Slashdot Mirror

What's it like to be so afraid of the world that you never leave the house?

I have no idea. I'm not so paranoid that I don't ever use binaries from people I don't know; obviously without gcc, glibc, or the Linux kernel I wouldn't get very far. The grandparent AC said 'You should only use the binary version if you trust the person who compiled it.', and I'm simply trying to illustrate that unless you happen to personally trust the very large number of people involved in putting together your operating system of choice, you'll never really know for sure if it's compromised or not.

I am aware of what the other AC said, that Debian uses GPG signing, but again, it just makes a large group of people who trust each other, with no connection to me. There has been at least one incident in the past where unwanted code has made it into Debian, but this hasn't stopped me using it, since as I mentioned before, it's rather unfeasible to attempt to personally verify an entire distribution. I just install it, hope for the best, and move on with my life.

You can use dump and give the user read on the device file. I know dump is depreceated, but it works there.

Actually dump won't work. Due to changes in the 2.4 and 2.6 kernels, dump won't get a consistent picture of the filesystem. Linus's comment seems to suggest dump doesn't get the right things from the buffer and page cache. Given that dump doesn't backup your data correct, it's worthless.

$ ldd /lib/libkdb.so
libc.so.6 => /lib/tls/libc.so.6 (0x00111000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x009fd000)

This thread on LWN has some discussion on the topic.

From the "gararge-shop" POV, well, just off the top of my head, there are the

examples everyone is familiar with: Bill Hewlett and David Packard (HP,
instruments), Steves Jobs and Wozniak (Apple, home computer), and outside the
computer industry, folks like Edwin Land (Polaroid, polarized materials and
instant camera), Chester Carlson (Xerox, xerography), Henry Ford (Ford,
affordable automobiles), Thomas Edison (GE, light bulb, motion pictures,
phonograph...), and Alexander Graham Bell (AT&T, telephone), all of whom
profited greatly from their patented works. (One could argue for the inclusion
of Jeff Bezos in that list, although around here, that's a bit like whacking a
hornet's nest with a stick...)

But the classic twentieth century example of patents providing exactly the kind
of protection I'm talking about is probably that of Philo T. Farnsworth, whom
you may never have heard of, although you likely use his invention (electronic
television) every day. Farnsworth was the prototypical individualist inventor
who persevered against all odds and eventually defeated David Sarnoff and
Vladimir Zworykin of the immensly powerful RCA. RCA was truly the Microsoft of
its day in terms of control of the market and underlying technologies through
acquisition - often under severe economic and other pressure. RCA had a policy
of never paying royalties for any technology - a policy they managed to uphold
until they met Philo Farnsworth, who just wouldn't give up.

Farnsworth fought virtually alone against all of RCA's power for seven years
before the final court rulings that his patents had clear validity and
precedence over Zworykin's, forcing a tearful RCA lawyer to sign a royalty
payment agreement to Farnsworth. (Farnsworth publicly displayed television
*five years* before Sarnoff unveiled RCA's infringing version to the world
amidst great fanfare at the 1939 World's Fair, leading many to believe Sarnoff
and RCA were the inventors of television - sound like anyone today?)

Farnsworth's experience is, if anything, a case study for the need to
*strengthen* patents and either streamline patent appeals or extend the length
of patents when thier commercial utility is impacted by unsuccessful challenges.
(World War II intervened, and the government outlawed television for the
duration of the war (the technology was needed for radar, night vision and other
inventions Farnsworth then worked on), and so Farnsworth's patents expired
before he could profit from them.

Do you still think patents are a bad idea? I'd argue experience shows that
patents should be strengthened and perhaps that the duration of Farnsworth's
patent should have been extended, due to RCA's clear abuse of the patent system
and the courts. (I also think the government should have been upright enough to
grant extensions in the name of fair play to all inventors whose inventions were
commandeered for the war effort, but that's another issue entirely.)

History clearly shows that often patents are all that stands between real
progress and innova

They also gave out strlcpy(3) , but the glibc crew decided to go with the weaker more broken strncpy, making many people reimpliment it themselves. Unfortunatly egos won out over common sense.

The Linux Weekly News security page would be a good place to start. If you then went back and looked through the security pages of the weekly editions, you'd probably have a pretty complete database.

http://lwn.net/security

In fact, out of all the news articles out there about linux 2.7, it seems (not that this surprises me) that slashdot went out of its way to pick one laden with the most possible negative FUD and the least possible useful information about what really is news with 2.7. A much better writeup can be found at LWN. In summary, the present situation is:

• The -mm tree of Andrew Morton is now the Linux development kernel, and the 2.6 tree of Linus is now the stable kernel. This represents a role reversal from what people were expecting last year when Andrew Morton was named 2.6 maintainer.
• Andrew Morton is managing the -mm tree very well. Unlike all the previous development kernels, the -mm tree is audited well enough that it is possible to remove patches that prove to have no benefit (and this does often happen). Bitkeeper is to some degree contributing to this flexibility, although not every kernel developer uses it.
• The development process is going so smoothly that there may not need to be a 2.7 at all; for the first time in linux development history the developers are able to make useful improvements to linux while keeping it somewhat stable. If there is a 2.7 at all, it will be used for major experimental forks and there is no guarantee that the result will be adopted for 2.8.

It's no problem however if you follow instructions on this page.

The NVidia problem is discussed here with a work around. Hopefully the new version mentioned above will solve it.

However, after I installed Ubuntu, I couldn't boot into Windows. Not having the time to fix it, I don't know why that is. YMMV, of course, mine could've been an isolated case.

Probably the same problem you can run into on Fedora Core. To my knowledge, this isn't fixed in the new release -- someone please correct me if it is.

If fedora is the base for which RHEL gets developed, why do they keep releasing new versions? When do they decide which fedora release gets frozen to develop RHEL 4?

What do you mean "why do they keep releasing new versions"? They keep releasing new versions because that's the point of having a distribution. Fedora Core partly exists to support RHEL, but it has its own life as well -- think Mozilla and Netscape, OpenOffice.org and StarOffice.

And "when do they decide"? Well, market realities mean they need a new RHEL release every certain amount of time -- probably every year and a half or so. So when that "when" approaches, I imagine they look to see what the most solid current Fedora base, and develop along with this.

In fact, RHEL 4 is being developed in parallel with FC3. See this LWN.net article for more details.

Linux may not have the "Unix 2003 standard" label, but Linux Weekly News reports that Linus has now declared a pre-patch release naming standard! After the confusion surrounding the 2.6.9 pre-patch naming conventions, Linus has created an important Standards Document outlining the new naming policy. In honor of this event, Linux kernels will now be entitled "Woozy Numbat".

There's a thread on the Gentoo forums about this. Apparently it is to do with TCP/IP window resizing. There's also a LWN article.

see bnetd.... nugh sed.

The article is still subscriber-only, but Linux Weekly News has a good summary of some discussion on the LKML about InfiniBand. Greg K-H's original posting can be found here. Basically, he feels that it's impossible to implement the specification for InfiniBand in a free/open source product without violating the licensing agreement of the spec, because of patent infringement.

Yes, that's even more than Hibernate's documentation. If you like R, try Albert Gräf's Q, a powerful functional/equational programming language which now has a set of Q multimedia examples including audio and MIDI based on a KDE interface.

Ooops, misformed link. This should work. LWN article

Here is a nice round-up http://lwn.net/Articles/22991

How the OS is written will make some difference

-jim

http://www.apache.org/foundation/docs/sender-id-po sition.html http://lwn.net/Articles/100873/ http://lwn.net/Articles/100659/ http://arstechnica.com/news/posts/20040902-4153.ht ml http://news.netcraft.com/archives/2004/09/02/apach e_rejects_sender_id_proposal.html

http://www.apache.org/foundation/docs/sender-id-po sition.html http://lwn.net/Articles/100873/ http://lwn.net/Articles/100659/ http://arstechnica.com/news/posts/20040902-4153.ht ml http://news.netcraft.com/archives/2004/09/02/apach e_rejects_sender_id_proposal.html

There was a story about this at Linux Weekly News.

-jim

Fast Yoper Torrent from the Linux Mirror Project:
http://www.tlm-project.org/torrents/yoper/yos-i686 -2.1.0-4.iso.torrent

And on installing use the default Reiserfs(3). Don't use the new Reiser4, it's much slower, there's messages on Yoper.com forum. There is also some info about slow Reiser4 on Lwn:
http://lwn.net/Articles/99408/

I presume that LSB is simply spec'ing existing practice, correct? Or have things changed since that posting? Is this really an issue, even, since a system might be able to support an "old" and "new" C++ ABI by having both the "old" and "new" libraries installed?

Also: if the C++ symbols will be stored as (name space + package + class + method) in that order, ELF is used, and there are many hash collisions, this might create a lot of overhead loading large C++ libraries. The reason: while linking, you'd have to compare a lot of text before matching, because so many symbol entries would have a common prefix that you'd have to keep matching over and over again. Am I reading this correctly?

More info

There are several good reasons why the kernel developers don't care about closed source drivers. Basically, they are a PITA for the kernel developers. In the latest Linux Weekly News this is discussed. The article is still only available for subscribers though.

In case you happen to live under a rock somewhere lwn.net is possibly the best Linux/FOSS news source on the net.

In case you happen to live under a rock somewhere lwn.net is possibly the best Linux/FOSS news source on the net.

In case you happen to live under a rock somewhere lwn.net is possibly the best Linux/FOSS news source on the net.

After last week's discussion of cdrecord, and concerns that recent releases of cdrecord may not be free software, we decided to take a look and see what alternatives exist for Linux users. The answer, unfortunately, is "not many." While there are quite a few front-ends for recording CDs under Linux, there are very few actual CD and DVD-burning applications available to Linux users. Applications like K3b, MP3Roaster, BashBurn and others all use cdrecord to burn CDs.

<a href="http://www.redhat.com/archives/fedora-test-l ist/2004-May/msg02114.html">Red Hat</a>
<a href="http://lwn.net/Articles/86835/">LWN</a&g t ;

Red Hat
LWN

Red Hat:
<URL:http://www.redhat.com/archives/fedora-t est-list/2004-May/msg02114.html>

LWN:
<URL:htt p://lwn.net/Articles/86835/>

Red Hat:
http://www.redhat.com/archives/fedora-test-list/20 04-May/msg02114.html

LWN:
http://lwn.net/Articles/86835/

<a href="http://www.redhat.com/archives/fedora-test-l ist/2004-May/msg02114.html">Red Hat</a>
<a href="http://lwn.net/Articles/86835/">LWN</a&g t ;

Red Hat
LWN

Red Hat:
<URL:http://www.redhat.com/archives/fedora-t est-list/2004-May/msg02114.html>

LWN:
<URL:htt p://lwn.net/Articles/86835/>

Red Hat:
http://www.redhat.com/archives/fedora-test-list/20 04-May/msg02114.html

LWN:
http://lwn.net/Articles/86835/

Okay, I'm not quite as naiive as the subject line says, but now that we've gotten rid of odd-numbered kernels, 2.6.y.z format is really not that unexpected. I much prefer that over 2.6.8-pre1-am2. By comparison, 2.6.y.z should be an easy problem to fix.

Boot loader thing was quite covered by press BTW

Oh, you mean the partitioning problem that affected *only* those people who were dual booting with Windows? The one where Windows insists on using CHS values instead of LBA values? Yeah, that sure caused a number of issues. Good thing the Windows installer allowed me to dual boot with Mandrake/Fedora just fine.

Oh wait, no it didn't.

The big thing i want to know is, does this fix those problems with dual-boot that became apparent with fedora 2?

Here's more information on the issue (which is caused by the bootloader modifying the disk geometry reported in the partition table), including how to fix it.

-jim

Since you INSIST it DOESN'T you probably DON'T want to READ this, especially not the part about how it works and uses x86 features (code limit).

Cue the "CPU support isn't CPU support" comment . . .

Once again, the great LWN has something to help you. Check out part 1 and part 2 of "The Grumpy Editor's Guide to diagram editors". I have no expiriance with any diagram software, so that's all that I can offer you.

Once again, the great LWN has something to help you. Check out part 1 and part 2 of "The Grumpy Editor's Guide to diagram editors". I have no expiriance with any diagram software, so that's all that I can offer you.

Once again, the great LWN has something to help you. Check out part 1 and part 2 of "The Grumpy Editor's Guide to diagram editors". I have no expiriance with any diagram software, so that's all that I can offer you.

Apparently you can just pick any linux-using company at random, say Autozone.

Remember this guy? He also wrote "Linux Security: Unfit for Retrofit" ( http://www.ghs.com/linux/unfit.html )

This was covered by LWN back in May: http://lwn.net/Articles/83242/

IIRC, GHS does development on embedded XP stuff? I don't remember the details...

Obviously this SCO stuff is a riot. And possibly a pain in the butt. But it does a couple of things:

1. Gets Linux more press; this is good
2. Proves that Linux has *serious* game, and can play with the big boys
3. Shows legitimacy (see 2): publicly whooping SCO time and time again demonstrates the legimitacy of Linux and its IP.
4. Entertains everyone: remember this? Everyone loves watching things crash and burn...

So, after all, what's not to love?
---------------------
Dr. Movie Movie, PhD: DrMovieMovie.com
Witty movie reviews, eating contests, and a guy who once drank a gallon of milk in an hour.

I'm not an expert on this, but companies like Oracle clearly state that Sun is SMP, as are smaller systems like Dell and HP, whereas systems like Sequent (now IBM) and SGI are NUMA.

Read Sun's own paper I linked to on their site and realise NUMA means non uniform memory access. Plain and simple, Sun's architecture doesn't have uniform access to all memory, hence it is NUMA by definition.

I don't mean to be annoying, but I'm skeptical. However, I'm prepared to be convinced by statistics, and I would find this very interesting. Do you have any?

Well, you weren't very convinced about Sun's stats telling you their system was NUMA... but here is about where Linux started beating Solaris at single threaded stuff (benchmarks of different opterating systems on the same hardware are very difficult to come by on the web).

here is one a bit later. So far we have Linux handily beating Solaris even on SPARC hardware.

here is one fairly recently. (note that Linux and solaris weren't run on the same machine here, or even the same architecture, but I figure the 700 mhz P3 Xeon 1 M is roughly equivalent to the 900 mhz Ultrasparc III 8 Mb cache. Probably the SPARC even has the edge.

Now also just think about why everyone would be out to beat Linux if it is so slow? Why would Sun be trumpeting that Solaris 10's TCP stack is 30% quicker than Linux? Why does Microsoft try to rig all these benchmarks to show NT beating Linux?

Those companies really have the resources and no legal obstacles to do comprehensive testing and benchmarking of their product vs Linux, so if they really are faster, and wanted to show that, they could just publish the comprehensive results to open, reproducable tests. Instead they sneak around sniping here and there when they get the chance...

The venture capitalists is the "Burcham Community Property Trust," which is controlled by the parents of Mr. Robertson's wife. According to http://lwn.net/Articles/81289/

Actually 2.6 is what's included. 2.8 is planned for final release.

Mandrake had that bug.
And SuSe also had that bug.
If you mind not spreading fud and educating yourself have a look at This Page Which tells you how to not only recover the problem, but avoid it all together.
This crap is really getting old, stop trying to place blame only on Fedora dev's when every distro with 2.6 kernel has this problem okay?

I agree that that sucks, and I've tried to do my part in trying to stop software patents (writing letters to my MP:s and so on).

What I meant to say isn't that we shouldn't be concerned about bogus and software patents, just that one shouldn't be on the lookout for them when programming.

Call it the Torvalds doctrine if you like..

Uh huh.

It's not kind of like driving a car. Other drivers don't crash into you just because you're driving a Punto. No one releases huge robots on to the highways that are programmed to crush Fords, then make new Ford crushing robots out of the scrap.

Car analogies suck.

Debian Investigation Report

This was an attack by mounted by an actual blackhat...who initally sniffed a password. The operating system is irrelevant if your password is stolen.

So, yeah, that was a human error exploited by an unscrupulous individual but do you leave your house unlocked because only theives would break in anyway? It's best not to tempt people.

And, again, that analogy sucks too.

It's more like innoculization. You're protecting yourself against the most common diseases (0-day Windows exploits). Yeah, it's not much good if someone decides to break your legs with a baseball bat or you have unprotected sex -- and the shot can be painful -- but, on balance, it's better for you.

Or something. What do I care for your 'health' anyway?

Apparently every process has it's own "kernel stack" used whenever the process enters kernel-mode code. previously it was 2 pages large (8KB). The pages had to be adjacent in physical memory, which can be hard to find on a heavily used system. Now they are reducing it to only 1 page, so stack hungry drivers must go on a diet.

It also mentions something about interupts that I don't understand. Maybe interupting breakfast is safer when everyone ate a small stack of pancakes.