LWN.net Weekly Edition for August 6, 2009
A default desktop for openSUSE?
The choice of a Linux desktop environment, typically between the "big two": GNOME and KDE, is one that inspires enthusiastic advocacy—some might even say religious fervor—among the supporters of each choice. So, it should come as no surprise that a distribution's default choice of desktop—the one that most new users will end up running—can be contentious, as the supporters of each desktop jockey for recognition of their choice. That battle is currently playing out for openSUSE after a proposal to make KDE the default desktop was made in the openFATE feature tracker; since then, a number of rather lengthy threads on the opensuse-project mailing list, as well as postings on various web logs, have made for a lively debate.
The first argument for choosing a default desktop generally centers around new users. Most seasoned Linux users will have already chosen a desktop suited to their needs; as long as that desktop is supported, they should have no trouble installing the distribution. New users, on the other hand, are generally not even aware that there is a choice of desktops for Linux. By choosing a default desktop, a distribution can ease the path for a new Linux user.
Unlike most of the major distributions, openSUSE has no default desktop, so users are presented with the choice of GNOME or KDE as part of the installation process. The other major distributions default to GNOME—with the exception of Mandriva—but support KDE users with a separate distribution of some kind (e.g. Kubuntu or the Fedora KDE spin).
The lack of a default for openSUSE is, to some extent, a historical artifact. When Novell bought SuSE Linux a few months after it bought Ximian, there was a bit of a culture clash. SuSE was KDE-based, but Ximian was a sponsor of GNOME (and Mono) development. According to a blog posting by KDE's Sebastian Kügler, Novell wanted to move both enterprise and desktop distributions to a GNOME default—or perhaps remove KDE entirely—but eventually decided to only do that for the enterprise releases; for desktops, there would be no default.
For a while, KDE was listed ahead of GNOME in the openSUSE installation dialog, but at some point, the order of the two desktops in the installation dialog was reversed. That makes sense, at least alphabetically, but, to some, it still felt like a KDE demotion. That dialog has a short blurb associated with each desktop choice, but neither is selected, so the user must choose.
The openSUSE community is largely made up of KDE users; something like two-thirds of users run either KDE 3.5 or KDE 4 according to the openSUSE 11.0 user survey [PDF]. That leads some, especially KDE fans, to suggest that openSUSE default to the desktop used by a significant majority of its users. The proposal was quickly voted as the highest rated feature request in openFATE, with roughly 90% approval, according to openSUSE board chair Michael Löffler's blog posting.
KDE-default advocates note that in addition to its potential to reduce confusion for new users, making KDE the default would raise openSUSE's profile within the KDE community, which might well lead to more users, developers, and packagers for the distribution. Part of the argument is that openSUSE makes default decisions for most kinds of applications (web browsers, email readers, etc.), but leaves the desktop choice to the user, so, instead, openSUSE should make a default decision there as well. By putting KDE on an equal footing with GNOME, openSUSE is actually treating KDE as a second-class citizen. As KDE and SUSE developer Lubos Lunak puts it:
There is also a political subtext to making KDE the default. For much of
its history, openSUSE was completely controlled by Novell, but more
recently it has been opening up to become more of a community-led
distribution—following a similar path to that taken by Fedora a few years
earlier. To some, changing to a KDE default is seen as a way to show that
openSUSE has moved out from under Novell's thumb. In some ways, openSUSE
has been tainted by the patent deal that Novell made with
Microsoft—at least to some—so, some distancing from Novell
would be welcome as Will Stephenson points out: "This would go a long way to
undoing the 'Novell is evil' smell that we can't shake off.
"
Community manager Joe "Zonker" Brockmeier is sympathetic to the idea that openSUSE show
that it can "make
decisions independent of Novell
", but doesn't agree that changing to
a KDE default is the right choice for the project. He is
concerned
that elevating KDE to a position above GNOME might alienate users
and developers of the latter, while not providing much in the way of a
boost to the numbers of openSUSE KDE folks:
I appreciate the desire to make openSUSE a welcome home for KDE developers and users. I just think we could find a better way to accomplish it.
Lunak suggests that there be guidelines to help determine what default choices openSUSE will make. As he has noted several times in the threads, there aren't choices for text editor or web browser, so why is the desktop treated differently? He also points out that the current default web browser—firefox for both GNOME and KDE—might need to change at some point:
Some guidelines, at least for the desktop case, have been proposed by former openSUSE board chair
Andreas Jaeger. In his proposal—which seems to be gaining some
support—he suggests that desktops be listed in alphabetical order and
that the most popular be selected by default. He also suggests that the
desktop choice screen should "explain that both GNOME and KDE are
first class desktops and the default is based on popularity
". How
ties or near-ties would be broken is not specified, but there would have to
be a fairly sizable shift in the openSUSE community for that to be a
problem—GNOME users account for roughly 26% of those surveyed.
This is not the first time distributions have struggled with this problem; Fedora went through a similar exercise back in April. The initial suggestion, made by Jóhann Guðmundsson, was to change references to "default desktop" or "Fedora desktop" to "GNOME desktop", so that the desktop choice made by the project was clear. His point was not change the default, but just to call it out so that other desktops and their users would be on an equal footing.
That led to a lengthy thread—sound familiar?—discussing how to
handle desktop choices at
installation time (among other things). The problem is that there is no
"right" decision that a distribution can make. Forcing the user to choose
is bad for new users; as Naheem Zaffar put
it: "Choice is only good if you are informed enough to exercise
it.
" Distributions are expected to make these choices, and,
in the end, they have to. When booting a Live CD of some distribution, the
last thing a potential new Linux user wants to do is make an uninformed
decision about which desktop to use.
As an aside, it is interesting to note a complaint made by Josephine Tannhäuser who was unhappy to see that KDE 4.3 will be coming to Fedora 10 and 11, without a similar upgrade for GNOME (to 2.26) in Fedora 10. The stability required for GNOME as the default desktop may be part of the resistance to a major GNOME upgrade for a distribution that is getting towards the end of its lifecycle. There may be other reasons as well—the GNOME 2.26 upgrade may be more intrusive than KDE 4.2.4 to 4.3 for example—but it is likely that non-default desktops are afforded more flexibility.
Clearly, some in the KDE community would like to see there be a
high-profile distribution that defaults to that desktop. There are
undoubtedly some who are still smarting from the perceived—or
real—slight when SUSE moved from KDE to GNOME/neutral after the
Novell acquisition. At some level, openSUSE seems like a good candidate
for that distribution, but it could conflict with the stated goal to be
"the distribution with the best GNOME desktop and the best KDE
desktop
", as Jaeger described.
With two full-featured desktop solutions—as well as more minimal choices for those who want them—Linux can certainly meet the needs of most users. There is a hurdle to get over, though, one that the proprietary alternatives don't require. The best long-term solution is likely to involve raising the profile of the desktop choice to new users, so that they can make a reasonably informed decision—similar to the distribution choice they already have to make. How they get that information is an open question, but that question once existed for the various distributions as well. It would seem that the desktop projects may need to get better at educating users—and potential users—about the strengths of their solution. If that happens, the default desktop choice will likely become less politicized and lead to fewer lengthy mailing list threads.
Clutter 1.0 brings stability, new animation API
Version 1.0 of the Clutter graphics library was released on July 29, sporting a stable application program interface (API) and binary interface (ABI), an animation framework, and an OpenGL abstraction library that should prove useful to developers. With Clutter set to take on a more prominent role in the GNOME 3.x series, the announcement should prove to be welcome news to application developers.
Clutter is used to build user interfaces, but unlike traditional toolkits such as GTK+ or Qt, it uses a flexible "scene graph" model with "actors" and "stages" instead of the customary widgets and containers. The free-form actor elements can be placed with fixed positioning on the stage or use managed layout, and they can be easily moved, deformed, and even animated. Clutter is designed to use OpenGL as a back-end, so applications can benefit from hardware accelerated rendering. OpenGL for Embedded Systems (OpenGL ES) is supported, making Clutter a popular choice on slim-CPU mobile devices such as Nokia's Maemo tablets and Moblin's netbook Linux distribution.
![[Clutter demo]](https://static.lwn.net/images/clutter_sm.png)
The project was started in 2006 at embedded Linux development firm Opened Hand, which was acquired by Intel in late 2008. Clutter has been selected as an official part of the Maemo GUI stack, beginning with the upcoming 5.0 release, called "Fremantle." Following Opened Hand's acquisition by Intel, however, more effort went into integrating Clutter as a core UI library for Moblin, which prior to April 2009, was an Intel-owned effort. The toolkit is also growing in popularity on desktop Linux systems, where it is used by GNOME games, the Mutter window manager, and the GNOME Shell project set to be featured prominently in GNOME 3.0.
Although Clutter is written in C, bindings are available for a wide variety of languages, including C++, C#, Python, Ruby, Vala, JavaScript, and Perl. In addition, applications can embed traditional GTK+ elements, GStreamer video content and Cairo 2-D canvases as Clutter actors. Clutter is developed primarily for usage under X with the GLX extension, but can also use Simple DirectMedia Layer (SDL) or the Linux frame buffer if necessary. Ports to Windows and Mac OS X are also available. Using ClutterScript, Clutter applications can store and load full or partial scene graphs in JavaScript Object Notation (JSON) format.
Changes in 1.0
The Clutter API has undergone several important changes since the last stable series, 0.8, but the development team has declared the 1.0 API frozen for all subsequent 1.x releases. Apart from stabilizing the API, Clutter 1.0 includes a new animation framework, unified handling of all text widgets with Pango, performance improvements based on better tracking which actors in the scene graph will be painted, debugging facilities for application developers, and improvements to the Clutter OpenGL abstraction library COGL. The Clutter and COGL documentation also underwent extensive revision, including a migration guide for developers needing to port their code from Clutter 0.8 to Clutter 1.0.
The Animation API has received the most attention of the changes in 1.0, being the subject of several conference talks this summer. In prior versions of Clutter, animation of actors was handled through two separate features: Behaviors and Effects. Behaviors were to be used when both the starting and ending states of the actor were known (such as moving from one predetermined position to another), and Effects could be used at any time, regardless of the state of the actor. The Effects API proved to be kludgy and difficult for application developers to use, as well as difficult for the Clutter developers to extend, so it has been dropped in favor of the Animation API.
The new API is both simpler and shares base classes, such as Timeline, with the Behaviors API, which should simplify its adoption. Whereas in Effects each transformation was a separate function (e.g., rotate, fade, translate), Animation requires only specifying the desired final state of the actor with a single function call; the animation itself is performed implicitly, with all of the intermediate steps interpolated. This "tweening" behavior is similar to what is possible with JavaScript animation. The Clutter 1.0 migration guide provides some side-by-side example code demonstrating the difference between using Effects and Animation.
COGL is also significant; it began as a purely internal layer for Clutter to abstract away the differences between OpenGL, OpenGL ES 1.1, and OpenGL ES 2.0, but it has since evolved into a library useful for other OpenGL-based projects. COGL attempts to make OpenGL usage as fast as possible by maintaining its own internal store of the scene rather than sending every update to the GPU separately, caching as much as possible, and minimizing the number of validations and state changes.
1.x, 2.0, and more
The Clutter team has expressed its desire to further develop COGL into a more flexible GPU-programming library, providing a modern, object-oriented API for OpenGL programming. As for Clutter itself, the plan is to adopt a six-month release cycle, as used by other projects in the GNOME ecosystem. There will be further 1.x stable releases to improve performance and efficiency, but the guarantee is that no changes made during the 1.x cycle will break API compatibility.
GNOME will reportedly ship Clutter with its 2.28 release in September, but Clutter-based tools like GNOME Shell are not scheduled to arrive until the 3.0 release six months later. The API stability guarantee is more likely to please developers with mobile platform projects like Maemo and Moblin, however, who count on longer product life cycles than those of a typical desktop Linux distribution.
Independent application developers may have to wait a few more weeks before they can begin working with Clutter 1.0, though. The dependent libraries that allow embedding GTK+ widgets, GStreamer content, and Cairo canvases are a bit behind the core Clutter release, as are some of the language bindings. Fortunately, the official packages are built to be installable in parallel with Clutter 0.8, and with the documentation in place — including the migration guide — no one has an excuse to sit idly by in the meantime.
CentOS turbulence and enterprise Linux tradeoffs
CentOS must seem like a dream distribution to many. Its users get the benefit of the massive team of developers that Red Hat has working on the Red Hat Enterprise Linux product without having to pay for any of it. CentOS offers a level of stability that cannot be found in any of the more community-oriented distributions; even Debian Stable requires its users to upgrade more often than CentOS does. Hosting providers have a solid, supported platform to sell to many thousands of customers, and it does not cost them even a single devalued US dollar. Many, many sites depend on CentOS, so anything which threatens the stability of that foundation is certain to raise a number of eyebrows. Unfortunately, that is exactly what happened at the end of July.CentOS has never been the most transparent of projects; its lists do not carry the kind of open discussion that can be found with Debian, Fedora, or (increasingly) openSUSE. Most CentOS users perhaps worry little about where their software comes from, but there are those who have tried to help the project and bring its workings more into the open. One of those, well-known RPM packager Dag Wieers, threw in the towel in June:
Problems within the project became more public on July 30, when a disturbing open letter was posted on centos.org. The immediate issue was the disappearance of project founder Lance Davis, whose last post on the centos-devel mailing list was in April, 2008. Evidently Lance hadn't been heard from for some time in other parts of the project as well. A missing founder can be a problem, but it gets worse: when Lance vanished from sight, he took with him control over the project's domain name and IRC channels.
Lance also had control over the project's finances. There has been a lot less noise concerning this part of the problem, but the fact remains: nobody seems to know where the money which has flowed into the project (via donations and web advertising) has gone. Quoting Dag Wieers again:
Naturally enough, this issue failed to resolve itself; eventually the other key CentOS contributors were forced to go public with their concerns. The move appears to have been entirely effective: Lance was flushed out from wherever he was hiding and met with the team. Ownership of the domain name has been transferred. The CentOS project appears to be back on track, and, perhaps, headed toward a more democratic mode of operation.
Little is being said about the financial side, beyond this:
So the management of future revenue into the project should be handled in a more open sort of way.
One could argue that CentOS users had little to worry about. In the worst possible scenario, the active CentOS developers could have forked the distribution and moved to a new domain, perhaps without even changing the name of the project. Such a move could certainly be successful. But users who have picked a distribution known for stability might just feel a little concerned about being told to change their repository pointers to a different location run by a group claiming to be the "real" CentOS. A certain amount of disruption would have been guaranteed.
There is a lesson here: use of a distribution like CentOS has its risks. A system running CentOS is relying on the efforts of a relatively small group of volunteers; these volunteers are not obligated to continue to provide support to anybody. The project's governance and processes are on the murky side - even if it looks like things are about to get better. CentOS is fully dependent on Red Hat for security updates, and it necessarily imposes a delay between the release of Red Hat's fix (which discloses any vulnerability which wasn't already in the open) and the availability of a fix for CentOS. For the curious: here is the observed delay time a few recent updates:
Package Delay
(days)seamonkey 1 bind 1 python 2 tomcat 8 firefox 7 libtiff 7 dhcp 1 httpd 5
Sometimes updates pass through the CentOS system quickly, but other times the performance is not quite as good; the "critical" firefox update languished for a full week.
The point of the above text is not to criticize CentOS: that project has done an outstanding job of providing a highly stable and well-supported distribution to the community for free. How can anybody criticize that? The point, instead, is that there are tradeoffs associated with any distribution choice. A Linux user who feels the need for contractually-assured service backed up by a well-funded support operation and faster security updates would be well advised to consider purchasing support from one of the companies operating in that area.
For those who do not need that level of support, instead, distributions like CentOS provide great value. A more open CentOS looks like it should be able to provide greater value yet. Also encouraging are the suggestions that CentOS could work more closely with Scientific Linux, another RHEL rebuild with very similar goals. All told, there appears to be a good chance that the recent turbulence will lead to a more solidly founded CentOS which will continue to be a firm platform for many thousands of deployed systems well into the future.
Security
SSL flaws revealed at Black Hat
The annual Black Hat security conference in Las Vegas is probably the premier security event each year—at least for the disclosure of new vulnerabilities. The event usually has one or more high-profile disclosures that often lead to software vendors and projects scrambling to fix the vulnerable code. This year was no exception, with Secure Sockets Layer (SSL) taking center stage. Two of the vulnerabilities led to Mozilla security updates, while others showed flaws in the certificate authority (CA) infrastructure and browser handling of Extended Validation (EV) SSL certificates.
The most serious problem would seem to be a disconnect between CAs and browsers on how to handle certificates with NUL (i.e. '\0') bytes in the domain name. CAs have been willing to issue certificates for host/domain names containing NULs, but browsers were handling them in ways that made certificate spoofing much easier. Moxie Marlinspike and Dan Kaminsky independently discovered the problem and both presented about it at Black Hat. Marlinspike's example was a certificate issued for www.paypal.com\0.thoughtcrime.org, which would appear to be a legitimate PayPal certificate to the browser user.
It has been argued that the CAs should not be issuing certificates of that sort, especially given that C-based programs interpret NUL as the end of string, but the browsers have a certain amount of responsibility here as well. It's hard to see a legitimate use for a certificate with a NUL byte as part of the domain name, but browsers could and should have used the string length, which is specified in the certificate to determine how to display and handle the domain name. The CAs should also stop signing such certificates, and revoke those that they have already issued, but that, of course, doesn't stop anyone from self-signing a certificate with a NUL byte in the domain name.
The flaw could be exploited to do a man-in-the-middle attack against users. An attacker who could intercept network traffic—via a compromised, or just maliciously configured, wireless router for example—could present one of these certificates when a victim visited PayPal. Because the browser only looked at the host name information before the NUL, the user would believe they had a secure session with PayPal, when, in fact, they were talking to a host under the attacker's control.
Marlinspike found another problem, which only seems to have affected the Firefox 3.0 series, in how wildcards were handled in the host names presented in certificates. Wildcard certificates are meant to solve the problem of multiple hosts in a given domain that need to share certificates. So, a CA could sign a single certificate that would work for webhost00.example.com through webhost99.example.com. Firefox 3.0 and earlier supported a non-standard Netscape regular expression syntax which Marlinspike found a way to exploit.
That exploit would cause a heap overflow that could allow arbitrary code
execution—another particularly nasty outcome. According to the
Mozilla advisory: "With version 3.5 Firefox switched to the more
limited industry-standard wildcard syntax instead and is not vulnerable to
this flaw.
"
Kaminsky's talk also covered a number of other issues with SSL certificate handling. Red Hat's director of security response Mark Cox summarized those problems along with their impact on various free software packages. For the most part, they had much less impact than the NUL-byte spoofing attack, which Cox notes as having been fixed in April for Firefox 3.5 in RHEL.
Another presentation on SSL came from Alexander Sotirov and Mike Zusman. They showed that EV certificates can be replaced with valid, conventional (aka Domain Validated or DV) certificates without changing the browsers display to reflect the potentially reduced security. Browsers display sites using EV certificates in green in the address bar to denote the supposed higher security. By using a man-in-the-middle attack, and a valid DV certificate for the domain, they were able to send the second certificate, which caused the browser to switch encryption keys to that contained in the DV certificate. So the session was secured with the "lesser" DV certificate, which the attacker controlled, but still showed the green address bar.
Zusman also gave a presentation at DefCon (which follows Black Hat) on the reliability of the web applications that CAs use for handling certificate requests. As might be guessed, they turn out to be vulnerable to the usual web application suspects: cross-site scripting and SQL injection, but he found additional problems as well. He was able to circumvent the domain name validation used by some CAs so that he could get certificates for domains that he did not control.
It is rather worrisome that the CAs, who are supposedly guarding the safety
of web traffic, are so lax about the security of their own applications.
As Zusman noted in the article: "If you can game a CA's validation
mechanism, they don't
get hurt — they might even make some money. [Those] who suffer are those
who use the Internet.
"
SSL is an important part of the web infrastructure that users must rely on daily to protect their communications with sensitive sites. It is not surprising that it would be targeted by security researchers, nor is it all that surprising that problems were found. While attacks against these specific problems may be difficult to pull off in practice, they represent holes that clearly need to be filled. If security researchers are finding these kinds of problems, it's pretty likely that attackers are finding them as well—but the attackers are much less likely to tell us about it at Black Hat.
Brief items
SquirrelMail plugins compromised
The SquirrelMail team has sent out a notice saying that three plugins (sasql, multilogin, and change_pass) were compromised on the project's server. "Parts of these code changes attempts to send mail to an offsite server containing passwords. We cannot establish a timeline of when these plugins were compromised. If you are a user of these plugins, it is strongly recommended you download a fresh copy from the plugins repository." Changing passwords and looking for intrusions might also be a good idea.
New vulnerabilities
django: file request forgery
| Package(s): | django | CVE #(s): | |||||||||
| Created: | August 4, 2009 | Updated: | August 5, 2009 | ||||||||
| Description: | From the Django security advisory: Django includes a lightweight, WSGI-based web server for use in learning Django and in testing new applications during early stages of development. For sake of convenience, this web server automatically maps certain URLs corresponding to the static media files used by the Django administrative application. The handler which maps these URLs did not properly check the requested URL to verify that it corresponds to a static media file used by Django. As such, a carefully-crafted URL can cause the development server to serve any file to which it has read access. | ||||||||||
| Alerts: |
| ||||||||||
drupal-date: cross site scripting
| Package(s): | drupal-date | CVE #(s): | |||||||||||||||||
| Created: | July 31, 2009 | Updated: | September 21, 2009 | ||||||||||||||||
| Description: | From the Fedora advisory: The Date module provides a date CCK field that can be added to any content type. The Date Tools module that is bundled with Date module does not properly escape user input when displaying labels for fields on a content type. A malicious user with the 'use date tools' permission of the Date Tools sub-module, or the 'administer content types' permission could attempt a cross site scripting [1] (XSS) attack when creating a new content type, leading to the user gaining full administrative access. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
firebird: denial of service
| Package(s): | firebird | CVE #(s): | CVE-2009-2620 | ||||||||||||
| Created: | August 3, 2009 | Updated: | September 1, 2009 | ||||||||||||
| Description: | From the Mandriva advisory: src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference (CVE-2009-2620). | ||||||||||||||
| Alerts: |
| ||||||||||||||
firefox: integer overflow
| Package(s): | firefox | CVE #(s): | CVE-2009-2468 | ||||||||||||
| Created: | July 31, 2009 | Updated: | August 5, 2009 | ||||||||||||
| Description: | From the CVE entry: Integer overflow in CoreGraphics in Apple Mac OS X, as used in Mozilla Firefox before 3.0.12, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long text run that triggers a heap-based buffer overflow during font glyph rendering, a related issue to CVE-2009-1194. | ||||||||||||||
| Alerts: |
| ||||||||||||||
firefox: heap overflow in certificate regexp parsing
| Package(s): | firefox | CVE #(s): | CVE-2009-2404 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | August 4, 2009 | Updated: | March 31, 2010 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Mozilla advisory: Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. This code provided compatibility with the non-standard regular expression syntax historically supported by Netscape clients and servers. With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
firefox: compromise of SSL-protected communication
| Package(s): | firefox | CVE #(s): | CVE-2009-2408 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | August 4, 2009 | Updated: | October 5, 2010 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Mozilla advisory: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
firefox: address spoofing
| Package(s): | firefox xulrunner | CVE #(s): | CVE-2009-2654 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | August 5, 2009 | Updated: | December 22, 2009 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | The firefox browser allows attackers to spoof the information in the address bar, facilitating phishing attacks. Fixes are in versions 3.0.13 and 3.5.2. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
firefox: multiple vulnerabilities
| Package(s): | firefox | CVE #(s): | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | August 5, 2009 | Updated: | August 5, 2009 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | Firefox 3.5.2 fixes a number of vulnerabilities, two of which are labeled "critical." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
flash-plugin: multiple vulnerabilities
| Package(s): | flash-plugin | CVE #(s): | CVE-2009-1862 CVE-2009-1863 CVE-2009-1864 CVE-2009-1865 CVE-2009-1866 CVE-2009-1867 CVE-2009-1868 CVE-2009-1869 CVE-2009-1870 | ||||||||||||||||
| Created: | July 31, 2009 | Updated: | August 7, 2009 | ||||||||||||||||
| Description: | From the Red Hat advisory:
Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-1862, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1868, CVE-2009-1869) A clickjacking flaw was discovered in Flash Player. A specially-crafted SWF file could trick a user into unintentionally or mistakenly clicking a link or a dialog. (CVE-2009-1867) A flaw was found in the Flash Player local sandbox. A specially-crafted SWF file could cause information disclosure when it was saved to the hard drive. (CVE-2009-1870) | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
kernel: denial of service
| Package(s): | kernel | CVE #(s): | CVE-2009-1388 | ||||||||
| Created: | August 4, 2009 | Updated: | August 5, 2009 | ||||||||
| Description: | From the CVE entry: The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping thread. | ||||||||||
| Alerts: |
| ||||||||||
nspr, nss:weak hash signatures
| Package(s): | nspr, nss | CVE #(s): | CVE-2009-2409 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | July 31, 2009 | Updated: | April 28, 2010 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat advisory: Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
pdfedit: multiple vulnerabilities
| Package(s): | pdfedit | CVE #(s): | |||||
| Created: | August 5, 2009 | Updated: | August 5, 2009 | ||||
| Description: | pdfedit contains "several serious remote vulnerabilities"; see this advisory for (minimal) further information. | ||||||
| Alerts: |
| ||||||
php4-eaccelerator: arbitrary code execution
| Package(s): | php4-eaccelerator | CVE #(s): | CVE-2009-2353 | ||||
| Created: | August 3, 2009 | Updated: | August 5, 2009 | ||||
| Description: | From the Mandriva advisory: encoder.php in eAccelerator allows remote attackers to execute arbitrary code by copying a local executable file to a location under the web root via the -o option, and then making a direct request to this file, related to upload of image files (CVE-2009-2353). | ||||||
| Alerts: |
| ||||||
sssd: privilege escalation
| Package(s): | sssd | CVE #(s): | CVE-2009-2410 | ||||
| Created: | July 30, 2009 | Updated: | August 5, 2009 | ||||
| Description: | From the Fedora alert: If a user was added to the SSSD BE database without setting a password, the user could ssh to the SSSD configured client and enter any password to gain access. This update resolves this issue so users with no password set are no longer able to login. | ||||||
| Alerts: |
| ||||||
wordpress: cross-site scripting
| Package(s): | wordpress | CVE #(s): | |||||||||||||||||
| Created: | August 5, 2009 | Updated: | August 7, 2009 | ||||||||||||||||
| Description: | Wordpress prior to version 2.8.2 contains a cross-site scripting vulnerability associated with comment author URLs. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
xml-security-c: authentication bypass
| Package(s): | xml-security-c | CVE #(s): | CVE-2009-0217 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | July 31, 2009 | Updated: | June 4, 2010 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the CVE entry: The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Page editor: Jake Edge
Kernel development
Brief items
Kernel release status
The current development kernel is 2.6.31-rc5, released on July 31. "Apart from various regression fixes, the diffstat shows a couple of new drivers (at_hdmac, uc2322, gspca/sn9c20x, ds2782 battery driver), and some big KMS radeon changes..." Also included was the "flexible array" infrastructure (see below). See the full changelog for the details.
The current stable kernel is 2.6.30.4, released (along with 2.6.27.29) on July 30. Both updates contain another long list of important fixes.
Kernel development news
Quotes of the week
In brief
TTY maintenance: Greg Kroah-Hartman, admitting that he is a glutton for punishment, has agreed to take on maintenance of the TTY layer - a job recently abandoned by Alan Cox. Patches have begun to flow toward the mainline, with Linus taking a larger-than-usual interest in getting them into shape. The fate of Alan's longer-term cleanup plans remains uncertain, but basic maintenance and bug fixing, at least, seems to be in place.Regressions. Rafael Wysocki has posted the 2.6.31-rc5 known regressions list. A total of 76 regressions have been reported in this development cycle; 28 of those remain unresolved. For this stage in the process, that is about normal, or, perhaps, just a bit better than average. Less encouraging, perhaps, is the fact that the 2.6.30 regression list still shows 39 unresolved problems.
make V=1. Once upon a time, building a kernel filled the screen with vast amounts of output, including the full command line for each compilation command. Needless to say, it was hard to get much information out of that much noise; in more recent times, the kernel build system emits much more concise information about what it's doing. Sometimes, though, one needs to see what's really going on; in such cases, running "make V=1" will cause the build system to output everything it's doing.
Except that, as Dave Airlie discovered, it
doesn't; some commands are still hidden from view even when V=1 is
specified. Build system maintainer Sam Ravnborg explained: "The problem is that V=1 is
already too chatty, so people sometimes hide their stuff - as in this
case.
" His suggestion is to implement multiple levels of verbosity,
so that "V=2" could be used to view the truly full stream of
commands. There's a minor problem in that "V=2" is already used
to get make to print out which file caused a particular rebuild to
happen. But, as Sam puts it, few people ever use that option, so maybe it
could be replaced with a "be more verbose" mode. Unless somebody objects
soon, that's likely to be how it goes.
devtmpfs. Greg Kroah-Hartman, evidently not feeling sufficiently challenged by the TTY layer, has reposted the devtmpfs patch, suggesting that it's ready for merging into the mainline. Greg says:
It would be fair to say, though, that the development community is not yet sold on the desirability of merging this patch; expect some interesting discussion in the near future.
Xtables2. The future of Linux packet filtering might be nftables, but Jan Engelhardt isn't holding his breath. He has, instead, put together an immense patch set massively reworking the existing iptables mechanism. The internal data structures have been torn out and reimplemented as a more flexible linked list, setting the stage for easier single-rule changes in the future. Perhaps the biggest payoff, though, is in the unification of the IPv4, IPv6, and ARP versions of the packet-filtering engine; that, he says, enables the removal of about 50% of the code.
The initial responses suggested that potential reviewers were overwhelmed by the magnitude of the change. Jan has posted a more detailed explanation of what various groups of patches do, which has helped. Eventual merging of this code will probably require breaking the sequence up into multiple steps, though.
Montreal Linux power management mini-summit notes have been posted by Len Brown; they give a good (if terse) summary of recent developments in the area and what is being worked on now.
AlacrityVM
While virtualization has been a boon for many users and data centers, it tends to suffer from performance problems, particularly I/O performance. Addressing that problem is the goal of a newly announced project, AlacrityVM, which has created a hypervisor based on KVM. By shortening the I/O path for guests, AlacrityVM seeks to provide I/O performance near that of "bare metal" hardware.
The project is in a "pre-alpha" stage, according to the web page, but it is already reporting some fairly impressive results from a proof-of-concept network driver. Both for throughput and latency, the AlacrityVM guest performance compared favorably to that of 2.6.28 and 2.6.29-rc8 hosts. It also clearly out-performed the virtio drivers in a KVM guest.
The major change that allows AlacrityVM to achieve those gains come from a new kernel-based virtual I/O scheme known as Virtual-Bus (or vbus). Currently, KVM guests use emulated devices—implemented in user space by QEMU—in order to handle I/O requests. That leads to multiple kernel-to-user-space transitions for each I/O operation. The idea behind vbus is to allow guests to directly access the host kernel driver, thus reducing the overhead for I/O.
Using vbus, a host administrator can define a virtual bus that contains virtual devices—closely patterned on the Linux device model—which allow access to the underlying kernel driver. The guest accesses the bus through vbus guest drivers and will only be able to use those devices that the administrator explicitly instantiates on that vbus. The vbus interface supports only two "verbs": call() for synchronous requests, and shm() for asynchronous communication using shared memory.
A document [PDF] by AlacrityVM developer Gregory Haskins describes how to configure and use vbus. Vbus provides a sysfs interface that an administrator can use to create container-like objects that will constrain guests so that they can only access those devices specifically configured for their use. That helps alleviate one of the potential problems with guests accessing kernel drivers more-or-less directly: security.
The vbus web page has a look at the security issues and how they are handled. The main concerns are ensuring that guests cannot use the vbus mechanism to escape their isolation from other guests and processes, as well as making sure that guests cannot cause a denial of service on the host. The bus can only be created and populated on the host side, and each lives in an isolated namespace, which reduces or eliminates the risk of a cross-bus exploit to violate the isolation. In addition, each task can only be associated with one vbus—enforced by putting a vbus reference in the task struct—so that a guest can only see the device ids specified for that bus.
Care was taken in the vbus implementation to punish guests for any misbehavior, rather than the host. The two areas mentioned are for guests that, maliciously or otherwise, mangle data structures in the shared memory or fail to service their ring buffer. A naïve implementation could allow these conditions to cause a denial of service by stalling host OS threads or by creating a condition that might normally be handled by a BUG_ON(). Vbus takes steps to ensure that the host to guest path is resistant to stalling, while also aborting guests that write garbage to the ring buffer data structures.
Haskins has posted a series
of patches to add the vbus infrastructure, along with a driver for
accelerated ethernet. So far, the patches seem to be fairly well-received,
though
there are not, yet, very many comments. The web page makes it clear
that the project's goal is "to work towards upstream acceptance of
the project on a timeline that suits the community
". The
flexibility shown in that goal should serve the project well in getting
mainline acceptance down the road.
The project sums up its status and future plans on the web page as
well: "we have a working design which includes the basic hypervisor,
linux-guest support, and accelerated networking. We will be expanding this
to include other areas of importance, such as accelerated disk-io, IPC,
real-time extensions, and accelerated MS Windows guest support.
" As
one might guess, the web page also has mailing lists for users and
developers as well as kernel and user-space git trees available for
interested folks.
AlacrityVM and vbus both look to be interesting projects, that are probably worth investigating as potential virtualization solutions sometime in the future. The performance gains that come with vbus make it likely to be useful to other projects as well.
The realtime preemption endgame
There has been relatively little noise out of the realtime preemption camp in recent months. That does not mean that the realtime developers have been idle, though; instead, they are preparing for the realtime endgame: the merger of the bulk of the remaining patches into the mainline kernel. The 2.6.31-rc4-rt1 tree recently announced by Thomas Gleixner shows the results of much of this work. This article will look at some of the recent changes to -rt.The point of the realtime preemption project is to enable a general-purpose Linux kernel to provide deterministic response times to high-priority processes. "Realtime" does not (necessarily) mean "fast"; it means knowing for sure that the system can respond to important events within a specific time period. It has often been said that this cannot be done, that the complexity of a full operating system would thwart any attempt to guarantee bounded response times. Of course, it was also said that free software developers could never create a full operating system in the first place. The realtime hackers believe that both claims are equally false, and they have been working to prove it.
One of the long-term realtime features was threaded interrupt handlers. A "hard" interrupt handler can monopolize the CPU for as long as it runs; that can create latencies for other users. Moving interrupt handlers into their own threads, instead, allows them to be scheduled like any other process on the system. Thus, threaded interrupt handlers cannot get in the way of higher-priority processes.
Much of the threaded interrupt handling code moved into the mainline for the 2.6.30 release, but in a somewhat different form. While the threading of interrupt handlers is nearly universal in a realtime kernel, it's an optional (and, thus far, little-used) feature in the mainline, so the APIs had to change somewhat. Realtime interrupt handling has been reworked on top of the mainline threaded interrupt mechanism, but it still has its own twists.
In particular, the kernel can still be configured to force all interrupt handlers into threads. If a given driver explicitly requests a threaded handler, behavior is similar to a non-realtime kernel; the driver's "hard" interrupt handler runs as usual in IRQ context. Drivers which do not request threaded handlers get one anyway, with a special hard handler which masks the interrupt line while the driver's handler runs. Interrupt handler threads are per-device now (rather than per-IRQ line). All told, the amount of code which is specific to the realtime tree is fairly small now; the bulk of it is in the mainline.
Software interrupt handling is somewhat different in the realtime tree. Mainline kernels will normally handle software interrupts at convenient moments - context switches or when returning to user space from a system call, usually. If the software interrupt load gets too heavy, though, handling will be deferred to the per-CPU "ksoftirqd" thread. In the realtime tree (subject to a configuration option), all software interrupt handling goes into ksoftirqd - but now there is a separate thread for each interrupt line. So each CPU will get a couple of ksoftirqd threads for network processing, one for the block subsystem, one for RCU, one for tasklets, and so on. Software interrupts are also preemptable, though that may not happen very often; they run at realtime priority.
The work which first kicked off the realtime preemption tree was the replacement of spinlocks with sleeping mutexes. The spinlock technique is difficult to square with deterministic latencies; any processor which is spinning on a lock will wait an arbitrary period of time, depending on what code in another CPU is doing. Code holding spinlocks also cannot be preempted; doing so would cause serious latencies (at best) or deadlocks. So the goal of ensuring bounded response times required the elimination of spinlocks to the greatest extent possible.
Replacing spinlocks throughout the kernel with realtime mutexes solves much of the problem. Threads waiting for a mutex will sleep, freeing the processor for some other task. Threads holding mutexes can be preempted if a higher-priority process comes along. So, if the priorities have been set properly, there should be little in the way of the highest-priority process being able to respond to events at any time. This is the core idea behind the entire realtime preemption concept.
As it happens, though, not all spinlocks can be replaced by mutexes. At the lowest levels of the system, there is still a need for true (or "raw") spinlocks; the locks which are used to implement mutexes are one obvious example. Over the years, a fair amount of effort has gone into the task of figuring out which spinlocks really needed to be "raw" locks. At the code level, the difference was papered over through the use of some rather ugly trickery in the spinlock primitives. Regardless of whether a raw spinlock or a sleeping lock was being used, the code would call spin_lock() to acquire it; the only difference was where the lock was declared.
This approach was probably useful during the early development phases where it was often necessary to change the type of specific locks. But ugly compiler trickery which serves to obfuscate the type of lock being used in any specific context seems unlikely to fly when it comes to merger into the mainline. So the realtime hackers have bitten the bullet and split the two types of locks entirely. The replacement of "spinlocks" with mutexes still happens as before, for the simple reason that changing every spinlock call would be a massive, disruptive change across the entire kernel code base. But the "raw" spinlock type, which is used in far fewer places, is more amenable to this kind of change.
The result is a new mutual exclusion primitive, called atomic_spinlock_t, which looks a lot like traditional spinlocks:
#include <linux/spinlock.h>
DEFINE_ATOMIC_SPINLOCK(name)
atomic_spin_lock_init(atomic_spinlock_t *lock);
void atomic_spin_lock(atomic_spinlock_t *lock);
void atomic_spin_lock_irqsave(atomic_spinlock_t *lock, long flags);
void atomic_spin_lock_irq(atomic_spinlock_t *lock);
void atomic_spin_lock_bh(atomic_spinlock_t *lock);
int atomic_spin_trylock(atomic_spinlock_t *lock);
void atomic_spin_unlock(atomic_spinlock_t *lock);
void atomic_spin_unlock_irqrestore(atomic_spinlock_t *lock, long flags);
void atomic_spin_unlock_irq(atomic_spinlock_t *lock);
void atomic_spin_unlock_bh(atomic_spinlock_t *lock);
These new "atomic spinlocks" are used in the scheduler, low-level interrupt handling code, clock-handling, PCI bus management, ACPI subsystem, and in many other places. The change is still large and disruptive - but much less so than changing ordinary "spinlock" users would have been.
[PULL QUOTE: One might argue that putting atomic spinlocks back into the kernel will reintroduce the same latency problems that the realtime developers are working to get rid of. END QUOTE] One might argue that putting atomic spinlocks back into the kernel will reintroduce the same latency problems that the realtime developers are working to get rid of. There is certainly a risk of that happening, but it can be minimized with due care. Auditing every kernel path which uses spinlocks is clearly not a feasible task, but it is possible to look very closely at the (much smaller) number of code paths using atomic spinlocks. So there can be a reasonable degree of assurance that the remaining atomic spinlocks will not cause the kernel to exceed the latency goals.
(As an aside, Thomas Gleixner is looking for a better name for the atomic_spinlock_t type. Suggest the winning idea, and free beer at the next conference may be your reward.)
Similar changes have been made to a number of other kernel mutual exclusion mechanisms. There is a new atomic_seqlock_t variant on seqlocks for cases where the seqlock writer cannot be preemptable. The anon_semaphore type mostly appears to be a renaming of semaphores and their related functions; it is a part of the continuing effort to eliminate the use of semaphores in any place where a mutex or completion should be used instead. There is also a rw_anon_semaphore type as a replacement for rw_semaphore.
Quite a few other realtime-specific changes remain in the -rt tree. The realtime code is incompatible with the SLUB allocator, so only slab is allowed. There is also an interesting problem with kmap_atomic(); this function creates a temporary, per-CPU kernel-space address mapping for a given memory page. Preemption cannot be allowed to happen when an atomic kmap is active; it would be possible for other code to change the mapping before the preempted code tries to use it. In the realtime setting, the performance benefits from atomic kmaps are outweighed by the additional latency they can cause. So, for all practical purposes, kmap_atomic() does not exist in a realtime kernel; calls to kmap_atomic() are mapped to ordinary kmap() calls. And so on.
As for work which is not yet even in the realtime tree, the first priority would appear to be clear:
At this point, the remaining BKL-removal work comes down to low-level audits of individual filesystems and drivers; for the most part, it has been pushed out of the core kernel.
Beyond that, of course, there is the little task of getting as much of this code as possible into the mainline kernel. To that end, a proper git tree with a bisectable sequence of patches is being prepared, though that work is not yet complete. There will also be a gathering of realtime Linux developers at the Eleventh Real-Time Linux Workshop this September in Dresden; getting the realtime work into the mainline is expected to be discussed seriously there. As it happens, your editor plans to be in the room; watch this space in late September for an update.
Flexible arrays
Kernel developers must keep in mind many constraints which are unique to that programming environment; one of those is that memory allocations become less reliable as they get larger. Single-page allocations will, for all practical purposes, always succeed. A request for two physically-contiguous pages has a high probability of working, but each doubling of the size decreases the chances of a successful allocation. The fragmentation of memory which occurs over the system's life time makes it increasingly hard to find groups of groups of physically-contiguous pages on demand. So large allocations are strongly discouraged.Kernel programmers will sometimes respond to this problem by allocating pages with vmalloc(). Memory allocated this way is virtually contiguous, but physically scattered. So, as long as physically-contiguous pages are not needed, vmalloc() looks like a good solution to the problem. It's not ideal, though. On 32-bit systems, memory from vmalloc() must be mapped into a relatively small address space; it's easy to run out. On SMP systems, the page table changes required by vmalloc() allocations can require expensive cross-processor interrupts on all CPUs. And, on all systems, use of space in the vmalloc() range increases pressure on the translation lookaside buffer (TLB), reducing the performance of the system.
So it would be nice to have a mechanism which could handle the allocation of large arrays in a manner which (1) is reliable, and (2) does not use vmalloc(). To date, any such mechanisms have generally been pieced together by developers solving a specific problem; there has been nothing designed for more general use. That has changed, though, with the merging of the "flexible array" mechanism, written by Dave Hansen, for 2.6.31-rc5.
A flexible array holds an arbitrary (within limits) number of fixed-sized objects, accessed via an integer index. Sparse arrays are handled reasonably well. Only single-page allocations are made, so memory allocation failures should be relatively rare. The down sides are that the arrays cannot be indexed directly, individual object size cannot exceed the system page size, and putting data into a flexible array requires a copy operation. It's also worth noting that flexible arrays do no internal locking at all; if concurrent access to an array is possible, then the caller must arrange for appropriate mutual exclusion.
The creation of a flexible array is done with:
#include <linux/flex_array.h>
struct flex_array *flex_array_alloc(int element_size, int total, gfp_t flags);
The individual object size is provided by element_size, while total is the maximum number of objects which can be stored in the array. The flags argument is passed directly to the internal memory allocation calls. With the current code, using flags to ask for high memory is likely to lead to notably unpleasant side effects.
Storing data into a flexible array is accomplished with a call to:
int flex_array_put(struct flex_array *array, int element_nr, void *src, gfp_t flags);
This call will copy the data from src into the array, in the position indicated by element_nr (which must be less than the maximum specified when the array was created). If any memory allocations must be performed, flags will be used. The return value is zero on success, a negative error code otherwise.
There might possibly be a need to store data into a flexible array while running in some sort of atomic context; in this situation, sleeping in the memory allocator would be a bad thing. That can be avoided by using GFP_ATOMIC for the flags value, but, often, there is a better way. The trick is to ensure that any needed memory allocations are done before entering atomic context, using:
int flex_array_prealloc(struct flex_array *array, int start, int end, gfp_t flags);
This function will ensure that memory for the elements indexed in the range defined by start and end has been allocated. Thereafter, a flex_array_put() call on an element in that range is guaranteed not to block.
Getting data back out of the array is done with:
void *flex_array_get(struct flex_array *fa, int element_nr);
The return value is a pointer to the data element, or NULL if that particular element has never been allocated.
Note that it is possible to get back a valid pointer for an element which has never been stored in the array. Memory for array elements is allocated one page at a time; a single allocation could provide memory for several adjacent elements. The flexible array code does not know if a specific element has been written to; it only knows if the associated memory is present. So a flex_array_get() call on an element which was never stored in the array has the potential to return a pointer to random data. If the caller does not have a separate way to know which elements were actually stored, it might be wise, at least, to add GFP_ZERO to the flags argument to ensure that all elements are zeroed.
There is no way to remove a single element from the array. It is possible, though, to remove all elements with a call to:
void flex_array_free_parts(struct flex_array *array);
This call frees all elements, but leaves the array itself in place. Freeing the entire array is done with:
void flex_array_free(struct flex_array *array);
As of this writing, there are no users of flexible arrays in the mainline kernel. The functions described here are also not exported to modules; that will probably be fixed when somebody comes up with a need for it.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Security-related
Virtualization and containers
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
A tale of two shells: bash or dash
A reoccurring topic on Debian lists is the use of dash (Debian Almquist Shell) as opposed to bash (GNU Bourne-Again Shell). Currently /bin/sh defaults to bash on a Debian system, but some would like the default to be dash.
Ubuntu made this switch three years ago, with the release of Ubuntu 6.10. Note that the default login shell remains bash, only the default /bin/sh used in shell scripts has been changed. Why did Ubuntu make this change?
The Debian EeePC project also notes that dash provides faster boot times. So why hasn't Debian already made this switch? In fact this was a release goal for Lenny.
Part of the problem is "bashisms" - use of non-standard bash features - in shell scripts. There is a lengthy list of bugs tagged with goal-dash that contain bashisms. These are being worked on, package by package. While some users report that they have already made the switch without problems, others will find many of their user scripts will have bashisms.
One can use checkbashisms (man page) to look for bashisms, but for users with lots of scripts using /bin/sh this could be a long and painful process. Here's a sample of checkbashisms output for the package apertium:
checkbashisms' output:
> possible bashism in ./usr/bin/apertium-preprocess-corpus-lextor line 47
> ('((' should be '$(('): if ((length(w)>0) && (index(w,"^")>0)) {
> possible bashism in ./usr/bin/apertium line 9 ('function' is useless):
> function message
Examples of bashisms include use of $RANDOM, the select, let, and source keywords, shell arithmetic, the -e option to echo, and many other things.
Debian policy looks at SUSv3 Shell Command Language and states:
You may wish to restrict your script to SUSv3 features plus the above set when possible so that it may use /bin/sh as its interpreter. If your script works with dash (originally called ash), it probably complies with the above requirements, but if you are in doubt, use /bin/bash.
This raises the issue of whether dash should be "essential" [see Debian policy section 3.8]. bash is "essential" meaning that it must be installed on every Debian system. If dash does not become "essential" then every script with /bin/sh as its interpreter must depend on dash to insure that it is installed and usable by /bin/sh (once the change is made).
That this change will be made is mostly not under debate, it is more a matter of when it will be fully implemented. Those that oppose the move simply want a choice, which exists using dpkg-reconfigure dash. Meanwhile users should be looking at their own scripts to see if they will break once /bin/sh defaults to dash.
New Releases
Announcing NetBSD 5.0.1
NetBSD 5.0.1 has been released. "NetBSD 5.0.1 is the first security/critical update of the NetBSD 5.0 release branch. It represents a selected subset of fixes deemed critical in nature for security or stability reasons. All users are encouraged to upgrade."
Mandriva Linux 2010 alpha 2 is available
The second alpha of Mandriva Linux 2010 is available for testing. "For this second release you will still find only Free DVD isos, 32 and 64 bits."
KDE Four Live 1.3.0
"KDE Four Live" 1.3.0 is an installable Live-CD with openSUSE 11.1 and KDE 4.3.0.
Distribution News
Debian GNU/Linux
Some backpedaling on Debian freeze dates
Buried deep within a "bits from the release team" posting to the Debian development community is this text: "Based on feedback of the community on the plan to freeze in December 2009 and the ambitious Release Goals we set for ourselves, we are revisiting the decision to freeze December 2009. We'll be consulting all key teams within Debian to see how their plans and schedules can fit into a new timeline. Before the end of August we hope to have finished this process of consultation and be able to present the new plan to you." The message also reiterates the idea of regular December freezes, though; it will be interesting to see where this consultation goes.
Shuttleworth: On cadence and collaboration
Mark Shuttleworth has joined into the discussion on Debian release cycles; it's a rather lengthy attempt to make peace. "We're already seeing a growing trend towards cadence in free software, which I think is a wonderful move. Here, we are talking about elevating that to something that the world has never seen in proprietary software (and never will) - an entire industry collaborating. Collaboration is the primary tool we have in our battle with proprietary software, we should take the opportunities that present themselves to make that collaboration easier and more effective."
news.debian.net launches
The announcement has gone out for a new Debian-oriented news service located at news.debian.net. "For a long time, debian-devel-announce and debian-announce were enough but they are reserved to the very important stuff (at least they are supposed to) that is mandatory for developers to know. With the project growing over the years, every day we generate interesting bits about our project that are nice to know, but it is not always so important that it justifies an email to announce."
Fedora
Fedora Board Recap
Click below for a brief recap of the July 30, 2009 meeting of the Fedora Advisory Board. The main topic was website redesign.Recent Fedora IRC Classes
The Fedora IRC Classroom has had a number of Classes recently. You can find the logs on the Classroom wiki page. Recent topics include An intro to rsync, Introduction to Koji (build system) and Bodhi (updates system) in Fedora infrastructure, A tour of the Xfce desktop, and Using preupgrade.
Ubuntu family
Ubuntu Patent Policy
The Ubuntu Technical Board has discussed and agreed on the project's policy with regard to software patents. "The Ubuntu project strives to deliver a free and complete Operating System fit for general use. Over the years the topic of software patents and their impact on Open Source have been controversial in some parts of the world. This policy outlines the agreed set of of standards and procedures surrounding software patents and Ubuntu." Click below for the entire text of the patent policy.
Other distributions
Bootable Yellow Dog Linux USB drive for PLAYSTATION3
Fixstars has announced the availability of "YDL on a Stick," a USB flash drive containing a bootable version of Yellow Dog Linux v6.2 for the Sony PS3. ""YDL on a Stick" comes with a customized version of YDL v6.2 on a 16GB OCZ Diesel Flash drive. Chosen for being high quality and durable, the Diesel flash drive has achieved 31.18 MB read performance and 30.78 MB write performance in recent DiskBench performance benchmarks."
Distribution Newsletters
Arch Linux Newsletter
Arch Linux Newsletter for July 2009 is out. "This issue contains an interview with Andrea Scarpino, the KDE maintainer for the i686 architecture. Also, we are bringing all our kernel enthusiasts a tips and tricks section that should be of special interest. Finally, even though we went without a mention in the media this month, we provide an analysis as to why Arch Linux has been so prevalent in media coverage the last few months. And so, without further ado, the Newsletter Team proudly presents the July 2009 issue of the Arch Linux Newsletter. Please, enjoy!"
DistroWatch Weekly, Issue 314
The DistroWatch Weekly for August 3, 2009 is out. "The most controversial news of the week was the open letter written by several developers of CentOS, one of the distributions on the DistroWatch's top ten list, to the project's co-founder, pleading for the resolution of a number of key issues. This was taken to the public as a way of getting attention after failing to resolve the issues internally. It turned out to be a good solution; by the end of the week all has seemingly returned to normal in the CentOS land. Another piece of news that stirred much interest on the Internet was the Debian announcement about its planned switch to a time-based freeze model. This was often incorrectly misinterpreted as a switch to a time-based release model, but as many Debian developers were quick to point out, nothing has changed in the "released when ready" Debian release strategy. As for our feature article this week, it is a quick look at the "Core" edition of Slax, a minimalist distribution in 50 MB, which can be a surprisingly good rescue and educational tool. Finally, we are pleased to announce that the recipients of the DistroWatch.com June and July 2009 donations are LiVES and Osmo. Happy reading!"
Fedora Weekly News 187
The Fedora Weekly News for August 2, 2009 is out. "This week's issue kicks off with updated details on the Fedora 12 (Constantine) schedule, including an update on feature set scheduled for this week. From the Fedora Planet, tips on how to create your own system branding when building Fedora, lots of detail on debugging random screen blanking in Fedora, and thoughts on why to hate quick software benchmarking. From the Quality Assurance team, details from a discussion around Phoronix's Linux distribution benchmarking in relation to Fedora, fixes to the Test Day live image, and many updates on the weekly meetings related to QA. In Ambassador news, a report from the Congress of Free Software in Caracas, Venezuela and the Venezuela Fedora Team's presence there. In translation news, several updates to translation.fedoraproject.org, details on the Fedora 12 Translation schedule, and new translations for the Quick Start Guide in eighteen different languages. From the Art team, updates on theming Fedora 12 Alpha and details on cutting the Fedora logo on a steel plate. This week issue comes to a finale with news on virtualization, including discussion of how to distribute I/O load across guests, and details on new releases of virt-manager, virtinst, and virt-viewer. These are just a few highlights of this week's FWN. Enjoy!"
The Mint Newsletter - issue 90
This issue of the Mint Newsletter covers the release of Mint 7 KDE and more.OpenSUSE Weekly News/82
This issue of the openSUSE Weekly News covers Milestone 4 released, Hackweek IV Results, Vincent Danen: System monitoring with Conky, Joe Brockmeier: Does openSUSE need a default desktop?, openSUSE Forums: Firefox and _64 Java Issue, and more.Ubuntu Weekly Newsletter #153
The Ubuntu Weekly Newsletter for August 1, 2009 is out. "In this issue we cover: Canonical to Offer Ubuntu Desktop Support & Services, Free Books for Approved LoCo teams, DC LoCo Bug Jam, Atlanta Linux Fest & Mini Ubucon, Ubuntu Pennsylvania & FreeGeekPenn, Sharing translations between different releases, Open Mind & Launchpad, More power to the release manager, Writing code for Launchpad, Exporting translations to a Bazaar branch, New layout for kubuntu-de.org, Ubuntu Podcast Quickie #10, Ubuntu Teams Meeting Summary for July, and much, much more!"
Interviews
Interview Gentoo Developer Robin H. Johnson
David Abbott has interviewed Robin H. Johnson (robbat2), Gentoo Developer, Gentoo Trustee board member, head of the infrastructure team, and more. "Could you give me an overview of the Gentoo infrastructure? Nearly 50 percent of the infrastructure hardware is taken up by web applications, because we have a lot of separation between web applications that have a high security exposure. Admittedly some of the web services are a very big deal for Gentoo, like our Bugzilla service, running on 4 machines sponsored by the Dutch social network, Hyves. Very recently we've gotten new hardware for Forums, sponsored by Gossamer Threads. The next largest slice after that is the machines that provides rsync.gentoo.org service. Only then do we get down to individual machines for purposes. There's some cases where having more hardware as fail-over in case we lose a machine would be nice, but I think the place that'd we would benefit the most presently would be a newer mail server infrastructure, so that we can deploy heavier spam filtering."
Page editor: Rebecca Sobol
Development
Mutter: a window manager for GNOME 3
GNOME 3 is the GNOME project's ambitious effort to take its desktop into the future. A key component of the desktop is the window manager, which defines much of the overall feel of the system. Thomas Thurman, the maintainer of Metacity—GNOME's current window manager—is looking ahead to "Mutter" as the window manager for GNOME 3. Metacity 2 will gradually be phased out in favor of Mutter; in GNOME 2.28 it will be an alternative window manager, while in GNOME 3, it will take over the reins from Metacity.
The GNOME Shell, responsible for the new user experience in GNOME 3, runs as a plugin for Mutter. Started as a fork of Metacity, Mutter uses the Clutter toolkit. Clutter does its rendering using OpenGL or OpenGL ES, so using it in Mutter makes hardware acceleration for the window manager possible. Meanwhile, Clutter has just announced its 1.0 release.
500 bugs to squash
With Mutter becoming the new kid in town for GNOME 3, Metacity 2 will not
be actively developed any more, except for bug fixes. This makes Mutter
essentially Metacity 3. Of course people who would like Metacity 2 to
continue because they don't like the Clutter backend may fork it, but it
remains to be seen if that would happen. On his blog, Thurman welcomes anybody
to do that and offers them "as much support in doing so as
possible
", but he will switch to working on Mutter himself. Besides
all the work that has been done over the years on Metacity, Mutter has 12
contributors with at least three commits. The project is maintained by Owen
Taylor and Tomas Frydrych.
This fork, however, has one big problem: what to do with the more
than five hundred bugs open against Metacity? As Thurman describes
on his blog, "this is more than one maintainer can humanly
tackle.
" The simplest "solution" is to close them all, a mistake
that GNOME has made in the past with the switch from GNOME 1.4 to GNOME
2. Jamie Zawinski called this the cascade of attention-deficit
teenagers model.
Thurman proposes a better solution: work through all the bug reports, then decide what to do with each bug. Enhancement requests will not be fixed, unless Mutter or GNOME Shell could use it. Bugs that can be reproduced in Mutter should be reassigned. Bugs that are already fixed in Mutter, such as enhancement requests, should be marked as already fixed. Thurman kindly asks his readers to help him with this painstaking work, for which no volunteers seem to have stepped up yet.
New directions for a window manager
The development of GNOME 3 seems to be bringing new ideas from many different directions. Thurman has been doing some investigation into switching to a CSS-based format for Metacity themes; as Mutter is just the new incarnation of Metacity, many of these considerations directly carry over into Mutter:
Thurman is proposing a switch to CSS, or at least the use of CSS as an alternative format. He sees several advantages of this approach:
- The Metacity/Mutter developers will be able to use existing libraries for layout rather than doing it all with custom code in the window manager.
- Theme designers will be able to use their existing knowledge of CSS rather than having to learn a complicated new format.
- CSS's box model is far more amenable to a simple drag-and-drop editor program than Metacity's current expression-based system.
Thurman is also imagining a theme designer, with a simple mode that is a wizard: it would ask the user a series of questions and would then produce some CSS code. An advanced mode would let the user edit each CSS rule individually, and reflect the changes on the screen. He is also working on a wiki, which he'll announce soon, that allows users to enter CSS and render it to an image of the window borders:
Owen Taylor explains another new direction: Mutter will get application-aware window management. More specifically it will get knowledge about tabs:
Another developer, Sam Hoffstaetter, is working on letting the user group together arbitrary windows as tabs, something that so-called tabbed window managers offer. Each application would think it had multiple windows open, but the user would see them as tabs. The reasoning, which your author is very sympathetic to, is as follows:
Some issues with Mutter
Interesting as the new directions may be, some people fear that Mutter will not run on older hardware. For example, the Sugar developers didn't choose Mutter, and went for Metacity instead, exactly because of this fear. However, Taylor puts that in perspective:
Another fear that has been expressed is that Mutter will be too tightly
coupled with GNOME 3. As GNOME Shell is a Mutter plugin, it depends on it,
so users will not be able to use another window manager with GNOME
Shell. According to Taylor, this integration is not coincidental but by
design. For example, supporting Compiz instead of Mutter would require
a window management abstraction layer that "greatly increases the
amount of work
".
However, this approach is problematic for some use cases, as Sam Spilsbury, one of the Compiz developers, pointed out a few months ago:
Of course it will perfectly be possible to create a GNOME desktop using another window manager, but then the user would miss out on the new desktop experience of GNOME Shell. For example, users will not be able to swap GNOME's window manager with a flexible window manager such as xmonad and still leave all GNOME functionality intact.
Accessibility growing pains
The fact that GNOME Shell and Mutter use Clutter directly makes support for accessibility features such as AT-SPI (Assistive Technologies Service Provider) tricky, because Clutter has no accessibility support at the moment. GTK applications, on the other hand, have ATK (Accessibility Toolkit) which talks with the AT-SPI daemon. However, there's no inherent reason that a switch to a Clutter-based composited user interface should pose any problem for accessibility. The switch in toolkits will need a certain amount of reimplementation. That said, Taylor maintains that some accessibility features such as good magnification could become much easier in Mutter.
An active project to provide accessibility interfaces for Clutter is Cally (the name stems from Clutter + a11y), originally funded by Nokia that uses Clutter in Maemo 5. The main developer, Alejandro Piñeiro Iglesias, explains the work he has done:
Cally would be useful to implement accessibility support in Mutter and GNOME Shell, but Iglesias says he should check the code first and see what he needs to implement and how. He presented Cally [PDF.GZ] at the recent Gran Canaria Desktop Summit.
A fresh start
According to Taylor, Mutter is not that exciting in isolation, but it is
meant to provide a platform for building exciting user interfaces like
Moblin and GNOME Shell: "I'm personally pretty interested in getting
applications and the compositor properly synchronized so the user sees
everything drawn as smoothly and cleanly as possible.
" Thurman is
excited about the opportunity to get a fresh start and rethink how to
interact with the user:
The new directions of CSS-based themes and application-aware window management finally make GNOME's window manager more than a dull but necessary component. However, the developers have made some decisions under the hood that will not be popular in some circles. There is no fallback option for those that cannot or do not want to use compositing, and the integration of GNOME Shell with Mutter shuts out alternative window managers. But maybe this is the price that must be paid for innovation.
System Applications
Database Software
Firebird 2.1.3 RC2 released
Version 2.1.3 RC2 of the Firebird DBMS has been announced. "The Team is pleased to announce that the second (hopefully final) release candidate builds are ready to field-test. Builds for 32-bit and 64-bit Linux, Windows and MacOSX Intel are available."
MySQL Server 5.1.37 has been released
Version 5.1.37 of MySQL Community Server has been announced, it includes numerous bug fixes and a security fix.PostgreSQL Weekly News
The August 2, 2009 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.
Embedded Systems
BusyBox 1.14.3 released
Stable version 1.14.3 of BusyBox, a collection of command line utilities for embedded systems, has been announced: "Bug fix release. Contains fixes in df (fix for "df /"), ls (problems with colored output in some configurations), ping6 (was not suid, unlike ping), test (parameter to "not" operator is optional), udhcpd (fixed lease file restore routine)."
Filesystem Utilities
Tahoe 1.5 released
Version 1.5 of Tahoe, the Lofty-Atmospheric Filesystem, has been released. "The Tahoe-LAFS team is pleased to announce the immediate availability of version 1.5 of Tahoe, the Lofty Atmospheric File System. Tahoe-LAFS is the first cloud storage technology which offers security and privacy in the sense that the cloud storage service provider itself can't read or alter your data."
Interoperability
Samba 3.3.7 is available
Version 3.3.7 of Samba has been announced. "This is the latest stable release of the Samba 3.3 series".
Miscellaneous
upstart 0.6.3 released
Version 0.6.3 of upstart, an event-based replacement for the /sbin/init daemon, has been announced. "The biggest disadvantage to people actually using your software is that they find bugs, this one's a doozy because it looks like it affects older 0.3 releases as well. Now seems as good a time as any to repeat my recommendation that distributions, mobile and embedded appliance developers using Upstart consider using 0.6 in their next release rather than sticking with 0.3".
Desktop Applications
Desktop Environments
GNOME 2.27.5 released
Version 2.27.5 of GNOME has been announced. "It's a good release to get a first feeling of what will be in GNOME 2.28, with the new modules now being integrated and new features popping here and there, in many differents modules. Ah, if only it could do something for the temperature ;-) Please note that this milestone marks the beginning of the feature freeze."
RunPON 0.3 released
Version 0.3 of RunPON has been announced. "RunPON is a small Python program useful to run the pon/poff scripts. It shows the elapsed connection time and periodically checks if a given network interface is still active. It can run as a stand-alone application (with a status icon in the tray) or as a Gnome panel applet (and compatible panels)."
GNOME Software Announcements
The following new GNOME software has been announced this week:- clutter-gst 0.10.0 (stable release, documentation work)
- Clutter-GTK 0.10.2 (new features, bug fixes and documentation work)
- GENIUS 1.0.7 (new features, bug fixes and translation work)
- gnome-packagekit 2.27.5 (bug fixes)
- GNOME Power Manager 2.26.4 (new features and bug fixes)
- GNOME Power Manager 2.27.5 (new features, bug fixes and translation work)
- gtk-css-engine 0.3 (new features)
- libchamplain 0.3.4 (new features and bug fixes)
- libchamplain 0.3.6 (new feature and bug fixes)
- Libgee 0.3.0 (new features)
- Nautilus-Actions 1.11.2 (new features, bug fixes and translation work)
- Nemiver 0.7.1 (bug fixes and translation work)
- Vala 0.7.5 (new features and bug fixes)
KDE 4.3.0 Released: Caizen
The KDE Community has announced the immediate availability of KDE 4.3 "Caizen". "KDE 4.3 continues to refine the unique features brought in previous releases while bringing new innovations. With the 4.2 release aimed at the majority of end users, KDE 4.3 offers a more stable and complete product for the home and small office."
KDE Software Announcements
The following new KDE software has been announced this week:- 2ManDVD 0.9 (bug fixes and translation work)
- Cirkuit 0.2 (new features)
- Cirkuit 0.2.1 (new feature and bug fix)
- eric4 4.3.6 (bug fixes)
- eXaro 1.90.0 (new features and bug fixes)
- FlashQard 0.13.1 (new features, bug fixes, documentation and translation work)
- KAlarm 2.3.0 (new features and bug fixes)
- KDE Partition Manager 1.0.0-RC1 (bug fixes)
- KdeSudo 3.4.2 (bug fixes)
- kdesvn 1.4.0 (unspecified)
- Konversation 1.2-alpha5 (new features, bug fixes and performance improvements)
- OkularSlideShow 0.1 (initial release)
- QMediaBibliothek 0.2.0 (unspecified)
- QTeXEngine 0.1 (initial release)
- rkward 0.5.1 (new features and bug fixes)
- rekonq Web Browser 0.1.95 (bug fixes and translation work)
- Simple Root Actions Menu 2.1.1 (new feature and translation work)
- SparkleMedia 0.1 (initial release)
Xorg Software Announcements
The following new Xorg software has been announced this week:- libX11 1.2.99.901 (new features and bug fixes)
- rstart 1.0.3 (bug fix and code cleanup)
- xf86-input-evdev 2.2.3 (new features, bug fixes and documentation work)
- xf86-input-synaptics 1.1.3 (bug fix)
- xf86-video-apm 1.2.2 (bug fixes and code cleanup)
- xf86-video-ast 0.89.9 (new features and code cleanup)
- xf86-video-cirrus 1.3.2 (code cleanup)
- xf86-video-fbdev 0.4.1 (new features, code cleanup and documentation work)
- xf86-video-glint 1.2.4 (code cleanup)
- xf86-video-i128 1.3.3 (code cleanup)
- xf86-video-i740 1.3.2 (bug fixes and code cleanup)
- xf86-video-mach64 6.8.2 (new features, code cleanup and documentation work)
- xf86-video-mga 1.4.11 (code cleanup and documentation work)
- xf86-video-neomagic 1.2.4
- xf86-video-r128 6.8.1 (code cleanup)
- xf86-video-s3 0.6.3 (bug fixes and code cleanup)
- xf86-video-s3virge 1.10.4 (code cleanup)
- xf86-video-savage 2.3.1 (new features and code cleanup)
- xf86-video-siliconmotion 1.7.3 (bug fixes and code cleanup)
- xf86-video-sisusb 0.9.3 (new features and code cleanup)
- xf86-video-sis 0.10.2 (new features, bug fixes and code cleanup)
- xf86-video-tdfx 1.4.3 (code cleanup)
- xf86-video-trident 1.3.3 (code cleanup)
- xf86-video-vesa 2.2.1 (bug fixes and code cleanup)
- xf86-video-voodoo 1.2.3 (new features and code cleanup)
- xinput 1.4.99.2 (bug fixes and documentation work)
- xmag 1.0.3 (bug fixes)
- xorg-server 1.6.3 (new features and bug fixes)
- xrx 1.0.3 (bug fixes and code cleanup)
- xtrans 1.2.4 (bug fixes)
Games
pygame 1.9.0 released
Version 1.9.0 of pygame, a Python-based game development platform, has been announced. "Summary of changes: many, many fixes and improvements. The largest amount of changes has gone into this release than any other pygame release."
GUI Packages
PyQwt 5.2.0 released
Version 5.2.0 of PyQwt has been announced, it includes support for Qwt 5.2.0, bug fixes and more. "it is a set of Python bindings for the Qwt C++ class library which extends the Qt framework with widgets for scientific and engineering applications. It provides a 2-dimensional plotting widget and various widgets to display and control bounded or unbounded floating point values."
Multimedia
Miro 2.5 released
Version 2.5 of Miro, a video player and podcast client, has been announced. "Yes! We have just released Miro 2.5, a major update with new features, faster performance, audio podcasts, and lots of polish."
Music Applications
Guitar-ZyX-0.3 LiveOS announced
The Guitar-ZyX-0.3 LiveOS is available. "Guitar-ZyX(tm) is a LiveDVD/USB operating system distribution, that can immediately boot both your Nintendo(tm)-DS or DSi, and your x86/64 PC, into a guitar pre-amp f/x processing appliance, complete with wireless dual touchscreen remote control, that you could even velcro or embed in your guitar if you were so inclined. In addition to switching among 80 different f/x presets, the NDS remote control's touchscreen can also linearly control any two of about a hundred independent f/x parameters in real-time. For now, I'm calling the result a 'supertouchwhammypad'."
Office Applications
Leo 4.6.2 released
Version 4.6.2 of Leo has been announced, it includes bug fixes and other improvements. "Leo is a text editor, data organizer, project manager and much more."
Pyspread 0.0.12 released
Version 0.0.12 of Pyspread has been announced, it includes new features and bug fixes. "Pyspread is a cross-platform Python spreadsheet application. It is based on and written in the programming language Python. Instead of spreadsheet formulas, Python expressions are entered into the spreadsheet cells. Each expression returns a Python object that can be accessed from other cells. These objects can represent anything including lists or matrices."
Web Browsers
Firefox 3.5.2 and 3.0.13 fix SSL security problems
Firefox updates for two nasty security problems are now available for the 3.0 and 3.5 series. The two problems were recently reported at the Black Hat security conference by Moxie Marlinspike and Dan Kaminsky and can lead to arbitrary code execution via crafted SSL certificates or allow SSL certificate spoofing. "We strongly recommend that all Firefox users upgrade to this latest release." Click below for the full announcement.
Miscellaneous
FLiP 1.0 released
Version 1.0 of Flip, the Logical Framework in Python, has been announced. "A logical framework is a library for defining logics and writing applications such as theorem provers. One Flip application is a proof checker for entering and editing proofs in natural deduction style".
Languages and Tools
C
GCC 4.3.5 Status Report
The August 4, 2009 edition of the GCC 4.3.5 Status Report has been published. "The 4.3.4 release has been created and the final bits of the release process will be carried out soon. The 4.3 branch is now open again for checkins under the usual release branch rules (regression and documentation fixes only). A 4.3.5 release is expected shortly after the 4.4.2 release."
GCC 4.5 Status Report
The July 29, 2009 edition of the GCC 4.5 Status Report has been published. "Trunk is in Stage 1. We expect that Stage 1 will last through at least the end of August. Pending large merges include at least Graphite, LTO and VTA and these will be considered in deciding when to move to Stage 3. All these merges will need the usual technical review of patches where not already approved by maintainers of the relevant parts of the compiler."
Editors
Emacs 23.1 released
The Emacs 23.1 release has happened. There's a lot of new stuff in this release, including the much-anticipated (by some, dreaded by others) antialiased font rendering, better Unicode support, an improved daemon mode, a PDF viewer, and more. The NEWS file contains the full list of changes.
Test Suites
pylib/py.test 1.0.0 released
Version 1.0.0 of pylib/py.test is out. "I am happy to announce pylib/py.test 1.0.0, a MIT-licensed library geared towards advanced testing and elastic distributed programming with Python. It features the mature cross-project py.test automated testing tool with many new features..."
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Don Becker On The State Of HPC
Linux Magazine interviews Don Becker about high-performance computing topics. "Another thing that did not really pan out is Linux BIOS (or coreboot as it is now called). For HPC coreboot is not a good thing. For commodity systems, it puts us back to depending on the intimate details of the BIOS,, The current BIOS structure, while it could be improved, is workable. What we can hope for is that the BIOS is gone in less than a second. Right now it gone in a few seconds and I dont see it as an important feature in HPC. Customers asking why not coreboot? may want to consider that at Penguin we were tasked with maintaining a coreboot machine and found that the best solution to get the machine usable was to burn a new standard BIOS."
1 Million Linux Kernels Booted for Vast Botnet Simulation (Linux Insider)
Linux Insider covers an experiment at Sandia National Laboratories. "Computer security researchers still don't know much about how botnets work. At Sandia National Laboratories, though, scientists are preparing for a massive experiment. They've booted up 1 million Linux kernels as virtual machines, which will allow them to observe the behavior of a simulated network of 10 million computers online at once -- complete with users who get infected with botnets."
Companies
Canonical Expands Ubuntu Linux Landscape (InternetNews.com)
Sean Michael Kerner looks at Canonical's Landscape. ""Canonical's Landscape Dedicated Server is a software appliance that is installed on the users' hardware. Updates will be made available by download on an as-needed basis when major kernel/security patches become available," Ken Drachnik, Landscape manager at Canonical, told InternetNews.com. "Of course, this points out one of the major differences between the Hosted edition and Dedicated edition -- users will need to provide hardware and a trained resource to manage Landscape on-site.""
Mentor unveils Android, Linux strategy at DAC (EDN)
EDN covers several Linux-related moves by Mentor Graphics. "Mentor Graphics announced its acquisition of Embedded Alley Solutions as a key component of its Android and embedded Linux strategy Wednesday afternoon at the Design Automation Conference. Mentor also announced the integration of its Nucleus Graphical User Interface tool with the ARM Mali graphics processing unit; it announced the availability of a Linux and Nucleus operating-system combination for the Marvell Sheeva MV78200 dual-core embedded processor; and it said that it is extending Embedded Alley's Android mobile-applications platform to support Freescale Semiconductor's QorIQ and PowerQUICC III processors."
Motorola Pledges Cheaper Android Phones (PCMag)
PCMag reports that Motorola is planning on releasing more Android-based phones. "Android smart phones. Cheap Android phones. Android phones on the Nextel/Boost iDen network. Motorola CEO Sanjay Jha said many of next year's Motorola phones will run the Google Android OS in a call with analysts today, continuing a big bet on the Linux-based system. "The majority of our new devices will be smartphones, as we expand Android across a broader set of price points," Jha said."
Legal
Company Receives Patent for Podcasting (ReadWriteWeb)
ReadWriteWeb reports that VoloMedia has patented podcasting. "VoloMedia, a podcast analytics, advertising, and distribution company, just received a patent for "providing episodic media," including podcasts. According to the company, which filed for the patent in November 2003, U.S. Patent 7,568,213 covers all episodic media downloads, not just the RSS-dependent downloads that power today's podcasts. VoloMedia CEO Murgesh Navar says that the company doesn't plan to go after individual podcasters, but that the company plans to "work collaboratively with key participants in the industry." We do wonder, however, if VoloMedia can really claim to have invented podcasting in 2003, given that the concept was already under development by Dave Winer and others in late 2000 and early 2001." (Thanks to Don Marti).
A Jesuit's Guide to Open Standards (Computerworld UK)
Over at Computerworld UK, Glyn Moody describes the push to add patent-encumbered technology to "open" standards. "The logic here seems to be that there would be an 'imbalance' in open standards if it were insisted that patents terms were excluded — because balance obviously means having standards with and without patents. While it's true that creates a 'balance', it's a purely linguistic one; the fact is that patent-encumbered standards requiring licensing fees cannot, by definition, be open. That's because they do not create level playing fields: there is always one or more players who occupy a privileged position. So the balance is entirely specious."
Interviews
Is free the new pay? (BBC News)
BBC News talks with Red Hat's Matthew Szulik. "Mr Szulik was not at Red Hat from day one. "Red Hat used to be a magazine business when I joined," he told Peter Day on the BBC World Service's Global Business programme. The business now accounts for 80% of the open-source market, a fact that has led to some people calling it the Microsoft of the open source world." (Thanks to Neil Sheed)
Resources
Will Geolocation Find a Home on Linux Desktops? (Datamation)
Bruce Byfield looks at geolocation, coming to a desktop near you. "This year, a new dimension is appearing on the Linux desktop. It's geolocation: the capability to detect and record where you and other people are, and to use the information to enhance the desktop. Potentially affecting everything from the metadata stored with files to the mechanics of social networking, geolocation is already starting to arrive in GNOME and KDE. But the first implementations are only a hint of the features that geolocation might soon provide."
Reviews
A first look at KDE 4.3 (ComputerWorld)
Steven J. Vaughan-Nichols looks at KDE 4.3 on openSUSE 11.1. "The new desktop style, Plasma Air, is both very attractive and very flexible. It's a nice combination. I'm both happy with its default look and feel, and I appreciate that I can easily set it to working the way I want it to work. One interesting improvement, which you'll need to look closely for, is that you can now reset the System Settings window so that it looks and acts like the KDE 3.x Control Center. Since, I still find that tree-view to be far more useful than the KDE 4.x default, I welcomed this change."
Hands-on: Linux appliances made easy with SUSE Studio (ars Technica)
ars Technica reviews SUSE Studio. "Novell has launched a new Web service called SUSE Studio that simplifies the process of building Linux-based software appliances. It provides a convenient interface for creating custom versions of Novell's SUSE Linux distribution with specialized configurations. The service is part of Novell's broader SUSE Appliance Program initiative."
Waddling Past The Windows (Linux Journal)
Linux Journal covers an Ubuntu bootable USB key in the shape of an emperor penguin. "Perhaps best about the product, though, is that it gives back more than just your data. AMP [Active Media Products] has partnered with the World Wildlife Fund on the drives, and will be donating five percent of the retail price of each drive to the WWF -- with the commitment of a minimum contribution of $25,000 annually. The company has partnered with the WWF on two other endangered-species drives, for polar bears and pandas."
Miscellaneous
GNOME Decides to Ditch Drawings (Linux Journal)
Linux Journal covers a recent decision to simplify menus by leaving out the icons. "According to a blog post by Andreas Nilsson of the GNOME Art Team, a new policy on icon use has been adopted for future versions. In addition to adding larger icons for certain locales, the team has decided that the default value of the gtk-menu-images property in future GNOME releases will be changed to false, eliminating most of the icons used in menus. (This would include those used to represent "Open," "Save," and other similar dialogues.) The team feels it will produce a "visually more attractive default and that it will result in a cleaner and more efficient interface.""
The White House Sends an Invitation: PCAST Meeting Aug. 6 and 7 (Groklaw)
Groklaw has been invited to a meeting of the President's Council of Advisers on Science and Technology (PCAST), to be held August 6-7, 2009. "PCAST is a group of scientists and engineers who advise the President and the Office of the President, providing policy recommendations. The purpose of the meeting is to set priorities for the coming year. I know many of you are stakeholders, CEOs and executives of companies and leaders and contributors to software projects, but you don't have to be: the general public can contribute also."
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
Coalition launches petition over Amazon/Kindle DRM
The FSF has announced a campaign against digital restrictions management on the Amazon Kindle electronic book reader. "The Free Software Foundation's DefectiveByDesign.org campaign, supported by prominent authors, journalists, and librarians, has launched a petition against the Amazon Kindle's use of digital restrictions management (DRM). "The freedom to read without supervision or interference is central to a free society," said FSF executive director Peter Brown. "When ebook products like the Kindle use DRM to restrict what users can do with their books, that is a clear threat to the free exchange of ideas.""
The FSF launches a "freedom to read" petition
DefectiveByDesign.org has launched a petition to protest Amazon's handling of George Orwell's 1984. "We believe in a way of life based on the free exchange of ideas, in which books have and will continue to play a central role. Devices like Amazon's are trying to determine how people will interact with books, but Amazon's use of DRM to control and monitor users and their books constitutes a clear threat to the free exchange of ideas."
OpenBTS injunction lifted
The injunction against distribution of the OpenBTS cellular base station system has now been lifted. The main effect for the moment appears to be the opening up of the project's internal discussion mailing list. "Also, we'll be updating the gnuradio-based OpenBTS repository and site sometime in September. We'd do it sooner, but we're busy getting ready for this year's experimentation of OpenBTS at Burning Man 2009." See this article from February for a description of some of the problems surrounding OpenBTS.
Commercial announcements
Canonical to Offer Ubuntu Desktop support and services
Canonical will be offering Ubuntu Desktop support and services. "Canonical, the founder of the Ubuntu project, announced today it has launched new support services for individuals using Ubuntu desktop and small businesses looking for cost effective alternatives to Microsoft Windows and Apple Mac. Ubuntu is the fastest growing open source desktop with millions of users around the world using it at home and work. Support from Canonical's team of experts enables users to take full advantage of the powerful Ubuntu operating system. The services include installation support, as well as ongoing assistance with configuration and applications"
Linux Foundation introduces Linux-branded credit card
The Linux Foundation has announced a new Linux-branded credit card. "The Linux Foundation, the nonprofit organization dedicated to accelerating the growth of Linux, today announced it will offer an affinity Visa Platinum credit card for people who want to contribute to advancing the Linux operating system through Linux Foundation initiatives. This credit card is in response to requests by individuals who want to get involved and support the Linux Foundations community activities, said Jim Zemlin, executive director at The Linux Foundation. Some people write code while others work on marketing or defending Linux. The Linux-branded credit card is an easy way for anyone to contribute to the growth of Linux and identify themselves as supporters of the community by carrying Tux in their pocket."
MIPS makes Android source code public
MIPS has announced the release of the source code for the MIPS architecture port of Android. "MIPS Technologies, Inc., a leading provider of industry-standard processor architectures and cores for home entertainment, communications, networking and portable multimedia markets, today announced it has met a key milestone in driving the Android(tm) platform beyond mobile handsets. Just two months after announcing its port of the Android platform to the MIPS(r) architecture, the company is making the source code publicly available."
MUSA Technology Partners introduces Linux/Open Source service desk
MUSA Technology Partners has announced new service support for Linux. "MUSA Technology Partners, a leading provider of technology products, services and support, announced today that it is now offering its Linux and Open Source support services to all businesses. While MUSA's Service Desk currently offers specifically Linux and Open Source support, the firm will be rapidly incorporating additional services over the next six months."
New Books
Head First Data Analysis--New from O'Reilly
O'Reilly has published the book Head First Data Analysis by Michael Milton.O'Reilly publishes book excerpts
O'Reilly has published a number of new book excerpts including: Afterword: The Language Challenge - Natural Language Processing with Python, Writing Backward-Compatible Code - Ruby Best Practices, Ruby Worst Practices - Ruby Best Practices, Leveraging Ruby's Standard Library - Ruby Best Practices and Parrot Reference - Perl 6 and Parrot Essentials.
Resources
Linux Gazette #165 is out
Issue #165 of the Linux Gazette has been published. Topics include: "Talkback, 2-Cent Tips, News Bytes, by Deividson Luiz Okopnik and Howard Dyckoff, Away Mission: June - JavaOne, SemTech, and Velocity, by Howard Dyckoff, Away Mission - LinuxWorld Morphs into OpenSource World - August 2009, by Howard Dyckoff, Software Development on the Nokia Internet Tablets, by Bruce Forsberg, Linux Layer 8 Puppet, by Lisa Kachold, GNOME and Red Hat Linux Eleven Years Ago, by Oscar Laycock, Encryption with TrueCrypt, by Ariel Maiorano, Real World Cases For Apache's mod_rewrite, by Anderson Silva and The Linux Launderette."
Linux on the Intel iMac - Triple booting
Scott Dowdle presents a HOWTO on Triple booting Linux on the Intel iMac. "Apple realized some time ago that people might want to dual-boot their new machines so they created Boot Camp. Indeed, Boot Camp does make it easy to dual-boot and they even give you all of the drivers needed to make Windows support their hardware... but what about triple-booting? Maybe someday the Boot Camp developers will implement triple-booting but for now it only supports dual-boot."
ODBMS.org publishes panel discussion
ODBMS.org has released the transcripts from a recent panel discussion. "ODBMS.ORG, a vendor-independent non-profit group of high-profile software experts lead by Prof. Roberto Zicari, has exclusively published the panel discussion "A New Renaissance for ODBMSs?"."
Contests and Awards
PHP TestFest 2009 winners announced
The winners of the PHP TestFest 2009 have been announced. "A group of winners of PHP elePHPhants or TestFest mugs have been picked at random from the people that contributed the 887 tests during the 2009 PHP TestFest."
Red Hat awards Fedora Scholarship
Red Hat has announced the reward of a scholarship program to John McLean. "The Fedora Project, a Red Hat, Inc. sponsored and community-supported open source collaboration, today announced that John McLean is the recipient of the 2009 Fedora Scholarship, a program now in its second year. The Fedora Scholarship program recognizes college and university-bound students across the globe for their contributions to free software and the Fedora Project. McLean was selected from an impressive applicant pool and plans to attend Duke University this fall and double major in computer science and religion."
Surveys
Ongoing Oxygen Icons Usability Survey: KDevelop (KDEDot)
KDE.News has announced a new Oxygen Icons Usability Survey. "Every few weeks Nuno Pinheiro and the KDE Oxygen Icons team are publishing a new usability survey online to get feedback from users on the look and feel of icons. In particular, the Oxygen team is looking for feedback from individuals that have had no exposure to KDE, so if you are at home or at work, poke your friends and family and have them complete the survey, or simply take the survey yourself."
Meeting Minutes
Minutes for GNOME+KDE meeting at GUADEC
The minutes from the GNOME+KDE meeting at GUADEC have been published. (Thanks to Brian Cameron).
Calls for Presentations
5th European Conference on Computer Network Defence CFP
A call for papers has gone out for EC2ND 2009, the 5th European Conference on Computer Network Defence. "The 5th European Conference on Computer Network Defence will take place in November 2009 at the Politecnico di Milano technical university in Milano, Italy. The theme of the conference is the protection of computer networks. The conference will draw participants from academia and industry in Europe and beyond to discuss hot topics in applied network and systems security." Submissions are due by September 15.
Upcoming Events
Feds to host NHIN software code-a-thon (Health IT)
The Health and Human Services Department will sponsor a "code-a-thon" on August 27, 2009. "The code-a-thon is expected to foster personal connections and help expand the talent pool of developers that might contribute to the CONNECT project, according to Brian Behlendorf, an open source advocate and a contractor on the administration's Open Government initiative team headed White House chief technology officer Aneesh Chopra."
OpenSource World: we got r0ml
Robert "r0ml" Lefkowitz will deliver a keynote at OpenSource World, the event takes place on August 11-13 in San Francisco. "Finally, we get to hear about the missing angle for open source in IT departments. When you drag peer production code and ideas into the Corporate IT Department, can you actually MAKE NEW STUFF with it, or is open source just a snoozy cheaper/more reliable way to do the same old IT projects you were going to do anyway?"
openSUSE Conference Keynote announcement
The openSUSE Conference keynote has been announced. "The opening keynote will be given by Leslie Hawthorn of Google. Leslie is a program manager for Google's Open Source Programs Office, and community manager for the Google Summer of Code. The topic of the keynote is "Mentoring for Fun and Profit," and the full description can be found on the openSUSE Conference Web site."
Events: August 13, 2009 to October 12, 2009
The following event listing is taken from the LWN.net Calendar.
| Date(s) | Event | Location |
|---|---|---|
| August 10 August 14 |
USENIX Security Symposium | Montreal, Quebec, Canada |
| August 11 August 13 |
Flash Memory Summit | Santa Clara, CA, USA |
| August 12 August 13 |
OpenSource World Conference and Expo | San Francisco, CA, USA |
| August 12 August 13 |
Military Open Source Software | Atlanta, Georgia, USA |
| August 13 August 16 |
Hacking At Random 2009 | Vierhouten, The Netherlands |
| August 18 August 23 |
2009 Python in Science Conference | Pasadena, CA, USA |
| August 22 August 23 |
Free and Open Source Conference (FrOSCon) | St. Augustin, Germany |
| August 22 August 23 |
OpenSQL Camp | St. Augustin, Germany |
| August 31 September 4 |
Ubuntu Developer Week | Internet, Internet |
| September 1 September 4 |
JBoss World Chicago | Chicago, IL, USA |
| September 1 September 4 |
Red Hat Summit Chicago | Chicago, IL, USA |
| September 1 September 5 |
DrupalCon | Paris, France |
| September 4 September 5 |
PyCon 2009 Argentina | Buenos Aires, Argentina |
| September 7 September 11 |
XtreemOS summer school | Oxford, UK |
| September 7 September 8 |
FRHACK.ORG IT Security Conference | Besançon, France |
| September 8 September 12 |
DjangoCon '09 | Portland, OR, USA |
| September 10 September 11 |
Fedora Developer Conference 2009 | Brno, Czech Republic |
| September 12 | Evil Robot Conference (Free Conference, Free Software) | Raleigh, NC, USA |
| September 14 September 18 |
Django Bootcamp at the Big Nerd Ranch | Atlanta, Georgia, USA |
| September 15 September 17 |
International Conference on IT Security Incident Management and IT Forensics | Stuttgart, Germany |
| September 17 September 18 |
Internet Security Operations and Intelligence 7 | San Diego, CA, USA |
| September 17 September 20 |
openSUSE Conference | Nuremberg, Germany |
| September 18 September 19 |
BruCON | Brussels, Belgium |
| September 18 September 20 |
EuroBSDCon 2009 | Cambridge, UK |
| September 19 | Atlanta Linux Fest 2009 | Atlanta, Georgia, USA |
| September 19 | Beijing Perl Workshop | Beijing, China |
| September 19 | Software Freedom Day | Worldwide |
| September 20 | SELinux Developer Summit 2009 @ LinuxCon | Portland, Oregon, USA |
| September 21 September 23 |
LinuxCon 2009 | Portland, OR, USA |
| September 21 September 25 |
Ruby on Rails Bootcamp with Charles B. Quinn | Atlanta, USA |
| September 23 September 25 |
Linux Plumbers Conference | Portland, Oregon, USA |
| September 23 September 25 |
Recent Advances in Intrusion Detection | Saint-Malo, Brittany, France |
| September 23 September 25 |
OpenSolaris Developer Conference 2009 | Hamburg, Germany |
| September 23 | Bacula Conference 2009 | Cologne, Germany |
| September 24 September 26 |
Joomla! and Virtue Mart Day Germany | Bad Nauheim, Germany |
| September 25 September 27 |
International Conference on Open Source | Taipei, Taiwan |
| September 25 September 27 |
Ohio LinuxFest | Columbus, Ohio, USA |
| September 26 September 27 |
PyCon India 2009 | Bengaluru, India |
| September 26 | Open Source Conference 2009 Okinawa | Ginowan City, Okinawa, Japan |
| September 26 September 27 |
Mini-DebConf at ICOS | Taipei, Taiwan |
| September 28 September 30 |
Real time Linux workshop | Dresden, Germany |
| September 28 September 30 |
X Developers' Conference 2009 | Portland, OR, USA |
| September 28 October 2 |
Sixteenth Annual Tcl/Tk Conference (2009) | Portland, OR 97232, USA |
| September 30 | HCC!Linux Theme Day | Houten, Netherlands |
| October 1 October 2 |
Open World Forum | Paris, France |
| October 2 October 4 |
7th International Conference on Scalable Vector Graphics | Mountain View, CA, USA |
| October 2 | LLVM Developers' Meeting | Cupertino, CA, USA |
| October 2 October 4 |
Linux Autumn (Jesien Linuksowa) 2009 | Huta Szklana, Poland |
| October 2 October 4 |
Ubuntu Global Jam | Online, Online |
| October 2 October 3 |
Open Source Developers Conference France | Paris, France |
| October 2 | Mozilla Public DevDay/Open Web Camp 2009 | Prague, Czech Republic |
| October 3 October 4 |
T-DOSE 2009 | Eindhoven, The Netherlands |
| October 3 October 4 |
EU MozCamp 2009 | Prague, Czech Republic |
| October 7 October 9 |
Jornadas Regionales de Software Libre | Santiago, Chile |
| October 8 October 10 |
Utah Open Source Conference | Salt Lake City, Utah, USA |
| October 9 October 11 |
Maemo Summit 2009 | Amsterdam, The Netherlands |
| October 10 October 12 |
Gnome Boston Summit | Cambridge, MA, USA |
| October 10 | OSDN Conference 2009 | Kiev, Ukraine |
If your event does not appear here, please tell us about it.
Web sites
New KDE Buzz (KDEDot)
KDE.News has announced the launch of buzz.kde.org. "While you wait for the KDE 4.3 gates to open, you may be interested in our new buzz.kde.org site, using an experimental "LifeStream" tracking KDE on identi.ca and Twitter, Picasaweb, Flickr and Youtube. Check out buzz.kde.org for the stream for who's saying what about the hottest Free Desktop release this year!"
Audio and Video programs
Embedded Linux Conference videos posted
The folks at Free Electrons have posted videos from the Embedded Linux Conference, held in early April. Videos from 45 talks have been posted; they are in high-definition Theora format.
Page editor: Forrest Cook