lwn.net · Domains · Slashdot Mirror

Transifex by Ignacio · 2009-04-28 06:23 · Score: 1 · on Crowd-Source Translation Software For Free Content?

One option worth looking at is Transifex. It's being very actively worked on, with the release of the next version imminent. Also, a hosted version is planned, so you eventually won't even need to maintain a server to run it on. It works with the big five FOSS VCSes, and the new version will be able to crack open tarballs as well. The Fedora Project has been using it for about a couple of years now, with great success.

Re:Tools exist: we do it this way. by nick_urbanik · 2009-04-26 22:02 · Score: 5, Interesting · on Cross-Distro Remote Package Administration?

I work in a large ISP, and this is the way we manage updates for the various Linux platforms we use. Quite simple, really. You can build tools that help: diff between the downloaded updates and what you have in your own repository, and mail you the ones that you are not using. I find lwn.net's security pages useful in keeping track of what security updates matter to us.

Re:Here's praying... by slamb · 2009-04-24 22:54 · Score: 1 · on Oracle Top Execs Answer Sun Employee Questions

In distros like Fedora, which include utrace, you already can use systemtap to probe both the kernel and userspace without problems (sure, it lacks the "final polish" of dtrace, but all the hard has been done)

Really? Are there probe points for userspace method entry and exit? Is there a way for dynamic languages to add probesets like the dtrace jvm agents? I haven't seen anything like that. Got an example?

I'm looking around a bit, and this LWN article on utrace doesn't make it clear to me what actual functionality exists today.

Usually get it backwards by Jah-Wren+Ryel · 2009-04-23 10:39 · Score: 1 · on Paid Online News Venture Fails To Get Subscribers

I didn't see full details in the linked AP article, but these schemes almost always get it backwards.

Content is ubiquitous. They need to look at charging for something other than content. For example, charge for timeliness. In other words, put up a paywall that only surrounds the latest week or two of articles. And I don't mean AP reprints, I mean timely local news coverage and opinion that isn't available anywhere else. Let people who want that information as soon as it is available pay a premium, but eventually migrate it all out to the free world. That way you build up an portfolio of work that is both useful to people do research on the net and gives a very good idea of what people will get for their subscription money.

They might even take it a step further and sell a subscription tier that does include hardcopy delivery in addition to electronic, like the WSJ and Consumer Reports do.

The Linux Weekly News works like that - you want this week's news this week - that requires a subscription, but if you want last week's news or last year's news, that's free.

Re:Linux by annodomini · 2009-04-22 17:31 · Score: 5, Interesting · on Intel Cache Poisoning Is Dangerously Easy On Linux

If an attacker can run code as your user account, then they can insert alias sudo=evilpasswordstealingsudo (as well as alias su=evilpasswordstealingsu) into your .bashrc and wait for you to start a new shell and run one of those commands.

Basically, if an attacker gets local access to an account that is ever used to privilege escalate to root, then the attacker can get root. And even if not, there are frequently local root exploits (like a recent udev bug) that can escalate ordinary user privileges to root privileges. You should always assume that once an attacker has some access to a machine, that they can root it; treat any kind of remote-code execution exploit as if it were a remote root, and treat any kind of privilege escalation exploit as a remote root (since if one exists, there's a high probability that the other does too).

ESR said this loooong time ago by fahr · 2009-04-22 11:05 · Score: 1 · on "Good Enough" Computers Are the Future

Hm, late post, but I'm sure this trend was predicted by (in)famous 'open source' figurehead Eric S. Raymond way back in 2002.

No wait, make that 2000.

Don't jump to your guns and proclaim ESR's clairvoyant genius, though. In 2000, he said to LWN "I believe that will happen probably within five to six month from now." I hope for his sake he didn't sit and wait it out...

Re:Wow, this would wind me up fast by jmorris42 · 2009-04-21 09:25 · Score: 1 · on Windows 7 Starter Edition — 3 Apps Only

> Buying laptops with XP Pro rather than Home got difficult enough...

Buy professional grade laptops instead of home stuff and it isn't at all hard to find. HP and Lenovo will fix ya up with an XP Pro preload. Of course you have to pay for Vista Business to get the upgrade rights for XP Pro. But Vista Business is the roughly similar product to XP Pro so it isn't totally unfair.

> Linux returns of netbooks have been far higher than Windows, from what I've seen.

Quit spreading this debunked FUD. See LWN's link to one of the debunkings.

> Assuming of course that the netbook market doesn't go the way of the PDA market.

Too true. My prediction? The current netbook market will be dead in two years, replaced by subsidized crap from the 3G carriers in teh same way pretty much every PDA morphed into a cell phone with a contract. But perhaps the really cheap ARM netbooks will survive since they will be too cheap to subsidize at the current 3G rates.

Re:What about the audio...? by drinkypoo · 2009-04-17 06:47 · Score: 1 · on Ubuntu 9.04 RC Released

Realtime priority != realtime patch.

Yes, that's true. However, realtime priority without realtime patch is pretty damned non-realtime. Otherwise, we wouldn't need a realtime patch.

If you've got at least a dual core CPU, a stuck RT process shouldn't bring the system down. It'll use up one core, but you'll still have another to kill it.

Well, why don't you go test it? In the meantime you can read more about the issue.

Re:Sigh by Rycross · 2009-04-16 18:30 · Score: 1 · on Zombie Macs Launch DoS Attack

I don't know about Unix, but Linux servers can definitely be compromised and added to botnets. I recall an article that suggested that compromised Linux servers were typically used for the C&C servers for a lot of botnets. I couldn't find the article after googling, but light googling turned up similar articles such as this: http://lwn.net/Articles/222153/.

To address your second point, its true that its foolish to say that market share is the only point that matters. But its also foolish to say it doesn't matter at all. In reality, malware authors want to get the maximum penetration, so the equation comes out to(installed base * probability of infection). You could have the most insecure OS in the world, but if only 2 people are using it, no-one is going to bother. Likewise, you can have 99.99% market saturation, but if its incredibly difficult to penetrate, then no-one is going to bother.

But when it comes down to it, the OS you're running is only as secure as its stupidest user. There's pretty much no way to stop a user from installing malware along with their funny cursors and warez, short of not giving them root/admin (which, if its their computer, is not really feasible).

Oh, by the way, the vast majority of those MSSQL attacks are SQL injection attacks (stupid developers, not the product), combined with poor database permissions (stupid DBAs, not the product). IIS has been incredibly secure since version 6, and Windows Server is OK out of the box and getting better.

Re:I run Debian, and I run FreeBSD. by Jurily · 2009-04-05 13:52 · Score: 5, Insightful · on Debian Gets FreeBSD Kernel Support

As an honest question (from someone who, not that it matters, runs both slackware at home and xp at work), what's with the obsession with boot time? Can anyone explain why the free software community is so obsessed with this metric? I understand that embedded devices are better when they boot immediately - nobody wants to have to wait to make toast - but to boot a computer?

Boot time is the only time the computer is on when you can't switch to a browser while waiting for it to do something you want done, but aren't interested in the process. You can do that with copying, torrenting, uncompressing, compiling, encrypting, etc, but not boot.

Also, because you shouldn't have to wait.

Don't most people just sleep or hibernate their computer these days anyway?

I dual boot Gentoo and Vista. And ditching either one is not an option.

Re:One question: by shutdown+-p+now · 2009-04-03 10:44 · Score: 2, Interesting · on First Look At Fedora 11 Beta Release

It really sucked when most of the users could never have more than one application using audio simultaneously.

I have been actively using Linux way before PulseAudio first appeared, and I don't recall that being a problem. In fact, rather, there were always too many solutions, from dmix in ALSA to sound daemons such as arts and esound. Why add another one to the list, especially if it's not good enough yet?

If you have a problem with pulseaudio, please consider filing bug reports.

While it's definitely advantageous for users to file correct bug reports, not all of them understand the procedure, nor should they be made to. And, of course, developers shouldn't just ignore criticism under the excuse that it's not properly framed as a bug report.

For staters, how about this?

And that wouldn't have mattered... by coryking · 2009-03-27 11:48 · Score: 2, Insightful · on Are Long URLs Wasting Bandwidth?

...except they aren't using mod_gzip/deflate. At first I thought you browsed the web RMS style and maybe wc* didn't support compression** and you were just getting what you deserved***, but then I checked in firefox and lo and behold:

Response Headers - http://www.theglobeandmail.com/blogs/wgtgameblog0301/

Date: Fri, 27 Mar 2009 23:39:54 GMT Server: Apache P3P: policyref="http://www.theglobeandmail.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONi OUR NOR IND PHY ONL UNI COM NAV INT DEM STA PRE" Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html

200 OK
No compression!

If they had been using compression, it would have made all that whitespace fairly negligible.

Probably a result of how their template system stitches everything together. Still, that is pretty bad. There is no excuse to run a webserver and not turn on compression. It is the single biggest way to boost page-load and decrease bandwidth.

* wget 4 lyfe!
** compression is probably evil and Anti-Freedom(tm) somehow, kinda like images are evil or fads like "graphical user interfaces" are evil. In otherwords,anything that makes things easier or faster for a user is basically evil and Anti-Freedom****.
*** braindead comment spamming bots are the only thing not using compression (except RMS, probably)
**** I'll leave it to you, dear reader, to deduce if I'm serious. Hint: no hint.

Re:ZFS by Anonymous Coward · 2009-03-25 06:14 · Score: 0 · on Kernel Hackers On Ext3/4 After 2.6.29 Release

Sun doesn't want its platform to look even less appealing by allowing ZFS to be built into the Linux kernel. Personally I couldn't care less. I'll just wait for tux3 to mature. It just recently made it into the kernel I should add.

Re:It was nice while it lasted by Per+Wigren · 2009-03-24 20:48 · Score: 2, Insightful · on Last.fm To Start Charging International Users

I'm willing to pay for good enough internet services (like Linux Weekly News for example) though, but this is like a punch in the face. Most of the content in last.fm is fucking user contributed!

I also used to pay for Spotify but I cancelled my account when they suddenly decided to drop just about all independent and small-label bands that they didn't have formal on-paper contracts with. 90% of my crust-punk and power-noise/industrial playlists went red because of that, and they still haven't re-added a single band that were dropped. At the same time they also implemented region-based limits.

Back to CDs I guess... or.. err.. what.cd? I dunno...

Re:Xen is a big deal by Macka · 2009-03-24 12:10 · Score: 1 · on Oracle's Take On Red Hat Linux

KVM is part of the default Linux kernel now, and Xen isn't

Um, that's not strictly true. The domU Xen Code is already in the mainline kernel, and there's been some recent discussion to include dom0 as well. Based on a recent LWN article ( Xen: finishing the job ) I'd say there's a very good chance that will happen.

Why dang it? by MBCook · 2009-03-24 11:18 · Score: 4, Interesting · on Linux Kernel Benchmarks, 2.6.24-2.6.29

Neat. They benchmarked a bunch of stuff and some real changes obviously took place. I can't help but be comforted by their conclusion (paraphrased): "Stuff changed."

How about telling me why they changed.

Why did 2.6.29 double it's speed doing SSL signings?
Why did all the graphics tests speed up some?
Why did SQLite performance bomb for 3 releases?
What was the deal with 7-zip performance changing so much? What is it stressing that other tests aren't that cause it to vary?

There are reasons for these things. You could test and find them out. You could read the mailing lists and see if someone else posted explanations (others must have noticed the SQLite thing).

Heck, look at this list of new features and make guesses. I'd prefer "the newly added HyperScheduler v3.732 is probably the source of this" than the article's "things got faster, neat."

That's why I love LWN and the kernel page so much. They post why things changed, or at least reasonable theories.

Re:The most important missed out feature by slash.duncan · 2009-03-23 19:10 · Score: 5, Informative · on Linux Kernel 2.6.29 Released

I am impressed that Torvalds knows about this issue, and credo to him for raising people's awareness.

There's rather more community history behind it than that. The below is from memory based on various coverage I read on LWN and the like, but not fact-checked to be positive my memory is correct, so verify before acting on it as fact.

I believe it was at the annual linux.conf.au, tho I'm not sure but it was some such conference, widely attended by Linux kernel hackers, that the presentation was made. There was apparently a fairly big charity pledge drive related to the issue, with many of the kernel hackers taking part. Various ones of them, in addition to pledging their own money, pledged various acts should the conference pledge drive reach whatever goal ($10K, maybe?).

Well, the pledge drive was quite a success, and the various hackers either have or are in the process of fulfilling their various promises as a result. One of the ones that made Linux hacker community (and LWN) headlines was Bdale Garbee's pledge, to shave his beard. He hadn't been beardless in, I think, well over a decade (15 years? longer?). There was an LWN article on it with a photo (taken I believe at the closing ceremony or traditional post-conference party) of Linus as barber, doing the honors! =:^)

That's actually how I first heard about the whole thing, seeing that photo and reading the accompanying article. But apparently Linus' own pledge was to name a kernel version after the Tazmanian Devil. But he has actually gone one better, changing the logo for .29 as well as the name.

This logo, BTW, is the one the kernel framebuffer driver optionally displays at the top of the screen during boot, if the framebuffer is activated and the config option set to do so. There's a single logo displayed for every CPU/core, so my dual dual-core Opteron displays a nice row of four such logos. I can only imagine the row of 32 of the things on say a quad-socket oct-core machine. =:^)

Anyway, I've been running a kernel compiled directly from git for a few months now (switching to the stable series between release and rc2 or so, only running mainline git between rc2 and release), and am currently running:

$uname -r
2.6.29-rc8-223-ga1e4ee2

So I've had the pleasure of seeing four of these little beasties at boot for a week or so, now. =:^)

Anyway, it's not just Linus. It's the entire kernel hacker community that got involved, thanks to linux.conf.au. =:^)

All that said, while I obviously knew more about the Linux/kernel community side of things and had a bit of general awareness from that, I hadn't bothered reading up on the disease itself until taking the opportunity to click that nice wikipedia link you so thoughtfully provided. Now I know a bit more about it, and am hopefully returning the favor with the above info on the Linux community side of things.

OK, I did an LWN search and here's some relevant links, so folks can fact-check what I wrote above, as well as quote something more authoritative than just some /. post.

LWN 2.6.29 kernel announcement (mentions the code name):
http://lwn.net/Articles/325047/

That points to Linus' actual announcement (LKML announcement as seen on LWN):
http://lwn.net/Articles/325048/

The kernel gets a new logo (a comment links the actual git commit by Rusty Russel):
http://lwn.net/Articles/323966/

Beardless Bdale (It'd be interesting to see the stats for this one as related to the Linus in a swimsuit one, I think also linux.conf.au from a few years ago, dunk tank FWIW, see below.)
http://lwn.net/Articles/316282/

(FWIW, LCA/linux.conf.au, correct. AU$35-40K raised according to "beardless". With the awareness brought by 2.6.29 related publicity, hopefully much more