Slashdot Mirror

I don't really think think that CUPS 1.6 does anything like that. Apple merely removed some features which they don't need for their own systems. From what I read there is nothing in that release which would achieve driverless printing. Anyway, I find the article barely readable at best. I appreciate the difficulty of writing in a foreign language - English isn't my first language either - but most of this just doesn't parse.

I would recommend to read this article instead.

There is an electronic version called "Heise.de" (in form of a website with forums) that you can use, if you want. It is different from the paper version, because no one would buy it anymore, of course. It's the publishing company that brings c't and iX.

I visit the German version (classic view) quite regularly, because the forum discussions are fun and it is my number 1 bookmark. This is comparable to Slashdot in my opinion and has funny troll threads. ;) There is also an version in English that is probably not that busy as the German one and does not publish as many articles. I think they would, if they had more visitors. So it's up to you to make it big, because the competence is available there.

Btw, I can see articles quite frequently here on Slashdot that originate from Heise.de.

From the same Google India IP range comes a vandalism attack on OpenStreetMap, the open-data alternative to Googlemaps:

The bogus changes range from the obvious adding or deleting of nodes to the map or posting junk labels on locations, to the subtle but dangerous – such as reversing traffic flow on one way streets. Two accounts have been noted modifying maps in London and New York, and have been making more obvious changes since last Thursday 12 January. OpenStreetMap has yet to do a full analysis of activity from the IP range which amounts to 102,000 hits using 17 accounts over the last year.

OpenStreetMap claims map vandalism traced to Google IP range
OpenStreetMap blog posting
Troubling Google Contractor Allegedly Caught Vandalizing Open Street Map

http://www.h-online.com/security/news/item/Did-Symantec-source-code-hack-reveal-Indian-phone-surveillance-1406612.html

Let us not forget that not only did we get source to Symantec revealed, Symantec confessed it had been stolen, but said it was an old version.

Ooooh, scary, they got the source code of anti-virus software - what evil things did the Indian military plan to do with AV software?

It didn't happen in Fedora 16 as once planned but they're apparently going to make a go of it in Fedora 17: http://www.h-online.com/open/news/item/Btrfs-and-new-file-system-structure-agreed-for-Fedora-17-1389851.html

Tick tick tick...

Maybe stuff like Lookout Mobile can trap those premium SMS messages and at least warn you.

But this is a cat and mouse game now, and we'll have to explore how to punish the carriers and operators that enable fraudulent services by permitting them to bill victims. That's about the only way to deal with this sometimes.

Does anyone else see a parallel with GPL versions?

GPL v2 was decent and widely used, but the arrogant overseers decided to overstep their bounds when updating to a new point release, ignoring community feedback and concerns. While some people followed willingly to GPL v3, many simply jumped ship to licenses with less onerous terms, such as MIT, ASL, etc.

I wish someone would fork GPL v2 and keep the legal strength improvements while jettisoning the forced patent licensing and "de-Tivoising" provisions. I'm fed up with RMS's proselytizing.

20 December 2011, 13:21
Highly critical zero day vulnerability in Windows discovered

http://www.h-online.com/security/news/item/Highly-critical-zero-day-vulnerability-in-Windows-discovered-1398625.html

The article says, "Last year, Florian Schießl, a LiMux project director, stated that he and his team had been naïve and had underestimated the extent of minor problems."

"naïve" links to another article on the same site, h-online.com, from March 2010,

  * LiMux project management, "We were naïve", http://www.h-online.com/open/news/item/LiMux-project-management-We-were-naive-958824.html

This one states: On his blog, the IT expert admits that "We were naïve," and confesses to a "miscalculation".

This links to

  * http://www.floschi.info/2010/03/quality-over-time-in-munich/

but floschi.info just says "It works". The Internet Archive records only cover up to Feb 2010 (http://wayback.archive.org/web/20100501000000*/http://www.floschi.info)

Firefox development has gotten so bad they are currently having issues compiling

According to that, it's only because of 32-bit limits on Windows. Real operating systems have been 64-bit for years.

Compiling the software I'm working on needs more than 4GB of RAM, so I don't see why that should indicate anything more than C++ being a hugely bloated language.

If they did Unity, Gnome 3 and Firefox wouldn't have the massive amounts of negative feedback they have now. In fact, Firefox development has gotten so bad they are currently having issues compiling

Submitter plagiarised the summary from The H:

http://www.h-online.com/security/news/item/Researchers-conduct-successful-MITM-attack-on-HDCP-copy-protection-1384543.html

Here, here, here and here. Yep folks, unfortunately I'd say he really is dead :(

Check this out:

we're very confident that with the skill, sophistication and resources involved it could only have been a nation state.'

Now look at this:

http://www.h-online.com/security/news/item/RSA-break-in-it-was-the-Flash-Player-s-fault-1221057.html

RSA said that two variants of infected emails with an attachment called "2011 Recruitment plan.xls" were sent to a group of RSA employees over two days. Apparently, one of the targeted employees retrieved the email from a spam folder and opened it. The intruders used the exploit to install the widely known and freely available Poison Ivy "remote administration tool". The tool allowed the attackers to spy on the user's server access credentials, log into the server and escalate their access privileges (via further vulnerabilities). This gradually allowed them to work their way into the systems that interested them.

There, they harvested data and copied it to other servers on the internal network, where they combined, compressed and encrypted the information before transferring it to an external FTP server.

OH NOES SUCH UBER-L33T TACTICS! IT MUST BE TEH CHINESE CYBER-MARINES!

Are you trolling? Because I am not entirely sure if you are, but I feel like responding otherwise.

No, the release schedules are just the icing on the cake. Firefox is pissing off core supporters by being crap. A browser that hogs 70% of your memory *by design* (because, y'know, that seems right for a rich-text viewer, right? And who needs to run productivity applications at the same time as a browser anyway?!) and ends up actually using more due to massive memory leaks, is close to unusable.

If it is by design - as you claim - then how come Mozilla is pushing that Firefox 7 will use between 30-40% less RAM. I am not claiming Firefox is perfect, but there is no need to spread FUD.

Right now I can't actually run Yahoo Mail. I have 4G on this baby, and 4G on the Windows box upstairs, and I can't run Yahoo Mail under Firefox unless I close it as soon as I've finished with it. Because if I run it, and don't close the tab, my PCs will be reduced to crawling, memory swapping, crapola within two hours.

Maybe you should stop using Yahoo Mail. This isn't the 90s. And maybe get an operating system that can actually manage memory.

Mozilla: listen. You know all those changes you made since 3.6? Fuck 'em. Seriously. You want to fix this, it's quite simple. Roll Firefox back to 3.6, and look into a more sane way of introducing the changes you've made since. Yes, I know it means Firefox will no longer implement one or two standards that haven't taken off yet, but it means your browser will actually become relevant again.

Please, for the love of God, swallow your pride and do it.

Do it now.

I sincerely hope they do not. Besides your peevees such as the new schedule release and your claimed RAM hogging (something which was also the case in 3.6), Firefox has gotten increasingly faster since 3.6 (my apologies for not providing a source on this, but I do recall seeing benchmarks to this effect; although, in fairness, 4 introduced multithreading which causes some slowdowns with single threading which 3.6 handled better, resulting in a percieved slowness of 4 compared to 3.6, but the issue did not persist in 5 (but few compare 3.6 to 5, people seem to do comparison between versions next to one another)).

I use Firefox because it is the only browser that is customisable enough to fit my needs. Furthermore, I admire Mozilla for sticking to their principles. I do not for a second doubt that Chrome or Opera is faster than Firefox. Or more stable. I use Opera to run Flash and Chrome to run Java Applets. But for my main, every day use, Firefox comes out on top.

As I understand it, the new SDK is available:

http://www.h-online.com/open/news/item/Add-on-SDK-for-Firefox-updated-1343612.html

It allows to rewrite the old Addons which need to be updated when Firefox upgrades.

You should read this article:
http://www.h-online.com/open/news/item/Kernel-org-gets-major-system-upgrades-1142346.html

If that description from late 2010 (less than a year ago!) is still accurate, there is almost no infrastructure at all. In case you refuse to read it for yourself, let me quote to you from it:

In total the kernel.org infrastructure uses 12 servers worldwide.

Unless you're a high school kid who has only ever managed a VPS instance running Linux for some shitty Ruby on Rails site, a mere 12 servers should seem like absolutely nothing to you. Most professional sysadmins will manage hundreds to even thousands of times that number of servers.

The name sounded familiar and some digging shows that these are the same guys that did an IPv6 trial in the past year. So they've already one-upped slashdot with something.

Maybe I'll start learning German to be packed up for the not-so-far day when slashdot implements their Like button: thousands of us per day already acquiesced with Geeknet adding 3 different links to "follow us on $SOCIAL_NETWORK" on the front page. The next logical step to ???? PROFIT! is just to wait for a juicy FB/FBI deal to track non-conformists and further de-anonymize geeks and their slashdot effect when linking to Wikileaks stories, for instance.

Mr Kaspersky's empire is propaganda @ Threatpost
Such articles are pro internet ID and anti anonymous and pro establishment cyber-what-ever-the-fuck-emergency-de-jour is. I Hate their site it reminds me of fucking CBS,

I suggest h-online instead
http://www.h-online.com/security/

I would plug in a random USB drive. It's a USB drive. It gets no special privileges, this isn't firewire and anyway in 2011 we have IOMMU so even if it was (which it isn't) allowed to initiate DMA transactions it doesn't get to look anywhere the OS doesn't want it to.

If your OS is dumb enough to assume anything plugged in should be privileged and get to execute code then that's an OS security problem, nothing to do with me.

http://www.h-online.com/open/news/item/USB-driver-bug-exposed-as-Linux-plug-pwn-1203617.html

Call me crazy but a piece of non-executable code in a HTML file on a partition in the firmware does not sound a) exploitable, or b) critical.

Something has to process the HTML file. HTML is a complex standard -- far more so than plain text. An HTML rendering engine needs code to process every tag it supports.

I remember back in the day when the Goodtimes virius hoax was making the rounds. Software professionals were incredulous that people actually believed it was possible to catch a virus simply by reading email. Yet a few years later viruses started popping up that exploited security holes in email clients.

Back to the subject of HTML, here are a few security vulnerabilities in HTML rendering engines:

• KHTML
• Firefox
• Internet Explorer

Siemens is taking the issue seriously.

While the Easter egg may have simply been a developer's idea of fun, Beresford says he's still examining it to see if it's possible to send commands through the html page back to the PLC.

Yeah -- was just looking for a comment from someone else on this. Indeed, I couldn't find any documentation on the linux.com's website on this video

So how exactly do we know that Microsoft sent this, other than TFA saying:

Among the well-wishers that have made submissions is one that would not necessarily be expected: Microsoft has posted an animated video congratulating the free operating system.

How this "h-online" website found that Microsoft posted the video is unknown.

I am a person who has had numerous difficulties with the american banking system. I emphasize this because i went to england for a year and had NO problems AT ALL!. As a result, it will be a little longer before i can have a bank account without paying out a couple of hundred dollars for fees i never should have incured. How is a person without a checking account supposed to easily purchase bitcoins, the only solution i have come up with is a prepaid visa card but they cost $5 and the transaction fees are insane and dont allow me to purchase bitcoins at a rate near the market one. Any ideas, It would be handy if i could get a retailers gift card and purchase bitcoins with that.

Another question i have is, It appears some members of the US and German governments are upset about bitcoin thanks to a darknet web site called silk road. How secure is it, really. I have read that bitcoin uses elliptic curve crypto. I found the following article which has me very concerned. I wonder if a government decided to nationally filter bitcoin traffic, how successful would they be? If the bitcoin protocol always uses the same port it strikes me as being fairly easy, as some of the ISPs in the US alone are rather big. Think comcast, Qwest etc.

http://www.h-online.com/security/news/item/Successful-timing-attacks-on-elliptic-curve-cryptography-1247772.html

That said, I really like bitcoin, I am just worried that its not as secure as we would like it to be.

Cheers

I reckon if you were an IPv6 only user, what you'd want to see is a list of pages you can access, and not ones you can't. That's a matter of filtering for the user, not sorting for relevance to the search query. And that assumes the existence of an IPv6 only user with *no* access of any kind to the IPv4 internet. We've a long distance to go before we start seeing those in the wild, outside of labs.

I think we need to face it that we can't expect Google to damage their core product by introducing changes like this for even the best of technical intentions. There isn't any "How to get IPv6 adoption in months not years." There's a lot of work to be done in crafting proper plans with realistic costs and benefits that can be understood by the people who are going to approve the money. We can do little things here and there, but we can't short-circut that process on an industry-wide basis.

It sounds daunting, but it's doable if we chew one bite's worth at a time. What's happening today is going to contribute to that for the content providers, by quantifying something that was previously uncertain: just how big is the impact on existing users if you dual stack. If the day turns out to be so successful that some big sites dual stack permanently - as such experiments in the past have done - then that contributes to the case for the rest of us, because finally there will be some real content out there that will use the stuff we're paying for.

Perhaps you missed the point where ...

If the iPhone is synchronised with a computer it is apparently possible to extract the escrow key from the PC and use it instead of the passcode key.

... and therefore no brute force necessary.

Source

Apple's encryption was not cracked. The passphrase to the key was brute forced.

Or maybe it was the fact that Apple's passphrase implementation allowed trying more than three passphrases in three minutes, or more than 24 passphrases in 24 hours.

Or you actually need to jailbreak the iPhone and then run the brute force program bypassing Apple's passphrase blocking implementation. http://www.h-online.com/security/news/item/ElcomSoft-cracks-iOS-encryption-system-1250526.html

Yes and no. The initial setup does require some central system.

Skype NAT Hole Punching

The way Skype solves this problem is by identifying clients that aren't behind NAT. Those clients are used to proxy the media for other clients that are behind NAT. In other words, if you use Skype and you aren't behind NAT, there's a good chance you will be carrying traffic for those that are behind NAT.

That is not correct. The Skype proxy actually punches holes in the NAT on both ends so they can talk directly. See http://www.h-online.com/security/features/How-Skype-Co-get-round-firewalls-747197.html.

The real question is, will it be worthwhile if some/all the employees have to learn to use a different OS all over again?

Perhaps Munich can provide some insight:

"LiMux project management, "We were naïve""

http://www.h-online.com/open/news/item/LiMux-project-management-We-were-naive-958824.html http://linux.slashdot.org/story/10/03/19/1633241/The-Woes-of-Munichs-Linux-Migration

Now to create an input device that would type 'format C://" every time one logs in... It won't work in Linux so....

This will http://www.h-online.com/open/news/item/USB-driver-bug-exposed-as-Linux-plug-pwn-1203617.html

Xen 4.1 is aiming to be integrated into the native Kernel, it is very close already having some dom0 support now, native guest support as of 2.6.36 and will have full dom0 support soon

This is the crux of the matter, Xen has been going into the mainline kernel 'any day now' for the past 3 or 4 years. It's hard to believe that it took them until 2.6.36 (October 2010) to even get the domU support in there. Either Xen development proceeds at a snail's pace or the project is run by people who don't want to fit into the guidelines for code submitted to the kernel. Either way I can only see KVM running ahead in leaps and bounds while Xen struggles with getting into the kernel, and people struggle to get Xen installed.

Your right that Redhat has gone away from Xen, although it was only last month with the release of RHEL6, their first version without official Xen support. Novell's keeping up Xen probably mainly for competitive reasons - to have a differentiated product from Redhat, but it also fully supports KVM: http://www.h-online.com/open/news/item/Novell-supports-KVM-963031.html

Could some of you idiots who keep voting this guy "insightful" explain your reasoning? For fuck's sake, he quoted the COPYING file, so all you had to do was glance up and read and you could see his claim about it is wrong. It says nothing about the kernel header files.

You generally do not need to use the kernel header files in order to write or compile programs that make system calls. For example, to write a program that uses fork, you include sys/types.h and unistd.h.

The COPYING file IS for the kernel source, including (drum roll please) the kernel headers.

But let's cut to the chase. Bionic is generated from the kernel headers in the linux distribution. Here's what the article from h-online reported a few days ago when this all started

Nimmer looks at the process that the Android developers created to produce the header files for Bionic, a compact alternative to glibc which also includes Android specific functionality.

The build process for Bionic takes the GPL licensed kernel header files and, using a number of Python scripts, reprocesses them to create "clean" header files for Apache licensed Bionic

OR, you could read the the very first line of the Bionic README.txt, which also says that this uses kernel header files:

Bionic comes with a set of 'clean' Linux kernel headers that can safely be included by userland applications and libraries without fear of hideous conflicts. for more information why this is needed, see the "RATIONALE" section at the end of this document.

these clean headers are automatically generated by several scripts located in the 'bionic/kernel/tools' directory, which process a set of original and unmodified kernel headers in order to get rid of many annoying declarations and constructs that usually result in compilation failure.

the 'clean headers' only contain type and macro definitions, with the exception of a couple static inline functions used for performance reason (e.g. optimized CPU-specific byte-swapping routines)

they can be included from C++, or when compiling code in strict ANSI mode. they can be also included before or after any Bionic C library header.

So , who's the idiot - the people who modded this insightful, or you for calling them idiots?

But let's look further - the kernel source headers used, as per the README.txt file:

the generation process works as follows:

* 'bionic/kernel/original/'
contains a set of kernel headers as normally found in the 'include'
directory of a normal Linux kernel source tree. note that this should
only contain the files that are really needed by Android (use
'find_headers.py' to find these automatically).

* 'bionic/kernel/common'
contains the non-arch-specific clean headers and directories
(e.g. linux, asm-generic and mtd)

*'bionic/kernel/arch-arm/'
contains the ARM-specific directory tree of clean headers.

* 'bionic/kernel/arch-arm/asm'
contains the real ARM-specific headers

* 'bionic/kernel/arch-x86'
similarly contains all headers and symlinks to be used on x86

* 'bionic/kernel/tools' contains various Python and shell scripts used
to manage and re-generate the headers

Looks like you made a monkey of yourself :-)

The H Open:
http://www.h-online.com/open/features/What-s-new-in-Linux-2-6-38-1205467.html

Looks like things will improve with OSX 10.7. Webkit2 should bring some of Chrome's innovations to Safari.

There's an interesting interview with two "Mac hackers" on Heise.

Perhaps that's the problem -- they assumed the messages were only 180 characters, thus were susceptible to buffer overruns. In general, this is what happens when you ignore the robustness principle and trust the data you are receiving to be properly formed. Several years ago I was able to crash the login process in Windows NT servers by sending invalid SMB messages, so it's not that uncommon. (This was by accident, I wasn't TRYING to crash the machines, just use them for authentication. And of course Windows NT was designed so that you cannot shut it down gracefully once the login process is gone...)

Thanks god nothing like that can happen today - USB driver bug exposed as "Linux plug&pwn"

Rafael Dominguez Vega of MRW InfoSecurity has reported a bug in the Caiaq USB driver which could be used to gain control of a Linux system via a USB device. The bug is caused by the device name being copied into a memory area with a size of 80 bytes using strcpy() without its length being tested. A crafted device with a long device name could thus write beyond the limits of this buffer, allowing it to inject and execute code. Because the driver is included, and automatically loaded, in most Linux distributions, to execute code in kernel mode an attacker would merely have to connect such a device to a Linux system's USB port.

Actually there is NO evidence that hysteresis is a real problem or even pertains AT ALL to data recover from overwritten magnetic media.
There has been no demonstration of file recovery after a single overwrite. An occasional bit, and maybe an entire byte, but no complete file. Its a myth.

But there are reliable methods that work well on ssd drives OR spinning storage. That involves erasing the file(s) followed by filling the drive to capacity with copies of some random binary image files. This is actually practical on smaller/faster SSD drives (where this can be done quickly), not so much on large spinning drives.

Since even a single overwrite will effectively make file recovery impossible, any method of inducing that should suffice.

Instead, lets blame the idiot vendor they're relying on to deliver their solutions.

The 1 system not running Linux in my house is my wife's Macbook. My 2 daughters run Linux successfully. We all print to and scan from a multi-function scanner/printer/fax/copier. We can all network print. I have a scanner that I use for more detailed work. My wireless router is a homebrew running Linux which also functions as a print server.

My business runs on Linux. My client solutions run on Linux. I'll just say it, my world runs on Linux.

This article states there has been a change in leadership. The new boss is apparently anti-Linux, despite their own studies showing that the current systems are viable.

I see that Google is asking the PTO to re-examine 4 of the patents in question and will probably ask for a stay of the proceedings until that is done. That should be good for a delay of 3-4 years, ten years tops. And there are 3 more in the wings that Google is likely to throw into the re-examination bin. If the PTO says yes, Oracle is going to have find some other way to expedite things if they want to see any money soon.

According to this article, it uses standard ZRTP for voice and OTR for text.

Phillip.

That was sarcasm. If people want encrypted VoIP, they'll load Skype. There are already umteen million Skype users, so there is an actual possibility there will be someone to use it with.

The wonder of Android phones is that you can download and install software on it. Much like if you wish to speak to somebody on Skype both parties must install the requisite software, this also works with other software too.

Wake me when they write an Android/iPhone app that can insert itself into a traditional voice call, encrypting the voice stream without using VoIP.

Whilst you were asleep, traditional voice calls have switched from analogue to digital. It's now all packet based behind the scenes.

Obviously it'll only work if the person on the other end has the same software, but not relying on a 3G data channel would be a major step forward.

Eg Wifi? From here: "In contrast to many other SIP programs, RedPhone does not use a SIP gateway for communication, but establishes a direct connection to the other (RedPhone) user via WLAN or UMTS."

Good luck with that, by the way. Short of giving everyone OpenMoko hockey-puck phones, good luck in finding a way to insert yourself into the voice stream on a traditional cell phone.

Forcing me to pay for calls rather than calling for free where I have wifi? This is an advantage?

Phillip.

Decrypt passwords in a typical Unix shadow file

Which is not what was hacked. These were external passwords (eg. to your mail account.)

Errm, no. Mostly internal Passwords actually (which may actually be worse, like VPN & WiFi secrets), and not the Mail passwords (with one exception, surprise: MS Exchange):

http://www.h-online.com/security/news/item/Lost-iPhone-lost-passwords-1186579.html

Not all data was accessible however – Apple has added extended security features to iOS 4, which allow apps to improve the security of data on the file system and in the keychain by assigning them attributes such as NSFileProtectionComplete and kSecAttrAccessibleWhenUnlocked. These attributes cause the data to be encrypted, so that the iPhone cannot decrypt them without the user's passcode.

At present, however, few applications utilise this feature, which is only available on iOS 4 – even Apple's own apps barely make use of it. A significant exception is the Mail app, which uses the kSecAttrAccessibleWhenUnlocked attribute when saving passwords for accessing email. The password stealing demo was unable to decrypt these passwords. Interestingly, the password was not protected when, for example, a Google Mail account was addressed as an MS Exchange account. The researchers were also unable to access passwords saved in Safari.

I now uninstall Java from any systems I work on as a security precaution. The auto-update is a nice 'feature', but in most client's systems I work on, none of them have any compelling reason for an installation of Java.

Over two years and no fix for Java

"Sami Koivu has released details of a security vulnerability in Java which he reported to Sun in 2008. A quick test using the current version 1.6.0_23 reveals that it remains unpatched "

I'm not so sure I trust BSD code to be secure.

This story in English.

Funnily their English office/rep web site still runs IPv4 exclusively.

My bad, there were rumours and they were apparently wrong.

The link in the story just points to the list post announcing a new major version of the Linux kernel. Note that the changes listed in the post are for changes from the last release candidate (-rc8) and not from the last major kernel release (2.6.36). For an overview, it's better to head over to Kernel Newbies. It even has a section which summarizes the "cool stuff", major features that the new kernel brings.

Interestingly, the overview appears to overlook what I believe is a major feature introduced in 2.6.37: power management for USB 3. I may have to do some more digging through the actual kernel changelogs. Maybe the change was reverted during the last few candidate releases, but I remember reading about it in H-Online, particularly this part:

The XHCI driver for USB 3.0 controllers now offers power management support (1, 2, 3, 4); this makes it possible to suspend and resume without temporarily having to unload the driver.

(In the original, the parenthetical numbers are links to the kernel commits.)

Power management for USB 3 would have been the most important new feature for me. Without it, you have to resort to a number of ugly hacks to hibernate or suspend a laptop or a motherboard with USB 3 enabled. (Turning off USB 3 in the BIOS is a hardware hack that allows you to bypass the software hacks.)

For those of us that didn't read the article, wikileaks revealed that the SHA has terminal cancer and will die soon.

SHA-1 has had terminal cancer a very long time: it was cracked over 4 years ago. Anything Wikileaks may have revealed about SHA-1 is very old news indeed.

Supposedly the 2.6.36 kernel addresses this issue. I don't know if the problem has been completely fixed, or mostly fixed, or what, since I haven't tried that kernel yet (too bad there isn't an easy way to install kernels in a cross-distro fashion!).

Read the bullet points here, particularly the ones in the middle, as there has been multiple things done to this kernel to improve performance:

http://www.h-online.com/open/features/What-s-new-in-Linux-2-6-36-1103009.html?page=6

i don't know much about this but i recently upgraded to ubuntu 10.10 currently kernel 2.6.35.22 and file copy/cut, paste are much faster than 10.04. noticed it right off the bat after upgrade.

Supposedly the 2.6.36 kernel addresses this issue. I don't know if the problem has been completely fixed, or mostly fixed, or what, since I haven't tried that kernel yet (too bad there isn't an easy way to install kernels in a cross-distro fashion!).

Read the bullet points here, particularly the ones in the middle, as there has been multiple things done to this kernel to improve performance:
http://www.h-online.com/open/features/What-s-new-in-Linux-2-6-36-1103009.html?page=6