LWN.net Weekly Edition for December 22, 2011
Happy Holidays from LWN
Welcome to the final LWN.net Weekly Edition for 2011. This issue contains some of our traditional backward-looking content, including the final installment on the 2011 timeline and a review of our predictions from January. Readers will also find our usual mix of kernel content, a look at openSUSE's struggles with its systemd transition, the GNOME accessibility challenge, and even a look at an alternative search engine.As is also traditional, we will be taking the final week of the year off from our usual publication schedule, so the next Weekly Edition will come out on January 5, 2012. There will be occasional daily updates during the break, but the news is usually slow in coming during that time, so updates will not come at a great pace either. We wish all of our readers a happy and restful holiday period, and we look forward to seeing you all again in 2012. Thanks for supporting LWN through another great year!
A look back at 2011
It is that time of year again: your editor, having, as usual, delayed engaging with that whole "holiday shopping" thing until the last minute, can be counted on to be rather more grumpy than usual. Clearly what is needed is some comic relief, and there are few things more comic than a critical look back at the predictions made at the beginning of the year. As usual, some of those predictions worked out, while others proved to be badly wrong indeed; still others should have been made but were not.Things got off to a reasonably good start (prediction wise) with the assertion that the LibreOffice project would take off, while OpenOffice would languish. LibreOffice has, indeed, been successful in attracting developers, building enthusiasm, and getting the releases out; the project's fund-raising drive early in the year was highly successful. Distributors are picking it up almost universally; it is clearly a project that will be around for the long haul.
What your editor didn't foresee was that Oracle would simply give up on OpenOffice.org and cast it off to "the community." The new project has struggled to come to terms with "the Apache way," review the licensing of all the code (eliminating non-Apache-compatible code along the way), figure out its mailing lists and web sites, and set up a working governance model. There have been no OpenOffice.org releases since 3.3.0 came out in January, 2011. This project hopes to start making releases again in early 2012; how many people will care remains to be seen.
The thought that Mageia and IllumOS would do less well than they would have liked seems to have been mostly correct. Mageia did manage to get a release out, and it does have a dedicated core of developers, but things are moving slowly and adoption appears to be small. The Mageia developers continue their work, though, and a second release is in alpha test as of this writing. Meanwhile, traffic on the IllumOS lists has dwindled. IllumOS has developed some commercial life in the form of SmartOS, which includes a port of the KVM virtualization subsystem - your editor did not see that one coming. There is no real way to tell how well SmartOS is doing at this point.
The predictions confidently claimed that MeeGo would be a surprisingly big success in 2011, which would meanwhile be an iffy year for WebOS. The WebOS prediction was just about right, clearly showing that your editor's crystal ball is still in good working order; there's no need to talk about that other prediction at all. It was indeed a "make or break" year for WebOS, with a heavy emphasis on the "break" part, though the decision to open-source it may yet give WebOS another life. So let's just think about WebOS and pay no attention to that MeeGo behind the curtain...
Oh, OK, might as well rub it in. Perhaps it's true that your editor is dense enough to have been the only one to not see the "Elopcalypse" coming; once Nokia decided to go with Microsoft, any possibility of MeeGo continuing as a shared project came to an end. In truth, the seeds of MeeGo's demise may have been sown long before; Intel and Nokia seemed to have widely differing views on where that project should go. It is a shame; your editor still believes that MeeGo was a project with the potential to do great things. But that story appears to be at an end; "Tizen" may yet surprise us, but it would be a big surprise indeed.
Did Google become a "major kernel contributor" as predicted in January? Since the release of 2.6.37 on January 4, Google has contributed 789 changes to the kernel - 1.6% of the total. That makes it the 13th biggest contributor of changes, ahead of companies like AMD, Microsoft and Oracle, but behind Nokia and Samsung. The numbers for 2010 (technically, 2.6.32-2.6.37, so just over one year) were 489 changes, 1.0% of the total. So Google has indeed increased its contributions, but your editor would like to believe that there is a lot more to come.
ChromeOS was predicted to struggle in 2011. Some "Chromebooks" have found their way to the market, but ChromeOS has not, yet, taken the computing world by storm.
Your editor predicted huge legal battles - a fairly easy prediction to make. Even so, your editor cannot claim to have foreseen just how bad the mobile patent wars would get. The thought that we might see a Stuxnet-like attack against Linux systems hasn't become reality - that we know about, anyway - even though the Linux community did endure some severe security-related problems this year. Alas, the hopeful thought that we would see a free driver for an embedded graphics chipset proved to be too hopeful; the slowly-improving gma500 driver in the staging tree doesn't quite count.
What about the prediction that the tension between providing stable code and providing leading-edge code would increase? That one is hard to judge. The big fights within Fedora that inspired that prediction would appear to have simmered down without slowing Fedora's tendency to ship very new stuff. If one reinterprets the prediction as applying to the tension between "the way we've always done it" and new subsystems embodying new ideas, then the prediction certainly held true in 2011. Yes, that must certainly have been what your editor was trying to say.
January's predictions finished out with a couple of ideas, the first being that openSUSE would adopt ultra-stable and leading-edge variants. On the stable side, the "Evergreen" project seems to be getting off to a slow start. The rolling "Tumbleweed" distribution, instead, has been active for some time and seems to have a small core of users. The final prediction was that business models depending on control over the code - things like "open core" and those based on copyright assignments - would fade away. It's not really clear that this has happened, but one can at least say that copyright assignment policies do not have the best reputation at the moment.
So what did the January predictions miss entirely? One obvious candidate is the GNOME 3.0 release and the firestorm of criticism that followed it. At the end of the year, it would appear that the worst of that storm has passed; the 3.2 release has earned a better reception than its predecessor. Hopefully the GNOME project will be able to continue to woo back the users it has lost while gaining the large numbers of new users they hope for.
Predicting continued success for Android would have been an easy home run.
Even so, it would have been hard to imagine a world where a
half-million 700,000
Android devices are activated every day. Given the sheer size of
this success, it is not surprising that the lawyers are circling around
Google.
Your editor predicted the demise of the big kernel lock in 2010 - just a bit ahead of his time, as usual. That prediction was not repeated this year, which was a mistake: the actual demise of the BKL came with 2.6.39 in 2011 - not a moment too soon.
All told, it was a year with a lot of big ups and downs. Some things went poorly, to the point that some commentators have written the whole year off as a bad one. But one need not look too hard to realize that the free software community got a lot done in 2011, that it is as strong and vibrant as ever, and that we are poised to push even further in 2012. Legal hassles, failing projects, and clueless companies are nothing new. We have dealt with them before; there will be more of them to deal with in the future. None of these challenges have really slowed us down thus far; there is every reason to believe we will be equally successful in the future.
DuckDuckGo: A privacy-conscious search engine
The recent release of Linux
Mint 12 surprised many by using the little-known DuckDuckGo (DDG) as its default search
engine. Through a confidential agreement, Linux Mint will "share the
revenue generated by the sponsored links
" when users click on them
using DDG. That arrangement is a creative way to help fund the distribution.
On the other side, though, readers may wonder why, when Google, Yahoo!, and Bing so thoroughly dominate search engines, is DDG developing another one?
DDG founder Gabriel Weinberg has a ready answer:
Add an emphasis on using free software and being a good citizen within the community, and perhaps DDG has a chance to prosper, even though its 12 million searches per month are next to nothing compared to the December 2009 figures for some of the larger players: 88 billion for Google and 9.4 billion for Yahoo!.
An MIT graduate with a master's degree from the Technology and Policy Program, Weinberg is a small-time angel investor with a strong interest in companies powered by open source technologies. Four years ago, he founded DDG, which has grown slowly to three employees, a number of part-time-contributors, and what he calls the "growing open source wing
" of about twenty collaborators.
Anticipating market directions
According to one of his blog entries in which he discusses his various investment strategies, Weinberg's approach with DDG is "to work within a big market and concentrate on where you think it is headed.
"
Part of what this approach means is that DDG tries to improve the results
returned on a search. Lacking the resources to do all its own web crawling,
DDG relies
on fifty other sites for its results, including Yahoo! and Bing, as well as
more specialized sites. To a limited extent, users can control which sites
are used through the combo box to the right of the search field, choosing,
for example, to use Bing or Google for image searches. Users can also
choose whether to order results by date or alphabetical order. Weinberg
continued:
From the initial results, DDG filters ad-heavy portal sites and presents results without bubbling — that is, ordering results in light of your previous searches. In fact, DDG claims that, unlike larger search engines, it doesn't collect information about user's searches at all. Instead, it attempts to order results by crowdsourcing, just as YaCy, another new and small search engine does.
In fact, DDG makes some efforts to protect user privacy and to educate users about why they
should care about privacy. Although no details are given, DDG claims to
redirect a search request "in such a way so that it does not send
your search terms to other sites. The other sites will still know that you
visited them, but they will not know what search you entered
beforehand.
" In addition, DDG uses an HTTPS version of a site when
one is
available.
Weinberg described these features as offering users "real
choice,
" adding:
Searches support the syntax users may know from other search engines, such as the use of quotations mark to search for an exact phrase, or a minus sign to exclude results that contain a specific word or phrase. Users can also filter results by toggling "safe search" or "meanings" (provides choices for ambiguous terms) settings, or using the region setting to filter results for increased relevance.
By default, search results are topped with a red box, the so-called
"zero click
" or "instant answer
" feature which
tries to place the most important result first. When searching for a
concept, the red box result might be a link to the basic definition; for a
person, to their blog or web page. To the right of the red box, a list of
suggestions for refining the search appears. Should the query have more
than one meaning, suggestions similar to the disambiguation pages on
Wikipedia are given.
Another feature of DDG is !bang searches: automatic searches, somewhat similar to Google's "site:" searches, which are available for common sites like Amazon or YouTube. For instance, if you enter "!youtube pogues," DDG shows you the results on YouTube for The Pogues, saving you several additional clicks. Similarly, you could specify !openstreetmap at the start of your search to get results from OpenStreetMap or !monster to search Monster for a job description. These !bang searches include a wide variety of different categories, such as major corporations, domains, programming languages, shopping sites, tech domains, research topics, news, and online services. The only problem is that, if you haven't memorized a supported !bang search, you either have to take a chance that your site of choice is supported, or else look it up on the DDG site.
DDG also includes the ability to do calculations, measurement and currency conversions, and to answer direct questions on weather, food, geography, and time-related topics such as tides or sunrises in a specific location. Also included on DDG is a small number of apps, as well as popup how-tos about adding DDG to common browsers.
Many of these features, such as the ability to do calculations, are paralleled in major search engines. Others are unique to DDG. However, what stands out is not any particular feature so much as the total number of them. For some reason, DDG lacks a summary of total results, which is often used as a rough indication of a topic's importance (and for ego surfing), but, otherwise, the main drawback is that taking advantage of DDG's features requires a willingness to learn — a willingness that might be lacking in many who are only mildly curious about such a niche service.
Interacting with the open source community
DDG has always relied on free software, as it is written in Perl and
JavaScript, runs on FreeBSD, and uses nginx for a web server. However, according to Weinberg, DDG "started out as closed source and is slowly becoming more and more open source. We've been making much of our new pieces completely open source.
"
These new pieces include the upcoming community platform, which Weinberg describes as a collection of "tools for communities to use to help participate.
" So far, the tools include a translation interface and a server for Extensible Messaging and Presence Protocol (XMPP), with "a data store to store settings and URL shortener
" expected to follow. DDG is also encouraging contributions to expand and improve DDG's zero-click info repos, the source of the material in the red boxes at the top of search results.
"As these contributions increase, the percentage of DDG that is open
source is going up. I'm not sure about becoming completely open source for
a variety of reasons (spam paramount among them), but we are certainly
thinking about [the possibility]
", Weinberg said.
Even if DDG does not become completely free, Weinberg emphasized his determination to use free software "as much as possible
". In particular, referring to DDG's multiple sources for results, he suggests that the use of free software is directly related to the availability of expert results: "If you know an esoteric piece of the query space really well, you should be able to develop for it.
" In other words, using free software not only produces more specialized sources, but also indirectly increases the accuracy and usefulness of DDG's results.
Similarly, asked to comment on Katherine Noyes's suggestion that taking results from Microsoft's Bing might deliver results with an anti-open source bias to Linux Mint users, Weinberg pointed out that Bing is only one of over fifty sources.
"I haven't seen any compelling evidence that we're biased against open source
", Weinberg said. "
And in fact, we're working on ways to essentially do the opposite.
" For example, DDG already uses Ask Ubuntu as a source for technical results, and is currently working on tighter integration with alternativeTo in order to increase the accuracy of free-software related queries.
In return for bootstrapping off free software, Weinberg said, he would "very much like to help start a movement where companies that use open source give back in systematic ways to those communities.
" As a preliminary effort, he has established Foss tithe, a site on which corporate owners can pledge to donate a percentage of their net income to the community. The suggested tithe is ten percent.
So far, only one other company (search [co.de]) has pledged to tithe, and Weinberg himself has not done much to develop the idea. However, he has made his own tithe, with half the donation decided upon by him and half by the DDG community. In 2010, for the corporate portion, he chose to give $482 to nginx and $475 to FreeBSD, two projects that he described as "an integral part of our architecture.
" Choosing security and privacy as a donation theme, the DDG community chose to donate $238 to each of Tor, Clamwin, Tahoe-LAFS, and OpenSSH.
Whether DDG will ever be a major contender among search engines is doubtful. A buyout by a larger competitor is an obvious possibility, though it is unclear whether DDG's privacy policies and options would survive such an event. However, by seeking out closer ties with free and open source software, DuckDuckGo might just find itself the search engine of choice among a small, dedicated group of users with enough knowledge to appreciate its philosophy and features. That could be a path to success and financial sustainability for a smaller search engine like DDG.
2011 Linux and free software timeline - Q4
Here is LWN's fourteenth annual timeline of significant events in the Linux and free software world for the year.
We broke the timeline up into quarters, and this is our report on the final quarter, October-December 2011, though there may be an addition or two for December. The previous quarters can be found as follows:
This is version 0.8 of the 2011 timeline. There are almost certainly some errors or omissions; if you find any, please send them to timeline@lwn.net.
LWN subscribers have paid for the development of this timeline, along with previous timelines and the weekly editions. If you like what you see here, or elsewhere on the site, please consider subscribing to LWN.
For those with a nostalgic bent, our timeline index page has links to the previous thirteen timelines and some other retrospective articles going all the way back to 1998.
October |
Red Hat acquires Gluster, the makers of the open source GlusterFS (press release).
A rootkit that is alleged to be used for surveillance by the German government is analyzed by the Chaos Computer Club (CCC report, LWN blurb).
WineHQ database is compromised leading to the exposure of users' encrypted passwords (announcement, LWN blurb).
openSUSE announces the first release of its openQA distribution testing
tool (announcement,
LWN article).
![[ownCloud logo]](https://static.lwn.net/images/tl2011/owncloud-logo.png){kind=logo}
ownCloud 2 is released; ownCloud is a free cloud storage and synchronization web application (announcement).
Plasma Active One, the KDE-based interface for touchscreen devices, is released (announcement, LWN article).
Samba changes its longstanding policy on corporate-copyrighted code,
which relaxes the requirement for personally copyrighted code (announcement, LWN look at the discussion from July).
![[Subversion logo]](https://static.lwn.net/images/tl2011/svn-logo.png){kind=logo}
Subversion 1.7.0 is released (announcement, release notes).
The time zone database is briefly shut down due to copyright complaints from an astrology company (LWN blurb and article).
KDE celebrates its 15th anniversary (reflections from Cornelius Schumacher, LWN article).
Ubuntu 11.10 ("Oneiric Ocelot") is released (announcement, release notes).
Dennis Ritchie, of Unix and C fame, passes away (LWN blurb, Rob Pike's Google+ "obituary").
Linux 3.1 is released (announcement, KernelNewbies summary, A look at the 3.1 development cycle).
The 13th Realtime Linux Workshop is held in Prague, Czech Republic,
October 20-22 (Realtime minisummit
coverage, Proceedings).
![[Kernel summit]](https://static.lwn.net/images/tl2011/large-ks-group.jpg)
The 2011 Kernel summit is held October 23-25 in Prague (LWN coverage).
Lisp creator John McCarthy passes away at 84 (TechCrunch obituary).
The second GStreamer conference is held in Prague, October 24-25 (LWN coverage: GStreamer 1.0 and 0.10 and Xiph.org).
LinuxCon Europe is held in Prague, October 26-28 (LWN coverage: Kernel panel, UMMS, an audio/video abstraction layer and A btrfs update).
The Embedded Linux Conference Europe is held in Prague, October 26-28 (LWN coverage: Till Jaeger on AVM vs. Cybits, The embedded long-term support initiative, and Sandboxing for automotive Linux; Conference videos).
November |
OpenBSD 5.0 is released (release notes).
-- Don Marti
The Trinity Desktop Environment releases 3.5.13 as a continuation of the KDE 3.5 series (announcement, LWN review).
Samba notes its first contribution from Microsoft employees, which
actually happened back in October (announcement).
![[Fedora logo]](https://static.lwn.net/images/tl2011/fedora-logo.png){kind=logo}
Fedora 16 is released (announcement, release notes).
Google announces the availability of the source code for Android 4.0 ("Ice Cream Sandwich"), after withholding the source to 3.x (announcement, LWN article).
-- Charlie Miller gets banned from Apple's developer program
openSUSE 12.1 is released (announcement, release notes).
AVM loses its case to restrict anyone from modifying the GPL-covered code in its routers (gpl-violations.org announcement).
Barnes & Noble decries Microsoft's "trivial" patents used to fight Android (LWN blurb, Groklaw article).
![[ColorHug logo]](https://static.lwn.net/images/tl2011/colorhug-logo.png){kind=logo}
Richard Hughes announces the ColorHug open hardware/software
colorimeter (announcement,
LWN blurb).
A serious denial of service attack against BIND 9 is seen in the wild (ISC advisory).
Lennart Poettering and Kay Sievers unveil "the Journal" as an alternative to standard Linux unstructured logging; the announcement is not met with widespread acclaim (announcement, LWN article).
YaCy, a peer-to-peer search engine, makes its 1.0 release (LWN article).
Linux Mint 12 is released (announcement, LWN review).
Cinepaint is resurrected and releases version 1.0 though it's rather unclear where the GIMP fork with support for 16 and 32 bits per channel will go from here (Libre Graphics World report).
December |
Download.com is found to be bundling Nmap with adware/spyware for Windows users of the security scanner (announcement, update page).
extensions.gnome.org launches as a site for GNOME Shell extensions
(announcement).
![[LLVM logo]](https://static.lwn.net/images/tl2011/llvm-logo.png){kind=logo}
The LLVM compiler suite releases version 3.0 (announcement).
The QEMU system emulator releases version 1.0 (announcement).
![[webOS logo]](https://static.lwn.net/images/tl2011/webos-logo.png){kind=logo}
HP announces that it will contribute the webOS code to the open source
community (announcement,
LWN article).
-- Ingo Molnar on the continued existence of symlink races
Facebook releases the HipHop virtual machine for faster PHP execution as
open source (announcement).
![[Plasma Active logo]](https://static.lwn.net/images/tl2011/plasma-active-logo.png){kind=logo}
KDE announces the release of Plasma Active Two, the second iteration of its interface for touchscreen devices (announcement).
Rockbox 3.10 is released on the tenth anniversary of the music player alternative firmware project (announcement).
-- Matt Mackall
BT sues Google for patent infringement in Google Music and the Android Market (LWN blurb).
CentOS 6.2 is released, right on the heels of RHEL 6.2 (announcement, release notes).
The Android mainlining project is announced; progress is being made (announcement, LWN article).
Qt 4.8.0 is released (announcement).
![[Mozilla logo]](https://static.lwn.net/images/tl2011/mozilla-logo.png){kind=logo}
Google and Mozilla agree to financial terms for Google to continue as the default Firefox search engine (announcement).
Security
GNUnet adds VPN, direct wireless peering, and more
The GNU project released version 0.9.0 of its GNUnet peer-to-peer (P2P) networking framework in late November. GNUnet allows users to create secure, decentralized P2P networks, akin to the technique used by Gnutella, in which every node is a peer with no central server coordinating the network. But GNUnet puts its emphasis on secure communication links and anonymity: when used for file-sharing, the files a user uploads to the network cannot be traced to their origin, and no one can monitor download activity. Version 0.9.0 breaks network compatibility with previous releases, but it also adds several architectural improvements, and is the first release to officially support an application other than file sharing.
The birds-eye view of GNUnet makes it sound like yet another Napster clone, because the most easily understood use of P2P networks is sharing files — which many assume focuses on copyright-infringing media files. But GNUnet is more general; the project is interested in providing a secure network for people combating censorship or simply wishing to secure their own network traffic against prying eyes. Although sharing files is one use of a decentralized network, it is not the end goal.
Privacy and anonymity are baked into the framework. Peers are identified solely by the SHA-512 hash of a public key; there is no mechanism to further identify anyone on the network — no usernames, or network-wide view of who is connected. Each peer keeps track of its connections to its neighbors, but the connection data is transient and regularly expires. Furthermore, when neighbors exchange messages, they use a mutually-authenticated, encrypted link (a separate link for each peer-to-peer pair). As long as a peer is being a good citizen and is helping to route traffic for the rest of the network, to any eavesdroppers the traffic that originates from the peer is hard to distinguish from traffic being routed between other hosts.
In GNUnet's file-sharing application module, files uploaded by users are encoded using an encryption scheme called Encoding for Censorship-Resistant Sharing (ECRS). ECRS is independent from the link-level encryption, and splits file contents up into blocks that are distributed between the peers. This serves two purposes: fault-tolerance, and enabling faster transfers with Bittorrent-like multi-downloads. Whenever a file is uploaded, special "keyword" blocks associate its contents with potential search terms (which GNUnet refers to as "namespaces"). A distributed hash table keeps track of the namespaces and the files associated with them, so that users can search for files. On the down side, this setup means that all searches are probabilistic — there is no guarantee that a search query will turn up every chunk of the file you search for when you search for it.
On the other hand, the GNUnet client software does not need to connect to the global network of all GNUnet users; it can also run in "Friend-to-Friend" mode to create a private network. In this mode, files uploaded are distributed and replicated in chunks only among the "friends," so the participants can speed up file transfers and enjoy a degree of fault-tolerance, all with a far better probability of finding the files they need available than they might in the global, distributed GNUnet network.
Meet 0.9.0
You can download GNUnet 0.9.0 from the GNU FTP site. There are separate source packages for the command-line GNUnet core and for the GTK+ GUI. As is generally the case with official GNU projects, the software is tested on Linux-based systems as well as FreeBSD, Mac OS X, and Windows — although one of the new features appears to work only on Linux. The configuration documentation is admirably thorough and is already update-to-date for 0.9.0. GNUnet depends on several other GNU projects, and this release requires some recent versions of some dependencies, so a quick check of the list is recommended. There are generic installation instructions as well, although the Autotools-based process is nothing out of the ordinary.
The file-sharing module found in earlier releases is still provided, but version 0.9.0 is the first to provide another module: a virtual private network (VPN). The VPN module creates a virtual network interface on the client (named vpn-gnunet on Linux boxes), which the user can then use to route IP traffic over GNUnet. This traffic is encrypted between every pair of nodes and is anonymous, much like a Tor tunnel, and like Tor it requires that at least some peers act as "exit" nodes.
GNUnet 0.9.0 introduces protocol changes that make it incompatible with 0.8.0 and earlier releases; in the release notes the project admits that this is inconvenient, but said that "productive development and readable code were considered more important.
" The protocol changes include a simplified peer-discovery message format (known as a "HELLO") and moving several of the required services (such as identity management and peer discovery) from separate plug-ins into a "core" module.
A bigger architectural change in this release is a move to a multi-process model, with separate processes running data storage, peer messaging, and other services, along with a lightweight supervisor process (called the automatic restart manager or "ARM") overseeing all of the others. This removes the need to juggle mutexes and locks between a potentially large number of threads — which made earlier releases difficult to maintain — but it also opens the door to contributors writing GNUnet applications in languages other than C and C++. Last but by no means least, it should also make testing and debugging simpler.
The new VPN system can actually do more than route basic IP traffic through GNUnet. It includes a DNS resolver configured to route the .gnunet pseudo-TLD to GNUnet, so it is possible to run GNUnet-only services by binding them to the GNUnet VPN virtual interface. The VPN module can also translate between IPv4 and IPv6 traffic, which makes it possible to use GNUnet to access IPv6 sites or applications from IPv4-only computers, and vice-versa. The project has a page of screencasts showcasing this feature; they use wget to fetch various sites over the VPN connection using several combinations of IPv4 and IPv6 networking.
GNUnet's closest competitor in terms of features is probably Freenet, which also provides a decentralized, anonymous P2P network with encrypted traffic and storage. Like GNUnet, Freenet can function as a transport layer for applications beyond file-sharing, and already has several example applications in the wild. GNUnet points out a few differences between the frameworks on its site, the most notable of which is that GNUnet is capable of using any number of transport protocols. The list includes familiar application- and transport-layer options like TCP, UDP, HTTP, and HTTPS, but also the link-layer itself — starting with 0.9.0, GNUnet peers can talk to each other directly with 802.11 wireless LAN hardware, without going through an access point.
The direct-over-WLAN code requires Linux (at least for the moment), and a supported WiFi card. It uses packet injection to exchange messages with other GNUnet WLAN peers, which requires a helper binary running with root privileges, but the technique allows the machine to remain connected to an access point at the same time. Currently the data rate is limited to around 1Mbps.
0.9.0 also improves GNUnet's peer discovery in some interesting ways. Users can bootstrap their connection to the wider GNUnet world by loading a list of hosts, but, starting with this release, GNUnet peers can also discover each other on the LAN with IPv4 broadcast messages and IPv6 multicast. Peers can also automatically traverse NAT using a variety of methods (including using Universal Plug and Play (UPnP) and ICMP hole punching).
Finally, the project has made an effort to make this release more user-friendly to set up. As the cornucopia of protocols suggests, GNUnet is known for its flexibility, but that is not always simple to navigate. In addition to the connectivity settings, GNUnet can use MySQL, PostgreSQL, or SQLite for storage (both the long-term storage the user contributes to the distributed storage pool, and for the temporary data GNUnet keeps track of during a running session). The setup tool now automatically tests the network and database settings selected by the user and alerts if they do not work.
Applications and all that
On the surface, GNUnet's new functionality makes it more and more like Tor — namely through the availability of separate, anonymous in-network services. Practically speaking, GNUnet still lags behind both Tor and Freenet in terms of what is actually offered to end users; the other networks already support more applications. But GNUnet is making progress; in addition to the VPN code that debuted in 0.9.0, the developers have recently revived the dormant P2P chat application.
At the technical level, GNUnet's main advantage over these other networks is the flexibility it offers in transport protocols — in the past, there were even more options, including a module to route traffic over SMTP (on the grounds that SMTP is rarely blocked by firewalls). Hopefully as the number of applications increases, we will see more and more uses for this flexible transport framework. Routing around censorship is one of the most important uses of this class of project, and the less flexible options — like Tor — are already beginning to be blocked in the wild.
Brief items
Security quotes of the week
[...]
"In five years, unsolicited advertisements may feel so personalized and relevant it may seem that spam is dead. At the same time, spam filters will be so precise you'll never be bothered by unwanted sales pitches again"
Twitter releases TextSecure
Whisper Systems, just acquired by Twitter, has announced that it has released TextSecure - an encrypted messaging client for Android - under GPLv3; the source is available on Github. "We've always been interested in the ability for individuals and organizations to communicate freely and securely. In the year and a half since Whisper Systems launched TextSecure, we've received an enormous amount of thanks, feedback, and encouraging stories from users who have employed TextSecure towards those ends. We hope that as an open source project, TextSecure will be able to reach even more people, with an even larger number of contributors working to make it a great product."
New vulnerabilities
abrt: information disclosure
| Package(s): | abrt | CVE #(s): | CVE-2011-4088 | ||||||||||||||||||||
| Created: | December 19, 2011 | Updated: | July 10, 2012 | ||||||||||||||||||||
| Description: | From the Red Hat bugzilla:
Jan Iven reported that abrt could possibly leak certain non-public information when reporting on crashes. If an application included a user name, password, or other confidential information in the crash output, abrt would send that information along with the other information it collects about the crash, to bugzilla. While the real problem is the application including this information in the crash output, abrt should not be submitting this information or should warn the user that it may be submitting potentially sensitive information and allow the user to scrub that information before it is sent. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
asterisk: multiple vulnerabilities
| Package(s): | asterisk | CVE #(s): | CVE-2011-4597 CVE-2011-4598 | ||||||||
| Created: | December 19, 2011 | Updated: | December 21, 2011 | ||||||||
| Description: | From the Debian advisory:
CVE-2011-4597: Ben Williams discovered that it was possible to enumerate SIP user names in some configurations. CVE-2011-4598: Kristijan Vrban discovered that Asterisk can be crashed with malformed SIP packets if the "automon" feature is enabled. | ||||||||||
| Alerts: |
| ||||||||||
bzip2: insecure tmp file creation
| Package(s): | bzip2 | CVE #(s): | CVE-2011-4089 | ||||
| Created: | December 15, 2011 | Updated: | December 21, 2011 | ||||
| Description: | From the Ubuntu advisory: vladz discovered that executables compressed by bzexe insecurely create temporary files when they are ran. A local attacker could exploit this issue to execute arbitrary code as the user running a compressed executable. | ||||||
| Alerts: |
| ||||||
dtc: multiple vulnerabilities
| Package(s): | dtc | CVE #(s): | CVE-2011-3195 CVE-2011-3196 CVE-2011-3197 CVE-2011-3198 CVE-2011-3199 | ||||
| Created: | December 19, 2011 | Updated: | December 21, 2011 | ||||
| Description: | From the Debian advisory:
Ansgar Burchardt, Mike O'Connor and Philipp Kern discovered multiple vulnerabilities in DTC, a web control panel for admin and accounting hosting services: CVE-2011-3195: A possible shell insertion has been found in the mailing list handling. CVE-2011-3196: Unix rights for the apache2.conf were set incorrectly (world readable). CVE-2011-3197: Incorrect input sanitising for the $_SERVER["addrlink"] parameter could lead to SQL insertion. CVE-2011-3198: DTC was using the -b option of htpasswd, possibly revealing password in clear text using ps or reading /proc. CVE-2011-3199: A possible HTML/javascript insertion vulnerability has been found in the DNS & MX section of the user panel. | ||||||
| Alerts: |
| ||||||
ejabberd: denial of service
| Package(s): | ejabberd | CVE #(s): | CVE-2011-4320 | ||||||||||||
| Created: | December 19, 2011 | Updated: | December 21, 2011 | ||||||||||||
| Description: | From the Red Hat bugzilla:
A denial of service flaw was found in the way PubSub extension of the ejabberd, a distributed, fault-tolerant Jabber/XMPP server, performed processing of certain, malformed <publish/> stanzas. A remote attacker, authenticated Jabber user, could send a specially-crafted request to Jabber server, leading to the jabberd daemon to enter an infinite loop and consume excessive amount of CPU, while processing the stanza. | ||||||||||||||
| Alerts: |
| ||||||||||||||
libxml2: denial of service
| Package(s): | libxml2 | CVE #(s): | CVE-2011-3905 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | December 15, 2011 | Updated: | September 26, 2012 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Mandriva advisory: libxml2 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors (CVE-2011-3905). | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
lighttpd: denial of service and MITM vulnerabilities
| Package(s): | lighttpd | CVE #(s): | CVE-2011-4362 CVE-2011-3389 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | December 21, 2011 | Updated: | September 10, 2012 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | A signedness issue in the lighttpd base64 decoding routine can lead to an out-of-bounds read and a denial-of-service opportunity (CVE-2011-4362). Lighttpd can also be vulnerable to the SSL "BEAST" attack in certain configurations, enabling a possible man-in-the-middle attack (CVE-2011-3389). | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
mediawiki: multiple vulnerabilities
| Package(s): | mediawiki | CVE #(s): | CVE-2011-1587 CVE-2011-4360 CVE-2011-4361 | ||||
| Created: | December 19, 2011 | Updated: | December 21, 2011 | ||||
| Description: | From the Debian advisory:
CVE-2011-1587: Masato Kinugawa discovered a cross-site scripting (XSS) issue, which affects Internet Explorer clients only, and only version 6 and earlier. Web server configuration changes are required to fix this issue. Upgrading MediaWiki will only be sufficient for people who use Apache with AllowOverride enabled. CVE-2011-4360: Alexandre Emsenhuber discovered an issue where page titles on private wikis could be exposed bypassing different page ids to index.php. In the case of the user not having correct permissions, they will now be redirected to Special:BadTitle. CVE-2011-4361: Tim Starling discovered that action=ajax requests were dispatched to the relevant function without any read permission checks being done. This could have led to data leakage on private wikis. | ||||||
| Alerts: |
| ||||||
namazu: cross-site scripting
| Package(s): | namazu | CVE #(s): | CVE-2011-4345 | ||||||||
| Created: | December 15, 2011 | Updated: | December 1, 2013 | ||||||||
| Description: | From the openSUSE advisory: namazu: XSS flaw by processing HTTP cookies (CVE-2011-4345) | ||||||||||
| Alerts: |
| ||||||||||
perl-PAR: insecure temporary file handling
| Package(s): | perl-PAR perl-PAR-Packer | CVE #(s): | CVE-2011-4114 | ||||||||||||||||
| Created: | December 21, 2011 | Updated: | December 21, 2011 | ||||||||||||||||
| Description: | From the Red Hat bugzilla entry: It was reported that PAR::Packer's par_mktmpdir() function would create /tmp/par-[username] directories insecurely, which could allow a local attacker to make changes to the cache directory and possibly the PAR-packged program. PAR::Packer does not verify that the user owns the directory, nor does it create it with secure permissions. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
phpMyAdmin: cross-site scripting
| Package(s): | phpMyAdmin | CVE #(s): | CVE-2011-4634 | ||||||||||||||||
| Created: | December 19, 2011 | Updated: | January 2, 2012 | ||||||||||||||||
| Description: | From the Red Hat advisory:
Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the view creation dialog. Using a crafted column type, it was possible to produce XSS in the table search and create index dialogs. Only phpMyAdmin 3.4.x is affected by this vulnerability. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
pidgin: multiple vulnerabilities
| Package(s): | pidgin | CVE #(s): | CVE-2011-4602 CVE-2011-4603 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | December 15, 2011 | Updated: | January 9, 2012 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat advisory: An input sanitization flaw was found in the way the Pidgin SILC (Secure Internet Live Conferencing) protocol plug-in escaped certain UTF-8 characters in channel messages. A remote attacker could use this flaw to crash Pidgin via a specially-crafted SILC message. (CVE-2011-4603) Multiple NULL pointer dereference flaws were found in the Jingle extension of the Extensible Messaging and Presence Protocol (XMPP) protocol plug-in in Pidgin. A remote attacker could use these flaws to crash Pidgin via a specially-crafted Jingle multimedia message. (CVE-2011-4602) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
susestudio, kiwi: multiple vulnerabilities
| Package(s): | SUSE Studio Onsite 1.2 and kiwi | CVE #(s): | CVE-2011-3180 CVE-2011-4192 CVE-2011-4193 CVE-2011-4195 | ||||
| Created: | December 15, 2011 | Updated: | December 21, 2011 | ||||
| Description: |
From the SUSE advisory:
| ||||||
| Alerts: |
| ||||||
tor: arbitrary code execution
| Package(s): | tor | CVE #(s): | CVE-2011-2778 | ||||||||||||
| Created: | December 16, 2011 | Updated: | January 11, 2012 | ||||||||||||
| Description: | From the Debian advisory:
It was discovered that Tor, an online privacy tool, incorrectly computes buffer sizes in certain cases involving SOCKS connections. Malicious parties could use this to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. In Tor's default configuration this issue can only be triggered by clients that can connect to Tor's socks port, which listens only on localhost by default. In non-default configurations where Tor's SocksPort listens not only on localhost or where Tor was configured to use another socks server for all of its outgoing connections, Tor is vulnerable to a larger set of malicious parties. | ||||||||||||||
| Alerts: |
| ||||||||||||||
xorg: restriction bypass
| Package(s): | xorg | CVE #(s): | CVE-2011-4613 | ||||||||
| Created: | December 19, 2011 | Updated: | January 26, 2012 | ||||||||
| Description: | From the Debian advisory:
The Debian X wrapper enforces that the X server can only be started from a console. "vladz" discovered that this wrapper could be bypassed. | ||||||||||
| Alerts: |
| ||||||||||
Page editor: Jake Edge
Kernel development
Brief items
Kernel release status
The current development kernel is 3.2-rc6, released on December 16. Linus was a bit grumpy about late merge requests, but sees the series calming down soon. "We're at -rc6 now, and while I can see myself doing an -rc7, I probably won't do an -rc8 unless something bad pops up. There doesn't seem to be any real reason to drag out this release any more, and we'll probably have the real 3.2 around new years."
Stable updates: the 2.6.32.51, 3.0.14, and 3.1.6 stable kernels were released on December 21. Each contains another long list of important fixes; upgrading is recommended.
Quotes of the week
First version of kmod released
A new library libkmod and set of tools (kmod-*) for handling kernel modules has been announced. The idea is to give early boot tools, installers, udev, and others an easy way to query and control kernel modules via a library, rather than using modprobe. "In a recent Linux Desktop (and also several embedded systems) when computer is booting up, udev is responsible for checking available hardware, creating device nodes under /dev (or at least configuring their permissions) and loading kernel modules for the available hardware. In a kernel from a distribution it's pretty common to put most of the things as modules. Udev reads the /sys filesystem to check the available hardware and tries to load the necessary modules. This translates in hundreds of calls to the modprobe binary, and in several of them just to know the module is already loaded, or it's in-kernel. With libkmod it's possible for udev with a few lines of code to do all the job, benefiting from the configurations and indexes already opened and parsed." The project also provides work-alike programs for insmod, lsmod, rmmod, and an incomplete version of modprobe that use libkmod, with plans to complete the set. (Thanks to Luis Felipe Strano Moraes.)
Pull requests with signed tags
One of the ongoing echoes from the compromise of kernel.org is an increased interest in verifying the integrity of pull requests sent to Linus. One way of doing that is for the developer to add a cryptographic signature to the email containing the pull request. If the top commit ID is included in the message, the pull request (and the code it covers) can be authenticated, but the digital signature itself is not stored in the mainline repository, making it hard to re-verify requests at some future time.An alternative is to use git to create a signed tag, which stores the signature in the repository itself. In the future, that may become the accepted way to get code into the mainline. Linus has described some pending changes to git that make the capture and storage of that information simple. So simple, in fact, that there is no longer any need to worry about branches or unique tag names:
So it would actually be nicer if you used temporary tag names the way you use temporary branch names when you ask me to pull. The tag *content* will be saved from now on (unless I screw up while traveling or something and pull with a machine that has an older git version), so there's very little advantage in then saving the tags separately by having ugly tag-names with long lifetimes.
All of this evidently works now, with existing stable git releases; only the process of merging such a tag requires the newer code. So, soon, signed tags may be the standard way to identify changes to be pulled.
[CFP] Linux Storage, Filesystem & Memory Management Summit 2012
The 2012 Linux Storage, Filesystem, and Memory Management Summit will be held on April 1 and 2 in San Francisco, California. The call for proposals for discussions has gone out, with a deadline of February 5.
Kernel development news
Some numbers from the 3.2 development cycle
The 3.2 kernel development cycle always had the potential to be a little different. The prolonged kernel.org outage had left a number of subsystem trees scrambling for new homes; that led to a delayed opening of the merge window. The actual merging of changes happened mostly during the Kernel Summit in Prague. And, even before the normal process got disrupted, this looked like a more than usually active cycle. Despite these challenges, the 3.2 kernel process seems to have worked pretty much as it usually does once it got started.As of this writing (just after the release of 3.2-rc6), some 11,655 non-merge changesets have been pulled into the mainline kernel; these changesets were contributed by 1,289 developers. At that count, 3.2 is the fourth largest development cycle ever. Chances are good that it will surpass 2.6.29 (11,678 changes) to move up to the number-three position; getting past 2.6.30 (11,989) seems harder - if not impossible - at this point, while passing 2.6.25 (12,243) to become the busiest cycle ever seems quite unlikely. If we want to set a new record for changes merged, we're going to have to try harder.
A lot of code was removed in this cycle, so the total growth of the kernel was 176,000 lines - a relatively modest number.
The most active developers this time around were:
Most active 3.2 developers
By changesets Larry Finger 302 2.6% Paul Gortmaker 234 2.0% Mark Brown 226 1.9% Axel Lin 220 1.9% K. Y. Srinivasan 165 1.4% Jonathan Cameron 159 1.4% Roland Vossen 157 1.3% Ben Skeggs 121 1.0% Dmitry Eremin-Solenikov 117 1.0% Christoph Hellwig 113 1.0% Nicolas Pitre 109 0.9% Al Viro 104 0.9% Dan Carpenter 101 0.9% Arend van Spriel 100 0.9% Mark Einon 99 0.8% Guennadi Liakhovetski 98 0.8% Laurent Pinchart 95 0.8% Takashi Iwai 92 0.8% Johannes Berg 91 0.8% J. Bruce Fields 88 0.8%
By changed lines Arend van Spriel 105436 9.2% Kalle Valo 100542 8.8% Larry Finger 84036 7.3% Roland Vossen 34944 3.1% Edwin Rong 21876 1.9% Mark Brown 13771 1.2% Mark Einon 13597 1.2% Richard Kuo 12223 1.1% Rasesh Mody 11792 1.0% Joe Thornber 10000 0.9% Jonathan Cameron 9776 0.9% Kukjin Kim 8920 0.8% Franky (Zhenhui) Lin 8383 0.7% Linus Walleij 7317 0.6% Emmanuel Grumbach 6838 0.6% Felipe Balbi 6783 0.6% David Kilroy 6356 0.6% Takashi Iwai 6188 0.5% Shawn Guo 6021 0.5% Jeff Kirsher 6015 0.5%
Larry Finger put a vast amount of work into cleaning up the rtl8192e driver in the staging tree, making it quite a bit smaller in the process. Paul Gortmaker split the EXPORT_SYMBOL* macros into <linux/export.h>; after that, many files no longer needed to include <linux/module.h>. The real advantage of that kind of work, beyond minimizing the interactions between various parts of the kernel, is that it makes the kernel compilation process faster. Mark Brown, as usual, wrote or improved vast numbers of audio drivers. Axel Lin did a lot of cleanup work, mostly in the audio driver subsystem, while K. Y. Srinivasan continued the seemingly unending task of getting Microsoft's "hv" drivers ready to move into the mainline.
Arend van Spriel topped the list of "lines changed" by moving the brcm80211 driver from staging into the mainline tree. One could argue that this change should be accounted as a rename (which doesn't change any lines), but it does not show up that way in the source history: one patch added the drivers to mainline, while a separate patch removed them from staging. Kalle Valo removed the ath6kl driver from staging, since support for this hardware had been added to the mainline "ath" driver; as a result, he topped the list of developers who removed the most code from the kernel. Larry Finger's work has already been mentioned. Roland Vossen worked hard on the brcm80211 cleanup, and Edwin Rong added a driver for the Realtek RTS5139 cardreader to the staging tree.
The top five entries in the "lines changed" column are all thus related to the staging tree. Some have argued in the past that staging should be excluded from these statistics. There is a valid point behind those arguments, but it should also be noted that much of the activity this time was around movement of code from staging into the mainline. That suggests that staging is working the way it was intended to, and that work done there benefits the mainline in the end.
191 employers were identified as having supported work on the 3.2 kernel. Among those, the most active were:
Most active 3.2 employers
By changesets (None) 1722 14.8% Red Hat 988 8.5% (Unknown) 863 7.4% Intel 844 7.2% Broadcom 493 4.2% Texas Instruments 482 4.1% IBM 412 3.5% Novell 347 3.0% Wind River 281 2.4% Qualcomm 251 2.2% Wolfson Micro 248 2.1% Samsung 232 2.0% MiTAC 220 1.9% (Consultant) 208 1.8% Nokia 202 1.7% Linaro 202 1.7% Oracle 189 1.6% Freescale 182 1.6% 182 1.6% Microsoft 177 1.5%
By lines changed Broadcom 256549 22.4% (None) 202387 17.7% Qualcomm 133277 11.6% Red Hat 48673 4.2% (Unknown) 43254 3.8% Intel 43094 3.8% Texas Instruments 31529 2.8% Samsung 30233 2.6% IBM 22279 1.9% Realsil Micro 22065 1.9% Brocade 21734 1.9% Freescale 16657 1.5% Wolfson Micro 16217 1.4% ST Ericsson 14334 1.3% Novell 14161 1.2% Code Aurora Forum 13706 1.2% Univ. of Cambridge 12350 1.1% Linaro 10708 0.9% (Consultant) 9263 0.8% Marvell 8640 0.8%
Red Hat remains the top corporate submitter of patches to the kernel, but its lead looks less commanding than it once was. Meanwhile, companies like Texas Instruments and Samsung continue to increase their contributions to the kernel - embedded systems vendors are now a huge part of the development community. There also seems to be an increase in the amount of code coming from industry consortia like Linaro - again, mostly focused in the embedded area. But, with over 190 companies participating, we clearly still have interest from beyond just the embedded realm.
As of this writing, the 3.2 kernel looks likely to be released right around the end of the year, after one more -rc release. If that schedule holds, this cycle will have required less than 70 days, significantly shorter than the average (which is about 80 days) despite the large volume of changes. The process, in other words, appears to be working fairly well despite the kernel.org difficulties and the delayed start. Sooner or later, we are bound to run into a problem that will throw a significant wrench into the works - life is just like that - but that certainly hasn't happened this time around.
A common clock framework
One of the big problem areas that has been identified in the ARM kernel trees is the diversity of implementations for various things that could be shared—either within the ARM tree or more widely with the rest of the kernel. That problem has led to a large amount of duplicated code in the ARM tree, both via cut-and-paste and code that is conceptually similar but uses different data structures and APIs. The latter makes the creation of a single kernel image that can boot on multiple ARM platforms impossible, so there are efforts to consolidate these implementations. The common clock framework is one such effort.
In a typical ARM system-on-chip (SoC), there can be dozens of different clocks for use by various I/O and other devices in the SoC. Typically those clocks are hooked together into elaborate tree-like structures. In those trees, child clocks can sometimes only change their frequency if the parent (and any other children) are correspondingly changed; disabling certain clocks will affect other clocks in the system and so on. Each ARM platform/SoC has its own way of encapsulating that information and presenting it to other parts of the system (like power and thermal management controllers), which makes it difficult to create platform-independent solutions.
The first problem that a common clock framework faces is the sheer number of different struct clk definitions scattered throughout the ARM tree. There are more than two dozen definitions in arch/arm currently, but the proposal for a common framework not surprisingly reduces that number to one. Implementations can wrap the struct clk in another structure that holds hardware-specific data, but the common structure looks like:
struct clk {
const char *name;
const struct clk_hw_ops *ops;
struct clk *parent;
unsigned long rate;
unsigned long flags;
unsigned int enable_count;
unsigned int prepare_count;
struct hlist_head children;
struct hlist_node child_node;
};
The parent and children/child_node fields allow the clocks to be arranged into trees, while the rate field tracks the current clock frequency (in Hz). The flags field is used to describe the clock type (e.g. whether a rate change needs to be done on the parent clock, or that the clock must be disabled before changing the rate). The two *_count fields are for tracking calls to the enable and prepare operations, while the bulk of the "work" is done within the struct clk_hw_ops field (ops).
Each of the entries in the clk_hw_ops structure correspond to a function in the driver-facing API for the clock framework. That API does some sanity checking before calling the corresponding operation from clk_hw_ops:
struct clk_hw_ops {
int (*prepare)(struct clk *clk);
void (*unprepare)(struct clk *clk);
int (*enable)(struct clk *clk);
void (*disable)(struct clk *clk);
unsigned long (*recalc_rate)(struct clk *clk);
long (*round_rate)(struct clk *clk, unsigned long,
unsigned long *);
int (*set_parent)(struct clk *clk, struct clk *);
struct clk * (*get_parent)(struct clk *clk);
int (*set_rate)(struct clk *clk, unsigned long);
};
clk_prepare() is used to initialize
the clock to a state where it could be enabled, and that call must be made
before clk_enable(), which actually starts the clock running.
clk_disable() and clk_unprepare() do the reverse and
should be called in that order. The difference is that
clk_prepare() can sleep, while clk_enable() must not, so
having two separate calls allows the clock initialization to be split into
atomic and non-atomic pieces.
clk_get_parent() and clk_set_parent() do what the names imply, simply returning or changing the parent field, though setting the parent only succeeds if the clock is not already in use (otherwise -EBUSY is returned). clk_recalc_rate() queries the hardware, rather than the cached rate field, for the current frequency of the clock. clk_round_rate() rounds a frequency in Hz to a rate that the clock can actually use, and can also be used to determine the correct frequency for the parent clock when changing rates. All of those are more or less helper functions for clk_set_rate().
clk_set_rate() changes the frequency of a clock, but it must take into account some other factors. If the CLK_PARENT_SET_RATE flag value is set for the clock, clk_set_rate() needs to propagate the change to the parent clock (which may also have that flag set, necessitating a recursive traversal of the tree, attempting to set the rate at each level).
Drivers can also register their interest in being notified of rate changes with the clk_notifier_register() function. Three different types of notification can be requested: before the clock's rate changes, after it has been changed, or if the change gets aborted after the pre-change notifications have been called (i.e. PRE_RATE_CHANGE, POST_RATE_CHANGE, and ABORT_RATE_CHANGE). In each case, both the old and new values for the rate get passed as part of the notification callback. The patch to add notifications creates another operation in clk_hw_ops called speculate_rate(), which notes potential rate changes and sends any needed pre-change notifications as it walks the sub-tree.
The patch set also exports the clock hierarchy into debugfs. Each top-level clock gets a directory in ../debug/clk that contains read-only files to report the clock's rate, flags, prepare and enable counts, and the number of notifiers registered. Subdirectories are created for each child clock containing the same information.
The common clock framework has been around for some time in various forms.
The current incarnation is being shepherded by Mike Turquette, but he notes
that it is based on work originally done by Jeremy Kerr and Ben
Herrenschmidt. Beyond that: "Many others contributed to those
patches and promptly had their work stolen by me
".
Turquette has also posted a patch set with
an example
that replaces the OMAP4 clocks using the framework.
The comments on the most recent iteration have been fairly light, but still substantive, so we are clearly a ways off from seeing a version in the mainline. It's clearly on the radar of ARM developers, and would clean up a fair amount of code duplication within that tree, so we should see something in the mainline soon—hopefully in one of the next few kernel releases.
Bringing Android closer to the mainline
The agenda for the 2011 Kernel Summit did not include Android as a topic, but Android came up anyway. In a conclusion that surprised many, the group agreed that the bulk of the Android kernel code should probably be merged into the mainline. The past couple of years have made it clear that Android will not be going away; it has, in particular, done a good job of outlasting the resistance to merging its code. After the Summit things got quiet again on the Android front, but that does not mean that nothing has been happening.Tim Bird recently announced the existence of the Android mainlining project, an effort intended to help coordinate the various groups that have been working in this area. The project has the obligatory wiki and mailing list. The list is new and has not seen a whole lot of traffic - a situation which may well change in the near future.
Toward the end of November, the core Android code was returned to the staging tree, from which it had been removed at the end of 2009. Since the code's return to staging, changes have been going in and the code has caught up to its state in the Android tree. The code has now reached a point where, as summarized by Greg Kroah-Hartman on December 16:
Between the wiki and a look at drivers/staging/android in linux-next, one can get a fair idea of the state of the various patches. One notable patch that is not there is wakelocks (or "suspend blockers"), a feature which has been at the core of the controversy around the Android code. The wakelock concept will almost certainly return at some point, but much of the focus seems to be on the easier components at the moment. As Greg noted, wakelocks are not actually needed to boot an Android system - they're just necessary to keep that system from draining the battery too quickly.
The pieces that exist in the linux-next staging directory now are:
- Binder, the
interprocess communication mechanism used within Android. Binder
could conceivably be replaced with a standard IPC mechanism or,
perhaps, with D-bus, but it has a number of unique features (zero-copy
message transmission, thread management, credential passing) that are
hard to replace in a straightforward manner. (See this article for a detailed look at
various Linux IPC mechanisms, binder included).
- Logger is the kernel piece of the Android logging
system. It implements a completely separate path for
Android-specific log
messages, which do not mix with normal kernel messages in any way.
Other than adding a "facility" concept to kernel logging, it's not
clear what this component offers, but it is also relatively
self-contained and should not be too controversial.
- The "low memory killer" implements Android's interesting approach to
application management. In the Android world, applications never
choose to exit. They hang around until memory gets tight, at which
point kernel starts to kill them off. It's a
small piece of code that works using the "shrinker"
mechanism, a standard way to register functions to be called when the
kernel would like to free up some memory. So, even though it is
memory-management code, it is
relatively unintrusive and will not affect systems where it is not
used.
- "Pmem" is Android's answer to the age-old problem of allocating large,
physically-contiguous buffers after the system has been running for a
while. It works in the usual way: a range of memory is set aside at
boot time. One difference with pmem is that it exports a device to
user space, allowing buffers to be allocated directly by applications
and passed to drivers. That, in turn, leads to things like camera
drivers being written with the assumption that user space can give
them physically-contiguous buffers for video frames, something that
would not be possible in a mainline kernel.
Approaches like CMA seem like a better solution to this particular problem - if and when CMA is merged into the mainline. Meanwhile, however, applications have been written using pmem, so that interface is unlikely to go away in the near future.
- The "RAM console" saves log data to a special region of memory where
it can be found and recovered after a reboot. It is a debugging tool.
- "Timed GPIO" is a simple mechanism whereby the kernel can schedule a specific setting for a GPIO line at some point in the future. An example use would be to ensure that the vibrator gets turned off regardless of what happens to the application that turned it on.
The "ashmem" component was not in linux-next as of this writing, but, as Greg noted, its arrival there is expected in the near future. Ashmem is a shared memory mechanism that is able to discard some or all of its contents when memory pressure gets high. It could conceivably be replaced by the proposed POSIX_FADV_VOLATILE operation, but the latter does not, yet, seem to be a complete solution for Android's requirements.
There are a number of Android-specific changes that do not appear on that list, and, thus, are not likely to be merged into the mainline in the near future. Some of them are so Android-specific that they may never get in; the "network security" tweaks fall into that category. Others, such as the alarm timer code, may be superseded by enhancements in the mainline. Then, of course, there is a long list of drivers for hardware found on Android devices. Quite a few of those drivers have found their way into the mainline already, and others are on their way.
In summary: if all goes well, the 3.3 kernel should see the delta between Android kernels and the mainline go down considerably. That should make life easier for developers and for vendors wanting to provide Android-compatible hardware. Of course, it would be unsurprising if Android were to grow new subsystems of its own in the future; the Android developers have made it clear that they are unable and unwilling to wait for the mainlining process to run its course when they have products to ship. But, with any luck at all, the worst days of a significant fork that has caused a fair amount of ill will and difficult discussion should soon be behind us.
Patches and updates
Kernel trees
Architecture-specific
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Security-related
Virtualization and containers
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
Time for openSUSE to go all-in with systemd?
Systemd was designed to bring better performance, better control, and easier configurability to the system initialization and service control task. According to many, it has succeeded in those goals. It also tends to bring a certain amount of unhappiness to those who see no driving reason to make fundamental changes to a key part of the system - especially if those changes sometimes break things. OpenSUSE is not the first distribution to transition to systemd, but its experience in some ways mirrors that of those who came before. Now the distribution is considering plans to move exclusively to systemd, leaving the old SYSV init system behind entirely. Needless to say, not everybody is amused.The current openSUSE release - 12.1, was the first to feature systemd, but it continues to support the SYSV init system as well. For better or for worse, though, the distribution developers made the decision that old systems, when upgraded to 12.1, would be transitioned to systemd automatically. That is where the trouble starts; there are, it would seem, a lot of things that do not yet work all that well with systemd. That has led to the automatic switch being added to the 12.1 most annoying bugs list, along with instructions on how to switch back to SYSV init.
When Fedora made this transition, the Fedora 14 release was initially targeted as the first systemd-based release, but Fedora eventually decided to wait one more cycle to allow things to stabilize. That decision seems to have worked out reasonably well, even though Fedora users, arguably, are used to disruptive changes and could have handled it. In retrospect, perhaps openSUSE should have done the same thing and given systemd another release cycle to settle in. Or, failing that, they could have held off on the automatic switch to systemd, leaving it as an "opt-in" choice for their more adventurous users. But, as they say, hindsight is always 20-20.
The end result is that, when Cristian Rodríguez posted a proposal to phase out SYSV init entirely in favor of systemd, he was not rewarded with universal acclaim. There was some substantial grumbling about the perceived instability of systemd-based installations and the desire to push users toward technology that is not yet ready for prime time. For example:
The openSUSE developers seem to agree, at this point, that the transition was a bit premature and that it has caused some unneeded pain for users; some apologies have been seen on the list. But that still leaves them with the problem of figuring out where to go from here. One option would be to back out systemd entirely, write it off as a bad idea, and recommit to SYSV init (or switch to upstart). There does not appear to be any sign that this option is under consideration; for better or for worse, systemd appears to be seen as the future for openSUSE.
Given that, there is no alternative to making systemd work better. Cristian proposed a three-phase plan to so do. The first step would be to address all known bugs in systemd itself, which makes sense: until the foundation is stable, it is hard to build stable structures on top of it. The second phase involves getting rid of purely hardware-related init scripts and adding systemd unit files to packages that need them. The final stage includes the removal of SYSV init and something called "profit". By all appearances, it is a straightforward plan to further the transition to systemd.
Nobody disagrees with the idea of making systemd work better. But there was some real discomfort with a perceived haste to eliminate SYSV init. Once the old init system is gone, there will be no alternative to running systemd, like it or not, and it appears that some users do not like it.
That puts openSUSE into a bit of a bind. There is a real cost to keeping SYSV init around and functioning; it is a complex and crucial system component that is easily broken if the distribution developers are not running it regularly. Maintaining both systems will also reduce the number of users and testers for systemd, with the result that bugs will take longer to find and to fix. The desire to keep a tried-and-true alternative around is understandable, but, at some point, the costs of doing so are likely to be to high.
That said, there is no talk of removing SYSV init for the 12.2 release, and possibly for some time thereafter. Systemd, along with all the services that interact with it, needs to be brought up to a higher level of stability first. That should be enough work to keep the openSUSE developers busy for a little while yet. Experience suggests that systemd-based openSUSE should stabilize quickly enough, and soon this transition will just be a memory. The road to that place may yet have a rough spot or two, though.
Brief items
CentOS 6.2 released
The CentOS 6.2 release is out, surprisingly quickly after the Red Hat Enterprise Linux 6.2 release that it is based on, and less than two weeks after the CentOS 6.1 release. "All updates released since upstream 6.2 release are also released to the CentOS-6.2 mirrors. With this release we are now back to a regular, managed and tested release path and time scales. However, for the time being, we are going to retain the CR/ repo in the event its needed in the future to push ahead-of-release updates." Some people must have worked very hard to get this release out so quickly; congratulations are in order.
Oracle Linux 6 .2
Oracle has released Oracle Linux 6.2 for x86 and x86_64. Two kernels are available for this release. Both Oracle's Enterprise kernel and a Red Hat compatible kernel are installed by default, with the former booted by default.Ubuntu disabling the Sun Java JDK browser plugin
Ubuntu has sent out an announcement that it will be pushing a security update that disables the Sun JDK browser plugin on all machines. It seems that there are several security issues with this plugin, but, due to a change in licensing by Oracle, it is no longer possible to create packages with the fixes. The best solution appears to be to switch to OpenJDK.
Distribution News
Fedora
Fedora 16 for IBM System z 64bit official release
The Fedora IBM System z (s390x) Secondary Arch team has announced the official release of Fedora 16 for IBM System z 64bit. The architecture specific release notes are here.
openSUSE
openSUSE Board Election 2011 results
The latest election results for the openSUSE board have been posted. Pascal Bleser, Will Stephenson, and Andrew Wafaa are the newest members of the board.
Newsletters and articles of interest
Distribution newsletters
- DistroWatch Weekly, Issue 436 (December 19)
- Maemo Weekly News (December 19)
- openSUSE Weekly News Issue 206 (December 17)
- Ubuntu Weekly Newsletter, Issue 246 (December 18)
McRae: Pacman Package Signing - 4: Arch Linux
Back in March 2011, LWN examined package signing (or the lack thereof) in the Arch Linux distribution. Things have advanced considerably since then. Allan McRae has now posted the fourth in a series of articles about the adoption of signed packages in Arch. "The Arch repos have been gradually preparing for the package signature checking in pacman-4.0. Support for uploading PGP signatures with packages was added in April and was made mandatory from the beginning of November. As of today, 100% of the packages in the [core] repo and approximately 71% of [extra] and 45% of [community] are signed."
Poortvliet: openSUSE and ownCloud
Jos Poortvliet writes about ownCloud and the tools offered in openSUSE 12.1 to make ownCloud management easier. "The freedom of software and data is very valuable to the openSUSE Project and we would like to help you escape the deceptive arms of those who offer you some convenience in exchange for control over your data. A first step was providing spideroak in openSUSE 11.4 which, unlike most competitors, encrypts your files and thus offers more protection for your privacy. But your data is still 'somewhere else' and we prefer to offer something you would really own. Fortunately there is a very appealing solution for that called ownCloud."
Puppy Has A Litter (OSnews)
OSnews looks at Puppy Linux and some of its derivatives (or puplets) that have been built using the Woof build system.The result of these easy-to-use tools has been an explosion in Puppy Linux variants, commonly called Puplets. There's a Puplet for every interest, demographic, and taste. There are Puplets that default to specific GUIs, Window Managers and browsers; Puplets optimized for specific hardware; stripped down and barebones Puplets; Puplets for different languages and countries; and so on. This webpage lists 20 new Puplets with another 65 available. Pick from the list or develop your own. That's the fun of Puppy.
Page editor: Rebecca Sobol
Development
GNOME plans an accessibility push for 2012
GNOME's accessibility efforts took a serious hit in 2010 when Oracle acquired Sun and cut developer jobs from Sun's Accessibility Program Office (APO). The APO had been home to full-time developers working on GNOME accessibility components like the Orca screen reader and the Accessibility Toolkit ATK. The GNOME Foundation is preparing a major accessibility push in 2012, beginning with a fundraising campaign that will direct donations towards needed development tasks.
Because of the APO layoffs and the amount of time and effort required to release GNOME 3.0, many of the outstanding accessibility tasks were falling through the cracks. Some modules and changes had to be dropped, and some bugs and new work had to be pushed back. GNOME held an accessibility hackfest in March 2010 to reorganize the effort.
Making 2012 the year of accessibility
Eventually, others in the GNOME ecosystem took up some of the slack, however, including open source consulting firm Igalia, and developers from other Sun/Oracle offices. In an effort to further accelerate development, the GNOME Foundation is making accessibility the focal point of a new fundraising campaign, run through the foundation's "Friends of GNOME" (FoG) program.
FoG allows individuals to make monetary donations in one-time or recurring monthly amounts. The new FoG site highlights the importance of accessibility, linking to a testimonial from Robert Cole, an IT student with a significant visual impairment. It also lists six areas where the GNOME Accessibility Team wishes to target development resources.
First, the team wants to alleviate the performance hit that comes with running Orca or other assistive technologies, having noticed that sessions slow down whenever the assistive technology component is running, even if the application is not being used. Certainly some amount of overhead is to be expected when running an application like Orca, but the noticeable even-while-not-in-use performance degradation is frequently cited by third-party developers as a reason for not adding ATK support to their applications.
There are also three applications that need specific feature work. One is adding cursor- and focus-tracking to GNOME Shell's built-in Magnifier, so that users do not need to manually move the magnified region while working. Another is adding awareness of document structure and formatting to the Evince PDF reader and the Poppler library that powers it. This amounts to making rich-text features available to a screen reader, so that it could move between headings or simply announce structural markers and formatting, rather than reading the text in "flat" form. A third is adding accessibility features to WebKitGTK+, which is the HTML component used by the GNOME help system and which may be incorporated into future versions of the Evolution mail client. Finally, there are project maintenance tasks needing work, such as improving accessibility regression-testing tools, and fixing a list of outstanding GNOME 3 accessibility bugs.
Although that might sound like a long list, it still takes up only a fraction of the overall GNOME accessibility roadmap. GNOME Foundation Executive Director Karen Sandler said in an email that although the dates have slipped since the roadmap page was first written, its status information is current, and still reflects an up-to-date look at the project's accessibility progress.
Accessibility hackfest
One item from the roadmap will be the subject of an accessibility hackfest to be held at Igalia's offices in A Coruña, Spain from January 18-22, 2012: augmenting ATK and ensuring that it is consistent across toolkits and applications. ATK is a set of interfaces that toolkits implement to expose the contents of GUI components in a standardized way, thus allowing accessibility tools (like Orca) to read and manipulate them. Each GUI toolkit — GTK+, Clutter, Mozilla's Gecko, etc. — builds its own implementation of ATK. The trouble comes when they do not all implement ATK in exactly the same way, such as emitting different signals for the same event.
Orca maintainer Joanmarie Diggs, who is now an Igalia employee, said that this inconsistency is
Improving the ATK documentation so that it serves as a better guide for developers is one of the hackfest's primary goals. Developers from the GTK+, Qt, and Mozilla projects are already confirmed to attend. Qt, it should be noted, does not use ATK directly, but rather interfaces directly to the underlying Assistive Technology Service Provider Interface (AT-SPI).
The other side of the ATK-augmentation coin is seeing where it makes sense to extend the ATK API itself. The roadmap document lists several issues, including adding additional information to certain events and objects. Diggs gave three examples: selection, text attributes, and table cells. Currently, she explained, when an application changes the selected region (expanding it or shrinking it), ATK only informs the screen reader that the selection has changed, not what letters or words were added or de-selected. Similarly, document editors do not send formatting information (such as the "bold" or "italicized" state of text) to accessibility applications, which makes editing difficult. In both cases, she said, the application already has the information in question, it just needs a mechanism to send it via ATK. Finally, table cells have their own set of problems, starting with the fact that a cell cannot report its row-and-column position via ATK. Diggs is quick to point out that these issues do not constitute design flaws in ATK, but areas for improvement that have come out of several years of real-world use.
The list of topics for the hackfest also includes completing ATK's GObject introspection work, reviewing ATK usage in newer toolkits such as GNOME Shell's "ST" toolkit, and examining bindings for languages that do not use GType, such as C++ and Java.
Up next
During the FoG accessibility campaign, all one-time donations will be earmarked by the GNOME Foundation specifically for accessibility work, as will the first month of all new subscription plans. Sandler said that the campaign would not last for the full 2012 calendar year, although it does not currently have an end date announced. "We wanted to get it going now, though,
" she added, "so that folks can donate and see their tax deductions this year, if that applies to them.
"
The hackfest is open to any interested attendees; developers who plan on participating can add their names to the event's planning page on the GNOME wiki to indicate their intent. Although a schedule for the rest of the year has not been established, there is certainly no shortage of work needing attention. Accessibility improvements ultimately benefit all users; as Alan Coopersmith pointed out on the GNOME Marketing list, former "accessibility only" projects like speech recognition and on-screen keyboard technology are now indispensable parts of the mobile computing experience. But, even though everyone's eyesight will decline over the years with age, making software accessible today will obviously have a greater — more immediate — impact for those users who happen to have visual, auditory, or motor-control impairments.
Brief items
Quotes of the week
I'd even go further than this: I believe one of the goals of GNOME should be to emphasize vertical integration (i.e. considering integration of our stack, the GNOME OS a core objective), but encouraging multiple variables on top of this stack makes that much more complex. I think it is against our interest encouraging KDE and other desktop environments.
Amarok 2.5 released
Version 2.5 of the Amarok music player has been released. The headline features are GPodder.net podcast synchronization, a reworked USB mass storage module, and integration with the Amazon.com music store.JACK 1.9.8 released
Version 1.9.8 of the JACK audio connection kit has been released. It features much improved MIDI support and a lot of other improvements. Note that this is the JACK2 version of JACK, written in C++; it differs entirely from JACK1. There is currently a busy discussion on the JACK list about how these two versions might be reconciled into a single version, but there are not, yet, a whole lot of conclusions to report.Qt 4.8.0 released
Version 4.8.0 of the Qt toolkit has been announced. Significant changes include a new platform abstraction layer to make portability easier, threaded OpenGL support, multi-threaded HTTP, and a reworked (faster) filesystem I/O layer. Some more information can be found in this blog post.Razor-qt 0.4 released
Razor-qt is "an advanced, easy-to-use, and fast desktop environment based on Qt technologies. It has been tailored for users who value simplicity, speed, and intuitive interface." The 0.4 release is available; it adds a new application launcher, better removable media support, new configuration utilities, and more.
Newsletters and articles
Development newsletters from the last week
- Caml Weekly News (December 20)
- LibreOffice development summary (December 19)
- Perl Weekly (December 19)
- PostgreSQL Weekly News (December 18)
Blender 2.61 released with GPU based rendering and motion tracking (LGW)
Libre Graphics World has posted a video-heavy look at Blender 2.61 which, it says, is one of the most important Blender releases ever. "Top reason is, of course, Cycles, the new hardware accelerated rendering engine. Cycles can use both CUDA (preferred for NVidia) and OpenCL (naturally, AMD/ATI), but will work on CPU too. That imposes dramatic changes to workflows, even though Cycles is not quite complete yet."
Cracks in the Foundation (PHP Advent)
The 2011 PHP Advent site has an article by Gwynne Raskind on the challenges facing PHP and how they are being addressed. "PHP has always been an evolving, almost-organic language. It has been rewritten from the bottom up at least four times, with massive internal changes to the engine at least twice more. Through all these mutations, however, its external interface - the language itself - has remained quite similar for a long time. Nearly everything that can be pointed to as different between PHP 3 and PHP 5.4 is an addition or extension to the language, not a change in existing behavior. There are exceptions, such as the new object model, but by and large, a PHP coder looking at PHP 5 code will be able to make complete sense of PHP 3, and vice versa. All of these versions share one flaw: there is no single specification of the language!"
Page editor: Jonathan Corbet
Announcements
Brief items
Mozilla and Google sign a new deal
The Mozilla Foundation has announced that Google will continue to buy its position as the default Firefox search engine for the next three years. "The specific terms of this commercial agreement are subject to traditional confidentiality requirements, and we're not at liberty to disclose them."
IFOSSLR #5 available
The fifth issue of the International Free and Open Source Software Law Review has been published. Topics covered in this issue include interoperability, patent licensing, patents in Europe, licensing notices in web platforms, the past and future of Groklaw, and more.
Articles of interest
Apache: Open Letter to the Open Document Format Ecosystem
The Apache Software Foundation Blog is carrying an "open letter to the ODF ecosystem" meant to clarify the Foundation's plans for OpenOffice.org. "Our license and open development model is widely recognised as one of the best ways to ensure open standards, such as ODF, gain traction and adoption. Apache OpenOffice offers much more potential for OpenOffice.org than 'just' an end-user Microsoft Office replacement. We offer a vendor neutral space in which to collaborate whilst enabling third parties to pursue almost any for-profit or not-for-profit business model."
BT Sues Google for Patent Infringements (Wired)
Wired covers the latest entrant into the wireless lawsuit game: BT. "An example patent is 'Service provision system for communications networks,' which BT was awarded in the 1990s. It essentially boils down to an app figuring out whether a phone is connected to the web via Wi-Fi or 3G, and choosing to stream at a different bandwidth. Google infringes this in Google Music and the Android Market, BT alleges." Yes, this is the same BT that once claimed to have patented the hyperlink.
Yo Amazon: Please don't hijack the web on Kindle Fire (GigaOm)
GigaOm discovers the value of free platforms the hard way while playing with a Kindle Fire. "When trying to browse the Google Android Market website in the Fire's web browser, the device instead opens up Amazon's Kindle Fire application store. Since the Fire doesn't officially have access to the Android Market, I can understand the device highlighting its own app store. But to specifically hijack a browser URL and redirect it is disturbing and sets an ugly precedent."
New Books
Pragmatic Guide to Sass--New from Pragmatic Bookshelf
Pragmatic Bookshelf has released "Pragmatic Guide to Sass" by Hampton Catlin and Michael Lintorn Catlin.
Calls for Presentations
Android Open Starts Call for Proposals
Android Open will take place April 5-6, 2012 in San Francisco, California. "While our fall event is for the entire Android ecosystem (development, business, and marketing), this spring event is a more focused technical conference for developers. The Android world moves too quickly to wait a whole year between conferences." Proposals are due January 23.
OSCON 2012 Opens Call for Proposals
The O'Reilly Open Source Convention (OSCON) will take place July 16-20, 2012 in Portland, Oregon. Proposals are due by January 12.
Upcoming Events
Announcing FUDCon LATAM 2012 in Venezuela
The 2012 Latin American FUDCon (Fedora Users and Developers Conference) will be held in Margarita Island, Venezuela. Further details will be announced later. Bids are open for the 2012 editions of FUDCon EMEA and FUDCon APAC.Events: December 22, 2011 to February 20, 2012
The following event listing is taken from the LWN.net Calendar.
| Date(s) | Event | Location |
|---|---|---|
| December 27 December 30 |
28th Chaos Communication Congress | Berlin, Germany |
| January 12 January 13 |
Open Source World Conference 2012 | Granada, Spain |
| January 13 January 15 |
Fedora User and Developer Conference, North America | Blacksburg, VA, USA |
| January 16 January 20 |
linux.conf.au 2012 | Ballarat, Australia |
| January 20 January 22 |
Wikipedia & MediaWiki hackathon & workshops | San Francisco, CA, USA |
| January 20 January 22 |
SCALE 10x - Southern California Linux Expo | Los Angeles, CA, USA |
| January 27 January 29 |
DebianMed Meeting Southport2012 | Southport, UK |
| January 31 February 2 |
Ubuntu Developer Week | #ubuntu-classroom, irc.freenode.net |
| February 4 February 5 |
Free and Open Source Developers Meeting | Brussels, Belgium |
| February 6 February 10 |
Linux on ARM: Linaro Connect Q1.12 | San Francisco, CA, USA |
| February 7 February 8 |
Open Source Now 2012 | Geneva, Switzerland |
| February 10 February 12 |
Linux Vacation / Eastern Europe Winter session 2012 | Minsk, Belarus |
| February 10 February 12 |
Skolelinux/Debian Edu developer gathering | Oslo, Norway |
| February 13 February 14 |
Android Builder's Summit | Redwood Shores, CA, USA |
| February 15 February 17 |
2012 Embedded Linux Conference | Redwood Shores, CA, USA |
| February 16 February 17 |
Embedded Technology Conference 2012 | San José, Costa Rica |
| February 17 February 18 |
Red Hat, Fedora, JBoss Developer Conference | Brno, Czech Republic |
If your event does not appear here, please tell us about it.
Page editor: Rebecca Sobol