Slashdot Mirror
What to Expect from Linux 2.6.12
apt-get writes "Saw this Linuxworld report from the annual Australian Linux conference, Linux.conf.au, in Canberra last week. The article outlines some of the new features we can expect for the 2.6.12 kernel release, including: support for trusted computing, and security enhanced Linux. The kernel developers are also working on improving the 'feel' of the Linux desktop with inotify for file managers and events notification so hardware 'just works'. Unfortunately no release date other than 'sometime soon' is given."
Just for those not in the know..
/home recursively. I don't remember why or which. :)
Inotify is a replacement for dnotify. With both you can watch for a file for changes. You can even watch a directory for changes. However with dnotify you couldn't recursively watch a directory for changes. To do so required basically 'opening' each folder and quickly you use up the maximum number of files you can open.
With inotify it still doesn't directly support recursively watching a directory but example code for doing so is given and doesn't have the same problems. One distro uses this for watching
As for the notification thing - that's part of HAL, and means usb pens, cameras, etc should be 'auto detected' and the user can be notified and asked what to do automatically.
But all in all, these new improvements sound great.
-address space randomization for defence against buffer overflow attacks and remote script kiddies.
Reiser 4, Xen suport, software suspend, trusted computing support,latency improvements and improved kernel space notification. - WOW - lot's o' stuff.
..........FULL STOP.
M$'s trusted computing is aimed at MPAA/RIAA: "You can trust M$ to not allow users access to your data even though its on their computer"
Linux trused computing is aimed at users/admins: "You can trust that User A can't muck with User B, expecially if User B is root!"
1. There is no 2.7 tree, so no backporting.
2. Why do you assume, that the interest is sudden? Maybe the technology is simply deemed ready (as in tested and reliable enough) now to go into the main kernel?
dickhead
It's a different thing. The 'trusted computing' in Windows is all about DRM, preventing you from getting access to data on your machine.
The 'trusted computing' in Linux 2.6.12 is about being able to run a process that is restricted in what it can do (read and write to a pipe, essentially), so that you can run an arbitary downloaded binary without worrying that it will do bad things. (think: distributed.net, SETI, etc).
Gah, I hate responding to trolls, but this needs said.
Sony put Linux on the PS2 themselves. Don't go blaming the Linux community for doing something immoral to get Linux on it, cause the company is responsible for the PS2 is also responsible putting Linux on it. Hell, the site you point to was set up by SONY as a community site.
Food for thought.
My sig can beat up your sig.
I'm not sure what your post is saying.
Hardware support has nothing to do with feature creep (directly anyway - indirectly they effect underlying device systems like usb,scsi,ide etc).
Seemless hardware support (HAL etc) is a new feature, so point there.
The inotify thing is a replacement for dnotify (I know you didn't mention it, but it was in the article) so doesn't add any features really, just fixes bugs.
The whole thing about relying less on chaining... I just didn't get.
Can you give any example where something that used to be considered to be a user space problem is now kernel space? It's always been known that we need kernel notifications for hardware etc.
The 'chaining' thing will never go away - you'll always need kernel space talking to user space middle ware talking to user space apps.
Nobody has ever thought otherwise, and unlikely anyone will ever think otherwise.
The 'whole units' bit only makes sense if you're a manager.
"It would be nice to see some componentization of the kernel to allow for easy stripping of unnecessary features, but as the kernel will stand, the features are all necessary."
Erm...you can do that now and have been able to for most (all?) of the last decade.
At runtime, there are modules. At compile time, whole sections of code can be removed.
The Linux kernel is only monolythic at the lowest levels; it's not a microkernel message passing system and that's not going to change. That's one of the reasons why it has been ported to so many processor architectures -- even the arch-specific parts only get added if you are compiling for that processor!
What function(s) do you see specifically?
Don't post anonymously if you want a reply.
In Soviet Washington the swamp drains you.
It isn't usefull by itself, but if you combine it with ExecShield and SELinux it could be a useful security layer.
Frankly, it's your responsibility to do some research before you buy hardware. :)
I was bitten by Wifi too, I saw that prism54 was in the kernel so I bought an SMC 2802W. Unfortunatly, it turns out that the 2802W was silently replaced everywhere with the 2802Wv2 (same model number, FCC ID, no way to tell the cards apart).
Of course, the 2802Wv2 is of course totally different on the inside, and was produced after Conexant; they seem to have used the same shitty design as they did for their Winmodems; apparantly the 2802Wv2 offloads all the work to the host CPU, which means the driver has to be a lot more complicated. And asking Conexant for hardware specs is about as likely to work as is building a space elevator out of cheese.
To get back on topic: if you want a low quality driver you can probably use ndiswrapper + whatever hunk of shit your card's manufacturer supplied you with for use in Windows.
Yes, exactly that. It can compute, take input, and return output, but nothing else.
It's like running an application in a very locked-down sandbox.
If you're a *nix user, think really cool chroot jail.
Every day I see a new bug on the ieee1394 mailing list. There are some serious issues with firewire on linux. It is nowhere as mature as it is on winxp or macosx. DMESG spits out lots of errors, sometimes my drives unmount themselves when I transfer 50gb+ (ext3/reiser were massacres, xfs was slightly better). Even with the latest kernel these problems persist.
You don't need to recompile the entire kernel to load a driver. Drivers can be compiled against a running kernel and installed right there and then, assuming they're written properly.
I've changed my graphics card many times. Unlike Windows I didn't need to "pop in the driver CD", I just turned the computer back on and it worked.
I suppose we could tell people to put a music CD in their computer and then reboot it a few times so that they feel they've "done something", but honestly, why not just let them use it?
You're right about TCPA, but the 'trusted computing' stuff going into 2.6.12 has *nothing* to do with TCPA support - it's more like a fancy chroot jail for a specific class of untrusted processes.
Your post is as incoherent and paranoid as it is long.
The problem with what you understand as Trusted Computing is that someone else gets the keys. They can decide what your computer can run and what it can't. Obviously this is bad and justifies the acute paranoia from which you seem to be suffering.
With the Linux implementation, you get the keys. So you can sign all of the executables you normally use and tell the kernel to only run them. Anything unsigned (e.g trojans, rootkits etc..) won't run.
It's a useful security feature. It's not about the RIAA preventing you from running that Britney Spears mp3 that you downloaded from Kazaa.
In most FPS games you typically respond with very small, quick mouse movements. The faster you poll the mouse the more accurate the mouse motion can be tracked which means less undershooting/overshooting your target intended target.
Is it a night and day difference? No.
I'm curious; how does this yield a visible advantage when the screen's refresh rate is 100Hz tops?
(a) You mean you aren't overclocking your screen?
(b) Then it obviously yields an invisible advantage.
Many people are complaining about what Trusted Computing can/will be used for. Quit whining, for two reasons:
First, Linux is open-source, so you can modify or disable whatever you want. Unlike a binary kernel, you can remove code you don't like, and the rest of the kernel will work without it (if you remove it cleanly). In other words, it's not being forced upon you by the OS distributors. If a company decides to make software that requires it, that will be their decision to make and their problem to solve.
Second, TC has uses other than the oft-cited "make sure the computer only has $OMINOUS_ADJECTIVE software here", for Orwellian values of $OMINOUS_ADJECTIVE such as "permitted", "approved", and so on. In fact, Trusted Gentoo is setting up a system that uses the TPM (Trusted Platform Module--"the chip") to make sure your kernel and bootloader hasn't been tampered with and keep your SSH keys from being compromised. "Trusted" simply means that there is an uncompromisable encryption and verification (signing) system in the computer. It can be used for good or evil. Linux gives you that choice.
Tired of free iPod sigs? Subscribe to my blacklist
(posting anonymously, cuz I work at verisign, though not in any of the cert-related depts...)
Free clue -- VeriSign's raison d'etre is not to convince end users that Business X is "trustworthy", only to verify whether or not someone representing themselves as Business X is in fact Business X. We verify the connection(s) between a real-world/meatspace identity and an electronic identity.
If We Install Spyware, Inc. applies for a SSL cert for www.weinstallspyware.com, our job is to verify that the guy requesting the cert is actually works for We Install Spyware, and that the domain name is also legitimately connected with the company. Ditto for code signing certs.
If, after we have verified that yes, indeed, the spyware you are about to install is really from We Install Spyware, Inc, you still want to install it, then hey, that's on you. We verify the company's identity, that's all.
You could implement this with standard Unix permissions. Create a user for the application, give it access only to its pref and docs directories, and set uid of the binary to this user. Kludgy (docs you create with it will be assigned to the app's user, not you) but kinda works.