 Jim Zemlin | HP Releases More Details on the Open Sourcing of webOS
This morning, HP gave further details of its contribution of the webOs platform to the open source community. I find these details and the timeline associated with the release to be positive developments, both for Linux and for the wider mobile markets.
The WebOS stack represents a rich set of components that combined together create a comprehensive platform for mobile devices. The highlight of today’s announcement has to be the open sourcing of Enyo, the application framework for webOS. This is a powerful framework that app developers can use to build applications that will work across different platforms including iOS, Android, webOS and so on.
Companies announce open sourcing products and projects all the time. There are several decisions HP executives made in this process that I think signal they are on the right track:
webOS is moving to the mainline Linux kernel. This saves any device maker service and support costs since it will eliminate much of the custom code those companies need to support. They have committed considerable resources to working with the upstream project, which will insure their Linux investment will last.
Open sourcing Enyo, instead of keeping some components closed source, will ensure that the complete stack is available with no lock-in by HP. While this enables competitors to literally take the R&D HP has invested in this product and use it to target other platforms, it also ensures that device manufacturers and app developers can make full use of the whole stack; thus increasing the changes that webOs may be adopted and used in products.
By using the Apache 2.0 license, HP has smartly decided to use a standard and well respected license, instead of something unique, niche or proprietary. Everyone understands the terms of the Apache license, thus cutting down on the requirements for education or promotion.
By using and contributing to core upstream Linux projects, HP is hedging its investment. Contributions of code that make Linux more power efficient will not only help them in mobile but also in the data center where power and cooling are central costs.
While there are clearly other open source solutions in the mobile space with Android and Tizen, choice is always good in technology. By using a mainline kernel, this announcement is also good for Linux, since any work HP and others contribute to webOS (think power management, device driver support, etc) can end up benefiting all Linux users. And by “all” I mean all, not just those using a phone running Android. Since server and desktop Linux users also use the mainline kernel all can benefit from this work.
Will webOS be successful? That of course remains to be seen. I will be watching, like everyone else, for announcements of device support. But by making smart early and crucial decisions like this, the project has a much better chance of succeeding.
|
 Amanda McPherson | Free Embedded Linux Training at Yocto Developer Day on February 14th
Use of Linux in the mobile/embedded space is exploding, and we find many companies are adopting the open source Yocto project to build custom embedded Linux systems. The project is hosting a free day of training on Yocto on Feb 14th as part of the Embedded Linux Conference. This is a fantastic opportunity to learn Yocto if you're a beginner or get more advanced if you are already familiar with the tool. Find out more about Yocto Developer Day.
Yocto includes the BitBake build tool, a large set of customizable build metadata, the EGLIBC library, Eclipse-based graphical user interfaces for both the build system and an accompanying Application Development Toolkit that is automatically generated, and several other tools that bring some order to the occasional chaos of developing systems with embedded Linux - and indeed, embedded systems in general. The Yocto Project supports multiple Intel architectures, multiple ARM architectures, MIPS, and PowerPC with standard BSPs and QEMU-based emulators. The build system that is customizable end-to-end but still easy to use. The project is supported by major embedded hardware vendors, embedded Linux operating system vendors, the OpenEmbedded Project, and many other organizations, with a governance structure based on the open source tenets of transparency and meritocracy. It's one of the Linux Foundation Labs projects I am most excited about. Seating is limited for this free training, so early registration is highly encouraged. The ELC schedule is out and this Yocto training, combined with the conference and Android Builders Summit held concurrently, should make for a fabulous week of embedded Linux.
For those of you who want a bit more embedded Linux, we are also hosting two in-depth training courses on the weekend following the conference:
LF410 Embedded Linux Development: A Crash Course (View Course Overview)
Saturday, February 18th - Sunday, February 19th
9:00am - 5:00pm (Pacific Time)
LF404 Building Embedded Linux with Yocto: Crash Course (View Course Overview)
Saturday, February 18th - Sunday, February 19th
9:00am - 5:00pm (Pacific Time)
You can find out more about these embedded Linux classes. These courses are hands on and intense. Let me know if you have any questions. See you at the Hotel Sofitel!
|
 Jennifer Cloer | The Best Linux Events of 2012
{lfnews}The Linux Foundation today announced its 2012 Linux events and onsite training schedule. Some highlights include a triple-header in San Diego in August: LinuxCon North America, Linux Plumbers Conference and Linux Kernel Summit. Someone better warn San Diego natives that we're taking over their city this summer. We're also really excited to host three events in Barcelona: LinuxCon Europe, Embedded Linux Conference Europe and KVM Forum. Viva Linux!
You can check out today's news release for details on these and other events or check out this slideshow we whipped together with some cool images and photos from past events. Shows us what's in store this year.
|
 Angela Brown | What to Expect at LinuxCon 2010 this August in Boston!
The call for participation and registration opened for LinuxCon today signaling the beginning of planning for the 2nd Annual LinuxCon.
To recap on some of the highlights of LinuxCon 2009, which took place in Portland last September, we brought you:
A fantastic line-up of speakers including Linus Torvalds, Mark Shuttleworth, Bob Sutor, and many more industry luminaries
A packed program delivering content to a diverse audience of business, operations and developers
A Technology Showcase & Lounge providing attendees and exhibitors the opportunity to network and learn from each other
Exciting evening events including the Intel-sponsored LinuxCon/LPC reception and the Bowling for Penguins Fundraiser
The added value of co-located events include the Novell SUSE workshop, LDAPCon and the Linux Plumbers Conference
Check out our video highlights of LinuxCon 2009 here!
How is LinuxCon different than other events? In a number of ways. This is an event specific to the Linux community, but within that, it encompasses all matters Linux. Other events specifically target certain groups in the ecosystem, but LinuxCon is the only event that really brings together a diverse group of all types of industry leaders and contributors - from business executives and end users, to developers (both in the kernel and out), to the systems administrators and senior technology operations leaders. This is the one event the community can attend each year to meet face-to-face and collaborate with all the community players. In addition to innovative technical content and a great mix of attendees, LinuxCon also offers an unmatched fun, vibrant and intimate atmosphere that is extremely conducive to attendee networking and collaboration.
If you pick one Linux event to attend this year, LinuxCon should be it - you will not be disappointed!
While we could not have been happier with the overwhelming positive response from last year's inaugural event, we are amped to step up our game and make this year's LinuxCon a bigger and bolder experience for attendees.
In addition to fantastic, streamlined content geared again towards a variety of attendees (this is the conference for all matters Linux after all!), prepare yourselves for some exciting new speakers, a host of new attendees to network and collaborate with, and some fun additions to add to your conference experience!
Plus, we are happy to announce the co-location of a number of mini-summits/conferences this year, including KVM Forum, Linux Storage & Filesystems Workshop, Virtual Memory Mini-Summit, the Wireless Summit, Power Management Summit and the Linux Security Summit, plus more to be announced.
The registration fee is only $300 through April 15th, so REGISTER NOW.
Stay tuned for more information on all things LinuxCon - and get ready to have a great week in Boston this August!
|
 Ibrahim Haddad | MeeGo Summer Seminar: Trip Report
The MeeGo Seminar Summer 2010 edition took place on July 26, 2010 in Tokyo, Japan. The event was packed. More than 530 registrants, 21 sponsors, 16 speakers, 3 tracks (Business, Technology, Qt+Atom), multiple demos, and the announcement that the GENIVI Alliance has selected MeeGo as its future in-vehicle infotainment center.
The MeeGo Seminar Summer 2010 edition took place on July 26th, 2010 in Tokyo, Japan. The event was packed. More than 530 registrants, 21 sponsors, 16 speakers, 3 tracks (Business, Technology, Qt+Atom), multiple demos and the announcement that the GENIVI Alliance has selected MeeGo as its future in-vehicle infotainment center.
Below are some pictures from the MeeGo demos.
One of the questions I received as part of the discussion panel was about what makes MeeGo a great platform and diffrentiates it from other efforts. The questions actually came from one of audience members through the panel moderator. I think the answer to this question was the longest answer any panel participant gave to any given question:
MeeGo is an open source project hosted under the auspices of The Linux Foundation with an open governance model, open discussion forums, open mailing lists, open technical steering committee meetings, open roadmap process, and governed by the best practices of open source development. By the way, there are no contributor agreements to sign, either.
MeeGo is aligned closely with upstream projects and combines mobile development resources towards a unified platform that supports multiple device types (handsets, tablets, netbooks, connected-TVs, in-vehicle infotainment systems). It requires that submitted patches also be submitted to the appropriate upstream project and be on a path for acceptance. As a result, a large number of upstream projects will benefit from the MeeGo contribution. MeeGo offers a complete and optimized software stack, from the kernel to the libraries and middleware components up to reference UX implementations, along with a rich cross-platform development environment and tools.
MeeGo offers equal opportunities for all industry players to participate in the evolution of the software platform and to build their own assets on MeeGo and offers differentiation abilities through
the customization and branding of the user experience. Furthermore, it offers the ability to participate in the evolution of the software platform, and other Linux mobile and desktop efforts will benefit from
MeeGo’s work.
MeeGo has an active community that consists of more than 8,000 participants registered at MeeGo.com contributing source code, QA, documentation, translation, etc.
For application developers, MeeGo has a very attractive offering:
- Support for a single set of APIs across client devices --> easily and rapidly create and deploy apps
- Support for five different device types --> create an app and run it on multiple device types
- Support for multiple app stores --> host your app in several stores, or even create your own store
MeeGo also offers a compliance program to certify software stacks and application portability from the get go. Overall, MeeGo has too many unique characteristics and advantages that makes it really easy for me to support it.
Did I answer your question?
It goes without saying that I did not get any questions from the panel moderator for 20 minutes after my long answer on this question. The MeeGo Seminar was quite a success on all fronts. We are planning our next Seminar in Tokyo in December and before that we'd love to see you at the MeeGo Conference in Dublin, Nov 15-17.
|
 Linux Weather Forecast | The cracking of kernel.org
As has recently been announced on the main kernel.org page, the main kernel.org server (known as "hera") was recently compromised by an unknown intruder. This person was able to gain "root" access, meaning they had the full run of the system. Speaking as just one of many members of the kernel development community, I can say that this episode is disturbing and embarrassing. But I can also say that there is no need to worry about the integrity of the kernel source or of any other software hosted on the kernel.org systems.
Kernel.org is, of course, the home for the Linux kernel. Many other projects live there as well. On the face of it, that would make kernel.org a tempting target for an attack. What self-respecting cracker wouldn't want an opportunity to place some special code into the Linux kernel? Such code would, over time, find its way into millions of machines worldwide. The injection of backdoors or other malware is a concern for any software maintainer - open source or otherwise - but it turns out that we are well protected against that sort of attack.
If kernel developers worked by shipping simple files of source code around, they might well be vulnerable to malware added by an intruder. But that is not how kernel development is done. The code for the kernel (and for many other projects) is managed with the "git" source code management system. And git does not allow the code to be modified by third parties without people knowing about it. It's worth taking a moment to look at how that works.
A cryptographic "hashing function" is a mathematical formula which boils the contents of a file down to a small number. "Small" is relative; git's hash function produces 160-bit numbers, which are quite big by normal standards - it is roughly equal to the number of atoms in the Earth. The key to the hash function is that, if the contents of the file change, the hash will change too. Creating any new file matching the hash of an existing file is not really possible; if you want that new file to look like the old one with the exception of a bit of hostile code, the challenge is even bigger. So an attacker would be unable to change a file without changing its hash as well. Git checks hashes regularly, so a simplistic attempt to corrupt a file would be flagged almost immediately.
The hashing does not stop there. For any given state of the kernel source tree, git calculates a hash based on (1) the hashes of all the files contained within that tree, and (2) the hashes of all of the previous states of the tree. So, for example, the hash for the kernel at the 3.0 release is 02f8c6aee8df3cdc935e9bdd4f2d020306035dbe. There is no way to change any of the files within that release - or within any previous release - without changing that hash. If anybody (even the kernel.org repository) were to present a 3.0 kernel with a different hash, it would be immediately apparent that something was not right.
You might be thinking that 02f8c6aee8df3cdc935e9bdd4f2d020306035dbe is an awfully long number to memorize and check. If we were dependent on humans to check the hash values, we would have reason to worry. But computers are very good at checking those values. And there are a lot of computers available to do that checking.
The machine I am typing this article on has a full copy of the kernel git repository. Actually, it has more than one. All kernel developers - and many people who are not kernel developers - have at least one copy of the repository somewhere. If an attacker were to corrupt the kernel.org repository, those other developers would notice the next time they updated their personal repositories - something that happens many times every day. If the attacker were to simply add new patches that had not gone through Linus Torvalds's personal copy of the repository (which is not the copy on kernel.org), he would notice the next time he tried to make a change of his own. Git will see that the hash values are not what they should be and raise the alarm.
Kernel.org may seem like the place where kernel development is done, but it's not; it's really just a distribution point. The integrity of that distribution point is protected by the combination of clever software and thousands of copies of the repository distributed around the world. So when we say that we know the kernel source has not been compromised on kernel.org, we really know it.
The kernel.org administrators have shown themselves to be careful and capable people over many years. It seems like they've had some sleepless nights, with the prospect of quite a few more to come. It will be necessary to rebuild the kernel.org infrastructure and to figure out how the attacker got in. The integrity of those systems was lost; restoring it and protecting it into the future will take a considerable amount of work. But people running Linux need not worry about the integrity of their kernels; that is protected by defenses stronger than those of any single computer.
| |
