Slashdot Mirror

Not sure why the editors didn't include the actual patch or technical details, but here's the thread. Click "Related" at the top to see the 5-part patch.

In short, looking at the patch, the DOS attacks the sequence/buffer for reordering TCP packets. Specifically, after sending lots of tiny packets with out of order sequence numbers, a couple things happen:

(1) There is an expensive operation to coalesce adjacent packets. This has to run through the entire out of order RB tree, and generally sucks. The fix avoids doing this until the OOO buffer is almost entirely full.

(2) When doing the collapse, keep track of how many 'tiny' packets there are and just bail out rather than continuing to do lots of operations/copies attempting to coalesce them.

(3) Once you've filled up the entire OOO buffer, Linux only drops just enough older packets to get under the boundary. This exacerbates the previous issues, as the attacker can keep the buffer entirely full. The patch changes this always drop in batches (1/8th of the memory) each time it's full.

Neat patch. Editors, next time can we get some real analysis?

Please be assured that SCE is committed to continue the support for previously sold models that have the "Install Other OS" feature and that this feature will not be disabled in future firmware releases.

Fool me once, shame on you; fool me twice, shame on me

The basis of my rant is that this technology is a DRM, causes problems for all non-MS participants,

That is your unsupport assertion that this is just about DRM. The PDF that your linked to does actually say that there are benefits to secure boot, something that you have conveniently omitted (to coin your phrase).

Microsoft controls this technology (by controlling key distribution) and Microsoft has already abused its control.

And yet it is the OEMs who control the platform keys, or so says your document. There is no reason why you couldn't have an OEM that actively supported open source operating systems by including their required keys (just like they provide Linux drivers now). Or you just switch off secure boot.

Regarding UEFI itself: yes, Intel designed original version of it but it was Microsoft who forced additional requirements that made Secure Boot such a pain.

I'm not sure which requirements you were talking about here. Is it that motherboards have to implement secure boot, or that they also have to provide a method to turn it off?

So I still think that anyone supporting this broken standard either misguided or is a liar. Should I add "useful idiots" to my list of "Microsoft stooges" and "paid trolls" ?

I guess the alternative is "Microsoft-hating zealot". You know, the ones who make huge errors, and then "conveniently omit" any further discussion on those points during follow-ups. They are also the ones who know that their claims can be refuted, but try to preempt those arguements by saying:

please don't reply to me with "any OS vendor can request a key from Microsoft" or "any vendor can request hardware vendors to install its key" crapola. These are just lies spewed around by Microsoft stooges and paid trolls.

Great idea! Rather than tell us what is wrong with those claims, just call them lies instead. So how exactly are they lies? Or were you lying when you said that?

The basis of my rant is that this technology is a DRM, causes problems for all non-MS participants, Microsoft controls this technology (by controlling key distribution) and Microsoft has already abused its control. All conveniently omitted by you. Regarding UEFI itself: yes, Intel designed original version of it but it was Microsoft who forced additional requirements that made Secure Boot such a pain. So I still think that anyone supporting this broken standard either misguided or is a liar. Should I add "useful idiots" to my list of "Microsoft stooges" and "paid trolls" ?

3. Embrace Linux - if some person makes their generations Tetris, Myst/HyperCard, bird game - the PR glow is a net positive - give the game away with every unit shipped/sold game and be nice to the team/person who used your product to show it to the world. Support them.

I think they would have to do something like make a >$100m donation to the FSF and put >$10b in some sort of FSF approved escrow before that strategy will get them anywhere. If they announced Linux support on the PS4 I would imagine that any positive noises would be drowned out by a million people crying out something along the lines of "fool me once ... you won't fool me again".

If they try this, I hope that the first journalist who is in the presence of a Sony representative making any claims about Linux support has a copy of the email from Sony around the time of the Slim release which proclaimed

SCE is committed to continue the support for previously sold models that have the "Install Other OS" feature and that this feature will not be disabled in future firmware releases

That mail was sent 40 days before they announced they were disabling OtherOS or 42 days before Sony Fools Day when they actually released the "update" to do so. I'd hope the journalist would simply ask "you do know today isn't April 1st right?" unless of course it is, in which case they can just crack up laughing and promise "to write a great piece about how Sony has a sense of humour and won't be allowing any other OS on their consoles after learning their lesson when they lied to their customers the last time".

The former is completely unverifiable. It came second-hand via a developer. Here's a source. There are many like it. http://lists.ozlabs.org/pipermail/cbe-oss-dev/2010-February/007202.html

As for the rootkits:
http://www.techdirt.com/articles/20051108/0117239.shtml

They have a history of mistreating paying customers. I imagine the freebies (all very old games, of course) for the PSN outage were just a business decision that wound up in the customers' favor. Their other business decisions ended up in their favor, to the detriment of (some) of their customers.

Apparently, Geoff Levand was one of the people behind this release [1]. Geoff Levand is the programmer who worked for Sony supporting OtherOS and made the ill-fated and oft-quoted promise that Sony would never ever remove OtherOS from fat PS3s. [2] Looks like Geoff just kicked his former employer in the nuts. Go Geoff!

[1] http://psgroove.com/content.php?1029-PS3-Dual-Boot-GameOS-Linux-CFW-Released
[2] http://lists.ozlabs.org/pipermail/cbe-oss-dev/2010-February/007202.html

Before using a firmware release to disable OtherOS, Sony has said:

Please be assured that SCE [Sony Computer Entertainment] is committed to continue the support for previously sold models that have the "Install Other OS" feature and that this feature will not be disabled in future firmware releases.

IANAL, but I believe the fact that geohot was using the exploit to re-enable OtherOS will be a vital part of his defense against charges he violated the DMCA. My understanding of the current case law is that if you circumvent a security measure for the sole purpose of violating someone's copyrights then you are liable for prosecution under the DMCA. But if you circumvent a security device in order to exercise a "fair use" then you are safe. A recent example of this was the announcement by the US Government (I forget which department) that is was legal to jailbreak iPhones in order to change carriers.

This then takes us back to the 1984 Supreme Court decision in Sony Corp. of America v. Universal City Studios, Inc where they ruled that "making of individual copies of complete television shows for purposes of time-shifting does not constitute copyright infringement, but is fair use". The idea was that if there were valid (fair) uses of video recorders then video recorders were legal even if they could be used for infringement.

IMO (IANAL), geohot's exploit has fair uses, such as restoring OtherOS, and other uses that would infringe copyright (pirating games). Without the fair uses, geohot might have been in trouble.

Netbooting?

While TFA may state that the guest OS must be net-booted, TFA says to use Petitboot as the bootloader.

But Petitboot's installations directions don't mention require loading an image from the network, but do state that Petitboot can only load images that are directly connected to the PS3.

The Petitboot page also mentions other things about the PS3, so it's not as if you have to boot-strap from petiteboot into TFA's OS...

IOW - it seems that TFA is stressing "you have to" when it should merely claim "here's how to use netbooting". There's a world of difference there.

I was worried at first that I'd have to burn a chip or something equally prone to destroying an expensive toy... but after I actually researched it... here, I find that you don't have to mod the PS3 at all - you just have to create a disk that looks like a game disk to the PS3.

And if you want to go back to PS3 behavior, you just reset the PS3 box.

Now that is a cool hack.

I tried it when it first came out and it sucked, and when I started hearing that it was much improved in the latest versions, that's around the time they removed the feature.

Makes you wonder if it was the security of the game development licensing model which they were protecting rather then attempts to stop copyright infringement on licensed games. Around the time of the Sony Fools day announcement Gallium3D only supported a handful of environments and one of them was the cell, though I never ran it myself as the xserver with relatively trivial video acceleration from the spu's was enough for me. My PS3 has been quite idle since they removed OtherOS as they cut off my interest in the platform, including my interest in buying any games.

What really annoyed me was the fact that after the Slim had OtherOS removed, the main Sony PS3 Linux developer publically released the statement from SCE management including:

Please be assured that SCE is committed to continue the support for previously sold models that have the "Install Other OS" feature and that this feature will not be disabled in future firmware releases.

A couple of days over a month later it was removed. One of these days I'll get around to trying the new Linux bootloader though, that or I'll find a SCE management head to cave in with it.

By the way, I really do use Linux on the PS3. I have been on the mailing list for cbe-oss-dev for over a year. I was falsely assured that it would continue to be supported: http://lists.ozlabs.org/pipermail/cbe-oss-dev/2010-February/007189.html I lead the BoF for PS3 Linux at SCALE 6x. I just uploaded my slides to slideshare.net: http://www.slideshare.net/wrightrocket/ps3-linux

I offered to port the CPAN to Python about 6 years ago as a gift from the Perl community, and I repeat the offer every now and then.

It usually goes down as well as you might expect when someone from Python people hear the word "Perl" anywhere in a coversation :)

In the mean time, we've quite successfully ported and adapted the CPAN model for JavaScript with OpenJSAN and (more recently) for C with The CCAN (run by Rusty Russel).

Both of these are arguably more sophisticated than Python's packaging, although of course both of them are still down in the range of 100 packages.

How about the Seagate 1500GB drive hang error? To my understanding Windows has been fixed, but the problem still persists in Linux.

The ST31500341AS requires a firmware update from Seagate to something newer than revision SD19 (more info). In the meantime, if you're using a drive which hasn't been updated to fixed firmware, there's a blacklist in the current development kernel to disable NCQ on affected models as a workaround.

http://ozlabs.org/~jk/docs/bash_completion/

Bash's programmable completion. Can tab complete remote server files, Make targets, parameters to git/subversion etc.

Talking about "logical well-designed code" is very vague, and doesn't convey any useful information. I can suggest two ways to minimize bugs: make your interfaces hard to misuse (i.e. see this and this), and use testing to make sure that your interfaces work as advertised.

Talking about "logical well-designed code" is very vague, and doesn't convey any useful information. I can suggest two ways to minimize bugs: make your interfaces hard to misuse (i.e. see this and this), and use testing to make sure that your interfaces work as advertised.

And if the virtualisation waters weren't already muddy enough, we have kernel hacker Paul http://www.rustyfacts.com/ Rusty http://en.wikipedia.org/wiki/Rusty_Russell Russell coming up with lguest http://lguest.ozlabs.org/lguest .

So we have a kernel guy and his own take on Linux and virtual machines. This may prove hugely popular, though I hear that not too many turned up for Rusty's lguest tutorial at LCA08. Then again that may be because he scared us off with a "if you haven't done the homework, don't turn up!"

How is Xen 'nicer' than kqemu or lguest?

Solaris has Zones for that exact purpose. Lguest, I believe, offers something similar for Linux.

Xen
VMWare
linux-vserver
UML
OpenVZ
Plex86
Qemu
Bochs
lhype

and now

KVM

http://linuxvirtualization.com/ has some good linux to recent announcements regarding virtualisation software on Linux.

Are there any more?

The same chip was used inside Sun Ultra 1, 2 and 5 systems, without errors. So what if some PC hardware has the same problem? Either the problem is not in the chip or it is possible to circumvent it because the ultrasparcs using the same chip do not exhibit the same problem.

To my knowledge, the UltraSparc never included that particular revision of the CMD646. BTW, my bad, it was revision 5 of the CMD646, not revision 1 as I stated previously. Regardless, the "high processor load" comment is completely and totally wrong. It is predominantly a problem in master/slave configuration, with only a small number of devices misbehaving in single-drive configurations. I'd be happy to point you to a series of citations for that fact.

Needing active termination (or some wonky substitute thereof) for fast-narrow SCSI is not ahead of its time. It's behind the time, because other computers did not share the same problem.

Yeah, and I'm not sure why that is. I guess other fast-narrow SCSI chips are level triggered instead of edge triggered on the REQ line. It's a really ugly problem, and seeing the description of the problem gives me a good idea of why passive termination can be wonky at times.... :-)

ccontrol with ccache and distcc.

You can checkout a Q and A he did here (slides used in the talk are here) and a two part interview he did for the Linux Australia Update podcast.

Also check out The petition

I've just sent out new patches to the kernel and ppc64 mailing lists. See http://patchwork.ozlabs.org/linuxppc64/ for an easily accessible archive.

      Arnd

There's already code:

http://ozlabs.org/pipermail/linuxppc64-dev/2005-Ma y/004027.html

3) Send diffs (just what changed) of files that are in the cache but out of date.

This sounds suspiciously close to the intent of RProxy. Might it have the same unfortunate patent problems? (One would hope that Google would have checked that sort of thing, though...)

• It's Australia, it has to be beaut!
• Excellent weather, even in Canberra (-;
• The only Linux conference with balls (big ones, too, you'll see what I mean when you get there);
• Excellent people. Beyond excellent! Read the roster and consider that this place houses OzLabs too;
• Excellent subject matter, re-read the roster.
• Excellent venue. Nice flat spread-out campus, plenty of places to walk or just veg out within cooee;
• Cafe strip more or less adjacent;
• Very cheap flights from almost anywhere on the East Coast;
• Gets you away from work, gives you the mental toning up required for peak performance;

the number of PowerBook Linux users is so small

Yes, because Airport Extreme doesn't work with Linux but Airport did, so everyone who DID use Linux on their ibooks and powerbooks now can't upgrade them and has been forced to move away from the Apple platform.

Linux kernel hacker Rusty Russell used to have one of the most banged up Powerbooks I'd ever seen.

And once again, to the GGP post, it's not Apple or Broadcom's damn fault that Airport Extreme doesn't work with Linux. 802.11g radios are much more "dangerous" than 802.11b in terms of how they can be used and controlled by software. Very very few (if any?) 802.11g cards have open source drivers for any platforms. Everyone I know which 802.11g cards under Linux uses NDISwrapper and the DOS NDIS drivers to use them.

Linux Australia has a page with details of the Free Trade Agreement. including the text of a speech given by Rusty Russell to the senate select commitee.
So far most of the debate in parliment has centered around the price of pharmaceuticals and the local content on australian television.

I'd love to see an E-10000 or a pSeries690 with a full spread of processors running Linux.

Your wish is granted:

1000-CPU Itanium HP Linux cluster

Linux on 32-way POWER4, 60GB RAM

Linux on pre-production POWER5

Linux on 24CPU E10000

Fast enough?

Ask Google and you can find similar numbers for 64-CPU ia64 machines from SGI and 100-CPU clusters from HP.

Stump up a few million bucks and HP, IBM, SGI et al will be beating down your door to sell you a big Linux machine.

I'd love to see an E-10000 or a pSeries690 with a full spread of processors running Linux.

Your wish is granted:

1000-CPU Itanium HP Linux cluster

Linux on 32-way POWER4, 60GB RAM

Linux on pre-production POWER5

Linux on 24CPU E10000

Fast enough?

Ask Google and you can find similar numbers for 64-CPU ia64 machines from SGI and 100-CPU clusters from HP.

Stump up a few million bucks and HP, IBM, SGI et al will be beating down your door to sell you a big Linux machine.