User: Password:
Subscribe / Log in / New account Weekly Edition for September 24, 2009

LinuxCon: Keeping open source open

By Jake Edge
September 23, 2009

Keith Bergelt, CEO of the Open Invention Network (OIN), described the circumstances which led the company to recently purchase 22 Microsoft patents, as part of a talk at the first LinuxCon. While the circumstances surrounding that purchase were quite interesting—and indicative of Microsoft's patent strategy—he also described the mission of OIN as a protector of Linux from patent trolls. Because patents are likely to be a threat to Linux for a long time to come, organizations like OIN are needed to allow Linux development to continue with as few patent impediments as possible.

Linux Foundation (LF) executive director Jim Zemlin introduced Bergelt by noting that OIN had done a great service for the Linux industry and community by purchasing those patents, which otherwise would have gone to "non-operating" companies—essentially patent trolls. Bergelt caught wind of the sale and headed off what might have been a potent attack against Linux, Zemlin said.

OIN was started by six companies (Sony, IBM, NEC, Red Hat, Philips, and Novell) four years ago to anticipate and preempt these kinds of patent sales, Bergelt said. It is a "very unusual entity" and when he was approached to be the CEO, it took some time to understand the "active benevolence" that was the mission of OIN. The members put a "very significant amount of money" into OIN, which means that, unlike a pledge fund, the capital is available, allowing Bergelt the autonomy to make decisions about how to deploy it.

OIN licenses its patents for use by others, with the proviso that those companies not assert their patents against Linux. It is, essentially, a defensive patent pool for the entire Linux community.

He sees the mission of OIN as allowing Linux to "be beneficial, at a macro level, to economic growth", by reducing the patent threat. The most recent patents were purchased from Allied Security Trust (AST), which represents its 15 members (including three that Bergelt named: HP, Ericsson, and IBM) by buying patents, licensing them to the members, and then reselling the remaining rights on the open market. Bergelt contrasted AST and OIN, saying that the latter is not just representing the six companies who are its members, but is, instead, "representing society". In his view, "patents will continue to exist", so it is important to "ensure that they don't have a negative impact on Linux in the future".

Bergelt described Microsoft's patent suit against TomTom as being a part of the software giant's "totem strategy". By getting various companies to settle patent suits over particular patents, Microsoft can erect (virtual) totem poles in Redmond, creating a "presumption of patent relevance". According to Bergelt, Microsoft tends to attack those who try to create parity with it in some area, which TomTom did. But, TomTom had overextended itself with a large amount of debt from their acquisition of mapping company Tele Atlas. That made it an opportune time to put the squeeze on TomTom, which is exactly what Microsoft did.

But, Microsoft was surprised to find that TomTom had allies in the form of OIN and others. Originally, Microsoft had asked for an "astronomical" sum to settle the suit, but after TomTom joined OIN and countersued Microsoft, the settlement number became much smaller. In fact, it was small enough that it was not necessary to report the amount under Dutch securities regulations. Because the cost to defend a patent suit—even successfully—could be upwards of $14 million, the TomTom board really had no choice but to settle.

But, patent suits are generally fairly high-profile, and there are other means to attack Linux companies more quietly. One of those is to sell patents to "non-practicing" (or "non-operating") entities who have no other business besides patent litigation. These trolls do not have any products that could be the target of patent countersuits, which is a standard way of combating patent suits. Bergelt said that $20 billion has been spent this decade by multiple organizations to acquire patents for trolling.

Companies with large patent portfolios have been pressured by investors to use those patents to generate revenue. One way to do that is to sell them to trolls, which brings in money and insulates the company from actually bringing suit itself. In some cases, this has led to patent trolls attacking the customers of the company who originally held the patents, Bergelt said.

Over the last three years, OIN has been one of the three largest patent acquirers, so it could not have been an oversight that Microsoft did not approach OIN about buying these patents. The bundle of patents was expressly presented as being relevant to Linux, which has the effect of "pointing the troll in the right direction", according to Bergelt. He clearly indicated his belief that this was an attempt to attack Linux by proxy; Microsoft would have "plausible deniability" because they could claim they were sold to a defensive patent pool such as AST.

But, AST is required to resell the patents it acquires, after licensing them to its members, within 12 months of purchasing them. Normally it would sell them to trolls, but Bergelt was able to arrange a purchase by OIN. He noted that if you wanted to get patents to trolls, but keep your hands "clean", selling them to AST is the right way to do it. Going forward, though, there is a patent treaty forming between AST and OIN, which should help alleviate this particular problem in the future.

The Data Tern/Amphion patent suit against Red Hat, which was based on a relational database patent, was also noted by Bergelt as a successful defense of free software from a patent threat. Red Hat settled the suit on behalf of the community as a whole, rather than allow further suits against free software to be filed. Bergelt said that Data Tern/Amphion were "not anti-Linux", in contrast to Microsoft's intent, but were focused purely on the return on its investment in buying the patent.

Intellectual Ventures is an organization to keep an eye on, Bergelt said, as it has some 23,000 patents, more than any other non-practicing entity. Three weeks ago, it started selling some of its patents—to patent trolls. OIN is also approaching patent trolls to suggest that they contact OIN before suing Linux companies. In some cases, OIN has averted lawsuits by acquiring patent rights from trolls.

The 22 patents in question are listed on the OIN website, but they aren't separated from the rest of the patents that OIN has acquired. They were all issued to either Microsoft or SGI originally, though, Bergelt said, which should assist anyone wishing to study what the patents cover. He noted that they are not the OpenGL patents, as some thought, because those are believed not to read on Linux.

In addition to acquiring patents, OIN has several other projects that are meant to reduce the patent problems for Linux. Peer to patent and post-issue peer to patent are both meant to "crowdsource" the process of finding prior art for patents that are in process or those that have already been issued. The former is meant to help the Patent and Trademark Office (PTO) so that bad patents don't get issued, while the latter looks for bad patents so that they can be submitted to the PTO for re-examination.

Defensive publications are another strategy that companies can take to protect their ideas without patenting them. OIN is advocating the use of defensive publication to create prior art, so that, in the best case, patents will not be granted covering those ideas. Instead of the "negative right" that is created with a patent, defensive publication creates something that everyone can use, but no one can patent. OIN's lawyers will review defensive publication submissions for free, making any necessary changes and then adding them to the database which is used for prior art searches by the PTO.

Companies who want to patent their ideas can also use defensive publication by patenting the core idea and wrapping that core with published information. This is happening more frequently because the cost of a patent application is becoming "prohibitive". OIN is encouraging the community to use defensive publications to protect its ideas as well.

Bergelt stressed that OIN is not set up as an anti-Microsoft organization, as they are focused on any entity threatening Linux with patents. In the most recent case that was Microsoft, but his expectation is that "Microsoft will go through a painful transition", but will eventually join the free software community. The benefits of free software development will be too strong to resist.

In closing, both Zemlin and Bergelt mentioned the Linux Defenders project, which is a joint venture between OIN, LF, and the Software Freedom Law Center. It is the umbrella organization for the peer to patent efforts along with the defensive publication initiative, but it also seeks to counsel companies who have been approached about patents that read on Linux. Zemlin noted that the traditional approach is to get a potential victim to sign a non-disclosure agreement (NDA) before discussing the patents in question. He stressed that companies should get in touch with Linux Defenders before signing the NDA, as that seriously limits what help it can provide.

In response to questions from the audience, Bergelt noted that there is some hope for patent reforms, which may "narrow the space" for trolls to work in. Judges are starting to recognize the problem he said, but wholesale changes are not likely in the cards. In addition, he noted that even defining "non-practicing entity" is difficult, pointing to Qualcomm as an example of a company that was not very successful using its patents in products, but quite successful in licensing them to others.

He also sees hope at the PTO. Fewer poor patents are being issued and far fewer patents are being issued overall. Things are changing, but they will never be as good as we want them to be, he said.

Comments (37 posted)

LinuxCon: Some advice from Uncle Dirk

By Jonathan Corbet
September 23, 2009
Dirk Hohndel has been a member of our community since the earliest days. In recent years, he has helped direct Intel's (very friendly) strategy toward Linux - a job which has required, one assumes, a great deal of educational work inside the company. Dirk also spends a fair amount of time outside of Intel, advising the community on how it can work better with vendors, with customers, and with itself. His thoughtful talks on the topic are usually well worth hearing. In two separate talks on the first day of the first LinuxCon, Dirk had some fairly general thoughts on how the next steps toward world domination can be taken.

When ASUS created the netbook market, its disruptive new machines all ran Linux. The development community welcomed this news, which seemed like a [Dirk Hohndel] validation of much of what we've been doing all these years. But it did not take very long before Microsoft was announcing that the vast majority of netbook systems were now shipping with Windows instead. How is it, Dirk asks, that Windows is able to displace Linux on systems like netbooks?

Part of the problem, certainly, was the second-rate distribution which was shipped with the early netbooks. It suffered from what Dirk calls the "three click problem." When the system is first turned on, everything looks great. But, by the time the user gets three clicks into the system, it's clear that it is an unfinished product. Obvious problems - configuration dialog boxes for applications which do not fit on the small screen, for example - are everywhere. So it does not take long for users to feel that they have not gotten what they really wanted.

But the bigger problem, says Dirk, is that the systems installed on these devices are trying to be Windows. They are trying to beat Microsoft at its own game, and that is a difficult strategy at best. If the ultimate goal of a development project is to copy somebody else, it is inevitable that the project will always be behind its target. It will never be a perfect copy, and users will know. The user's experience will always be less than it could be with the original.

An example is's attempt to copy the "ribbon" interface found in Office 2007. It's already two years later, it is not that great an interface in the first place, and will not do it as well as Microsoft did. Suffice to say that Dirk does not appear to be much impressed by this particular initiative. Similarly, attempts to copy the iPhone in mobile devices are doomed to an always-inferior existence. There has to be a better way.

That better way, says Dirk, is to move past the desktop metaphor which was never all that great an idea in the first place. People who are buying computers now are not interested in desktops, and they do not really care about the operating system they are running. What they want is to join communities. So the most important thing we should be doing, in the design of our applications and interfaces, is to better connect users with the communities they are interested in.

Indeed, the processes in many communities seem to have the explicit goal of encouraging people interested in design to go elsewhere. On the issue of design, Dirk made the claim that we have few real designers in our communities. Indeed, the processes in many communities seem to have the explicit goal of encouraging people interested in design to go elsewhere. One partial exception might be KDE; Dirk claims that KDE applications tend to be nicer because Nokia (and Trolltech before it) have put true design resources into the Qt toolkit. In general, though, we are not doing a good job of reaching out to designers, but we need those designers if we are going to create great systems.

The closing note of this talk was simple: listen to the users. And, by "users," he did not mean the people in the room, but the much wider user community that we need to reach.

Dirk's second talk filled a brief keynote slot; it was called "how to shine in a crowded field." The specific crowded field he was talking about was consumer electronics, which is packed with devices in search of customers. In this market, success is not something that just happens. There are, says Dirk, four things which are required.

The first of those is vision. There are, he says, plenty of visionaries out there, even if many of them do not see as far as they might think. We need those visionaries - just following others is, as was described above, not the way to be successful. Our community needs people who are not stuck doing things the way they have always been done.

The second requirement is competence - the ability to actually implement the visions. One of the nice things about the open source world is that competence is very much on display. We can (relatively) easily measure the competence of others, and our own competence as well. We are very free to learn from each other and quickly improve our competence.

Then there's commitment. Without commitment, developers will not see the task through to the end. And, just as importantly, users need to see that commitment. They need to know that the developers will be around, that they are serious, that they will respond to bugs, and that they will continue to carry the code forward. That said, open source makes users less dependent on the commitment of others. When a proprietary software vendor abandons a body of code, there is nothing the users can do about it. Open source software can be picked up and carried forward by others.

Finally, there is the matter of focus. Without focus, we will lose; there are simply too many distractions which can get in the way.

So how does the community do in these areas? We have visionaries, though Dirk would like to see more of them who are willing to go further off the beaten path. For competence, Dirk suggests downloading a random SourceForge project and looking at the code. That, he says, will make one question whether the open source community possesses any competence at all. Commitment, too, is on display at SourceForge - most projects there are inactive and going nowhere.

And focus, he says, is really hard. As a result, open source projects are highly susceptible to the 80/20 problem. The first 80% of the work is fun. But the task of actually finishing the job is less so, so it often doesn't happen. So we have a surfeit of 80%-done programs which have since been abandoned. We have, he says, 55 bad spreadsheets out there when we could have three really good ones. If we could stick to the projects we have, rather than yielding to the temptation to start some new, shiny project, we would be in much better shape.

Another example is the nearly 300 active distribution projects out there; it would be better to have fewer choices which were more complete. Given that, one might ask why Dirk's group went off and created Moblin - yet another new distribution. His answer (to his own question) was that they studied the available distributions and couldn't find one which they thought they could carry forward to a full implementation of the vision they had for Moblin. They needed to start anew, he said, to be able to commit to reaching the end.

In conclusion, Dirk says, the recipe for standing out is relatively straightforward: listen to the users, implement the whole vision, and go someplace where others have not been.

Comments (41 posted)

Some shots from the Golden Penguin Bowl

By Jonathan Corbet
September 23, 2009
The traditional Golden Penguin Bowl made a reappearance in a new venue at LinuxCon on September 23. Gracious host Steve Ballmer Jeremy Allison led the Nerds (Jono Bacon, Joe Brockmeier, and Matt Domsch) in their victorious trivia battle against the Geeks (Greg Kroah-Hartman, Ted Ts'o, and Chris Wright). It was a grueling event requiring detailed knowledge of Arthur C. Clarke books, bad science fiction movies, archaic architectures, Rick Astley lyrics, and remote-control helicopter piloting. Here's a few photos from the event.

[photo] Our host, Jeremy Allison
[photo] The Nerds: Jono Bacon, Joe Brockmeier, and Matt Domsch
[photo] The Geeks: Greg Kroah-Hartman, Ted Ts'o, and Chris Wright
[photo] The crowd gets ruthlessly rickrolled by the Nerds and the MC
[photo] Chris Wright takes the controls; Ted Ts'o does his best to stay out of the way.
[photo] We didn't need all those parts anyway, right?
[photo] Matt Domsch achieves liftoff.

Comments (3 posted)

TomTom unveils OpenLR location-referencing format

September 23, 2009

This article was contributed by Nathan Willis

On September 8, GPS device maker and mapping service provider TomTom pulled back the curtain on what it hopes will become an industry-wide standard for location referencing and dynamic route guidance. OpenLR, as it is known, is designed to allow heterogeneous applications and services to exchange location information in a compact, map-agnostic manner, which would ease the burden of interoperability between Web map services, car navigation devices, and other content systems that provide location-sensitive data such as public safety warnings. TomTom said it wants OpenLR to be a royalty-free, open specification, with a GPLv2-licensed encoder and decoder that will come shortly.

The company has long used Linux and open source software in its hardware products, which led to the famous patent lawsuit with Microsoft in February of 2009, over the VFAT filesystem. TomTom counter-sued Microsoft for patent infringement, and the two companies settled out-of-court in March. Despite its history with the open source community and development model, OpenLR is TomTom's first attempt at launching a completely new open source project of its own.

OpenLR bird's eye view

The problem OpenLR is designed to solve is rapid exchange of location-relevant content between independent data providers, aggregators, and end-user devices. OpenLR is not a geographic coordinate system (such as World Geodetic System 84 (WGS 84)) or a markup language akin to KML or GPX. Rather, OpenLR focuses on encoding location reference points (LRPs) using a combination of coordinates and attributes such as functional road class (FRC) and form of way (FOW) that describe the LRP in terms of its physical attributes. Thus, an application using a map from a web-based mapping service and directions from a GPS device can decode an LRP using multiple factors and determine that it is the same location, even if they use different map formats or disagree slightly.

In spite of the name "location reference point," as it is defined by OpenLR, an LRP is more like what a mathematician might call a directed graph edge: it has a start and end node, a bearing (compass direction), and a length. This evidences OpenLR's underlying goal of describing travel rather than precisely pinpointing stationary objects, but the terminology could still be confusing for newcomers. FRC and FOW likewise focus the attention on roads; FRC is defined as a number from FRC 0 ("main road"), to FRC 1 ("first class road") all the way down to FRC 7 ("other road"). FOW describes the physical type of road: motorway, roundabout, traffic square, and so on.

The primary use case TomTom outlines for OpenLR is to describe "line locations," which it defines as the concatenation of shortest paths covering a set of LRPs. OpenLR itself does not calculate the shortest or best path between a start LRP and end LRP; it merely provides a way for the software to encode it for exchange in a bandwidth-friendly way. OpenLR is not concerned with other map elements found along the way, such as geographical features or points of interest (POIs).

Routing between selected locations is arguably the easiest scenario to imagine; a device could request a route between two points and receive directions back from a remote server as OpenLR data. In addition, TomTom describes several cases where OpenLR might be used to propagate other information useful to travelers, such as traffic congestion data, public safety warnings, and even cooperative vehicle-to-vehicle communication — all of which share the same need for shortest-path routing information — plus applications useful to municipalities such as real-time urban traffic management and toll-road usage information.


TomTom's OpenLR Introduction [PDF] says that OpenLR is designed to be map-agnostic (meaning that OpenLR data is independent of both the map vendor and map version), communication-channel independent (so it can be transmitted just as easily by radio broadcast or over an IP network), and encoder independent (so that any device, application, or service can unambiguously decode the information sent by any other). The company has posted a more detailed description of the OpenLR data format in a white paper [PDF] available on its web site, including the byte-oriented stream format and details about how to specify each component, from coordinates (in WGS 84) to bearings and distances.

In its presentation, the company explains the value of releasing OpenLR as an open standard — better buy-in from key industry stakeholders, security against intellectual property threats, and flexibility to expand and enhance the standard in the direction chosen by the community. TomTom has filed for patent on the core concept in OpenLR, but says that it will publish the method used in the patent in its GPL-licensed encoder and decoder implementation. The documentation itself is published under the Creative Commons CC-BY license.

TomTom explains in the presentation that it chose the GPLv2 for OpenLR's license in order to protect free implementations from patent attack, noting that commercial services can still deploy the software. It also says that the license to use OpenLR will include a non-assertion clause. Complete details are provided in a separate license document [PDF].

Although TomTom says it will take the leadership and maintenance role in OpenLR's development, the white paper and presentation both assert that the company wants and expects the open source community to participate in expanding OpenLR, including the coverage of different types of data (such as Points and Areas), support for different formatting option such as XML, integration with GPS and Galileo positioning systems, and integration with the Transport Protocol Experts Group (TPEG) traffic and travel information standard.

The race is on

The core data covered in OpenLR's route-and-traffic exchange usage scenario can also be expressed in other, existing formats. The most widely-known is Radio Data System Traffic Message Channel (RDS-TMC), a format broadcast in a data sideband of standard FM radio transmissions. RDS-TMC is widely deployed in just a few countries, notably Germany, though it is available around Western Europe and North America. RDS-TMC traffic data itself can originate from a number of sources, including government-deployed road sensors, and the format itself is published.

Nevertheless, using RDS-TMC is problematic — particularly for free software — because it encodes the actual locations referenced via a copyrighted data set, one which is limited in size and not easily updated or corrected. A system similar in scope called AGORA-C is proprietary and commercial, relying on licensing and royalty collection, which has led to uncertain commitment from industry players. The TPEG format TomTom alluded to it its presentation is open, but TomTom regards its current location-referencing subsystem (TPEG-Loc) as unsuitable because of a lack of standardized encoding rules.

The market for location-referencing is large; free routing services from the likes of Google and Yahoo do not bring in any revenue, but in-car navigation systems (both built-in and aftermarket) are reportedly a huge and still-growing business. TomTom itself sells navigation software for platforms like the iPhone, and fee-based services for drivers to avoid speed traps and other road hazards. TomTom also owns map maker Tele Atlas, which it acquired in 2007.

Competition between TomTom and mapping rivals like Garmin and DeLorme in this space is fierce; the financial stakes are high and the number of players is low. That is a situation which free software advocates recognize has prompted the strategic release of a core technology as open source many times before. OpenLR certainly meets a need in the navigation stack; open projects like OpenStreetMap cannot use alternative systems such as RDS-TMC or AGORA-C because of their licensing. Nevertheless, OpenLR's openness is no silver bullet; for it to make a substantial impact it will still have to be adopted by multiple industry players, including traffic data providers.

Of course, an active show of participation on the standard from the open source and open standards communities could go a long way in making that happen. TomTom is expected to present about OpenLR this week at the World Congress on Intelligent Transport Systems. The reaction there will say a lot about the industry's take on the technology. For the open source community's reaction, one will probably have to wait for the still-to-come source code release.

Comments (3 posted)

Page editor: Jonathan Corbet


LinuxCon: Secure virtualization with sVirt

By Jake Edge
September 23, 2009

"I'm the rain in the cloud" is how Red Hat's Dan Walsh described himself at the beginning of his LinuxCon talk. There is much talk of "cloud computing" these days, but there has not been too much attention paid to the security aspects. Running multiple guest operating systems on the same hardware is "one of the scariest things you can do" from a security point of view, he said. sVirt was developed to combat the problem by applying SELinux mandatory access controls to restrict what guests can do—even if they break out of their containment and can access the Linux host OS.

Before virtualization, servers were separated by network connections, so a misbehaving server would have to launch a network-based attack to break into another server. There are lots of tools available to administrators that will alert or thwart network attacks, but when the servers are running on the same hardware, there is another line of attack: the hypervisor itself. Guests that can perform unauthorized actions on the host OS or hypervisor may be able to access information that is only supposed to be available to a different guest.

These are not theoretical attacks, Walsh said, as there have been successful attacks against Xen and others. Hypervisor vulnerabilities are the "number one goal" of the attacker community right now. The attack against Xen was able to subvert the SELinux policies that were in place on Red Hat Enterprise Linux (RHEL) specifically to stop that kind of attack. Those policies failed because the SELinux labeling of Xen processes and data were left up to administrators—something that sVirt is meant to fix.

Walsh pointed out that all guest OSes typically run as the same user in the Linux host. So, any exploit means that guests can access any other guest on that host. In the cloud computing scenario, users have no idea who else is sharing their machine, so it could easily be a competitor or someone with a malicious intent. But, enforcing separation between processes is a job that SELinux is good at.

In an SELinux-enabled system, processes and data both get labeled based on how they are allowed to be used. Since virtual machines are processes and their filesystem images are files on the host, proper application of SELinux labels—along with rules to govern the label interactions—will effectively disallow guests from unauthorized access to other guests. The host kernel enforces those rules so, as long as the kernel itself is uncompromised, rogue guests are confined.

As they learned from the Xen compromise, leaving the labeling up to administrators does not work, Walsh said, so they added dynamic labeling into libvirt. sVirt uses a largely unused field—for multi-category security (MCS)—in the SELinux label and generates a random unused value for that field. It labels the image file, then launches the virtual machine using that same label.

Using the MCS field allows the same SELinux rules to be used for all of the guests, but still restrict guests such that each guest can only access its process and data. When the guest exits, the guest image is then relabeled back to its original value. Different labels are used for shared images, depending on whether they are shared as read-only or read-write, which will allow administrators some flexibility while still restricting access to unrelated guest images.

Starting with Fedora 11, virt-manager will, by default, handle the automatic relabeling of virtual machines and data, Walsh said. One would guess that RHEL 6 will have that capability as well.

While it is certainly not a panacea for security in a virtualized environment, sVirt does provide some useful separation between guests. There is still cause to be concerned about potential kernel vulnerabilities that would allow end runs around SELinux, but sVirt reduces the exposure surface. As part of a multi-layered defense, sVirt effectively narrows the cracks that attackers can slip through.

Comments (15 posted)

Brief items

Walsh: Cool things with SELinux... Introducing sandbox -X

Red Hat SELinux hacker Dan Walsh has a weblog posting about a new feature added to his SELinux sandbox. sandbox -X essentially combines the sandbox with the idea behind the "xguest" user to create a sandbox for arbitrary desktop applications. It came out of a request to be able to sandbox "acroread": "Acroread and most other desktop applications use multiple communication channels, interacting not just with stdin and stdout, but accessing configuration files, directly or using interprocess calls as with GConf, the X server and other applications, and usually have full run of the user's home directory. A bug in a desktop application can be exploited to attack other processes on the system through any of these channels. Attempting to lock down access to these things usually just causes applications to break, or at least degrades the user experience. In a nutshell, there was no good, general-purpose way to lock down Acroread, or that matter, any other desktop application."

Comments (39 posted)

Why open-source DNS is 'internet's dirty little secret' (ZDNet)

ZDNet is running an interview with Nominum manager Jon Shalowitz; it's an amusingly retro experience for those of us who have forgotten what 1990's-style security FUD looked like. "If I have a secret way of blocking a hacker from attacking my software, if it's freeware or open source, the hacker can look at the code. By virtue of something being open source, it has to be open to everybody to look into. I can't keep secrets in there. But if I have a commercial-grade software product, then all of that is closed off, and so things are not visible to the hacker." Needless to say, he is attempting to sell such a product.

Comments (35 posted)

New vulnerabilities

apache: multiple vulnerabilities

Package(s):apache CVE #(s):CVE-2009-3094 CVE-2009-3095
Created:September 22, 2009 Updated:March 1, 2010
Description: From the Mandriva advisory: Multiple vulnerabilities were discovered and corrected in apache:

The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command (CVE-2009-3094).

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095).

Slackware SSA:2010-024-01 httpd 2010-01-25
Fedora FEDORA-2009-12747 httpd 2009-12-04
Fedora FEDORA-2009-12606 httpd 2009-12-04
Fedora FEDORA-2009-12604 httpd 2009-12-04
Mandriva MDVSA-2009:323 apache 2009-12-07
Red Hat RHSA-2009:1461-01 Red Hat Application Stack 2009-09-23
Mandriva MDVSA-2009:240 apache 2009-09-22
rPath rPSA-2009-0155-1 httpd 2009-11-24
rPath rPSA-2009-0154-1 httpd 2009-11-24
Debian DSA-1934-1 apache2 2009-11-16
CentOS CESA-2009:1579 httpd 2009-11-14
Red Hat RHSA-2009:1580-02 httpd 2009-11-11
Ubuntu USN-860-1 apache2 2009-11-19
CentOS CESA-2009:1580 httpd 2009-11-12
CentOS CESA-2009:1579 httpd 2009-11-12
Red Hat RHSA-2009:1579-02 httpd 2009-11-11
SuSE SUSE-SA:2009:050 apache2,libapr1 2009-10-26

Comments (none posted)

bugzilla: SQL injection

Package(s):bugzilla CVE #(s):CVE-2009-3125 CVE-2009-3165 CVE-2009-3166
Created:September 21, 2009 Updated:June 4, 2010
Description: From the Bugzilla advisory:

* Two SQL injection attacks have been discovered in Bugzilla. One only affects the 3.4 series, while the other affects the 3.0, 3.2, and 3.4 series. These are extremely serious vulnerabilities that must be patched immediately.

* When a user would change his password, his new password would be exposed in the URL field of the browser if he logged in right after changing his password.

Gentoo 201006-19:02 bugzilla 2010-06-04
Fedora FEDORA-2009-9550 bugzilla 2009-09-15
Fedora FEDORA-2009-9554 bugzilla 2009-09-15
Debian DSA-1913-1 bugzilla 2009-10-17

Comments (none posted)

changetrack: shell command execution

Package(s):changetrack CVE #(s):CVE-2009-3233
Created:September 22, 2009 Updated:September 23, 2009
Description: From the Debian advisory: Marek Grzybowski discovered that changetrack, a program to monitor changes to (configuration) files, is prone to shell command injection via metacharacters in filenames. The behaviour of the program has been adjusted to reject all filenames with metacharacters.
Debian DSA-1891-1 changetrack 2009-09-22

Comments (none posted)

dovecot: buffer overflows

Package(s):dovecot CVE #(s):CVE-2009-3235
Created:September 23, 2009 Updated:October 5, 2010
Description: From the Mandriva alert: Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632 (CVE-2009-3235).
Gentoo 201110-04 dovecot 2011-10-10
Mandriva MDVSA-2010:196 dovecot 2010-10-04
Ubuntu USN-838-1 dovecot 2009-09-28
Fedora FEDORA-2009-9901 cyrus-imapd 2009-09-24
Fedora FEDORA-2009-9869 cyrus-imapd 2009-09-24
Debian DSA-1893-1 cyrus-imapd-2.2 2009-09-23
Debian DSA-1892-1 dovecot 2009-09-23
Red Hat RHSA-2009:1459-04 cyrus-imapd 2009-09-23
Mandriva MDVSA-2009:242-1 dovecot 2009-09-22
Mandriva MDVSA-2009:242 dovecot 2009-09-22
SuSE SUSE-SR:2009:018 cyrus-imapd, neon/libneon, freeradius, strongswan, openldap2, apache2-mod_jk, expat, xpdf, mozilla-nspr 2009-11-10
SuSE SUSE-SR:2009:016 silc-toolkit, open-iscsi, strongswan,freeswan,openswan, mutt, openldap2, cyrus-imapd, java-1_6_0-openjdk, postgresql, IBMJava2-JRE/java-1_4_2-ibm, wireshark, freeradius, dovecot 2009-10-13
CentOS CESA-2009:1459 cyrus-imapd 2009-10-30

Comments (none posted)

drupal: multiple vulnerabilities

Package(s):drupal CVE #(s):
Created:September 21, 2009 Updated:September 23, 2009
Description: From the Drupal advisory:

Multiple vulnerabilities and weaknesses were discovered in Drupal.

OpenID association cross site request forgeries: The OpenID module in Drupal 6 allows users to create an account or log into a Drupal site using one or more OpenID identities.

OpenID impersonation: The OpenID module is not a compliant implementation of the OpenID Authentication 2.0 specification. An implementation error allows a user to access the account of another user when they share the same OpenID 2.0 provider.

File upload: File uploads with certain extensions are not correctly processed by the File API. This may lead to the creation of files that are executable by Apache. The .htaccess that is saved into the files directory by Drupal should normally prevent execution. The files are only executable when the server is configured to ignore the directives in the .htaccess file.

Session fixation: Drupal doesn't regenerate the session ID when an anonymous user follows the one time login link used to confirm email addresses and reset forgotten passwords. This enables a malicious user to fix and reuse the session id of a victim under certain circumstances.

Fedora FEDORA-2009-9751 drupal 2009-09-18
Fedora FEDORA-2009-9721 drupal 2009-09-18

Comments (none posted)

pidgin: multiple vulnerabilities

Package(s):pidgin CVE #(s):CVE-2009-2703 CVE-2009-3026 CVE-2009-3083 CVE-2009-3085
Created:September 21, 2009 Updated:January 18, 2010
Description: From the Red Hat advisory:

A NULL pointer dereference flaw was found in the way the Pidgin XMPP protocol plug-in processes IQ error responses when trying to fetch a custom smiley. A remote client could send a specially-crafted IQ error response that would crash Pidgin. (CVE-2009-3085)

A NULL pointer dereference flaw was found in the way the Pidgin IRC protocol plug-in handles IRC topics. A malicious IRC server could send a specially-crafted IRC TOPIC message, which once received by Pidgin, would lead to a denial of service (Pidgin crash). (CVE-2009-2703)

It was discovered that, when connecting to certain, very old Jabber servers via XMPP, Pidgin may ignore the "Require SSL/TLS" setting. In these situations, a non-encrypted connection is established rather than the connection failing, causing the user to believe they are using an encrypted connection when they are not, leading to sensitive information disclosure (session sniffing). (CVE-2009-3026)

A NULL pointer dereference flaw was found in the way the Pidgin MSN protocol plug-in handles improper MSNSLP invitations. A remote attacker could send a specially-crafted MSNSLP invitation request, which once accepted by a valid Pidgin user, would lead to a denial of service (Pidgin crash). (CVE-2009-3083)

Ubuntu USN-886-1 pidgin 2010-01-18
SuSE SUSE-SR:2009:020 apache2-mod_jk, cacti, cups, expat, finch/pidgin, htmldoc, kdelibs3/kdelibs4, libpoppler/poppler, lighttpd, opera, perl-HTML-Parser, pyxml, seamonkey, wireshark/ethereal, xntp, zope/zope3 2010-01-12
Mandriva MDVSA-2009:321 pidgin 2009-12-06
CentOS CESA-2009:1453 pidgin 2009-09-22
Red Hat RHSA-2009:1453-01 pidgin 2009-09-21
CentOS CESA-2009:1535 pidgin 2009-10-29
Gentoo 200910-02 pidgin 2009-10-22
Red Hat RHSA-2009:1535-01 pidgin 2009-10-29
CentOS CESA-2009:1453 pidgin 2009-10-30

Comments (none posted)

postgresql: multiple vulnerabilities

Package(s):postgresql-8.1, postgresql-8.3 CVE #(s):CVE-2009-3229 CVE-2009-3230 CVE-2009-3231
Created:September 21, 2009 Updated:March 8, 2010
Description: From the Ubuntu advisory:

It was discovered that PostgreSQL could be made to unload and reload an already loaded module by using the LOAD command. A remote authenticated attacker could exploit this to cause a denial of service. This issue did not affect Ubuntu 6.06 LTS. (CVE-2009-3229)

Due to an incomplete fix for CVE-2007-6600, RESET ROLE and RESET SESSION AUTHORIZATION operations were allowed inside security-definer functions. A remote authenticated attacker could exploit this to escalate privileges within PostgreSQL. (CVE-2009-3230)

It was discovered that PostgreSQL did not properly perform LDAP authentication under certain circumstances. When configured to use LDAP with anonymous binds, a remote attacker could bypass authentication by supplying an empty password. This issue did not affect Ubuntu 6.06 LTS. (CVE-2009-3231)

Gentoo 201110-22 postgresql-base 2011-10-25
rPath rPSA-2010-0012-1 postgresql 2010-03-07
Mandriva MDVSA-2009:251-1 postgresql8.2 2009-12-08
Red Hat RHSA-2009:1461-01 Red Hat Application Stack 2009-09-23
Ubuntu USN-834-1 postgresql-8.1, postgresql-8.3 2009-09-21
CentOS CESA-2009:1485 postgresql 2009-10-07
Red Hat RHSA-2009:1484-01 postgresql 2009-10-07
Red Hat RHSA-2009:1485-01 postgresql 2009-10-07
CentOS CESA-2009:1484 postgresql 2009-10-09
CentOS CESA-2009:1484 postgresql 2009-10-30
SuSE SUSE-SR:2009:017 php5, newt, rubygem-actionpack, rubygem-activesupport, java-1_4_2-ibm, postgresql, samba, phpMyAdmin, viewvc 2009-10-26
SuSE SUSE-SR:2009:016 silc-toolkit, open-iscsi, strongswan,freeswan,openswan, mutt, openldap2, cyrus-imapd, java-1_6_0-openjdk, postgresql, IBMJava2-JRE/java-1_4_2-ibm, wireshark, freeradius, dovecot 2009-10-13
Debian DSA-1900-1 postgresql-7.4 2009-10-02

Comments (none posted)

squid: denial of service

Package(s):squid CVE #(s):CVE-2009-2855
Created:September 22, 2009 Updated:March 31, 2010
Description: From the Mandriva advisory: The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.
Gentoo 201110-24 squid 2011-10-26
Red Hat RHSA-2010:0221-04 squid 2010-03-30
SuSE SUSE-SR:2010:007 cifs-mount/samba, compiz-fusion-plugins-main, cron, cups, ethereal/wireshark, krb5, mysql, pulseaudio, squid/squid3, viewvc 2010-03-30
Ubuntu USN-901-1 squid 2010-02-16
Debian DSA-1991-1 squid/squid3 2010-02-04
Mandriva MDVSA-2009:241-1 squid 2010-01-11
Mandriva MDVSA-2009:241 squid 2009-09-22

Comments (none posted)

webkit: denial of service

Package(s):webkit CVE #(s):CVE-2009-1711
Created:September 23, 2009 Updated:January 25, 2011
Description: From the Ubuntu alert: Several flaws were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
openSUSE openSUSE-SU-2011:0024-1 webkit 2011-01-12
SUSE SUSE-SR:2011:002 ed, evince, hplip, libopensc2/opensc, libsmi, libwebkit, perl, python, sssd, sudo, wireshark 2011-01-25
Debian DSA-1988-1 qt4-x11 2010-02-02
Debian DSA-1950 webkit 2009-12-12
Ubuntu USN-836-1 webkit 2009-09-23
Ubuntu USN-857-1 qt4-x11 2009-11-10

Comments (none posted)

webkit: arbitrary code execution

Package(s):webkit CVE #(s):CVE-2009-1712
Created:September 23, 2009 Updated:January 25, 2011
Description: From the Ubuntu alert: It was discovered that WebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1712)
openSUSE openSUSE-SU-2011:0024-1 webkit 2011-01-12
SUSE SUSE-SR:2011:002 ed, evince, hplip, libopensc2/opensc, libsmi, libwebkit, perl, python, sssd, sudo, wireshark 2011-01-25
Debian DSA-1988-1 qt4-x11 2010-02-02
Debian DSA-1950 webkit 2009-12-12
Ubuntu USN-836-1 webkit 2009-09-23
Ubuntu USN-857-1 qt4-x11 2009-11-10

Comments (none posted)

xfig: symlink attack vulnerability

Package(s):xfig CVE #(s):CVE-2009-1962
Created:September 23, 2009 Updated:December 28, 2009
Description: From the Mandriva alert: fig in Debian GNU/Linux, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the xfig-eps[PID], xfig-pic[PID].pix, xfig-pic[PID].err, xfig-pcx[PID].pix, xfig-xfigrc[PID], xfig[PID], fig-print[PID], xfig-export[PID].err, xfig-batch[PID], xfig-exp[PID], or xfig-spell.[PID] temporary files, where [PID] is a process ID (CVE-2009-1962).
Mandriva MDVSA-2009:244-1 xfig 2009-12-28
Mandriva MDVSA-2009:244 xfig 2009-09-23

Comments (none posted)

Page editor: Jake Edge

Kernel development

Brief items

Kernel release status

The 2.6.32 merge window is still open as of this writing, so there is no current 2.6 development kernel. The 2.6.32-rc1 release (and the closing of the merge window) can be expected as soon as September 24.

The current stable kernel is 2.6.31. There have been no stable update releases in the last week; a series of stable updates is in the review process, but they have not been released as of this writing.

Comments (53 posted)

Quotes of the week

Quite frankly, I have _never_ever_ seen a good reason for talking to the kernel with some idiotic packet interface. It's just a fancy way to do ioctl's, and everybody knows that ioctl's are bad and evil. Why are fancy packet interfaces suddenly much better?
-- Linus Torvalds on netlink

I've yet to see any believable and complete explanation for these gains. I've asked about these things multiple times and nothing happened.

I suspect that what happened over time was that previously-working code got broken, then later people noticed the breakage but failed to analyse and fix it in favour of simply ripping everything out and starting again.

So for the want of analysing and fixing several possible regressions, we've tossed away some very sensitive core kernel code which had tens of millions of machine-years testing. I find this incredibly rash.

-- Andrew Morton on per-BDI writeback

    -extern void refrigerator(void);
    +extern void refrigerator(void) __cold;
-- Stephen Hemminger on proper refrigeration

Comments (2 posted)

AppArmor: it's baaaaaaack

The AppArmor security module has had a difficult life - even considering that security modules tend to have a hard path into the mainline in general. Its pathname-based approach concerned numerous developers, and its implementation caused the net to echo with NACKs. Eventually, its core developers lost their jobs and moved on to other pursuits, some distributors lost interest, and AppArmor disappeared from view. Meanwhile, the pathname-based TOMOYO Linux module managed to overcome the hurdles and get into the mainline.

Speaking at LinuxCon, your editor stated that he did not know if AppArmor would come back or not. The next day, a new set of AppArmor patches was posted by John Johansen. Interestingly, John works at Canonical, so AppArmor, should it get into the mainline, could well become one of that company's largest contributions to the kernel. Its chances of merger should be better now; TOMOYO Linux has broken down the barriers to pathname-based mandatory access control, and AppArmor uses the new security module hooks which were added to support TOMOYO. As of this writing, though, there have been no reviews posted, so anything could still happen.

Comments (15 posted)

SystemTap 1.0 released

The SystemTap team has announced the release of SystemTap 1.0; SystemTap is a dynamic tracing tool for Linux. Your editor is not sure why this particular release qualifies as 1.0, but there is a lot of new stuff in it, including "experimental support for unprivileged users, cross-compiling for foreign architectures, matching C++ class and namespace scopes, reduced runtime memory consumption, reduced dormant overhead in userspace markers, bug fixes, and more..." See the announcement for more information.

Comments (3 posted)

Devtmpfs and permissions

Some developers have been unhappy about the merging of devtmpfs for 2.6.32; one even posted a patch to remove it again. Ingo Molnar, instead, simply reported a bug: when devtmpfs created /dev/null and /dev/zero, it made them inaccessible to unprivileged accounts. That breaks most applications in the system, which, Ingo thought, was not entirely desirable.

The devtmpfs developers originally responded that udev should have set the permissions properly by the time any sort of user-space application was running. But devtmpfs raises the possibility of running without udev altogether, at least on relatively simple systems. Linus agreed that this would be a nice possibility, but noted that it would not work if a small number of special files were not world-accessible. Setting the permissions properly is not that hard, but it leads in a direction the devtmpfs developers had not wanted to go: it puts a certain amount of administrative policy into the kernel.

In the end, though, that is exactly what happened; devtmpfs gained the query to get default permissions from kernel subsystems and implement them in the filesystem. Given that these permissions were Linus's largest complaint about the whole thing, it now seems likely that devtmpfs has a secure place in the 2.6.32 kernel.

Comments (1 posted)

The end of paravirt_ops?

The paravirt_ops mechanism provides a way for the Linux kernel, when running in a virtualized mode, to hook efficiently into the hypervisor for privileged operations. Over time, processors have grown hardware features aimed at supporting virtualization, but there has still been a performance benefit to implementing some operations through paravirt_ops. That situation would appear to be changing, though.

VMI is a paravirtualization layer for VMWare, built on top of paravirt_ops. Recently, developers at VMWare ran a series of tests and came to an interesting conclusion: with contemporary hardware, using VMI did not improve the performance of guest systems. Indeed, it made things worse. Reasonable hardware virtualization should be available on almost all systems that matter in the near future, so VMWare's developers have decided that VMI no longer makes sense; they are now planning to remove it.

KVM developer Avi Kivity noted that a similar conclusion had been reached in that camp; KVM will be dropping support for some paravirtualized operations in the near future. That leaves two other systems - Xen and lguest - using paravirt_ops. Xen, it seems, will continue to do so for some time, and lguest is highly unlikely to ever sacrifice sufficient puppies to move to hardware virtualization. So paravirt_ops will remain for a little while yet, but the its eventual demise would appear to be in the cards. When it goes, it may just take lguest with it.

Comments (6 posted)

Kernel development news

2.6.32 merge window, part 2

By Jonathan Corbet
September 23, 2009
Since last week's update, some 3300 changesets have been merged into the mainline for the 2.6.32 development cycle. The total number of non-merge changesets going into 2.6.32 is now just over 7800 - quite a few, but not, yet, a record.

Changes visible to users include:

  • There are two new system clocks available: CLOCK_REALTIME_COARSE and CLOCK_MONOTONIC_COARSE. They are aimed at applications which need to obtain timestamps with a minimal cost, and are willing to lose some resolution in the process.

  • The Sunplus S+core architecture is now supported.

  • The performance monitoring code has gained new capabilities for recording and analyzing scheduler latency information. There is a new facility for tracking power management state change events. There has also been a rebranding from "performance counters" to "performance events".

  • Arjan van de Ven's timechart tool has been merged. Timechart records system events in a way which allows users to zoom in on specific periods of time and gain increasing levels of detail on where system delays are coming from.

  • The Intel i915 graphics driver now supports dynamic clock frequency control. This feature allows clock frequencies to be reduced when there is little or no graphics activity with a corresponding reduction in power use.

  • The Radeon kernel mode setting (KMS) code continues to evolve at a rapid rate, with increasing numbers of features being supported there. There is now KMS support for the R600 series.

  • Quite a bit of new information has been added to virtual files like /proc/meminfo with the intent of helping administrators track down memory users in out-of-memory situations.

  • The kernel shared memory (KSM) subsystem has been merged. KSM scans memory for pages with identical content. Duplicate pages are replaced with copy-on-write links, resulting in significant reductions in memory use.

  • The cpuidle governor changes described in this article have been merged.

  • The Video4Linux layer now understands the ISDB-T and ISDB-S broadcast standards, giving access to digital TV in places like Japan and Brazil.

  • Expanded information about thread stack usage can now be found under /proc.

  • The ocfs2 filesystem has gained reflink support, but without the (to be reworked) reflink() system call.

  • Write support has been removed from the qnx4 filesystem; that is likely to inconvenience very few users, since it never really worked anyway.

  • There is the usual pile of new drivers:

    • Boards and processors: Broadcom BCM63xx system-on-chip processors, TI DA830/OMAP-L137 and DA850/OMAP-L138 SOC processors, EcoVec (SH7724) SuperH boards, and SuperH SH7757 processors.

    • Graphics: VIA VX855 integrated graphics chipsets, DA8xx/OMAP-L1xx framebuffers, Gumstix Overo LCD controllers, OMAP3 EVM LCD controllers, and Qualcomm MSM/QSD framebuffers.

    • Block: ARTOP 867X 64bit 4-channel UDMA133 ATA controllers.

    • USB: Nuvoton W90X900(W90P910) EHCI controllers and Philips ISP1362 host controllers.

    • Video4Linux: Conexant 25821-based TV cards DiBcom DiB8000 ISDB-T/ISDB-Tsb demodulators, GL860 USB camera devices, NXP SAA7164-based TV cards, Friio ISDB-T USB2.0 receivers, and Earthsoft PT1 PCI cards.

    • Miscellaneous: Texas Instruments TMP421/422/423 temperature sensors, GPIO devices on a number of Freescale Coldfire CPUs, Wolfson Microelectronics WM831x power management ICs, Motorola PCAP touchscreens, ST-Ericsson AB3100 RTC devices, Renesas R8A66597 USB Peripheral Controllers, Nuvoton NUC900 series watchdog devices, Winbond IR remote control devices, Qualcomm MSM 7X00A SDCC controllers, OMAP4 multimedia card interfaces, PPC4xx SPI controllers, Freescale STMP37xx/378x SPI/SSP controllers, Freescale MC33880 high-side/low-side switches, ST-Ericsson COH 901 331 realtime clocks, Philips PCF2123 RTC devices, Freescale STMP3xxx and MXC RTC devices, ACPI 4.0 power meters, and TI TPS65023 and TPS6507x voltage regulator devices.

Changes visible to kernel developers include:

  • The x86 architecture code has been significantly reorganized so that support for the Intel "Moorestown" architecture could be added.

  • The driver core API has been extended to allow subsystems to provide non-default permissions for device nodes created in devtmpfs.

  • The (now) unused kernel markers mechanism has been removed; tracepoints should be used instead.

  • The user-space USB driver API now allows drivers to claim specific hub ports.

  • There are new tracepoints for memory page allocation and freeing events and timer (and hrtimer) events.

The merge window would normally be nearing its end; it's possible that Linus will extend it slightly, though, to make up for the time he has spent at LinuxCon and the Linux Plumbers conference.

Comments (3 posted)

New column: Ask a kernel developer

September 23, 2009

This article was contributed by Greg Kroah-Hartman.

[Editor's note: Greg Kroah-Hartman has graciously agreed to write an occasional column for LWN in which he answers questions that readers may wish to ask of the kernel development community. Greg will do a great job, but the key to a successful column will be good questions; please come up with your best and send them in.]

Hi, and welcome to a new semi-weekly column. In here, we are going to try to answer your common questions about Linux kernel development. This column will rely on the readers to submit new questions to be answered either here in comments, or by email to, with the understanding that not all questions can be answered.

Valid topics can range from the technical, to the procedural, or on toward anything remotely related to the Linux kernel that you can think of.

To start it off, I've provided a few "seed" questions that I get asked a lot, and would like to finally answer in one place so I don't have to do it again.

Why is the 2.6.27 kernel still being maintained while the newer 2.6.29 kernel is no longer getting updates?

The Linux kernel stable series strives to only maintain one kernel tree at at time, the most recent one, with a small overlap of a release or two when a new kernel is released. So for right now, as the 2.6.31 kernel was just released, both the .31 and .30 trees are being updated. After the next release of the .30 stable tree, it will be abandoned, and only the .31 tree will be updated with security and bug fixes.

But some kernel trees are a bit "special". The 2.6.27 kernel looked like a good kernel to maintain for a longer period of time. Some users have reported that they like to remain on one kernel version for longer than 3-4 months, so the 2.6.27 kernel tree will try to be a tree that they can rely on to get security and bug fixes for a longer time frame. As the 2.6.27 kernel was first released on October 9, 2008, there has almost been a full year of support for this kernel so far.

After I get tired of maintaining this kernel branch, Adrian Bunk has volunteered to maintain it even longer, so in another year or so, maintenance will switch over to him, and it will continue to live on.

How do I get a patch included in the stable kernel updates?

First off, take a look at the file Documentation/stable_kernel_rules.txt to verify that the patch you are considering meets the rules for a stable kernel release. If it does, the easiest way to get it included is to add a:

    Cc: stable <>

line to the Signed-off-by: area in the patch before it is sent to the subsystem maintainer. When a patch with that line in it is accepted into Linus's kernel tree, the stable team will be automatically notified that the patch should be included, and they will queue it up for the next stable kernel release(s).

If you notice a patch that you feel should be included in the stable release, and does not have this marking, and is already in Linus's tree, a simple email to the address with the git commit id of the patch in Linus's tree and a short description of which stable kernel releases you feel it should be included in is all that is needed.

So bring on the questions!

Comments (21 posted)

Log-structured file systems: There's one in every SSD

September 18, 2009

This article was contributed by Valerie Aurora (formerly Henson)

When you say "log-structured file system," most storage developers will immediately think of Ousterhout and Rosenblum's classic paper, The Design and Implementation of a Log-structured File System - and the nearly two decades of subsequent work attempting to solve the nasty segment cleaner problem (see below) that came with it. Linux developers might think of JFFS2, NILFS, or LogFS, three of several modern log-structured file systems specialized for use with solid state devices (SSDs). Few people, however, will think of SSD firmware. The flash translation layer in a modern, full-featured SSD resembles a log-structured file system in several important ways. Extrapolating from log-structured file systems research lets us predict how to get the best performance out of an SSD. In particular, full support for the TRIM command, at both the SSD and file system levels, will be key for sustaining long-term peak performance for most SSDs.

What is a log-structured file system?

Log-structured file systems, oddly enough, evolved from logging file systems. A logging (or journaling) file system is a normal write-in-place file system in the style of ext2 or FFS, just with a log of write operations bolted on to the side of it. (We'll use the term "journaling file system" in the rest of the paper to avoid confusion between "logging" and "log-structured" file systems.) A journaling file system keeps the on-disk state of the file system consistent by writing a summary of each write operation to the log, stored somewhere non-volatile like disk (or NVRAM if you have the money), before writing the changes directly to their long-term place in the file system. This summary, or log record, contains enough information to repeat the entire operation if the direct write to the file system gets interrupted mid-way through (e.g., by a system crash). This operation is called replaying the log. So, in short, every change to the file system gets written to disk twice: once to the log, and once in the permanent location.

Around 1988, John K. Ousterhout and several collaborators realized that they could skip the second write entirely if they treated the entire file system as one enormous log. Instead of writing the operation to the log and then rewriting the changes in place somewhere else on the disk, it would just write it once to the end of the log (wherever that is) and be done with it. Writes to existing files and inodes are copy-on-write - the old version is marked as free space, and the new version is written at the end of the log. Conceptually, finding the current state of the file system is a matter of replaying the log from beginning to end. In practice, a log-structured file system writes checkpoints to disk periodically; these checkpoints describe the state of the file system at that point in time without requiring any log replay. Any changes to the file system after the checkpoint are recovered by replaying the relatively small number of log entries following the checkpoint.

One of the interesting benefits of the log-structured file system (LFS) structure is that most writes to the file system are sequential. The section describing the motivation for Sprite LFS, written nearly 20 years ago, demonstrates how little has changed in the storage world:

Over the last decade CPU speeds have increased dramatically while disk access times have only improved slowly. This trend is likely to continue in the future and it will cause more and more applications to become disk-bound. [...] Log-structured file systems are based on the assumption that files are cached in main memory and that increasing memory sizes will make the caches more and more effective at satisfying read requests. As a result, disk traffic will become dominated by writes.

But wait, why are we still talking about disk seeks? SSDs have totally changed the performance characteristics of storage! Disks are dead! Long live flash!

Surprisingly, log-structured file systems are more relevant than ever when it comes to SSDs. The founding assumption of log-structured file systems - that reads are cheap and writes are expensive - is emphatically true for the bare-metal building blocks of SSDs, NAND-based flash. (For the rest of this article, "flash" refers to NAND-based flash and SSD refers to a NAND-based flash device with a wear-leveling, write-gathering flash translation layer.) When it comes to flash, reads may be done at small granularities - a few hundreds of bytes - but writes must be done in large contiguous blocks - on the order of tens of thousands or hundreds of thousands of bytes. A write to flash takes two steps: First the entire block is cleared, setting all the bits to the same value (usually 1, counter-intuitively). Second, individual bits in the block are flipped back to 0 until you get the block you wanted.

Log-structured file systems turn out to be a natural fit for flash. One of the details of the log-structured design is that the log is written in large contiguous chunks, called "segments," on the order of several megabytes in size. To cut down on metadata overhead and get the best performance, log entries are gathered and written out sequentially to a completely free segment. Most segments are partially in use and partially free at any given time, so the file system has to collect all the in-use data from a segment and move it elsewhere before it can start writing to it. When the file system needs a fresh segment, it first cleans an existing partially-used segment by moving all the in-use, or live data to another free segment - basically, it garbage-collects. Now that everything is arranged properly, the file system can do one big streaming write to the empty segment. This system of segments and cleaning is exactly what is needed to efficiently write to a flash device, given the necessity to erase large contiguous blocks of flash before writing to them.

Sadly, many thousands of people probably now associate the Tux penguin bootup logo with the inability to watch TV on long distance flights. The match between log-structured file systems and flash is obvious when you look at file systems written for the bare flash programming interface - that is, for devices without built-in wear-leveling or write-gathering. File systems that know about and have to manage erase blocks and other details of the flash hardware are almost invariably log-structured in design. The most widely used such file system for Linux is JFFS2, used in many embedded devices, such as ticket machines and seatback airline entertainment systems. More than once, I've boarded a plane and seen a JFFS2 error message reporting flash corruption on a hung seatback entertainment system. (Sadly, many thousands of people probably now associate the Tux penguin bootup logo with the inability to watch TV on long distance flights.)

For SSDs that export a disk-style block interface - most consumer-grade SSDs these days - the operating systems uses a regular file system to talk to the SSD via the block interface (that is, read block #37 into this buffer, write this buffer into block #42, etc.). However, this system still contains the logical equivalent of a log-structured file system; it's just hidden inside the SSD. The firmware that implements wear-leveling, write-gathering, and any other features has to solve the same problems as a log-structured file system.

Most SSD manufacturers refuse to reveal any details of their internal firmware, but we can be fairly confident that it has a lot in common with log-structured file systems. First, the only way to implement efficient random writes is to buffer them and write them out to a single erase block together. This requires clearing an erase block, moving all the in-use blocks to another area, and keeping a mapping between the logical location of blocks and their physical locations - exactly what a log-structured file system does. Second, when we do get SSD implementation details from research publications, they look like log-structured file systems. Third, when we look at long-term performance testing of SSDs, we see the same pattern of performance degradation over time that we do with log-structured file systems. We'll talk about this in detail in the next section.

Log-structured file system performance

Log-structured file systems are a natural fit for flash-based storage today, but back in 1990, they appeared to have great potential for disk-based file systems as well. Yet, as we all know, we're not using log-structured file systems on our disk-based laptops and servers. What happened?

In short, log-structured file systems performed relatively well as long as most of the segment cleaning - movement of live data out of a segment so it can be re-used - could be done in the background when the file system wasn't busy with "real" work. The first major follow-up paper on LFS [PDF] found performance of LFS degraded by up to 40% from the best case at real-world levels of disk utilization, memory-to-disk ratio, and file system traffic. In short, in the steady state the file system was spending a significant amount of disk access time cleaning segments - moving old data out of a segment so it could be used for new writes. This segment cleaning problem was the subject of active research for at least another decade, but none of the solutions could consistently beat state-of-the-art write-in-place file systems at practical levels of disk utilization. It's a little bit like comparing garbage collection to explicit reference counting for memory management; when memory usage is low and the occasional high latency hit is okay, the convenience of garbage collecting outweighs the performance benefits. But at "high" levels of disk utilization - as little as 50% - the cleaning cost and periodic high latencies waiting for space to be freed up become a problem.

As the first LFS paper showed, the key to good performance in a log-structured file system is to place data such that nearly empty segments are created about as quickly as they are used. The file system write bandwidth is limited by the rate at which it can produce clean segments. The worst case happens when, in a file system that is X% full, every segment is also X% full. Producing one clean segment requires collecting the live data from:

    N = ceiling(1/(1 - X))

segments and writing out the old data to N - 1 of those segments. For a disk utilization of 80%, we get:

    N = ceiling(1/(1 - .80)) = 1/.20 = 5

segments to clean. If segments were 1MB in size, we'd have to read

    5 * 800KB = 4MB

of data seekily and write 4MB sequentially before we could write 1MB of new data. (Note to pedants: I'm using MB/KB in powers of 10, not 2).

The best case, instead, is a file system with two kinds of segments, completely full and completely empty. The best case write pattern is one that changes all of the metadata and data in a single segment, so that when the new versions are written out, the old versions are freed and the entire segment becomes free again. Reality lies somewhere between these two cases. The goal for a log-structured file system is to create a bimodal segment usage distribution: Most segments are either very full or very empty, and full segments tend to be unchanged. This turns out to be difficult to achieve.

SSDs have an extra interesting constraint: wear-leveling. Even in the best case in which most segments are 100% full and no writes ever change the data in them, the SSD must still move those segments around occasionally because it has to spread writes out over every available flash block. This adds an extra segment move in some cases and makes achieving good performance even harder than in a disk-based log-structured file system.

Lessons - learned?

It's great that SSD manufacturers can learn from two decades of prior work on log-structured file systems. What's not clear is whether they are doing so. Most manufacturers take a very closed approach to SSD firmware development - it's the secret sauce that turns cheap commodity flash with very low margins into extremely expensive, reliable, high-performance storage devices with high margins. Some manufacturers are clearly better at this task than others. Currently, manufacturers are taking the trade secret strategy for maintaining their competitive advantage - apply for patents on individual elements of the design, but keep the overall implementation a secret. The message to file systems developers is "Just trust us" and "Don't worry your pretty little systems programmers' heads about it" whenever we ask for more information on SSD implementation. You can't particularly argue with this strategy at present, but it tends to come from (and reinforce) the mindset that not only refuses to share information with the outside, but also ignores information from the outside, such as previously published academic work.

One of the greatest missed opportunities for optimization based on lessons learned from log-structured file systems is the slow adoption of TRIM support for SSDs. TRIM is a command to a block device informing it that a certain range of blocks is no longer in use by the file system - basically a free() call for blocks. As described earlier, the best performance comes when empty segments are created as a side effect of ongoing writes. As a simple example, imagine a segment that contains only a single inode and all of its file data. If the next set of writes to the file system overwrites all of the file data (and the inode as a side effect), then that segment becomes completely free and the file system doesn't have to move any live data around before it uses that segment again. The equivalent action for an SSD is to write to a block that has already been written in the past. Internally, the SSD knows that the old copy of that block is now free, and it can reuse it without copying its data elsewhere.

But log-structured file systems have a distinct advantage over pre-TRIM SSDs (basically all commercially available SSDs as of now, September 2009). Log-structured file systems know when on-disk data has been freed even when it isn't overwritten. Consider the case of deleting the one-segment file: the entire segment is freed, but no overwrite occurred. A log-structured file system knows that this happened and now has a free segment to work with. All the SSD sees is a couple of tiny writes to other blocks on the disk. As far as it's concerned, the blocks used by the now-deleted file are still precious data in-use by the file system and it must continue to move that data around forever. Once every block in the device has been written at least once, the SSD is doomed to a worst case performance state in which its spare blocks are at a minimum and data must be moved each time a new block is rotated into use.

As we've seen, the key to good performance in a log-structured file system is the availability of free or nearly-free segments. An SSD without TRIM support does not know about many free segments and accrues an immense performance disadvantage, which make it somewhat shocking that any SSD ever shipped without the TRIM feature. My guess is that SSDs were initially performance tested only with write-in-place file systems (cough, cough, NTFS) and low total file system usage (say, 70% or less).

Unfortunately, TRIM in its current form is both designed and implemented to perform incredibly poorly: TRIM commands aren't tagged and at least one SSD takes hundreds of milliseconds to process a TRIM command. Kernel developers have debated exactly how to implement TRIM support at the Linux Plumbers Conference, at the Linux Storage and File System Workshop, and on mailing lists: what the performance cost of each TRIM is, what granularity TRIMs should have, how often they should be issued, and whether it's okay to forget or miss TRIM commands. In my opinion, the in-use/free state of a block on a TRIM-enabled device should be tracked as carefully as that of a page of memory. The file system implementation can take the form of explicit synchronous alloc()/free() calls, or else asynchronous garbage collection (during a file system check or scrubbing run), but we shouldn't "leak" in-use blocks for all the same reasons we don't leak memory. Additionally, in an ideal world, TRIM would be redesigned or replaced by a command that is a full-featured, well-designed first-class citizen in the ATA spec, rather than a hack bolted on after the fact.

Of course, all this is speculation in the absence of implementation details from the SSD manufacturers. Perhaps some SSD firmware programmers have come up with entirely new algorithms for remapping and write-gathering that don't resemble log-structured file systems at all, and the performance characteristics and optimizations we have seen so far just happen to match those for log-structured file systems. However, so far it appears that treating an SSD as though it were backed by a log-structured file system is a good rule of thumb for getting good performance. Full TRIM support by both SSDs and file systems will be key to long-term good performance.

Comments (63 posted)

Patches and updates

Kernel trees


Core kernel code

Development tools

Device drivers

Filesystems and block I/O


Memory management


Page editor: Jonathan Corbet


News and Editorials

openSUSE Conference: an interview with Joe 'Zonker' Brockmeier

By Rebecca Sobol
September 22, 2009

The openSUSE Conference was held September 17 - 20, 2009 in Nürnberg, Germany. There was full schedule with talks, workshops, Birds of a Feather sessions, an RPM summit, and more. We talked with openSUSE community manager Joe 'Zonker' Brockmeier about the conference.

Tell us little bit about the conference. You mentioned in your web log that there were 150 people the first day. Was the participation about what you expected?

No, it was actually better. The goal was 200 people, with a good mix between Novell employees and community contributors. We actually did better than 200, I think between 215 and 230 people -- I haven't gotten the final number yet, as I had to leave on Sunday.

And the actual participation was fabulous. People were great at being self-starting and setting up their own sessions and generally making things happen once they were there. We had a great conference, and I think most people were very happy having attended. The only consistent complaint, which was expected and unavoidable, was that there was no open network for participants except for a bunch of wired connections in the front room for people to get email, etc., and for presenters to use.

The facility simply wasn't geared to handle our kind of bandwidth needs, so we decided no network was better than a crappy one -- plus, we did want people to actually talk to one another. Some people have actually suggested having no network next time as well.

The schedule for Thursday shows that you gave a talk about the Ambassador program. Tell us a bit about that.

It was mostly a Q&A session -- I wanted to get people together who were interested in the ambassadors program and find out what questions they had, what they might need, and how to go forward faster. It's really something that we want the community to define -- budgetwise, there are some parameters being set by what we have to work with, but other than that, this is something that I largely want to let the people doing the work to define and take ownership of - and that's going well so far.

It seems like there was plenty to do, with two tracks, unconference, and more all going on at the same time. Did it work well? What was particularly successful?

Very successful, I think -- people had enough structure to have some idea what to expect when they showed up, and then also enough freedom to plan their own activities. I hate going to conferences where you have no slack time and no way to talk to other people with similar interests without just skipping out entirely or staying extra days. So this gave people room to be part of a "general" conference while still addressing their specific areas of interest. The GNOME team, for instance, headed back to the SUSE office to do a bunch of bug triage, which was awesome.

In general, I would like to do more pre-planning next time, more to get upstreams involved, but overall I think this went very well.

Due to the network issue, of course, we weren't able to be inclusive for people who couldn't attend physically, and that was disappointing.

Did you attend any of the RPM summit? Can you tell us a bit about that?

I didn't but I was told by the participants that it was successful and they were able to make some progress. Really, I think the primary thing was to get several people from different projects in a room together to get things started, and I think we've accomplished that. I really want to thank Florian Festi for coming and the Fedora/Red Hat guys for being very receptive to working together here.

Was there a specific highlight or two of things that were interesting, useful or unexpected?

I think the openSUSE governance sessions we had were very useful. We got a lot of ground covered and had some very good conversations with all the right stakeholders (or almost, anyway) in the room. Of course as with any event we had a few key people who couldn't attend for various reasons, I'd say we had the majority of people at the conference who needed to be there.

Can you give us some highlights from the other tracks?

In general, I wasn't attending many talks myself -- I was mostly in unconference sessions or taking the opportunity to meet face to face with my colleagues and openSUSE contributors that I don't often get to see personally.

Are there any specific plans for next year?

We're looking at co-locating with BrainShare Europe next year. There's a lot of overhead with planning a conference, facility-wise, so if we can do away with some of that by co-locating the event, I think that's a good way to go. We need to find out where BSE will be held, though.

Is there anything else you would like to add?

Just that the event was quite well-attended and fairly successful. We accomplished quite a bit in four days and it was really useful just getting people together. We needed to have an opportunity for contributors to meet one another and really bond, and I think that happened. We were certainly quite efficient at beer consumption during the Thursday party... ;-)

Thank you for taking the time to answer our questions.

Editors note: See this week's openSUSE Weekly News for more conference coverage.

Comments (4 posted)

New Releases

DragonFly BSD Release 2.4

DragonFly BSD has announced the release of DragonFly 2.4. "Three release options are now available: Our bare-bones CD ISO, a DVD ISO which includes a fully operational X environment, and a bare-bones bootable USB disk-key image (1G disk keys recommended). In addition we will for the first time be shipping a 64-bit ISO. 64-bit support is stable but there will only be limited pkgsrc support in this release."

Comments (3 posted)

Mandriva Linux 2010 RC1 is now available

Mandriva has announced that a release candidate of ML 2010 is available for testing. "These isos are hybrid isos which means you can dump it on an USB key to install it. Use Mandriva-seeds, it's as easy as a click! This RC1 version is a rather a bug fix version with some more major updates..."

Comments (none posted)

Announcement and release notes for Puppy Linux 4.3

Puppy Linux has announced the availability of Puppy Linux 4.3. "Oh man, where to start?! This release is a massive upgrade, right from its very roots to topmost branches."

Comments (none posted)

Ubuntu Karmic Alpha 6 released

The sixth alpha release of Ubuntu Karmic Koala (v9.10) is available for testing. Karmic is also available for Ubuntu Server for UEC and EC2, Ubuntu ARM, Kubuntu, Xubuntu, UbuntuStudio, Mythbuntu and Edubuntu.

Full Story (comments: none)

Ubuntu Privacy Remix 9.04r2 fixes security issues

Ubuntu Privacy Remix (UPR), based on Ubuntu 9.04, is a live, read-only CD that seals off your private data from the outside world. "The UPR Team has released the second stable release of Ubuntu Privacy Remix 9.04, which includes a new kernel to fix USN-819-1 (local root privilege escalation). We think that this hole is very difficult to exploit under the UPR environment, nevertheless we recommend all users to use the new version."

Full Story (comments: none)

Distribution News

Debian GNU/Linux

Changes in the maintenance of the Debian Developers Reference

The way the Developers Reference is maintained has been changed, with the aim to make it more public and easier for people to contribute. "Also, patches for developers-reference are very welcomed. In particular, it would be great if new (or not so new) packaging practices were more documented, like packaging processes with the various VCSes, cdbs and dh, patch systems, etc. Some teams have already written some documentation about that, and it could probably be gathered in developers-reference."

Full Story (comments: none)

cupt, the APT competitor

The Debian APT suite now has a competitor named Cupt. "I just uploaded cupt 1.0.0~beta1 to unstable claiming that most of obvious (and not so obvious) bugs has been ironed out (thanks to people who helped me to do that). I will, of course, appreciate excessive testing."

Full Story (comments: 2)


Announcing Fedora 12 Snapshot 3

Fedora 12 Snapshot 3 is available for testing. These snapshots consist of live images only, composed September 17, 2009.

Full Story (comments: none)

A new release of F11 for the XO-1 is now available

A new release of Fedora 11 for the XO-1 is available. This version contains a new kernel plus over 30 updates.

Comments (none posted)

Fedora Board Recap

Click below for a recap of the September 17, 2009 meeting of the Fedora Advisory Board. Topics include Brazilian Fedora site, Firmware license acceptance, and Commercial non-software goods license.

Full Story (comments: none)

Squeezing blood from the turnip (The Grand Fallacy)

Paul Frields looks forward to FUDCon Toronto (coming in December) and notes that more sponsors are needed. "Back to the sponsorship issue though — how to let us know? Well, it's simple, really. We didn't want FUDCon planning to happen quietly in a back room where people wouldn't know what was happening, so we have a planning list for FUDCon already set up, and a pretty sizable number of people are contributing there to the logistics of setting up this popular event. If you want to provide some help, by all means join us there!"

Comments (none posted)

Software Freedom Day 2009 in Fredericksburg (The Grand Fallacy)

Paul Frields takes a look at Software Freedom Day, from the perspective of the Fedora table. "Ted brought a MythTV box (running Mythdora) and a big LCD monitor so we could show it and the underlying operating system off to passersby. We also had numerous laptops running an assortment of Linux, mainly Fedora but also some openSUSE. We put up balloons around the table but quickly found they got in the way and "removed" them using the nearest sharp objects. Of course, no beautiful day would be complete without music, and we had great tunes from TMBG to Stevie Wonder to Jason Mraz going all day long."

Comments (none posted)

Ubuntu family

Ubuntu 10.04 Linux will be a Lucid Lynx (The H Open)

The H covers Mark Shuttleworth's announcement at Atlanta Linux Fest. "At the Atlanta Linux Fest, Mark Shuttleworth announced that Ubuntu 10.04, the next major release of Ubuntu after version 9.10 Karmic Koala, will be code-named Lucid Lynx. Ubuntu 10.04 will also be a Long Term Support (LTS) version of the Debian-derived Linux distribution."

Comments (none posted)

Minutes from the Ubuntu Technical Board meeting

Click below for the minutes from the September 22, 2009 meeting of the Ubuntu Technical Board. Topics include Removal of sun-java6, Developer Membership Board, Discuss UnitsPolicy, Community Bugs and Archive reorganization.

Full Story (comments: none)

Other distributions

OpenBSD 4.6 postponed to Nov 1

The OpenBSD 4.6 release has been delayed due to CD production problems.

Full Story (comments: 1)

Distribution Newsletters

CentOS Pulse #0905

This issue of CentOS Pulse covers topics like the CentOS 4.8 release, the Spanish CentOS community, wireless networking and contains an interview with Tru Huynh.

Comments (none posted)

DistroWatch Weekly, Issue 321

The DistroWatch Weekly for September 21, 2009 is out. "Computer security has been a hot topic of discussion on these pages in recent weeks. As a result, Caitlyn Martin has embarked upon writing a series of articles covering the basics of computer and Internet security, starting today with part one - user authentication. In the news section, the openSUSE user community launches an initiative to build an enterprise-level distribution with long-term security support, Mark Shuttleworth announces the code name for Ubuntu 10.04, Clement Lefebvre reveals some early information about the improvements in Linux Mint 8 "Helena", and OpenBSD delays the planned October release by a month over a CD manufacturing error. Finally, don't miss the New Distributions section which includes some interesting new additions to the waiting list, including a Linux-based operating system built around Google's Chrome browser and a new Slackware-based desktop distribution called Salix OS."

Comments (none posted)

Fedora Weekly News 194

The Fedora Weekly News for September 20, 2009 is out. "What follows are some highlights from this issue. This week we welcome a brand new beat by Ryan Rix on KDE developments in Fedora! In news from the Fedora Planet, news, views and innovations from Fedora community members. The Quality Assurance beat this week provides details from last week's various graphics tests, audio and virtualization Test Days, along with detailed summaries of the QA weekly meetings, Bugzappers and other regular activities. In Art/Design news, discussion around the desire for a "do it yourself" media sleeve, and updates on the Fedora 12 schedule for the team. In virtualization news, updates on the recent virtualization Test Day, and details of new versions of libvirt, perl-Sys-Virt, and coverage of recent discussion about guest sound over VNC. Our first KDE beat features news of KDE 4.3.1 hitting Fedora updates and some post-release fixes, news on several new KDE applications, and coverage of work of the KDE SIG team this past week. That rounds out this week's issue of Fedora Weekly News, which we hope you enjoy!"

Full Story (comments: none)

OpenMoko Community Updates

The OpenMoko Community Updates for September 16, 2009 cover QtMoko, ENeoLock, Fingertier 0.2.0, Litephone 0.1, Pisi 0.4.6, atd-over-fso, Launcher 0.37, and more.

Comments (1 posted)

OpenSUSE Weekly News/89

This issue of the OpenSUSE Weekly News covers the openSUSE Conference, Bryen Yunashko: Upcoming Board Elections, Andreas Jaeger: Build Service Intro, openSUSE Forums: Switching ext3 to ext4?, and much more.

Comments (none posted)

Ubuntu Weekly Newsletter #160

The Ubuntu Weekly Newsletter for September 19, 2009 is out. "In this issue we cover: Karmic Alpha 6 released, Mark Shuttleworth Announces via video Ubuntu 10.04: Lucid Lynx, Countdown Banner Deadline, UDS Update, Ubuntu Screencasts: Reporting Bugs, The first Ubuntu-DK podcast, Swedish LoCo Bug Jam: Linköping, Ubuntu-NH SFD '09 Report, Launchpad 3.0 & Bug Filing changes, Ubuntu Forums tutorial of the week & Community interview, PostgreSQL security/bug fix testers needed, Ubuntu Packaging: Fixing FTBFS, Launchpad Nautilus Preview, In the Press & Blogosphere, Ubuntu-UK podcast: The Tribe of Gum, Linux-ready mini PC powers up, The Art of Community available for free download, and much, much more!"

Full Story (comments: none)


Interview: Martin Maurer from Proxmox (Montana Linux)

Scott Dowdle talks with Martin Maurer about Proxmox VE. "Proxmox VE is a very light-weight Debian-based distribution that includes a kernel with support for both KVM and OpenVZ. This means you get the best of both virtualization worlds... containers (OS Virtualization) and fully-virtualized machines (Machine Virtualization). Proxmox VE also includes a very powerful yet easy to use web-based management system with clustering features."

Comments (none posted)

Distribution reviews

Ubuntu 9.10 boot optimizations: 5 second startup with an SSD (ars technica)

ars technica takes a look at Karmic boot times. "Canonical has announced the availability of Ubuntu 9.10 alpha 6, the final alpha release before the transition to beta testing. Ubuntu 9.10, codenamed Karmic Koala, introduces a number of important architectural improvements and also improves boot performance, especially on computers with solid state hard drives."

Comments (none posted)

Page editor: Rebecca Sobol


The Orocos Project - an open-source robotics library

By Forrest Cook
September 23, 2009

OROCOS, the Open Robot Control Software project, is a collection of software for use in developing robotics applications. The OROCOS project's history document states that the project was created in December, 2000 and was inspired by conversations on the European Robotics Network mailing list. OROCOS can be configured as one of the components of Robot OS, which was recently looked at in an LWN article. From the About the OROCOS project document:

“Orocos” is the acronym of the Open Robot Control Software project. The project's aim is to develop a general-purpose, free software, and modular framework for robot and machine control. The Orocos project supports 4 C++ libraries: the Real-Time Toolkit, the Kinematics and Dynamics Library, the Bayesian Filtering Library and the Orocos Component Library (Components for Control).

[The Orocos Project]


Robotics or machine control in general is a very broad field, and many roboticists are pursuing quite different goals, dealing with different levels of complexity, real-time control constraints, application areas, user interaction, etc. So, because the robotics community is not homogeneous, Orocos targets four different categories of “Users”:

The four user categories include:

  • Framework Builders: concentrate on the top-level design of the robotics control software.
  • Component Builders: provide services within an application by using the framework infrastructure.
  • Application Builders: integrate the Framework and components into a specific application using Application Templates.
  • End Users: use the applications to run a desired robotic task.

OROCOS is currently in a state of active development. New releases of two major OROCOS components have recently been announced.

Orocos Real-Time Tookit v1.10.0: "The Orocos development team is pleased to announce the next major feature release of the Real-Time Toolkit, a C++ toolkit for building component based, real-time robotics and machine control applications. The focus of this release was on portability and added a new target: native win32 builds. This release is backwards compatible with all 1.x.y releases, although some functionality has been deprecated or alternative usage patterns are preferred."

Orocos Component Library 1.10.0: "A new release was created of OCL, updating documentation and keeping up with the new features in RTT 1.10. Hopefully, this will be the last time there is a major OCL release in this form. We're discussing a new partitioning of the component repositories separating the application/robot specific components from the infrastructure components. Hopefully this will more clearly separate the 'common application environment' from the robot specific application itself."

The OROCOS code has been licensed under a combination of LGPL and GPL with a runtime exception. "Both the RTT and BFL software are licensed as GPL + runtime exception, which is exactly the same license as the GNU Standard C++ library (which is used by any C++ program running under Linux), and has in practice the same intentions as the LGPL license. The technical reason we could not longer use the LGPL license for RTT/BFL software was that the LGPL is not compatible with C++ templates, which are used extensively in the RTT/BFL libraries."

OROCOS has been applied to a number of real-world applications. Some of the more interesting uses include an interface to the Blender 3D content creation suite that allows controlling a mill, an autonomous automobile project, a 3D motion tracking system and EasyOROCOS CAD: "EasyOROCOS CAD is an interface which supports the interactive definition of a manipulator kinematics (and 3D geometry), and from that it generates an Orocos controller of the manipulator, in the form of a task running under Linux RTAI."

OROCOS brings a high level set of robotics tools to the Linux platform. Those who adopt it can avoid re-inventing the wheel, and will be able to tap into an active community of robotics software developers.

Comments (none posted)

System Applications

Audio Projects

gmpc, gmpc-plugins and libmpd 0.19.0 released

Version 0.19.0 of gmpc, gmpc-plugins and libmpd from the Music Player Daemon project have been announced. "gmpc version 0.19.0 has been released. It has several large changes visible to the user and factors more under the hood. Several long standing "wishes" where completed, like metadata plugins running in the main thread, a metadata selector, sqlite based metadata cache, GObject based plugins and much more. These updates will not only improve the user experience, but also make it possible to add lua or python plugins in the future."

Comments (none posted)

PulseAudio 0.9.18 released

Version 0.9.18 of the PulseAudio sound server has been announced. "Mostly bugfixes, important ones." See the changes document for details.

Comments (none posted)

Clusters and Grids

StarCluster 0.90beta released

Version 0.90beta of StarCluster has been announced. "StarCluster minimizes the administrative overhead associated with obtaining, configuring, and managing a traditional computing cluster used in research labs or for general distributed computing applications. StarCluster is built on top of EC2 which enables dynamically creating and destroying clusters of virtual machines and only paying for the time used. The amount per hour varies depending on the instance type and the number of virtual machines."

Full Story (comments: none)

Database Software

MySQL Community Server 5.0.86 has been released

Version 5.0.86 of MySQL Community Server has been announced, it includes a number of bug fixes. "MySQL Community Server 5.0.86, a new version of the popular Open Source Database Management System, has been released. This and future releases in the MySQL Community Server 5.0 series share version numbers with their MySQL Enterprise Server counterparts."

Full Story (comments: none)

MySQL Community Server 5.1.39 released

Version 5.1.39 of MySQL Community Server has been announced. "As with MySQL 5.1.38, 5.1.39 includes the InnoDB Plugin version 1.0.4. This version of the InnoDB Plugin is considered of Beta quality and is disabled by default."

Full Story (comments: none)

MySQL Server 5.4.2-beta released

Version 5.4.2-beta of MySQL Server has been announced. "MySQL 5.4 is based on MySQL 5.1 but includes several high-impact changes to address scalability and performance issues in MySQL Server. These changes exploit advances in hardware and CPU design and enable better utilization of existing hardware. MySQL 5.4 currently has Beta status."

Full Story (comments: none)

PostgreSQL Weekly News

The September 20, 2009 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

SQLObject 0.10.7 released

Version 0.10.7 of SQLObject has been announced, this is a minor bugfix release. "SQLObject is an object-relational mapper. Your database tables are described as classes, and rows are instances of those classes. SQLObject is meant to be easy to use and quick to get started with."

Full Story (comments: none)

SQLObject 0.11.1 released

Version 0.11.1 of SQLObject has been announced. "I'm pleased to announce version 0.11.1, a minor bugfix release of 0.11 branch of SQLObject."

Full Story (comments: none)

Embedded Systems

BusyBox 1.15.1 and 1.14.4 released

Stable versions 1.15.1 and 1.14.4 of BusyBox, a collection of command line utilities for embedded systems, have been announced. "Bug fix releases. 1.14.4 has fixes for ash, httpd, modprobe and the build system, 1.15.1 has fixes for ash (unicode fix), httpd (fix for "dir index via interpreter" case), hush ($PWD support), inetd (fd leak fix), modprobe-small (fix for aliases with dashes), unlzma (SEGV on 64-bit), and generic unpacking routines (was not restoring mode). "

Comments (none posted)

Networking Tools

RunPON 0.5 released

Version 0.5 of RunPON has been announced. "In this version: every menu contains a list of available configuration sets; the applet takes care of the panel orientation and there are other improvements useful to debug the program itself. RunPON is a small Python program useful to run the pon/poff scripts. It shows the elapsed connection time and periodically checks if a given network interface is still active."

Full Story (comments: none)

Web Site Development

TurboGears 1.1rc1 released

Version 1.1rc1 of the TurboGears web framework has been announced. "TurboGears 1.1rc1 is the first release candidate for the upcoming 1.1 release, which is the evolution of the TurboGears 1 codebase. The 1.1 branch now uses SQLAlchemy as the default database layer and Genshi as the standard templating engine but is 100 percent compatible with applications built on TurboGears 1.0."

Full Story (comments: none)

Desktop Applications

Desktop Environments

GNOME Software Announcements

The following new GNOME software has been announced this week: You can find more new GNOME software releases at

Comments (none posted)

KDE's Project Silk

Project Silk, a KDE-based effort aimed at better incorporating web-based data into non-browser applications, has announced its existence. "Good Silk examples are the web services framework in Amarok, OpenStreetMap integration in Marble, Photo uploads in Digikam, GetHotNewStuff for Plasma components." The project is just getting going, but has come code to show already.

Full Story (comments: 34)

KDE Software Announcements

The following new KDE software has been announced this week: You can find more new KDE software releases at

Comments (none posted)

Projects libfm and pcmanfm are now merged

The LXDE (Lightweight X11 Desktop Environment) project has announced the merging of the libfm and pcmanfm projects. "Today, we decided to move libfm, which aimed to be a core lib for developing file managers, to pcmanfm project. This doesn’t mean that you’ll need pcmanfm to use libfm. They are just hosted in the same project."

Comments (none posted)

Xorg Software Announcements

The following new Xorg software has been announced this week: More information can be found on the X.Org Foundation wiki.

Comments (none posted)


Microwar 2.0 beta 2 released

Version 2.0 beta 2 of Microwar has been announced. "MicroWar is "Space Invaders" style arcade game, in the cruel world of micro-compter industry. You're a Macintosh faced to invading Wintel hordes year after year, kill more PC. Bonuses let you improve your Mac performances or restore life..."

Full Story (comments: none)

GUI Packages

SPTK 4.00 released

Version 4.00 of SPTK has been announced. "For the last several months, the development of SPTK was dedicated to preparing to SPTK major release, 4.0. This version is a release candidate. All the class interfaces are now frozen. The only changes allowed now are the bug fixes."

Comments (1 posted)

Medical Applications

TriSano 2.0 released (LinuxMedNews)

LinuxMedNews has an announcement for TriSano 2.0. "TriSano™ is an open source, citizen-focused surveillance and outbreak management system for infectious disease, environmental hazards, and bioterrorism attacks. It allows local, state and federal entities to track, control and ultimately prevent illness and death."

Comments (none posted)

Music Applications

Hydrogen 0.9.4 released

Version 0.9.4 of Hydrogen, a drum machine, has been announced. A number of new features have been added. "After more than 3 years of development, the Hydrogen Development Team is pleased to announce a the 0.9.4 release!"

Full Story (comments: none)

QMidiRoute 0.3.0 released

Version 0.3.0 of QMidiRoute has been announced, it includes new features and bug fixes. "QMidiRoute is a MIDI event processor and router for the ALSA sequencer with a graphical interface based on the Qt toolkit."

Full Story (comments: none)

QXGEdit 0.0.1 released

Version 0.0.1 of QXGEdit has been announced. "here goes one more strike to the Linux Audio ecosystem. Rather an almost forgotten niche nowadays, I cannot let this rot in my hard disk. There it is, a XG Editor for the masses, at least the ones who love gems like the Yamaha DB50XG, a precious old piece of hardware that I do strive and joy (pun intended)."

Full Story (comments: none)

Office Suites

KOffice to be Used in Next Generation Smart Phone

KOffice will be used in Nokia's Maemo 5 mobile computer/phone platform. "Today Thomas Zander from Nokia announced in a blog that Nokia will be using KOffice as the core of the office viewer of Maemo 5. "The KOffice community is very happy to see this development", says Inge Wallin, marketing coordinator of KOffice. "It shows that our long and persistent work on compatibility and adaptibility within KOffice has paid off and is visible to outside viewers.""

Full Story (comments: 4)

Video Applications

Gnash 0.8.6 released

Version 0.8.6 of Gnash has been announced, it includes a long list of improvements. "Gnash is a GPLv3'd SWF movie player and browser plugin for Firefox, Mozilla, and Konqueror. Gnash supports many SWF v7 features and ActionScript 2 & 3 classes. with growing support for SWF versions 8-10. Gnash also runs on many GNU/Linux distributions, embedded GNU/Linux, FreeBSD, NetBSD, OpenBSD, non x86 processors, and 64 bit architectures. There are also standalone players for GNOME or KDE based desktops."

Full Story (comments: 1)


BleachBit 0.6.4 released

Version 0.6.4 of BleachBit has been announced. "BleachBit deletes junk files to free up disk space and keep your privacy. Highlights of changes in 0.6.4: * Add command line interface for use in scripts * Clean Opera 10.0 final * Add Malay translation * Update 17 other translations * Better support non-Linux POSIX systems such as NetBSD * Shrink the Windows installer by "compressing" GTK+ localizations and offering an English-only download * Quickly stop zeroing free disk space when you close the application window ("X it out")".

Full Story (comments: none)

Languages and Tools


GCC 4.5 Status Report

The September 19, 2009 edition of the GCC 4.5 Status Report has been published. "The trunk is in Stage 1. Stage 1 will end on Sep 30th. After Stage 1 Stage 3 follows with only bugfixes and no new features allowed. Stage 3 will end Nov 30th. Since the last status report we have merged the VTA branch and pieces of the LTO branch. The named address-spaces changes are still pending review but I expect it to be merged before the end of Stage 1. The rest of the LTO branch will be merged last, which practically means after Stage 1 is over. Thus, starting Oct 1st the trunk will be frozen for the LTO merge and I'll announce Stage 3 once the merge is completed."

Full Story (comments: none)


Caml Weekly News

The September 22, 2009 edition of the Caml Weekly News is out with new articles about the Caml language.

Full Story (comments: none)


Rakudo Perl 6 development release #21 (use Perl)

Development release #21 of Rakudo Perl 6, an implementation of Perl 6 on the Parrot Virtual Machine, has been announced. "Since the 2009-08 release, Rakudo Perl builds from an "installed Parrot" instead of using Parrot's build tree. This release of Rakudo requires Parrot 1.6.0. For the latest information on building and using Rakudo Perl, see the README file section titled "Building and invoking Rakudo"."

Comments (none posted)


PHP 5.2.11 released

Version 5.2.11 of PHP has been announced. "The PHP development team would like to announce the immediate availability of PHP 5.2.11. This release focuses on improving the stability of the PHP 5.2.x branch with over 75 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release."

Comments (none posted)


Hypy 0.8.4 released

Version 0.8.4 of Hypy has been announced. "Hypy is a fulltext search interface for Python applications. Use it to index and search your documents from Python code. Hypy is based on the estraiernative bindings by Yusuke Yoshida."

Full Story (comments: none)

python-daemon 1.4.8 released

Version 1.4.8 of python-daemon has been announced. "The 'python-daemon' library is the reference implementation of PEP 3143 "Standard daemon process library"."

Full Story (comments: none)

TestFixtures 1.6.2 released

Version 1.6.2 of TestFixtures has been announced. "This package is a collection of helpers and mock objects that are useful when writing unit tests or doc tests. This release fixes problems when using Comparison objects with instances of Django models".

Full Story (comments: none)

Python-URL! - weekly Python news and links

The September 17, 2009 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Version Control

GIT released

Version of the GIT distributed version control system has been announced. "This is primarily to fix a http regression introduced by".

Full Story (comments: none)

Page editor: Forrest Cook


Non-Commercial announcements

Citrix joins the Linux Foundation (SOA World)

SOA World reports on Citrix joining the Linux Foundation. "Citrix is a leading provider of virtualization; cloud computing, and software as a service (SaaS) offerings for companies worldwide, including 99 percent of Fortune 500 enterprises. Citrix leads the open source Xen® hypervisor project which is based on Linux."

Comments (none posted)

Free Software hits German election campaigns

The Free Software Foundation Europe is promoting the use of free software for German elections. "During a campaign launched by Free Software Foundation Europe (FSFE) politicians from many parties have recognised the potential of Free Software and Open Standards for Germany. In response to questions from supporters of FSFE, they explain that Free Software equals more competition, promotes innovation and provides cost savings. Free Software - such as the GNU/Linux operating system or the web browser Mozilla Firefox - can be used without restrictions, studied by anyone, be modified and passed on."

Full Story (comments: 1)

Commercial announcements

IBM Markets Wares to Africa (Wall Street Journal)

The Wall Street Journal reports that IBM is partnering with Canonical to sell Linux-based netbooks in Africa. "International Business Machines Corp. will try to sell a new package of low-priced computer desktop applications to companies and governments in Africa, challenging Microsoft Corp. and other rivals in the region. IBM, which has been pushing into developing markets like Africa and Asia as mature markets slow, said the package -- which includes basic programs like word processing and email -- would be made available to customers via remote "cloud computing" facilities, meaning users could access the programs from the Web. It would cost $10 per month per user, and can run on so-called netbook computers, or low-cost PCs priced around $300."

Comments (3 posted)

Legal Announcements

GPL upheld in France

The FSF France has announced an appeals court ruling upholding the GPL. "In a landmark ruling that will set legal precedent, the Paris Court of Appeals decided last week that the company Edu4 violated the terms of the GNU General Public License (GPL) when it distributed binary copies of the remote desktop access software VNC but denied users access to its corresponding source code. The suit was filed by Association pour la formation professionnelle des adultes (AFPA), a French education organization." It is also interesting that the suit was brought by a group which does not hold copyrights in the software in question.

Comments (10 posted)

New Books

The Book of Inkscape--New from No Starch Press

No Starch Press has published the book The Book of Inkscape by Dmitry Kirsanov.

Full Story (comments: none)

Cloud Security and Privacy--New from O'Reilly

O'Reilly has published the book Cloud Security and Privacy by Tim Mather, Subra Kumaraswamy and Shahed Latif.

Full Story (comments: none)

Dive Into Python 3 available

Mark Pilgrim's Dive into Python has been updated for Python 3; the result is Dive into Python 3. It is licensed under the Creative Commons Attribution Sharealike license and downloadable as HTML, PDF, or straight from the Mercurial repository.

Comments (5 posted)

Linux in a Nutshell, Sixth Edition--New from O'Reilly

O'Reilly has published the book Linux in a Nutshell, Sixth Edition by Stephen Figgins, Ellen Siever, Robert Love, and Arnold Robbins.

Full Story (comments: none)

Programming Scala--New from O'Reilly

O'Reilly has published the book Programming Scala by Dean Wampler and Alex Payne.

Full Story (comments: none)

The Python Tutorial, in Spanish

A Spanish translation of The Python Tutorial has been announced. "We finally translated to Spanish the very last version of the Python Tutorial!"

Full Story (comments: none)


LiMo white paper: Mobile open source economic analysis

The LiMo Foundation has published an interesting white paper [PDF] on the economic value of working with the development community. "The cost of forking and losing connection with upstream development is twofold: i) the corresponding cost of presumed beneficial unleveraged potential, ii) the further cost of having to re-engineer modified forked code in the future to accommodate the inevitable eventual re-sync with upstream. We quantified the former to show that the figures run into $millions for important components such as GTK, WebKit, GStreamer and BlueZ." (By way of Dave Neary).

Comments (2 posted)

Calls for Presentations

CFP: Business of Open Source mini-conf at LCA

A call for papers has gone out for the Business of Open Source mini-conf at Linux Conf Australia, submissions are due by October 14. "The "Business of Open Source" mini-conf at LCA 2010 (Wellington, New Zealand; January 18-23) is for people interested in business aspects of open source. Topics include licensing your work, building a market, building a community, gathering market data, distribution, communications, working with open source developers, working with governments and countries, working with procurement departments, corporate governance, funding, pricing, lessons from your experience, and whatever related topics people would like to bring up."

Full Story (comments: none)

LCA Libre Graphics Day miniconf and call for papers announced

The Inkscape vector drawing application has an announcement for the LinuxConf.Au Libre Graphics Day miniconf. "There are several more possibilities to meet and discuss free graphics tools opther than at Libre Graphics Meeting, so it was decided to organize smaller events under same name "Libre Graphics Day". The first one will be organized by Inkscape's developer Jon A. Cruz and held at in Wellington, New Zealand, on January 18, 2010. You can submit a proposal for a talk till September 25. Read more at LGD's website and get involved, either as developer or user!"

Comments (none posted)

Upcoming Events

Enterprise LAMP Summit (LinuxMedNews)

LinuxMedNews has announced the Enterprise LAMP Summit. "The Enterprise LAMP Summit for CTOs (Nov. 5-6) will feature a case study about the use of several parts of the LAMP software stack in a sophisticated and highly effective patient white board developed by the Vanderbilt University Medical Center Informatics Center."

Comments (none posted)

Enterprise LAMP Network Event (LinuxMedNews)

LinuxMedNews has announced the Enterprise LAMP Network Event. "On Saturday, Nov. 7, approximately 600 top LAMP developers from around the U.S. will converge on Nashville suburb Franklin, TN, to learn from innovative companies that will share their on-the-ground reports about the latest developments in LAMP offerings and implementation."

Comments (none posted)

Community members invited to Qt Developer Days 2009 (KDEDot)

KDE.News has announced the Qt Developer Days 2009. "The last few years has seen the company formerly known as Trolltech open their arms to one of the largest parts of their supporting community, KDE, in a new way: By offering a few members of the KDE community free admittance to the Qt Developer Days conference. This year is no different, and they have invited a number of people to attend this year's conferences. Yes, that's plural: There are two conferences. One from the 12th to 14th of October in Munich, Germany and one from the 2nd to the 4th of November in San Francisco, USA."

Comments (none posted)

Events: October 1, 2009 to November 30, 2009

The following event listing is taken from the Calendar.

September 28
October 2
Sixteenth Annual Tcl/Tk Conference (2009) Portland, OR 97232, USA
October 1
October 2
Open World Forum Paris, France
October 2
October 4
7th International Conference on Scalable Vector Graphics Mountain View, CA, USA
October 2 LLVM Developers' Meeting Cupertino, CA, USA
October 2
October 4
Linux Autumn (Jesien Linuksowa) 2009 Huta Szklana, Poland
October 2
October 4
Ubuntu Global Jam Online, Online
October 2
October 3
Open Source Developers Conference France Paris, France
October 2 Mozilla Public DevDay/Open Web Camp 2009 Prague, Czech Republic
October 3
October 4
T-DOSE 2009 Eindhoven, The Netherlands
October 3
October 4
EU MozCamp 2009 Prague, Czech Republic
October 7
October 9
Jornadas Regionales de Software Libre Santiago, Chile
October 8
October 10
Utah Open Source Conference Salt Lake City, Utah, USA
October 9
October 11
Maemo Summit 2009 Amsterdam, The Netherlands
October 10
October 12
Gnome Boston Summit Cambridge, MA, USA
October 10 OSDN Conference 2009 Kiev, Ukraine
October 12
October 14
Qt Developer Days Munich, Germany
October 15
October 16
Embedded Linux Conference Europe 2009 Grenoble, France
October 16
October 17
Pycon Poland 2009 Ustron, Poland
October 16
October 18
Pg Conference West 09 Seattle, WA, USA
October 16
October 18
German Ubuntu conference Göttingen, Germany
October 18
October 20
2009 Kernel Summit Tokyo, Japan
October 19
October 22
ZendCon 2009 San Jose, CA, USA
October 21
October 23
Japan Linux Symposium Tokyo, Japan
October 22
October 24
Décimo Encuentro Linux 2009 Valparaiso, Chile
October 23
October 24
Ontario GNU Linux Fest Toronto, Ontario, Canada
October 23
October 24
PGCon Brazil 2009 Sao Paulo, Brazil
October 24
October 25
PyTexas Fort Worth, TX, USA
October 24
October 25 2009 Kuala Lumpur, Malaysia
October 24 Florida Linux Show 2009 Orlando, Florida, USA
October 24 LUG Radio Live Wolverhampton, UK
October 25 Linux Outlaws and Ubuntu UK Podcast OggCamp Wolverhampton, UK
October 26
October 28
Techno Forensics and Digital Investigations Conference Gaithersburg, MD, USA
October 26
October 28
GitTogether '09 Mountain View, CA, USA
October 26
October 28
Pacific Northwest Software Quality Conference Portland, OR, USA
October 27
October 30
Linux-Kongress 2009 Dresden, Germany
October 28
October 30 2009 Luxembourg
October 28
October 30
no:sql(east). Atlanta, USA
October 29 NLUUG autumn conference: The Open Web Ede, The Netherlands
October 30
November 1
YAPC::Brasil 2009 Rio de Janeiro, Brazil
October 31 Linux theme day with ubuntu install party Ede, Netherlands
November 1
November 6
23rd Large Installation System Administration Conference Baltimore, MD, USA
November 2
November 6
ApacheCon 2009 Oakland, CA, USA
November 2
November 6
Ubuntu Open Week Internet, Internet
November 3
November 6 Conference Orvieto, Italy
November 4
November 5
Linux World NL Utrecht, The Netherlands
November 5 Government Open Source Conference Washington, DC, USA
November 6
November 8
WineConf 2009 Enschede, Netherlands
November 6
November 10
CHASE 2009 Lahore, Pakistan
November 6
November 7
PGDay.EU 2009 Paris, France
November 7
November 8
OpenFest 2009 - Biggest FOSS conference in Bulgaria Sofia, Bulgaria
November 7
November 8
OpenRheinRuhr Bottrop, Germany
November 7
November 8
Kiwi PyCon 2009 Christchurch, New Zealand
November 9
November 13
ACM CCS 2009 Chicago, IL, USA
November 10
November 11
Linux Foundation End User Summit Jersey City, New Jersey
November 12
November 13
European Conference on Computer Network Defence Milan, Italy
November 13
November 15
Free Society Conference and Nordic Summit Göteborg, Sweden
November 14 pyArkansas Conway, AR, USA
November 16
November 19
Web 2.0 Expo New York, NY, USA
November 16
November 20
November 16
November 20
Ubuntu Developer Summit for Lucid Lynx Dallas, TX, USA
November 17
November 20
DeepSec IDSC Vienna, Austria
November 19
November 22
Piksel 09 Bergen, Norway
November 19
November 21
Firebird Conference 2009 Munich, Germany
November 19
November 20
CONFIdence 2009 Warsaw, Poland
November 20
November 21
PostgreSQL Conference 2009 Japan Tokyo, Japan
November 21 Baltic Perl Workshop 2009 Riga, Latvia
November 25
November 27
Open Source Developers Conference 2009 Brisbane, Australia
November 27
November 29
Ninux Day 2009 Rome, Italy

If your event does not appear here, please tell us about it.


By popular demand: LWN T-shirts

[LWN shirt] It took a while, but we have finally managed to get our act together and put a set of LWN-logo T-shirts at the Cafe Press store. There are also sites in Australia, Canada, and the United Kingdom. An LWN shirt marks the wearer as one of the LWN-reading elite, and sales help to support the site as well. We know that none of you have enough Linux-related T-shirts, so please have a look and fill out your wardrobe.

Comments (36 posted)

Page editor: Forrest Cook

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds