Keith Bergelt, CEO of the Open Invention Network (OIN), described the circumstances which led the company to recently purchase 22 Microsoft patents, as part of a talk at the first LinuxCon. While the circumstances surrounding that purchase were quite interesting—and indicative of Microsoft's patent strategy—he also described the mission of OIN as a protector of Linux from patent trolls. Because patents are likely to be a threat to Linux for a long time to come, organizations like OIN are needed to allow Linux development to continue with as few patent impediments as possible.
Linux Foundation (LF) executive director Jim Zemlin introduced Bergelt by noting that OIN had done a great service for the Linux industry and community by purchasing those patents, which otherwise would have gone to "non-operating" companies—essentially patent trolls. Bergelt caught wind of the sale and headed off what might have been a potent attack against Linux, Zemlin said.
OIN was started by six companies (Sony, IBM, NEC, Red Hat, Philips, and Novell) four years ago to anticipate and preempt these kinds of patent sales, Bergelt said. It is a "very unusual entity" and when he was approached to be the CEO, it took some time to understand the "active benevolence" that was the mission of OIN. The members put a "very significant amount of money" into OIN, which means that, unlike a pledge fund, the capital is available, allowing Bergelt the autonomy to make decisions about how to deploy it.
OIN licenses its patents for use by others, with the proviso that those companies not assert their patents against Linux. It is, essentially, a defensive patent pool for the entire Linux community.
He sees the mission of OIN as allowing Linux to "be beneficial, at a macro level, to economic growth", by reducing the patent threat. The most recent patents were purchased from Allied Security Trust (AST), which represents its 15 members (including three that Bergelt named: HP, Ericsson, and IBM) by buying patents, licensing them to the members, and then reselling the remaining rights on the open market. Bergelt contrasted AST and OIN, saying that the latter is not just representing the six companies who are its members, but is, instead, "representing society". In his view, "patents will continue to exist", so it is important to "ensure that they don't have a negative impact on Linux in the future".
Bergelt described Microsoft's patent suit against TomTom as being a part of the software giant's "totem strategy". By getting various companies to settle patent suits over particular patents, Microsoft can erect (virtual) totem poles in Redmond, creating a "presumption of patent relevance". According to Bergelt, Microsoft tends to attack those who try to create parity with it in some area, which TomTom did. But, TomTom had overextended itself with a large amount of debt from their acquisition of mapping company Tele Atlas. That made it an opportune time to put the squeeze on TomTom, which is exactly what Microsoft did.
But, Microsoft was surprised to find that TomTom had allies in the form of OIN and others. Originally, Microsoft had asked for an "astronomical" sum to settle the suit, but after TomTom joined OIN and countersued Microsoft, the settlement number became much smaller. In fact, it was small enough that it was not necessary to report the amount under Dutch securities regulations. Because the cost to defend a patent suit—even successfully—could be upwards of $14 million, the TomTom board really had no choice but to settle.
But, patent suits are generally fairly high-profile, and there are other means to attack Linux companies more quietly. One of those is to sell patents to "non-practicing" (or "non-operating") entities who have no other business besides patent litigation. These trolls do not have any products that could be the target of patent countersuits, which is a standard way of combating patent suits. Bergelt said that $20 billion has been spent this decade by multiple organizations to acquire patents for trolling.
Companies with large patent portfolios have been pressured by investors to use those patents to generate revenue. One way to do that is to sell them to trolls, which brings in money and insulates the company from actually bringing suit itself. In some cases, this has led to patent trolls attacking the customers of the company who originally held the patents, Bergelt said.
Over the last three years, OIN has been one of the three largest patent acquirers, so it could not have been an oversight that Microsoft did not approach OIN about buying these patents. The bundle of patents was expressly presented as being relevant to Linux, which has the effect of "pointing the troll in the right direction", according to Bergelt. He clearly indicated his belief that this was an attempt to attack Linux by proxy; Microsoft would have "plausible deniability" because they could claim they were sold to a defensive patent pool such as AST.
But, AST is required to resell the patents it acquires, after licensing them to its members, within 12 months of purchasing them. Normally it would sell them to trolls, but Bergelt was able to arrange a purchase by OIN. He noted that if you wanted to get patents to trolls, but keep your hands "clean", selling them to AST is the right way to do it. Going forward, though, there is a patent treaty forming between AST and OIN, which should help alleviate this particular problem in the future.
The Data Tern/Amphion patent suit against Red Hat, which was based on a relational database patent, was also noted by Bergelt as a successful defense of free software from a patent threat. Red Hat settled the suit on behalf of the community as a whole, rather than allow further suits against free software to be filed. Bergelt said that Data Tern/Amphion were "not anti-Linux", in contrast to Microsoft's intent, but were focused purely on the return on its investment in buying the patent.
Intellectual Ventures is an organization to keep an eye on, Bergelt said, as it has some 23,000 patents, more than any other non-practicing entity. Three weeks ago, it started selling some of its patents—to patent trolls. OIN is also approaching patent trolls to suggest that they contact OIN before suing Linux companies. In some cases, OIN has averted lawsuits by acquiring patent rights from trolls.
The 22 patents in question are listed on the OIN website, but they aren't separated from the rest of the patents that OIN has acquired. They were all issued to either Microsoft or SGI originally, though, Bergelt said, which should assist anyone wishing to study what the patents cover. He noted that they are not the OpenGL patents, as some thought, because those are believed not to read on Linux.
In addition to acquiring patents, OIN has several other projects that are meant to reduce the patent problems for Linux. Peer to patent and post-issue peer to patent are both meant to "crowdsource" the process of finding prior art for patents that are in process or those that have already been issued. The former is meant to help the Patent and Trademark Office (PTO) so that bad patents don't get issued, while the latter looks for bad patents so that they can be submitted to the PTO for re-examination.
Defensive publications are another strategy that companies can take to protect their ideas without patenting them. OIN is advocating the use of defensive publication to create prior art, so that, in the best case, patents will not be granted covering those ideas. Instead of the "negative right" that is created with a patent, defensive publication creates something that everyone can use, but no one can patent. OIN's lawyers will review defensive publication submissions for free, making any necessary changes and then adding them to the IP.com database which is used for prior art searches by the PTO.
Companies who want to patent their ideas can also use defensive publication by patenting the core idea and wrapping that core with published information. This is happening more frequently because the cost of a patent application is becoming "prohibitive". OIN is encouraging the community to use defensive publications to protect its ideas as well.
Bergelt stressed that OIN is not set up as an anti-Microsoft organization, as they are focused on any entity threatening Linux with patents. In the most recent case that was Microsoft, but his expectation is that "Microsoft will go through a painful transition", but will eventually join the free software community. The benefits of free software development will be too strong to resist.
In closing, both Zemlin and Bergelt mentioned the Linux Defenders project, which is a joint venture between OIN, LF, and the Software Freedom Law Center. It is the umbrella organization for the peer to patent efforts along with the defensive publication initiative, but it also seeks to counsel companies who have been approached about patents that read on Linux. Zemlin noted that the traditional approach is to get a potential victim to sign a non-disclosure agreement (NDA) before discussing the patents in question. He stressed that companies should get in touch with Linux Defenders before signing the NDA, as that seriously limits what help it can provide.
In response to questions from the audience, Bergelt noted that there is some hope for patent reforms, which may "narrow the space" for trolls to work in. Judges are starting to recognize the problem he said, but wholesale changes are not likely in the cards. In addition, he noted that even defining "non-practicing entity" is difficult, pointing to Qualcomm as an example of a company that was not very successful using its patents in products, but quite successful in licensing them to others.
He also sees hope at the PTO. Fewer poor patents are being issued and far fewer patents are being issued overall. Things are changing, but they will never be as good as we want them to be, he said.
When ASUS created the netbook market, its disruptive new machines all ran Linux. The development community welcomed this news, which seemed like a validation of much of what we've been doing all these years. But it did not take very long before Microsoft was announcing that the vast majority of netbook systems were now shipping with Windows instead. How is it, Dirk asks, that Windows is able to displace Linux on systems like netbooks?
Part of the problem, certainly, was the second-rate distribution which was shipped with the early netbooks. It suffered from what Dirk calls the "three click problem." When the system is first turned on, everything looks great. But, by the time the user gets three clicks into the system, it's clear that it is an unfinished product. Obvious problems - configuration dialog boxes for applications which do not fit on the small screen, for example - are everywhere. So it does not take long for users to feel that they have not gotten what they really wanted.
But the bigger problem, says Dirk, is that the systems installed on these devices are trying to be Windows. They are trying to beat Microsoft at its own game, and that is a difficult strategy at best. If the ultimate goal of a development project is to copy somebody else, it is inevitable that the project will always be behind its target. It will never be a perfect copy, and users will know. The user's experience will always be less than it could be with the original.
An example is OpenOffice.org's attempt to copy the "ribbon" interface found in Office 2007. It's already two years later, it is not that great an interface in the first place, and OpenOffice.org will not do it as well as Microsoft did. Suffice to say that Dirk does not appear to be much impressed by this particular initiative. Similarly, attempts to copy the iPhone in mobile devices are doomed to an always-inferior existence. There has to be a better way.
That better way, says Dirk, is to move past the desktop metaphor which was never all that great an idea in the first place. People who are buying computers now are not interested in desktops, and they do not really care about the operating system they are running. What they want is to join communities. So the most important thing we should be doing, in the design of our applications and interfaces, is to better connect users with the communities they are interested in.
[PULL QUOTE: Indeed, the processes in many communities seem to have the explicit goal of encouraging people interested in design to go elsewhere. END QUOTE] On the issue of design, Dirk made the claim that we have few real designers in our communities. Indeed, the processes in many communities seem to have the explicit goal of encouraging people interested in design to go elsewhere. One partial exception might be KDE; Dirk claims that KDE applications tend to be nicer because Nokia (and Trolltech before it) have put true design resources into the Qt toolkit. In general, though, we are not doing a good job of reaching out to designers, but we need those designers if we are going to create great systems.
The closing note of this talk was simple: listen to the users. And, by "users," he did not mean the people in the room, but the much wider user community that we need to reach.
Dirk's second talk filled a brief keynote slot; it was called "how to shine in a crowded field." The specific crowded field he was talking about was consumer electronics, which is packed with devices in search of customers. In this market, success is not something that just happens. There are, says Dirk, four things which are required.
The first of those is vision. There are, he says, plenty of visionaries out there, even if many of them do not see as far as they might think. We need those visionaries - just following others is, as was described above, not the way to be successful. Our community needs people who are not stuck doing things the way they have always been done.
The second requirement is competence - the ability to actually implement the visions. One of the nice things about the open source world is that competence is very much on display. We can (relatively) easily measure the competence of others, and our own competence as well. We are very free to learn from each other and quickly improve our competence.
Then there's commitment. Without commitment, developers will not see the task through to the end. And, just as importantly, users need to see that commitment. They need to know that the developers will be around, that they are serious, that they will respond to bugs, and that they will continue to carry the code forward. That said, open source makes users less dependent on the commitment of others. When a proprietary software vendor abandons a body of code, there is nothing the users can do about it. Open source software can be picked up and carried forward by others.
Finally, there is the matter of focus. Without focus, we will lose; there are simply too many distractions which can get in the way.
So how does the community do in these areas? We have visionaries, though Dirk would like to see more of them who are willing to go further off the beaten path. For competence, Dirk suggests downloading a random SourceForge project and looking at the code. That, he says, will make one question whether the open source community possesses any competence at all. Commitment, too, is on display at SourceForge - most projects there are inactive and going nowhere.
And focus, he says, is really hard. As a result, open source projects are highly susceptible to the 80/20 problem. The first 80% of the work is fun. But the task of actually finishing the job is less so, so it often doesn't happen. So we have a surfeit of 80%-done programs which have since been abandoned. We have, he says, 55 bad spreadsheets out there when we could have three really good ones. If we could stick to the projects we have, rather than yielding to the temptation to start some new, shiny project, we would be in much better shape.
Another example is the nearly 300 active distribution projects out there; it would be better to have fewer choices which were more complete. Given that, one might ask why Dirk's group went off and created Moblin - yet another new distribution. His answer (to his own question) was that they studied the available distributions and couldn't find one which they thought they could carry forward to a full implementation of the vision they had for Moblin. They needed to start anew, he said, to be able to commit to reaching the end.
In conclusion, Dirk says, the recipe for standing out is relatively straightforward: listen to the users, implement the whole vision, and go someplace where others have not been.
|Our host, Jeremy Allison|
|The Nerds: Jono Bacon, Joe Brockmeier, and Matt Domsch|
|The Geeks: Greg Kroah-Hartman, Ted Ts'o, and Chris Wright|
|The crowd gets ruthlessly rickrolled by the Nerds and the MC|
|Chris Wright takes the controls; Ted Ts'o does his best to stay out of the way.|
|We didn't need all those parts anyway, right?|
|Matt Domsch achieves liftoff.|
On September 8, GPS device maker and mapping service provider TomTom pulled back the curtain on what it hopes will become an industry-wide standard for location referencing and dynamic route guidance. OpenLR, as it is known, is designed to allow heterogeneous applications and services to exchange location information in a compact, map-agnostic manner, which would ease the burden of interoperability between Web map services, car navigation devices, and other content systems that provide location-sensitive data such as public safety warnings. TomTom said it wants OpenLR to be a royalty-free, open specification, with a GPLv2-licensed encoder and decoder that will come shortly.
The company has long used Linux and open source software in its hardware products, which led to the famous patent lawsuit with Microsoft in February of 2009, over the VFAT filesystem. TomTom counter-sued Microsoft for patent infringement, and the two companies settled out-of-court in March. Despite its history with the open source community and development model, OpenLR is TomTom's first attempt at launching a completely new open source project of its own.
The problem OpenLR is designed to solve is rapid exchange of location-relevant content between independent data providers, aggregators, and end-user devices. OpenLR is not a geographic coordinate system (such as World Geodetic System 84 (WGS 84)) or a markup language akin to KML or GPX. Rather, OpenLR focuses on encoding location reference points (LRPs) using a combination of coordinates and attributes such as functional road class (FRC) and form of way (FOW) that describe the LRP in terms of its physical attributes. Thus, an application using a map from a web-based mapping service and directions from a GPS device can decode an LRP using multiple factors and determine that it is the same location, even if they use different map formats or disagree slightly.
In spite of the name "location reference point," as it is defined by OpenLR, an LRP is more like what a mathematician might call a directed graph edge: it has a start and end node, a bearing (compass direction), and a length. This evidences OpenLR's underlying goal of describing travel rather than precisely pinpointing stationary objects, but the terminology could still be confusing for newcomers. FRC and FOW likewise focus the attention on roads; FRC is defined as a number from FRC 0 ("main road"), to FRC 1 ("first class road") all the way down to FRC 7 ("other road"). FOW describes the physical type of road: motorway, roundabout, traffic square, and so on.
The primary use case TomTom outlines for OpenLR is to describe "line locations," which it defines as the concatenation of shortest paths covering a set of LRPs. OpenLR itself does not calculate the shortest or best path between a start LRP and end LRP; it merely provides a way for the software to encode it for exchange in a bandwidth-friendly way. OpenLR is not concerned with other map elements found along the way, such as geographical features or points of interest (POIs).
Routing between selected locations is arguably the easiest scenario to imagine; a device could request a route between two points and receive directions back from a remote server as OpenLR data. In addition, TomTom describes several cases where OpenLR might be used to propagate other information useful to travelers, such as traffic congestion data, public safety warnings, and even cooperative vehicle-to-vehicle communication — all of which share the same need for shortest-path routing information — plus applications useful to municipalities such as real-time urban traffic management and toll-road usage information.
TomTom's OpenLR Introduction [PDF] says that OpenLR is designed to be map-agnostic (meaning that OpenLR data is independent of both the map vendor and map version), communication-channel independent (so it can be transmitted just as easily by radio broadcast or over an IP network), and encoder independent (so that any device, application, or service can unambiguously decode the information sent by any other). The company has posted a more detailed description of the OpenLR data format in a white paper [PDF] available on its web site, including the byte-oriented stream format and details about how to specify each component, from coordinates (in WGS 84) to bearings and distances.
In its presentation, the company explains the value of releasing OpenLR as an open standard — better buy-in from key industry stakeholders, security against intellectual property threats, and flexibility to expand and enhance the standard in the direction chosen by the community. TomTom has filed for patent on the core concept in OpenLR, but says that it will publish the method used in the patent in its GPL-licensed encoder and decoder implementation. The documentation itself is published under the Creative Commons CC-BY license.
TomTom explains in the presentation that it chose the GPLv2 for OpenLR's license in order to protect free implementations from patent attack, noting that commercial services can still deploy the software. It also says that the license to use OpenLR will include a non-assertion clause. Complete details are provided in a separate license document [PDF].
Although TomTom says it will take the leadership and maintenance role in OpenLR's development, the white paper and presentation both assert that the company wants and expects the open source community to participate in expanding OpenLR, including the coverage of different types of data (such as Points and Areas), support for different formatting option such as XML, integration with GPS and Galileo positioning systems, and integration with the Transport Protocol Experts Group (TPEG) traffic and travel information standard.
The core data covered in OpenLR's route-and-traffic exchange usage scenario can also be expressed in other, existing formats. The most widely-known is Radio Data System Traffic Message Channel (RDS-TMC), a format broadcast in a data sideband of standard FM radio transmissions. RDS-TMC is widely deployed in just a few countries, notably Germany, though it is available around Western Europe and North America. RDS-TMC traffic data itself can originate from a number of sources, including government-deployed road sensors, and the format itself is published.
Nevertheless, using RDS-TMC is problematic — particularly for free software — because it encodes the actual locations referenced via a copyrighted data set, one which is limited in size and not easily updated or corrected. A system similar in scope called AGORA-C is proprietary and commercial, relying on licensing and royalty collection, which has led to uncertain commitment from industry players. The TPEG format TomTom alluded to it its presentation is open, but TomTom regards its current location-referencing subsystem (TPEG-Loc) as unsuitable because of a lack of standardized encoding rules.
The market for location-referencing is large; free routing services from the likes of Google and Yahoo do not bring in any revenue, but in-car navigation systems (both built-in and aftermarket) are reportedly a huge and still-growing business. TomTom itself sells navigation software for platforms like the iPhone, and fee-based services for drivers to avoid speed traps and other road hazards. TomTom also owns map maker Tele Atlas, which it acquired in 2007.
Competition between TomTom and mapping rivals like Garmin and DeLorme in this space is fierce; the financial stakes are high and the number of players is low. That is a situation which free software advocates recognize has prompted the strategic release of a core technology as open source many times before. OpenLR certainly meets a need in the navigation stack; open projects like OpenStreetMap cannot use alternative systems such as RDS-TMC or AGORA-C because of their licensing. Nevertheless, OpenLR's openness is no silver bullet; for it to make a substantial impact it will still have to be adopted by multiple industry players, including traffic data providers.
Of course, an active show of participation on the standard from the open source and open standards communities could go a long way in making that happen. TomTom is expected to present about OpenLR this week at the World Congress on Intelligent Transport Systems. The reaction there will say a lot about the industry's take on the technology. For the open source community's reaction, one will probably have to wait for the still-to-come source code release.
"I'm the rain in the cloud" is how Red Hat's Dan Walsh described himself at the beginning of his LinuxCon talk. There is much talk of "cloud computing" these days, but there has not been too much attention paid to the security aspects. Running multiple guest operating systems on the same hardware is "one of the scariest things you can do" from a security point of view, he said. sVirt was developed to combat the problem by applying SELinux mandatory access controls to restrict what guests can do—even if they break out of their containment and can access the Linux host OS.
Before virtualization, servers were separated by network connections, so a misbehaving server would have to launch a network-based attack to break into another server. There are lots of tools available to administrators that will alert or thwart network attacks, but when the servers are running on the same hardware, there is another line of attack: the hypervisor itself. Guests that can perform unauthorized actions on the host OS or hypervisor may be able to access information that is only supposed to be available to a different guest.
These are not theoretical attacks, Walsh said, as there have been successful attacks against Xen and others. Hypervisor vulnerabilities are the "number one goal" of the attacker community right now. The attack against Xen was able to subvert the SELinux policies that were in place on Red Hat Enterprise Linux (RHEL) specifically to stop that kind of attack. Those policies failed because the SELinux labeling of Xen processes and data were left up to administrators—something that sVirt is meant to fix.
Walsh pointed out that all guest OSes typically run as the same user in the Linux host. So, any exploit means that guests can access any other guest on that host. In the cloud computing scenario, users have no idea who else is sharing their machine, so it could easily be a competitor or someone with a malicious intent. But, enforcing separation between processes is a job that SELinux is good at.
In an SELinux-enabled system, processes and data both get labeled based on how they are allowed to be used. Since virtual machines are processes and their filesystem images are files on the host, proper application of SELinux labels—along with rules to govern the label interactions—will effectively disallow guests from unauthorized access to other guests. The host kernel enforces those rules so, as long as the kernel itself is uncompromised, rogue guests are confined.
As they learned from the Xen compromise, leaving the labeling up to administrators does not work, Walsh said, so they added dynamic labeling into libvirt. sVirt uses a largely unused field—for multi-category security (MCS)—in the SELinux label and generates a random unused value for that field. It labels the image file, then launches the virtual machine using that same label.
Using the MCS field allows the same SELinux rules to be used for all of the guests, but still restrict guests such that each guest can only access its process and data. When the guest exits, the guest image is then relabeled back to its original value. Different labels are used for shared images, depending on whether they are shared as read-only or read-write, which will allow administrators some flexibility while still restricting access to unrelated guest images.
Starting with Fedora 11, virt-manager will, by default, handle the automatic relabeling of virtual machines and data, Walsh said. One would guess that RHEL 6 will have that capability as well.
While it is certainly not a panacea for security in a virtualized environment, sVirt does provide some useful separation between guests. There is still cause to be concerned about potential kernel vulnerabilities that would allow end runs around SELinux, but sVirt reduces the exposure surface. As part of a multi-layered defense, sVirt effectively narrows the cracks that attackers can slip through.
Brief itemsposting about a new feature added to his SELinux sandbox. sandbox -X essentially combines the sandbox with the idea behind the "xguest" user to create a sandbox for arbitrary desktop applications. It came out of a request to be able to sandbox "acroread": "Acroread and most other desktop applications use multiple communication channels, interacting not just with stdin and stdout, but accessing configuration files, directly or using interprocess calls as with GConf, the X server and other applications, and usually have full run of the user's home directory. A bug in a desktop application can be exploited to attack other processes on the system through any of these channels. Attempting to lock down access to these things usually just causes applications to break, or at least degrades the user experience. In a nutshell, there was no good, general-purpose way to lock down Acroread, or that matter, any other desktop application." an interview with Nominum manager Jon Shalowitz; it's an amusingly retro experience for those of us who have forgotten what 1990's-style security FUD looked like. "If I have a secret way of blocking a hacker from attacking my software, if it's freeware or open source, the hacker can look at the code. By virtue of something being open source, it has to be open to everybody to look into. I can't keep secrets in there. But if I have a commercial-grade software product, then all of that is closed off, and so things are not visible to the hacker." Needless to say, he is attempting to sell such a product.
|Package(s):||apache||CVE #(s):||CVE-2009-3094 CVE-2009-3095|
|Created:||September 22, 2009||Updated:||March 1, 2010|
|Description:||From the Mandriva advisory:
Multiple vulnerabilities were discovered and corrected in apache:
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command (CVE-2009-3094).
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095).
|Package(s):||bugzilla||CVE #(s):||CVE-2009-3125 CVE-2009-3165 CVE-2009-3166|
|Created:||September 21, 2009||Updated:||June 4, 2010|
|Description:||From the Bugzilla advisory:
* Two SQL injection attacks have been discovered in Bugzilla. One only affects the 3.4 series, while the other affects the 3.0, 3.2, and 3.4 series. These are extremely serious vulnerabilities that must be patched immediately.
* When a user would change his password, his new password would be exposed in the URL field of the browser if he logged in right after changing his password.
|Created:||September 22, 2009||Updated:||September 23, 2009|
|Description:||From the Debian advisory: Marek Grzybowski discovered that changetrack, a program to monitor changes to (configuration) files, is prone to shell command injection via metacharacters in filenames. The behaviour of the program has been adjusted to reject all filenames with metacharacters.|
|Created:||September 23, 2009||Updated:||October 5, 2010|
|Description:||From the Mandriva alert: Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632 (CVE-2009-3235).|
|Created:||September 21, 2009||Updated:||September 23, 2009|
|Description:||From the Drupal advisory:
Multiple vulnerabilities and weaknesses were discovered in Drupal.
OpenID association cross site request forgeries: The OpenID module in Drupal 6 allows users to create an account or log into a Drupal site using one or more OpenID identities.
OpenID impersonation: The OpenID module is not a compliant implementation of the OpenID Authentication 2.0 specification. An implementation error allows a user to access the account of another user when they share the same OpenID 2.0 provider.
File upload: File uploads with certain extensions are not correctly processed by the File API. This may lead to the creation of files that are executable by Apache. The .htaccess that is saved into the files directory by Drupal should normally prevent execution. The files are only executable when the server is configured to ignore the directives in the .htaccess file.
Session fixation: Drupal doesn't regenerate the session ID when an anonymous user follows the one time login link used to confirm email addresses and reset forgotten passwords. This enables a malicious user to fix and reuse the session id of a victim under certain circumstances.
|Package(s):||pidgin||CVE #(s):||CVE-2009-2703 CVE-2009-3026 CVE-2009-3083 CVE-2009-3085|
|Created:||September 21, 2009||Updated:||January 18, 2010|
|Description:||From the Red Hat advisory:
A NULL pointer dereference flaw was found in the way the Pidgin XMPP protocol plug-in processes IQ error responses when trying to fetch a custom smiley. A remote client could send a specially-crafted IQ error response that would crash Pidgin. (CVE-2009-3085)
A NULL pointer dereference flaw was found in the way the Pidgin IRC protocol plug-in handles IRC topics. A malicious IRC server could send a specially-crafted IRC TOPIC message, which once received by Pidgin, would lead to a denial of service (Pidgin crash). (CVE-2009-2703)
It was discovered that, when connecting to certain, very old Jabber servers via XMPP, Pidgin may ignore the "Require SSL/TLS" setting. In these situations, a non-encrypted connection is established rather than the connection failing, causing the user to believe they are using an encrypted connection when they are not, leading to sensitive information disclosure (session sniffing). (CVE-2009-3026)
A NULL pointer dereference flaw was found in the way the Pidgin MSN protocol plug-in handles improper MSNSLP invitations. A remote attacker could send a specially-crafted MSNSLP invitation request, which once accepted by a valid Pidgin user, would lead to a denial of service (Pidgin crash). (CVE-2009-3083)
|Package(s):||postgresql-8.1, postgresql-8.3||CVE #(s):||CVE-2009-3229 CVE-2009-3230 CVE-2009-3231|
|Created:||September 21, 2009||Updated:||March 8, 2010|
|Description:||From the Ubuntu advisory:
It was discovered that PostgreSQL could be made to unload and reload an already loaded module by using the LOAD command. A remote authenticated attacker could exploit this to cause a denial of service. This issue did not affect Ubuntu 6.06 LTS. (CVE-2009-3229)
Due to an incomplete fix for CVE-2007-6600, RESET ROLE and RESET SESSION AUTHORIZATION operations were allowed inside security-definer functions. A remote authenticated attacker could exploit this to escalate privileges within PostgreSQL. (CVE-2009-3230)
It was discovered that PostgreSQL did not properly perform LDAP authentication under certain circumstances. When configured to use LDAP with anonymous binds, a remote attacker could bypass authentication by supplying an empty password. This issue did not affect Ubuntu 6.06 LTS. (CVE-2009-3231)
|Created:||September 22, 2009||Updated:||March 31, 2010|
|Description:||From the Mandriva advisory: The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.|
|Created:||September 23, 2009||Updated:||January 25, 2011|
|Created:||September 23, 2009||Updated:||January 25, 2011|
|Description:||From the Ubuntu alert: It was discovered that WebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1712)|
|Created:||September 23, 2009||Updated:||December 28, 2009|
|Description:||From the Mandriva alert: fig in Debian GNU/Linux, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the xfig-eps[PID], xfig-pic[PID].pix, xfig-pic[PID].err, xfig-pcx[PID].pix, xfig-xfigrc[PID], xfig[PID], fig-print[PID], xfig-export[PID].err, xfig-batch[PID], xfig-exp[PID], or xfig-spell.[PID] temporary files, where [PID] is a process ID (CVE-2009-1962).|
Page editor: Jake Edge
The current stable kernel is 2.6.31. There have been no stable update releases in the last week; a series of stable updates is in the review process, but they have not been released as of this writing.
I suspect that what happened over time was that previously-working code got broken, then later people noticed the breakage but failed to analyse and fix it in favour of simply ripping everything out and starting again.
So for the want of analysing and fixing several possible regressions, we've tossed away some very sensitive core kernel code which had tens of millions of machine-years testing. I find this incredibly rash.
-extern void refrigerator(void); +extern void refrigerator(void) __cold;
Speaking at LinuxCon, your editor stated that he did not know if AppArmor would come back or not. The next day, a new set of AppArmor patches was posted by John Johansen. Interestingly, John works at Canonical, so AppArmor, should it get into the mainline, could well become one of that company's largest contributions to the kernel. Its chances of merger should be better now; TOMOYO Linux has broken down the barriers to pathname-based mandatory access control, and AppArmor uses the new security module hooks which were added to support TOMOYO. As of this writing, though, there have been no reviews posted, so anything could still happen.SystemTap 1.0; SystemTap is a dynamic tracing tool for Linux. Your editor is not sure why this particular release qualifies as 1.0, but there is a lot of new stuff in it, including "experimental support for unprivileged users, cross-compiling for foreign architectures, matching C++ class and namespace scopes, reduced runtime memory consumption, reduced dormant overhead in userspace markers, bug fixes, and more..." See the announcement for more information. reported a bug: when devtmpfs created /dev/null and /dev/zero, it made them inaccessible to unprivileged accounts. That breaks most applications in the system, which, Ingo thought, was not entirely desirable.
The devtmpfs developers originally responded that udev should have set the permissions properly by the time any sort of user-space application was running. But devtmpfs raises the possibility of running without udev altogether, at least on relatively simple systems. Linus agreed that this would be a nice possibility, but noted that it would not work if a small number of special files were not world-accessible. Setting the permissions properly is not that hard, but it leads in a direction the devtmpfs developers had not wanted to go: it puts a certain amount of administrative policy into the kernel.
In the end, though, that is exactly what happened; devtmpfs gained the query to get default permissions from kernel subsystems and implement them in the filesystem. Given that these permissions were Linus's largest complaint about the whole thing, it now seems likely that devtmpfs has a secure place in the 2.6.32 kernel.
VMI is a paravirtualization layer for VMWare, built on top of paravirt_ops. Recently, developers at VMWare ran a series of tests and came to an interesting conclusion: with contemporary hardware, using VMI did not improve the performance of guest systems. Indeed, it made things worse. Reasonable hardware virtualization should be available on almost all systems that matter in the near future, so VMWare's developers have decided that VMI no longer makes sense; they are now planning to remove it.
KVM developer Avi Kivity noted that a similar conclusion had been reached in that camp; KVM will be dropping support for some paravirtualized operations in the near future. That leaves two other systems - Xen and lguest - using paravirt_ops. Xen, it seems, will continue to do so for some time, and lguest is highly unlikely to ever sacrifice sufficient puppies to move to hardware virtualization. So paravirt_ops will remain for a little while yet, but the its eventual demise would appear to be in the cards. When it goes, it may just take lguest with it.
Kernel development newslast week's update, some 3300 changesets have been merged into the mainline for the 2.6.32 development cycle. The total number of non-merge changesets going into 2.6.32 is now just over 7800 - quite a few, but not, yet, a record.
Changes visible to users include:
Changes visible to kernel developers include:
The merge window would normally be nearing its end; it's possible that Linus will extend it slightly, though, to make up for the time he has spent at LinuxCon and the Linux Plumbers conference.
Hi, and welcome to a new semi-weekly column. In here, we are going to try to answer your common questions about Linux kernel development. This column will rely on the readers to submit new questions to be answered either here in comments, or by email to firstname.lastname@example.org, with the understanding that not all questions can be answered.
Valid topics can range from the technical, to the procedural, or on toward anything remotely related to the Linux kernel that you can think of.
To start it off, I've provided a few "seed" questions that I get asked a lot, and would like to finally answer in one place so I don't have to do it again.
The Linux kernel stable series strives to only maintain one kernel tree at at time, the most recent one, with a small overlap of a release or two when a new kernel is released. So for right now, as the 2.6.31 kernel was just released, both the .31 and .30 trees are being updated. After the next release of the .30 stable tree, it will be abandoned, and only the .31 tree will be updated with security and bug fixes.
But some kernel trees are a bit "special". The 2.6.27 kernel looked like a good kernel to maintain for a longer period of time. Some users have reported that they like to remain on one kernel version for longer than 3-4 months, so the 2.6.27 kernel tree will try to be a tree that they can rely on to get security and bug fixes for a longer time frame. As the 2.6.27 kernel was first released on October 9, 2008, there has almost been a full year of support for this kernel so far.
After I get tired of maintaining this kernel branch, Adrian Bunk has volunteered to maintain it even longer, so in another year or so, maintenance will switch over to him, and it will continue to live on.
First off, take a look at the file Documentation/stable_kernel_rules.txt to verify that the patch you are considering meets the rules for a stable kernel release. If it does, the easiest way to get it included is to add a:
Cc: stable <email@example.com>
line to the Signed-off-by: area in the patch before it is sent to the subsystem maintainer. When a patch with that line in it is accepted into Linus's kernel tree, the stable team will be automatically notified that the patch should be included, and they will queue it up for the next stable kernel release(s).
If you notice a patch that you feel should be included in the stable release, and does not have this marking, and is already in Linus's tree, a simple email to the firstname.lastname@example.org address with the git commit id of the patch in Linus's tree and a short description of which stable kernel releases you feel it should be included in is all that is needed.
So bring on the questions!The Design and Implementation of a Log-structured File System - and the nearly two decades of subsequent work attempting to solve the nasty segment cleaner problem (see below) that came with it. Linux developers might think of JFFS2, NILFS, or LogFS, three of several modern log-structured file systems specialized for use with solid state devices (SSDs). Few people, however, will think of SSD firmware. The flash translation layer in a modern, full-featured SSD resembles a log-structured file system in several important ways. Extrapolating from log-structured file systems research lets us predict how to get the best performance out of an SSD. In particular, full support for the TRIM command, at both the SSD and file system levels, will be key for sustaining long-term peak performance for most SSDs.
Around 1988, John K. Ousterhout and several collaborators realized that they could skip the second write entirely if they treated the entire file system as one enormous log. Instead of writing the operation to the log and then rewriting the changes in place somewhere else on the disk, it would just write it once to the end of the log (wherever that is) and be done with it. Writes to existing files and inodes are copy-on-write - the old version is marked as free space, and the new version is written at the end of the log. Conceptually, finding the current state of the file system is a matter of replaying the log from beginning to end. In practice, a log-structured file system writes checkpoints to disk periodically; these checkpoints describe the state of the file system at that point in time without requiring any log replay. Any changes to the file system after the checkpoint are recovered by replaying the relatively small number of log entries following the checkpoint.
One of the interesting benefits of the log-structured file system (LFS) structure is that most writes to the file system are sequential. The section describing the motivation for Sprite LFS, written nearly 20 years ago, demonstrates how little has changed in the storage world:
But wait, why are we still talking about disk seeks? SSDs have totally changed the performance characteristics of storage! Disks are dead! Long live flash!
Surprisingly, log-structured file systems are more relevant than ever when it comes to SSDs. The founding assumption of log-structured file systems - that reads are cheap and writes are expensive - is emphatically true for the bare-metal building blocks of SSDs, NAND-based flash. (For the rest of this article, "flash" refers to NAND-based flash and SSD refers to a NAND-based flash device with a wear-leveling, write-gathering flash translation layer.) When it comes to flash, reads may be done at small granularities - a few hundreds of bytes - but writes must be done in large contiguous blocks - on the order of tens of thousands or hundreds of thousands of bytes. A write to flash takes two steps: First the entire block is cleared, setting all the bits to the same value (usually 1, counter-intuitively). Second, individual bits in the block are flipped back to 0 until you get the block you wanted.
Log-structured file systems turn out to be a natural fit for flash. One of the details of the log-structured design is that the log is written in large contiguous chunks, called "segments," on the order of several megabytes in size. To cut down on metadata overhead and get the best performance, log entries are gathered and written out sequentially to a completely free segment. Most segments are partially in use and partially free at any given time, so the file system has to collect all the in-use data from a segment and move it elsewhere before it can start writing to it. When the file system needs a fresh segment, it first cleans an existing partially-used segment by moving all the in-use, or live data to another free segment - basically, it garbage-collects. Now that everything is arranged properly, the file system can do one big streaming write to the empty segment. This system of segments and cleaning is exactly what is needed to efficiently write to a flash device, given the necessity to erase large contiguous blocks of flash before writing to them.
[PULL QUOTE: Sadly, many thousands of people probably now associate the Tux penguin bootup logo with the inability to watch TV on long distance flights. END QUOTE] The match between log-structured file systems and flash is obvious when you look at file systems written for the bare flash programming interface - that is, for devices without built-in wear-leveling or write-gathering. File systems that know about and have to manage erase blocks and other details of the flash hardware are almost invariably log-structured in design. The most widely used such file system for Linux is JFFS2, used in many embedded devices, such as ticket machines and seatback airline entertainment systems. More than once, I've boarded a plane and seen a JFFS2 error message reporting flash corruption on a hung seatback entertainment system. (Sadly, many thousands of people probably now associate the Tux penguin bootup logo with the inability to watch TV on long distance flights.)
For SSDs that export a disk-style block interface - most consumer-grade SSDs these days - the operating systems uses a regular file system to talk to the SSD via the block interface (that is, read block #37 into this buffer, write this buffer into block #42, etc.). However, this system still contains the logical equivalent of a log-structured file system; it's just hidden inside the SSD. The firmware that implements wear-leveling, write-gathering, and any other features has to solve the same problems as a log-structured file system.
Most SSD manufacturers refuse to reveal any details of their internal firmware, but we can be fairly confident that it has a lot in common with log-structured file systems. First, the only way to implement efficient random writes is to buffer them and write them out to a single erase block together. This requires clearing an erase block, moving all the in-use blocks to another area, and keeping a mapping between the logical location of blocks and their physical locations - exactly what a log-structured file system does. Second, when we do get SSD implementation details from research publications, they look like log-structured file systems. Third, when we look at long-term performance testing of SSDs, we see the same pattern of performance degradation over time that we do with log-structured file systems. We'll talk about this in detail in the next section.
In short, log-structured file systems performed relatively well as long as most of the segment cleaning - movement of live data out of a segment so it can be re-used - could be done in the background when the file system wasn't busy with "real" work. The first major follow-up paper on LFS [PDF] found performance of LFS degraded by up to 40% from the best case at real-world levels of disk utilization, memory-to-disk ratio, and file system traffic. In short, in the steady state the file system was spending a significant amount of disk access time cleaning segments - moving old data out of a segment so it could be used for new writes. This segment cleaning problem was the subject of active research for at least another decade, but none of the solutions could consistently beat state-of-the-art write-in-place file systems at practical levels of disk utilization. It's a little bit like comparing garbage collection to explicit reference counting for memory management; when memory usage is low and the occasional high latency hit is okay, the convenience of garbage collecting outweighs the performance benefits. But at "high" levels of disk utilization - as little as 50% - the cleaning cost and periodic high latencies waiting for space to be freed up become a problem.
As the first LFS paper showed, the key to good performance in a log-structured file system is to place data such that nearly empty segments are created about as quickly as they are used. The file system write bandwidth is limited by the rate at which it can produce clean segments. The worst case happens when, in a file system that is X% full, every segment is also X% full. Producing one clean segment requires collecting the live data from:
N = ceiling(1/(1 - X))
segments and writing out the
old data to
N - 1 of those segments. For a disk
utilization of 80%, we get:
N = ceiling(1/(1 - .80)) = 1/.20 = 5
segments to clean. If segments were 1MB in size, we'd have to read
5 * 800KB = 4MB
of data seekily and write 4MB sequentially before we could write 1MB of new data. (Note to pedants: I'm using MB/KB in powers of 10, not 2).
The best case, instead, is a file system with two kinds of segments, completely full and completely empty. The best case write pattern is one that changes all of the metadata and data in a single segment, so that when the new versions are written out, the old versions are freed and the entire segment becomes free again. Reality lies somewhere between these two cases. The goal for a log-structured file system is to create a bimodal segment usage distribution: Most segments are either very full or very empty, and full segments tend to be unchanged. This turns out to be difficult to achieve.
SSDs have an extra interesting constraint: wear-leveling. Even in the best case in which most segments are 100% full and no writes ever change the data in them, the SSD must still move those segments around occasionally because it has to spread writes out over every available flash block. This adds an extra segment move in some cases and makes achieving good performance even harder than in a disk-based log-structured file system.
One of the greatest missed opportunities for optimization based on
lessons learned from log-structured file systems is the slow adoption
support for SSDs. TRIM is a command to a block device informing it
that a certain range of blocks is no longer in use by the file system
- basically a
free() call for blocks. As described
earlier, the best performance comes when empty segments are created as
a side effect of ongoing writes. As a simple example, imagine a
segment that contains only a single inode and all of its file data.
If the next set of writes to the file system overwrites all of the
file data (and the inode as a side effect), then that segment becomes
completely free and the file system doesn't have to move any live data
around before it uses that segment again. The equivalent action for
an SSD is to write to a block that has already been written in the
past. Internally, the SSD knows that the old copy of that block is
now free, and it can reuse it without copying its data elsewhere.
But log-structured file systems have a distinct advantage over pre-TRIM SSDs (basically all commercially available SSDs as of now, September 2009). Log-structured file systems know when on-disk data has been freed even when it isn't overwritten. Consider the case of deleting the one-segment file: the entire segment is freed, but no overwrite occurred. A log-structured file system knows that this happened and now has a free segment to work with. All the SSD sees is a couple of tiny writes to other blocks on the disk. As far as it's concerned, the blocks used by the now-deleted file are still precious data in-use by the file system and it must continue to move that data around forever. Once every block in the device has been written at least once, the SSD is doomed to a worst case performance state in which its spare blocks are at a minimum and data must be moved each time a new block is rotated into use.
As we've seen, the key to good performance in a log-structured file system is the availability of free or nearly-free segments. An SSD without TRIM support does not know about many free segments and accrues an immense performance disadvantage, which make it somewhat shocking that any SSD ever shipped without the TRIM feature. My guess is that SSDs were initially performance tested only with write-in-place file systems (cough, cough, NTFS) and low total file system usage (say, 70% or less).
Unfortunately, TRIM in its current form is both designed and implemented to
perform incredibly poorly: TRIM commands aren't tagged and at least one
SSD takes hundreds of milliseconds to process a TRIM command.
Kernel developers have debated exactly how to implement TRIM support
at the Linux Plumbers
Storage and File System Workshop, and on mailing lists: what the
performance cost of each TRIM is, what granularity TRIMs should have,
how often they should be issued, and whether it's okay to forget or miss
TRIM commands. In my opinion, the in-use/free state of a block on a
TRIM-enabled device should be tracked as carefully as that of a page
of memory. The file system implementation can take the form of
alloc()/free() calls, or else
asynchronous garbage collection (during a file system check or
scrubbing run), but we shouldn't "leak" in-use blocks for all the same
reasons we don't leak memory.
Additionally, in an ideal world, TRIM would be redesigned or replaced by a
command that is a full-featured, well-designed first-class citizen in the
ATA spec, rather than a hack bolted on after the fact.
Of course, all this is speculation in the absence of implementation details from the SSD manufacturers. Perhaps some SSD firmware programmers have come up with entirely new algorithms for remapping and write-gathering that don't resemble log-structured file systems at all, and the performance characteristics and optimizations we have seen so far just happen to match those for log-structured file systems. However, so far it appears that treating an SSD as though it were backed by a log-structured file system is a good rule of thumb for getting good performance. Full TRIM support by both SSDs and file systems will be key to long-term good performance.
Patches and updates
Core kernel code
Filesystems and block I/O
Page editor: Jonathan Corbet
News and Editorials
The openSUSE Conference was held September 17 - 20, 2009 in Nürnberg, Germany. There was full schedule with talks, workshops, Birds of a Feather sessions, an RPM summit, and more. We talked with openSUSE community manager Joe 'Zonker' Brockmeier about the conference.
Tell us little bit about the conference. You mentioned in your web log that there were 150 people the first day. Was the participation about what you expected?
No, it was actually better. The goal was 200 people, with a good mix between Novell employees and community contributors. We actually did better than 200, I think between 215 and 230 people -- I haven't gotten the final number yet, as I had to leave on Sunday.
And the actual participation was fabulous. People were great at being self-starting and setting up their own sessions and generally making things happen once they were there. We had a great conference, and I think most people were very happy having attended. The only consistent complaint, which was expected and unavoidable, was that there was no open network for participants except for a bunch of wired connections in the front room for people to get email, etc., and for presenters to use.
The facility simply wasn't geared to handle our kind of bandwidth needs, so we decided no network was better than a crappy one -- plus, we did want people to actually talk to one another. Some people have actually suggested having no network next time as well.
The schedule for Thursday shows that you gave a talk about the Ambassador program. Tell us a bit about that.
It seems like there was plenty to do, with two tracks, unconference, and more all going on at the same time. Did it work well? What was particularly successful?
Very successful, I think -- people had enough structure to have some idea what to expect when they showed up, and then also enough freedom to plan their own activities. I hate going to conferences where you have no slack time and no way to talk to other people with similar interests without just skipping out entirely or staying extra days. So this gave people room to be part of a "general" conference while still addressing their specific areas of interest. The GNOME team, for instance, headed back to the SUSE office to do a bunch of bug triage, which was awesome.
In general, I would like to do more pre-planning next time, more to get upstreams involved, but overall I think this went very well.
Due to the network issue, of course, we weren't able to be inclusive for people who couldn't attend physically, and that was disappointing.
Did you attend any of the RPM summit? Can you tell us a bit about that?
Was there a specific highlight or two of things that were interesting, useful or unexpected?
Can you give us some highlights from the other tracks?
Are there any specific plans for next year?
Is there anything else you would like to add?
Thank you for taking the time to answer our questions.
Editors note: See this week's openSUSE Weekly News for more conference coverage.
New ReleasesDragonFly BSD has announced the release of DragonFly 2.4. "Three release options are now available: Our bare-bones CD ISO, a DVD ISO which includes a fully operational X environment, and a bare-bones bootable USB disk-key image (1G disk keys recommended). In addition we will for the first time be shipping a 64-bit ISO. 64-bit support is stable but there will only be limited pkgsrc support in this release." Mandriva has announced that a release candidate of ML 2010 is available for testing. "These isos are hybrid isos which means you can dump it on an USB key to install it. Use Mandriva-seeds, it's as easy as a click! This RC1 version is a rather a bug fix version with some more major updates..." Puppy Linux has announced the availability of Puppy Linux 4.3. "Oh man, where to start?! This release is a massive upgrade, right from its very roots to topmost branches." Ubuntu Privacy Remix (UPR), based on Ubuntu 9.04, is a live, read-only CD that seals off your private data from the outside world. "The UPR Team has released the second stable release of Ubuntu Privacy Remix 9.04, which includes a new kernel to fix USN-819-1 (local root privilege escalation). We think that this hole is very difficult to exploit under the UPR environment, nevertheless we recommend all users to use the new version."
Debian GNU/LinuxDevelopers Reference is maintained has been changed, with the aim to make it more public and easier for people to contribute. "Also, patches for developers-reference are very welcomed. In particular, it would be great if new (or not so new) packaging practices were more documented, like packaging processes with the various VCSes, cdbs and dh, patch systems, etc. Some teams have already written some documentation about that, and it could probably be gathered in developers-reference." I just uploaded cupt 1.0.0~beta1 to unstable claiming that most of obvious (and not so obvious) bugs has been ironed out (thanks to people who helped me to do that). I will, of course, appreciate excessive testing."
Fedoraavailable. This version contains a new kernel plus over 30 updates. looks forward to FUDCon Toronto (coming in December) and notes that more sponsors are needed. "Back to the sponsorship issue though — how to let us know? Well, it's simple, really. We didn't want FUDCon planning to happen quietly in a back room where people wouldn't know what was happening, so we have a planning list for FUDCon already set up, and a pretty sizable number of people are contributing there to the logistics of setting up this popular event. If you want to provide some help, by all means join us there!" takes a look at Software Freedom Day, from the perspective of the Fedora table. "Ted brought a MythTV box (running Mythdora) and a big LCD monitor so we could show it and the underlying operating system off to passersby. We also had numerous laptops running an assortment of Linux, mainly Fedora but also some openSUSE. We put up balloons around the table but quickly found they got in the way and "removed" them using the nearest sharp objects. Of course, no beautiful day would be complete without music, and we had great tunes from TMBG to Stevie Wonder to Jason Mraz going all day long."
Ubuntu familycovers Mark Shuttleworth's announcement at Atlanta Linux Fest. "At the Atlanta Linux Fest, Mark Shuttleworth announced that Ubuntu 10.04, the next major release of Ubuntu after version 9.10 Karmic Koala, will be code-named Lucid Lynx. Ubuntu 10.04 will also be a Long Term Support (LTS) version of the Debian-derived Linux distribution."
Other distributionsOpenBSD 4.6 release has been delayed due to CD production problems.
Distribution NewslettersCentOS Pulse covers topics like the CentOS 4.8 release, the Spanish CentOS community, wireless networking and contains an interview with Tru Huynh. DistroWatch Weekly for September 21, 2009 is out. "Computer security has been a hot topic of discussion on these pages in recent weeks. As a result, Caitlyn Martin has embarked upon writing a series of articles covering the basics of computer and Internet security, starting today with part one - user authentication. In the news section, the openSUSE user community launches an initiative to build an enterprise-level distribution with long-term security support, Mark Shuttleworth announces the code name for Ubuntu 10.04, Clement Lefebvre reveals some early information about the improvements in Linux Mint 8 "Helena", and OpenBSD delays the planned October release by a month over a CD manufacturing error. Finally, don't miss the New Distributions section which includes some interesting new additions to the waiting list, including a Linux-based operating system built around Google's Chrome browser and a new Slackware-based desktop distribution called Salix OS." What follows are some highlights from this issue. This week we welcome a brand new beat by Ryan Rix on KDE developments in Fedora! In news from the Fedora Planet, news, views and innovations from Fedora community members. The Quality Assurance beat this week provides details from last week's various graphics tests, audio and virtualization Test Days, along with detailed summaries of the QA weekly meetings, Bugzappers and other regular activities. In Art/Design news, discussion around the desire for a "do it yourself" media sleeve, and updates on the Fedora 12 schedule for the team. In virtualization news, updates on the recent virtualization Test Day, and details of new versions of libvirt, perl-Sys-Virt, and coverage of recent discussion about guest sound over VNC. Our first KDE beat features news of KDE 4.3.1 hitting Fedora updates and some post-release fixes, news on several new KDE applications, and coverage of work of the KDE SIG team this past week. That rounds out this week's issue of Fedora Weekly News, which we hope you enjoy!" OpenMoko Community Updates for September 16, 2009 cover QtMoko, ENeoLock, Fingertier 0.2.0, Litephone 0.1, Pisi 0.4.6, atd-over-fso, Launcher 0.37, and more. OpenSUSE Weekly News covers the openSUSE Conference, Bryen Yunashko: Upcoming Board Elections, Andreas Jaeger: Build Service Intro, openSUSE Forums: Switching ext3 to ext4?, and much more. In this issue we cover: Karmic Alpha 6 released, Mark Shuttleworth Announces via video Ubuntu 10.04: Lucid Lynx, Countdown Banner Deadline, UDS Update, Ubuntu Screencasts: Reporting Bugs, The first Ubuntu-DK podcast, Swedish LoCo Bug Jam: Linköping, Ubuntu-NH SFD '09 Report, Launchpad 3.0 & Bug Filing changes, Ubuntu Forums tutorial of the week & Community interview, PostgreSQL security/bug fix testers needed, Ubuntu Packaging: Fixing FTBFS, Launchpad Nautilus Preview, In the Press & Blogosphere, Ubuntu-UK podcast: The Tribe of Gum, Linux-ready mini PC powers up, The Art of Community available for free download, and much, much more!"
Interviewstalks with Martin Maurer about Proxmox VE. "Proxmox VE is a very light-weight Debian-based distribution that includes a kernel with support for both KVM and OpenVZ. This means you get the best of both virtualization worlds... containers (OS Virtualization) and fully-virtualized machines (Machine Virtualization). Proxmox VE also includes a very powerful yet easy to use web-based management system with clustering features."
Distribution reviewstakes a look at Karmic boot times. "Canonical has announced the availability of Ubuntu 9.10 alpha 6, the final alpha release before the transition to beta testing. Ubuntu 9.10, codenamed Karmic Koala, introduces a number of important architectural improvements and also improves boot performance, especially on computers with solid state hard drives."
Page editor: Rebecca Sobol
OROCOS, the Open Robot Control Software project, is a collection of software for use in developing robotics applications. The OROCOS project's history document states that the project was created in December, 2000 and was inspired by conversations on the European Robotics Network mailing list. OROCOS can be configured as one of the components of Robot OS, which was recently looked at in an LWN article. From the About the OROCOS project document:
The four user categories include:
OROCOS is currently in a state of active development. New releases of two major OROCOS components have recently been announced.
Orocos Real-Time Tookit v1.10.0: "The Orocos development team is pleased to announce the next major feature release of the Real-Time Toolkit, a C++ toolkit for building component based, real-time robotics and machine control applications. The focus of this release was on portability and added a new target: native win32 builds. This release is backwards compatible with all 1.x.y releases, although some functionality has been deprecated or alternative usage patterns are preferred."
Orocos Component Library 1.10.0: "A new release was created of OCL, updating documentation and keeping up with the new features in RTT 1.10. Hopefully, this will be the last time there is a major OCL release in this form. We're discussing a new partitioning of the component repositories separating the application/robot specific components from the infrastructure components. Hopefully this will more clearly separate the 'common application environment' from the robot specific application itself."
The OROCOS code has been licensed under a combination of LGPL and GPL with a runtime exception. "Both the RTT and BFL software are licensed as GPL + runtime exception, which is exactly the same license as the GNU Standard C++ library (which is used by any C++ program running under Linux), and has in practice the same intentions as the LGPL license. The technical reason we could not longer use the LGPL license for RTT/BFL software was that the LGPL is not compatible with C++ templates, which are used extensively in the RTT/BFL libraries."
OROCOS has been applied to a number of real-world applications. Some of the more interesting uses include an interface to the Blender 3D content creation suite that allows controlling a mill, an autonomous automobile project, a 3D motion tracking system and EasyOROCOS CAD: "EasyOROCOS CAD is an interface which supports the interactive definition of a manipulator kinematics (and 3D geometry), and from that it generates an Orocos controller of the manipulator, in the form of a task running under Linux RTAI."
OROCOS brings a high level set of robotics tools to the Linux platform. Those who adopt it can avoid re-inventing the wheel, and will be able to tap into an active community of robotics software developers.
Audio ProjectsMusic Player Daemon project have been announced. "gmpc version 0.19.0 has been released. It has several large changes visible to the user and factors more under the hood. Several long standing "wishes" where completed, like metadata plugins running in the main thread, a metadata selector, sqlite based metadata cache, GObject based plugins and much more. These updates will not only improve the user experience, but also make it possible to add lua or python plugins in the future." PulseAudio sound server has been announced. "Mostly bugfixes, important ones." See the changes document for details.
Clusters and GridsStarCluster minimizes the administrative overhead associated with obtaining, configuring, and managing a traditional computing cluster used in research labs or for general distributed computing applications. StarCluster is built on top of EC2 which enables dynamically creating and destroying clusters of virtual machines and only paying for the time used. The amount per hour varies depending on the instance type and the number of virtual machines."
Database SoftwareMySQL Community Server 5.0.86, a new version of the popular Open Source Database Management System, has been released. This and future releases in the MySQL Community Server 5.0 series share version numbers with their MySQL Enterprise Server counterparts." As with MySQL 5.1.38, 5.1.39 includes the InnoDB Plugin version 1.0.4. This version of the InnoDB Plugin is considered of Beta quality and is disabled by default." MySQL 5.4 is based on MySQL 5.1 but includes several high-impact changes to address scalability and performance issues in MySQL Server. These changes exploit advances in hardware and CPU design and enable better utilization of existing hardware. MySQL 5.4 currently has Beta status." SQLObject is an object-relational mapper. Your database tables are described as classes, and rows are instances of those classes. SQLObject is meant to be easy to use and quick to get started with." I'm pleased to announce version 0.11.1, a minor bugfix release of 0.11 branch of SQLObject."
Embedded SystemsBusyBox, a collection of command line utilities for embedded systems, have been announced. "Bug fix releases. 1.14.4 has fixes for ash, httpd, modprobe and the build system, 1.15.1 has fixes for ash (unicode fix), httpd (fix for "dir index via interpreter" case), hush ($PWD support), inetd (fd leak fix), modprobe-small (fix for aliases with dashes), unlzma (SEGV on 64-bit), and generic unpacking routines (was not restoring mode). "
Networking ToolsIn this version: every menu contains a list of available configuration sets; the applet takes care of the panel orientation and there are other improvements useful to debug the program itself. RunPON is a small Python program useful to run the pon/poff scripts. It shows the elapsed connection time and periodically checks if a given network interface is still active."
Web Site DevelopmentTurboGears 1.1rc1 is the first release candidate for the upcoming 1.1 release, which is the evolution of the TurboGears 1 codebase. The 1.1 branch now uses SQLAlchemy as the default database layer and Genshi as the standard templating engine but is 100 percent compatible with applications built on TurboGears 1.0."
GamesMicroWar is "Space Invaders" style arcade game, in the cruel world of micro-compter industry. You're a Macintosh faced to invading Wintel hordes year after year, kill more PC. Bonuses let you improve your Mac performances or restore life..."
GUI Packagesannounced. "For the last several months, the development of SPTK was dedicated to preparing to SPTK major release, 4.0. This version is a release candidate. All the class interfaces are now frozen. The only changes allowed now are the bug fixes."
Medical Applicationsannouncement for TriSano 2.0. "TriSano is an open source, citizen-focused surveillance and outbreak management system for infectious disease, environmental hazards, and bioterrorism attacks. It allows local, state and federal entities to track, control and ultimately prevent illness and death."
Music ApplicationsAfter more than 3 years of development, the Hydrogen Development Team is pleased to announce a the 0.9.4 release!" QMidiRoute is a MIDI event processor and router for the ALSA sequencer with a graphical interface based on the Qt toolkit." here goes one more strike to the Linux Audio ecosystem. Rather an almost forgotten niche nowadays, I cannot let this rot in my hard disk. There it is, a XG Editor for the masses, at least the ones who love gems like the Yamaha DB50XG, a precious old piece of hardware that I do strive and joy (pun intended)."
Office SuitesToday Thomas Zander from Nokia announced in a blog that Nokia will be using KOffice as the core of the office viewer of Maemo 5. "The KOffice community is very happy to see this development", says Inge Wallin, marketing coordinator of KOffice. "It shows that our long and persistent work on compatibility and adaptibility within KOffice has paid off and is visible to outside viewers.""
Video ApplicationsGnash is a GPLv3'd SWF movie player and browser plugin for Firefox, Mozilla, and Konqueror. Gnash supports many SWF v7 features and ActionScript 2 & 3 classes. with growing support for SWF versions 8-10. Gnash also runs on many GNU/Linux distributions, embedded GNU/Linux, FreeBSD, NetBSD, OpenBSD, non x86 processors, and 64 bit architectures. There are also standalone players for GNOME or KDE based desktops."
MiscellaneousBleachBit deletes junk files to free up disk space and keep your privacy. Highlights of changes in 0.6.4: * Add command line interface for use in scripts * Clean Opera 10.0 final * Add Malay translation * Update 17 other translations * Better support non-Linux POSIX systems such as NetBSD * Shrink the Windows installer by "compressing" GTK+ localizations and offering an English-only download * Quickly stop zeroing free disk space when you close the application window ("X it out")".
Languages and Tools
CThe trunk is in Stage 1. Stage 1 will end on Sep 30th. After Stage 1 Stage 3 follows with only bugfixes and no new features allowed. Stage 3 will end Nov 30th. Since the last status report we have merged the VTA branch and pieces of the LTO branch. The named address-spaces changes are still pending review but I expect it to be merged before the end of Stage 1. The rest of the LTO branch will be merged last, which practically means after Stage 1 is over. Thus, starting Oct 1st the trunk will be frozen for the LTO merge and I'll announce Stage 3 once the merge is completed."
Perlannounced. "Since the 2009-08 release, Rakudo Perl builds from an "installed Parrot" instead of using Parrot's build tree. This release of Rakudo requires Parrot 1.6.0. For the latest information on building and using Rakudo Perl, see the README file section titled "Building and invoking Rakudo"."
PHPannounced. "The PHP development team would like to announce the immediate availability of PHP 5.2.11. This release focuses on improving the stability of the PHP 5.2.x branch with over 75 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release."
PythonHypy is a fulltext search interface for Python applications. Use it to index and search your documents from Python code. Hypy is based on the estraiernative bindings by Yusuke Yoshida." The 'python-daemon' library is the reference implementation of PEP 3143 "Standard daemon process library"." This package is a collection of helpers and mock objects that are useful when writing unit tests or doc tests. This release fixes problems when using Comparison objects with instances of Django models".
Version ControlThis is primarily to fix a http regression introduced by 220.127.116.11".
Page editor: Forrest Cook
Non-Commercial announcementsreports on Citrix joining the Linux Foundation. "Citrix is a leading provider of virtualization; cloud computing, and software as a service (SaaS) offerings for companies worldwide, including 99 percent of Fortune 500 enterprises. Citrix leads the open source Xen® hypervisor project which is based on Linux." During a campaign launched by Free Software Foundation Europe (FSFE) politicians from many parties have recognised the potential of Free Software and Open Standards for Germany. In response to questions from supporters of FSFE, they explain that Free Software equals more competition, promotes innovation and provides cost savings. Free Software - such as the GNU/Linux operating system or the web browser Mozilla Firefox - can be used without restrictions, studied by anyone, be modified and passed on."
Commercial announcementsreports that IBM is partnering with Canonical to sell Linux-based netbooks in Africa. "International Business Machines Corp. will try to sell a new package of low-priced computer desktop applications to companies and governments in Africa, challenging Microsoft Corp. and other rivals in the region. IBM, which has been pushing into developing markets like Africa and Asia as mature markets slow, said the package -- which includes basic programs like word processing and email -- would be made available to customers via remote "cloud computing" facilities, meaning users could access the programs from the Web. It would cost $10 per month per user, and can run on so-called netbook computers, or low-cost PCs priced around $300."
Legal Announcementsannounced an appeals court ruling upholding the GPL. "In a landmark ruling that will set legal precedent, the Paris Court of Appeals decided last week that the company Edu4 violated the terms of the GNU General Public License (GPL) when it distributed binary copies of the remote desktop access software VNC but denied users access to its corresponding source code. The suit was filed by Association pour la formation professionnelle des adultes (AFPA), a French education organization." It is also interesting that the suit was brought by a group which does not hold copyrights in the software in question.
New BooksDive into Python 3. It is licensed under the Creative Commons Attribution Sharealike license and downloadable as HTML, PDF, or straight from the Mercurial repository. We finally translated to Spanish the very last version of the Python Tutorial!"
Resourcesan interesting white paper [PDF] on the economic value of working with the development community. "The cost of forking and losing connection with upstream development is twofold: i) the corresponding cost of presumed beneficial unleveraged potential, ii) the further cost of having to re-engineer modified forked code in the future to accommodate the inevitable eventual re-sync with upstream. We quantified the former to show that the figures run into $millions for important components such as GTK, WebKit, GStreamer and BlueZ." (By way of Dave Neary).
Calls for PresentationsThe "Business of Open Source" mini-conf at LCA 2010 (Wellington, New Zealand; January 18-23) is for people interested in business aspects of open source. Topics include licensing your work, building a market, building a community, gathering market data, distribution, communications, working with open source developers, working with governments and countries, working with procurement departments, corporate governance, funding, pricing, lessons from your experience, and whatever related topics people would like to bring up." Inkscape vector drawing application has an announcement for the LinuxConf.Au Libre Graphics Day miniconf. "There are several more possibilities to meet and discuss free graphics tools opther than at Libre Graphics Meeting, so it was decided to organize smaller events under same name "Libre Graphics Day". The first one will be organized by Inkscape's developer Jon A. Cruz and held at linux.conf.au in Wellington, New Zealand, on January 18, 2010. You can submit a proposal for a talk till September 25. Read more at LGD's website and get involved, either as developer or user!"
Upcoming Eventsannounced the Enterprise LAMP Summit. "The Enterprise LAMP Summit for CTOs (Nov. 5-6) will feature a case study about the use of several parts of the LAMP software stack in a sophisticated and highly effective patient white board developed by the Vanderbilt University Medical Center Informatics Center." announced the Enterprise LAMP Network Event. "On Saturday, Nov. 7, approximately 600 top LAMP developers from around the U.S. will converge on Nashville suburb Franklin, TN, to learn from innovative companies that will share their on-the-ground reports about the latest developments in LAMP offerings and implementation." announced the Qt Developer Days 2009. "The last few years has seen the company formerly known as Trolltech open their arms to one of the largest parts of their supporting community, KDE, in a new way: By offering a few members of the KDE community free admittance to the Qt Developer Days conference. This year is no different, and they have invited a number of people to attend this year's conferences. Yes, that's plural: There are two conferences. One from the 12th to 14th of October in Munich, Germany and one from the 2nd to the 4th of November in San Francisco, USA."
|Sixteenth Annual Tcl/Tk Conference (2009)||Portland, OR 97232, USA|
|Open World Forum||Paris, France|
|7th International Conference on Scalable Vector Graphics||Mountain View, CA, USA|
|October 2||LLVM Developers' Meeting||Cupertino, CA, USA|
|Linux Autumn (Jesien Linuksowa) 2009||Huta Szklana, Poland|
|Ubuntu Global Jam||Online, Online|
|Open Source Developers Conference France||Paris, France|
|October 2||Mozilla Public DevDay/Open Web Camp 2009||Prague, Czech Republic|
|T-DOSE 2009||Eindhoven, The Netherlands|
|EU MozCamp 2009||Prague, Czech Republic|
|Jornadas Regionales de Software Libre||Santiago, Chile|
|Utah Open Source Conference||Salt Lake City, Utah, USA|
|Maemo Summit 2009||Amsterdam, The Netherlands|
|Gnome Boston Summit||Cambridge, MA, USA|
|October 10||OSDN Conference 2009||Kiev, Ukraine|
|Qt Developer Days||Munich, Germany|
|Embedded Linux Conference Europe 2009||Grenoble, France|
|Pycon Poland 2009||Ustron, Poland|
|Pg Conference West 09||Seattle, WA, USA|
|German Ubuntu conference||Göttingen, Germany|
|2009 Kernel Summit||Tokyo, Japan|
|ZendCon 2009||San Jose, CA, USA|
|Japan Linux Symposium||Tokyo, Japan|
|Décimo Encuentro Linux 2009||Valparaiso, Chile|
|Ontario GNU Linux Fest||Toronto, Ontario, Canada|
|PGCon Brazil 2009||Sao Paulo, Brazil|
|PyTexas||Fort Worth, TX, USA|
|FOSS.my 2009||Kuala Lumpur, Malaysia|
|October 24||Florida Linux Show 2009||Orlando, Florida, USA|
|October 24||LUG Radio Live||Wolverhampton, UK|
|October 25||Linux Outlaws and Ubuntu UK Podcast OggCamp||Wolverhampton, UK|
|Techno Forensics and Digital Investigations Conference||Gaithersburg, MD, USA|
|GitTogether '09||Mountain View, CA, USA|
|Pacific Northwest Software Quality Conference||Portland, OR, USA|
|Linux-Kongress 2009||Dresden, Germany|
|October 29||NLUUG autumn conference: The Open Web||Ede, The Netherlands|
|YAPC::Brasil 2009||Rio de Janeiro, Brazil|
|October 31||Linux theme day with ubuntu install party||Ede, Netherlands|
|23rd Large Installation System Administration Conference||Baltimore, MD, USA|
|ApacheCon 2009||Oakland, CA, USA|
|Ubuntu Open Week||Internet, Internet|
|OpenOffice.org Conference||Orvieto, Italy|
|Linux World NL||Utrecht, The Netherlands|
|November 5||Government Open Source Conference||Washington, DC, USA|
|WineConf 2009||Enschede, Netherlands|
|CHASE 2009||Lahore, Pakistan|
|PGDay.EU 2009||Paris, France|
|OpenFest 2009 - Biggest FOSS conference in Bulgaria||Sofia, Bulgaria|
|Kiwi PyCon 2009||Christchurch, New Zealand|
|ACM CCS 2009||Chicago, IL, USA|
|Linux Foundation End User Summit||Jersey City, New Jersey|
|European Conference on Computer Network Defence||Milan, Italy|
|Free Society Conference and Nordic Summit||Göteborg, Sweden|
|November 14||pyArkansas||Conway, AR, USA|
|Web 2.0 Expo||New York, NY, USA|
|INTEROP||New York, NY, USA|
|Ubuntu Developer Summit for Lucid Lynx||Dallas, TX, USA|
|DeepSec IDSC||Vienna, Austria|
|Piksel 09||Bergen, Norway|
|Firebird Conference 2009||Munich, Germany|
|CONFIdence 2009||Warsaw, Poland|
|PostgreSQL Conference 2009 Japan||Tokyo, Japan|
|November 21||Baltic Perl Workshop 2009||Riga, Latvia|
|Open Source Developers Conference 2009||Brisbane, Australia|
|Ninux Day 2009||Rome, Italy|
If your event does not appear here, please tell us about it.
MiscellaneousCafe Press LWN.net store. There are also sites in Australia, Canada, and the United Kingdom. An LWN shirt marks the wearer as one of the LWN-reading elite, and sales help to support the site as well. We know that none of you have enough Linux-related T-shirts, so please have a look and fill out your wardrobe.
Page editor: Forrest Cook
Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds