fidzu : Linux

ZDNet: "Exploit code for the flaw, which allows the insertion of malicious DNS records into the cache of the target nameserver, has been added to Metasploit, a freely distributed attack/pen-testing tool."

24 Jul 2008 12:32am GMT

Network World: "I've now been writing about SCO for five years -- how time does fly when you have someone to despise. In my first column about SCO's decision go into the lawsuit business rather than having to do all the hard work of making a product that someone might want to buy, I thought that someone would just buy the slime off. I was wrong -- I guess there is some truth to the punch line of the old joke that "there are just some things a lawyer won't do." I guess IBM's lawyers could not stomach the idea of rewarding such repulsive behavior."

24 Jul 2008 12:03am GMT

LinuxInsider: "Although Dan Kaminsky -- the security researcher who discovered the massive DNS flaw widely reported two weeks ago -- asked the security community not to reveal details about the vulnerability for 30 days, a reverse engineering expert posted a theory about it on his blog. Later, the security firm Matasano confirmed the hypothesis, only to later apologize for doing so."

23 Jul 2008 11:15pm GMT

Linux.com: "...a one-liner is a set of commands normally joined through a pipe (|). When joined by a pipe, the command on the left passes its output to the command on the right. Simple or complex, you can get useful results from a single line at the bash command prompt."

23 Jul 2008 10:45pm GMT

Blog of Helios: "As far as the events for Lindependence in Felton go, Saturday's event might be Lindependence's last event before the formation of a LUG and an on-the-ground GNU/Linux presence in the area, but the spirit of Lindependence and movement itself are currently snowballing into something that will be felt in these parts, and happening at a rate faster than I had expected."

23 Jul 2008 10:00pm GMT

InternetNews: "The biggest conclusion of the EnterpriseDB open source database study is that PostgreSQL is the open source database of choice for transactional applications. Not a surprising conclusion given that EnterpriseDB is a sponsor of the PostgreSQL project and has its own supported distributions of it."

23 Jul 2008 9:45pm GMT

PCPro: ""Blogger accounts for around 2% of malware," according to Sophos's senior technology consultant, Graham Cluley. "It's head and shoulders above the rest [of the blogging services].""

23 Jul 2008 9:17pm GMT

O'Reilly News: "For those not familiar with Vector Linux it's a decade old distribution based on Slackware that provides many of the user friendly tools and features offered by the largest and most popular distributions. I've often compared the Standard edition to Xubuntu with it's relatively lightweight Xfce default desktop while the SOHO (Small Office, Home Office) edition is comparable to Kubuntu, with a fully integrated KDE desktop."

23 Jul 2008 9:00pm GMT

After some before-sleep-reading (this time DNS RFC specifications) I found, that DNS protocol is so much extensible, that is can perfectly cover not only its area, but also help in really lots of close problems. It already has (though completely unused) many interesting RRs and types, which have nothing to deal with DNS (like NULL RR, which allows to transmit binary data or TXT RR, which also is not related to DNS area). And the most popular RRs are A, PTR, SOA CNAME and MX. That's all from about 20 others. The same applies to (q)type and class (I first time read about Hesiod class for example). And DNS allows to introduce own classes, types and resource records.
It is just not used, but we could create distributed DNS system with new types. It would be really simple (and actually it can be done even without new DNS extensions).
But it is not actually needed, since people are used to have DNS just like it is.

Another example is internet video. There is de-facto Adobe standard, no matter what W3C will put into its new standard, everyone will continue to use existing one. Just because it works ok. Not excellent or perfect or whatever, it just works how we used to know.

And there are lots and lots similar examples.

People are so much intert in this questions (although I think in most areas, just because it is convenient not to do something better, when existing solution just works, even if not perfectly and even if not good), that no one will ever bother to change something dramatically, because it will not only require huge amount of money, but also changes in the way people used to think about given area, which is likely even more complex (and money-hungry) problem.

All this talk is about simple thing, I just opened for myself: when you created something completely new, even if it is not the best solution for given problem, if you will start pushing it to wide audience to be used, then you are able to get all 'the market'. That's why when you have something new on the market, where most of the users already used to work with one or another solution, (and even if your project is potentially very good and definitely much better than existing solutions) then there will not be any major gain, only single links to the completely new users.
This is probably told to the first year MBA students, but I was quite excited and dissapointed by this issue: the first new idea, when properly presented even if not the best solution for given problem, can get all the users, after which they will not switch to the new one just because they used to have it this way. Comments (0)

23 Jul 2008 9:00pm GMT

The VAR Guy: "Mark Shuttleworth, founder of Canonical and Ubuntu, delivered the keynote address at OSCON this evening. Here's a recap of his presentation, which explored how free software can drive innovation - and how the Linux desktop has to become a piece of art that leapfrogs Apple within two years."

23 Jul 2008 8:15pm GMT

IBM Developerworks: "Trick 4: Getting back the root password You forgot your root password. Nice work. Now you'll just have to reinstall the entire machine. Sadly enough, I've seen more than a few people do this. But it's surprisingly easy to get on the machine and change the password. This doesn't work in all cases (like if you made a GRUB password and forgot that too), but here's how you do it in a normal case with a Cent OS Linux example."

23 Jul 2008 7:45pm GMT

Practical Technology: "KACE, a systems management appliance company, announced that their recent survey of IT administrators showed that 60 percent of them have no plans to deploy Vista. That's almost 10% more turning their backs on Vista then in KACE's last survey in November 2007."

23 Jul 2008 7:32pm GMT

LWN: "But the value of the mainline repository for development would appear to be less than it once was. The mainline is no longer where the action is."

23 Jul 2008 6:45pm GMT

Tectonic: ""Their time is stretched perilously thin … we in the Fedora community can therefore have a huge, direct, and immediate impact on the success of the OLPC project.""

23 Jul 2008 6:00pm GMT

Ubuntu Snippets "Optimize ubuntu boot sequence by profiling it...This one time special boot may take more time than ordinary boot. But during this boot ubuntu monitors file usage and preloads those files during subsequent boots."

23 Jul 2008 5:15pm GMT

O'Reilly News: "At OSCON: Pia Waugh, President of Software Freedom International; Jim Zemlin: The Mysterious Work of the Linux Foundation; Larry Wall: Open Source as a Parenting Experience"

23 Jul 2008 5:00pm GMT

The SELinux Developer Summit went pretty well yesterday. It was a long day: 10 hours of talks and discussions with about forty developers attending.

I've just uploaded slides from the talks, which may be found next to their respective entries in the schedule.

Some of the talks I found particularly useful/interesting:

• 
  
• Josh Brindle on SELinux in Ubuntu. They're making good progress, although the idea of SELinux is to introduce ubiquitous, generalized MAC security, so he is advocating they enable SELinux by default as is done in Fedora, and as you typically do with other OS security layers.
• 
  
• John Weeks from Sun talking about OpenSolaris FMAC (introducing Flask/TE to their OS). It was interesting to see a dtrace graph of the AVC operating-a kernel mechanism for which I've developed an abstract mental model but never "seen".
• 
  
• Dan Walsh Talking about his ongoing work in utilizing SELinux to create practical security features for everyday users.
  
  
  
  The above is from a demonstration where nsplugin (the framework for Firefox plugins, i.e. where flash etc. is run) is being sandboxed by SELinux, so that a flawed or malicious plugin cannot be used to snoop your keystrokes. In this case, a simulated (and trivial) exploit was blocked from capturing internet banking passwords by SELinux.
  
  Btw, Dan will be demonstrating this today during his OLS talk on Confining the User. There's a lot of really cool stuff coming in this area & the talk should be well worth attending.
• 
  
  
• Karl MacMillan on alternatives to comprehensive least-privilege, where he described some ideas and plans for simplifying the way SELinux policy is deployed for general purpose use. He has some really promising ideas on reducing the granularity of the policy while still maintaining strong security. This can lead to simpler and smaller policy, which is important for all kinds of users.
• 
  
• Peter White talked about two higher-level languages being developed to express SELinux policy, Lobster and Shrimp, which will introduce features such as type checking and object orientation to the policy language area. Peter is a Haskell guy, and it all looks very promising.
• 
  

***



Yuichi Nakamura talking about embedded systems and SELinux.

The format worked reasonably well-a series of short talks and discussions-although it would have been nicer to have a more relaxed schedule and more time for deep discussions on specific issues. There's already been discussion of what to do next year, and we may move it to a two-day event. Certainly, I think we'll want to have it again in conjunction with a major developer conference, which makes it a good environment for collaboration with the wider FOSS community.

For those that couldn't make it this year, I believe notes were taken and will be sent out to the mailing list. There are more photos here.

23 Jul 2008 1:13pm GMT

The Patent and Trademark Office has now made clear that its newly developed position on patentable subject matter will invalidate many and perhaps most software patents, including pioneering patent claims to such innovators as Google, Inc. In a series of cases including In re Nuijten, In re Comiskey and In re Bilski, the Patent and Trademark Office has argued in favor of imposing new restrictions on the scope of patentable subject matter set forth by Congress in § 101 of the Patent Act.

23 Jul 2008 10:57am GMT

Intel released a new version of its Linux-compatible, open source library for multi-core C++ development. Version 2.1 of Intel Threading Building Blocks (TBB) offers performance improvements, adds a portable affinity mechanism, and improves the task scheduler to ease development for GUIs, network I/O, and artificial intelligence, says Intel.

23 Jul 2008 10:10am GMT

After nearly a decade of active involvement in open source, IBM's commitment to Linux is broad and deep, said Inna Kuznetsova, the director of IBM Linux strategy. This vision of IBM's rapport with Linux is shared by most, but not all, IBM observers.

23 Jul 2008 9:23am GMT

For years I have envied how easy my Windows- and Mac-based peers had it when traveling with their laptops. They connect to hotspots with ease, get online while I was still logging into root and running some tools. It just wasn’t fair. I wanted an integrated easy-to-use tool that did not require bringing up a shell or logging into root.

23 Jul 2008 8:35am GMT

Details about the massive Domain Name System flaw revealed less than two weeks ago were made public on the Internet Monday. Halvar Flake, a reverse engineering expert, posted a hypothetical theory about the vulnerability on his blog. A few hours later, a researcher at Matasano Security who knew the specifics about the bug posted a response to Flake's blog, confirming his hypothesis.

23 Jul 2008 7:34am GMT

Networks don't work without addresses: Whenever you are sending something, you need to specify where it should go and where it came from. To be an effective network engineer or administrator, you need to understand IP addresses backward and forward: you need to be able to think on your feet.

23 Jul 2008 6:46am GMT

So there's an ongoing tension between small projects interested in using OLPCs and the guys over at 1CC who are too busy to really deal with a ton of small orders, regardless of the value of the particular cause, the built-in support it may already have, or any other warm, fuzzy reason.

23 Jul 2008 5:59am GMT

How's this for ironic: Microsoft is actually spending some sponsorship dollars here at OSCON (Open Source Conference) 2008, but Apple is stealing the show without spending a dime. Here's how, according to The VAR Guy.

23 Jul 2008 5:12am GMT

I've read past reviews by other reviewers describing Vector Linux as "better Slackware than Slackware" or "what Slackware should be" and I always felt that was a bit of a stretch. With this release it isn't. You get all the reliability and stability of Slackware, better performance than vanilla Slack (at least on my hardware) and the features and most of the conveniences users of distributions touted as user friendly have come to expect. Vector Linux still has some shortcomings but I have yet to find a distribution that doesn't.

23 Jul 2008 4:33am GMT

We are coming down to the last week for JTC1 to decide on whether to hear the four NB appeals concerning various claimed errors in the processing of DIS 29500 (OOXML), or whether summarily to dismiss these appeals without hearing them. The decision lies with two committees, the Technical Management Board (TMB) in ISO and the Standards Management Board (SMB) in the IEC.

23 Jul 2008 4:01am GMT

I am on the DrWeil.com newsletter listâ??and it isn't because he looks like me. It actually has some useful information. But, like most newsletters, it has ads. Sometimes the ads are useful as well. Today's ad was for a non-medical device that will lower blood pressure. I have friends with high blood pressure so I decided it was worth a look. It was as it convinced me that a Linux geek needs to build an Open Source product for those that don't have expensive medical insurance that will pay for overpriced gadgets.

23 Jul 2008 2:43am GMT

Books, CDs, flashcards, classes -- there are a lot of tools to help you learn a foreign language. If you spend much of your time near a computer, software may be one of the better options. Ian McIntosh's Amigo is a friendly language utility for the Linux user, notable for how well it integrates into the desktop. There are several flashcard-like vocabulary training applications for Linux, both for KDE and for GNOME. They are undeniably useful, but they also require a dedicated study session. Where Amigo differs is that it runs in the background while you do other things.

23 Jul 2008 1:46am GMT

A Silicon Valley startup called CherryPal announced a two-Watt, $250 ultra-mini PC that runs Debian Linux. Based on a 400MHz PowerPC-based system-on-chip (SoC) from Freescale, the solid-state CherryPal C100 Desktop offers managed "cloud" computing paid for by advertising rather than a monthly fee.

23 Jul 2008 12:49am GMT

Canonical, Ubuntu's commercial sponsor, next week plans a major update to its massive code hosting and project management platform Launchpad. Version 2.0 will introduce improved support for third-party application lifecycle tools used to find, report and fix bugs in Ubuntu - plus the applications and 6,000 projects in the ecosystem around it. Canonical has been talking up the new service at the O'Reilly Open Source Convention (OSCON).

23 Jul 2008 12:15am GMT

Mississauga, Ontario-based Koolu Inc. has agreed to distribute OpenMoko's Linux-based Neo FreeRunner in the Americas, the U.K., and the European Union. Koolu is distributing the FreeRunner under the name W.E. Phone, and is bundling it with Google Apps.

22 Jul 2008 11:18pm GMT

The first two days of O'Reilly's Open Source Convention (OSCON) are dominated by technical tutorials, but there are sessions that buck the trend. Monday's most interesting event was Participate 08, a panel discussion sponsored by Microsoft. Panelists debated the meaning of the buzzword "openness" as it applies to source code, services, data, and business models.

22 Jul 2008 10:21pm GMT

Since I'm quite busy with VISA/hotel/tickets and overall preparations for Kernel Summit, there is no development progress, but it should be completed very soon I think, and so I will write here some design notes I have in mind about how POHMELFS server will be designed. It is not a finished draft, but somewhat a rough direction paint.

POHMELFS will utilize distributed hash table approach, i.e. storage will support ability to get an obect based on some key attached to it. In a local filessytem we already work with hash table: directory lookup is no more than lookup for inode object based on its name, i.e. lookup for the value based on attached key. And although key in this case is not created based on object itself (like hash of the content or some other function), it still is a (turn on your imagination here) table lookup.

Cloud of POHMELFS servers will utilize similar approach. Consider a single server in the system. When it joins the cloud (I ommit this proccess for now, and will describe it below) first time, it is empty, so it gets some unique id, either via administrator steps or randomly, or it just waits in the queue to be filled with new data, so it will get id at that time, it does not matter for now how it gets its id, but this id is propagated to some cloud of its neighbours (or if it would be a bittorrent or napster to the main server).
There are two ideas on how to treat this ID: either as a part of the filename, or as a nameless pointer in the abstract namespace, I will show below that actually it does not matter.

Now, let's check what will happen when user wants to perform some IO on given file.
Every file access actually happen to inode, stored on disk. In our case it can be stored somewhere we do not know yet where, so we need to perform a lookup to get address of the node in cluster which contains our data. In existing schemas like bittorrent or Lustre there is a server (or small cloud of servers) which contain mapping information about where this or that object is placed in data cloud, so simple lookup to this server(s) return needed info. This approach does not scale to really lots of nodes and is failure-prone.
Instead I consider completely distributed metadata storage. Let's check how system will lookup the whole path in our case.

Each path starts from the root directory, which is '/', which in turn is a id in the global namespace (or hash from this string or whatever else mapping), so we first need to lookup a node, which is responsible to content of this directory. Each node contains routes only to the very limited set neighbour nodes (in various designs this number varys, but idea lays in the fact, that node, performing lookup, does not know which node contains needed info). Gnutella system just broadcasted this lookup request to all of its neighbours, so each one broadcasted it to its neighbours and so on until one of the system replied, that it contains needed info. Amount of unneded broadcasts killed Gnutella next day after Napster was closed.
So, this approach does not scale, and instead we need to map needed directory into node address in a more intelligent way. There are at least two the most appealing design choices: ring-based structure implemted in CHORD and multidimensional torus implemented in CAN.
Right now it does not matter, let's assume that we found a node, which has information about content of the needed directory. When we have that data, we can find next node (or this info can be cached on 'parent' directory node) and so on until get node, which is resposible for storing content of the needed object.

When new node joins the cloud it connects to one or another known node (provided either in public service or by administrator) and sends there information about its available space, gets ID and just waits until some client connects to it and start writing a data.
When node joins with some content, which was written to it by the system before, or written by local users bypassing distributed mechanism, node has to tell this information to the node, which holds parent directory. This information should be stored in each directory it exports, or it can be provided by administrator, for example this node exports dir '/zbr' which is actually a subdir of '/home', so node will lookup '/home' directory content owner and update its records, that now it contains new dir. There is a problem here: what if there is already another node, which also claims to have dir '/zbr' in '/home'? This can be handled via attached to each object extended attribute, which will tell us the last modification date, so system can select either the last modified '/zbr' dir or that node, which contains dir with the biggest number of the same replicas. It can be setup by administrator.

Main advantage of this joining scheme is the fact, that we actually do not need to know content of any object in the exported directory, we publish only high-level object, which may or may not contain some inner file or dir. Thus we do not need to hash millions of files in the exported directory and publish them one by one, we do not need to store information about each inner object, no need attach full path to each object and so on.

When we will decide to split the same object between multiple node, we will need to introduce not only name based lookup, but also extend it to the offset inside the object. This can be done by introducing ssytem wide 'block size', so each file is actually set of blocks of given size, so when we found a node, resposible for storing information about directory, where it is located, this node can also contain information where each part of the object was stored.

Looks quite simple, but... Devil is in the details.
I obviously missed some bits in the design (and I created it in mind during talk being under 'impression' of the greece spirit while talking with asm@, who suggested to look at Kademlia project), like redundancy management of the nodes, splitting of the node content between multiple nodes and other bits, but it is one of the first drafts, so things can be changed if needed.

Stay tuned, I will be very soon back to development process (DST first :), since paper work for kernel summit travel seems to reach its end. Comments (0)

22 Jul 2008 10:00pm GMT

As of August 18, I will be Red Hat's newest file systems developer! I'm working part-time for Ric Wheeler (if you don't know Ric yet, you're missing out). Possible projects, depending on what is most useful to Red Hat's customers:

* Merge e2fsck parallelization work. I wrote this on contract for Ric Wheeler when he was at EMC, but larger economic realities forced the end of this contract before it was quite done. Ted T'so is the ultimate arbiter, of course, but I think it just needs a little touching-up before it's mergable as a non-default option. The technique I use, which can be described as active buffer cache management, could replace DIO/AIO for several applications with a little OS support.

* General ext4 work. ext4 is very close to shipping, but I hope to be at Red Hat for the final frenzy of touch-ups before Red Hat puts it in a release.

* Improve btrfs check and repair. Btrfs already has a rudimentary file system checker, but I'd like to implement incremental online check and repair, my personal holy grail.

Things I won't be working on:

* Chunkfs. Chunkfs is a particular instance of the general repair-driven file system design principles I've been advocating. I wrote a prototype, both to convince myself that it would work and to give a concrete example for other file systems developers, but the experience convinced me that you really need to build these features in from the very beginning. If btrfs wasn't on the horizon, the layered file system approach might be worth implementing. I do need to write up a summary of what I learned working on chunkfs and in particular collect in one place the various measurements I made showing that the idea will work.

* GFS2, cachefs, NFS, etc. I'm just not that into network file systems.

And I have to admit, for all that I thought I was a blasé and worldly kernel developer, I am a little excited about the idea of working for Red Hat in and of itself. Back when I was making 6 floppies' worth of drivers so I could install Red Hat, I would have laughed if you'd told me I would actually work for Red Hat someday.

FAQ:

Q: I thought you hated having a real job. Why stop consulting?

A: Honestly? The number one reason is that health insurance is impossible to get in the U.S. if you're an independent consultant. Europeans, Australians, and other residents of sane countries are permitted to feel smug at this point.

Q: Why part-time?

A: I want time to work on my writing - science writing, most likely. Expect more regular articles in LWN.

Q: But distro work sucks, you're going to hate it. Packaging, bug fixes, support, etc...

A: Actually, I was a one-woman distro back in 2001-2002, doing a Yellow Dog-derived distro for a small embedded company. I liked it, and I did everything - customer support, building RPMs, burning CDs, and fixing installer bugs, in addition to actually writing kernel code. I only left because no one there knew more than me about operating systems (and I didn't know very much about operating systems).

Q: So, would you recommend consulting?

A: I'd recommend it for paranoid, ambitious, meticulous, compulsive people with a wide variety of interests and the ability to put with a lot of annoying extraneous crap. It can be pretty awesome - I write this overlooking the ocean in Hawaii - but it's a hell of a lot of work, at least in the beginning.

22 Jul 2008 7:56pm GMT

Will the vblank-rework branch ever be ready to merge upstream? With some recent work by Michel and myself, I really hope so.

It's a little distressing that such a simple thing could cause so much trouble. The motivation for reworking vblank in the DRM branch was easy enough: save CPU power by turning off interrupts when possible. Not interrupting the CPU lets it sleep deeper and longer, potentially saving quite a bit of power. Getting rid of the 60 or so vertical blank event interrupts per second when they weren't needed seemed like a logical first step, and so vblank-rework was born.

Being a good citizen in Linux land often means improving whole subsystems rather than stuffing a bunch of fancy features into individual drivers. Working that way can be harder, but it spreads the benefits wider, and improves Linux as a whole. So my efforts in the vblank-rework branch targetting the generic DRM vblank code, improving the driver APIs and making sure that all drivers could benefit from the new infrastructure, allowing them to disable interrupts when not needed. However, that's where the "harder" part comes in: every driver needed an update. At first I thought, "Hey this is a neat, new set of APIs, surely everyone will want to use them, I'll just convert the i915 driver (after some initial work on a radeon based laptop).". Unfortunately, the DRM drivers are in dire need of attention, so after several months of waiting I ended up converting all the drivers myself, though only a few like radeon and i915 actually implement the API fully enough to disable interrupts.

So far, so good. I figured everything was fine and the shiny new branch was ready, so I merged it into the master DRM branch in preparation for an upstream push. Then tragedy struck: Michel's sharp eyes and testing discovered a potentially fatal bug. While many GPUs provide a frame count register we can use to keep the vblank count accurate (necessary since OpenGL extensions expose an absolute count to applications for some reason), they're typically only updated at the leading edge of vactive. This means that your application may wakeup at vactive time instead of vblank time, causing ugly tearing; exactly what you'd like to avoid! After a bit of back and forth and a couple of false starts (trying to work around the problem with solutions that turned out to be racy), we decided to go back to using the atomic counter (which is only updated at interrupt time) for wakeups, rather than the hw register, using the latter for keeping the counter accurate across interrupt disable periods.

Which brings us to last week. I hacked up the scheme described above and started testing. As I found and fixed bugs (well actually Michel probably found most of them), I discovered that the API could actually be simplified a bit, and some of the code to compensate for corner cases was no longer necessary, so both the wraparound compensation logic in the pre/post modeset ioctl and the funky accounting we tried to do there could be removed. The result, I hope, is ready for upstream finally.

So where does that leave us, API-wise? Well, on the userland front we have a new ioctl, DRM_IOCTL_MODESET_CTL, with _DRM_PRE_MODESET and _DRM_POST_MODESET arguments. It should be called with _DRM_PRE_MODESET in userland drivers prior to any activity that resets the hw frame counter (typically mode setting). When the mode set completes, it should be called again with _DRM_POST_MODESET. These calls tell the kernel to account for any lost events so that the vblank count exposed to applications can stay accurate.

On the driver front, there are a few different calls and callbacks:

• drm_vblank_get - increase the refcount on the vblank counter

  This call just tells the core code that the caller is actively using the vblank counter for something, e.g. scheduled buffer swaps or a blocking vblank wait call.

• drm_vblank_put - decrease the refcount

  Tell the core you're done with the vblank counter. When the refcount reaches 0, the kernel knows it can disable the interrupt at some point in the future.

• drm_vblank_init - initialize the core vblank code

  Should be called at driver load time or IRQ init ioctl time to init the core.

• driver.get_vblank_counter - return the current hw frame count

  Used by the core code to keep the count accurate across interrupt enable/disable periods.

• driver.enable_vblank - enable vblank interrupts on a given CRTC

  Used by the core to enable interrupts when the refcount increases.

• driver.disable_vblank - disable vblank interrupts on a given CRTC

  Used by the core to disable interrupts after a timeout period if the refcount is 0.

With a few simple changes, a given DRM driver can support the new scheme to save power. If you find bugs or have issues with the new APIs, let me know and/or file a bug at bugs.freedesktop.org.

22 Jul 2008 7:29pm GMT

OK, so Dave Miller's pending deletion I can understand; if you didn't know how key he was, the article itself lacks references and is lacks detail (compare it with Andrew Tridgell's page. (At least he noticed; when I was deleted last time I didn't know).

But then I find out that the article on OLS was deleted back in February. Huh? This is the major Linux conference in the world. Some would argue that it's a bit faded at the edged these days, but none of the crop of contenders can genuinely claim that crown. I know conferences don't generally get pages as sexy as humans do, but still...

22 Jul 2008 1:06pm GMT

I've just arrived in Canada for Ottawa Linux Symposium 2008. After my last visit to OLS in 2005, there were two years of intensive work that prevented me from attending the event. Last year I actually had to cancel an already accepted paper submission :(

In Year 01 post OpenMoko, I have time to visit OLS again. Unfortunately no company to pay for my travel expenses this time, but well, what can you do. Due to scheduling issues with a family celebration, I didn't know until very recently that I would be able to make it this year. Thus I happily forwarded the invitation to talk about OpenMoko to Werner. I was surprised that it's now actually one of the keynotes. Looking forward to it :)

There have been many rumors that OLS is not like what it used to be. Maybe I'm now in a good position to make up my mind about it, since I've missed two years and will be able to directly compare my memories from before with the current event.

22 Jul 2008 2:00am GMT

I just finished porting a Windows driver (actually 3) to use the MinGW build environment.

Due to the Windows Device Driver Kit (DDK) being under a somewhat opaque license, we could not get legal clearance to release binaries of our GPLed code compiled with the DDK. This was bad because I, being the open-source kinda guy I am, had based my work on a pretty substantial GPLed codebase. *Surely* the DDK license couldn't be so restrictive to prevent all binaries bsed on GPL source! Well maybe it is and maybe it isn't. When it's not clear, legal says no.

Not good. It looked like we were going to have to somehow pull out the work I had done and rewrite the rest of the code from scratch to be GPL-free so we could release binaries legally following the DDK's EULA.

It was in the process of estimating the work involved that I happened to talk to Jamey Sharp at a local Linux beering. We were each talking about our work and it turned out that he was in the same boat as me, a Linux dev who through some strange quirk was working on Windows drivers. But he wasn't using the DDK, he was using MinGW, which is a port of GCC to compile Windows binaries.

Sometime later he was kind enough to come over and show me his setup and makefile, and sure enough it worked. So, we *could* use the GPLed code if we just distributed DDK-free binaries.

Once on that path, it still did take me a while to get the driver building. One nice thing about trying to get a different build env going is that you have something that works (although you can't distribute it :)

I got it compiling by modifying the driver to have function definitions etc. that MinGW lacked. But it wouldn't link. Sigh. I was using functions that were not in MinGW's import libraries, and could not get around this by fudging it in my driver; I had to fix MinGW. This is a big fear of mine every time I use a piece of open-source software -- if your code has a Foo dependency and Foo is broken, you pretty much have to be willing to start hacking Foo if you want it fixed. (Sure you can file a bug, but obviously nobody cares about your bug except you or it would be fixed, right?)

Once I dived into MinGW (actually w32api) it was straightforward to fix. Many of my changes to get the driver compiling actually belonged in the MinGW header. There were also functions omitted from the import libraries. (Import libs tell the linker how to link to the actual shared libraries that will be present at runtime.) These were defined in .DEF files, and all it needed to know was for each function, how many bytes were its arguments? Easy, once I knew what to do. (Nothing hard, just if one doesn't do this thing regularly, you forget how it all fits together.)

So for anyone who wants to write Windows kernel code without the DDK, it can be done. Some tips:

• Debian/Ubuntu includes mingw cross-compiler
• Don't use KMDF/WDF, MinGW doesn't support it
  
• Sprinkle all callback functions with DDKAPI, so they use stdcall calling method (the compiler will complain, makes it easy.) including DriverEntry().
  
• Add -DDBG to enable KdPrint()s
  
• Inline asm will need to be rewritten
  
• Recent GCC doesn't have __FUNCTION__, and DDK doesn't have __func__, so plan on wrapping with your own macros for tracing and handling this difference based on #ifdef __MINGW32__. I'm a big fan of gcc's preprocessor, the variable-argument macros are pretty nice.
  
• WinDBG needs .pdb files to set breakpoints and step through code, MinGW doesn't generate these, so KdPrint() is your friend
• You can't link with libc yet sometimes you need snprintf. I pulled in Linux's snprintf code to fill this gap, yay GPL!
• MinGW is 32-bit only right now. For 64-bit binaries, plan on becoming a serious MinGW contributor for a while!
• Here's how my makefile build cmd ended up: i586-mingw32msvc-gcc $(CFLAGS) -o $@ -shared -Wl,--entry,_DriverEntry@8 -nostartfiles -nostdlib $^ -lntoskrnl -lhal -lndis
• For reference, see the Xen GPLPV repo. More help is always welcome.
  

Hopefully this blog post will contain enough keywords to be helpful to someone in the future :-)

22 Jul 2008 1:07am GMT

No, it is not parts of the body I know (half of it I looked in the dictionary), it is what is being aching right now.

Its called football.

Yes, sounds a bit scary, but that was hell the super game today. We were much stronger, but I have to admit, that mostly because we get a right transfer decision and selected right players at the beginning, so our previous team was strengthenen. I managed to make a goal, couple of nice saves and even make quite technical outplay sometimes, which was quite surprisingly, since I did not play football for 5 years.
I would not say I'm getting into the shape, but have a progress. Comments (0)

21 Jul 2008 10:00pm GMT

Emma Jane Hogbin gave a presentation on the gender gap in free software at Lugradio Live this weekend. One of the central messages was that a great deal of how to avoid putting women off computing can be distilled down to "Don't be a dick". This ties in well with Mako's restatement of the Ubuntu code of conduct as "Be excellent to each other" (a wonderful phrasing which demonstrates that Bill and Ted's Excellent Adventure is the most philosophically worthwhile film that Keanu Reeves has ever appeared in, and certainly not The fucking Matrix) and led to my 5 minute rant on why I hate the Linux community slightly later in the day, but does leave a certain problem. What standards are used to define whether given behaviour is dickish or not? The comments here show that there's disagreement even within a single sub-community of the larger free software world. Ben suggests that the reaction to perceived inappropriate behaviour is perhaps even more discouraging than the original behaviour, suggesting that bitching about things that offend you is dickish behaviour in and of itself. How do we decide whether someone is being a dick or helping the community? Is lack of tolerance a form of exclusionary behaviour?

This topic is actually one of the issues discussed in the Geek Social Fallacies, but here's a nice easy example. Would tolerating planet posts encouraging the eradication of the Jewish population be inclusive or exclusive? I suspect that most people would agree that it wouldn't be acceptable behaviour, which leads us to the next question. Why? There's two obvious arguments here. The first is that at a community level we have some form of rough moral consensus that advocating genocide is Just Wrong, and so criticising Nazis is obviously the right thing to do. The second argument is more pragmatic than philosophical - alienating millions of people in order to avoid alienating hate groups could be considered to reduce our potential contributor base in an unfortunate way.

I'm a fan of the second argument. The example I gave is emotive and relatively recent history has resulted in people tending to be pretty uniform in considering genocide to be a bad thing, but many other cases aren't clear cut. What I consider to be objectification of women is seen by others as appreciation of natural beauty. What I think of as sexist jokes are perceived by others as acceptable humour. When I advocate intolerance of certain behaviour, people are going to see me not having enough tolerance. So we end up in a situation where people make the "We should all just get along and be tolerant of each other" argument, which sounds fine but is fundamentally flawed in one significant way.

Advocating tolerance excludes the intolerant.

The reason people fail to see this is that it doesn't sound like a flaw. If you ask people whether we need to support intolerance, the immediate answer is probably no. But by advocating exclusion of intolerance, you're excluding all those who have good reasons to be intolerant. You're excluding the women who don't want to feel that the community sees them as a pair of breasts attached to some legs. You're excluding the ethnic groups who would prefer to avoid racist slurs or ethnic stereotyping. Telling anti-fascism protestors that they're being intolerant isn't likely to endear you to them. Advocating tolerance is telling the intolerant that they're wrong and should just deal with whatever it is that makes them unhappy.

So, ironically, tolerating certain types of intolerance is probably required in order to avoid alienating many potential contributors. That means some way of deciding what kinds of behaviour are acceptable and which are unacceptable. In the absence of either pre-existing community consensus or some philosophical breakthrough that allows unambiguous determination of the "rightness" of a given action, I'm going to suggest that we look at it from a pragmatic viewpoint. How many potential contributors do we discourage by criticising a certain type of behaviour? How many do we discourage by tolerating it?

The fallacy of the completely inclusive community is the idea that it includes everyone. The reality is that a certain level of social exclusion is required in order to include a wider range of people. So don't criticise people purely for criticising someone else's behaviour - make an argument for why that behaviour benefits the community. And when you see behaviour that you think discourages others, call people on it. Even if nobody's behaviour changes as a result, you're sending a signal that not everyone in the community agrees. Sometimes all people want is to know that there'll be some people on their side.

But, above all, try not to be a dick.

21 Jul 2008 12:35pm GMT

Aparently there is a pending deletion tag on the wikipedia article about me, which can be found right here

It states that they will delete it later today due to lack of "reliable secondary sources attesting to notability."

So if you can help with this, I would appreciate it.

Thanks :-)

21 Jul 2008 3:33am GMT

YOSHIFUJI Hideaki visited to give a presentation on IPV6 happenings. Stephen Hemminger came as well and after an excellent meal at Ototo Sushi in Queen Anne, we listened to Hideaki-san's presentation as well as one I gave on the TX multiqueue work I've been doing.

It went so well, that we decided to declare that this was Netconf for 2008 :-)

My slides are here.

Enjoy.

21 Jul 2008 1:15am GMT

Just got pointed to this NY Times article, "The electronic cover will be used in only 100,000 copies that go to newsstands". I think I'd buy one just to get at the E-Ink device! Too bad they don't sell these magazines over here.

20 Jul 2008 11:39pm GMT

So this weekend was a total technology fail..

so on Sat night Gia rented a DVD to watch on a laptop, I was all should be no problem with this, armed with my livna (and livna-development) repositories, I started off on laptop 1, Thinkpad T60P. totem pulled an immeditate choke with some useless error message. mplayer choked similiarly with a nice bonghits in the libdvdread error message. This I tracked down to the region not being set correctly, so I set the drive region to region 4, and then mplayer failed even harder in a tight loop with kill -9 the only way out. It looked like bad sectors or something in the kernel.

So I went and tried it on laptop number 2, my Dell Insprion 6000, this machine is the oldest piece of kit I own and has been steadily on it way out the door (backlight flickers on/off due to dodgy connections internally). However it is also the only machine I have at home with a non-Linux OS on it, it has Windows XP. So I booted XP on it, stuck the disk in and it played fine, I then booted Linux on it and had the same problem as on the the other laptop. So I decided to let Gia use Windows XP to watch the DVD, I then unplugged the laptop before realising the battery was sitting on the bench (as it overheats a lot instead of charging nowadays.. and it isn't one of the goes on fire batteries either..). So it appears cutting the power wasn't such a good idea, as it appears the hard disk heads crashed or some such fail, as attempting to boot XP on the laptop after that gave a bad boot bluescreen and mounting the XP ntfs partition from Linux went into an ATA reset cycle.

So I had to watch half the rugby (it wasn't a great game in the end), and then watch some movie with Matthew McConaughty in it, at least there was scuba diving in it, so it could have been worse.

Then on Sunday on our way to the cinema, I drops my iphones on the grounds. Oh noes. My iphone volume buttons have been busted for a month or two in any case, but now the lock/power button decided to stop being useful. Of course my iphone is a US phone where I'm sure the warranty has been invalidated six ways from Tuesday at this point. So I'll probably have to go opens it ups and play with its insides. I've damaged a lot of phones in my life but the iphone has actually been the quickest to get broken, and considering I don't drink nearly as much as I used to this isn't a good showing for it.

20 Jul 2008 11:14pm GMT

Sure, linux-next is a useful way of early-detecting patch conflicts with random developers. But the second order effect has been more useful to me: forcing me to get my shit together. Now I regularly publish my patchqueue in a form which applies and compiles, and has clear "production" vs "alpha" demarcation.

Obviously, this is good for people trying to follow various patches (and there are quite a few independent efforts at the moment, including typesafe patches, virtio, lguest, module, tun/tap, stop_machine, kmod-removal and down_trylock removal), but it also makes the arrival of the merge window far less stressful.

In theory, I could have been this organized before. But just like the concept of doing homework long before the deadline, it was never going to happen. So thanks Stephen!

20 Jul 2008 7:03pm GMT

My OLS paper,

Have You Driven an SELinux Lately?

may now be downloaded as a single document, or as part of the conference proceedings.

The paper is a detailed update on the SELinux project, covering important changes to SELinux in the past few years. After the initial upstream kernel merge-which took three years and required LSM to be developed-the project proceeded rapidly in terms of integration into mainstream Linux distributions, as well as having its internal infrastructure overhauled to allow major improvements to both function and usability. A great deal has changed since many people first saw SELinux.

I'd recommend reading the paper if you want to come up to speed on where things are at in the project, and where things are headed.

I'll be giving a talk on the paper at OLS this Thursday. It's certainly a challenge trying to keep the talk length below 45 minutes without leaving something significant out. For some reason, my talks tend to self-adjust to about 90 minutes, and I always need to work to shorten them.

As a reminder, the SELinux Developer Summit is on Tuesday, and it will be held at the Ottawa Novotel from 8:30am.


Btw, I noticed Linux being used at Sydney Airport on the way over:

Ubuntu 6.02, I believe 6.06.2.

20 Jul 2008 3:44pm GMT