Slashdot Mirror

An anonymous reader writes "After .COM and .NET started using a wildcard, the internet community busily started creating patches to various pieces of software to circumvent this. It was said that this was a grave problem to the internet. Several official BIND patches were announced over the next few days. However, it turns out they weren't necessarily too well thought through. Usage of the patch unexpectedly broke at least 7 Top Level Domains, ISC announced 3 weeks later, after users started having problems. The .NAME registry has sent a formal letter to ICANN's Security and Stability Advisory Comittee to warn against using the BIND patch, which they will look into in their next meeting. The intention may have been good, but... Stability? Anyone?"

An anonymous reader writes "After .COM and .NET started using a wildcard, the internet community busily started creating patches to various pieces of software to circumvent this. It was said that this was a grave problem to the internet. Several official BIND patches were announced over the next few days. However, it turns out they weren't necessarily too well thought through. Usage of the patch unexpectedly broke at least 7 Top Level Domains, ISC announced 3 weeks later, after users started having problems. The .NAME registry has sent a formal letter to ICANN's Security and Stability Advisory Comittee to warn against using the BIND patch, which they will look into in their next meeting. The intention may have been good, but... Stability? Anyone?"

veg writes "In the last few hours there have been several reports of a new ssh bug, with an exploit seemingly in the wild. Oh god not again... The lengths some people will goto to try and damage Theo's pride." Update: 09/17 00:24 GMT by T : friscolr writes "Hot on the heels of rev 1 of the buffer.adv advisory, here is revision 2, which fixes more than revision 1 did. Also see the 3.7.1 release notes."

veg writes "In the last few hours there have been several reports of a new ssh bug, with an exploit seemingly in the wild. Oh god not again... The lengths some people will goto to try and damage Theo's pride." Update: 09/17 00:24 GMT by T : friscolr writes "Hot on the heels of rev 1 of the buffer.adv advisory, here is revision 2, which fixes more than revision 1 did. Also see the 3.7.1 release notes."

An anonymous reader writes "Linux creator Linus Torvalds recently announced the 2.6.0-test5 Linux kernel, bringing the release of a stable 2.6 one step closer. KernelTrap quickly followed by posting a guide that walks bleeding-edge Linux fans through the process of upgrading from 2.6.0-test4 to 2.6.0-test5, using a tiny 706 KB patch."

gstein writes "The ASF has announced the launch of the "Geronimo" project. Geronimo will be an Apache-licensed implementation of the Java J2EE specification; further, the ASF is committed to getting it certified as J2EE-compliant. The project is looking for developers interested in helping to carry this ambitious effort forward. See the original invitation that was sent out to many J2EE communities."

xose quotes Linus from the kernel list: "the naming should be familiar - it's the same deal as with 2.4.0. One difference is that while 2.4.0 took about 7 months from the pre1 to the final release, I hope (and believe) that we have fewer issues facing us in the current 2.6.0. But very obviously there are going to be a few test-releases before the real thing. The point of the test versions is to make more people realize that they need testing and get some straggling developers realizing that it's too late to worry about the next big feature. I'm hoping that Linux vendors will start offering the test kernels as installation alternatives, and do things like make upgrade internal machines, so that when the real 2.6.0 does happen, we're all set." You all know what to do ;) Update: 07/14 17:49 GMT by S : OverNeith writes "Joe Pranevich has done it again! He's written another summary document on what to expect in the new and upcoming 2.6 Kernel!"

Kourino writes "Today on LKML, Linus released 2.5.75, which he said will be "the last 2.5.x kernel from me", and that he and Andrew Morton are going to start a 2.6-pre series soon. While this certainly does mean things could get interesting soon, don't hold your breath about seeing the actual 2.6 for a while; there are still many areas that need work. This essentially means that the development branch is going into maintenance mode, and new features probably won't get in after this point. Changes of note in 2.5.75 include a merge of the anticipatory scheduler from Andrew Morton's -mm tree and updates from several architectures."

Kourino writes "Today on LKML, Linus released 2.5.75, which he said will be "the last 2.5.x kernel from me", and that he and Andrew Morton are going to start a 2.6-pre series soon. While this certainly does mean things could get interesting soon, don't hold your breath about seeing the actual 2.6 for a while; there are still many areas that need work. This essentially means that the development branch is going into maintenance mode, and new features probably won't get in after this point. Changes of note in 2.5.75 include a merge of the anticipatory scheduler from Andrew Morton's -mm tree and updates from several architectures."

Bootsy Collins writes "This evening on C|Net contains three new items. First, they've upped the damages they're seeking to $3 billion. Second, they claim that by making SMP technology generally available through Linux, IBM violated federal export controls and thus breached their contract with SCO through committing an illegal act. Finally, they elaborate on one specific technology they claim rights to which IBM inserted into the 2.5 kernel series -- the read-copy update memory management features which went in at 2.5.43. Unclear is why SCO thinks they have the rights to RCU, since the technology was originally developed by Sequent in the early 1990s."

worldwideweber writes "With the announcement of the release of the 2.5.72 version of the Linux kernel came the news that Linus Torvalds will be leaving Transmeta for OSDL to work on the linux kernel full-time. The email calls this a leave of absence for about one year." Update: 06/17 17:19 GMT by T : As many readers have pointed out, the length of Linus' leave is not actually specified in this email.

Linus Torvalds weighed in on the DRM debate on the linux-kernel mailing list last night. No, don't click through, his email is reproduced below. Worth reading and thinking about.

Thread on LKML:

Date: Wed, 23 Apr 2003 20:59:45 -0700 (PDT)
From: Linus Torvalds
To: Kernel Mailing List
Subject: Flame Linus to a crisp!

Ok,
there's no way to do this gracefully, so I won't even try. I'm going to
just hunker down for some really impressive extended flaming, and my
asbestos underwear is firmly in place, and extremely uncomfortable.

I want to make it clear that DRM is perfectly ok with Linux!

There, I've said it. I'm out of the closet. So bring it on...

I've had some private discussions with various people about this already,
and I do realize that a lot of people want to use the kernel in some way
to just make DRM go away, at least as far as Linux is concerned. Either by
some policy decision or by extending the GPL to just not allow it.

In some ways the discussion was very similar to some of the software
patent related GPL-NG discussions from a year or so ago: "we don't like
it, and we should change the license to make it not work somehow".

And like the software patent issue, I also don't necessarily like DRM
myself, but I still ended up feeling the same: I'm an "Oppenheimer", and I
refuse to play politics with Linux, and I think you can use Linux for
whatever you want to - which very much includes things I don't necessarily
personally approve of.

The GPL requires you to give out sources to the kernel, but it doesn't
limit what you can _do_ with the kernel. On the whole, this is just
another example of why rms calls me "just an engineer" and thinks I have
no ideals.

[ Personally, I see it as a virtue - trying to make the world a slightly
better place _without_ trying to impose your moral values on other
people. You do whatever the h*ll rings your bell, I'm just an engineer
who wants to make the best OS possible. ]

In short, it's perfectly ok to sign a kernel image - I do it myself
indirectly every day through the kernel.org, as kernel.org will sign the
tar-balls I upload to make sure people can at least verify that they came
that way. Doing the same thing on the binary is no different: signing a
binary is a perfectly fine way to show the world that you're the one
behind it, and that _you_ trust it.

And since I can imaging signing binaries myself, I don't feel that I can
disallow anybody else doing so.

Another part of the DRM discussion is the fact that signing is only the
first step: _acting_ on the fact whether a binary is signed or not (by
refusing to load it, for example, or by refusing to give it a secret key)
is required too.

But since the signature is pointless unless you _use_ it for something,
and since the decision how to use the signature is clearly outside of the
scope of the kernel itself (and thus not a "derived work" or anything like
that), I have to convince myself that not only is it clearly ok to act on
the knowledge of whather the kernel is signed or not, it's also outside of
the scope of what the GPL talks about, and thus irrelevant to the license.

That's the short and sweet of it. I wanted to bring this out in the open,
because I know there are people who think that signed binaries are an act
of "subversion" (or "perversion") of the GPL, and I wanted to make sure
that people don't live under mis-apprehension that it can't be done.

I think there are many quite valid reasons to sign (and verify) your
kernel images, and while some of the uses of signing are odious, I don't
see any sane way to distinguish between "good" signers and "bad" signers.

Comments? I'd love to get some real discussion about this, but in the end
I'm personally convinced that we have to allow it.

Btw, one thing that is clearly _not_ allowed by the GPL is hiding private
keys in the binary. You can sign the binary that is a result of the build
process, but you can _not_ make a binary that is aware of certain keys
without making those keys public - because those keys will obviously have
been part of the kernel build itself.

So don't get these two things confused - one is an external key that is
applied _to_ the kernel (ok, and outside the license), and the other one
is embedding a key _into_ the kernel (still ok, but the GPL requires that
such a key has to be made available as "source" to the kernel).

Linus

Linus Torvalds weighed in on the DRM debate on the linux-kernel mailing list last night. No, don't click through, his email is reproduced below. Worth reading and thinking about.

Thread on LKML:

Date: Wed, 23 Apr 2003 20:59:45 -0700 (PDT)
From: Linus Torvalds
To: Kernel Mailing List
Subject: Flame Linus to a crisp!

Ok,
there's no way to do this gracefully, so I won't even try. I'm going to
just hunker down for some really impressive extended flaming, and my
asbestos underwear is firmly in place, and extremely uncomfortable.

I want to make it clear that DRM is perfectly ok with Linux!

There, I've said it. I'm out of the closet. So bring it on...

I've had some private discussions with various people about this already,
and I do realize that a lot of people want to use the kernel in some way
to just make DRM go away, at least as far as Linux is concerned. Either by
some policy decision or by extending the GPL to just not allow it.

In some ways the discussion was very similar to some of the software
patent related GPL-NG discussions from a year or so ago: "we don't like
it, and we should change the license to make it not work somehow".

And like the software patent issue, I also don't necessarily like DRM
myself, but I still ended up feeling the same: I'm an "Oppenheimer", and I
refuse to play politics with Linux, and I think you can use Linux for
whatever you want to - which very much includes things I don't necessarily
personally approve of.

The GPL requires you to give out sources to the kernel, but it doesn't
limit what you can _do_ with the kernel. On the whole, this is just
another example of why rms calls me "just an engineer" and thinks I have
no ideals.

[ Personally, I see it as a virtue - trying to make the world a slightly
better place _without_ trying to impose your moral values on other
people. You do whatever the h*ll rings your bell, I'm just an engineer
who wants to make the best OS possible. ]

In short, it's perfectly ok to sign a kernel image - I do it myself
indirectly every day through the kernel.org, as kernel.org will sign the
tar-balls I upload to make sure people can at least verify that they came
that way. Doing the same thing on the binary is no different: signing a
binary is a perfectly fine way to show the world that you're the one
behind it, and that _you_ trust it.

And since I can imaging signing binaries myself, I don't feel that I can
disallow anybody else doing so.

Another part of the DRM discussion is the fact that signing is only the
first step: _acting_ on the fact whether a binary is signed or not (by
refusing to load it, for example, or by refusing to give it a secret key)
is required too.

But since the signature is pointless unless you _use_ it for something,
and since the decision how to use the signature is clearly outside of the
scope of the kernel itself (and thus not a "derived work" or anything like
that), I have to convince myself that not only is it clearly ok to act on
the knowledge of whather the kernel is signed or not, it's also outside of
the scope of what the GPL talks about, and thus irrelevant to the license.

That's the short and sweet of it. I wanted to bring this out in the open,
because I know there are people who think that signed binaries are an act
of "subversion" (or "perversion") of the GPL, and I wanted to make sure
that people don't live under mis-apprehension that it can't be done.

I think there are many quite valid reasons to sign (and verify) your
kernel images, and while some of the uses of signing are odious, I don't
see any sane way to distinguish between "good" signers and "bad" signers.

Comments? I'd love to get some real discussion about this, but in the end
I'm personally convinced that we have to allow it.

Btw, one thing that is clearly _not_ allowed by the GPL is hiding private
keys in the binary. You can sign the binary that is a result of the build
process, but you can _not_ make a binary that is aware of certain keys
without making those keys public - because those keys will obviously have
been part of the kernel build itself.

So don't get these two things confused - one is an external key that is
applied _to_ the kernel (ok, and outside the license), and the other one
is embedding a key _into_ the kernel (still ok, but the GPL requires that
such a key has to be made available as "source" to the kernel).

Linus

Starrider writes "It seems the DARPA grant for OpenBSD and for University of Pennsylvania has been cancelled (?) immediately and without warning. See the full story in Theo's email and on deadly.org." Theo is left to only speculate why funding was suddenly pulled. One also has to wonder what this means for the University of Pennsylvania, since they were also in for a piece of the pie.

petabyte writes "Now that RedHat 9 is out, here's something for the rest of us. OpenSSH 3.6 has been released today. Is has several new features including a progress meter for sftp and bandwidth limiting for scp. I haven't installed it yet but I'm sure the packages will be hitting mirrors soon enough. There's even a new T-shirt."

TrumpetPower! writes "Recently there's been quite a row in the OpenBSD community over copyright infringement by the OpenBSD spinoff, MicroBSD. Many parts of MicroBSD would seem to be a wholesale search-n-replace of the two names...including copyright notices. As a result, MicroBSD has shut down. It's worth noting that, as of this story submission, the MicroBSD Web site is still up and running with no special notices."

TrumpetPower! writes "Recently there's been quite a row in the OpenBSD community over copyright infringement by the OpenBSD spinoff, MicroBSD. Many parts of MicroBSD would seem to be a wholesale search-n-replace of the two names...including copyright notices. As a result, MicroBSD has shut down. It's worth noting that, as of this story submission, the MicroBSD Web site is still up and running with no special notices."

TrumpetPower! writes "Recently there's been quite a row in the OpenBSD community over copyright infringement by the OpenBSD spinoff, MicroBSD. Many parts of MicroBSD would seem to be a wholesale search-n-replace of the two names...including copyright notices. As a result, MicroBSD has shut down. It's worth noting that, as of this story submission, the MicroBSD Web site is still up and running with no special notices."

Slashback tonight with a round of updates and clarifications on Yahoo! v. France, William Gibson's new book(tour), lowish-tech helping to solve the Columbia mystery, searchable utra-localized information and more. Read on for the details.

How very magnanimous. Amazing Quantum Man writes "ZDNet reports that Timothy Koogle and Yahoo were acquitted of condoning war crimes by selling Nazi memorabilia. The article is rather sketchy, so that's all I have. Here are some background articles from Slashdot history."

He doesn't sign anything, just sprinkles on some invisible nanobots. shawn writes "The Penguin Group's site has a schedule of upcoming book signing events for Willam Gibson's Pattern Recognition . The new book was mentioned on Slashdot earlier."

And now Gisbon's new book has been reviewed, as well. Look out for a review of the No Maps For These Territories DVD (with extras) soon too.

Aren't you glad some people are realistic enough to be paranoid? For everyone worried about your ISP suddenly deciding to detect and crack down on everyone who's taken advantage of the currently ubiquitous, simple-to-use NAT hardware (here's the post we ran about the means to snoop behind your NAT box, which links to the Bellovin paper mentioned below), an anonymous reader writes with one way to foil detection efforts: "Good news coming from OpenBSD camp! Read CVS log message (mail archive): 'Add scrub option 'random-id', which replaces IP IDs with random values for outgoing packets that are not fragmented (after reassembly), to compensate for predictable IDs generated by some hosts, and defeat fingerprinting and NAT detection as described in the Bellovin paper.'"

Right place at the right time when the wrong thing happens. fonixmunkee writes "an 11-year-old Mac and a COTS (commercial-of-the-self) telescope may have captured a very helpful image in solving the shuttle Columbia tragedy. this article here at CNN tells the story of how some self-proclaimed 'geeks,' working on an Air Force project aimed at watching satellites & incoming missiles, whipped up a contraption with some simple parts that captured an image of the shuttle on descent that may offer some light on what happened. also interesting is how many news sources mistook the image as a capture from the high-tech cameras that the people *actually* worked on."

Just a scratch in the historical record. truthsearch writes "In response to a leaked Sun memo complaining of Sun's Java implementation on Solaris, News.com has Sun's response. Many posters doubted its authenticity (myself included due to missing dates), but 'Sun confirmed the memo's authenticity, but said that the document is two years old and that the problems it describes have been fixed.'"

GPS, free databases -- these are a few of my favorite things ... Tony Pryor writes: "In April 2001, while there at arsDigita University, I developed a web interface called the Godseye Project, designed to enable 'grassroots cartography,' allowing individuals with web access to add subjective knowledge details about their surroundings to closeup satellite images. Although I wrote Godseye over a year and a half ago, it isn't currently online- I'll spare you the gory details of the events between then and now.

I just wrote two new pieces which *are* live. The first is a script that dynamically adds geolocation pages using Movable Type, and automatically registers each of them with http://www.geourl.org. The second part is a geolocation-based search centered upon any one of these geopages. The search aggregates the results of consecutive google queries on each of the sites (or geopages) within a given radius."

Visit the still-growing Godseye Project to test out this cool geographic search capability; Tony promises that the functionality will improve with lots of visitors and suggestions.

sultanoslack writes "In an effort to bring together KDE hackers that are students, unemployed or by other means lacking in hardware and capital with users in that have spare goodies, Adopt-a-Geek has been launched. More details are available on how to help out. Been wondering what you can do to help out? Here's your chance!"

Strog writes "We are securing our administrative network and one thing we decided to implement is allowing only known MAC addresses get an address from the DHCP server. The techs aren't very Unix-centric so we would prefer to keep them out of the server directly. A web-based admin tool is what we are looking for. I've used webmin for a while but it likes to give each host a nice little icon which wouldn't be so good once we get all ~750 machines entered. Dixie looks good too but leaves a few too many options for techs to look at. I'm in the process of hacking webmin into what I need but wondered if anyone out there has some good options to offer. What we really need is boxes for hostname, MAC address and apply button and a list of current entries and a delete button." This was recently asked on a mailing list, but so far, no answers have been given. Might someone here have experience with such software that they would like to share?

DieNadel writes "As posted here, support to ProPolice was added to OpenBSD. You can check the announcement. Note that THERE ARE dependencies that should be taken care of before building a new kernel, even on -stable."

An anonymous submitter writes "OpenBSD wants to run on all hardware. They've asked Sun for documentation on the UltraSPARC III processors over and over, but been stonewalled. Theo recently asked users to talk to Sun about this issue. A fairly complete thread archive can be found here. The real kicker is that Sun has released this documentation through an NDA to Linux developers..."

An anonymous submitter writes "OpenBSD wants to run on all hardware. They've asked Sun for documentation on the UltraSPARC III processors over and over, but been stonewalled. Theo recently asked users to talk to Sun about this issue. A fairly complete thread archive can be found here. The real kicker is that Sun has released this documentation through an NDA to Linux developers..."

xarc writes "OpenBSD 3.2-current has acquired IP load balancing support via its packet filter, PF. This is a great step for those of us who prefer OpenBSD, but are dependent on other OSes and software (such as Linux's Linux Virtual Server) to provide similar functionality."

paskie writes "Martin J. Bligh of IBM announced launch of a Bugzilla bug tracking database for 2.5 linux kernel series - it's at bugme.osdl.org. Finally there will be some possibility to easily keep track of known bugs without being subscribed to thousand of mailing lists or googling to death. According to the relevant lkml thread, kernel developers will still prefer discussions to happen on the mailing lists, though. The Bugzilla server and connection is donated by OSDL and IBM folks administer the database."

pixelbeat writes "Grigory Orlov origonally implemented this new allocator for FreeBSD, and it's been merged in 2.5.46 and the first benchmarks are in: http://marc.theaimsgroup.com/?l=linux-kernel&m=103 650970512510&w=2 In summary: 13% increase on unpacking a kernel tarball 43% increase on uncached kernel tree traversal 48% increase on cached kernel tree traversal 170%increase on deleting kernel tree"

Col. Klink (retired) writes "BitKeeper's new EULA forbids working on the competition. Larry McVoy has told Ben Collins that he can't use BK because he works on subversion (a free revision control program). In fact, you can't use BitKeeper if you OR your company have anything to do with competing software. Free Software advocates who were upset when Linus decided to use non-Free software now have the opportunity to say 'I told you so.'"

Slashback with two different updates on the donation by Sun of elliptic-curve cryptographic techniques to the OpenSSL project, the state of Microsoftization of the U.S. Department of the Interior, and the strange outcome of Batt vs. the Cage Trust. Read on below for the details.

Different folks, different contributions Dr. Sheueling Chang-Shantz writes:

"Hello, I am the lead researcher/developer of the ECC project at Sun Microsystems Laboratories. I appreciate very much the news you posted on Slashdot regarding 'OpenSSL Gets Cryptography Gift From Sun.'

However, your wordings "Sun Microsystems has donated ... developed by Whitfield Diffie ..." seems to be causing some confusion on Slashdot forum. It gave the wrong interpretation that Whit has invented ECC. Sun is definitely making no attempt to claim that Whitfield Diffie has invented the Elliptic Curve Cryptosystem. Technically, neither has Whitfield Diffie developed the ECC technology that Sun has donated to the OpenSSL project recently.

I would appreciate it if you could correct the news before too late.

For clarification, Elliptic curve cryptography was independently invented by Neal Koblitz, Professor of Mathematics at the University of Washington and Victor Miller who was then at IBM.

Whitfield Diffie is Sun's chief security officer who co-invented Diffie-Helman public-key cryptography."

We now go north of the border ... And further on the topic of that donation by Sun, friscolr writes "In a recent post on misc@, OpenBSD project leader Theo de Raadt states...

OpenSSL is becoming a non-free software project, because the code from Sun contains licenses which invoke patent litigation; the licence on the new code basically builds a contract that says "if you use this code, you cannot sue Sun".

He goes on to say, 'once again, i think it is time to fork OpenSSL.' Thank you, Theo, for always making sure we will have 100% free software at our disposal and for standing by your stated goals."

[Headline redacted] Dotnaught writes "The question of whether British composer Mike Batt's "A Minute's Silence" on the "Classical Graffiti" CD (by The Planets) violated the copyright of John Cage's silent composition " 4'33" " has been resolved in an out-of-court settlement. Batt reportedly paid the John Cage Trust an "adequate sum" (whatever that is). On his site, Batt writes, 'We have now settled the matter of my artless plagiarism of John Cage's silence, by his publishers caving in and us winning! Why didn't I think of that before! We could have saved a lot of time and buggering about, although I must say, the struggle was one of the most amusing disputes I've ever , er, disputed.' Batt may yet have the last laugh. According to the New Yorker, Batt has been busy copyrighting chunks of silence of various lengths other than the four minutes, thirty-three seconds of silence owned by Cage."

Hey, does this guy really work for the government? In response to broadly worded news that the U.S. Department of the Interior was switching to an all-Microsoft computing infrastructure, security architect (and oftc.net honcho) D. Clyde Williamson fired off a well-phrased mail to Hord Tipton, Acting Chief Information Officer for the Department of the Interior. asking for clarification, and urging that the DOI consider advantages of not tying themselves completely to proprietary systems. Tipton's response (posted with his permission) is informative:

"Thanks for your views on the DOI's attempts to standardize operating systems. Whereas it is true we are moving towards enterprise approaches to desktops and operating systems, there will be as you suggest a heterogenous mix at the server level. We have not decided at this point to be 100% Microsoft although that discussion has been entertained. There are certain risks and efficiencies that must be considered regardless of the path taken.

Our major concern is interoperability and our current situation is all over the map. Thus standardization is an important step forward for us.

Thanks again for your views.

Hord Tipton
Department of the Interior"

Why relying on a single vendor for such an important aspect of the modern workplace is still considered an "enterprise approach" I'm not sure, but it is certainly true at many companies.

cant_get_a_good_nick writes: "From ApacheWeek, probably the best net resource for Apache, comes the announcement of a binary build of Apache 2.0.39 for PS2 Linux. You too can have a server farm for web serving, and GTA3. Be nice and don't kill this guy's downloads page."

Mark Bainter writes "If you haven't checked out kbuild lately, you should. The new build system Keith Owens has put so much time into has a long list of benefits, including much shorter build and rebuild times, and greater accuracy. It appears his system is well liked by most, kernel developers (though not all). So the question is, why won't Linus merge it? Keith has been announcing for some time that it is ready to merge, and has worked very hard on trying to keep everything up to date as the development kernel continues to change, yet his requests to merge seem to be largely ignored. Linus did weigh in on the topic, but his views don't seem to resonate very far on the list, and seem rather arbitrary to me. Keith doesn't seem to be all that fond of Linus' thoughts on the matter either, and has called for an email campaign to get Linus to merge it in all at once. Perhaps instead of everyone on /. emailing their (partially informed) opinion to Linus, an open discussion amoung Linux users/developers who might not normally participate on the kernel list would lend some weight one way or another."

Mark Bainter writes "If you haven't checked out kbuild lately, you should. The new build system Keith Owens has put so much time into has a long list of benefits, including much shorter build and rebuild times, and greater accuracy. It appears his system is well liked by most, kernel developers (though not all). So the question is, why won't Linus merge it? Keith has been announcing for some time that it is ready to merge, and has worked very hard on trying to keep everything up to date as the development kernel continues to change, yet his requests to merge seem to be largely ignored. Linus did weigh in on the topic, but his views don't seem to resonate very far on the list, and seem rather arbitrary to me. Keith doesn't seem to be all that fond of Linus' thoughts on the matter either, and has called for an email campaign to get Linus to merge it in all at once. Perhaps instead of everyone on /. emailing their (partially informed) opinion to Linus, an open discussion amoung Linux users/developers who might not normally participate on the kernel list would lend some weight one way or another."

Mark Bainter writes "If you haven't checked out kbuild lately, you should. The new build system Keith Owens has put so much time into has a long list of benefits, including much shorter build and rebuild times, and greater accuracy. It appears his system is well liked by most, kernel developers (though not all). So the question is, why won't Linus merge it? Keith has been announcing for some time that it is ready to merge, and has worked very hard on trying to keep everything up to date as the development kernel continues to change, yet his requests to merge seem to be largely ignored. Linus did weigh in on the topic, but his views don't seem to resonate very far on the list, and seem rather arbitrary to me. Keith doesn't seem to be all that fond of Linus' thoughts on the matter either, and has called for an email campaign to get Linus to merge it in all at once. Perhaps instead of everyone on /. emailing their (partially informed) opinion to Linus, an open discussion amoung Linux users/developers who might not normally participate on the kernel list would lend some weight one way or another."

Mark Bainter writes "If you haven't checked out kbuild lately, you should. The new build system Keith Owens has put so much time into has a long list of benefits, including much shorter build and rebuild times, and greater accuracy. It appears his system is well liked by most, kernel developers (though not all). So the question is, why won't Linus merge it? Keith has been announcing for some time that it is ready to merge, and has worked very hard on trying to keep everything up to date as the development kernel continues to change, yet his requests to merge seem to be largely ignored. Linus did weigh in on the topic, but his views don't seem to resonate very far on the list, and seem rather arbitrary to me. Keith doesn't seem to be all that fond of Linus' thoughts on the matter either, and has called for an email campaign to get Linus to merge it in all at once. Perhaps instead of everyone on /. emailing their (partially informed) opinion to Linus, an open discussion amoung Linux users/developers who might not normally participate on the kernel list would lend some weight one way or another."

Mark Bainter writes "If you haven't checked out kbuild lately, you should. The new build system Keith Owens has put so much time into has a long list of benefits, including much shorter build and rebuild times, and greater accuracy. It appears his system is well liked by most, kernel developers (though not all). So the question is, why won't Linus merge it? Keith has been announcing for some time that it is ready to merge, and has worked very hard on trying to keep everything up to date as the development kernel continues to change, yet his requests to merge seem to be largely ignored. Linus did weigh in on the topic, but his views don't seem to resonate very far on the list, and seem rather arbitrary to me. Keith doesn't seem to be all that fond of Linus' thoughts on the matter either, and has called for an email campaign to get Linus to merge it in all at once. Perhaps instead of everyone on /. emailing their (partially informed) opinion to Linus, an open discussion amoung Linux users/developers who might not normally participate on the kernel list would lend some weight one way or another."

Mark Bainter writes "If you haven't checked out kbuild lately, you should. The new build system Keith Owens has put so much time into has a long list of benefits, including much shorter build and rebuild times, and greater accuracy. It appears his system is well liked by most, kernel developers (though not all). So the question is, why won't Linus merge it? Keith has been announcing for some time that it is ready to merge, and has worked very hard on trying to keep everything up to date as the development kernel continues to change, yet his requests to merge seem to be largely ignored. Linus did weigh in on the topic, but his views don't seem to resonate very far on the list, and seem rather arbitrary to me. Keith doesn't seem to be all that fond of Linus' thoughts on the matter either, and has called for an email campaign to get Linus to merge it in all at once. Perhaps instead of everyone on /. emailing their (partially informed) opinion to Linus, an open discussion amoung Linux users/developers who might not normally participate on the kernel list would lend some weight one way or another."

Mark Bainter writes "If you haven't checked out kbuild lately, you should. The new build system Keith Owens has put so much time into has a long list of benefits, including much shorter build and rebuild times, and greater accuracy. It appears his system is well liked by most, kernel developers (though not all). So the question is, why won't Linus merge it? Keith has been announcing for some time that it is ready to merge, and has worked very hard on trying to keep everything up to date as the development kernel continues to change, yet his requests to merge seem to be largely ignored. Linus did weigh in on the topic, but his views don't seem to resonate very far on the list, and seem rather arbitrary to me. Keith doesn't seem to be all that fond of Linus' thoughts on the matter either, and has called for an email campaign to get Linus to merge it in all at once. Perhaps instead of everyone on /. emailing their (partially informed) opinion to Linus, an open discussion amoung Linux users/developers who might not normally participate on the kernel list would lend some weight one way or another."

James Morris writes: "Here's an update on the Linux Security Modules project (LSM). In April last year, the NSA proposed SELinux at the first Linux Kernel Summit. Following feedback from Linus, the LSM project was initiated by Crispin Cowan to develop a generic access control framework for Linux which would allow different types of security policies to be implemented as loadable kernel modules. Rather than having to choose one security model, LSM aims to provide a framework for incorporating a variety of advanced security mechanisms into Linux with a minimal effect on the base kernel. This week, Chris Wright (the principal maintainer) formally announced patches for the 2.4 and 2.5 kernels. Chris will be presenting LSM at this year's Kernel Summit and giving a talk at OLS, hopefully kicking off discussion on acceptance of LSM into the main kernel. Projects which have already been ported to LSM include SELinux, LIDS, DTE, Openwall and Posix.1e Capabilities. Check out the newly re-vamped web site for downloads, documentation and general information."

James Morris writes: "Here's an update on the Linux Security Modules project (LSM). In April last year, the NSA proposed SELinux at the first Linux Kernel Summit. Following feedback from Linus, the LSM project was initiated by Crispin Cowan to develop a generic access control framework for Linux which would allow different types of security policies to be implemented as loadable kernel modules. Rather than having to choose one security model, LSM aims to provide a framework for incorporating a variety of advanced security mechanisms into Linux with a minimal effect on the base kernel. This week, Chris Wright (the principal maintainer) formally announced patches for the 2.4 and 2.5 kernels. Chris will be presenting LSM at this year's Kernel Summit and giving a talk at OLS, hopefully kicking off discussion on acceptance of LSM into the main kernel. Projects which have already been ported to LSM include SELinux, LIDS, DTE, Openwall and Posix.1e Capabilities. Check out the newly re-vamped web site for downloads, documentation and general information."

Kourino writes: "Marcelo announced the release of 2.4.18 a couple hours ago after 4 release candidates, but the tree marked 2.4.18 on kernel.org is missing the -rc4 patch that finally made the kernel releasable. Basically, what's marked as 2.4.18 is really -rc3, and what's marked as -rc4 is what should have become 2.4.18. According to Marcelo on #kernelnewbies, most users won't be affected, but people on SPARC systems should definitely grab 2.4.18-rc4. Your best bet is probably just to get 2.4.17 and patch to 2.4.18-rc4. Seems 2.4 is destined to be an "interesting" release branch ^_^; For the new release, head over to your favorite kernel.org mirror. (Marcelo will set things straight in 2.4.19-pre1.)"

Kourino writes: "Marcelo announced the release of 2.4.18 a couple hours ago after 4 release candidates, but the tree marked 2.4.18 on kernel.org is missing the -rc4 patch that finally made the kernel releasable. Basically, what's marked as 2.4.18 is really -rc3, and what's marked as -rc4 is what should have become 2.4.18. According to Marcelo on #kernelnewbies, most users won't be affected, but people on SPARC systems should definitely grab 2.4.18-rc4. Your best bet is probably just to get 2.4.17 and patch to 2.4.18-rc4. Seems 2.4 is destined to be an "interesting" release branch ^_^; For the new release, head over to your favorite kernel.org mirror. (Marcelo will set things straight in 2.4.19-pre1.)"

Lester Hightower writes "I am the CTO of a vertical market application service provider, and we have a couple of applications which could benefit from an interactive voice response (IVR) system. We are an almost-all Linux shop, and most of our production systems are CGI in Perl. I would like to get some feedback and/or recommendations from the Slashdot community on what hardware and software works well, is reliable, easy to maintain, and so forth." Recommendations against hardware, that do not work well for this type of application, are also welcome.

John Ineson writes: "There is a bug in the latest kernel releases, that causes fs corruption on umount. A lot of people have already been hit by this, so for now I suggest you hold fire on booting those new kernels. More dead-duck than greased-turkey. Two possible fixes are being discussed on linux-kernel." Colin Bayer adds links to a story at the Register and Al Viro's fix. Update: 11/25 00:39 GMT by T : Tarkie writes "Linux 2.4.16-pre1 is out, as detailed at NewsForge. If you've been having the filesystem corruptions, might be worth a try so that 2.4.16 can be out ASAP!"

MrHat writes: "Eric S. Raymond's CML2, or 'Configuration Menu Language' -- part of the next-generation Linux kernel build system -- is now officially ready for 2.5. CML2 includes a compiler for a domain-specific configuration language, used to configure kernel subsystems and resolve dependencies between them. CML2 and Linux 2.5 will 'ship' with several different configuration interfaces, including an adventure game, whipped up by ESR during an extended flight. The story from the horse's mouth (or LKML, if you prefer):'This release resolves all known logic bugs and rulebase problems. The only things left on the to-do list are convenience features and some minor improvements in the test/coverage tools. This code is now officially ready for the 2.5 fork.'"

Linus keeps hinting (declaring, even) that he's nearly ready to work full-time on the 2.5 development branch of his kernel, and hand the 2.4 kernel off to Marcelo Tosatti. Marcelo's graciously agreeed to answer questions (you might want to read some of his mailing list contributions first), so here's your chance to ask him what he'll do in the famous footsteps of Linus and Alan Cox, and how he got there. Please only put one question per post; we'll pass along the top-rated comments to Marcelo for his answers, and hear back from him shortly.

piranha(jpl) writes: "I went to download 2.2.x from kernel.org and noticed 2.2.20 is out. I believe this is supposed to fix the security vulnerability found in 2.2.19. Surprised I didn't see it on the main Slashdot page."

osiris writes: "Theo de Raadt has just announced that OpenBSD 3.0 is now accepting pre-orders. 3.0 will now be shipping with 3 cds supporting booting from cd for 6 architectures. Plus there is a bonus audio track on the cd :) Plus the all new pf firewall, which replaces Darren Reed's ipf. I hear pf is pretty rock solid with quite a few new features."

darksmurf writes: "In answer to repeated requests for an easy way to test linux kernel releases the OSDL has developed an automated testing framework called the Scalable Test Platform. The LK posting with examples is here and the main page is here. The system can do regression testing, benchmarking full environment documentation and various other goodies."

Ross Vandegrift writes: "Alan Cox released 2.2.20pre10 today, which includes security fixes. He is refusing to indicate what security holes have been fixed, as Unix-style permissions could be used as an anti-circumvention device. The thread starts here. " It'd be great if people could read the threads here and try to figure out what is going on. I'm a little lost, but it looks like he's being overzealous.

Pants Ripper writes: "In a victory for all Linux users, Linus Torvalds declared jihad on annoying 'informational' kernel boot messages. I'm sure we'll all miss the inspirational 'spewtron driver 0.09 installed (C)2000 by Wardwick Extrusion' messages in our dmesgs." I've always thought those messages looked pretty interestingly verbose, but people want pretty boot-ups. And this Linus guy seems to know a lot about this "Lee-nuks," too.