this device interesting is that it's designed to be open and hackable. The source code for the factory-installed firmware is available from Netgear's community web site; it's amusingly packaged as a zip file containing a single, compressed tarball which, in turn, holds a bleeding-edge 2.4.20 kernel tree. But anybody wanting something a bit more contemporary and community-oriented can replace that firmware altogether with a package like Tomato or DD-WRT; indeed, Netgear almost seems to encourage its customers to do so.

Every one of those customers then gets the benefit of the effort which has gone into the development of those router distributions - with little effort required on Netgear's part. Those customers can improve this platform and make their changes available to other customers; that makes Netgear's hardware more valuable. If there are bugs in the system, a single motivated customer can fix them and make those fixes available to everybody else. And all of this comes at almost no cost to Netgear.

It is always fun to see Linux turn up in new places. It's now a routine experience to realize that one's new television, camcorder, music player, or automobile runs Linux. But locked-down, Linux-based devices are not far removed from the fully proprietary systems which preceded them. Whether or not one agrees that locking down systems in this way is legally or morally defensible, it's easy to conclude that it is undesirable. A Linux system which is cast in concrete loses a part of the vital energy which makes Linux what it is.

So it is always a welcome development when a vendor decides to take a more open path. With any luck at all, the wider public will eventually realize that more open devices are more powerful devices, and, as a result, such devices will prove more successful. That is the path that brings us more control over our systems and, eventually, to World Domination.

Comments (19 posted)

Page editor: Jonathan Corbet

Security

Ruby security flaws expose release process problems

By Jake Edge
July 2, 2008

Some serious integer overflows in the Ruby language were recently discovered and fixed, but the process has left some in the community unhappy about how it was done. One of the biggest problems was that the official patched versions of the language broke its signature application: Rails. The overflows may lead to arbitrary code execution which left some users in a quandary, trying to decide whether to close known holes in the language or to keep their web applications running.

There still seems to be some question about whether the holes are exploitable or not, but one thing is abundantly clear: they were fixed in the public CVS several days before any kind of security announcement was made. It was made worse by referring to the CVE numbers in the commit message. For anyone looking for a possibly exploitable Ruby flaw—one that had yet to be publicly announced—that would be a glaringly obvious place to start.

When a release and announcement went out, some of the versions specified would cause Rails, the web application framework, to segfault. No new updates have been posted to the Ruby language web site leaving distributions and users to fill in the gap. Some frantic scrambling can be seen on a thread on the ruby-talk mailing list as folks with production Rails applications cast about for solutions.

Part of the problem may stem from the number of separate language versions the Ruby team is trying to support. Three stable versions (1.8.5, 1.8.6, and 1.8.7) as well as one development version (1.9.0) are all affected by these vulnerabilities. Unfortunately, all four of the updated packages had one or more problems that either didn't fix all of the vulnerabilities or broke Rails. Those are still the versions suggested as a fix as of this writing.

The new versions were based on the latest code in the CVS tree which evidently had not been tested completely. There are several test suites available for Ruby and Rails that would have caught these problems, but they apparently were not run. It is certainly important to get security fixes out quickly, but introducing other vulnerabilities and/or incompatibilities with existing code is a rather high price to pay. As is waiting ten (and counting...) days for a proper fix from upstream.

For the most part, Linux distributions have resolved the problem for themselves by either backporting the fixes into the version they already support or by fixing the updated version provided. For example, Fedora 9 has done three separate releases to fully resolve the problem, the first to upgrade to the suggested upstream version (1.8.6p230), a second to resolve a segfault introduced somewhere between p114 and p230, and a third to handle the problem of Rails being broken.

There is some indication that the Ruby team does not consider the flaws to be exploitable for code execution but, if so, they are still clearly denial-of-service vulnerabilities. The continued silence, at least on the official website, should also give one pause. The release process for Ruby seems to have fairly serious holes in it. This has caused some to issue a plea for a release process on the ruby-core mailing list.

In addition, Dominique Brezinski claims that these bugs or some that were closely related were disclosed several years ago (see comment 43) and essentially ignored at that time. This is disconcerting for a language that is being increasingly used in web applications and other internet-facing services. One can only hope that this incident will serve as a wake up call to the Ruby developers. Failing that, if additional incidents like this occur, it may instead serve as a wake up call for those who depend on Ruby.

Comments (3 posted)

Brief items

The web browser "insecurity iceberg"

Stefan Frei and company have posted the results of a lengthy survey on web browser security, looking, in particular, at how many users were running versions without known vulnerabilities. "[W]e discovered that at most 83.3% of Firefox users, 65.3% of Safari users, 56.1% of Opera users, and 47.6% of Internet Explorer users were using the latest most secure browser version on any day between January 2007 to June 2008... Despite the single-click integrated auto-update functionality of Firefox, rather surprisingly, 16.7% Firefox users (one out of six) continue to surf the Web with an outdated version of the Web browser." But the real problem, they say, is with insecure plugins.

Comments (26 posted)

New vulnerabilities

firefox: multiple vulnerabilities

Package(s):firefox CVE #(s):CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2806 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 CVE-2008-2811
Created:July 2, 2008 Updated:January 8, 2009
Description: Versions 1.5 and 2.0 of the firefox browser suffer from a long, scary list of vulnerabilities; see the Ubuntu or Red Hat advisories for the full story.
Alerts:
Mageia MGASA-2012-0176 iceape 2012-07-21
Debian DSA-1697-1 iceape 2009-01-07
Fedora FEDORA-2008-6706 thunderbird 2008-08-07
Gentoo 200808-03 mozilla-firefox 2008-08-06
Fedora FEDORA-2008-6737 thunderbird 2008-08-07
Mandriva MDVSA-2008:155 mozilla-thunderbird 2008-07-25
Red Hat RHSA-2008:0616-01 thunderbird 2008-07-23
Slackware SSA:2008-198-01 mozilla 2008-07-17
Slackware SSA:2008-191-03 seamonkey 2008-07-10
SuSE SUSE-SA:2008:034 MozillaFirefox 2008-07-11
Fedora FEDORA-2008-6193 seamonkey 2008-07-08
Fedora FEDORA-2008-6196 seamonkey 2008-07-08
rPath rPSA-2008-0216-1 firefox 2008-07-08
Ubuntu USN-629-1 mozilla-thunderbird, thunderbird 2008-07-25
CentOS CESA-2008:0616 thunderbird 2008-07-24
Mandriva MDVSA-2008:155-1 mozilla-thunderbird 2008-07-27
Debian DSA-1621-1 icedove 2008-07-27
Debian DSA-1615-1 xulrunner 2008-07-23
Slackware SSA:2008-198-02 seamonkey 2008-07-17
Slackware SSA:2008-191-01 firefox 2008-07-10
Debian DSA-1607-1 iceweasel 2008-07-11
Mandriva MDVSA-2008:136 mozilla-firefox 2008-07-08
Fedora FEDORA-2008-6127 blam 2008-07-06
Fedora FEDORA-2008-6127 gnome-python2-extras 2008-07-06
Fedora FEDORA-2008-6127 Miro 2008-07-06
Fedora FEDORA-2008-6127 chmsee 2008-07-06
Fedora FEDORA-2008-6127 ruby-gnome2 2008-07-06
Fedora FEDORA-2008-6127 galeon 2008-07-06
Fedora FEDORA-2008-6127 openvrml 2008-07-06
Fedora FEDORA-2008-6127 epiphany-extensions 2008-07-06
Fedora FEDORA-2008-6127 liferea 2008-07-06
Fedora FEDORA-2008-6127 epiphany 2008-07-06
Fedora FEDORA-2008-6127 kazehakase 2008-07-06
Fedora FEDORA-2008-6127 gnome-web-photo 2008-07-06
Fedora FEDORA-2008-6127 yelp 2008-07-06
Fedora FEDORA-2008-6127 gtkmozembedmm 2008-07-06
Fedora FEDORA-2008-6127 devhelp 2008-07-06
Fedora FEDORA-2008-6127 firefox 2008-07-06
CentOS CESA-2008:0569 firefox 2008-07-06
CentOS CESA-2008:0549 firefox 2008-07-02
CentOS CESA-2008:0547 seamonkey 2008-07-02
Red Hat RHSA-2008:0569-01 firefox 2008-07-02
Red Hat RHSA-2008:0549-01 firefox 2008-07-02
Red Hat RHSA-2008:0547-01 seamonkey 2008-07-02
Ubuntu USN-619-1 firefox 2008-07-02

Comments (none posted)

kernel: multiple DoS vulnerabilities

Package(s):kernel CVE #(s):CVE-2008-2372 CVE-2008-2750 CVE-2008-2826
Created:June 27, 2008 Updated:June 25, 2009
Description: The kernel package contains multiple vulnerabilities, the most serious of which can allow an unprivileged user to cause a denial of service.
Alerts:
Fedora FEDORA-2009-6846 kernel 2009-06-23
Fedora FEDORA-2009-5383 kernel 2009-05-25
CentOS CESA-2008:0957 kernel 2008-11-05
Red Hat RHSA-2008:0957-02 kernel 2008-11-04
Ubuntu USN-659-1 linux, linux-source-2.6.15/22 2008-10-27
SuSE SUSE-SA:2008:052 kernel 2008-10-21
Red Hat RHSA-2008:0585-01 kernel 2008-08-26
Debian DSA-1630-1 linux-2.6 2008-08-21
Mandriva MDVSA-2008:167 kernel 2008-08-12
Red Hat RHSA-2008:0612-01 kernel 2008-08-04
Mandriva MDVSA-2008:174 kernel 2008-08-19
CentOS CESA-2008:0612 kernel 2008-08-06
SuSE SUSE-SA:2008:038 kernel 2008-07-29
SuSE SUSE-SA:2008:035 kernel 2008-07-21
SuSE SUSE-SA:2008:037 kernel 2008-07-22
Ubuntu USN-625-1 linux 2008-07-15
Fedora FEDORA-2008-5893 kernel 2008-07-02
rPath rPSA-2008-0207-1 kernel 2008-06-27

Comments (none posted)

libetpan: denial of service

Package(s):libetpan CVE #(s):
Created:June 26, 2008 Updated:July 2, 2008
Description: From the Fedora alert: Update to new upstream version 0.54 fixing a crash (NULL pointer dereference) in the mail message header parser. Note: There is no application in Fedora using libetpan library for which such crash could be considered a security issue. This can only be a security sensitive issue for some 3rd party, not packages applications.
Alerts:
Fedora FEDORA-2008-5469 libetpan 2008-06-26
Fedora FEDORA-2008-5480 libetpan 2008-06-26

Comments (none posted)

motion: off-by-one error

Package(s):motion CVE #(s):CVE-2008-2654
Created:July 1, 2008 Updated:July 2, 2008
Description: From the Gentoo advisory: Nico Golde reported an off-by-one error within the read_client() function in the webhttpd.c file, leading to a stack-based buffer overflow. Stefan Cornelius (Secunia Research) reported a boundary error within the same function, also leading to a stack-based buffer overflow. Both vulnerabilities require that the HTTP Control interface is enabled.
Alerts:
Gentoo 200807-02 motion 2008-07-01

Comments (none posted)

mysql: privilege escalation

Package(s):mysql CVE #(s):CVE-2008-2079
Created:July 2, 2008 Updated:March 8, 2010
Description: From the Red Hat advisory: MySQL did not correctly check directories used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated attacker could elevate their access privileges to tables created by other database users. Note: this attack does not work on existing tables. An attacker can only elevate their access to another user's tables as the tables are created. As well, the names of these created tables need to be predicted correctly for this attack to succeed.

Version 5.0.50sp1a fixes the problem.

Alerts:
rPath rPSA-2010-0014-1 mysql 2010-03-07
Mandriva MDVSA-2010:012 mysql 2010-01-17
Mandriva MDVSA-2010:011 mysql 2010-01-17
CentOS CESA-2010:0110 mysql 2010-02-17
Red Hat RHSA-2010:0109-01 mysql 2010-02-16
CentOS CESA-2010:0109 mysql 2010-03-01
Red Hat RHSA-2010:0110-01 mysql 2010-02-16
CentOS CESA-2009:1289 mysql 2009-09-15
Red Hat RHSA-2009:1289-02 mysql 2009-09-02
Red Hat RHSA-2009:1067-01 Red Hat Application Stack 2009-05-26
Mandriva MDVSA-2009:094 mysql 2009-04-22
Ubuntu USN-671-1 mysql-dfsg-5.0 2008-11-17
Gentoo 200809-04 mysql 2008-09-04
SuSE SUSE-SR:2008:017 powerdns, dnsmasq, python, mailman, ruby, Opera, neon, rxvt-unicode, perl, wireshark, namazu, gnome-screensaver, mysql 2008-08-29
SuSE SUSE-SA:2008:041 openwsman 2008-08-14
Red Hat RHSA-2008:0768-01 mysql 2008-07-24
Mandriva MDVSA-2008:149 mysql 2008-07-19
Mandriva MDVSA-2008:150 mysql 2007-07-19
Debian DSA-1608-1 mysql-dfsg-5.0 2008-07-13
Red Hat RHSA-2008:0510-01 RH Application Stack 2008-07-02

Comments (none posted)

nasm: buffer overflow

Package(s):nasm CVE #(s):
Created:June 26, 2008 Updated:July 2, 2008
Description: From the Red Hat bug database entry: There are several (low impact, but still) buffer overflows in NASM releases prior to 2.03.01. Additionally, in NASM prior to 2.03, some code that use the EQU instruction would silently produce incorrect code.
Alerts:
Fedora FEDORA-2008-5473 nasm 2008-06-26

Comments (none posted)

perl: insecure use of chmod

Package(s):perl CVE #(s):CVE-2008-2827
Created:June 26, 2008 Updated:July 16, 2009
Description: The Perl language uses chmod insecurely in the rmtree function.
Alerts:
Fedora FEDORA-2009-7680 perl 2009-07-15
SuSE SUSE-SR:2008:017 powerdns, dnsmasq, python, mailman, ruby, Opera, neon, rxvt-unicode, perl, wireshark, namazu, gnome-screensaver, mysql 2008-08-29
Mandriva MDVSA-2008:165 perl 2008-08-11
Fedora FEDORA-2008-5739 perl 2008-06-26

Comments (1 posted)

sympa: denial of service

Package(s):sympa CVE #(s):CVE-2008-1648
Created:July 2, 2008 Updated:July 7, 2008
Description: The sympa mailing list manager can be made to crash when processing "certain types of malformed messages."
Alerts:
Mandriva MDVSA-2008:133 sympa 2008-07-04
Debian DSA-1600-1 sympa 2008-07-01

Comments (none posted)

Page editor: Jake Edge

Kernel development

Brief items

Kernel release status

The current 2.6 development kernel remains 2.6.26-rc8; no 2.6 prepatches have been released over the last week.

The current stable 2.6 kernel remains 2.6.25.9. The 2.6.25.10 update, with about a dozen fixes, is currently in the review process; it will probably be released on July 3.

Comments (none posted)

Kernel development news

Quotes of the week

Open source is rapid at progressing towards common goals ... it's when the goals aren't common that progress gets bogged down.
-- James Bottomley

If we put stuff in sysfs then people WILL use it and we WILL need to support it for ever. Pointing at some document and saying "call my lawyer" just won't cut it. sysfs is part of the kernel ABI. We should design our interfaces there as carefully as we design any others.
-- Andrew Morton

I hope that nothing I ever say holds back our developers or community from doing what is right. I did not realize that the GNU and Linux kernel hackers were such dutiful slaves.
-- Theo de Raadt

Comments (22 posted)

Ext4 hacker Ted Ts'o converts his laptop

A big step in the development of a new filesystem is when the developers feel confident enough to start trusting their data to it. For ext4, it appears we have reached that point as Ted Ts'o has switched his laptop to use it. "So far I’ve found one bug as a result of my using ext4 in production (if delayed allocation is enabled, i_blocks doesn’t get updated until the block allocation takes place, so files can appear to have 0k blocksize right after they are created, which is confusing/unfortunate), but nothing super serious yet. I will be doing backups a bit more frequently until I’m absolutely sure things are rock solid, though!"

Comments (35 posted)

Making power policy just work

By Jonathan Corbet
June 30, 2008
The sched_mc_power_savings parameter (cleverly hidden under /sys/devices/system/cpu) was introduced in the 2.6.18 kernel. If this parameter is set to one (the default is zero), it changes the scheduler load balancing code in an interesting way: it makes an ongoing effort to gather together processes on the smallest number of CPUs. If the system is not heavily loaded, this policy will result in some processors being entirely idle; those processors can then be put into a deep sleep and left there for some time. And that, of course, results in lower power consumption, which is a good thing.

Vaidyanathan Srinivasan recently noted that, while this policy works well in a number of situations, there are others where things could be better. The sched_mc_power_savings policy is relatively conservative in how it loads processes onto CPUs, taking care to not overload those CPUs and create excessive latency for applications. As a result, the workload on a large system can still end up spread out more widely than might be optimal, especially if the workload is bursty. In response, Vaidyanathan suggests making the power savings policy more flexible, with the system administrator being able to select a combination of power savings and latency which works well for the workload. On systems where power savings matters a lot, a more aggressive mode (which would pack processes more tightly into CPUs) could be chosen.

This suggestion was controversial. Nobody disputes the idea that smarter power savings policy would be a good idea. But there is resistance to the idea of creating more tuning knobs to control this policy; instead, it is felt, the kernel should work out the optimal policy on its own. As Andi Kleen puts it:

Tunables are basically "we give up, let's push the problem to the user" which is not nice. I suspect a lot of users won't even know if their workloads are bursty or not. Or they might have workloads which are both bursty and not bursty.

There are a couple of answers to that objection. One is that the system cannot know, on its own, what priorities the users and/or administrators have. Those priorities could even change over time, with performance being emphasized during peak times and low power usage otherwise. Additionally, not all users see "performance" the same way; some want responsiveness and low latency, while others place a higher priority on throughput. If the system cannot simultaneously optimize all of those parameters, it will need guidance from somewhere to choose the best policy.

And that's where the other answer comes in: that guidance could come from user space. Special-purpose software running on large installations can monitor the performance of important applications and adjust resources (and policies) to get the desired results. Or, in a somewhat different vision, individual applications could register their performance needs and expected behavior. In this case, the kernel is charged with somehow mediating between applications with different expectations and coming up with a reasonable set of policies.

In the middle of all this, it was pointed out that a mechanism by which expectations can be communicated to the kernel already exists: the nice level (priority) associated with each process. In a simple view of the world, a process's nice level would tell the kernel how to manage it with regard to power savings; on a system with a number of niced processes, those processes would be gathered onto a subset of processors during period of relatively low activity. In essence, this policy says that it is not worthwhile to power up more processors just to give better throughput to low-priority processes.

It does not take long, though, to come up with situations where the use of nice levels leads to the wrong sort of results. Peter Zijlstra observed that he has niced processes (created with distcc) which should have access to all of the CPU power available, but which should not contend with interactive processes on the same system. In such cases, those processes should have a high nice value with regard to CPU usage, but that should not interfere with their ability to move onto idle CPUs, if any exist. So the answer may take the form of a separate "powernice" command which would regulate a process's priority when it comes to causing the system to draw more power.

Nice levels may (or may not) prove to be sufficient information to let the system choose an optimal power policy. But it will be some time before anybody really knows that; work on optimizing power usage - especially on server systems - is not in an advanced state. So pressure to add tuning knobs for power policies may continue, for one simple reason: people want ways of experimenting with different policies and seeing what the results are. Until we really know what the effects of different policies are - on both power usage and system performance - it will be hard to build a system which can choose an optimal policy on its own.

Comments (9 posted)

TASK_KILLABLE

By Jonathan Corbet
July 1, 2008
Like most versions of Unix, Linux has two fundamental ways in which a process can be put to sleep. A process which is placed in the TASK_INTERRUPTIBLE state will sleep until either (1) something explicitly wakes it up, or (2) a non-masked signal is received. The TASK_UNINTERRUPTIBLE state, instead, ignores signals; processes in that state will require an explicit wakeup before they can run again.

There are advantages and disadvantages to each type of sleep. Interruptible sleeps enable faster response to signals, but they make the programming harder. Kernel code which uses interruptible sleeps must always check to see whether it woke up as a result of a signal, and, if so, clean up whatever it was doing and return -EINTR back to user space. The user-space side, too, must realize that a system call was interrupted and respond accordingly; not all user-space programmers are known for their diligence in this regard. Making a sleep uninterruptible eliminates these problems, but at the cost of being, well, uninterruptible. If the expected wakeup event does not materialize, the process will wait forever and there is usually nothing that anybody can do about it short of rebooting the system. This is the source of the dreaded, unkillable process which is shown to be in the "D" state by ps.

Given the highly obnoxious nature of unkillable processes, one would think that interruptible sleeps should be used whenever possible. The problem with that idea is that, in many cases, the introduction of interruptible sleeps is likely to lead to application bugs. As recently noted by Alan Cox:

Unix tradition (and thus almost all applications) believe file store writes to be non signal interruptible. It would not be safe or practical to change that guarantee.

So it would seem that we are stuck with the occasional blocked-and-immortal process forever.

Or maybe not. A while back, Matthew Wilcox realized that many of these concerns about application bugs do not really apply if the application is about to be killed anyway. It does not matter if the developer thought about the possibility of an interrupted system call if said system call is doomed to never return to user space. So Matthew created a new sleeping state, called TASK_KILLABLE; it behaves like TASK_UNINTERRUPTIBLE with the exception that fatal signals will interrupt the sleep.

With TASK_KILLABLE comes a new set of primitives for waiting for events and acquiring locks: 

	int wait_event_killable(wait_queue_t queue, condition);
	long schedule_timeout_killable(signed long timeout);
	int mutex_lock_killable(struct mutex *lock);
	int wait_for_completion_killable(struct completion *comp);
	int down_killable(struct semaphore *sem);

For each of these functions, the return value will be zero for a normal, successful return, or a negative error code in case of a fatal signal. In the latter case, kernel code should clean up and return, enabling the process to be killed.

The TASK_KILLABLE patch was merged for the 2.6.25 kernel, but that does not mean that the unkillable process problem has gone away. The number of places in the kernel (as of 2.6.26-rc8) which are actually using this new state is quite small - as in, one need not worry about running out of fingers while counting them. The NFS client code has been converted, which can only be a welcome development. But there are very few other uses of TASK_KILLABLE, and none at all in device drivers, which is often where processes get wedged.

It can take time for a new API to enter widespread use in the kernel, especially when it supplements an existing functionality which works well enough most of the time. Additionally, the benefits of a mass conversion of existing code to killable sleeps are not entirely clear. But there are almost certainly places in the kernel which could be improved by this change, if users and developers could identify the spots where processes get hung. It also makes sense to use killable sleeps in new code unless there is some pressing reason to disallow interruptions altogether.

Comments (14 posted)

Some development statistics for 2.6.26 - and beyond

By Jonathan Corbet
July 2, 2008
When 2.6.26-rc1 was released, your editor noted that, at a mere 7500 commits, it looked like 2.6.26 would be a smaller than usual development cycle. Interestingly, though, 2.6.26 has caught up. As of this writing (waiting for 2.6.26-rc9), this development cycle has incorporated 10,102 changesets for a net addition of 169,439 lines of code to the kernel. That makes it still significantly smaller than 2.6.25, but it is, by no means small. The developer base remains as broad as ever: 1065 developers (representing some 150 companies) have contributed to 2.6.26; just over 1/3 of those developers contributed one single changeset.

The 2.6 development model says that the bulk of the changes should be merged during the merge window (before the -rc1 release), with only fixes coming thereafter. Here's how things break down for recent releases:

ReleaseChangesets merged
For -rc1after -rc1
2.6.2345052570
2.6.2471323221
2.6.2596293078
2.6.2675552577

So, while the bulk of the big patches enter the kernel during the merge window, at least 25% of the total - and often more - come thereafter. That's a lot of fixes.

So who were the most active developers this time around? Here's the top 20:

Most active 2.6.26 developers
By changesets
Harvey Harrison2182.2%
Bartlomiej Zolnierkiewicz1971.9%
Glauber Costa1951.9%
Adrian Bunk1801.8%
Joe Perches1601.6%
Pavel Emelyanov1481.5%
Ingo Molnar1441.4%
Denis V. Lunev1401.4%
Michael Krufky1301.3%
Mauro Carvalho Chehab1161.1%
Al Viro1141.1%
David S. Miller1031.0%
Tejun Heo960.9%
Johannes Berg960.9%
Alan Cox910.9%
Takashi Iwai880.9%
YOSHIFUJI Hideaki850.8%
Alexey Starikovskiy840.8%
Ivo van Doorn800.8%
Bjorn Helgaas770.8%
By changed lines
Stephen Hemminger417625.9%
Adrian Bunk285234.0%
David S. Miller191782.7%
Steven Toth186812.6%
Ben Hutchings155352.2%
Frank Blaschka145272.0%
Xiantao Zhang129351.8%
Hans Verkuil123931.7%
Tejun Heo104621.5%
Sebastian Siewior95191.3%
Harvey Harrison91611.3%
Peter Tiedemann84831.2%
Matthew Wilcox80591.1%
Paul Walmsley76351.1%
Kumar Gala71521.0%
Andrew Victor70621.0%
Johannes Berg65440.9%
Glauber Costa62600.9%
Mike Frysinger61770.9%
Joe Perches57730.8%

In terms of the number of changesets merged, Harvey Harrison got to the top of the list with a wide variety of of janitorial fixes. Bartlomiej Zolnierkiewicz continues to put significant effort into cleaning up the IDE subsystem, even though most distributors have moved away from that code and are using the newer PATA layer instead. Glauber Costa has been tirelessly working in the x86 architecture code; in particular, he continues to work toward the goal of unifying the 32-bit and 64-bit code to the greatest extent possible. Adrian Bunk has made a career of cleaning up the code base and eliminating unneeded code. And Joe Perches dedicated much time to eliminating warnings from the checkpatch.pl script.

There have been complaints from the developers that the volume of "cleanup" patches is reaching a point that it is drowning out the rest and interfering with "real work." We're seeing some of that volume here, with three of the top five changeset contributors doing cleanup work - some of which is seen to be more valuable than the rest.

On the lines changed side, we see a mostly different set of developers. In this case, the top slots were earned by deleting code. Stephen Hemminger finally succeeded in getting rid of the old sk98lin driver. Adrian Bunk tore out the bcm43xx driver, the ieee80311 software MAC layer, the xircom_tulip_cb driver, and various other bits and pieces. David Miller removed a bunch of old SPARC code, but replaced it with various other facilities; he also took the PowerPC low-level memory manager and made it generic. Steven Toth works in the Video4Linux layer; he added some new drivers and a bunch of cleanups. Ben Hutchings added the Solarstorm SFC4000 driver.

When one thinks about 2.6.26 features, the things that come to mind include KGDB, almost-ready network namespaces, almost-ready mesh networking support, a working (shall we say "almost ready"?) realtime group scheduler, read-only bind mounts, page attribute table support, the object debugging infrastructure, and, of course, the vast pile of new drivers. One has to look hard to find the developers behind that work in the lists above (some of them are certainly there). Which just reinforces an important point: there is interest and information in counting changesets and lines changed, but the correlation between those numbers and serious accomplishments in kernel programming is weak at best. Unfortunately, "real work" is awfully hard to measure in any sort of automated way.

So what the heck; we'll go back to the numbers we can measure. Here's the most active companies for 2.6.26:

Most active 2.6.26 employers
By changesets
(None)208520.6%
Red Hat113011.2%
(Unknown)9068.9%
IBM6096.0%
Novell5975.9%
Intel4694.6%
Parallels3123.1%
SGI2112.1%
Movial1801.8%
Oracle1421.4%
Analog Devices1341.3%
HP1241.2%
MontaVista1221.2%
(Consultant)1161.1%
Freescale1091.1%
QLogic971.0%
Fujitsu950.9%
Google940.9%
(Academia)890.9%
Marvell880.9%
By lines changed
(None)11170315.7%
IBM7360110.3%
Red Hat563317.9%
Intel502977.1%
(Unknown)446996.3%
Vyatta418355.9%
Novell337454.7%
Movial286324.0%
Hauppauge202342.8%
Analog Devices183632.6%
(Consultant)163972.3%
Solarflare 155852.2%
Freescale150902.1%
MontaVista140132.0%
QLogic133271.9%
SGI103511.5%
Marvell78811.1%
Wind River77701.1%
Oracle76801.1%
Pengutronix73341.0%

This list tends not to change too much from one release to the next; in particular, the top companies are always the same.

If we look at who is attaching Signed-off-by tags to code they didn't write, we get a sense for who the gatekeepers to the kernel are. These are the developers and companies who are herding code into the mainline:

Sign-offs in the 2.6.26 kernel
By developer
Andrew Morton137714.1%
Ingo Molnar9619.8%
David S. Miller6676.8%
John W. Linville5515.6%
Mauro Carvalho Chehab5435.6%
Jeff Garzik4714.8%
Thomas Gleixner2792.9%
Greg KH2672.7%
Linus Torvalds2562.6%
Paul Mackerras2202.2%
Takashi Iwai2082.1%
James Bottomley2032.1%
Len Brown2002.0%
Russell King1671.7%
Avi Kivity1601.6%
Bryan Wu1401.4%
Roland Dreier1301.3%
Lachlan McIlroy1081.1%
Bartlomiej Zolnierkiewicz941.0%
Ralf Baechle931.0%
By employer
Red Hat301030.8%
Google137814.1%
(None)100010.2%
Novell7317.5%
IBM5775.9%
Intel4975.1%
linutronix2832.9%
Linux Foundation2562.6%
(Unknown)2062.1%
(Consultant)2062.1%
Hansen Partnership2032.1%
SGI1661.7%
Qumranet1601.6%
Analog Devices1491.5%
Cisco1301.3%
MIPS Technologies931.0%
Oracle570.6%
Freescale550.6%
Renesas Technology540.6%
Univ. of Michigan CITI470.5%

Once again, these numbers tend not to change that much from one development cycle to the next. Subsystem maintainers do not change often.

What's next?

This is the first full development cycle where the linux-next tree was in operation. At this stage in the cycle, linux-next should look very much like 2.6.27 - or, at least, 2.6.27-rc1. Your editor pulled the July 2 linux-next tree and ran some statistics; this tree contains 6527 changesets from 619 developers. Just over 400,000 lines of code are touched, with a net addition of 38,000 lines.

If linux-next is to be believed, the most active 2.6.27 developers will be:

Most active pre-2.6.27 developers
By changesets
Avi Kivity4997.6%
Artem Bityutskiy2924.5%
Bartlomiej Zolnierkiewicz1502.3%
Ingo Molnar1422.2%
Yinghai Lu1392.1%
Adrian Hunter1211.9%
Alan Cox1011.5%
Xiantao Zhang1001.5%
Tomas Winkler911.4%
Rusty Russell891.4%
David Woodhouse861.3%
Adrian Bunk841.3%
Steven Rostedt831.3%
Jonathan Corbet741.1%
Arnd Bergmann731.1%
Jean Delvare671.0%
Harvey Harrison641.0%
David Chinner631.0%
Lennert Buytenhek610.9%
Thomas Gleixner610.9%
By changed lines
David Woodhouse448336.7%
Artem Bityutskiy418916.3%
Eilon Greenstein186142.8%
Xiantao Zhang172232.6%
Alan Cox148502.2%
Jaswinder Singh108051.6%
David Brownell96181.4%
Stephen Rothwell90431.4%
Lennert Buytenhek90291.3%
Avi Kivity85931.3%
Steven Rostedt79231.2%
Adrian Bunk74241.1%
Laurent Pinchart72001.1%
Yinghai Lu68501.0%
Yaniv Rosner65121.0%
Carsten Otte64421.0%
Tomas Winkler62500.9%
Josh Boyer52920.8%
Adrian Hunter51550.8%
Michael Chan51330.8%

These numbers reflect a number of the larger developments which can be expected for 2.6.27: incredible amounts of KVM work, the merging of the UBIFS filesystem, the ftrace tracing framework, a lot of reworking of the TTY layer, a lot of firmware thrashing, and ongoing big kernel lock removal work.

It will be most interesting to see how these numbers compare with what actually shows up in 2.6.27-rc1. Recent numbers suggest that quite a few patches will hit the mainline without having been in the linux-next tree - either that, or 2.6.27 will be a relatively small release. If nothing else, we will see which developers do not yet get their work into linux-next for integration testing ahead of the merge window.

Comments (11 posted)

Patches and updates

Kernel trees

Greg KH linux-staging for 2.6.26-rc8 ?

Architecture-specific

Bernhard Walle x86: Add /sys/firmware/memmap ?
monstr@seznam.cz Microblaze init port v4 ?
Haavard Skinnemoen Power management support for AVR32 AP7000 ?
Mike Travis percpu: Optimize percpu accesses ?
Martin Schwidefsky additional s390 patches for 2.6.27 ?

Build system

Sam Ravnborg kbuild - pending stuff, and Maintainer news ?

Core kernel code

Tomas Smetana fs/proc: Per thread I/O accounting ?
Vaidyanathan Srinivasan Tunable sched_mc_power_savings=n ?
Peter Zijlstra SMP-group balancer - take 3 ?
Leon Woestenberg Add schedule_work_prio() and queue_work_prio(). ?

Development tools

Mathieu Desnoyers Tracepoint sched probes ?
Mathieu Desnoyers Kernel Tracepoints ?
Subrata Modak The Linux Test Project has been Released for JUNE 2008 ?
eranian@googlemail.com perfmon2 minimal v3: introduction ?

Device drivers

Philipp Zabel mfd: add clock API support to asic3 using clocklib ?
David Altobelli HP iLO driver ?
Dmitry Baryshkov Clocklib: generic framework for clocks managing [v3] ?
Haavard Skinnemoen dmaengine/mmc: DMA slave interface and two new drivers ?
Joerg Roedel AMD IOMMU driver ?
Henrik Rydberg [PATCH 001/001] linux-input: Support for BCM5974 multitouch trackpad ?
Greg KH add Sensoray 2255 v4l driver ?
Martin K. Petersen SCSI Data Integrity Support ?
Laurent Pinchart USB Video Class driver ?
Michael Buesch Add btgpio driver ?
Martin Schwidefsky [RFC] new qdio driver. ?
Magnus Damm soc_camera: SuperH Mobile CEU support ?
Magnus Damm uio: User IRQ Mode ?
Wolfram Sang [PATCH v4] New-style EEPROM driver using device_ids (superseding the old eeprom driver) ?
Brian King ibmvfc: IBM Power Virtual Fibre Channel Adapter Client Driver ?

Documentation

Michael Kerrisk man-pages-3.02 is released ?

Filesystems and block I/O

Jens Axboe What's in linux-2.6-block.git for 2.6.27 ?
NeilBrown md: Introduction : patchbomb for 2.6.27 merge window ?
Mark Fasheh Fiemap, an extent mapping ioctl - round 2 ?
Chris Mason New tree concurrency code pushed to btrfs-unstable ?

Janitorial

Jonathan Corbet The state of the BKL-removal tree ?

Memory management

Badari Pulavarty Add sysfs removable attribute for hotplug memory remove ?
Andrea Arcangeli mmu notifier v18 for -mm ?
Balbir Singh Memory controller soft limit introduction (v3) ?
Andy Whitcroft Reclaim page capture v1 ?

Networking

Patrick McHardy : net-sched 00/05: dynamically sized class hashes ?

Security-related

Mimi Zohar integrity: IMA as an integrity service provider ?
Mimi Zohar integrity: TPM internel kernel interface ?
Mimi Zohar integrity: Linux Integrity Module(LIM) ?
Evgeniy Polyakov Passive OS fingerprinting. ?

Virtualization and containers

Avi Kivity KVM patches review for the 2.6.27 merge window ?
Jeremy Fitzhardinge [PATCH 0 of 8] x86/xen: updated physical mapping patches, and _PAGE_GLOBAL cleanup ?

Benchmarks and bugs

Rafael J. Wysocki 2.6.26-rc8: Reported regressions from 2.6.25 ?

Miscellaneous

Douglas Gilbert sdparm 1.03 ?
Andi Kleen Temporary ACPI maintainer for this summer ?
Hans de Goede Announcing libv4l 0.1 ?
Hans de Goede Announcing libv4l 0.3.1 aka "the vlc release" ?

Page editor: Jonathan Corbet

Distributions

News and Editorials

A look at openSUSE 11.0

By Rebecca Sobol
July 2, 2008
openSUSE 11.0 was released about two weeks ago, to generally good reviews. TuxMachines ran some lighthearted tests last fall and again recently, comparing the latest Mandriva release with the latest openSUSE release. This time around openSUSE edged out Mandriva in a near tie. Other good reviews can be found on LinuxPlanet, DownloadSquad and many other places around the web.

There are plenty of options for getting a hold of this release. You can buy a boxed set, an option that has all but disappeared from the Linux distribution scene. The box comes with complete end-user documentation, installable media for 32 Bit and 64 Bit systems, plus 90 days of end-user installation support.

Most people will probably download the release in one form or another. Chose from the 32-bit, 64-bit or PowerPC platforms. Get a DVD, a Live CD or use a network install. The live CD comes in a GNOME or a KDE version. There's plenty of documentation online to go along with that; release notes, the openSUSE 11.0 startup document and the step-by-step installation guide.

The KDE live CD only contains KDE 4. If you would prefer KDE 3.5, it is available on the DVD or the network install. Benjamin Weber has a blog post on the inclusion of KDE4. "There should be a KDE3.5 installable livecd. This was not produced as there were insufficient resources to produce and test three installable livecds. Someone can always step up and help produce one."

Xfce 4.4 is also available for those who want something lighter than either GNOME or KDE. Other applications available in this release include Firefox 3.0, OpenOffice.org 2.4, Banshee 1.0 and Wine 1.0. KIWI LTSP is the LTSP5 implementation on openSUSE. The previous openSUSE release added Giver, an easy GTK+ file-sharing tool. This release includes Kepas, a KDE application for file-sharing.

Underneath all that you'll find Linux 2.6.25.4, AppArmor 2.3, Xen 3.2.1 RC1, Alsa 1.0.16, glibc 2.8 branch, binutils 2.18.50 SVN, cmake 2.6, gcc 4.3 branch, gdb 6.8, Perl 5.10, ConsoleKit 0.2.10, CUPS 1.3.7, D-Bus 1.2.1, NetworkManager 0.7 SVN, PackageKit 0.2.1, PolicyKit 0.7, PulseAudio 0.9.10, Samba 3.2pre2 and X.org 7.3. These and other highlights are listed here.

Those familiar to openSUSE will notice that the installer and the package management have been overhauled for this release. Also NetworkManager has been improved and should autodetect an EVDO card without any major problems.

Of course it's impossible to squash all bugs, but the Most Annoying Bugs 11.0 list is quite short and most have workarounds.

All in all, this looks like a great release for openSUSE.

Comments (8 posted)

New Releases

The first Ubuntu "Intrepid" alpha release

The first alpha release of Ubuntu 8.10 is available for especially brave testers. "The primary changes from Hardy have been the re-merging of changes from Debian and the upgrade of the Linux kernel to a pre-release version of 2.6.26." See the Intrepid blueprints page for a summary of the goals for the 8.10 release.

Full Story (comments: 15)

Novell Client for Linux Public Beta for openSUSE 10.3

The public beta of the Novell Client for Linux 2.0 SP1 is available for openSUSE 10.3. "A number of openSUSE users have expressed interest in having the client packaged for openSUSE, so our developers have been working on building the client against openSUSE. Please download the package and give it a try on your systems." A package for openSUSE 11.0 is in works.

Full Story (comments: 1)

Launchpad 1.2.6 released

The latest release of Launchpad is out. This release features two improvements to code review, including an email interface, a new interface for bugs, translations and distribution pages, and more control code imports.

Full Story (comments: 1)

Distribution News

Debian GNU/Linux

Debian teams survey results

Debian project leader Steve McIntyre summarizes the results of a survey he conducted about how well the various Debian teams are working and communicating. "As I hoped to find, the vast majority of the respondents said they were having fun working on Debian. That's not unexpected, but it's nice to confirm this. A few people responded to say 'I have fun doing Debian work, but would have even more fun doing it if I had more time.' Quite a number said they're enjoying working with friends, doing cool technical stuff but are less happy about our mailing lists and IRC channels when they devolve into flamewars." Click below for the full summary.

Full Story (comments: 6)

Fedora

Fedora Board Recap 2008-JUN-24

The June 24 meeting of the Fedora Board welcomes new board members, looks at FUDCon Boston, and contains several other topics.

Full Story (comments: none)

Final Fedora Board appointment

Chris Tyler has been selected to fill the final seat on the Fedora Project Board. "Many of you may know Chris from his "Fedora Daily Package" website, or his work at Seneca College on open source curricula, or as author of O'Reilly's "Fedora Linux" book."

Full Story (comments: none)

Fedora Release Engineering Meeting Recap 2008-06-30

The June 30 Fedora Release Engineering meeting included discussions of F9 Spins and F10 release naming.

Full Story (comments: none)

SUSE Linux and openSUSE

openSUSE 11.1 Roadmap posted

Now that openSUSE 11.0 is out, the project is looking forward to the 11.1 release. It's planned for December 18, and includes GNOME 2.24, KDE 4.1, and the 2.6.27 kernel. "Want to get involved? The start of a release cycle is a great time to get involved in openSUSE development."

Full Story (comments: 1)

Distribution Newsletters

Ubuntu Weekly Newsletter #97

The Ubuntu Weekly Newsletter for June 28, 2008 covers: Ubuntu 8.04.1 freeze proposed, Intrepid Alpha 1 released, a new Universe contributor, Brainstorm updates, Ubuntu Women project status, new Ubuntu members, LoCo news, Launchpad news, Ubuntu Forums news, Full Circle Magazine #14, UK podcast #8, and much more.

Full Story (comments: none)

OpenSUSE Weekly News/28

This edition of the OpenSUSE Weekly News looks at GNOME Helping Hands Project Launches, People of openSUSE: Tanja Roth, Masim Sugianto: How to Make openSUSE 11.0 GM Live USB, Benjamin Weber: openSUSE 11.0 KDE4 inclusion, tuxmachines.org: Battle of the Titans - Mandriva vs openSUSE: The Rematch, and more.

Comments (none posted)

Gentoo Monthly Newsletter

The Gentoo Monthly Newsletter for June 30, 2008 looks at the Gentoo Trustees meeting summary, the Council meeting summary, Germany: LinuxTag 2008, Venezuela: FliSoL 2008, Interview: Google Summer of Code Student Nirbheek Chauhan, Gentoo Linux Headed for Space!, and several other topics.

Comments (none posted)

Fedora Weekly News Issue 132

The Fedora Weekly News for June 8, 2008 looks at Fedora Board election results, kdebindings -> PyKDE4 split, ScreenCast on Miro updates, and much more.

Comments (none posted)

DistroWatch Weekly, Issue 259

The DistroWatch Weekly for June 30, 2008 is out. "You've seen it too - a recent Linux convert, used to clicking on executable files to install software, is often shocked to discover that Linux distributions use dedicated package managers to install and remove applications. But with a large number of distributions and philosophies, which is the best tool on the market? And how do they differ in terms of usability and convenience? If you are a new Linux user then our article explaining the various package management options is a must-read. In the news section, openSUSE developers defend their inclusion of KDE 4 into the recently released openSUSE 11.0, Mandriva cancels the first alpha release of version 2009 due to problems with X.Org, Debian completes the security infrastructure for the upcoming release of Debian "Lenny", and Ubuntu unveils the first developers' build of the new MID edition for mobile Internet devices. Also in this issue: a link to an interview with Zenwalk's Jean-Philippe Guillemin, a review of the upcoming Acer Aspire One and a round-up of rescue live CDs based on Linux."

Comments (none posted)

Arch Linux Newsletter

The Arch Linux Newsletter for July 1, 2008 is out. "This past month has been great for the open source world, we have seen many great application releases this month. For example, Firefox 3.0, Wine 1.0, even Arch Linux 2008.06 are notable among other great software releases. I hope you are enjoying your Arch Linux system as much as I am. The open source world is always moving; we are still waiting for other wonderful releases like KDE 4.1, a highly anticipated release for those of you that like the K Desktop Environment."

Comments (none posted)

Newsletters and articles of interest

Ubuntu MID makes Linux upwardly mobile (iTWire)

iTWire looks at Ubuntu MID. "Ubuntu Linux owner Canonical has launched Ubuntu into the realm of mobile Internet devices with a release called Ubuntu MID. The new version of arguably the world's most popular desktop Linux distribution initially targeted the Samsung Q1U though the OS also runs on Intel's Atom-based Crown Beach development system. Ubuntu MID 8.04 is a developer release, but the software is expected to start to ship on commercial devices by the end of the year."

Comments (none posted)

Interviews

Interview with Jean-Philippe Guillemin, Zenwalk's creator (OneOpenSource)

OneOpensource has an interview with Jean-Philippe Guillemin, creator of the Slackware based Zenwalk distribution.
Why did you decide to develop Zenwalk? What's wrong with Slackware?

I started the Zenwalk project (formerly Minislack) as a way to learn the internals of GNU-Linux. Building an operating system is a great way to understand IT deeply because you're on your own to solve the problems when things don't work as expected.

In my opinion Slackware is the best Linux "Distribution" in the world (a "Distribution" is a collection of applications and GNU tools, compiled on top of the Linux kernel and the Glibc). Slackware is fast, reliable, secure, up to date, and built with respect for the Unix spirit. Thanks to Patrick Volkerding, the Slackware founder and maintainer, for his hard work.

Zenwalk is not really designed to be a "GNU Linux Distribution", rather a "GNU-Linux Operating System". When you install Zenwalk, you immediately get one application for each task, optimized and ready to use, along with a refined look and feel. The pre-selected packages are carefully chosen by Zenwalk developers to provide the user with only the best and most usable applications.

Comments (none posted)

Distribution reviews

Open Source Data Recovery Tools To The Rescue (InformationWeek)

InformationWeek looks at several Linux Live recovery tools. "Disasters happen to the best of computers. Luckily, open source apps like SystemRescueCD, dd, Partedmagic, BackTrack, Security Tools Distribution, Helix, and TestDisk can help recover important data and bring dead systems back to life."

Comments (none posted)

Mandriva Linux - Wonderful and Maddening (ZDNet blog)

J.A. Watson takes a look at Mandriva 2008 Spring. "Mandriva seemed to do an excellent job of identifying and loading drivers for the hardware in my Lifebook S2110 (AMD Turion 64) laptop. It got the ATI Radeon 200M video and the Atheros Wireless right (although I haven't had a chance to test the wireless setup yet), it handled the Logitech Alto USB hub with no problem, and it even recognized and configured the Logitech V-20 speakers that are connected to the Alto. Of course it got the Alto cordless keyboard right, and the Logitech VX Nano mouse, also connected to the Alto."

Comments (none posted)

Page editor: Rebecca Sobol

Development

The OLPC project releases 10GB of sound samples

By Forrest Cook
July 2, 2008

The One Laptop Per Child project recently released a large collection of sound samples:

Loops, Grooves, Licks, Stings, Hits, Pads, Melodic Motives/Themes/Phrases, Sound-Effects, City and Country Soundscapes, Motors, Machines, Toys, Guns, Explosions, Swords, Armor, Cars, Jets, Pot & Pans, Acoustic and Synthetic Noises, Acoustic and Electronic Drums, Voices, Western and World Instruments, Real and Human Animals, Industrial and Natural Ambiences, Film and Game Foley, and more, more, more! This huge collection of new and original samples have been donated to Dr. Richard Boulanger @ cSounds.com specifically to support the OLPC developers, students, XO users, and computer and electronic musicians everywhere. They are FREE and are offered under a CC-BY license for downloading and use in your teaching, your demos, your research, your music, your remixes, your songs, your games, your videos, your slideshows, your websites, and your XO activities.

[OLPC]

The sample collection comes from a number of sources including the Open Path Music recording label, Zenph Studios (a musical software company), the Berklee College of Music, the Berklee Music Synthesis Alumni, Berklee Shares.com, the Worldwide Community of Csound Developers, Teachers and Users and Dr. Richard Boulanger.

The sample collection is somewhat random in nature, there are similarities in the material from the various sources such as many single notes from common musical instruments. The recording quality tends to be decent, although a percentage of the sound samples have audible hum, hiss, aliasing issues and rough beginnings or endings. All of the samples are recorded in mono and are available in several sample rates. The samples have also had their volumes normalized. An obvious improvement to the collection would involve compressing the samples with FLAC to save disk space. The majority of the samples have durations of a few seconds or less, there are a number of long selections from long ambient recordings or groupings of short sounds.

The sound descriptions for the various collections are somewhat generic, the best way to get a good understanding of the entire library is to download a group of sub-collections and play through the various sounds. Having a few gigabytes of empty disk space is a good idea. Unleashing a random audio file player on the collection can be amusing, if somewhat annoying after a while. Your editor listened to a random selection from the first seven sections from the Berklee College of Music Sampling Archive, the collection is quite diverse.

One can imagine a number of possible uses for such a large library of sounds. Adding audio to games is an obvious use for the sounds. One could create accessibility applications for the visually impaired. In keeping with the OLPC theme, a teacher could sort through the sounds and use them for educating children about animals, musical instruments and other things that they may not experience in daily life. On the artistic side, the samples could be put to good use making audio tracks and movies. With the appropriate sample playing software, new and interesting musical instruments could be created.

If your software project has a need for some open-licensed audio clips, the OLPC collection is a good source. Producing a large collection of sounds such as this would involve many hours of work.

Comments (1 posted)

System Applications

Database Software

MySQL 6.0.5 Alpha released

Version 6.0.5 Alpha of the MySQL DBMS has been released. "MySQL 6.0.5-alpha, a new version of the MySQL database system including the Falcon transactional storage engine, has been released."

Full Story (comments: none)

PostgreSQL Weekly News

The June 29, 2008 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

Embedded Systems

Busybox 1.11.0 and 1.10.4 are out

Versions 1.11.0 and 1.10.4 of Busybox, a collection of command line utilities for embedded systems, have been announced, these are primarily bug fix releases.

Full Story (comments: none)

Security

New libnfnetlink and libnetfilter libraries released

New versions of libnfnetlink and the libnetfilter libraries have been announced. "The netfilter project proudly presents: * libnfnetlink-0.0.39 * libnetfilter_conntrack-0.0.95 * libnetfilter_queue-0.0.16 * libnetfilter_log-0.0.14 This release set includes bugfixes for the userspace netfilter libraries. See ChangeLog for more details. Upgrade is recommended."

Full Story (comments: none)

ratproxy - a passive web application security assessment tool

The ratproxy project has been open-sourced. "I am happy to announce that we've just open sourced ratproxy - a free, passive web security assessment tool. This utility is designed to transparently analyze legitimate, browser-driven interactions with tested web applications - and automatically pinpoint, annotate, and prioritize potential flaws or areas of concern on the fly."

Full Story (comments: none)

Web Site Development

nginx 0.7.5 released

Version 0.7.5 of the nginx web server has been announced, it adds some new bug fixes. See the CHANGES file for details.

Comments (none posted)

Desktop Applications

Accessibility

Accelerator 2.0.0 released

Version 2.0.0 of Accelerator is out with a change of algorithm. "Accelerator is a GUI program that shows where keyboard accelerators should go in menu option texts and dialog labels. The program instantly produces optimal results on the basis that the best accelerator is the first character, the second best is the first character of a word, the third best is any character, the worst is no accelerator at all, and no accelerator should be used more than once. With this program developers can help improve usability for users who can't use the mouse and for fast typists who don't want to use the mouse."

Full Story (comments: none)

Audio Applications

jack_capture 0.9.17 is available

Version 0.9.17 of jack_capture, a program for recording soundfiles with the JACK Audio Connection Kit, has been announced. This release adds some new capabilities and fixes some bugs.

Full Story (comments: none)

Data Visualization

Graphite - Enterprise Scalable Realtime Graphing

Graphite is a Python-based graph plotting system. From the FAQ: "Graphite is a highly scalable real-time graphing system. As a user, you write an application that collects numeric time-series data that you are interested in graphing, and send it to Graphite's processing backend, carbon, which stores the data in Graphite's specialized database. The data can then be visualized through graphite's web interfaces."

Comments (none posted)

Desktop Environments

GNOME Software Announcements

The following new GNOME software has been announced this week: You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE Commit-Digest (KDE.News)

The May 25, 2008 edition of the KDE Commit-Digest has been announced. The content summary says: "In this week's KDE Commit-Digest: Marble gets "temperature" and "precipitation" maps, and a "stars" plugin. More work on "fuzzy searches" in Digikam. Konqueror gets support for crash session recovery and session management. Runners can now be managed using a KPluginSelector-based dialog, and attention-blinking support in Plasma..."

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week: You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

Xorg Software Announcements

The following new Xorg software has been announced this week: More information can be found on the X.Org Foundation wiki.

Comments (none posted)

Games

Update on Python-based Second Life client library

A new release of pyogp, the Python-based Second Life client, is out. "Pyogp is the Python-based library being developed by Linden Lab, makers of Second Life, and the programming community of the users of Second Life under the auspices of the SL Architecture Working Group, in order to test and implement open protocols designed to allow anyone to create their own virtual world servers and clients compatible enough with Second Life so that avatars can travel to and from SL and other virtual worlds, keeping identity and inventory intact."

Full Story (comments: none)

WOMBAT 0.0.1 released

The WorldForge game project has announced the initial release of WOMBAT. "The WorldForge team is proud to present the first release of WOMBAT, the WorldForge Open Media Browser/Archive Tool. WOMBAT aims to improve the user experience browsing our media repository by providing a nice web front-end and, in later versions, search (and maybe even upload) features."

Comments (none posted)

GUI Packages

wxPython 2.8.8.0 released

Version 2.8.8.0 of wxPython, a Python interface to the wxWindows GUI toolkit, has been announced. "This release has had a number of further refinements and enhancements on the stable 2.8 source tree since the previous release."

Full Story (comments: none)

Imaging Applications

Perceptual Diff: 1.0.2 Released (SourceForge)

Version 1.0.2 of Perceptual Diff has been announced. "PerceptualDiff is an image comparison utility that compares two images using a perceptual metric. That is, it uses a computational model of the human visual system to determine if two images are visually different, so minor changes in pixels are ignored. This version of perceptual diff has the file IO changed to use FreeImage so it supports a lot more file formats than before. Thanks for Jim Tilander for the patch."

Comments (none posted)

Interoperability

Wine 1.1.0 released

Development release version 1.1.0 of Wine has been announced. Changes include: Many more gdiplus functions implemented. Improved graphics tablet support. Many Richedit fixes and improvements. Support for HWND_MESSAGE windows. A lot of new MSHTML functions. Many fixes in MSI registry handling. Initial implementation of the inetmib1 DLL. Improvements to the quartz renderers. Various bug fixes.

Comments (none posted)

Mail Clients

Claws Mail 3.5.0 unleashed

Version 3.5.0 of Claws Mail has been announced, many new features and some bug fixes are included.

Full Story (comments: none)

Medical Applications

HealthCloud CHMED Developer API Public Beta available (LinuxMedNews)

LinuxMedNews has announced the availability of a beta version of the HealthCloud CHMED Developer API. "If you have followed our previous posts on an open source medications database ClearHealth you are already aware that we now operate a fully public domain data resource regarding medications for use with our ClearHealth system. We have been struggling with a way to make this available and relevant for a wide audience for use in many applications and have now completed the beginning of that effort."

Comments (none posted)

Multimedia

MediaInfo: 0.7.7.3 released (SourceForge)

Version 0.7.7.3 of MediaInfo has been announced. "MediaInfo supplies technical and tag information about video or audio files (MPEG-PS/MPEG-TS/Bluray/HD-DVD/MKV/AVI/MOV/MPEG1, 2, 4/M4A/M4V/MP3/AAC/RM/DV/...) There are several versions: Graphical interface, Command line, or DLL for third-party software developers (like emule). GUI is multi-language. In this minor release: better detection for complex MPEG-TS streams, small GUI improvements."

Comments (none posted)

Office Suites

OpenOffice.org Newsletter

The June, 2008 edition of the OpenOffice.org Newsletter is out with the latest OO.o office suite articles and events.

Full Story (comments: none)

OxygenOffice Professional: 2.4.1 (SourceForge)

Version 2.4.1 of OxygenOffice Professional, an enhanced version of OpenOffice.org, has been announced. "This release contains bugfixes and security fixes. It is highly recommended to update to this version."

Comments (none posted)

Web Browsers

Firefox 2.0.0.15 available for download

Version 2.0.0.15 of the Firefox web browser has been announced. "As part of Mozilla Corporation's ongoing stability and security update process, Firefox 2.0.0.15 is now available for Windows, Mac, and Linux for free download from http://www.mozilla.com/firefox/all-older.html. We strongly recommend that all Firefox users upgrade to this latest release."

Full Story (comments: none)

NSS 3.12 is released

Version 3.12 of Network Security Services (NSS), a set of libraries designed to support cross-platform development of security-enabled client and server applications on Firefox, has been announced. Several new capabilities have been added.

Full Story (comments: none)

Languages and Tools

Caml

Caml Weekly News

The July 1, 2008 edition of the Caml Weekly News is out with new articles about the Caml language.

Full Story (comments: none)

Haskell

Haskell Weekly News

The June 25, 2008 edition of the Haskell Weekly News is online. This week features Google Summer of Code projects, a new release of Pugs, and more.

Comments (none posted)

Perl

This Week on perl5-porters (use Perl)

The June 14-20, 2008 edition of This Week on perl5-porters is out with the latest Perl 5 news.

Comments (none posted)

Python

ConfigObj version 4.5.3 released

Version 4.5.3 of ConfigObj, a Python module for reading and writing config files, is out. "This version is a minor bugfix release. It fixes a relatively obscure bug, where an exception could be raised when validating a config file with 'copy=True' and '__many__' sections."

Full Story (comments: none)

Docutils 0.5 released

Version 0.5 of the Python Docutils is out with some new capabilities.

Full Story (comments: none)

Tcl/Tk

Tcl-URL! - weekly Tcl news and links

The June 26, 2008 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Tcl-URL! - weekly Tcl news and links

The July 2, 2008 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Debuggers

Interfacing with the CDT debugger, Part 2 (IBM developerWorks)

IBM developerWorks has published part two in a series on the Eclipse C/C++ Development Tooling. "The graphical debugging environment provided by Eclipse C/C++ Development Tooling (CDT) is about as good as it gets, displaying breakpoints, watchpoints, variables, registers, disassembly, signals, and memory contents. You can add new capabilities to this environment or access these views to display output from a custom debugger. But first, you need to understand the C/C++ Debugger Interface (CDI) and how it communicates with Eclipse."

Comments (none posted)

Version Control

GIT 1.5.6.1 is available

Version 1.5.6.1 of the GIT distributed version control system has been announced, it includes a number of bug fixes.

Full Story (comments: none)

Miscellaneous

3-way-diff-overview: diff3-ov v0.32 released (SourceForge)

Version 0.32 of diff3-ov has been announced. "diff3-ov is a tool, written in perl/Tk, which should help you in the process of performing a 3-way-diff and merge on large Software-Projects. diff3-ov gives you an overview (in a graphical way/as a html/csv-table) of the whole project, where you have to expect merging-activities on changed areas and therefore have to allocate experts. This new version includes several small changes, bugfixes and GUI-enhancements (still ugly...), and now is also able to detect files that are changed the same by the different parties (usually when patches are exchanged)."

Comments (none posted)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

Google's Open Source Android OS Will Free the Wireless Web (Wired)

Wired has posted a lengthy feature about Android. "Among the contact management systems and shopping tools, there were applications that truly fulfilled Android's promise, particularly in their use of location awareness, social networking, and cloud computing. One developer offered up Jamdroid, a program that you turn on in your car to feed real-time traffic data to a central server; the info is then compiled and beamed to other Jamdroid users, crowdsourcing road conditions. LifeAware tracks friends or family, plotting them on a map and alerting the user when, say, a kid leaves a preset area. E-ventr mashes up evites and Google Maps to organize parties on the fly. BreadCrumbz lets you share photo-enhanced driving and walking routes with the world. Already, Android has half as many outside applications as RIM's BlackBerry platform and about 10 percent the number offered for Windows Mobile at Handango, a leading application download site — and that's still months before it launches."

Comments (none posted)

I hate Linux Graphics (Linux Hater's Blog)

The Linux Hater's Blog has a rant on the state of 3D graphics in Linux. "Alright, so as soon as I started bitching about graphics, my coworker, lets just call him Linux Graphics Hater (warm applause everyone! ready those tomatoes!), went off on a rant the technical reasons why open source ATI and intel drivers still suck ass. He also corrected me that nvidia might actually be making money from some of these linux drivers. Good for them, but as long as they're still kind of hiding the fact that they're only really doing it for their paying customers, I think it supports my overall point." (Thanks to Bob Miller)

Comments (32 posted)

Companies

Nvidia Reiterates Position on Closed Source Driver (OSnews)

OSnews reports on video card manufacturer Nvidia's plans to keep their drivers closed. "Nvidia, which delivers probably the most prominent closed-source Linux driver, has reiterated its position concerning this matter. ZDNet's Paula Rooney contacted Nvidia for an official response to the statement - and she got one. "NVIDIA supports Linux, as well as the Linux community and has long been praised for the quality of the NVIDIA Linux driver. NVIDIA's fully featured Linux graphics driver is provided as binary-only because it contains intellectual property NVIDIA wishes to protect, both in hardware and in software.""

Comments (46 posted)

Red Hat net profit rises, expects steady growth (Forbes)

Forbes covers the latest Red Hat financial stats. "Red Hat Inc, the world's largest publicly traded provider of Linux software, reported Wednesday a quarterly profit that met Wall Street expectations as its revenue grew 32 percent. Net income rose 7 percent to $17.3 million, or 8 cents per share, in its fiscal first quarter, from $16.2 million, or 8 cents per share, in the same period a year ago."

Comments (1 posted)

Linux Adoption

Microsoft tactics push India toward Linux (Linux-Watch)

Linux-Watch looks at Linux laptops for school children in the Indian state of Tamil Nadu. "In evaluating laptop hardware, ELCOT claims to have two primary tests. One is a "fire walk test" that requires laptops to survive being stood and walked upon by 175-pound people. The other -- hopefully easier to pass -- requires that they fully support Linux."

Comments (5 posted)

Interviews

Coming Battle Over Open Source Phones (Forbes)

Forbes interviews Morgan Gillis, executive director of the LiMo Foundation, about the Symbian announcement, the merger with LiPS, and competition with Android. "The traditional point of difference--royalty rates--has dissolved for now, but other points of difference will emerge between the platforms. While both are open-source, LiMo uses the Linux kernel, which is the jewel in the crown of the open-source development world. There's deep familiarity there with our technology. The Symbian kernel has grown up as a proprietary item. The open-source community needs time to get familiar with that technology."

Comments (1 posted)

Cloudsecurity.org Interviews Guido van Rossum

cloudsecurity.org has an interview with Guido van Rossum on the topics of Google App Engine, Python and Security. "cloudsecurity.org: I recently attended a fascinating talk by Justin Ferguson (a Seattle based security consultant) at eusecwest in London. He gave a great talk exploring security vulnerabilities in language interpreters and specifically highlighted some security weaknesses in Python App Engine. What are your thoughts on his research and specifically the Python issues he highlighted? When do you anticipate they will get fixed? GvR: We’ve anticipated all of the possibilities raised in Justin’s talk, and took measures to protect our users. Justin highlighted weaknesses in Python, but not in App Engine. Furthermore, our security model does not rely solely upon protections within the Python interpreter; there are additional protections that these external analyses have missed."

Comments (2 posted)

Resources

About:mobile first issue

The first issue of about:mobile, a newsletter dedicated to mobile Firefox development, has been posted. "The M4 Milestone release of Fennec is available for testing for the N800 and N810. The main feature of this release is that it features really good scrolling and panning, largely written by Stuart Parmenter and Gavin Sharp. Please note that this is still a very early milestone release, and as such this build has many features that are either incomplete or unstable." "Fennec" is Firefox for mobile devices, see the Fennec vision page for details.

Comments (none posted)

Reviews

Openmoko ships Neo FreeRunner Linux phone (ZDNet)

ZDNet reports on the first Openmoko Neo FreeRunner mobile phone shipments. "The suggested retail price is $399 (£201). The Neo FreeRunner has a VGA (480-by-640 pixel) touchscreen, internal GPS, Bluetooth, a 400MHz processor, 802.11b/g Wi-Fi, two 3D accelerometers and SD-card expandability. Unusually for a mobile phone, it also includes a USB host function, meaning it can be used to power USB devices."

Linux Devices has a review of the FreeRunner.

Comments (14 posted)

Miscellaneous

The critics are wrong: KDE 4 doesn't need a fork (ars technica)

Here's an ars technica article telling frustrated KDE 4 users to give the project a bit more time. "The single greatest strength of Plasma is the inherent mutability that it brings to the desktop. It provides a very flexible framework within which the developers can experiment with completely different paradigms for basic components of the user interface. That is why a fork is a profoundly misguided option at this stage."

Comments (67 posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

Barracuda countersues Trend Micro

Barracuda Networks has announced the filing of a software patent countersuit against Trend Micro, using three freshly-acquired patents. "'The reality is that Trend Micro is asking Barracuda Networks to pay for the use of the free and open source ClamAV software,' said Dean Drako, president and CEO of Barracuda Networks. 'We have asserted all along that Trend Micro's actions are unjust and could have serious implications against the open source community and other free and open source projects.'"

See also: this LinuxWorld article on the countersuit.

Comments (7 posted)

Fedora announces final board appointment

The final Fedora board appointment has been announced. "Chris Tyler has been selected to fill the final seat on the Fedora Project Board. Many of you may know Chris from his "Fedora Daily Package" website, or his work at Seneca College on open source curricula, or as author of O'Reilly's "Fedora Linux" book." (Thanks to Rahul Sundaram).

Comments (none posted)

Commercial announcements

CadSoft releases Eagle 5.1

CadSoft has released version 5.1 of their Eagle printed circuit CAD application. This release adds some new capabilities and bug fixes. See the What's new document for details.

Comments (1 posted)

EMCC Software anticipates Symbian Foundation to stimulate growth

EMCC Software anticipates growth in the mobile phone industry due to the Symbian Foundation. "The formation of the Symbian Foundation Platform will bring standardisation and increased certainty to application creators wishing to develop solutions for all Symbian handsets. EMCC foresees a significant reduction in platform fragmentation that will mean a combination of reduced time to market, wider addressable markets for new products, plus reduced porting and testing costs for the leading Smartphone platform in the mobile industry. This should also result in a significant number of new players licensing the new open source platform from the Symbian Foundation for an even wider range of products."

Full Story (comments: none)

Xandros buys Linspire?

Former Linspire CEO Kevin Carmony has put up an angry weblog posting after being notified that Linspire has been sold to Xandros. "I predict this was done to: 1) help Robertson drain the company of its cash and resources. When I left Linspire, we had a very profitable year and the company had millions in the bank. I predict Robertson has moved this money to himself, family, and his other companies, leaving Linspire's minority shareholders with nothing. 2) help Robertson save face by issuing a 'Linspire Acquired by Xandros!' press release, instead of living with the public humiliation that Linspire failed under his leadership. (Although, being out lasted by Xandros isn't much less embarrassing.)" That press release has not yet been sent out as of this writing; we'll keep an eye out for confirmation of what's going on.

Comments (3 posted)

Some answers from Xandros CEO Andreas Typaldos

Xandros has sent out a set of questions and (not entirely satisfying) answers from its CEO regarding the acquisition of Linspire. On the question of how big the combined company will be: "Xandros has been on a fast growth path for the last couple of years; has an aggressive headcount and revenue growth plan at this time; and is currently in heavy hiring mode. We believe that at this point Xandros is already the third largest Linux Company in the world, and that we may already be the largest private Linux Company in the world."

Full Story (comments: 5)

LiPS and LiMo merge

Two competing groups trying to build standardized platforms for mobile telephony - the Linux Phone Standards Forum and the LiMo Foundation - have announced their intent to merge. "This pooling of efforts and resources reflects the industry-wide trend towards unification of Linux-based mobile telephony platforms and will serve to accelerate the emergence of common mobile Linux specifications and implementations. It will also bolster the emerging mobile Linux developer community and support the creation of a range of new applications, services and end-user experiences." It also acknowledges the fact that there's no shortage of mobile platform projects currently.

Comments (1 posted)

Netgear's open wireless-G router for open source hackers

NETGEAR has announced a wireless router specifically targeted at the Linux community. The WGR614L is based on a MIPS CPU with 16M of RAM an 4M of flash, along with 802.11g and 10/100 ethernet connectivity. It currently runs Tomato and DD-WRT firmware and will soon add support for OpenWRT. NETGEAR is also sponsoring a community site for developers and users to gather. Click below for the press release.

Full Story (comments: 19)

Openmoko Neo Freerunner goes on sale July 4

Openmoko has announced that its long-awaited phone will go on sale on July 4. "The Openmoko Neo FreeRunner utilizes GNU/Linux and comes with core software for dialing, SMS and recording contacts. Openmoko will supplement these features with periodic downloads beginning with a software suite that takes full advantage of the phone's hardware platform. The new software, debuting at Linux world in August, will provide exciting new location based applications."

Full Story (comments: none)

Preview of Open-Xchange Server Edition announced

Open-Xchange Inc. has announced a preview version of Open-Xchange Server Edition. "Open-Xchange offers email, calendar, contacts, tasks and document sharing to provide companies with all the tools needed to facilitate communication and efficient teamwork."

Full Story (comments: none)

Rackspace Greenspace Initiative hits one year mark

Rackspace has announced the first year anniversary of its Greenspace Initiative. "Rackspace® Hosting, a leading hosting services provider, began taking a more proactive role in environmental responsibility by launching the Greenspace® Initiative in 2007, which promotes energy conservation through customer offerings, company conservation and employee education on green living. Since that time, Rackspace has focused on providing their customers with offerings that include the most energy efficient products available, the ability to offset carbon emissions and greener services, such as virtualization and cloud hosting."

Full Story (comments: none)

Terra Soft, Argo Graphics provide Power Linux to Japan 2008

Terra Soft and Argo Graphics have announced a partnership. "Terra Soft Solutions of Loveland, Colorado, USA and Argo Graphics of Tokyo, Japan today announce a collaborative effort to bring enterprise level support to Linux for Power architecture systems in Japan, with immediate support for the IBM PowerXCell 8i 3.2 GHz based QS22 blade and the IBM Cell SDK."

Full Story (comments: none)

Meeting Minutes

Perl 6 Design Minutes (use Perl)

The minutes from the June 11, 2008 Perl 6 Design Meeting have been published. "The Perl 6 design team met by phone on 11 June 2008. Larry, Allison, Patrick, Jerry, Jesse, Nicholas, and chromatic attended."

Comments (none posted)

Calls for Presentations

BA-Con 2008 CFP

A call for papers has gone out for BA-Con 2008. The event takes place in Buenos Aires, Argentina from September 30 through October 1, 2008, the submission deadline is July 11. "The first annual BA-Con applied technical security conference - where the eminent figures in the international and South American security industry will get together and share best practices and technology - will be held in Buenos Aires on September 30 and October 1st. 2008. The most significant new discoveries about computer network hack attacks and defenses, commercial security solutions, and pragmatic real world security experience will be presented in a series of informative tutorials."

Full Story (comments: none)

CFP - 25th Chaos Communication Congress 2008

A call for papers has gone out for the 25th Chaos Communication Congress. The event takes place in Berlin, Germany on December 27-30, 2008. Submissions are due by October 5.

Full Story (comments: none)

piksel08 - code dreams :: open call

A call for papers has gone out for Piksel08: code dreams. The event takes place on December 4-7, 2008 in Bergen, Norway, the submission deadline is August 15. "Piksel08 examines the other side of code, an alternative side to a hard-coded reality of work and play. Open hardware and free software project a utopic vision, yet exist within economies of capital, the dream factory of mainstream technology. Within the chance meeting of sewing machine and umbrella on the dissecting table, hardware and software are flattened. Piksel08: code dreams explores the dreams of this soft machine; bachelors coding for pleasure, reverse engineering paranoiac constructs of the real, automatic coding practice, soft hardware, and everyday magic."

Full Story (comments: 1)

The Python Papers call for papers

A call for papers has gone out for The Python Papers. "We would like to call for papers, articles, opinion pieces and feedback to include in Volume 3, Issue 2 of The Python Papers. We would love to receive articles on Python for beginners and discussions about Python performance. Any article will be gratefully received, of course, so do not let the above list of suggestions deter you from considering an article on another topic. We also need volunteers from Python User Groups to include an article on the activities, members and geographical area of their local group. Expressions of Interest Close: Friday, 18 July Initial Draft Submission Deadline: Friday, 25 July".

Comments (none posted)

Upcoming Events

Deepsec Talks 2007 are online - registration for 2008 is open

DeepSec 2008 registration has been opened and videos from the 2007 DeepSec are available. "DeepSec Vienna, the annual In-Depth Security Conference has opened online registrations for 2008. Registrations will receive a discount of 5% off the regular fees until August 31st if you use the following promotional code..."

Full Story (comments: none)

Far East Perl call for attendees (use Perl)

Far East Perl has been announced. "I am happy to announce the Second Russian Perl Workshop which is called "Far East Perl" and takes place on 13th of September in Vladivostok."

Comments (none posted)

SciPy Conference Updates

Some update information for the 2008 SciPy Conference has been posted. The event will be held at Caltech on August 19-24, 2008. "The SciPy Conference is not too far away. I thought I'd summarize some recent news about the conference in case some of you missed it".

Full Story (comments: none)

Web 2.0 Expo Keynotes announced

The keynote speakers for the Web 2.0 Expo have been announced. "Web 2.0 Expo New York will convene the brightest minds of the next-generation Web to celebrate the power, size and innovation of the industry on the East Coast. Web 2.0 Expo New York happens September 16-19, 2008 in the Javits Convention Center."

Full Story (comments: none)

Events: July 10, 2008 to September 8, 2008

The following event listing is taken from the LWN.net Calendar.

Date(s)EventLocation
July 7
July 12		 EuroPython 2008 Vilnius, Lithuania
July 7
July 12		 GUADEC 2008 Istanbul, Turkey
July 14
July 18		 PHP 5 & PostgreSQL Bootcamp at the Big Nerd Ranch Atlanta, USA
July 18
July 20		 RubyFringe Canada, Toronto
July 19 Firebird Developers Day Piracicaba-SP, Brazil
July 19
July 25		 Ruby & Ruby on Rails Bootcamp at the Big Nerd Ranch Atlanta, USA
July 19
July 20		 LugRadio Live 2008 - UK Wolverhampton, United Kingdom
July 20 OSCON PDXPUG Day Portland, OR, USA
July 21
July 25		 O'Reilly Open Source Convention Portland, OR, USA
July 21
July 22		 Ubuntu Live - cancelled Portland, Oregon, USA
July 23
July 26		 Ottawa Linux Symposium Ottawa, Canada
July 26 PyOhio 2008 Columbus, OH, USA
July 26
July 27		 EuroSciPy2008 Leipzig, Germany
August 1 LLVM Developers' Meeting Cupertino, CA, USA
August 3
August 9		 DebCamp 2008 Mar del Plata, Argentina
August 4
August 7		 LinuxWorld Conference & Expo San Francisco, CA, USA
August 9
August 16		 Akademy 2008 Sint-Katelijne-Waver, Belgium
August 9
August 17		 Linuxbierwanderung (Linux Beer Hike) Samnaun/Compatsch, Switzerland
August 10
August 16		 Debian Conference 2008 Mar del Plata, Argentina
August 11
August 15		 SAGE-AU'2008 Adelaide, Australia
August 12
August 14		 Flash Memory Summit Santa Clara, CA, USA
August 13
August 15		 YAPC::Europe 2008 Copenhagen, Denmark
August 18 Debian Day Buenos Aires, Argentina
August 19
August 24		 SciPy 2008 Conference Pasadena, CA, USA
August 20
August 22		 Jornadas Regionales de Software Libre Buenos Aires, Argentina
August 23
August 24		 FrOSCon 2008 Saint Augustin, Germany
August 26
August 29		 WebGUI Users Conference 2008 Madison, WI, USA
August 27
August 30		 Drupalcon Szeged 2008 Szeged, Hungary
August 28
August 30		 Utah Open Source Conference 2008 Salt Lake City, UT, USA
September 2
September 4		 RailsConf Europe 2008 Berlin, Germany
September 5
September 7		 FUDCon Brno 2008 Brno, Czech Republic
September 6
September 7		 DjangoCon 2008 Mountain View, CA, USA
September 7
September 10		 Workshop on Open Source Software for Computer and Network Forensics Milan, Italy
September 7
September 14		 Python Game Programming Challenge Online

If your event does not appear here, please tell us about it.

Audio and Video programs

LugRadio to end soon

The popular LugRadio podcast will soon be recording its last show. The most recent edition was the second-to-last "regular" show, with one more to follow, as well as a live final show to be recorded at LugRadio Live in the UK on the 19th and 20th of July. More info can be found at Jono Bacon's blog as well as Stuart Langridge's blog (from which we quote): "I probably ought to say: it isn't because we’ve had a row or anything. We want the show to go out on a high — always leave 'em wanting more, isn't that the showbiz mantra? — and everyone can name programmes that have outstayed their welcome by stringing it out for just one more season. I would like to keep those people who don't think that we jumped the shark 104 shows ago to be still thinking that the show was good even after it's over."

Comments (2 posted)

Page editor: Forrest Cook


Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds