|
|
Subscribe / Log in / New account

LWN.net Weekly Edition for July 9, 2009

Google Chrome OS and the community

By Jonathan Corbet
July 8, 2009
On July 7, Google let the world know about a project called "Google Chrome OS." It is a new operating system, meant to run (initially) on netbooks. As would be expected from Google, there will be a strong emphasis on web applications; much work is also apparently going into fast booting, security, and a simplified user interface. Google promises to open-source the code toward the end of the year; commercial shipments are expected in the latter half of 2010.

Much of the mainstream press sees this move as a frontal assault on Microsoft, and that it may well be. Microsoft appears to have regained the upper hand on the netbook platform for now, but Windows does not come across as a perfect fit for that sort of platform. But it might not just be Microsoft which feels discomfort from this new operating system; it's not clear that this effort will be good for Linux either. Much depends on how Google works with the free software community; past experience suggests that there could be cause for worry.

Those who would criticize Linux like to point at the vast number of distributions available. They charge (rightly) that fragmentation did a lot of damage to proprietary Unix; Linux, they say, is far more fragmented than Unix ever was. In truth, fragmentation has been a relatively small problem for Linux. It is worth spending a moment to look at why.

One of the reasons, clearly, is that all Linux distributions are based on the same kernel. Some distributors apply more patches than others, but it is, for all practical purposes, the same platform underneath. The accelerated development process adopted for 2.6 has helped in this regard; useful code gets into the mainline quickly enough that there is little reason for distributors to patch significant functionality into their own kernels. On top of that, the "upstream first" ethic ensures that enhancements to the kernel are available to all distributors and, thus, to all users.

On top of that, much of the "plumbing layer" on top of the kernel is also common to all distributors. The availability and management of libraries works well enough that it's often possible to move complicated binaries between distributions and expect them to run. That is a high degree of compatibility for a "fragmented" platform. The end result is almost zero lock-in for most Linux users. The ability to move to a different distribution while still running Linux is one of the greatest strengths of the platform; it is a direct manifestation of the value of free software for users. As long as the ability to switch remains such a fundamental feature of Linux, we need not fear fragmentation.

So the real question is: will Google's new operating system play by the rules which have provided such consistency across Linux distributions? The real answer won't be known for some time. But Google Chrome OS will not be Google's first Linux-based operating system; that distinction belongs to Android. So perhaps we can get a foreshadowing of how things will work by looking at what was done with Android:

  • The kernel was indeed Linux, but what Android ships is far removed from a mainline release. A great deal of code was added behind closed doors and committed to the platform before any sort of public release or review. Much of it has no real hope of getting into the mainline kernel ever. Even now, Android kernel code, while being available in a public git tree, is developed separately from the mainline. With some small exceptions, nobody from Google is making any real effort to get Google's code reviewed in the wider community or merged into the official kernel.

  • The plumbing layer is totally different; Google rolled its own C library for Android. The motivations for this work are not entirely clear, but it does seem that Google has gone out of its way to avoid GPL-licensed code, and code owned by the Free Software Foundation in particular.

  • Several of the applications are proprietary.

The end result is that, while Android is based on the Linux kernel, it does not, in its default form, feel much like a Linux system. Ordinary Linux applications do not just run on Android. With effort, one can supplement Android with the features needed to run "normal" Linux; one can even put a full Debian environment onto it. But it's an add-on, not part of the platform itself.

One could argue that Android sits in a special niche: it runs on mobile phones and must, among other things, operate in a way acceptable to handset manufacturers and cellular providers - not always the most accommodating sorts of companies. Google Chrome OS is, instead, aimed at desktop-like applications. It will operate in a niche where ordinary Linux can be found; perhaps, as a result, it will be more like ordinary Linux. Time for a closer look at the announcement:

  • Code is to be released "later this year." But this is a project which has been underway for a while, and which will, undoubtedly, proceed quickly during this time. So we are not starting with community-based development; we'll get another code dump some months from now.

  • Google is "completely redesigning the underlying security architecture of the OS". How that security model will be enforced is unclear - it could involve kernel changes, or it could be embedded within a virtual machine. Either way, it does not sound like a feature which will enhance compatibility with other Linux distributions. Security is important, and it does not come out well when designed behind closed doors. If Google has a better way to do security on Linux, it should be sharing its ideas and getting community input now; presenting a new security model as a fait accompli months from now will not be helpful.

  • There will be a new windowing system; no more details than that are available. How new and different will it be? Will Google Chrome OS be able to run X applications?

The picture which emerges looks a lot like Android: a platform which takes a number of pieces from Linux, but which is not like Linux, and which does not really give back to Linux.

Perhaps that picture is wrong. Perhaps Google is secretly working with one or more Linux distributors, or with projects like Moblin or Maemo, which are doing a great job of achieving many of the objectives Google has set for its new operating system. Just maybe, Google is working to strengthen the projects its work is based upon, rather than trying to supplant them. Possibly, when Google says:

We have a lot of work to do, and we're definitely going to need a lot of help from the open source community to accomplish this vision.

it really means to work with the community and not just absorb work from the community. Your editor very much hopes so, but your editor also recognizes that this would require a different approach to the community than Google has shown in the past.

Android is a good thing: it has brought Linux to a new class of platforms and created a new development community based on free software. The Android developers have taken the time to rethink how the system works and to attempt some innovative new approaches; we can never have too much of that. There can be no doubt that the same will be true of Google Chrome OS; it will be interesting to see what they come up with. But also can be no doubt that Google Chrome OS could be a lot better if it were developed within the community instead of on top of it. Your editor wishes Google the best of luck with this ambitious project and hopes that the larger community will truly be able to be a part of it.

Comments (45 posted)

Identi.ca pushes forward

July 8, 2009

This article was contributed by Nathan Willis

Identi.ca, the open microblogging site popular with free software advocates, just passed its one-year anniversary — a milestone that happened to roughly coincide with an major upgrade to Laconica, the software package that runs the site. The upgrade brings new functionality to Identi.ca, and lays the groundwork for a new commercial microblogging offering from the free service's creator. The dual commercial and free product lines are an important move for the company, as the free software community seeks business models fit for distributed network services.

Identi.ca is run by Montreal-based Control Yourself. CEO Evan Prodromou chuckles at the term "Twitter clone," but that is how many outsiders refer to the service. The Laconica software implements a Twitter-like web application, and can use the Twitter API to connect to many of the same software applications and third-party services. It has its own, native API, however, based on the Open MicroBlogging (OMB) specification. OMB supports features not found on Twitter (such as groups), and allows federation, meaning a user on any OMB site can subscribe to notices from users on every other OMB site, without the hassle of creating additional accounts.

The 0.8 update to Laconica, codenamed "Shiny Happy People," brought several new features to Identi.ca, including file attachments, page theming, conversation threading, and Facebook support. Behind the scenes, 0.8 adds offline processing of queued messages via Streaming Text Orientated Messaging Protocol (STOMP) queue servers like ActiveMQ or RabbitMQ, reducing strain on the database server and making it easier to scale the service up. A statistics package will optionally report non-privacy-invading data (such as the number of users and messages, version number of dependencies, etc.) back to the Laconica project.

Paid service on free software

Although the public got its first taste of Laconica 0.8 when Identi.ca upgraded, others have been testing the code out in private. Control Yourself's paid service Status.net is not yet open for business, but a private group of invited beta testers have been coming online . Status.net offers customers a fully hosted Laconica microblogging service courtesy of their choice of subdomains (e.g., yournickname.status.net). In Prodromou's preview announcement, he listed several facets of Status.net accounts that distinguish it from a personal account at Identi.ca or another free service, including the ability to incorporate advertising, to make the site private for internal or team use only, to integrate the site with other existing sites or user databases, and to change the license terms attached to status updates (by default, Identi.ca requires a liberal Creative Commons Attribution license applied to all content).

Prodromou anticipates the paid service attracting customers from blogging, media, and corporate circles who want to make use of microblogging but are not interested in the overhead required to run an internal OMB server. He said about 20 customers are already up and running in the private beta, with another 30 on track before the public launch at the end of the summer. Although he could not disclose any names, he described them as "marquee clients" that will help show off the platform.

Status.net will have tiered pricing based on the type of account, and customers' subdomains will be able to be mapped to external domains to better integrate with existing web sites. Prodromou said the service will cater to three distinct classes of client: Enterprise, Publisher, and Community. Enterprise customers will get a private in-house microblogging environment similar to offerings from yammer.com, paying by-the-user. Publisher clients are more interested in the broadcast model, sending out status messages linked back to their own site's material, and delivered to multiple channels including Twitter, the Web, and Facebook. Community service is intended to serve groups and organizations who want to create a focused microblogging community around a specific topic or theme; Prodromou described this as similar to what is offered by ning.com.

He added that Status.net will offer pricing competitive with other players in the microblogging market, but that the new service will beat them "hands down" on features, functionality, and client support. "We also think the flexibility of being able to easily move off our platform makes us a great choice."

Openness changing the landscape

That last sentiment is where open source software breaks from traditional businesses' conventional wisdom. Vendor lock-in is a tried and proven strategy; open source has used freeing customers from it as a selling point in the desktop and server market for years. Prodromou does not see any difference in the network service market. "One of the nice things about Open Source in the cloud is that it gives you a lot of choice," he said — including the ability to change directions if your first vendor fails or changes the terms. "People have Web site fatigue — they're tired of investing time, energy, and social capital into new sites where they're not sure what the endgame of the company is."

Clients can easily migrate from a hosted Laconica service to a rival, or to running their own instance. Individual users and entire sites can export the accumulated "friend" and "follower" relationships between accounts in the public Friend Of A Friend (FOAF) format. Laconica was initially the only implementation of the OMB protocol, but others (such as Google's Apache-licensed JaikuEngine) now support it as well. Prodromou is pleased that other service providers are involved. "I don't think a single-implementation protocol can be robust enough. You need to have lots of implementers stretching the boundaries."

Microblogging is the latest communication tool, but the community can learn from the past. "We haven't had an important communications medium on the Internet succeed without a leading Open Source implementation," he noted, citing SMTP and HTTP as examples. The prime counter-example is instant messaging, which was long dominated by AOL Instant Messenger (AIM), and remains a fractured field to this day. "We have two good, competing protocols (SIMPLE and Jabber) and one good Open Source implementation on the server side. The main IM vendors never got synched on the protocol, and what resulted was a solution based on multi-protocol clients. I think that's been a downside of IM."

Consequently, he is amused by Twitter creator Jack Dorsey's dismissal of Identi.ca as one of "a lot of Twitter clones." Laconica and OMB are considerably more feature-rich that Twitter, he observed, and although the Identi.ca web site preserves the minimalist outlook of Twitter's site, "I don't think we're a copy, though; more of a next iteration on the concept." When he heard Dorsey's remark, "All I could think was, 'You're gonna see a lot more, if we get our way!'"

How now, network service

OMB undoubtedly offers users more than Twitter does; Twitter has even removed popular features like tracking. Prodromou is breaking relatively new ground by trying to support Laconica development with the commercial Status.net service, though.

Control Yourself has been privately funded, underwriting the development time and bandwidth costs of Identi.ca's 70,000 user accounts, but that cannot continue indefinitely. Open source desktop and server software companies have faced the same question for years, and several business models have proven themselves popular and sustainable: consulting on private installations, selling proprietary add-ons, and enterprise support contracts, for example.

The Status.net service is a mix of the private consultation and enterprise support models. Prodromou sees it as similar to the approach taken by SugarCRM and Wordpress, both of which offer their core software as open source, but sustain development with commercial services based on the same code base. "Clearly the choice that they offer users makes people comfortable with putting their time and energy into those platforms. Comparing Sugar to SalesForce.com, or WordPress to Blogger, you can see that open source is their secret weapon — what differentiates them from the market leader."

Bradley Kuhn of the Software Freedom Law Center said that he thinks network services like microblogging are a natural fit for the enterprise support free software business model:

In my view, Twitter and Facebook are designed around the (incorrect) startup model of the late 1990s: find technology that looks cool, dump tons of money in it and assume a business model will magically emerge once everyone has heard of you.

This isn't the way real FLOSS business has ever worked. We're people that build brands around individuals and small groups of talented people. Even Red Hat started this way. And, this network service thing is ripe for that sort of model. A big tech company isn't going to want their employees dumping corporate-private information on Twitter, but they are eventually going to want the network effect of social networking and group collaboration software. An AGPLv3'd business model works perfectly in this space, just as the GPL'd model worked so well in the computing industry of the late 1990s and early 2000s.

A more direct comparison than SugarCRM or Wordpress might be to Jabber, original creator of the Extensible Messaging and Presence Protocol (XMPP) protocol and its first server. Jabber also ran a free public service at jabber.org and sold enterprise consulting services to support the software and protocol development. By all accounts, the business was successful; Cisco acquired Jabber in September of 2008 for an undisclosed amount. XMPP has gone on to become an IETF standard under the guidance of the XMPP Standards Foundation.

On the other hand, an excellent, open technical standard is no guarantee of success — one needs only to look at the voice over IP (VoIP) marketplace for that. The closed, proprietary, and non-interoperable Skype still dominates the consumer VoIP market, in spite of Session Initiation Protocol's (SIP) technical superiority and IETF endorsement. In 2004, French telecom provider Wengo attempted to compete head-to-head against Skype with a SIP-based, cross-platform VoIP application called WengoPhone, but by 2007 it abandoned the project and left the VoIP business.

There are certainly successful commercial companies in the Internet telephony business, most notably Digium, the sponsor of telephony server Asterisk. Prodromou is not oblivious to the challenges of commercial competition; he co-founded Wikitravel, which competes successfully against much larger and industry-backed travel and tourism web sites. For microblogging, he thinks that Status.net offers customers not merely a private status update system, but a method to build focused communities — a service not possible on the broad social networking sites. "We've heard a lot of people talking about building communities on Twitter or Facebook, and how inter-community communication gets lost in the noise of those general purpose sites." Status.net will allow the world to see what that looks like, and hopefully push microblogging in new directions at the same time.

[ Editors Note: You can follow LWN on Identi.ca as lwnnet, as well as on Twitter as—you guessed it—lwnnet. ]

Comments (10 posted)

Why people don't test development distributions

By Jonathan Corbet
July 6, 2009
Development distributions play a crucial role in the free software ecosystem. They are the proving ground where much new software is first exposed to a wider user community; they are also the place where this software demonstrates how well it plays with other packages. Distributors would like to see wider testing of their development releases, but, as your editor's recent experience shows, there are limits to how wide this testing community can be expected to be.

Your editor has a habit of running development distributions on real-work machines. There is no better way to stay on top of what the development communities (at both the distributor and upstream levels) are up to; it's also a way to help the community by finding and reporting bugs. Much of June was spent traveling, though, with the result that these machines were generally on the wrong side of an ocean and, thus, fell behind the leading edge. On return, after shoveling out a horrifying inbox, your editor decided to bring his desktop system up to current Rawhide. After all, what could possibly go wrong?

Anybody who has worked with development distributions for any period of time knows that the early part of the distribution development cycle is when things are most likely to go wrong. That's when the distribution-wide, disruptive changes go in. Traffic on the mailing lists suggested that, after the Fedora 11 release, Rawhide did not disappoint anybody looking to add a little adrenaline to their working day. Still, it seemed that things had settled out a bit; one tester responded to a query from your editor by saying:

You have missed all the fun! :-) Rawhide just got back to usable state where I can begin reporting bugs again. Firefox has been completely weird, Evolution won't even start here, the kernel has done a good job of cooking my system drawing about twice the normal amount of power...

So your editor upgraded. Sound stopped working. The screen saver started leaving the display in a weird, low-color-resolution state. And, most annoyingly, the keyboard layout went fully into psychedelic country. Selecting the indispensable GNOME "caps lock is another Control" option yielded a keyboard with no Control key at all; turning that option off restored control - to the Alt-left key. The Alt modifier appeared to be entirely unobtainable - a situation which can only serve to cause extreme misery to any serious Emacs user.

All inconvenient, but, then, development distributions can be like that; one should not venture into that world if one is not prepared to encounter occasional bizarre behavior. Often, in cases like this, the best thing to do is to report the problems and follow the leading edge closely in the hope that fixes will be uploaded soon. So that's what your editor did.

Your editor, drawing on many years of system administration experience, had come to the reasoned conclusion that it was a good time to run away screaming. Big mistake. Just before the holiday weekend in the US, somebody uploaded a broken prelink which hosed most important executables on the system. The result was a box which wouldn't boot and which couldn't really even be fixed from a rescue disk. It now seems that running prelink -au * from a rescue disk might be a way for other afflicted users to get their boxes back. By the time that was posted, though, your editor, drawing on many years of system administration experience, had come to the reasoned conclusion that it was a good time to run away screaming.

A helpful hint for development distribution users: have at least one other root-suitable partition set aside on the system. All useful files not directly tied to the distribution should be stored elsewhere. If things get really ugly, one can always boot an emergency backup partition and end up with a usable system. This article is currently being typed using a system kept on such a partition.

Others recommend running development distributions within virtualized guests or on sacrificial boxes. Both of those techniques are useful, but they miss an important point: the best way to find problems in new software is to use it for real work. If people are not trying to actually get things done with a development distribution, they are going to miss a lot of the bugs. Those bugs will then turn up after the (allegedly) stable release, biting users who didn't think they were signing up for alpha-level software. We need people doing more than just convincing themselves that the testing box boots properly.

For this reason, Fedora, like other distributors, would like to see more people testing its development distribution. Your editor would like to see that too; testing of early releases is one of the "prices" that many of us need to pay to help ensure that our free software is as good as we expect it to be. Besides, tracking an evolving system is often fun; it can help to bring users further into our community. But it is hard to tell most users that they should be running a development distribution if it's liable to leave them with a smoking wreckage of a system when they really need to get some work done.

And, it should be noted, problems like this are certainly not limited to Rawhide; Ubuntu testers who updated gdm at the wrong time will certainly be questioning their karma as this is being written.

So, what can be done to make development distributions safer for a wider community of testers? Absolute safety seems unattainable, but there are some things which could be done:

  • Create a version of the distribution containing packages which have shown a relatively low level of combustibility. The alpha releases done by some distributors are a step in this direction; there is usually an attempt made to stabilize things a little bit prior to the release. But these releases tend to leave testers somewhat behind the current state of the art. Debian's "testing" distribution is probably the best example of how this can be done on an ongoing basis.

  • Provide an indication of the state of the distribution. Many beaches are equipped with red flags which are posted when dangerous currents are present. Wouldn't it be nice if an apt-get upgrade could respond with a message like "the current threat condition is orange, you may want to reconsider"?

  • A built-in rollback system which can undo the effects of an ill-advised upgrade, even if the system as a whole has been reduced to rubble. The Btrfs snapshot mechanism should be well suited to this sort of feature - once Btrfs is stable enough to be used on a root partition.

This is an issue which merits some thought. If we can make testing easier and safer, we should end up with more testers. That, in turn, should lead to more stable releases and, just importantly, users who have more invested in the software and the process which creates it. It is hard to see how those could fail to be good things.

Comments (76 posted)

Page editor: Jonathan Corbet

Security

DNSCurve: an alternative to DNSSEC

By Jake Edge
July 8, 2009

The Domain Name System (DNS) has been with us for a long time, turning host and domain names into IP addresses. Along the way, numerous flaws have been found in the protocol, including last year's Kaminsky DNS flaw, which just added to the clamor to see DNS replaced. But, DNS still hasn't gone away, and doesn't look like it will anytime soon, at least partially because its replacement, DNSSEC, doesn't really resolve all of the problems, and it creates some of its own. A proposal by Daniel J. Bernstein (aka djb), called DNSCurve, has some interesting features that might make it a viable alternative to DNS and DNSSEC—perhaps one that can be widely adopted.

Bernstein, author of qmail and djbdns, has a reputation for creating secure software, but he tends to play by his own rules. Both qmail and djbdns use Bernstein's own monitoring and inetd replacement, rather than using the "standard" UNIX tools. But, his results are good, the security guarantee he offers for qmail (and a similar one for djbdns) have yet to be claimed—though some argue that is because Bernstein himself makes the final decisions as to what qualifies. One thing is clear, though, his djbdns did anticipate the Kaminsky flaw, and didn't need to be patched when most of the other DNS servers did.

In some ways, DNSCurve continues the Bernstein "maverick" trend. The fundamental difference between DNSCurve and DNSSEC is that the latter set out to ensure that there would be no cryptography necessary on each query. It does that by pre-computing signatures, which makes it vulnerable to replay attacks. Instead, DNSCurve embraces per-query encryption, but it does so by leveraging an encryption algorithm, called Elliptic Curve Cryptography (ECC), which is much faster than RSA.

Part of what makes ECC more efficient is that it can use much smaller keys than RSA (256 bits vs. 1024 or more bits) to give the equivalent level of security. In addition, the best known attacks on ECC haven't gotten any better in the nearly 25 years since it was introduced. In a recent presentation [PDF], Bernstein shows a benchmark of server side performance: "Using this software, a low-cost PC with a 2.4GHz Core 2 Quad CPU can encrypt and authenticate 50 billion packets/day to 500 million clients. [...] The total load on .com is 38 billion packets/day from 5 million clients.".

Bernstein uses a particular curve, Curve25519, for DNSCurve. It is based on a "convenient" prime, 2^255 - 19, which is where it gets its name. That curve is the subject of a paper [PDF] by Bernstein entitled "Curve25519: new Diffie-Hellman speed records". ECC is thought to be a patent minefield, but Bernstein disputes the idea that Curve25519 is covered by patents. As with so many of the newest technologies, though, patent problems are something to keep on eye on regarding DNSCurve.

DNSCurve also changes the way nameservers for domains are named. Instead of arbitrary hostnames, like ns3.lwn.net (an non-existent example), the ns3 portion would be changed to an encoding of the domain's public key. In that way, no additional packets need to be sent to handle the key exchange, as the normal DNS query sequence would provide that name.

A DNS query would consist of a message that contained the client's public key, along with the actual query, encrypted using the server's public key. The response would also be encrypted, this time using the client's public key. In both cases, the packets would be signed in such a way that each side could verify that the packet came from the right host.

The DNSCurve web site has a wealth of information about DNSCurve, and how it differs from DNSSEC. For the most part, it protects against various DNS-based attacks better than DNSSEC, but there are a few areas where DNSSEC is more secure. In particular, private keys on DNSSEC hosts cannot be compromised by an attacker gaining control of the DNS server—provided the administrator has removed the key from that server. Because DNSSEC pre-computes the encrypted data, the private key is not required to be installed on the server, in contrast to DNSCurve.

DNSCurve is just a part of Bernstein's effort to see the internet encrypt all of its traffic. His vision is that by using ECC and Curve25519 (or some other, efficient, but strong, encryption), there would be no plaintext traffic on the net. That vision is a sensible one, whether Bernstein's particular implementation ideas are adopted or not. Eventually, universal encryption of internet traffic is something we are very likely to see.

Comments (24 posted)

Brief items

OpenSSH update

OpenSSH maintainer Damien Miller has responded to the rumors of an active OpenSSH exploit in the wild. "I don't have any non-public information. I have exchanged some emails with one of the victims of the alleged sshd 0day, but he was not able to provide any evidence that the attack was sshd-related. In particular, I spent some time analysing a packet trace that he provided, but it seems to consist of simple brute-force attacks. So, I'm not pursuaded that an 0day exists at all. The only evidence so far are some anonymous rumours and unverifiable intrusion transcripts." This doesn't mean that nothing is going on, of course, but there is reason to hope that this is a false alarm.

Full Story (comments: none)

Attempted Break-In on www.centos.org

CentOS is reporting that there was a break-in attempt made on the www.centos.org server. Due to an "administrative error", the Xoops content management system was abused to put some content onto the web server. "As far as we can see there has been no data or binary injected into the system or taken from the system. The machine hasn't been used as a source for sending spam (in the widest possible meaning) either. [...] We have been able to identify the source of the attacks, but have not been able to find out if the files have been put there through a compromised user account in the Xoops system." Click below for the full text of the announcement.

Full Story (comments: none)

New vulnerabilities

drupal: multiple vulnerabilities

Package(s):drupal CVE #(s):
Created:July 6, 2009 Updated:July 8, 2009
Description:

From the Drupal advisory:

  • Cross-site scripting: The Forum module does not correctly handle certain arguments obtained from the URL. By enticing a suitably privileged user to visit a specially crafted URL, a malicious user is able to insert arbitrary HTML and script code into forum pages. Such a cross-site scripting attack may lead to the malicious user gaining administrative access. Wikipedia has more information about cross-site scripting (XSS).

  • Input format access bypass: User signatures have no separate input format, they use the format of the comment with which they are displayed. A user will no longer be able to edit a comment when an administrator changes the comment's input format to a format that is not accessible to the user. However they will still be able to modify their signature, which will then be processed by the new input format. If the new format is very permissive, via their signature, the user may be able to insert arbitrary HTML and script code into pages or, when the PHP filter is enabled for the new format, execute PHP code.

  • Pasword leaked in URL: When an anonymous user fails to login due to mistyping his username or password, and the page he is on contains a sortable table, the (incorrect) username and password are included in links on the table. If the user visits these links the password may then be leaked to external sites via the HTTP referer. In addition, if the anonymous user is enticed to visit the site via a specially crafted URL while the Drupal page cache is enabled, a malicious user might be able to retrieve the (incorrect) username and password from the page cache.
Alerts:
Fedora FEDORA-2009-7315 drupal 2009-07-03
Fedora FEDORA-2009-7406 drupal 2009-07-03
Fedora FEDORA-2009-7362 drupal 2009-07-03

Comments (none posted)

ipplan: cross-site scripting

Package(s):ipplan CVE #(s):CVE-2009-1732
Created:July 6, 2009 Updated:July 8, 2009
Description:

From the Debian advisory:

It was discovered that ipplan, a web-based IP address manager and tracker, does not sufficiently escape certain input parameters, which allows remote attackers to conduct cross-site scripting attacks.

Alerts:
Debian DSA-1827-1 ipplan 2009-07-06

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2009-1914
Created:July 2, 2009 Updated:July 29, 2009
Description: The Linux kernel has a denial of service vulnerability. From the National Vulnerability Database entry: "The pci_register_iommu_region function in arch/sparc/kernel/pci_common.c in the Linux kernel before 2.6.29 on the sparc64 platform allows local users to cause a denial of service (system crash) by reading the /proc/iomem file, related to uninitialized pointers and the request_resource function."
Alerts:
Debian DSA-1844-1 linux-2.6.24 2009-07-28
Ubuntu USN-793-1 linux, linux-source-2.6.15 2009-07-02

Comments (none posted)

libtiff: denial of service

Package(s):libtiff CVE #(s):CVE-2009-2285
Created:July 6, 2009 Updated:December 4, 2009
Description:

From the CVE entry:

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.

Alerts:
Oracle ELSA-2012-0468 libtiff 2012-04-12
Mandriva MDVSA-2009:169-1 libtiff 2009-12-03
SuSE SUSE-SR:2009:013 memcached, libtiff/libtiff3, nagios, libsndfile, gaim/finch, open-, strong, freeswan, libapr-util1, websphere-as_ce, libxml2 2009-08-11
Gentoo 200908-03 tiff 2009-08-07
Mandriva MDVSA-2009:169 libtiff 2009-07-28
CentOS CESA-2009:1159 libtiff 2009-07-23
Fedora FEDORA-2009-7775 libtiff 2009-07-19
Fedora FEDORA-2009-7724 libtiff 2009-07-19
Fedora FEDORA-2009-7717 mingw32-libtiff 2009-07-19
Red Hat RHSA-2009:1159-01 libtiff 2009-07-16
Debian DSA-1835-1 tiff 2009-07-15
Mandriva MDVSA-2009:150 libtiff 2009-07-13
Ubuntu USN-797-1 tiff 2009-07-06
Fedora FEDORA-2009-7417 libtiff 2009-07-03
Fedora FEDORA-2009-7358 libtiff 2009-07-03
Fedora FEDORA-2009-7335 libtiff 2009-07-03

Comments (none posted)

mod_security: denial of service

Package(s):mod_security CVE #(s):CVE-2009-1902 CVE-2009-1903
Created:July 3, 2009 Updated:July 31, 2009
Description: From the Gentoo advisory: Multiple vulnerabilities were discovered in ModSecurity:

* Juan Galiana Lara of ISecAuditors discovered a NULL pointer dereference when processing multipart requests without a part header name (CVE-2009-1902).

* Steve Grubb of Red Hat reported that the "PDF XSS protection" feature does not properly handle HTTP requests to a PDF file that do not use the GET method (CVE-2009-1903).

Alerts:
Mandriva MDVSA-2009:184 apache-mod_security 2009-07-31
Mandriva MDVSA-2009:183 apache-mod_security 2009-07-31
Gentoo 200907-02 mod_security 2009-07-02

Comments (none posted)

nagios: arbitrary program execution

Package(s):nagios2, nagios3 CVE #(s):CVE-2009-2288
Created:July 3, 2009 Updated:August 11, 2009
Description: From the Ubuntu advisory: It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server.
Alerts:
SuSE SUSE-SR:2009:013 memcached, libtiff/libtiff3, nagios, libsndfile, gaim/finch, open-, strong, freeswan, libapr-util1, websphere-as_ce, libxml2 2009-08-11
Mandriva MDVSA-2009:187 nagios 2009-08-01
Gentoo 200907-15 nagios-core 2009-07-19
Debian DSA-1825-1 nagios2 2009-07-03
Ubuntu USN-795-1 nagios2, nagios3 2009-07-02

Comments (none posted)

ocsinventory-agent: insecure module search path

Package(s):ocsinventory-agent CVE #(s):CVE-2009-0667
Created:July 7, 2009 Updated:October 22, 2010
Description: From the Debian advisory: It was discovered that the ocsinventory-agent which is part of the ocsinventory suite, a hardware and software configuration indexing service, is prone to an insecure perl module search path. As the agent is started via cron and the current directory (/ in this case) is included in the default perl module path the agent scans every directory on the system for its perl modules. This enables an attacker to execute arbitrary code via a crafted ocsinventory-agent perl module placed on the system.
Alerts:
Fedora FEDORA-2010-16334 ocsinventory-agent 2010-10-14
Fedora FEDORA-2010-16335 ocsinventory-agent 2010-10-14
Debian DSA-1828-1 ocsinventory-agent 2009-07-07

Comments (none posted)

openswan: input validation flaws

Package(s):openswan CVE #(s):CVE-2009-2185
Created:July 2, 2009 Updated:September 12, 2013
Description: openswan has multiple input validation flaws. From the Red Hat alert: Multiple insufficient input validation flaws were found in the way Openswan's pluto IKE daemon processed some fields of X.509 certificates. A remote attacker could provide a specially-crafted X.509 certificate that would crash the pluto daemon. (CVE-2009-2185)
Alerts:
Mandriva MDVSA-2013:231 openswan 2013-09-12
Gentoo 200909-05 openswan 2009-09-09
SuSE SUSE-SR:2009:013 memcached, libtiff/libtiff3, nagios, libsndfile, gaim/finch, open-, strong, freeswan, libapr-util1, websphere-as_ce, libxml2 2009-08-11
Fedora FEDORA-2009-7478 openswan 2009-07-11
Fedora FEDORA-2009-7423 openswan 2009-07-11
CentOS CESA-2009:1138 openswan 2009-07-02
Red Hat RHSA-2009:1138-01 openswan 2009-07-02
Mandriva MDVSA-2009:273 strongswan 2009-10-12
Debian DSA-1899-1 strongswan 2009-10-02
Debian DSA-1898-1 openswan 2009-10-02

Comments (none posted)

phpMyAdmin: cross-site scripting

Package(s):phpMyAdmin CVE #(s):CVE-2009-2284
Created:July 6, 2009 Updated:August 5, 2009
Description:

From the phpMyAdmin advisory:

It was possible to conduct an XSS attack via a crafted SQL bookmark.

Alerts:
Mandriva MDVSA-2009:192 phpmyadmin 2009-08-05
Fedora FEDORA-2009-7329 phpMyAdmin 2009-07-03
Fedora FEDORA-2009-7340 phpMyAdmin 2009-07-03
Fedora FEDORA-2009-7337 phpMyAdmin 2009-07-03

Comments (none posted)

pidgin: denial of service

Package(s):pidgin CVE #(s):CVE-2009-1889
Created:July 2, 2009 Updated:December 7, 2009
Description: pidgin has a denial of service vulnerability. From the Red Hat alert: A denial of service flaw was found in the Pidgin OSCAR protocol implementation. If a remote ICQ user sent a web message to a local Pidgin user using this protocol, it would cause excessive memory usage, leading to a denial of service (Pidgin crash). (CVE-2009-1889)
Alerts:
Mandriva MDVSA-2009:321 pidgin 2009-12-06
SuSE SUSE-SR:2009:013 memcached, libtiff/libtiff3, nagios, libsndfile, gaim/finch, open-, strong, freeswan, libapr-util1, websphere-as_ce, libxml2 2009-08-11
Gentoo 200910-02 pidgin 2009-10-22
Ubuntu USN-796-1 pidgin 2009-07-06
Fedora FEDORA-2009-7359 pidgin 2009-07-03
Fedora FEDORA-2009-7370 pidgin 2009-07-03
Fedora FEDORA-2009-7415 pidgin 2009-07-03
CentOS CESA-2009:1139 pidgin 2009-07-02
Red Hat RHSA-2009:1139-01 pidgin 2009-07-02

Comments (none posted)

Page editor: Jake Edge

Kernel development

Brief items

Kernel release status

The current development kernel is 2.6.31-rc2, released on July 4. It contains a long list of bug fixes. The short-form changelog is in the announcement, or see the long-form changelog for all the details.

The current stable kernel is 2.6.30.1, released on July 2. It contains a long list of fixes (147 files changed) for serious problems in a number of areas. The 2.6.29.6 and 2.6.27.26 updates came out at the same time; 2.6.29.6 is the final stable update for the 2.6.29 series.

Comments (none posted)

Kernel development news

Quotes of the week (VFAT special)

We put in workarounds for broken hardware, even though we rightfully dislike it. Similarly, in this case a minor change prevents a real problem experienced by our users (yes, I know we only have one public bug report).

It's bad. Yes, let's bitch about it. And workaround it anyway.

-- Rusty Russell

When the vendor of an operating system doesn't even bother to display a clean "sorry, you don't get updates any more" page for their OS then I think it is safe to say that the operating system is dead and buried.
-- Andrew Tridgell

How is shipping something labelled as vfat that doesn't work properly "fighting back". It's "trying to make the users think our code is crap".
-- Alan Cox

Comments (1 posted)

In brief

By Jonathan Corbet
July 8, 2009
VFAT. The VFAT patent workaround discussion continues, focused primarily on two points. The first is whether it is appropriate to put patent workarounds into the kernel. The main opposition comes from Alan Cox, who asserts that individual companies need to find ways to navigate around country-specific legal landmines; workarounds for these problems should not find their way into the upstream code. Besides, Alan claims that vendors who are worried about patent suits will not be satisfied with a kernel configuration option; they will hack out the code entirely.

Meanwhile, Andrew Tridgell continues to push for the use of workarounds - a strategy which has worked well for Samba. Tridge says:

The only weapon we have to fight patents right now is our collective ability to find smart solutions to problems. The "every vendor for themselves" approach that you seem to be so keen on makes that collective approach pretty much impossible.

How this side of things will play out remains to be seen. Meanwhile, there has also been an extensive technical discussion focused on interoperability problems caused by the patch. Some of these problems, as explained by Tridge, are really the result of various existing VFAT mount options; in some cases, even without the patch under discussion, Linux will create long name entries for names which appear to fit the 8.3 format. This kind of interoperability problem has existed for quite some time.

Mount options do not explain all of the problems, though. It seems that there are some music players out there which understand long names, but which still require that valid 8.3 names exist. There are also difficulties with Windows98 which may (or may not) be resolved by changes in how the patch fills the 8.3 information. Tridge suggests that Windows98 is old enough to not be worth supporting, but not all agree on that.

The checkpatch police. Alan Cox recently proposed the addition of a new event interface for the virtual terminal driver. Ingo Molnar responded with a list of errors from the checkpatch.pl script, requesting that they be fixed. Alan's reply was:

Given the code doesn't currently *work* yet but is a first draft its hardly important and there are better uses of time than playing checkpatch policeman.

What followed was an extensive discussion on the value of checkpatch.pl, whether code should be checkpatch-clean even before first submission, whether coding style problems should be fixed piece-by-piece as other work is done, and so on. Ingo would like to see coding style issues dealt with early on; among other things, consistent coding style makes reviewing the code much easier. Alan sees that sort of cleanup as a distraction, to be done after more substantial issues (which are not lacking in the TTY code) have been dealt with.

Consensus was not to be had in this discussion; expect this to be one of those themes which returns regularly to linux-kernel.

Comments (10 posted)

Some ado about zero

By Jonathan Corbet
July 7, 2009
Computers use a lot of zeroes. Early in your editor's programming career, he worked on a machine that provided a special hardware register containing zero; programmers on this system knew they could use all the zeroes they needed with no fear of running out. Meanwhile, in this century, the Linux kernel sets aside a page full of zeros. It's called empty_zero_page on the x86 architecture, and it's even exported to modules. Interestingly, this special page is not used as heavily as it was prior to the 2.6.24 kernel, but that may be about to change.

In the good old days, the kernel would use the zero page in situations where it knew it needed a page full of zeroes. So, for example, if a process incurred a read fault on a page it had never used, the kernel would simply map the zero page into that address. A copy-on-write mapping would be used, of course; if the process subsequently modified the page, it would end up with its own copy. But deferring the creation of a new, zero-filled page helped to conserve zeroes, keeping the kernel from running out. Incidentally, it also saved memory, reduced cache pressure, and eliminated the need to clear the new page.

Memory management changes made back in 2007 had the effect of adding reference counting to the zero page. And that turned out to be a problem on multiprocessor machines. Since all processors shared the same zero page (per-CPU differences being unlikely), they also all manipulated the same reference count. That led to serious problems with cache line bouncing, with a measurable performance impact. In response, Nick Piggin evaluated a number of possible fixes, including special hacks to avoid reference-counting the zero page or adding per-CPU zero pages. The patch that got merged, though, simply eliminated most use of the zero page altogether. The change was justified this way:

Inserting a ZERO_PAGE for anonymous read faults appears to be a false optimisation: if an application is performance critical, it would not be doing many read faults of new memory, or at least it could be expected to write to that memory soon afterwards. If cache or memory use is critical, it should not be working with a significant number of ZERO_PAGEs anyway (a more compact representation of zeroes should be used).

There was some nervousness about the patch at the time; Linus grumbled about the changes which created the problem in the first place, and worried:

The kernel has *always* (since pretty much day 1) done that ZERO_PAGE thing. This means that I would not be at all surprised if some application basically depends on it. I've written test-programs that depends on it - maybe people have written other code that basically has been written for and tested with a kernel that has basically always made read-only zero pages extra cheap.

Despite his misgivings, Linus merged the patch for 2.6.24 to see what sort of problems might come to the surface. For the next 18 months, it appeared that such problems were scarce indeed; most people forgot about the zero page altogether. In early June, though, Julian Phillips reported a problem he had observed:

I have a program which creates a reasonably large private anonymous map. The program then writes into a few places in the map, but ends up reading from all of them.

When I run this program on a system running 2.6.20.7 the process only ever seems to use enough memory to hold the data that has actually been written (well - in units of PAGE_SIZE). When I run the program on a system running 2.6.24.5 then as it reads the map the amount of memory used continues to increase until the complete map has actually been allocated (and since the total size is greater than the physically available RAM causes swapping). Basically I seem to be seeing copy-on-read instead of copy-on-write type behaviour.

What Julian was seeing, of course, was the effects from the removal of the zero page. On older kernels, all of the unwritten pages in the data structure would be mapped to the zero page, using no additional physical memory at all. As of 2.6.24, each of those pages gets an actual physical page - containing nothing but zeroes - assigned to it, increasing memory use significantly.

Hiroyuki Kamezawa reports that he has seen zero-page-dependent workloads at other sites. Many of those sites, he says, are running enterprise Linux distributions which have not, yet, shipped kernels new enough to lack zero page support. He worries that these users will encounter the same sort of unpleasant surprise Julian found when they upgrade to newer kernels. In response, he has posted a patch which restores zero page support to the kernel.

Hiroyuki's zero page support isn't quite the same as what came before, though. It avoids reference counting for the zero page, a change which should eliminate the worst of the performance problems. It does add some interesting special cases, though, where virtual memory code has to be careful to test for zero pages; the bulk of those cases are handled with the addition of a get_user_pages_nonzero() function which removes any zero pages from the indicated range. Linus dislikes the special cases, thinking that they are unnecessary. Instead, he has proposed an alternative implementation using the relatively new PTE_SPECIAL flag to mark zero pages. As of this writing, a updated version of the patch using this approach has not yet been posted.

Nick Piggin, who wrote the patch removing zero page support in the first place, would rather not see it return. With regard to the affected users, he asks:

Can we just try to wean them off it? Using zero page for huge sparse matricies is probably not ideal anyway because it needs to still be faulted in and it occupies TLB space. They might see better performance by using a better algorithm.

Linus, however, would like to see this feature restored if it can be done in a clean way. So the return of zero page support seems fairly likely, assuming the patch can be worked into sufficiently good shape. Whether that will bring comfort to enterprise kernel users remains to be seen, though; the next generation of enterprise Linux releases look set to use kernels around 2.6.27. Unless distributors backport the zero page patch, enterprise Linux users will still be stuck with the current, zero-wasting behavior.

Comments (14 posted)

A lockless ring-buffer

By Jake Edge
July 8, 2009

One of the outcomes from last year's Kernel Summit and Linux Plumbers Conference was a plan to create a low-level ring-buffer implementation that could be shared among the various kernel and user-space tracing solutions available for Linux. One implementation of the common ring-buffer was released as part of 2.6.28, but it was somewhat lock-heavy, which impacted its performance. Recently, Steven Rostedt has proposed a lockless ring-buffer algorithm, which would eliminate locking on writes, which is the fast path for tracing.

As tracing information is gathered in the kernel, it needs to be stored somewhere very quickly, so that the impact on the timing of the events observed—and system performance overall—is fairly minimal. Reading the data is done from user space, though, so it is generally not performance-sensitive. The current ring-buffer implementation creates a circular, doubly-linked list of pages, along with a head and tail pointer, so writes are done at the tail, while reads are done from the head.

If the ring-buffer gets full, or nearly so, there is the potential for writers to overwrite data in the head page, which could corrupt data that is being read. For this reason, there is a separate reader page, which has been removed from the list entirely, that reader processes can use without being concerned about corruption from writers. But, having that separate page requires that there be a bit of a dance whenever the reader is done with the page and needs a new one. The reader page must be placed back into the list somewhere after the tail, while the current head page needs to be removed as the new reader page, and the head page must be pushed forward. That requires locking.

The diagram below, from Rostedt's ring-buffer-design.txt document, gives an idea of how the ring-buffer would look. Observant readers will note the H pointer, which is the HEADER-flagged pointer described below. 

	      reader page
		  |
		  v
		 +---+
		 |   |------+
		 +---+      |
			    |
			    v
	+---+    +---+    +---+    +---+
    <---|   |--->|   |-H->|   |--->|   |--->
    --->|   |<---|   |<---|   |<---|   |<---
	+---+    +---+    +---+    +---+

Writers can be interrupted by other writers, so long as the interrupting writer completes its write before the interrupted writer can continue. This is in keeping with the way interrupts stack, and it is important that it be enforced for the integrity of the ring-buffer structure. When a write is initiated, space is reserved after the tail pointer to hold the event. This moves the tail pointer, so another pointer, called the commit pointer, is needed to track the latest complete write.

In nearly empty ring-buffers, it is possible for the reader page to also be the commit and tail pages. While the reader page has been removed from the ring-buffer, its next pointer still leads to the next ring-buffer entry. Once enough writes are done, the commit and tail pointers will simply follow the next pointer as they normally do.

In order to remove the locking for writers, which currently need to use locks to synchronize updates of the head, tail, and commit pointers, Rostedt leverages the cmpxchg() atomic operation available on some architectures. It works as follows: 

    R = cmpxchg(A, C, B) 
        - Assign A = B if A == C
        - Return A at the time of the call, unconditionally
The success of the exchange can be determined by checking whether R is equal to C, if so, the exchange was done.

The algorithm requires that the pointers to the linked-list structures be 4-byte aligned so that it can reserve the bottom 2 bits for flags. The two flags are:

  • HEADER - the pointer is to the current head page

  • UPDATE - the pointer is to a page that is currently being written and either is, or is about to be, the head page
These flags, along with the cmpxchg() operation, are what allow lockless writing to the buffer.

When the reader page has been exhausted, the current head page needs to be detached from the ring-buffer as the new reader page. By using the HEADER flag on the next pointer that points to the head page, writers can keep readers from interfering without taking a lock. When trying to change the next pointer as part of the swapping process, readers use cmpxchg() to require that the HEADER flag be present. Writers can prevent that from happening by setting the flag to UPDATE or clearing the flags entirely. When the reader's cmpxchg() fails, it means that writers have changed the state of the ring, so the reader must look for a new head page and start the process all over.

When writers change to a new tail page, as they fill the buffer, they check the next pointer of the new page for the HEADER flag. If it is present, it is changed to UPDATE. That indicates that the page is volatile, as writers are currently using it, and will cause the cmpxchg() of a reader to fail, should it try to detach the head page. This is an indication that the buffer is close to full, only one page (i.e. the new tail page) remains for storing events.

The ring-buffer can operate in two modes, overwrite (aka "flight recorder") mode, where new events overwrite older events when the buffer fills up, or producer/consumer mode where writing to a full buffer causes the write to fail. In producer/consumer mode, the head page only changes at the behest of a reader, but in overwrite mode, once the tail page reaches the head, the head must be pushed forward one page, which is why the UPDATE flag must be used.

The basic function of the algorithm is relatively straightforward—if a bit head-exploding—but there are number of more complex scenarios to consider. One is the possibility that nested writes cause the buffer to fill, such that the tail page reaches the commit page. There is no choice but to drop writes at that point, but it is possible that the commit page is on the reader page (as shown below). Naïvely pushing the head page forward, past the entry that the reader page points to, would break the ability for the commit page to move from the reader page back into the ring-buffer. So writers must check for this condition and start dropping writes if it is detected. 

	      reader page    commit page
		  |              |
		  v              |
		 +---+           |
		 |   |<----------+
		 |   |
		 |   |------+
		 +---+      |
			    |
			    v
	+---+    +---+    +---+    +---+
    <---|   |--->|   |-H->|   |--->|   |--->
    --->|   |<---|   |<---|   |<---|   |<---
	+---+    +---+    +---+    +---+
		   ^
		   |
	       tail page

Other complex scenarios are possible. Interested readers are directed to Rostedt's design document for more information. It is quite detailed and chock full of ASCII artwork depicting ring-buffer operations. The algorithm itself is the subject of a patent application by Rostedt for Red Hat. If granted, it will be available for free software implementations under Red Hat's patent policy.

Mathieu Desnoyers, developer of the Linux Trace Toolkit Next Generation (LTTng), has been following the ring-buffer submission closely, as LTTng would be one of the tracing solutions expected to use the common ring-buffer. The proposed algorithm is complex, "near that of RCU mechanisms", he said, but unlike RCU (or the LTTng lockless buffer algorithm), no formal proof of the algorithm has been done. He agrees that lockless buffers for tracing are desirable and achievable, but he is concerned that the lack of formal verification of Rostedt's algorithm could lead to an extended period of bug chasing. That complexity has a bit of a silver lining, though, as Desnoyers noted in a review of the design: "The great news to me is that no one can say LTTng's lockless buffering algorithm is complex compared to this. ;)"

Two other concerns he mentioned are performance and fast user-space tracing. Rostedt's algorithm depends on being able to disable preemption, which is not possible for user-space tracing. Desnoyers said that LTTng has more compact events which he believes will allow the LTTng version to be able to handle more events per second than Rostedt's, but no real performance comparisons have, as yet, been done. Desnoyers is hopeful that he will be able to propose an alternative lockless ring-buffer implementation based on the LTTng code sometime soon, but there is the small matter of a Ph.D. dissertation to complete before that can happen.

Rostedt is targeting the 2.6.32 kernel for merging the lockless ring-buffer, it remains to be seen if there will be objections to its inclusion. It may also have to fend off alternatives. Sooner or later, though, some kind of lockless buffering for trace events seems likely to make it into the kernel.

Comments (none posted)

Transcendent memory

By Jonathan Corbet
July 8, 2009
Making the best use of available memory is one of the biggest challenges for any operating system. Throwing virtualization into the mix adds both new challenges (balancing memory use between guests, for example) and opportunities (sharing pages between guests). Developers have responded with technologies like hot-plug memory and KSM, but nobody seems to think that the problem is fully solved. Transcendent memory is a new memory-management technique which, it is hoped, will improve the system's use of scarce RAM, regardless of whether virtualization is being used.

In his linux-kernel introduction, Dan Magenheimer asks:

What if there was a class of memory that is of unknown and dynamically variable size, is addressable only indirectly by the kernel, can be configured either as persistent or as "ephemeral" (meaning it will be around for awhile, but might disappear without warning), and is still fast enough to be synchronously accessible?

Dan (along with a list of other kernel developers) is exploring this concept, which he calls "transcendental memory." In short, transcendental memory can be thought of as a sort of RAM disk with some interesting characteristics: nobody knows how big it is, writes to the disk may not succeed, and, potentially, data written to the disk may vanish before being read back again. At a first blush, it may seem like a relatively useless sort of device, but it is hoped that transcendental memory will be able to improve performance in a few situations.

There is an API specification [PDF] available; there is also a related C API found in the patch itself. This discussion will focus on the latter, which suffers from less EXCESSIVE CAPITAL USE and is generally easier to understand.

Transcendental memory operates on the concept of page pools; once a pool is created, data can be stored to pages within the pool. The calls for creating and destroying pools look like this: 

    u32 pool_id = tmem_new_pool(struct tmem_pool_uuid uuid, u32 flags)
    tmem_destroy_pool(u32 pool_id);

Pools are identified by the uuid value, though the identification really only matters for pools which might be shared among multiple users. A fair amount of information is stored in the flags field, including:

  • An "ephemeral" bit, which controls whether data successfully written to the pool is allowed to disappear at a random future time.

  • A "shared" bit indicating whether the pool is to be shared with other users.

  • The size of pages to use in the pool, expressed as a kernel "order" value.

  • A specification version number, used to ensure that both sides of the conversation know how to understand each other.

While users are expected to specify an expected page size, there is no way to specify the size of the pool as a whole. Determining the proper sizing for a pool (which almost certainly changes over time) is left to the hypervisor or whatever other software component is managing the pool.

As suggested by the above interface, transcendental memory is very much page-based. Beyond that, it also can never be referenced directly; users are required to copy data into and out of the pool explicitly. The functions used for moving data between normal and transcendental memory are: 

    int tmem_put_page(u32 pool_id, u64 object_id, u32 page_id, unsigned long pfn);
    int tmem_get_page(u32 pool_id, u64 object_id, u32 page_id, unsigned long pfn);

For both of these calls, pool_id specifies an existing pool. The object_id and page_id values, together, form a unique identifier for the page within the pool. If the pool is being used to cache file pages, for example, the object_id would identify the file, while page_id would be the offset within the file. pfn (a page frame number) identifies the page which is the source of the data (for tmem_put_page()) or the destination (tmem_get_page()).

Note that either call might fail. Since the size of the pool is not known, callers can never know in advance whether tmem_put_page() will succeed. So any transcendental memory user must have a backup plan ready in case the call fails. For pools marked as "ephemeral," tmem_get_page() is allowed to fail even if tmem_put_page() on the same ID succeeded; in other words, the implementation is allowed to drop pages from ephemeral pools if it decides that the memory can be put to better use elsewhere. It's also worth noting that, with private, ephemeral pools, tmem_get_page() will remove the indicated page from the pool.

As an example of how this feature might be used, consider the Linux page cache, which maintains copies of pages from disk files. When memory gets tight, the page cache will start forgetting pages which are clean, but which have not been referenced in the recent past. With transcendental memory, the page cache could, before dropping the pages, attempt to store them into an ephemeral transcendental memory pool. At some future time, when one of those pages is needed again, the page cache would first attempt to fetch it from the pool. If the tmem_get_page() call succeeds, a disk I/O operation will have been avoided and everybody benefits; otherwise the page is read from disk as usual.

Persistent (non-ephemeral) pools could be used as a sort of swap device. If the swapping code succeeds in writing a page to the pool, it can avoid writing it to the real swap device. The result is saved I/O at both swap-out and swap-in times. If the pool lacks space for the swapped page, it will be written to the real swap device in the usual way.

Meanwhile, the transcendental memory implementation can try to optimize its management of the memory pools. Guests which are more active (or which have been given a higher priority) might be allowed to allocate more pages from the pools. Duplicate pages can be coalesced; KSM-like techniques could be used, but the use of object IDs could make it easier to detect duplicates in a number of situations. And so on.

The API specifies a number of other operations. There are a couple of calls to flush pages from the pool; one of them can remove all pages with a given object ID. Sub-page-size reads and writes are supported; there is also a tmem_xchg() call to atomically exchange data within a transcendental memory page. See the API specification for the full list.

A number of concerns were raised in the subsequent discussion; as a result, the above API is likely to change a bit. The biggest concern, though, appears to be security. The potential for hostile code to tap into shared pools and read out pages has developers worried; the need to guess a 128-bit UUID first has proved not to be sufficiently reassuring. Even with legitimate users only, a shared pool has the potential to contain data which should not, in reality, be shared between guests. As a result, any transcendental memory user will have to be written to take high-level security issues into account in low-level code.

Dan seemingly doesn't see the security problems as being as worrisome as others do. Even so, he eventually announced that the next transcendental memory patch would not include support for shared pools, and, indeed, version 2 lacks that feature. That feature will probably not come back until the security issues have been thought through and the concerns have been addressed.

Beyond that, transcendental memory will need some convincing evidence that it improves performance before it can make it into the mainline. The potential for improvements is clearly there; it is essentially a way for the system to take higher-level information into account when managing its virtual memory resources. If transcendental memory is able to fulfill that potential in a secure way, there may well be a place for it in the mainline kernel.

Comments (21 posted)

Patches and updates

Kernel trees

Linus Torvalds Linux 2.6.31-rc2 ?
Greg KH Linux 2.6.30.1 ?
Greg KH Linux 2.6.29.6 ?
Greg KH Linux 2.6.27.26 ?

Architecture-specific

Masami Hiramatsu kprobes: Kprobes jump optimization support ?
Joerg Roedel KVM support for 1GB pages ?

Development tools

Mathieu Desnoyers LTTng 0.142 for kernel 2.6.30 ?
Xiao Guangrong ftrace: add tracepoint for timer event ?
Jason Baron perf_counter: add tracepoint support ?
Thomas Renninger cpufreq-bench ?
Tim Bird ftrace: Add duration filtering to function graph tracer ?

Device drivers

Ralf Baechle Add support for Broadcom BCM63xx SoCs ?
Chris Verges adxl345 accelerometer hwmon driver ?
Alan Cox vt: add an event interface ?
Alek Du [PATCH v2] gpio: add Intel Moorestown Platform Langwell chip gpio driver ?
Jonathan Cameron IIO V4. Industrial I/O Subsystem ?
Rafael J. Wysocki PM: Introduce core framework for run-time PM of I/O devices (rev. 8) ?
Len Brown SFI - Simple Firmware Interface support ?
Vladislav Bolkhovitin : SCST Target driver support for Emulex lpfc FC/FCoE adapters ?

Filesystems and block I/O

Vivek Goyal IO scheduler based IO controller V6 ?
Philipp Reisner drbd: a block device for HA clusters ?
Nick Piggin fs: new truncate sequence ?

Memory management

David Rientjes slub: add option to disable higher order debugging slabs ?
KAMEZAWA Hiroyuki ZERO PAGE again v2 ?
Dan Magenheimer (Take 2): transcendent memory ("tmem") for Linux ?

Networking

Dan Smith Add Checkpoint/Restart support for UNIX and INET sockets ?

Security-related

Siarhei Liakh RO/NX protection for loadable kernel modules ?

Virtualization and containers

Paul Menage [RFC] CGroup Hierarchy Extensions ?
Gregory Haskins iosignalfd ?
Johannes Berg network namespaces for generic netlink ?

Benchmarks and bugs

Rafael J. Wysocki 2.6.31-rc2: Reported regressions from 2.6.30 ?
Rafael J. Wysocki 2.6.31-rc2: Reported regressions 2.6.29 -> 2.6.30 ?

Miscellaneous

Karel Zak util-linux-ng v2.16-rc2 ?
Kay Sievers udev 144 release ?
Mikhail Yakshin [ANNOUNCE] Einarc - universal RAID management/monitoring tool - v1.4rc ?

Page editor: Jonathan Corbet

Distributions

News and Editorials

Tiny Core Linux 2.1: Less is more

July 8, 2009

This article was contributed by Koen Vervloesem

While most Linux distributions have been growing in the last years to the size of a DVD, others go in the other direction and try to minimize their footprint. Most Linux users will know Puppy Linux and Damn Small Linux, but one of the more recent and even more minimalist projects is Tiny Core Linux, the brainchild of Robert Shingledecker who used to work on Damn Small Linux.

Tiny Core Linux is a Linux distribution that aims to be a minimal but usable desktop operating system. The minimal system requirements are a 486DX processor and 48 MB RAM. Your author downloaded Tiny Core 2.1, which comes in a 11 MB iso file. Users can burn it on CD or install it to a USB pen drive. Unsurprisingly, the distribution boots very fast and shows a minimal desktop with a one-color background. There's no simple installer to write Tiny Core to the hard drive, but there is a step-by-step installation guide on how to partition a hard drive, copy Tiny Core and install the GRUB boot loader.

Under the hood we see the Linux 2.6.29 kernel, Busybox, Tiny X, FLTK, and the not so flashy but useful JWM window manager. By clicking on the desktop the user gets a menu with access to the minimal set of applications. The wbar panel at the bottom gives access to the Aterm terminal, Tiny Core's control panel application "cpanel" with access to some system tools and the "appbrowser" for installing applications.

tiny core appbrowser

From less to more

Tiny Core's philosophy seems to be: start small and add programs only as needed. This means that the user doesn't get bothered with a bloated set of applications that are rarely used and has complete control over which applications or drivers (e.g. for an Atheros wireless card) are installed. Tiny Core is contained in a compressed cpio archive populating the initial ramdisk upon booting of the Linux kernel and runs entirely in RAM. Additional applications can reside in RAM or be installed into a storage drive.

Tiny Core essentially has four "modes of operation", one volatile and three persistent ones:

  • Cloud/Internet: This is the default mode, where Tiny Core boots entirely into RAM. If the computer has a working internet connection, the user can explore the application extension repository and install extensions at will. Of course, the downloaded applications are not persistent, as they are installed into RAM.
  • PPR/TCE: In this mode, Tiny Core uses a writable persistent storage partition, which can be specified with the boot option tce=hdXY. The storage partition becomes a "Persistent Personal Repository" (PPR) for so-called TCE extensions. When the user installs extensions, they will be saved on the storage partition into the directory tce. When Tiny Core boots, all TCE extensions on the partition will automatically be loaded into RAM. A disadvantage is that adding many TCEs may quickly exhaust system memory.
  • PPR/TCZ: In this mode, Tiny Core also uses a Persistent Personal Repository on a storage partition, but it uses the TCZ extension type, which is more RAM-friendly.
  • PPI/TCE: In this fourth mode of operation, extensions are installed into a Linux partition or a loopback file, which can be specified with the boot option local=hdXY. The developers call this mode "Persistent Personal Installation". It boots faster than the other modes, because no loading or mounting occurs during boot. Moreover, it has the same RAM savings as the PPR/TCZ mode.

Compressed applications

As mentioned above, applications can be installed in Tiny Core in two ways: as a TCE extension or as a TCZ extension. A TCE extension is basically a tar.gz archive with optional menu and/or icon, which gets loaded from the partition into RAM completely. In contrast, a TCZ extension consists of a cramfs or ziofs compressed mountable image of an application directory, that becomes mounted in /tmp/tcloop and symlinked into the root filesystem. For example, after installing alpine the alpine.tcz image is mounted in /tmp/tcloop/alpine and /usr/local/bin/alpine is a symlink to /tmp/tcloop/alpine/usr/local/bin/alpine. Therefore, a TCZ extension only uses RAM when the application is running. The user can mix and match both extension types, but some extensions are not available as a TCZ type.

Installing packages can be done by clicking the Apps icons and choosing TCE or TCZ in the "Connect" menu item. This "appbrowser" program is a (too) basic package manager with dependency resolution. When the user has installed an application it gets an icon in the Apps menu on the desktop and maybe in the wbar panel. Tiny Core Linux has hundreds of applications, including Abiword, Audacious, Filezilla, Firefox, gFTP, Gimp, Java, MPlayer, Opera and X-Chat, and it is rather up-to-date as the inclusion of Firefox 3.5 shows.

tiny core firefox

Just like Tiny Core has an option to make the downloaded applications persistent, there's also a boot option for a persistent home directory: home=hdXY. This will mount /dev/hdXY/tchome to /home/tc. Tiny Core also offers an encrypted home directory: the user first chooses "Make Crypto Home" from the Tools menu to create an encrypted loopback file with a chosen password. Once this is created, the boot option cryptohome=hdXY will make Tiny Core prompt for the password during boot.

For the adventurous users

On the project's wiki there's a guide for creating extensions and guidelines for extension submission. Even more, adventurous users can remaster Tiny Core and make their own distribution. This is easy as it comes down to copying the iso's contents and adding or removing files or integrating extensions. Then the directory is packed into an iso image. There's even documentation about using a custom kernel, for example if you need real-time performance. For the even more adventurous ones, there is Micro Core Linux, which is Tiny Core Linux without an X environment. The 7 MB iso file boots into a BusyBox prompt and extra applications can be downloaded and installed with the tce-wget command.

Probably the best use case for Tiny Core Linux is a sort of portable environment that the user carries in his pocket on a USB pen drive. Tiny Core Linux isn't really beautiful or fancy, but it does what it has to do and has a fair amount of well-known software packages. That said, it still looks a bit too rough. One illustration of this is that there's no wireless support out-of-the-box, although the user can solve this problem simply by installing the wireless and wireless_tools extensions via a fixed network. Another problem is the package manager, which could use some work. Hopefully we'll soon see some spin-off distributions coming out of the Tiny Core community. At least one has been started already: NetbootCD, which allows the user to download and run several Linux netboot installers.

Comments (7 posted)

New Releases

Slackware 13.0 RC1

The first release candidate for Slackware 13.0 was announced in the slackware-current changelog. "Hi folks -- the TODO isn't entirely empty here, but it's pretty much down to minor nits, and so we're going to call this release candidate #1 and (mostly) freeze further updates unless they happen to fix problems. Regarding the kernel, 2.6.29.x has been well tested with this userspace and seems like the best choice to ship for production use." Note that the box hosting slackware.com has had some trouble recently. Click below for the relevant snippet of the changelog.

Full Story (comments: none)

PC-BSD 7.1.1 Released

The PC-BSD Team has announced the release of v7.1.1. "Version 7.1.1 contains a number of bugfixes and improvements from PC-BSD 7.1, including KDE 4.2.4, improvements to printing support, Xorg Server 1.6.1, and much more." See the release notes for more information.

Comments (none posted)

FreeBSD 8.0-BETA1 Available

The first public test build of the FreeBSD 8.0-RELEASE test cycle is now available. "People with the resources to do so (test machines...) are encouraged to give 8.0-BETA1 a try. At this point it is not quite ready for production systems but mostly because there is still some ongoing work in a few areas that may cause some changes in things like ABI/API. Debugging support (WITNESS, malloc debugging, etc.) are also still turned on and those tend to cause a performance hit. As far as we know there are no known issues that would cause data corruption or anything like that, just the issues with performance and potential for changes caused by ongoing work. If you find problems they can be reported through the normal Gnats based PR system or posted to the mailing lists."

Comments (none posted)

Distribution News

Fedora

Pushing ahead (Grand Fallacy)

Paul Frields notes in his weblog that Fedora 12 will have a shorter schedule. "We had so many features in the Fedora 11 release, some of them particularly extensive and complex, that we drove a slightly longer release cycle. To make up for that longer cycle, the Fedora 12 cycle is somewhat shorter. That truncation returns us to release dates close to the May Day/Halloween calendar we originally set up back around the Fedora 7 time frame."

Comments (11 posted)

Fedora Classroom helpers needed

The Fedora Classroom project is looking for helpers. Fedora Classroom provides IRC sessions on a variety of Fedora topics. The following positions are open: Instructor, Instructor Recruiters, Advertising/Marketing, Emcee and Wiki tender. Click below for details.

Full Story (comments: none)

Gentoo Linux

Gentoo Council Elections Results for term 2009/2010

The Gentoo Council election results are available. The winners are Ned Ludd (solar), Petteri Räty (betelgeuse), Denis Dupeyron (calchan), Tobias Scherbaum (dertobi123), Ulrich Müller (ulm), Mart Raudsepp (leio), and Luca Barbato (lu_zero). Click below for details.

Full Story (comments: none)

SUSE Linux and openSUSE

openSUSE Board Meeting Minutes, June 3 2009

The minutes of the June 3, 2009 meeting of the openSUSE board are available. Topics include Ambassador program, Foundation, Membership requests, open openSUSE Factory for contribution, openSUSE Board presence at the openSUSE conference, read and write access to news.openSUSE.org?, and Stephen Shaw replaces Federico Mena Quintero.

Comments (none posted)

verify the root filesystem of an openSUSE installation

The first beta version of a brand new security tool: 'checkroot' is available. checkroot is a tool to retrieve fingerprint/gpg-pubkey updates online and therefore allows a trusted verification of your root file system roughly based on rpm --verify.

Full Story (comments: none)

Ubuntu family

Ubuntu 6.06 LTS Desktop Edition reaches end-of-life

Ubuntu 6.06 LTS Desktop Edition will reach its end-of-life on July 14, 2009. The Server Edition will be maintained until June 2011. "Ubuntu announced the release of 6.06 over three years ago, on June 1, 2006. At that time, Ubuntu committed to its first long-term support (LTS) cycle, with security and critical fixes for three years on the desktop and five years on the server. The desktop support period is now at its end, and Ubuntu 6.06 LTS Desktop will reach end of life on Tuesday, July 14, 2009. At that time, Ubuntu Security Notices will no longer include information or updated packages for the Ubuntu 6.06 LTS Desktop." The supported upgrade path from Ubuntu 6.06 LTS is via Ubuntu 8.04 LTS.

Full Story (comments: none)

Minutes from the Technical Board meeting, 2009-06-30

The minutes from the Ubuntu Technical Board meeting of June 30, 2009 are available. "The Technical Board is discussing the creation of a new governing body, the Developer Applications Board, to process new developer applications, separating this function from the Technical Board itself" and other topics.

Full Story (comments: none)

Next karmic gdm upgrade WILL BREAK your system

This is old news by now, but in case you've been bitten by this bug and haven't recovered yet, click below for some helpful information. gdm 2.26.1-0ubuntu3 or later fixes the major bugs.

Full Story (comments: none)

New Distributions

The Google Chrome OS

The Google Blog has the announcement for Google's upcoming new operating system, "Google Chrome OS". It's Linux-based, but, like Android, it appears that much of the software above the kernel will differ from a typical Linux distribution. "Speed, simplicity and security are the key aspects of Google Chrome OS. We're designing the OS to be fast and lightweight, to start up and get you onto the web in a few seconds. The user interface is minimal to stay out of your way, and most of the user experience takes place on the web. And as we did for the Google Chrome browser, we are going back to the basics and completely redesigning the underlying security architecture of the OS so that users don't have to deal with viruses, malware and security updates. It should just work."

Comments (50 posted)

Distribution Newsletters

Arch Linux Newsletter June 2009

The June 2009 issue of the Arch Linux Newsletter is out. "Lately we have witnessed an increase in the popularity of Arch Linux. For one reason or another we seem to have drawn the media spotlight, even glorified in one article as the best Linux distribution for administrators. Finally, we take a look at a controversial situation that we the developers have been discussing for some time now. We have decided to share the situation with you, the community, so that all can voice their opinion on the forums through the newsletter discussion thread."

Comments (none posted)

Arch Linux Newsletter July 2009

The Arch Linux Newsletter for July 2009 is out. "This issue contains an interview with Andrea Scarpino, the KDE maintainer for the i686 architecture. Also, we are bringing all our kernel enthusiasts a tips and tricks section that should be of special interest. Finally, even though we went without a mention in the media this month, we provide an analysis as to why Arch Linux has been so prevalent in media coverage the last few months. And so, without further ado, the Newsletter Team proudly presents the July 2009 issue of the Arch Linux Newsletter. Please, enjoy!"

Comments (none posted)

DistroWatch Weekly, Issue 310

The DistroWatch Weekly for July 6, 2009 is out. "The hottest debate in the Linux community right now is over whether or not Mono, Novell's implementation of .NET, should be included by default in Linux distributions. This week we look at decisions by Debian and Ubuntu, and the reactions by notable members of the FOSS community. In other news, Fedora announces their "Fit and Finish" product and Ksplice announces Uptrack for Ubuntu Jaunty Jackalope (9.04). Our feature this week is a review of CDLinux 0.9.2 Community Edition, a unique multilingual mini distribution from China. Finally, five new distributions are added to the DistroWatch waiting list. Have a great Monday and the rest of the week!"

Comments (none posted)

Fedora Weekly News 183

The Fedora Weekly News for July 5, 2009 is out. "Here are a few highlights from this week's issue. This week is a lighter issue as many of our writers are enjoying some vacation. In announcements, news that Josh Boyer has been appointed to the final Fedora Board seat. From the Fedora Planet, photo collections from the recent FUDCon Berlin, installing Fedora alongside Vista, and much more. In Quality Assurance news, details on the upcoming Fit and Finish project focusing on display configuration, more details on the AutoQA activities with rawhide, bugzappers weekly log, and more. In Design news, a new ticketed request system for Ambassadors' request to the design team, and details on a new custom blog aggregator, to create a .planet file just for the Art team. This week's issue completes with security advisory roundup for Fedora 9, 10, and 11. Enjoy this week's issue!"

Full Story (comments: none)

Ubuntu Weekly Newsletter #149

The Ubuntu Weekly Newsletter for July 4, 2009 is out. "In this issue we cover: Canonical Delves Deeper into the Cloud - Launches Ubuntu Enterprise Cloud Services, Kubuntu Tutorials Day Spreads the Knowledge, Ubuntu Forums tutorial of the week, Login to Ubuntu Forums with Launchpad Open ID, Canonical Party Welcomes Gran Canaria Desktop Summit, Ohio Linuxfest Call for Presentations, Powerpets, Inc. Head Offices switch to Ubuntu, Full Circle Magazine: Issue #26, Vodcast: Dell's Ubuntu Linux Strategy, Team Meeting Reports, and much, much more!"

Full Story (comments: none)

Page editor: Rebecca Sobol

Development

Sugar on a Stick Brings Sugar to a Wider Audience

July 8, 2009

This article was contributed by Bruce Byfield

Last year, development of the Sugar interface moved away from the control of One Laptop per Child to be overseen by the independent Sugar Labs. Since then, Sugar Labs has focused on encouraging greater use of Sugar in elementary school education. The latest step towards this goal is Sugar on a Stick (SoaS), a USB drive installation of Fedora 11 that uses Sugar as an interface. Besides giving students a consistent work environment that they can use on any computer, SoaS is also a way to introduce Sugar's applications to both educators and anyone else who is interested.

Installing SoaS requires both the .ISO image and the installation script. Download locations for the image are listed on the SoaS introductory page, and a link for the script is provided on the page for installation under GNU/Linux.

The basic instructions include steps for installing in a virtual machine, specialized instructions for openSUSE, and general ones for Fedora and Ubuntu that should work on most other distributions as well. However, when you run the installation script, remember to adjust the size of the /home directory to your USB drive, and to add the option for an encrypted drive if you want one.

The script has the annoying habit of running past some errors and incorrectly reporting a successful installation. Otherwise, the installation process should not prove difficult for a moderately experienced GNU/Linux user, or for anyone willing to take the time to follow instructions. However, they do assume some minimal knowledge of GNU/Linux. This assumption seems at odds with the idea of using SoaS to introduce Sugar to more people, and makes me wonder why the project didn't make more effort to get the install working with liveusb-creator, the cross-platform wizard that is used in the Windows instructions. A friendlier install — preferably, a graphical one — might encourage more people to copy and distribute SoaS.

Fructose and Honey

SoaS includes thirty-two activities, as Sugar calls its applications. The word choice emphasizes the collaborative learning activities for which the applications are designed. The usage is not merely semantics, because closing an activity opens the Journal, a log that can be used to record information or reflections. To the casual observer, the Journal may seem a nuisance, the equivalent of endless confirmation notices, but, in an educational context, the Journal becomes a constant reminder that the purpose of Sugar is to encourage learning through both discovery and reflection.

The activities included consist of twelve activities designed by Sugar Labs developers as demonstrations, and twenty by outside developers. The demonstration activities — or Fructose, in the Sugar taxonomy — consist mainly of core utilities, such as Calculate, Image Viewer, and Terminal or common applications like Browse, Chat, and Write. In fact, some of the Fructose applications like Write are so basic to Sugar that they do not have separate web pages and might be better designated as part of Glucose, Sugar's core utilities.

Most of the Fructose activities are stripped down versions of applications for mature users. For example, Write, which is based on AbiWord, offers basic text formatting, with only token attention to character formatting styles. No headers or footers, page numbering, or any of a dozen other standard word processing features are available, although, if you look carefully, Write is more versatile than its first impression suggests — for instance, you can use tables to divide a page into columns.

[Sugar Browser]

Browse, which is based on the Mozilla engine, is equally basic. In Browse, the web is reduced to a Google search field, with links in the upper right corner to Sugar Labs pages and any pages set up by the user's school. To further simplify, the input field displays web page titles by default rather than URLs. Other features, such as configuration and privacy options or extensions, are absent altogether. But if you can accept the limitations, the result is a fast browser that emphasizes the web as a reference source and that encourages children to stay within safe parts of the web (without actually confining them).

Some of the most interesting Fructose activities are those associated with programming. Pippy, for example, allows users to run and modify Python scripts. [Sugar Pippy] A more advanced approach to programming is provided by Turtle Art, which teaches programming with graphical elements. Older students, by contrast, might prefer to go directly to Terminal to work, or to Etoys, which teaches programming in the context of producing multi-media content.

In contrast to the Fructose, the Honey activities written by outside developers are more varied. On the whole, they seem designed for users a few years older than the Fructose ones. They include a number of games, such as FreeCell and Jigsaw Puzzle.

Other Honey activities can be described as a combination of leisure and learning. For example, CartoonBuilder and StoryBuilder, while essentially fun activities, can also encourage a development of a sense of narrative structure. Similarly, while Physics might be seen as the computer equivalent of building blocks or Lego, the fact that objects obey physical laws also make it an indirect teaching tool.

One or two Honey activities are even advanced enough to satisfy adults. The mind-mapping activity Labyrinth compares favorably with similar tools you can find in most distribution's repositories, while Poll stands up well against the polling modules that are found in content management systems.

The thirty-two activities that come with SoaS offer a well-rounded sample of what Sugar can provide, to say nothing of all the basic tools that children are likely to need on their computers. With Sugar connected to the rest of the operating system largely through the Terminal, the selection of activities is so thorough that it no longer seems like just a user interface, but something that very nearly approaches an independent operating system.

The main shortcoming of Sugar's selection of activities is that, while you can easily see a progression in the sophistication of some activities, particularly the ones for programming, you are left on your own to discover such connections. Perhaps that discovery is part of the intended learning process, but, considering that SoaS is partly intended as a demo, a teaching guide might help to show how such activities build on each other. Otherwise, explorations of SoaS might lead to very different evaluations of its possibilities, depending on the users' thoroughness and starting points.

Interface challenges

Although Sugar is now available in major distributions and is known to some through One Laptop per Child, SoaS also serves as a showcase for the Sugar interface.

[Sugar Favorites]

For those who have not seen Sugar, it is a radically simplified interface compared to popular desktops like GNOME, KDE, or Xfce. Its default Favorites view shows an icon representing the current user in the middle of a ring of favorite applications. Beneath the user icon is an icon for any still-running application, or else for the user's Journal. Alternatively, you have the List view, a menu that gives a complete list of installed activities with the most recently accessed activity at the top. You can move between activities and these interfaces using either the icons in the top panel, or the first four function keys.

Embedded in the Sugar interface is a strong emphasis on collaboration. Press the F1 key, and you can see the Neighborhood, a map of other online Sugar users. Similarly, most Activities are designed for collaboration, and have an option for you to share what you are working on as you exit.

Within the activities themselves, interfaces vary. Generally, basic utilities like Chat or Terminal are clearly named, and many activities include detailed mouse-over help. In some activities, the help is even a permanent part of the interface, showing you where you might start. This design choice might seem as crude as a web page telling you to "click here," but it is effective in keeping users of any age oriented.

The one place where ease of navigation breaks down is the method for closing activities. To do so, you must go to the Activity tab, and then click an icon in the upper right corner. A recent article reported that how to close activities was the major problem that children faced when using SoaS for the first time, and I admit that I suffered the same confusion at first. If you know about the function keys, you might at least be able to jump to the Favorites or List view to run another activity, but even that escape is easy to miss unless you discover it through trial and error.

Another concern is that everything is in full-screen mode, so that you can only view one activity at a time. Activities can still be running when not visible, but you can easily forget them, especially if you are in List view, where they are not shown.

These shortcoming aside, Sugar is an interface that is likely to intrigue anyone with an interest in usability. Whether you call them learning platforms, desktops, or window manager, very few other interfaces manage to do so much with so little while being so user-friendly.

Sugar and the free desktop

From a casual perspective, SoaS might seem to be just another .ISO image on a USB drive. However, as Walter Bender, the founder of Sugar Labs, emphasizes, the release of SoaS is a reminder that Sugar is not a typical free software project.

"We're not just doing this to do it," he says, referring to the tendency for free software to be its own end to many developers. "We're doing it so that the kids can use it. And that means thinking about how the software is going to be positioned in a learning setting."

In other words, SoaS is part of Sugar Labs' long-term strategy — a strategy that has already proved more successful than many of us realize. When I booted SoaS in a medium-sized city, school was not in session. Yet, even so, by pressing F1, I saw over two dozen other users of Sugar connected to my service provider. Sugar, it seems, has made inroads everywhere, and this process has happened, on the whole, without the rest of the free software world noticing.

Sugar is already influencing both education and other projects involved in the free desktop. By making Sugar more accessible to the curious, SoaS is a major step towards increasing that influence.

Comments (2 posted)

System Applications

Database Software

PostgreSQL Weekly News

The July 5, 2009 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

PyODB 0.8 released

Version 0.8 of PyODB has been announced. "I would like to announce release 0.8 of PyODB. This adds a feature request to allow connections directly to the ODBC database driver using connection strings. PyODB is a Python module and provides a simplified set of bindings to unixODBC allowing fast and easy development of open database applications."

Full Story (comments: none)

SQLite 3.6.16 released

Version 3.6.16 of the SQLite DBMS has been announced, it includes several bug fixes.

Comments (none posted)

Interoperability

Samba 3.4.0 is available

Version 3.4.0 of Samba has been announced. "This is the first stable release of Samba 3.4.0."

Comments (none posted)

Mail Software

Apache SpamAssassin 3.3.0-alpha1 is available

Version 3.3.0-alpha1 of Apache SpamAssassin has been announced. "Changes to the core code: [TODO: write changes list before 3.3.0 release ;)]"

Full Story (comments: none)

Printing

CUPS 1.3.11 released

Version 1.3.11 of CUPS, the Common Unix Printing System, has been announced. "The new release fixes some scheduler and web interface issues and improves PDF printing."

Comments (none posted)

Desktop Applications

Audio Applications

Audacious 2.1.0 (stable) released

Stable version 2.1.0 of the Audacious music player has been released. "Audacious is an advanced audio player. It is free, lightweight, based on GTK2, runs on Linux and many other *nix platforms and is focused on audio quality and supporting a wide range of audio codecs. Its advanced audio playback engine is considerably more powerful than GStreamer. Audacious is a fork of Beep Media Player (BMP), which itself forked from XMMS."

Comments (none posted)

CELT codec 0.6.0 released

Version 0.6.0 of the CELT codec has been released. "This release brings in many quality improvements, including better stereo coupling, better handling of transients, and better handling of highly tonal signals. In addition, packet loss robustness has been improved through the optional use of independent (intra) frames. CELT now supports a larger dynamic range, suitable for encoding 24-bit audio (float version only). There is also a very early VBR implementation."

Full Story (comments: 2)

Data Visualization

python-graph 1.6.1 released

Version 1.6.1 of python-graph has been announced. "The 1.6.x series is our refactoring series. Along the next releases, we'll change the API so we can better prepare the codebase to new features. If you want a softer, directed transition, upgrade your code to every release in the 1.6.x series. On the other hand, if you'd rather fix everything at once, you can wait for 1.7.0."

Full Story (comments: none)

SUMMON 1.8.8 released

Version 1.8.8 of SUMMON has been announced. "SUMMON is a python extension module that provides rapid prototyping of 2D visualizations. By heavily relying on the python scripting language, SUMMON allows the user to rapidly prototype a custom visualization for their data, without the overhead of a designing a graphical user interface or recompiling native code. By simplifying the task of designing a visualization, users can spend more time on understanding their data."

Full Story (comments: none)

Desktop Environments

GNOME 2.26.3 released

Version 2.26.3 of the GNOME desktop environment has been announced. "This is the last update to GNOME 2.26. It contains many fixes for important bugs that directly affect our users, documentation updates and also a large number of updated translations. Many thanks to all the contributors who worked hard on delivering those changes in time. We hope it will help people feel better in their daily use of computers! Meanwhile, the GNOME community is actively working on the unstable branch of GNOME that will become GNOME 2.28 in September 2009."

Full Story (comments: none)

GNOME Journal Issue 15

The July, 2009 edition of the GNOME Journal has been published. Contents include: "a review of Project Hamster by Les Harris, an interview on working with upstream with Laszlo Peter by Stormy Peters, using git for GNOME translators by Og Maciel, an introduction to GNOME Zeitgeist by Natan Yellin, a look at some of GNOME Do's advanced features by Jorge Castro, and lastly, the Behind the Scenes feature continues with Owen Taylor by Paul Cutler."

Full Story (comments: none)

GNOME Software Announcements

The following new GNOME software has been announced this week: You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week: You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

Xorg Software Announcements

The following new Xorg software has been announced this week: More information can be found on the X.Org Foundation wiki.

Comments (none posted)

Desktop Publishing

Scribus 1.3.5 release candidate 3 announced

Release candidate 3 of the Scribus desktop publishing system has been announced. "This release adds the following over the previous release candidate: * Fixes to the story editor * Some PDF/CJK export fixes * Scripter and Image Frame fixes * Import/export plugins for text and image frames updated".

Comments (none posted)

Electronics

GNU Radio release 3.2.1 is available

Version 3.2.1 of GNU Radio, a software-defined radio system, has been announced. "This release contains several import bug fixes and feature additions. In particular, the GNU Radio Companion application ("grc") has added a number of new capabilities that improve usability."

Full Story (comments: none)

Encryption Software

New version of Python module which wraps GnuPG released

A new version of the Python gnupg module has been announced. "The gnupg module allows Python programs to make use of the functionality provided by the Gnu Privacy Guard (abbreviated GPG or GnuPG). Using this module, Python programs can encrypt and decrypt data, digitally sign documents and verify digital signatures, manage (generate, list and delete) encryption keys, using proven Public Key Infrastructure (PKI) encryption technology based on OpenPGP. This module is expected to be used with Python versions >= 2.4, as it makes use of the subprocess module which appeared in that version of Python."

Full Story (comments: none)

Instant Messaging

GOZERBOT 0.9.1 BETA2 released

Version 0.9.1 BETA2 of GOZERBOT, a channel bot that aids with conversation in irc channels and jabber conference rooms, has been announced. "This is all in preparation for the 0.9.1 release and the latest GOZERBOT beta has been released as well. Please try this version and let me know how goes."

Full Story (comments: none)

Interoperability

Wine 1.1.25 announced

Version 1.1.25 of Wine has been announced. Changes include: "A ton of translation updates. Support for various Unicode file encodings in Notepad. Improved memory management, especially for OpenGL. Desktop menus now cleaned up automatically. Beginnings of a windowscodecs DLL implementation. Various bug fixes."

Comments (none posted)

Mail Clients

Claws Mail 3.7.2 unleashed

Version 3.7.2 of Claws Mail has been announced, it includes a number of new capabilities and bug fixes. "Claws Mail is a GTK+ based, user-friendly, lightweight, and fast email client."

Full Story (comments: none)

Claws Mail Extra Plugins 3.7.2 unleashed

Version 3.7.2 of Claws Mail Extra Plugins has been announced. "The claws-mail-extra-plugins-3.7.2 package contains 18 plugins, including 2 new plugins: bsfilter and fancy!"

Full Story (comments: none)

Multimedia

Moovida Media Center 1.0.4 released

Version1.0.4 of Moovida Media Center has been announced. "Moovida, formerly known as Elisa, is a cross-platform and open-source Media Center written in Python. It uses GStreamer for media playback and pigment to create an appealing and intuitive user interface. This release is a lightweight release, meaning it is pushed through our automatic plugin update system. Additionally a windows installer is available for download on our website. As usual, for users already running Moovida, the upgrade to 1.0.4 should be done automatically via the plugin repository. The most visible feature of this new release is support for Windows 7."

Full Story (comments: none)

Office Suites

OpenOffice.org Newsletter

The June, 2009 edition of the OpenOffice.org Newsletter is out with the latest OO.o office suite articles and events.

Full Story (comments: none)

Video Applications

VLC 1.0.0 released

The 1.0.0 release of the VLC media player has been announced. Recently-added features include live recording, a bunch of new codecs, frame-by-frame support, and more; see the feature list for an impressive summary.

Comments (none posted)

Miscellaneous

'twander' Cross-Platform File Manager version 3.231 released

Version 3.231 of twander, a macro-programmable Filesystem Browser, has been announced. "The last public release was 3.224. This release fixes a number of bugs and adds a variety of useful new features."

Full Story (comments: none)

Languages and Tools

C

Milepost GCC released

IBM has announced the release of Milepost GCC, an extension to the GCC compiler which uses machine learning techniques to improve application performance on embedded processors. "'Our technology automatically learns how to get the best performance from the hardware -- whether mobile phones, desktops, or entire systems -- the software will run faster and use less energy,' noted Dr. Bilha Mendelson, Manager of Code Optimization Technologies at IBM Research - Haifa. 'We opened the compiler environment so it can access artificial intelligence and machine learning guidance to automatically determine exactly what specific optimizations should be used and when to apply them to ramp-up performance.'" The code can be downloaded from the Milepost site.

Comments (3 posted)

C#

de Icaza: From Microsoft: C# and CLI under the Community Promise

Miguel de Icaza reports on Microsoft applying its "Community Promise" to C# and the Common Language Infrastructure (CLI). This means that Microsoft will not assert its patents against the Ecma and ISO standard portions of Mono (and other implementations of those standards). "Astute readers will point out that Mono contains much more than the ECMA standards, and they will be correct. [...] In the next few months we will be working towards splitting the jumbo Mono source code that includes ECMA + A lot more into two separate source code distributions. One will be ECMA, the other will contain our implementation of ASP.NET, ADO.NET, Winforms and others."

Comments (47 posted)

Caml

Caml Weekly News

The July 7, 2009 edition of the Caml Weekly News is out with new articles about the Caml language.

Full Story (comments: none)

HTML

Ogg codecs dropped from HTML5

In a posting to the whatwg discussion list, Ian Hickson describes the sad situation regarding codecs for the HTML5 spec: "After an inordinate amount of discussions, both in public and privately, on the situation regarding codecs for <video> and <audio> in HTML5, I have reluctantly come to the conclusion that there is no suitable codec that all vendors are willing to implement and ship." As a result, no codecs at all will be specified, ending (for now) an opportunity to push the web toward free formats.

Full Story (comments: 75)

Python

Python-URL! - weekly Python news and links

The July 6, 2009 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Tcl/Tk

Tcl-URL! - weekly Tcl news and links

The July 6, 2009 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Version Control

Mercurial 1.3 released

Version 1.3 of the Mercurial source control management system has been announced. "This is a feature release with numerous improvements including experimental support for working with subrepositories."

Full Story (comments: none)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

Tiemann: Open Source Incentives

Michael Tiemann reports on his recent trip to Brazil for FISL 10. He notes that free software adoption is growing rapidly within the Brazilian government. He also describes an effort by the Malaysian government to reward use of free software, rather than the development of it, because that rewarding development can lead to multiple, competing solutions that don't necessarily solve the users' problems. In addition, he also noted a barrier to free software adoption: "On the alarm front, I heard specific confirmation of a storyline I've been following, which is that the Bill and Melinda Gates Foundation is basically telling governments: if you want contributions/investments from us, then you'll give Microsoft cabinet-level access to inform policy, and you'll use Microsoft products. For example, donations to educational initiatives require installing and teaching Microsoft products."

Comments (15 posted)

Trade Shows and Conferences

Gran Canaria Desktop Summit Opens (KDE.News)

KDE.News has a report on the first day of the Gran Canaria Desktop Summit. This is the first time that GNOME and KDE have combined forces for their yearly conferences (GUADEC and Akademy). The conference started on Saturday, July 4, with a number of keynotes, and runs through July 11. "After a break, one more keynote was held by Quim Gil from the Maemo community. He made a very surprising announcement. Showing an architecture diagram with the current stack for Maemo with Qt in the community supported area. Then a button was pushed, and Qt moved to the foundation stack and the old toolkit moved into the community support area. In a later interview, Quim Gil and Aron Kozak from Nokia expanded on the plans. The upcoming release of Maemo, Maemo 5, will be based on GTK. It is currently being stabilised and finished. The following release, codenamed Harmatan, will be build around Qt."

Comments (6 posted)

Day 2 at Gran Canaria Desktop Summit (KDEDot)

KDE.News reports from the Gran Canaria Desktop Summit. "The Desktop Summit is continuing with talks in the Cross Desktop tracks and the start of the Akademy tracks. Between the talks developers can be spotted huddled in groups discussing everything from problems with their code to building community. The tracks covered metadata, community, infrastructure and multimedia. Read on for some of the talks."

Comments (none posted)

Linux Adoption

Linux desktop adoption boosted by economy (SearchEnterpriseLinux)

SearchEnterpriseLinux looks at the increasing use of Linux on the desktop. "While hard numbers remain elusive, business adoption of Linux on the desktop appears to be growing, motivated at least in part by the need to stretch IT budgets during the current economic slump. Linux currently has a tiny but rapidly growing toehold in the overall desktop market. The upside, according to Open Road blogger Matt Asay, is that Linux desktop systems grew 62% from 2007 to 2008. The downside: even that tremendous expansion only brought Linux desktops to 2.02% of the market."

Comments (none posted)

Virtual Linux is the prescription for hospital patients (iTWire)

iTWire reports on a new Linux installation by a Glendale, California hospital. "Adventist Medical Center (GAMC) has installed thin clients running Linux virtual desktops in 65 patient rooms in its new West Tower. "Just as easily as the hospital provides patients with TVs in rooms, now we provide personal computing," said Roger Pruyne, senior programmer/analyst and project manager for the GAMC Patient Computing project. The system combines NoMachine's NX remote access and virtualisation software, SUSE Linux Enterprise Desktop, and an IBM System x3650 server. GAMC estimates that this approach saves 98 percent of the cost that would have been involved if conventional PCs had been selected."

Comments (none posted)

Would You Like Linux With Your Jello? (Linux Journal)

Linux Journal takes a look at a hospital with Linux thin clients for patients. "The happy healers at Glendale Adventist Medical Center, in conjunction with Linux luminaries IBM and Novell, as well as the networkers at NoMachine, have found a way to insert Linux into the lives of its patients. Rather than blank walls and bad TV to stare at, patients in the new West Tower at Glendale Adventist have access to the outside world, via Linux-based thin clients available right in the patient's room. The setup utilizes servers from IBM, the networking and compression expertise of NoMachine, and SUSE Linux Enterprise Desktop to provide patients with access to the internet, where they can do everything from learning about their condition and treatment to keeping family and friends abreast of their progress via the standard cast of internet characters: Twitter, Facebook, and the omnipresent blogs."

Comments (none posted)

Interviews

Fellowship interview with Smári McCarthy (FSFE)

The Free Software Foundation Europe presents an interview with Smári McCarthy. "Stian Rødven Eide: One of the most profiled projects you have been involved with is the Fab Lab, having headed the Icelandic branch for over a year now. While best known for its use of 3D printers, the Fab Lab is actually a much broader concept that goes far beyond technical innovation. Can you tell us a bit about your work there, and what you hope to achieve? Smári McCarthy: There are two sides to the Fab Lab story. On the one hand, there’s the research side, which is all about developing the universal constructors, figuring out the hard science of digital fabrication. In that realm I think our work is done when we can download chicken sandwiches off the Internet."

Comments (none posted)

SUSE 11 takes off faster than 10 (The Register)

The Register talks with Justin Steinman, director of marketing for Linux and open platform solutions at Novell, about SUSE Linux 11 and other topics. "Steinman did want to talk a bit about clouds and Novell's place in them. And even while no one has been talking about Novell building a cloud of its own, he put the kibosh on the idea. "We are not going to launch the Novell Cloud," Steinman says. "We are not going to be a hosting provider. Our core competency is making heterogeneous environments work together, and that is what we plan to focus on." That's not to say that Novell does not expect its products - Linux and its PlateSpin management tools in particular - to have some play as companies build clouds."

Comments (none posted)

Reviews

Pianoteq3 For Linux: A Product Review (Linux Journal)

Dave Philips reviews the Linux version of Pianoteq (commercial software) on Linux Journal. "On the 15th of May 2009 the Modartt company announced the release of version 3.0.3 of their award-winning Pianoteq, a professional-quality digital keyboard instrument created by an audio synthesis method known as physical modeling. The program is vastly praised by its users, but in order to feel the love you've had to run a Windows machine or a Mac box. Until now, that is. The latest release introduces various new attractions, and the one that interests me the most is support for a native Linux version."

Comments (none posted)

Miscellaneous

iPhone Dev Team Releases 3GS Jailbreak (Washington Post)

The Washington Post reports that a hack is available to unlock the iPhone. "The Dev Team also released a new hack codenamed "redsn0w," which is a Linux version of the program. But right now, redsn0w should work on OS X, Windows, and Linux."

Comments (1 posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

EFF: ASCAP makes outlandish copyright claims on cell phone ringtones

The Electronic Frontier Foundation speaks out on cell phone ring tone copyright claims. "The Electronic Frontier Foundation (EFF) urged a federal court Wednesday to reject bogus copyright claims in a ringtone royalty battle that could raise costs for consumers, jeopardize consumer rights, and curtail new technological innovation."

Full Story (comments: none)

KDE e.V. elects new board of directors (KDE.News)

KDE.News reports on the KDE e.V. board of directors election. "Adriaan de Groot was re-elected as vice president of KDE e.V. and two new board members have been elected: Celeste Lyn Paul, the leader of KDE's usability efforts, and Frank Karlitschek, the man behind KDE community web services such as KDE-Look.org and KDE-Apps.org. Karlitschek is also known for his efforts to introduce the Social Desktop to KDE. The new president of the KDE e.V. is Cornelius Schumacher, and Frank takes over the role of vice president and treasurer from Cornelius."

Comments (none posted)

Linux Foundation hires new director of EMEA

The Linux Foundation has announced its new director of Europe, Middle East and Africa. "The Linux Foundation (LF), the nonprofit organization dedicated to accelerating the growth of Linux, today announced it has appointed Axel Petrak as its new Director of Europe, Middle East and Africa (EMEA). Mr. Petrak will work with companies and community members in the region to facilitate collaboration on advancing Linux with activities such as exclusive events, training workshops, technical workgroups, and more."

Full Story (comments: none)

Commercial announcements

Neptuny joins Red Hat Partner Program

Neptuny is the latest company to join Red Hat Partner Program. "Neptuny has extensive experience in developing its technologies on Red Hat Enterprise Linux and JBoss Enterprise Middleware. In particular, Neptuny recommends Red Hat Enterprise Linux (RHEL) for CaplanTM, Neptuny's flagship product, which enables an industrialized approach to Capacity Planning."

Full Story (comments: none)

Resources

Linux Gazette #164

Issue #164 of the Linux Gazette has been published. Topics include: Mailbag, Talkback, 2-Cent Tips, News Bytes, by Deividson Luiz Okopnik and Howard Dyckoff, Layer 8 Linux Security, by Lisa Kachold, Building the GNOME Desktop from Source, by Oscar Laycock, Joey's Notes: VSFTP FTP server on RHEL 5.x, by Joey Prestia, Our monthly column of basic Linux advice and education, Understanding Full Text Search in PostgreSQL, by Paul Sephton, A coverage of PostgreSQL full text search indexing, matching and ranking, Fedora 11 on the Eee PC 1000, by Anderson Silva, Sending and Receiving SMS from your Linux Computer, by Suramya Tomar, Ecol, by Javier Malonda, XKCD, by Randall Munroe and The Linux Launderette.

Full Story (comments: none)

Contests and Awards

Akademy Awards 2009 (KDEDot)

KDE.News covers the Akademy Awards 2009. "The Akademy Awards for 2009 have been announced, celebrating the best of KDE contributors. As always the winners are chosen by the winners from the previous year."

Comments (none posted)

Adrian Marriott wins ODBMS.ORG award

Adrian Marriott has won an ODBMS.ORG award. "ODBMS.ORG, a vendor-independent non-profit group of high-profile software experts lead by Prof. Roberto V. Zicari, today announced that Adrian Marriott, Principal Consultant, Progress Software Inc., was awarded the ODBMS.ORG Awards for the best Common Persistent Model Patterns for Performance and/or Scalability Optimization, for his pattern "Query Visitor". "Query Visitor represents a query to be performed on the elements of a persistent object structure."

Full Story (comments: none)

Education and Certification

Python Bootcamp registration deadline

A Python bootcamp will be held on July 27-31 in Morrisville, NC, the registration deadline is July 24. "Just a reminder that there are only 3 weeks remaining to register for the Open Technology Group's Python Bootcamp, a 5 day hands-on, intensive, in-depth introduction to Python. This course is confirmed and guaranteed to run."

Full Story (comments: none)

Calls for Presentations

OOoCon 2009 call for papers

A call for papers has gone out for OOoCon 2009. "The OpenOffice.org Annual Conference (OOoCon 2009) will be held in Orvieto, Italy from November 3, 2009 - November 6, 2009. The OpenOffice.org Community invites potential speakers to submit proposals for papers for OOoCon 2009. Whether you are a seasoned presenter, or have never stood up in public before, if you have something interesting to share about OpenOffice.org - we want to hear from you." Submissions are due by July 13.

Full Story (comments: none)

PyCon India 2009

PyCon India 2009 will take place in Bengaluru, India on September 26-27, proposals are being accepted. "PyCon India is looking for proposals on all aspects of Python programming. We will accept a broad range of presentations, from reports on academic and commercial projects to tutorials and case studies. As long as the presentation is interesting and potentially useful to the Python community, it will be considered for inclusion in the conference. All the talks will be within 45-60 minutes. There will also be a dedicated Lightning Talk session for talks no longer than five minutes."

Full Story (comments: none)

CFP - Security Byte / OWASP Asia 2009

A call for papers has gone out for Security Byte / OWASP Asia 2009, the event takes place on November 17-18, 2009. "Securitybyte & OWASP AppSec Asia Conference is a forum where Ethical Hackers, Practitioners, Researchers, and Developers in Information Security field, gathers to showcase and exchange new Researches, Innovations, Practical ideas and Experiences. If you are developing, researching, or implementing practical solutions to protect Corporate or Government Information Infrastructures, please consider sharing your experience and expertise at this conference. First round of CFP submission is July 30th, 2009."

Full Story (comments: none)

Upcoming Events

DjangoCon '09 announced

Early bird registration is open for the 2009 DjangoCon. "DjangoCon '09 will be in Portland, Oregon at the DoubleTree Green Hotel between 8th and 12th September. The first 3 days are conference days and the last 2 days are sprint days."

Full Story (comments: none)

InsideMobile Conference early lineup posted

An early session lineup has been posted for the O'Reilly InsideMobile conference. "O'Reilly Media and 360|Conferences, co-producers of the InsideMobile Conference, today announced an early lineup of innovative sessions for the upcoming two-day event. During InsideMobile, leading smartphone app developers and experts share their knowledge and experiences building useful and innovative applications across multiple platforms. The event takes place July 26-27, 2009, at the eBay Conference Center in San Jose."

Full Story (comments: none)

Italian Perl Workshop 2009 guests (use Perl)

use Perl has announced the guest speakers for the Italian Perl workshop. "The preparations for this year's Italian Perl workshop are hotting up, and thanks to the sponsors, we have invited some great guest speakers for the international tracks (in English):..."

Comments (none posted)

Webinar: How to end IT bottleneck in application deployment and maintenance

rPath will hold a webinar entitled How to end IT bottleneck in application deployment and maintenance on July 16. "In an upcoming webinar sponsored by rPath and Active Endpoints, industry experts will explore what it takes to establish a self-service application deployment model. Attendees will also see a demonstration of a self-service process in action."

Full Story (comments: none)

Events: July 16, 2009 to September 14, 2009

The following event listing is taken from the LWN.net Calendar.

Date(s)EventLocation
July 13
July 17		 (Montreal) Linux Symposium Montreal, Canada
July 15
July 17		 Kernel Conference Australia 2009 Brisbane, Queensland, Australia
July 15
July 16		 NIT Agartala FOSS and GNU/Linux fest Agartala, India
July 18
July 19		 Community Leadership Summit San Jose, CA, USA
July 19
July 20		 Open Video Conference New York City, USA
July 19 pgDay San Jose San Jose, CA, USA
July 20
July 24		 2009 O'Reilly Open Source Convention San Jose, CA, USA
July 24
July 30		 DebConf 2009 Cáceres, Extremadura, Spain
July 25
July 30		 Black Hat Briefings and Training Las Vegas, NV, USA
July 25
July 26		 EuroSciPy 2009 Leipzig, Germany
July 25
July 26		 PyOhio 2009 Columbus, OH, USA
July 26
July 27		 InsideMobile San Jose, CA, USA
July 31
August 2		 FOSS in Healthcare unconference Houston, TX, USA
August 3
August 5		 YAPC::EU::2009 Lisbon, Portugal
August 7
August 9		 UKUUG Summer 2009 Conference Birmingham, UK
August 7 August Penguin 2009 Weizmann Institute, Israel
August 10
August 14		 USENIX Security Symposium Montreal, Quebec, Canada
August 11
August 13		 Flash Memory Summit Santa Clara, CA, USA
August 11 FOSS Dev Camp - Open Source World San Francisco, CA, USA
August 12
August 13		 OpenSource World Conference and Expo San Francisco, CA, USA
August 12
August 13		 Military Open Source Software Atlanta, Georgia, USA
August 13
August 16		 Hacking At Random 2009 Vierhouten, The Netherlands
August 18
August 23		 2009 Python in Science Conference Pasadena, CA, USA
August 22
August 23		 Free and Open Source Conference (FrOSCon) St. Augustin, Germany
August 22
August 23		 OpenSQL Camp St. Augustin, Germany
August 31
September 4		 Ubuntu Developer Week Internet, Internet
September 1
September 4		 JBoss World Chicago Chicago, IL, USA
September 1
September 4		 Red Hat Summit Chicago Chicago, IL, USA
September 1
September 5		 DrupalCon Paris, France
September 4
September 5		 PyCon 2009 Argentina Buenos Aires, Argentina
September 7
September 11		 XtreemOS summer school Oxford, UK
September 7
September 8		 FRHACK.ORG IT Security Conference Besançon, France
September 8
September 12		 DjangoCon '09 Portland, OR, USA
September 10
September 11		 Fedora Developer Conference 2009 Brno, Czech Republic
September 12 Evil Robot Conference (Free Conference, Free Software) Raleigh, NC, USA

If your event does not appear here, please tell us about it.

Web sites

OpenNICTA has been launched

NICTA, Australia's ICT Research Centre of Excellence search, has launched the OpenNICTA open-source project portal. There are currently eleven software projects available on the site. (Thanks to Mark Tall).

Comments (none posted)

Audio and Video programs

O'Reilly Webcast: 10 Ways to Wreck Your Database

O'Reilly will be holding a webcast entitled 10 Ways to Wreck Your Database on July 10. "Want to make sure your database loses data, duplicates records, and can only handle 5 transactions a minute? Want to make your application developers curse you, your sysadmin hate you, and get yourself fired without a reference? These ten database design techniques will set you on the road to downtime perdition and maintenance hell."

Full Story (comments: none)

Miscellaneous

The Pragmatic Bookshelf launches a magazine

The Pragmatic Bookshelf announced the launch of the magazine PragPub. "PragPub editor Michael Swaine served for years as editor-in-chief and editor-at-large for the venerable "Dr. Dobb's Journal" and coauthored the seminal personal computer history book, "Fire in the Valley." Michael says, "There is a huge demand for timely information on current programming issues, but conventional magazine publishing can't keep up with the pace of change in software development."

Full Story (comments: none)

Page editor: Forrest Cook


Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds