The 2.6.34-rc2 kernel prepatch has been tagged and uploaded, but Linus has not sent out an announcement to the world. A lot of changes went in since the -rc1 release; click below for the short-form changelog, or see the full changelog for all the details.

Video recordings for the linux.conf.au 2010 conference are available. LCA2010 was held from January 18-23, 2010 at the Wellington Convention Centre in Wellington, New Zealand. (Thanks to Scott Dowdle)

The H looks at the list of accepted mentoring organizations for GSoC 2010. "The GSoC contests offer university students stipends to write and develop code for various open source projects. Accepted mentors include the Debian Project and the KDE Project, both of which are already seeking project ideas. AbiWord, FFmpeg, Facebook, the GNU Compiler Collection, the LXDE Foundation, Mozilla and Ubuntu are all among the other accepted organisations."

Joe 'Zonker' Brockmeier reviews Claws Mail. "Modern mail user agents (MUAs) tend to hide as much complexity from the user as possible. Claws, bless its speedy little heart, doesn't. Claws is extremely configurable, feature-rich through the use of plugins, and can be keyboard-driven to satisfy users who want the speed of text-based mailers like Mutt with a decent GUI."

CentOS has updated C5: kernel (multiple vulnerabilities). Debian has updated php5 (denial of service).

Dave Phillips continues his coverage of Linux arpeggiators. "Part 1 of this series introduced arpeggiators in general and profiled the QMidiArp application. This week we conclude our survey with a look at two more arpeggiators for Linux musicians: Hypercyclic and Arpage."

Linus's allegedly shorter-than-usual merge window has seemingly mutated into one of the longest merge windows in recent times. Along with big trees for the Microblaze and Blackfin architectures and the SCSI subsystem, the kernel has just gained the Ceph distributed filesystem, a high-performance filesystem intended to scale into the petabyte range.

Ryan Paul covers the launch of the Open Video Alliance. "The Open Video Alliance (OVA), a group that seeks to promote adoption of standards-based open video technologies, has launched a new campaign encouraging users to upload videos to the Wikipedia website. The goals behind this new campaign are to visually enrich the online encyclopedia and promote awareness of the value that open video technologies can bring to the Web."

Version 7.1 of the GDB debugger is out. The big changes appear to be multi-program debugging and the ability to work with PIE executables. There's also a couple of new platforms supported and a number of other enhancements.

This entry in the not403 blog discusses OpenSSO, a single sign-on project which Oracle acquired from Sun and has subsequently shut down. "A Norwegian company called ForgeRock has stepped up to give OpenSSO a new home and continue developing OpenSSO under a new name: OpenAM (because of copyright issues with the name). They claim they will continue with Sun's original roadmap for the product, and they have started to make available again all of the express builds, including agents, that were removed from OpenSSO's site, and a new wiki with all the content that once was available at dev.java.net."

Luis Villa compares mailing lists and parties on his blog. He is reacting to a blog posting by Máirín Duffy that mocks up a web-based mailing list interface that incorporates feedback for readers and posters. Villa sees the feedback as being essential to reducing "bad conversations" on mailing lists. "First, the similarities. At most parties, like most mailing lists, most people want to have interesting conversations, and they understand the shared social standards and interests of the other people at the party. And at most parties and most mailing lists there are a handful of people are boors who probably don’t want to spoil the party, but who violate those shared norms- some in very mild ways (boring, talking too loud, posting too much), or maybe some less mild (the guy who doesn’t think he’s a racist, but really is.) If you’ve got similar mixes of people, why then do parties usually handle boors well, while mailing lists often fail and flame out?"

Version 4 of the DWARF debugging information format specification has been released for public comment. DWARF is used by GCC, GDB, and other free and proprietary toolchains. "Michael Eager, Chair of the DWARF Committee, said 'we have made significant improvements in Version 4 since the previous version was released in 2006. These include improved data compression, better description of optimized code, and support for new language features in C++. Debugging programs can be difficult. Providing the best quality information to programmers can make this easier.'" The DWARF committee is accepting public comments on the spec until May 31. Click below for the full announcement.

CentOS has updated kernel (C4: multiple vulnerabilities) and thunderbird (C4: multiple vulnerabilities) Red Hat has updated thunderbird (RHEL 4, RHEL 5: multiple vulnerabilities) and java-1.4.2-ibm (TLS man-in-the-middle plaintext injection). Ubuntu has updated thunderbird (multiple vulnerabilities).

Paul Davis has an update on Ardour development, which looks at the upcoming 3.0 version, as well as maintenance on 2.x. Ardour is a "digital audio workstation" that runs on Linux and MacOS X. "This work went along with a top-to-bottom revisit of the undo/redo mechanism with the goal of making it scale properly to operations involving large numbers of regions. The results? Operations that were taking an absurd amount of time (40 seconds) to undo can now be undone in less than half a second. The overall responsiveness of undo/redo has now greatly improved." Davis also points to a recent ShotOfJaq podcast on funding models for free software projects that uses Ardour as an example. The comments on the podcast page are worth reading as well.

HTC has finally sent out a press release responding to Apple's patent lawsuit. "HTC disagrees with Apple’s actions and will fully defend itself. HTC strongly advocates intellectual property protection and will continue to respect other innovators and their technologies as we have always done, but we will continue to embrace competition through our own innovation as a healthy way for consumers to get the best mobile experience possible."

The LWN.net Weekly Edition for March 18, 2010 is available.

Package installation for Linux distributions has traditionally separated libraries and application binaries into different packages, so that only one version of a library would be installed and it would be shared by applications that use it. Other operating systems (e.g. Windows, MacOS X) often bundle a particular version of a library with each application, which can lead to many copies and versions of the same library co-existing on the system. While each model has its advocates, the Linux method is seen by many as superior because a security fix in a particular commonly-used library doesn't require updating multiple different applications—not to mention the space savings. But, it would seem that both Mozilla and Google may be causing distributions to switch to library-bundling mode in order to support the Firefox and Chromium web browsers. Click below, subscribers only, for a look at this issue from this week's edition.

SpamAssassin-milter plugs SpamAssassin into mail agents which speak the "milter" protocol. It is, evidently, trivially easy to get this plugin to execute commands as root when it is used with Postfix in some configurations, and possibly with other mailers as well. There is a bug tracker entry where progress on a patch can be followed; the developers seem to not be in a great hurry, despite the fact that exploits are circulating. Sites using SpamAssassin-milter should probably just disable it for now. (Thanks to Christof Damian).

The H has an interview with Eben Moglen. "And so, basically, what I am proposing is that we build a social networking stack based around the existing free software we have, which is pretty much the same existing free software the server-side social networking stacks are built on; and we provide ourselves with an appliance which contains a free distribution everybody can make as much of as they want, and cheap hardware of a type which is going to take over the world whether we do it or we don't, because it's so attractive a form factor and function, at the price."

CentOS has updated cpio (C3, C4, C5: DOS and code execution), tar (C3, C5: DOS and code execution), and pango (C5: denial of service). Fedora has updated cpio (F12: code execution) and tar (F12: code execution). Red Hat has updated kernel (RHEL4, RHEL5, RHEL5.2.z server, RHEL5.3.z server: multiple vulnerabilities). Ubuntu has updated kernel (multiple vulnerabilities).

Our development process depends heavily on code review. But at what level, and using what criteria, is that review best done? Guest author Neil Brown addresses that question by looking at the specific example of sysfs attributes. Do those attributes conform to the rules which have been laid out for them, and, just as importantly, do those rules make sense in the first place? Click below (subscribers only) for an interesting look at the kernel development process.

Version 2.0 2.2.0 of the Parrot virtual machine is out. There's a number of changes listed in the announcement ("Most internal allocations now use the GC, RNG non-randomness fixes, Elimination of much dead code, ..."), but most of them do not appear to be major.

The developers behind SeaMonkey have announced that there will no longer be support for the 1.x versions of the browser suite. "As the SeaMonkey 1.x series no longer receives security updates, due to resource constraints, the SeaMonkey team strongly urges users of that series to upgrade. Additionally, the team continues to strongly urge people still using the old Mozilla Suite or Netscape 4, 6 or 7 to upgrade to the new SeaMonkey 2.0 version. All these older software packages suffer from a large, and steadily increasing, number of security vulnerabilities because they are no longer being maintained."

There will be a second Desktop Summit in 2011 and the bidding is open for a location. "Following the successful Gran Canaria Desktop Summit in 2009, the GNOME Foundation and KDE e.V. Boards have decided to co-locate their flagship conferences once again in 2011, and are taking bids to host the combined event. The Desktop Summit 2011 will be the largest free desktop event ever."

LinuxDevices looks at the Ben NanoNote, a small, open machine produced by Qi Hardware. "The Ben NanoNote offers OpenWRT Linux pre-installed, and the device can also boot over USB. (OpenWRT is a small footprint distribution commonly found on routers.) Other components in the distribution include the Uboot boot-loader, although one of the many project pages on Qi Hardware notes that the eventual plan is to move to the lightweight Qi boot-loader."

Nathan Willis covers Mozilla's contest to provide add-ons for the Firefox for Mobile browser. "Mozilla has launched a contest to spur on development of add-ons for its recently-released Firefox for Mobile browser. Between now and April 12, developers are encouraged to create extensions or other add-ons tailored for the mobile browser. The top ten submissions (as judged by Mozilla's Add-ons and Mobile teams) will each be awarded a package containing a Mozilla t-shirt, phone case, and a brand-new Nokia N900 phone -- which runs the Maemo mobile Linux operating system and was the very first device to support Firefox for Mobile."

Debian has updated pulseaudio (denial of service) and drbd8 (privilege escalation). Fedora has updated viewvc (F12, F11: cross-site scripting), libpng10 (F12, F11: resource consumption), and F11: cronie (modification time changes). Red Hat has updated pango (denial of service), tar (RHEL4&5, RHEL3: arbitrary code execution), and cpio (RHEL4, RHEL5, RHEL3: arbitrary code execution). rPath has updated bind (multiple vulnerabilities) and sendmail (several vulnerabilities). SUSE has updated openoffice.org (multiple vulnerabilities). Ubuntu has updated audiofile (arbitrary code execution) and libpng (multiple vulnerabilities).

Here is an extensive set of performance benchmark results from 14 Python web application servers, done by Nicholas Piël. "The top performers are clearly FAPWS3, uWSGI and Gevent. FAPWS3 has been designed to be fast and lives up the expectations, this has been noted by others as well as it looks like it is being used in production at Ebay. uWSGI is used successfully in production at (and in development by) the Italian ISP Unbit. Gevent is a relatively young project but already very successful. Not only did it perform great in the previous async server benchmark but its reliance on the Libevent HTTP gives it a performance beyond the other asynchronous frameworks."

Version 2.3.0 of the Amarok music player has been released. "Areas such as podcast support and saved playlists have seen huge improvements, as has the support for USB mass storage devices (including generic MP3 players). With large parts of Amarok 2 becoming quite mature, it was also time to start looking forward again. Therefore, this release also contains a number of new features of a slightly more experimental nature. These include a new main toolbar and a rewritten and much simpler file browser."

Jennifer Cloer talks with Matt Asay, COO of Canonical. "Asay: We have the chance to turn the technology world upside down. At Canonical we have Google or Apple-sized ambition, because we have community that dwarfs both of them put together. Our task is to work with the community to fulfill that opportunity. I believe we can. That's what I signed up to accomplish."

Linux For You has an interview with Fedora Project Leader Paul Frields. "Two months after the launch of Fedora 12, we spoke to Paul Frields, Fedora Project Leader at Red Hat, about how this release has been received by the community, and what is in store for the next. Though it started as a technical discussion on what Fedora 12 offers IT admins and developers, it graduated into a more serious conversation on the relationship between Fedora and Red Hat Enterprise Linux, and the distinction (if any) between commercial and community Linux."

CentOS has updated C5: cups (denial of service). Debian has updated drupal6 (multiple vulnerabilities). Fedora has updated F11: curl (arbitrary code execution), F11: squid (denial of service), and F11: cups (denial of service). SUSE has updated acroread, evolution-data-server, finch/pidgin/libpurple, flash-player, gmime-2_4, libnetpbm, libtool, rmail/sendmail/uucp, rubygem-actionpack-2_0, sudo (various issues).

The 2.6.32.10 and 2.6.33.1 stable kernel updates are out. They are both massive, with 145 and 123 patches, respectively.

Mark Shuttleworth claims some progress toward his goal of having distributions synchronize their major releases and calls for more distributors to join in. "I think this is a big win for the free software community. Many upstreams have said 'we'd really like to help deliver a great stable release, but which distro should we arrange that around?' Upstreams should not have to play favourites with distributions, and it should be no more work to support 10 distributions as to support one."

LinuxCon Japan, formerly known as the Japan Linux Symposium, has announced its call for participation (CFP). This Linux Foundation sponsored conference will be held in Tokyo September 27-29. The CFP lists a number of topic areas that are of particular interest including desktop Linux, embedded and mobile Linux, Linux adoption, and so on; it closes on May 14. "LinuxCon Japan is the premiere Linux conference in Asia that brings together a unique blend of core developers, administrators, users, community managers and industry experts. It is designed not only to encourage collaboration but also to support future interaction between Japan and other Asia Pacific countries and the rest of the global Linux community. The conference includes presentations, tutorials, birds of a feather sessions, keynotes, sponsored mini-summits."

The Linux Foundation has announced the program for the Collaboration Summit to be held April 14-16 in San Francisco. This is an invitation-only event, though invitations can still be requested. Highlights include a full-day session on Meego, the Linux kernel roundtable, keynotes by Josh Berkus, Dr. Daniel Frye, Jim Zemlin, and others, a cloud computing roundtable, and more. "The Linux Foundation Collaboration Summit is the only event where a true cross-section of leaders from the Linux developer, industry and end user communities meet face-to-face to tackle today’s most pressing issues facing Linux, including technical development, legal topics, ISV porting and end user requirements."

Version 1.2 of PyPy - an alternative implementation of the Python interpreter - has been released. "This version 1.2 is a major milestone and it is the first release to ship a Just-in-Time compiler that is known to be faster than CPython (and unladen swallow) on some real-world applications (or the best benchmarks we could get for them). The main theme for the 1.2 release is speed." It's still not quite ready for production use, but it appears to be getting a lot closer.

Over at opensource.com, OpenNMS's Tarus Balog looks at the process of starting an open source business. This article covers much of the same material as his recent SCALE 8x keynote. "You might think that I was motivated by some sort of idealistic love of open source software. Nothing could be further from the truth. At the time, I was still running a Windows desktop. I undertook the OpenNMS project because I believed one thing: in the area of network management, open source represents the best business solution."

Debian has updated Egroupware (multiple vulnerabilities) and MoinMoin (multiple vulnerabilities). Fedora has updated nss (F12: TLS man-in-the-middle plaintext injection) and cups (fix for earlier denial of service fix). Mandriva has updated ncpfs (multiple vulnerabilities). Ubuntu has updated MoinMoin (multiple vulnerabilities).

The Fedora board has, in response to ongoing discussions about updates to its releases (as covered in the March 11 Weekly Edition), adopted a "vision statement" on how Fedora releases should be maintained. "Stable releases should provide a consistent user experience throughout the lifecycle, and only fix bugs and security issues. Stable releases should not be used for tracking upstream version closely when this is likely to change the user experience beyond fixing bugs and security issues."

Google has announced the release of its RE2 library under a BSDish license. "At Google, we use regular expressions as part of the interface to many external and internal systems, including Code Search, Sawzall, and Bigtable. Those systems process large amounts of data; exponential run time would be a serious problem. On a more practical note, these are multithreaded C++ programs with fixed-size stacks: the unbounded stack usage in typical regular expression implementations leads to stack overflows and server crashes. To solve both problems, we've built a new regular expression engine, called RE2, which is based on automata theory and guarantees that searches complete in linear time with respect to the size of the input and in a fixed amount of stack space." More information can be found on the RE2 project page.

The H reports that the Open Source Initiative (OSI) has elected Simon Phipps, formerly Sun's Chief Open Source Officer, to the board of directors. "As a director, Phipps hopes to help the organisation change so that it becomes more member-oriented, more active in promoting open source in education, in policy development and possibly in organisational support for open source projects; "My goal as a Director will be to facilitate that change, a change that is already well under way following recent face to face discussions and the great work that Andrew Oliver and Danese Cooper have already put in"."

This year's Embedded Linux Conference, which will be held in San Francisco April 12-14, has announced that its program is now available. The keynote speakers will be Greg Kroah-Hartman ("Android: a Case Study of an Embedded Linux Project") and Matt Asay ("Embedded in 2010: an End to the Entropy?") along with a whole slate of over 50 presentations, tutorials, and BoFs. "This is your chance to meet leading developers from the embedded Linux community, and learn about the latest changes in Linux. Also, you can talk to engineers working on real products at some of the largest CE companies in the world, describing how they solved real issues in their own development projects." Click below for the full announcement.

Dave Phillips looks at arpeggiators for Linux. "An arpeggio is a musical technique whereby the notes of a chord are played in succession rather than all at once. The order of the chord notes in this succession may follow a strict set of rules or they may be played in purely random sequence. A device that acts upon a chord in this manner is known as an arpeggiator."

Debian has updated kvm (multiple vulnerabilities), dpkg (path traversal), and kernel (privilege escalation, denial of service). Fedora has updated F12: samba (multiple vulnerabilities). Mandriva has updated virtualbox (unspecified vulnerability) and squid (denial of service). Slackware has updated pidgin (multiple vulnerabilities). Ubuntu has updated apache (multiple vulnerabilities) and dpkg (path traversal).

Over at CNET, Stephen Shankland has a fairly lengthy interview with Canonical's new CEO Jane Silber. "But is there more urgency about profit now? Silber: There is a sense of great opportunity right now. When we started Ubuntu in year one, we didn't put a strong push on trying to sell Canonical services, not because we were not interested, but it's hard to build a business around selling services around an operating system that nobody is using. We knew we needed to gain a user base and momentum before we could sell services. That user base is now there. There is urgency and momentum around that at a level we hadn't necessarily seen in the first couple years."

The LWN.net Weekly Edition for March 11, 2010 is available.

The SCO case has long since dropped off the radar for most. It is worth noting, though, that the Novell "slander of title" trial is now underway in Utah. Groklaw has detailed coverage of the testimony thus far. "Why did Novell slander SCO's title? Because of Linux. Linux started as a hobbyist tool. It's open source; 'nobody can be completely sure where the code comes from'. Starting around 2000, IBM inserted into Linux stuff that belonged to SCO. SCO sued, and started their licensing program (SCOsource). Novell stated that SCO doesn't have the copyrights and can't sue IBM."

Debian has updated tdiary (cross-site scripting). Fedora has updated samba (F11: filesystem access privilege escalation). Mandriva has updated php (two safe_mode bypass vulnerabilities).

The Mozilla Foundation has launched a process to update the Mozilla Public License. The project is described this way: We've been using version 1.1 of the Mozilla Public License for about a decade now. Its spirit has served us well, helping to communicate some of the values that underpin our large and growing community. However, some of its wording may be showing its age. Keeping both those things in mind, we're launching this process to update the license, hoping to modernize and simplify it while still keeping the things that have made the license and the Mozilla project such a success. While the update process is inspired by the GPLv3 update, the objectives are far less ambitious: Mozilla would like to smooth various rough edges without making major changes to the license. They hope to have the process complete - after releasing three drafts for comments - by November of this year.