Slashdot Mirror

Why does that patch differ from the following patch (which also, supposedly, fixes the exploit) ?

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edbfb804f49cbc44

Which is the right/better fix?

There is a new version of the kernel, 2.6.24.2 at kernel.org.

There is a new version of the kernel, 2.6.24.2 at kernel.org.

From what this looks like (given the "old code" comments, and timing of the release of exploit code), I'd say that someone realised that their pet root exploit was being patched in the current kernel (2.6.24.1), and wanted to have a final go at increasing the impact of the exploit before it was snubbed out. I find it hard to believe that, coincidentally, they just happened to post this exploit on milw0rm the day after the change appeared in the kernel.

Poor form, but I guess it has at least made a few more people aware of the severity of the issue.

What tires me about these REVELATIONS and DISCUSSIONS is the lack of any real
risk assesment.

Note: The bug is already fixed: see,

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff; \
h=712a30e63c8066ed84385b12edbfb804f49cbc44

as "Bastian Blank [Sun, 10 Feb 2008 14:47:57 +0000 (16:47 +0200)]", a 1 line fix ...

--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1234,7 +1234,7 @@ static int get_iovec_page_array(const struct iovec __user *iov,
                                if (unlikely(!len))
                                                break;
                                error = -EFAULT;
- if (unlikely(!base))
+ if (!access_ok(VERIFY_READ, base, len))
                                                break;

which any of you can retrofit to your old(er) kernels ie edit, make, install.

Now the exploit is complicated, that does not excuse the BUG, Linus and Andrew
have been working up a storm for months about the balance between innovation
and quality but as the commercial distributions have been pushing features and
back on maturity testing this was bound to happen.

The truth here is that without the machine readable exploit code it would be
hard to exploit, and anyone can apply such a simple fix without waiting for
Greg K-H and the stable team.

FINALLY, I am very suspicious about the release timing of this and the OBSD PRNG
stories which I suspect a FUD, pure and simple, which is not to say you shouldn't
fix your systems and press your commercial distributions to _prefer_ quality.

if (unlikely(!base))

if (!access_ok(VERIFY_READ, base, len))

My bad. The fix is already in 2.6.24.1

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1

-EasyPrey

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edbfb804f49cbc44

Expect a 2.6.24.2 real soon....

Upstream patch for the vulnerability tickled by that specific exploit is here
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edbfb804f49cbc44

Red Hat tracking bug (Enterprise Linux 5 is affected, but 4,3, and 2.1 are not)
https://bugzilla.redhat.com/show_bug.cgi?id=432251

Fedora tracking bug
https://bugzilla.redhat.com/show_bug.cgi?id=432229

In other news, Linux v2.6.19.3 was released on February 5, 2007 (6 days after Vista). There have been 75 new kernel releases since then. Source: going to ftp://ftp.kernel.org/pub/linux/kernel/v2.6/ and counting ChangeLogs since then. I'm not sure why this is news.

A poor farmer dies and goes to heaven. the gateman at the pearly gates treats him brusquely and with disdain. The farmer is wondering if he came to the right place, when a loud procession seems to approach from the distance. With much fanfare and great rejoicing, a rich man is being brought in. He is being sung to heaven by angels with harps and with saints in attendance. They take him in in great style, and the farmer is still standing there unnoticed. When everyone has passed, he takes up his bundle again and prepares to leave downwards.

The gateman stops him. "Where do you think you're going? You've got a pass to heaven, now go in there and enjoy it."

The farmer says "What use coming here if the same differences apply as on earth? There I was neglected and rich men were preferred, and it seems heaven is not an exception. I've had enough of heaven, I had better go elsewhere"

The gateman laughs heartily and says "It's not what you think. Actually, poor farmers like you arrive here everyday in droves. A rich man comes only once in a millennium or so. That's why we were celebrating a little."

In other news, Linux v2.6.19.3 was released on February 5, 2007 (6 days after Vista). There have been 75 new kernel releases since then. Source: going to ftp://ftp.kernel.org/pub/linux/kernel/v2.6/ and counting ChangeLogs since then.

I'm not sure why this is news.

The last major release of the kernel was 18-Dec-2003. Linus has said that he doesn't expect to ever roll a 2.8 version. As far as major changes go, the kernel is solid.

I am not going to check, but I think you'll find something similar if you check apache. I am betting that the famous webserver is solid enough where they don't update much.

Firefox/OpenOffice/Gimp on the other hand all need to keep adding features and improving themselves to provide users with enjoyable experiences. If you are interested, you can look through Mozillas Issue Tracker and find bugs to discuss. The guys behind that site are great... and I got help from them while I was setting up a Mozilla Tinderbox installation to use on a company project years ago. Definitely still Bazaar-style.

In between 10 or 20 years, all the productivity software will be so stable that it will virtually never change. In your words, it will be like a Cathedral... but it won't be because every Community College in the country will be able to teach a course on Monolithic Kernels and dig into the Linux code as an example. The nature of the Cathedral does not embrace the sharing of secrets in this manner. Information is safeguarded so that power can be preserved. The Bazaar, on the other hand, has no secrets to the way they operate (only things that they haven't gotten around to writing adequate documentation for, yet).

Hard Drive DVD ROM Case

Other software:

0. Install DSL to hard disk, reboot, and configure

1. Upgrade (Apps->Tools) to gnu utils

2. Install gcc

3. Install zile (MyDSL) for editing convenience

4. Other software (for building natively and installation):

http://www.kernel.org/pub/linux/kernel/v2.7/linux-2.6.23.tar.bz2

ftp://alpha.gnu.org/gnu/grub/grub-1.95.tar.gz

ftp://ftp.gnu.org/gnu/bison/bison-2.4.tar.bz2

ftp://ftp.gnu.org/gnu/m4/m4-1.4.tar.bz2

http://www.oberhumer.com/opensource/lzo/download/lzo-2.02.tar.gz

http://www.zlib.net/zlib-1.2.3.tar.gz

http://www/perl.com/CPAN/src/perl-5.8.8.tar.bz2

http://ftp.gnu.org/gnu/autoconf/autoconf-2.61.tar.bz2

http://ftp.gnu.org/gnu/libtool/libtool-1.5.24.tar.gz

http://xorg.freedesktop.org/archive/X11R3/src/everything/index.html

`grep bz2 index.html | sed s/^.*\.bz2\"\>// | sed s/\<.*// | sed s,^,http://xorg.freedesktop.org/archive/X11R7.3/src/everything/,`

http://gitweb.freedesktop.org?p=xorg/util/modular.git;a=blob_plain;f=build-from-tarballs.sh

http://downloads.sourceforge.net/expat/expat-2.0.1.tar.gz

http://downloads.sourceforge.net/libpng/libpng-1.2.24.tar.gz

http://www.fontconfig.org/release/fontconfig-2.5.0.tar.gz

http://download.savannah.gnu.org/releases/freetype/freetype-2.3.5.tar.bz2

http://xcb.freedesktop.org/dist/libxcb-1.1.tar.bz2

ftp://xmlsort.org/libxslt/libxslt-1.1.22.tar.gz

ftp://xmlsort.org/libxslt/libxml2-2.6.30.tar.gz

http://xcb.freedesktop.org/dist/xcb-proto-1.1.tar.bz2

http://www.paldo.org/paldo/sources/pthread-stubs/libpthread-stubs-0.1.tar.bz2

http://www.paldo.org/paldo/sources/xau/libXau-1.0.3.tar.bz2

http://www.paldo.org/paldo/sources/xproto/xproto-7.0.11.tar.bz2

There you go:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=tree;f=drivers/net/wireless;h=45adf0a95539e8a0ca5fddbb720319a9b7b39978;hb=HEAD
If you want a suggestion on what to buy, support for Intel chipsets is very good. I have a 4965 device supported by iwlwifi and it works like a charm.

Perhaps a mirror list would be appropriate: http://www.kernel.org/mirrors/

You can also use PAM to limit su to users of the wheel group. Just add auth required pam_wheel.so to /etc/pam.d/su (http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_wheel.html)

If only someone would point that out to Microsoft.. the most obvious exception to your relationship.

No kidding. If it wasn't for Microsoft, I could have used the word "quite" instead of "often". It's not enough to have millions of beta testers (err, I mean customers) - you have to provide a way to listen to them. Collecting $99 or $249 to open a PSS ticket (and then spout worthless advice such as "do an in-place Windows reinstall" instead of providing a fix) doesn't cut it.

At least free software gets this right.

Ask and you shall receive.

Even if Linus loved the GPLv3, there is so much code contributed to the Linux kernel without a transfer of copyright and under GPLv2 only terms that it couldn't be changed anyway

A long time ago, Linus changed the license of Linux from a non-free license to the GPL. Did he ask everybody for an explicit grant of license under the GPL? No; he announced his intention to change the license, and asked that anybody with "grievances" mail him.

Maybe all he needs to do to upgrade the version of the GPL used is to ask the few major corporate contributors for permission, and tell everybody else to mail only if they have a problem.

Stable API Nonsense

I have also never submitted a kernel patch, but I want to try to answer your excuse. Start at kernel.org. Read through the Bugzilla Open Issues. I have read this book and it does an excellent job introducing the tools and techniques needed to work with the kernel.

To attack the meat of the article (Open Source Sun CPU), it is valuable because it gives the specialized community a rallying point to get behind. There might be less than 100,000 people qualified to do anything meaningful with this... but I assume you that the majority are not within the Sun umbrella and thus the release serves to benefit the majority of those who are qualified. And I would guess that a handful of the people who would care are old enough to be retired and would take an interest purely as a hobby that they wouldn't be able to do otherwise.

The other value is that as a student of computer science and engineering who graduated in '01... I haven't dealt with ANY of this type of work and that is a damned shame. A single university probably can't afford the $1B price tag, but I would bet a consortium of schools (MIT, CalTech, Stanford, CMU, Northeastern, RPI, UChicago, UPenn, et cetera) would jump on this. Could 20 schools inject $50M each? I think so. Add the value of educating 50 students per year at each of those schools (1,000 per year) would overvalue the $1B initial cost. After five years, the average cost per student would be as low as $50,000 because economies of scale would kick in (and I think you would agree that I have used extremely modest estimates).

So yeah, this is a VERY GOOD THING (TM).

I have also never submitted a kernel patch, but I want to try to answer your excuse. Start at kernel.org. Read through the Bugzilla Open Issues. I have read this book and it does an excellent job introducing the tools and techniques needed to work with the kernel.

To attack the meat of the article (Open Source Sun CPU), it is valuable because it gives the specialized community a rallying point to get behind. There might be less than 100,000 people qualified to do anything meaningful with this... but I assume you that the majority are not within the Sun umbrella and thus the release serves to benefit the majority of those who are qualified. And I would guess that a handful of the people who would care are old enough to be retired and would take an interest purely as a hobby that they wouldn't be able to do otherwise.

The other value is that as a student of computer science and engineering who graduated in '01... I haven't dealt with ANY of this type of work and that is a damned shame. A single university probably can't afford the $1B price tag, but I would bet a consortium of schools (MIT, CalTech, Stanford, CMU, Northeastern, RPI, UChicago, UPenn, et cetera) would jump on this. Could 20 schools inject $50M each? I think so. Add the value of educating 50 students per year at each of those schools (1,000 per year) would overvalue the $1B initial cost. After five years, the average cost per student would be as low as $50,000 because economies of scale would kick in (and I think you would agree that I have used extremely modest estimates).

So yeah, this is a VERY GOOD THING (TM).

As usual with Linux, at the time slashdot picks the story up, the problem has
been fixed for some time (10 days ago in Linus' tree, in various test trees quite a bit longer):

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f09e495df27d80ae77005ddb2e93df18ec24d04a

We are free today because thanks to GNU, Linux and other projects we can run our personal computers and our business machines on free software that we trust.

This was easy because the only thing that keeps you away from freedom when using closed-source software is a few hours work to write down your own code and share it...

But it was all possible because currently most hardware is still open and obeys the user. What will we do if X years from now hardware becomes predominantly filled with DRM? How will free people cope? Hardware is already closed-source and you cannot find technical documents, and this actually does limit our freedom (we want to run hardware on GNU/Linux or *BSD but manufacturers don't give technical documentation, so people rely on reverse engineering etc). Interestingly, in the past hardware was much more open, for example every home micro computer came with nice manuals explaining many technical details about your shiny new hardware baby or even books teaching you programming... Nowadays when people buy a PC or laptop they get a Windows-infected machine, with a manual explaining only how to connect the cables, and instead of compilers and programming languages (Even BASIC qualifies) they get games. To people who got used to computers from a young age, our era seems like a dark age of computing, as if the whole world became stupid within 2-3 decades.

So, to return to what I wanted to say, that's why we need open hardware (or free hardware). if the hardware is closed then it defeats the purpose of free software. We need more people to join efforts to design processors and other hardware under the GPL. At least this will solve the closed-source problem. We will still face the manufacturing problem (now, if someone could design a cheap 3D printer capable of fabbing chips). But hopefully if we design successful hardware using the GPL, more big manufacturers will notice it and start producing it. Otherwise, I suppose that free people will have to rely on homebrew computers or old hardware (by the way you will be surprised how long old computers can last... but the modern computers often break up after a few years, and this happens even with the modern HDDs that seem to break more often than older HDDs as well, as if they are engineered to make people buy new ones every few years).

Sadly when trusting technology development to a few big names (eg Intel etc), users end up being just that, users. They are denied the freedom to play and really own their machines. You can't be a truthful owner of our machine unless you understand every tiny detail about its operation, and this is only possible when you get up to start hacking it, breaking it, fixing it, and finally building your very own machine. This McDonaldisation of computers, both hardware and software, really makes me sick... I mean, where do people see the joy in using machines that do not express their own personality? Everyone runs the same software, the same OS, the same CPUs, the same beige boxes... Nobody feels any curiosity as to what is inside that beige box anymore. Nobody feels any urge to be true owners of their machines, to customise their machines, or to build their own machines. Yes, the free software movement is very good, but we need more than that. We need a more massive homebrew or free hardware movement. If you have kids, please teach them how to play with electronics and how to build stuff, and try to make them express their personality by building their stuff. Otherwise, if all kids learn is how to chat on MSN, then after the last amateur heroes die the whole society will be completely submerged in shit.

Because that so-called 'rag tag band of volunteer programmers' is largely paid by Novell, Sun, Oracle, RedHat etc.

Grab the latest changelog from a kernel - say 2.6.24-rc3: http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.24-rc3

Count the "Author:" lines in that file. Out of 204 unique entries, 17 is from IBM, 7 is from RedHat, 5 is from Suse and 5 is from Oracle.

You state that the kernel developers are largely from these corporations. I make that only 16.6%. Not only are you sorely wrong - why you post gained +5 insightful is beyond me.

jfyi, mainline linux kernel 2.6.25+ is expected to have dns323 support out of the box (check out the http://git.kernel.org/?p=linux/kernel/git/nico/orion.git repository)

see also http://dns323.info/

now would you beleive it!

6 years ago...

http://www.linuxtoday.com/news_story.php3?ltsn=2001-01-05-001-04-NW-LF-KN

Date: Thu, 4 Jan 2001 16:01:22 -0800 (PST)
From: Linus Torvalds torvalds@transmeta.com
To: Kernel Mailing List linux-kernel@vger.kernel.org
Subject: And oh, btw..

In a move unanimously hailed by the trade press and industry analysts as
being a sure sign of incipient braindamage, Linus Torvalds (also known as
the "father of Linux" or, more commonly, as "mush-for-brains") decided
that enough is enough, and that things don't get better from having the
same people test it over and over again. In short, 2.4.0 is out there.

today ...

http://kernel.org/

The latest 2.4 version of the Linux kernel is: 2.4.35.4 2007-11-17 17:44 UTC F V C Changelog

Take a look at this set of videos from MIT's 6.004 Computation Structures class. They basically walk through the design of a simple 32-bit CPU from transistors, to gates, to functional blocks, to a full processor.

Anyway, reading about how hard it was to recreate the source code from the 4004 makes me wonder how easily we could find source code for some apps from even a decade ago. Lots of companies have gone bankrupt / discontinued products / been sold / etc, and we all know that lots of people aren't good about backing up their code. It's neat to go to the Linux Kernel Archives and look at the Historic Linux sources.

--
Educational microcontroller kits for the digital generation.

nVidia nForce3 has a bug setting the agpgart since april, 2006 http://bugzilla.kernel.org/show_bug.cgi?id=6350 . So why not fix this bugs ????

2.6.23 was released on October 12th. Once it's released it's not really bleeding edge, just leading edge. Working drivers for a released kernel is not too much to ask.

Laptop users may want to stick with 32-bit Ubuntu, since the CONFIG_NO_HZ (tickless kernel) option isn't available in 64-bit kernels yet.

If you're feeling adventurous, patches here: http://www.kernel.org/pub/linux/kernel/people/tglx/hrtimers/

*grr* Dear Open Source Community, This is why FOSS/OSS is not a threat to M$.

i can go to any company in the first world and know how to operate their computers.

Until you guys start consolidating your efforts and making ONE worth office suite (OO.o is cool, i use it as much as i can, but it is NOT a replacement for MSO yet), and ONE operating system, the world will view Linux and Open Source as the purview of nerds.

Nothing would please me more than to reformat my hard drive, install TEH Linux (teh as in, the only one).

i can't rely on OO.o until it can mail merge and has a "Send to Email Recipient" button.

i can't until i know that i'm not going to need to learn shell scripting or CLI to get the thing to install or work.

i can't until i know that the files i create can be used on the most possible machines.

Pooling your efforts just might get that done.

Sure, great, but don't stand there scratching your head wondering why you use Debian at home but must suffer through using Windows at work. Or why you have to load Windows when you want to play a current game, or just about any game with more than one player.

i don't want choices in operating systems, i want choices in software and hardware.

Mac and Linux (and the other pet OSes) offer a fraction of what M$ does.

Remember kids - If someone says something you disagree with, mod them as Flamebait!

Old news. This was fixed in 2.6.22.7

Does anyone know a timeline for a patch? The securiteam.com article has no comments and I found no mention on the Linux Kernel Mailing List. I know I should just subscribe to LKML but has anyone seen any recent email traffic regarding this exploit?

As parent suggested that later 2.6.23-rc might have fixed this already, I read through the changelogs, but all I found was a reference to a ptrace bug in 2.6.23-rc6 ("On x86_64, this constitutes a regression in IA32 compatibility support.") So I think the vulnerability has not been discussed on LKML yet.

At some point, you have to deal with the fact that there is going to be some overhead in dealing with an object-oriented approach. Even if the significance is near 0, the scheduler is pushing operations on the CPU on an incredibly large scale, which might show its ugly face in performance. IMHO, it wouldn't, but I guess Linus knows better than I...

Anyway, there is this great site called the Linux Kernel Archives, which has the source code for every version of the Linux kernel ever put out. If somebody was really serious about using their own CPU scheduler, all they have to do is take the latest version of the kernel, download the source code and modify sched.c to fit their needs. Even if it isn't object-oriented, that doesn't change the fact that everything else in the kernel only cares that default_wake_function tries to wake up a thread - it doesn't matter how it works on the inside. All the other parts know about is the sched.h header file.

Sure, it isn't on-the-fly pluggable, but different distributions could easily use different schedulers if they simply compile the kernel. A distribution could make a sched.c that is pluggable (it would have an interesting look to it, but it could be done). I wouldn't want to debug it, but for all this complaining, you'd think somebody would do something about it.

Ok, it may be news to all of you, but Ingo Molnar has been working on a schedular that incorporates most of Con's ideas. It's called the 'Completely Fair Scheduler' (CFS), and its slated to be released in the 2.6.23 kernel.

If you'd like to read a bit about it and see some benchmarks comparing it to Con's SD scheduler, there's some very good coverage of it all over at kerneltrap.org

As for people calling for a fork of the Kernel, they obviously don't understand the Kernel development process, or how many forks currently exist.

Ever tried installing a Linux 2.0.x-based distribution on a brand new PC? There's a lot of hardware in newer computers that isn't supported, it boots and your keyboard will probably work, but your graphics card, soundcard, SATA drives and all that stuff will most likely not work without some major upgrades...

Ok I'll bite. Come on, you have a 106xx UID- you should know better. For one, Linux 2.0.x was 1996. Any Linux distro today has great hardware support for various chipsets, SATA drives, soundcards, and so forth. One just has to try any of the various live Linux CDs to verify this. There are free video drivers included which support various hardware and if you want proprietary video drivers those are available.

Linux distro install discs have had SATA support long before Windows SP2 discs came out...

I don't think downloading this is theft.

And yet the most important performance bugs in the kernel haven't had any updates.
http://bugzilla.kernel.org/show_bug.cgi?id=7372
http://bugzilla.kernel.org/show_bug.cgi?id=8636

I do not understand the fixation on CPU scheduling when there are so many other things that need attention. [Heck, if disk IO performance is so broken, I certainly don't have the guts to try out the new firewire code in 2.6.22 as well and add another variable into my life.]

And yet the most important performance bugs in the kernel haven't had any updates.
http://bugzilla.kernel.org/show_bug.cgi?id=7372
http://bugzilla.kernel.org/show_bug.cgi?id=8636

I do not understand the fixation on CPU scheduling when there are so many other things that need attention. [Heck, if disk IO performance is so broken, I certainly don't have the guts to try out the new firewire code in 2.6.22 as well and add another variable into my life.]

Another CFS flamewar within 2 weeks of the last slashdot article on it.
http://linux.slashdot.org/article.pl?sid=07/09/01/1853228

And yet the most important performance bugs in the kernel haven't had any updates.
http://bugzilla.kernel.org/show_bug.cgi?id=7372
http://bugzilla.kernel.org/show_bug.cgi?id=8636

I do not understand the fixation on CPU scheduling when there are so many other things that need attention. [Heck, if disk IO performance is so broken, I certainly don't have the guts to try out the new firewire code in 2.6.22 as well and add another variable into my life.]

Another CFS flamewar within 2 weeks of the last slashdot article on it.
http://linux.slashdot.org/article.pl?sid=07/09/01/1853228

And yet the most important performance bugs in the kernel haven't had any updates.
http://bugzilla.kernel.org/show_bug.cgi?id=7372
http://bugzilla.kernel.org/show_bug.cgi?id=8636

I do not understand the fixation on CPU scheduling when there are so many other things that need attention. [Heck, if disk IO performance is so broken, I certainly don't have the guts to try out the new firewire code in 2.6.22 as well and add another variable into my life.]

Jiry and Nick have placed their names as copyright holders regardless they haven't made substantial changes.

Did you even read COPYING?

5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.

So. You need to accept the licence in order to modify or redistribute Linux. You'll find nothing in there about using it. I don't have any licence at all to use Linux, because I don't need one. I may use my copy of Linux as I see fit because it is my copy. I do have a licence to copy Linux, to modify and redistribute it, and that licence imposes conditions; I need to accept that licence because otherwise I would be in breach of copyright.

That way they don't have the chicken/egg problem of how to download and burn the installation disc.

HP is very GNU/Linux savvy. They have a Linux landing page. They certify six different distributions. Their Insight Diagnostics are actually a custom Linux distro for performing system diagnostics and repair on their systems. HP supports open source software, and has for a long time. They support organizations such as the Free Software Foundation, Open Source Software Institute, and the Linux Foundation. The home of the Linux kernel, kernel.org runs on donated HP servers.

They often sponsor community events like the Linux Kernel Developer Summit, the Debian Conference, the International Free Software Forum, GNOME User and Developer European Conference, the Desktop Linux Summit, the Libre Graphics Meeting, and LinuxWorld. HP has not only supported Open Source projects, they have over 100 of their own. They have over 1,000 open source printer drivers. It's nice knowing you can plug in the HP printer and it will just go. Once upon a time printer drivers in Linux were a severe pain point.

So if you're considering buying a PC with Linux on it, apparently you could do worse than go with the HP one. (Full disclosure - I don't work for HP and I don't sell their stuff, but I do work in the business so of course I deal with their stuff somewhat. My opinions are my own, YMMV, yadda yadda.)

Now that Microsoft has decided to sell PCs it's natural for other PC sellers to consider their options. Every Windows + Office sale is a profit center Microsoft can use to subsidize their attack on the PC market much like they're funding their attack on the game console market. If you're a company that is already in the business of selling PCs, subsidizing your competitor is a very bad idea -- especially if the competitor can offer themselves considerable discounts on software.

Screw the CPU scheduler at this point. The kernel folks are missing the obvious and utter brokenness of the IO scheduling. These bugs have been outstanding about a year now!! And it's not just AMD64 anymore either. Quoth the kernel bug report:

"Now, as far as this bug being AMD64 only. We develop a portable data analysis
tool and we run it on Intel Core Mobile systems (Sony UX series, Panasonic
Toughbook series) and see this bug or one almost exactly like it on those
platforms as well.
"

http://bugzilla.kernel.org/show_bug.cgi?id=7372
http://bugzilla.kernel.org/show_bug.cgi?id=8636
http://www.nabble.com/IO-activity-brings-my-deskto p-to-its-knees-(2.6.22.1-ck1)-t4192136.html
http://forums.gentoo.org/viewtopic-t-482731-start- 500.html

At first, deadline IO was touted as an answer, but that doesn't completely fix things.
Some say Native Command Queueing is broken. One person claims deadline + NCQ disabled helps.
Some say the kernel's vfs_cache_pressure settings help, while others refute it (compare kernel bug report versus page 21 of the gentoo forum thread). But no one understands what's really broken in the kernel.

Can we please get Ingo working on IO scheduling? PLEASE?