Slashdot Mirror
What to Expect from Linux 2.6.12
apt-get writes "Saw this Linuxworld report from the annual Australian Linux conference, Linux.conf.au, in Canberra last week. The article outlines some of the new features we can expect for the 2.6.12 kernel release, including: support for trusted computing, and security enhanced Linux. The kernel developers are also working on improving the 'feel' of the Linux desktop with inotify for file managers and events notification so hardware 'just works'. Unfortunately no release date other than 'sometime soon' is given."
does this mean I can tust my computer now?
:-(
we've had a growing apart since it started cheating on me and got a virus
Never ask for directions from a two-headed tourist! -Big Bird
Wow, looks like you've found some sort of "pattern" there.
Quick, patent it!
Someone set us up the bomb, so shine we are!
Is the inclusion of trusted computing a good thing here? Many people in the /. crowd didn't seem to like the idea of it's inclusion in Windows...
Was its inclusion in the kernel by choice?
Are they backporting from the 2.7 tree? I know that SE linux has been around for a while, but why the sudden interest by the kernel maintainers?
I know I'm going to rub a few feathers the wrong way, but I think this kind of feature creep is actually good for the Linux kernel.
The more features we can get into kernel mode, the less we need to rely on "chaining" and other Unix-way solutions and we can think more about applications and OS services as "whole units".
And since the majority of installations of this latest version will be on desktops, the more hardware support, the better the hardware support, the more seamless the hardware support, the better.
It would be nice to see some componentization of the kernel to allow for easy stripping of unnecessary features, but as the kernel will stand, the features are all necessary.
Just for those not in the know..
/home recursively. I don't remember why or which. :)
Inotify is a replacement for dnotify. With both you can watch for a file for changes. You can even watch a directory for changes. However with dnotify you couldn't recursively watch a directory for changes. To do so required basically 'opening' each folder and quickly you use up the maximum number of files you can open.
With inotify it still doesn't directly support recursively watching a directory but example code for doing so is given and doesn't have the same problems. One distro uses this for watching
As for the notification thing - that's part of HAL, and means usb pens, cameras, etc should be 'auto detected' and the user can be notified and asked what to do automatically.
'iNotify' Apple about this release and let's see what they have to say about 'iT'.
I think these changes are nice. But what Linux needs is a rethinking of the way device drivers are integrated. Bundling them all with the kernel will just no longer work (did you ever try to configure a kernel these days?). What I am looking for is a way to be able to use the same driver (aka 'module') in different kernels without having to recompile all over again, and the ability to compile a driver without having the complete kernel source installed.
---- join dshield.org Distributed Intrusion Detec
Also, how about growing files with mmap? Currently one can not mmap() beyond the end of the file on Linux...
In Soviet Washington the swamp drains you.
But all in all, these new improvements sound great.
-address space randomization for defence against buffer overflow attacks and remote script kiddies.
Reiser 4, Xen suport, software suspend, trusted computing support,latency improvements and improved kernel space notification. - WOW - lot's o' stuff.
..........FULL STOP.
M$'s trusted computing is aimed at MPAA/RIAA: "You can trust M$ to not allow users access to your data even though its on their computer"
Linux trused computing is aimed at users/admins: "You can trust that User A can't muck with User B, expecially if User B is root!"
This seems like a good thing to me. One of the advantages of Linux not been driven by a need to produce revenue.
The current linux kernel is pretty amazing if you think about it. It's running on everything from OS 390's right down to cell phones with features for everything inbetween. This flexability generally means that the kernel has a lot of untested combinations. Thats a potential problem.
The kernel needs a team of people that specifically tries to break the kernel. Right now kernel testing is haphazard at best. By devoting a team of people (just like the developers) whose sole purpose in life is to break the kernel we (the community) will improve the security, and quality of future linux kernels. It will also improve the quality of code going into the kernel.
The new code sounds very good - but the linux development community needs some hackers to break stuff.
Cluge
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
This is the most exciting kernel release ever. Some of these drivers have been out there for years when they really need to get into Linus' kernel ASAP.
Now let's get the intel wireless drivers, pvr250, CLE266, etc.
Let's keep it that way!
As long as the developers release it when it's done, and not according to some abstract schedule, we'll have the best operating system there is.
I don't know the meaning of the word 'don't' - J
The masses are slowly realising that proprietary, closed source solutions are not the way forward and that computers will mainly advance from the imput of the community.
Uuuh, I don't think that anybody has told the masses yet. You wanna tell 'em or should I?
GUN Linux
Eric, is that you?
Secure messaging: http://quickmsg.vreeken.net/
"Kernel advances such as position independent executables, non-executable memory regions, stack smashing protection and execution capabilities are introduced. Implementations such as PAX and exec-shield are compared." Now if they can just get those last few kernels to execute properly, we will have created flawless popcorn!
He who knows best knows how little he knows. - Thomas Jefferson
Are some drivers for my Promise TX4000 IDE controller so I can upgrade to a 2.6 kernel and benefit from the better software RAID...
SELinux has AFAIK been included in 2.6 for a long time already. What's new in 2.6.12? The article is pretty light on details.
It's like deja vu all over again.
.. but the article says Xen will run Windows, however the Xen website says that only an early version would run a ported version of Windows, and that it'll be when some new architecture of processors (announced by AMD and Intel) are available before it's actually supported..
*phew* That was one long sentance!
Dave
GUN Linux?
;)
Is that the new Linux that doesn't try and beat Windows/Apple/Unix with better features but just goes out and shoots them dead?
I was just reading the latest Kernel Traffic and it hit me how much of a flux the driver model seems to be in. Constantly.
Microsoft Windows seems to have had a stable driver interface since at least Win2K (probably NT4 too). The weird thing is that eschewing binary compatibility, like Linus likes to do, really ought to make it easier to stabilize a model? I mean, they have all the upsides with none of the downsides.
I really don't care personally -- I don't write drivers -- but isn't it a bit odd that the system is constantly rewritten (or at least majorly tweaked)? New month -- New driver model. New locking mechanism. New everything. What's not new is broken hardware sleep/resume!
Drivers aren't sexy, and it seems a lot of time is spent just spinning in place (no phun intended)
Ross Anderson's Critique
IBM's Rebuttal
Trusted Gentoo
IBM's rebuttal does a decent job of allaying some of the fears - for example, it states that it will not prevent you from running any OS & programs you wish to on your own computer (which, for the record, I believe - witness the Trusted Gentoo project and e.g. this this link). They state that their approach to Trusted Computing is not particularly well-suited to DRM, and on the face of it, I agree - there seems to be little attempt at restricting the user of a computer with the TPM from doing what they want. However, in my opinion, as a base for an utterly crippling DRM regime, distributors simply could not ask for a better setup, as I'll argue a little later.
So to re-cap, it seems that if you are running Trusted hardware, there are no restrictions on what you can do on your computer in isolation; you can install Linux, run any number of Open Source apps, etc. But the keyword here is in isolation, and it is here that the dangers of Trusted Computing are revealed. For you see, Trusted Computing enables the usage of remote attestation wherein a server may request a hash of all software currently running on your computer. This hash is, for all intents and purposes, unforgeable, and if you disable your TPM (as IBM stress that you can, and again for the record, I see no reason to disbelieve them), no hash will be sent. The server may then assess this hash of software (or note that no hash has been provided, in which case it may well treat your computer as Untrusted) and decide, based on what software you are running, to simply not serve you with whatever material you requested - for example, it may decide that it will not deliver MP3's to your computer unless it knows for a fact that the receiving application is one that is known to encrypt the content as soon as it is received (so that e.g. it simply cannot be viewed while not running in Trusted mode) and which will take every step to ensure that once received, the unencrypted content never leaves your machine (e.g. by being written to CD, e-mailed , etc.). As you can imagine, the above scenario is not at all far-fetched as the **AA/ other media distributors are positively *creaming* themselves at the thought of stamping out casual file-sharing or even making backups for your own use in some of your other devices.
So we are left with the situation where someone who does not use Trusted hardware (and is thus unable to respond to attestation requests) or those who do run Trusted hardware but whose software fingerprint is not deemed acceptable by the server will simply not be granted access to certain material, rendering such people at a big disadvantage. And it's no good buying hardware free from Trust chips from China or such places on the "black market"; this offers no advantage at all as Trusted hardware, as mentioned, does not stop you using your computer the way you want in isolation; the problem only occurs when you try to interact with other computers.
So far, this sounds unpleasant but not too bad (although I would urge you to read Anderson's linked essay for some more imaginative and serious abuses), but if we allow ourselves to follow the slippery-slope, we end up at the state where ISPs will not allow your computer to access the internet at all (for surfing, e-mailing, anything) unless you are running Trusted hardware and software. Obviously, the social, political and legal barriers to this occurence are non-trivial, but we've all seen ridiculous Acts qu
There is no 2.7 yet and Linux Torvalds still maintains the 2.6 kernel. All these new features just proove once more that 2.6 is not yet the stable kernel. Good that Sarge will come out with a solid 2.4. Even though I only operate a couple desktops I had my problems with 2.6 and actually went back to 2.4 on some machines. I sincerely hope that 2.6 will become stable sometimes soon.
Cheers
Gah, I hate responding to trolls, but this needs said.
Sony put Linux on the PS2 themselves. Don't go blaming the Linux community for doing something immoral to get Linux on it, cause the company is responsible for the PS2 is also responsible putting Linux on it. Hell, the site you point to was set up by SONY as a community site.
Food for thought.
My sig can beat up your sig.
Why are so many of the often used (and often needed) wireless drivers not included in the kernel?
Making wireless cards work in Linux is often a real hassle for the less knowledgeable folks. Wouldn't it be a good idea to smoothing things up a bit on that front. (I'd like to volunteer myself as soon as I have enough experience in this field - which will take a while..)
Why would they do that?
The kernel crew is making good coin at various companies or by consulting, working on a project that they enjoy.
Conformity is the jailer of freedom and enemy of growth. -JFK
so hardware 'just works'
...
Begun, the Just Works wars have
Apparently, accourding to some posts on the Linux Audio User list the latency in native 2.6.12 is as good as the patched 2.4 for audio use.
This is great news for all of us using Linux for audio. It's also a pretty mean feat, as the 2.4 low latency patches were a little bit brute force compared to the 'correct' method in 2.6 of fixing all the problem spin lock areas in the kernel, a much harder task.
Now all we need is to get the RT LSM module into the main kernel. (It allows non root uses real time scheduling without messing about, it's not vital for perfomance but nice for usability.)
I have not tried 2.6.12 myself yet, but have got great results with unpatched 2.6.11 kernels.
As someone who was there I can tell you that the highlight of the conference was Eben Moglen from the FSF's speech, and the double standing ovation that followed.
'There is a Light that never goes out.'
Maybe not but since you suggested it, go ahead.
It is free software, after all.
http://michaelsmith.id.au
What I meant by the above post is...I appreciate the rapid development, but the kernel has of late become a moving target. Doesn't anyone else out there wish the releases would slow down? I would like infrequent releases of a stable kernel rather than rapid bugfixes.
I realize that it is probably paid for by IBM as part of their campaign to try to dupe people into thinking that the DRM vehicle they call "trusted computing" (remember: that is "trusted" as in "other people can trust your computer to control you") is something benign. However, implementing "TC" in Linux feels like a gigantic waste of time: does anybody here REALLY think that the proprietary DRM applications that are the ONLY REASON WHY WE WOULD NEED "TC" are ever going to be ported to Linux?
Do you see the DRMed "music stores" (it is more like a barter: "give us your money and control over your computer, and we'll let some Britney and Fiddy come from your speakers!") falling over themselves to run on Linux? Do you think that is because Linux doesn't support "TC" or because those companies couldn't possibly care less about Linux as a platform? I'll give you three guesses. And the ENTIRE POINT with "TC" is to make it impossible for us to reverse engineer and write our own replacements for those applications - so be definition we can forget about that alternative.
All I can say is, I hope they had fun implementing it, and that they feel happy about the all the people who believe the astroturfing that "TC" isn't the Torjan Horse of DRM.
"TC" is DRM is the tool of closed networks, closed source, a closed society, and a closed future. People who believe it will coexist with Linux are so naive that it would be quaint if it wasn't so fucking scary...
This is why the bug fixes are passed back through the kernel releases.
If you constantly upgrade to the latest release then ofcourse you will bump into glitches now and then.
The highest number is not a gaurentee of stability , if you want stable then keep your system on a kernel a few releases back and just keep it patched.
The very latest releases feature
2.6.12 will be "bleeding edge" when its released and i wouldnt trust my working system to it unless i really needed something that was part of the kernel . Generaly its a good idea to wait untill 2.6.12 has had its fair share of testing before commiting to using it
The only things certain in war are Propaganda and Death. You can never be sure which is which though
Don't post anonymously if you want a reply.
In Soviet Washington the swamp drains you.
I don't mean to nitpick, but your spelling sucks
> What the fuck for?
the correct spelling would be
> What the fsck for?
Here here!
It's better to regret something you have done that to regret something you haven't done.
rtfa - this is a developer on the kernel team .. not a maintainer.
and he claims xen n reiserfs4 etc are gonna be in 2.6.12..
R I G H T !
_ In Egypt Networks: Network Solutions with a Twist
I have used your mum's box, and it was a pleasant experience. I must admit gaining root access was a laugh, even though bitchchecker had no luck :-)
Use ISO 8601 dates [YYYY-MM-DD]
I mean, WTF? People really are confused about GNU/Linux aint they? When the FSF asks you to refer to the entire system as GNU/Linux they are not asking you to refer to the kernel as GNU/Linux. So if you're going to post a story on Slashdot it that is 100% entirely about the kernel then it makes absolutely no sense to put it in the GNU section.
How we know is more important than what we know.
Trusted computing is OK, if you can trust the OS, and the OS trusts YOU.
I have no problem with Linux supporting the TPA, as I can trust Linux to do what I want it to do. I can trust Linux to not lock out apps that aren't signed by somebody I don't control (e.g. Microsoft) - in other words I can trust Linux to allow ME to specify who may/must sign my apps.
In such a situation, the acceleration provided by having hardware encryption routines is great!
Now, if I cannot trust the OS to trust me (*cough*Longhorn*cough*), then I definitely do not trust Trusted Computing.
www.eFax.com are spammers
I've only seen it on Red Hat boxes (and had not interest in forcing on myself in other boxes). Was it a Red Hat patch until this release?
.\.\att Clare
I thought it was a separate kernel patch. I took this announcement to mean it's been merged into the main kernel tree. Someone correct me if I'm wrong.
I do not agree with Trusted Computing. Recently I was offered to buy a brand new IBM sub-notebook at a very low price and I refused because it supported Trusted Computing. If 2.6.12 supports Trusted Computing I will never upgrade to it. I boycott it. There are more evil uses of Trusted Computing than good uses, so I see no reason why I should empower the corporations to dictate what software I should run on my computer.
Why is the already released stable kernel line getting new features? Why isn't it so that once announced stable kernel lines get feature-frozen and the x.x.xx updates would only correct problems, never introduce new features.
Isn't that the whole purpose of having separate unstable and stable lines? Each stable standing for certain features, the subnumber telling how many fixes have been applied, and the newest unstable being the ground where new features are introduced and tested before releasing them in the next stable line.
How are any of these feature `revolutionary' or any sort of significant milestone? Maybe it is in the Linux world..
SELinux, please. Solaris has had..
Reiser 4!? C'mon! Solaris 10 will have..
Xen you say? Eh, not to burst your bubbles but Solaris 10 now features...
Isn't that the exact point? This is noteworthy because these are features of LINUX, which LINUX didn't have before. By your arguements there would be no reason to ever start a new OS project. "Oh shit, we're adding harddisk support. That's been done, so... we can stop here."
I'm glad you're a fan of Solaris. So am I to an extent. But if we could get the same capabilities under the development and openness model of Linux, then how cool would that be? Sun likes to try and talk a big game, but they're never going to open up Solaris as much as Linux is.
I'm against picketing, but I don't know how to show it.
Agreed. Having random pieces of semi obscure hardware makes it importnat that the kernal (and distro) "just work" for my server and laptop. Both have debian with lots of customisation, but the kicker is my weird ide controller, some laptop stuff, etc, all working. Smoothly. and for now they do.
"Something's wrong with you...and I hope we never do meet again." - Deftones When Girls Telephone Boys
I'm running a circa-1999 machine, and have been running 2.6 since 2.6.0, and am currently running 2.6.11. I use it everyday, so it isn't just sitting idle. Here is my current uptime :
At the risk of starting a religious war, are you running any binary modules ? They can cause some stability problems.
I avoid binary modules, or rather, make sure that the hardware I buy is supported by official kernel device drivers. Back in 1993, when I first started to use Linux, you didn't have a choice - it was open source device drivers or the hardware just wouldn't work.
Here are some brief specs on my machine.
OpenGL isn't fully working on my Radeon 9200 yet, following the dri-development mailing list, there seems to be some bugs that are causing it to lock up. I've had glxgears run for about 4 minutes, then X locks up. If I desperately need it, I'll put my Matrox G550 back in.
In my experience, 2.6 has been as stable as 2.4.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
I deployed a test Reiser4 server at work. The data is stable and I have not lost anything. However, the Reiser4 partition is also an NFS share. This share regulary stops working. Only a reboot of the system returns the NFS server to a working state.
UNIX/Linux Consulting
> the most secure, bulletproof OS available?
> What could they possibly have to improve?
well, there were quite a few bugs introduced into 2.6.11 since 2.6.10, such as breaking IP networking over USB (something that caused quite a problem for many people (including me!).
am I the only person who things that the break-neck introduction of more features (bloat) into the kernel is taking priority over stability and testing?
Every day I see a new bug on the ieee1394 mailing list. There are some serious issues with firewire on linux. It is nowhere as mature as it is on winxp or macosx. DMESG spits out lots of errors, sometimes my drives unmount themselves when I transfer 50gb+ (ext3/reiser were massacres, xfs was slightly better). Even with the latest kernel these problems persist.
Should you be curious, I've posted the slides to my talk on LWN.net.
Jonathan Corbet, LWN.net
Once I heard about a new notifer system I started to get a bit excited.
What would be nice is:
A system that detects when I insert any USB device, and it knows if its a filesystem drive - and mount it! Pops up a bubble or something in my GUI to let me knows its under control.
When new hardware is inserted, whatever interface, my desktop notifies me - and tells me its been configured and installed.
The future is bright!
One feature that isn't talked about much, but is very popular amongst gamers is the configurable USB mouse polling rate. For years it has been available as a kernel patch, but now it has finally been included in the kernel. This means no more recompiling your kernel just to increase your mouse polling rate from 125hz to 500hz. It can now be set from your boot loader or from the command prompt.
Why is this so great? Well, the typical polling rate of 125hz for USB mice is noticably less smooth than a polling rate of 500hz, whether you are using your mouse in games or a desktop app. For this reason many people preferred to use PS2 mice, as they could be polled at up to 200hz. Now with this new feature, PS2 can be retired. Get yourself a high resolution USB optical mouse and set the polling rate to 500hz.
You can feel the difference.
Umm...as far as I was aware Intel wireless drivers ARE in the kernel... I mean I have used my Intel Pro Wireless card successfully in both Ubuntu and Mepis...
My Site, My Life
I'm curious; how does this yield a visible advantage when the screen's refresh rate is 100Hz tops?
> since it started cheating on me and got a virus :-(
Maybe it got it from those porn sites you keep dragging it to...
Its a kernal patch developed originally by the NSA.
SELinux
Or have you only comfort...that stealthy thing that enters the house and guest then becomes host, then master - KG
All your options where the user can sign their own software could be done with no hardware support. The kernel could check these sums just as easy before running the program.
The idea of hardware to do encryption is nice, but this is the same industry that thought it was a good idea to save $3 by making the CPU do all the calculations formerly done by the modem chip (at a time when those calculations required 20% of the CPU power). So in no way are they adding this chip because it will speed things up.
The purpose of Trusted Computing is to introduce a public-key encryption where only the manufacturer knows the private key. There is literally a type of data that you *cannot* create, but the manufacturer can, and a simple test to see if a file is that type of data. The purpose is to make it impossible to write software for your own computer. Anything else is a smokescreen.
Arg, people are constantly overusing signatures and "signed code". Signed code just signifies that the contents of the package match what the packager packaged (ie. no tinkering). It does not by itself stop malware. A packager can unwittingly package malware or worse a packager can knowingly package malware, sign it and get people to run it.
I feel that measures like this need to be used carefully less you want to get into a situation Windows is currently in. So many tools and so many mechanisms that are convoluted and not exactly integrated with each other make for an unusable security system that users would rather defeat than enable.
I do easily admit that there are places where trusted implementations of Linux make sense. Off the top of my head "sealed" embedded Linux kernels would make great use of this mechanism. However most Linux desktops do not need another set of tools to lock down security. The kernel should offer the generic facilities but I'll be disappointed if it is forced enabled on all kernels.
I've used Solaris/SunOS for over 15 years, and there are some ways in which Solaris is inferior to most Linux distros: not nearly as many hardware devices supported in the x86 world, not as many foreign file systems supported, and only runs on sparc and x86. As for ZFS and some of the other future things you've mentioned, it doesn't count until it's released. So I would say go plug your Solaris 10 into your laptop with wireless card and USB camera and see how well it works. Then install it into your high end HP or IBM x86 server with fancy RAID card and dual gigabit ethernet, and see how it works. It *won't* work.
... is how "This should come as no surprise to anyone who has followed the Linux movement from the day Linux wrote the kernel." Take that, proprietary software! Linux is so advanced, it writes itself!
--grendel drago
Laws do not persuade just because they threaten. --Seneca
Reality is for people who can't handle fantasy.
But I think what he was aiming at with the font issue is "stealing" MS fonts and using them with Linux, an issue he mentions seperately from the SCO crap. Of course, the only thing he mentions are instructions on how to use the fonts, meaning users would have to have them already... implying that they would already have a liscence to use them...
My sig can beat up your sig.
Dude. Take a deep breath. Then repeat the word "modularity" to yourself until you understand it. Then go install tiny-linux, and also---I only say this because I care---consider switching to decaf, 'kay?
--grendel drago
Laws do not persuade just because they threaten. --Seneca
It scares me to still hear Reiser 4 being described as "having problems". Anyone knows more?
I know that you don't have to use it if it scares you so badly.
I don't think they're going to have to remove Ext2 from the kernel to make room for Reiser4.
Ah no, that would be "Definitely in 2003, no 2004, I mean 2005, no 2006" etc.
Another benefit of open source is that it doesn't need marketing spin, because often the underlying gist is 'whenever we can'.
We all live in a state of ambitious poverty. -- Decimus Junius Juvenalis
Feel free to fork your own and release AClux or whatever you want to call it. Then your API can bash it out with Linus's, and the best one will win.
Just sayin'.
This is especially nice for folks running webservers, etc. - now you can force people to only run CGI programs that you have signed (and thus inspected). I wonder how many webservers have been hacked because someone left their personal copy of the php or perl binary in an open cgi-bin.
Because this one goes to eleven, see?
In most FPS games you typically respond with very small, quick mouse movements. The faster you poll the mouse the more accurate the mouse motion can be tracked which means less undershooting/overshooting your target intended target.
Is it a night and day difference? No.
SELinux is in the main tree, it's just not turned on by default. Same with the kernel preemption feature. I'm not sure what the article is on about.
When I saw this story on the front page, it had 286 comments. Very appropriate, since the purpose of "Trusted Computing" is to turn the clock back to the bad old days.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
Anybody know when we can expect to see full and relatively bug-free acpi support? I'm tired of using hacks like radeontool.
Linus adopted a new versioning system. Instead of having 2.6.x be the stable releases, and 2.7.x being the development releases, now 2.6.x is the development release and 2.6.x.y are the stable releases.
So, instead of changes piling up in a long-lived development series, we get a new stable series based off of every development release.
DNA just wants to be free...
I dig this crap up from my job. As far as HP product line, we mainly sell DL-580, 585 and DL 380 to customers. OpenSolaris, heheh, let's see Sun release that first.
As an aside, I'd like to tell the world how badly Solaris 9 sucked installing on Sun's very own V20Z, didn't detect the video settings AT ALL and gave a crappy 640x480 X11 display. And with either Solaris 9 or 10 the power supply ran very loudly at full tilt, never adjusted downward for very cool environment i had that thing in.....getting the feeling Sun is rushing stuff out the door in x86 land over here.
ipw2100, 2200. afaik you still have to build these separately.
And how about a way to build NVIDIA 3d into the kernel.
I'm curious; how does this yield a visible advantage when the screen's refresh rate is 100Hz tops?
(a) You mean you aren't overclocking your screen?
(b) Then it obviously yields an invisible advantage.
It's in 2006: The Year of Linux on the Desktop(TM)
Many people are complaining about what Trusted Computing can/will be used for. Quit whining, for two reasons:
First, Linux is open-source, so you can modify or disable whatever you want. Unlike a binary kernel, you can remove code you don't like, and the rest of the kernel will work without it (if you remove it cleanly). In other words, it's not being forced upon you by the OS distributors. If a company decides to make software that requires it, that will be their decision to make and their problem to solve.
Second, TC has uses other than the oft-cited "make sure the computer only has $OMINOUS_ADJECTIVE software here", for Orwellian values of $OMINOUS_ADJECTIVE such as "permitted", "approved", and so on. In fact, Trusted Gentoo is setting up a system that uses the TPM (Trusted Platform Module--"the chip") to make sure your kernel and bootloader hasn't been tampered with and keep your SSH keys from being compromised. "Trusted" simply means that there is an uncompromisable encryption and verification (signing) system in the computer. It can be used for good or evil. Linux gives you that choice.
Tired of free iPod sigs? Subscribe to my blacklist
Do you see any value in your participation in this thread?
In Soviet Washington the swamp drains you.
I'm afraid you'll have to educate us - how do Solaris' MAC facilities measure up against SELinux? Are they as flexible? Do they offer any more features? In what way are they better?
Xen and Zones are different things. Yes they both provide virtual servers but in different ways. Both have strengths - the ideal system would support both.
Xen:
* virtually no performance penalty
* supports live migration of virtual servers
* runs Linux 2.4 / 2.6, FreeBSD 5.3, NetBSD 2.0, Plan 9 in guests
* can live-migrate virtual machines between physical hosts
* greater isolation of virtual servers for better security / robustness
* can almost certainly run on more hardware than Solaris
* can run device drivers in fault-resistant sandboxes
* can be used to debug guest OS kernels
Zones:
* lower memory footprint than Xen (and more flexible in memory usage)
* even lower performance penalty, approaching zero (if Sun have Done It Right)
* lighter weight virtual servers than Xen, with better resource sharing between virtual servers
A combination of the two would be really useful - use Xen where you need migration, high assurance isolation, etc. Use VServers where you are less concerned about these issues and want lighter-weight virtualisation.
Neither is "better" than the other without considering the use case.
This also works in linux. You just need to call mremap after the ftruncate call.
First off, a CRT's refresh rate can be above 100hz, but even so, the CRT's refresh rate is not synchronized with the mouse polling rate. So the cursor drawn to the screen is done so using the last mouse polling data. With 125hz, this means the data could be 8 miliseconds old, while with 500hz, the data is a maximum of 2 miliseconds old. Hence there is less lag in physical mouse movement and its logical and visual effect.
It is actually more complicated than that, but those lag values are for lag due to mouse rate alone. Of course the CRT refresh rate introduces its own lag. But in short, keeping monitor refresh rate constant, because the monitor is not synchronized with the mouse, increasing the polling rate of the mouse makes for an improvement. Conversly the same can be said for increasing the refresh rate of the monitor.
You don't have to take my word for it. If you are already using a good USB mouse at 125hz, try it at 500hz. You will notice the difference. Once you use 500hz for several days, try switching back to 125hz. You will hate it. The difference is even more noticable with higher resolution mice, such as 800 dpi and 1600 dpi optical mice because the movement delta can be quite large and a delay of 8 miliseconds of a large delta "feels" awkward.
Of course, if you use a very crappy low resolution USB mouse, the difference is harder to notice.
I should also add that even if an advantage is not visually apparent, it can still be an advantage. The fact that the mouse movement is logically updated more frequently can also lead to additional advantages. Take an extreme case using an bitmap drawing tool like Gimp or Photoshop. If I drag the drawing tool in a circle, the smoothness of the circle that is drawn is not determined by my CRT's refresh rate, it is determined by my mouse's polling rate as each poll returns an X-axis and Y-axis movement delta. The slower the rate, the more "jaggy" and unsmooth the drawn circle.
In the extreme case, the CRT can not refresh at all, say by turning it off or by breaking it so that it continues to display the same beginning image permenantly. Obviously the circle won't be any different, keeping the movement of the mouse constant.
Anyway, try to get my little program to work on Linux (without local buffers) and send me the diff...
In Soviet Washington the swamp drains you.
Give me any prime number, I don't care how big it is. I will instantly factor it with nothing more than my brain! Which is, of course, why I can defeat crypto systems just be looking at them! Amazing, isn't it?
(I love it when people who don't really know cryptography start spouting off canned lines with the keywords factor (verb) and prime.)
Join Tor today!
I dunno if you are just kidding, or if you really cannot do this. The program does not need mremap because you ftruncate before mmap and after munmap.
First, You need to make sure that your size parameter is page aligned. Besides that, you cannot mmap a file opened O_WRONLY. You need O_RDWR.
Diff at http://www.dcc.ufmg.br/~davi/mzip.diff
Any chance the OOM killer / overcommit issues will be fixed? They've been keeping the 2.6 series out of the hosting center since day one.
--- It is not the things we do which we regret the most, but the things which we don't do.
I though the cle266 drivers has been included in the kernel for a while? VIA opensourced them a while back IIRC.
Linux just recently dropped support for PC-XT hard disks, including MFM and RLL. (the "xd" driver, for /dev/xda and /dev/xdb) These drives would be 20 years old now; surely they have all died.
Of course, PC-XT hard disks were long obsolete before Linux was invented. They were nice back around the time that people were transitioning from the 8088 to the 80286 or using the V20 and V30 clones.
PC-XT disks were weird. The controller would use an 8-bit (short ISA) slot. There was a shared data cable, with a connector for the controller and one for each drive. There were also point-to-point control cables. So the controller card had 3 connectors on it, and the drives had two (or 3 if you count power).
Look, a UNIX OS is not allowed to behave this way.
It says so in the UNIX spec, which FreeBSD so often
violates.
because the monitor is not synchronized with the mouse
I think this is the most important point in your comment. If the mouse polling was synchronized with the monitor you'd get a better result than by polling at 500Hz, and you'd use less CPU power as well. This is one of the cases where the Amiga hardware was superior to the PC, and still is. I mean about 20 years ago the Amiga got timing of input, video and sound exactly right. How come the PC still doesn't do this right?
Do you care about the security of your wireless mouse?
I would also like to mention that everyone gives Microsoft s#!@ for mentioning a phrase like that ("nothing they do ever works, haha"...lame), but when linux developers mention it, then everyone rejoices.
Fast Federal Court and I.T.C. updates
Khmm, your diff works (except for the MAP_SHARED/MAP_PRIVATE hunk -- you need to keep the MAP_SHARED or else no output is ever written to disk). The requirements for the size alignment and O_RDWR are odd, but not show-stopping.
I wonder, what the problem was, when I last tried this on Linux... Probably, it was that I tried a non-aligned output size and O_WRONLY and blamed the error on the lack of real backing store (unfairly).
Alright, one down, one more to go. Can epoll be used to make tail -f better, the way kqueue is used on FreeBSD?
In Soviet Washington the swamp drains you.
Is this language normal for Linux-related discourse?
Apparently so. Most non-kernel projects are quite polite, but I've seen some kernel (and GNU) discussions that would make even Theo blush. It's what happens when immovable egos collide in Linuxland. The casual vulgarities and insults may have kept the kernel from forking, but it hasn't done much to enhance the maturity level of the participants.
Don't blame me, I didn't vote for either of them!
As long as Trusted Computing is a module, I don't see why so many people are complaining about it. That's the nice thing about linux, you can turn just about any "feature" off. My only complaint would be that the developers could probably have spent their time doing something more useful, but I'm not paying them to do it so what right do I have to argue with what they implement.
It can make sense to have them decoupled.
If, for instance, the card can render faster than the monitor can display, then you can do things like motion blur to account for some of the perceptual difference.
This implies that having the mouse sampled at a higher frequency than the output device is still useful.
great.. now linux is really starting to windowsify. when they write "it just works" they really mean "we will attempt to predict what you want and run any number of automated tasks and relieve you of all control you might have had" -- it's never to late to give up
/* it's never to late to give up */
Who claimed it was the most secure, bulletproof OS?
There are much, much more secure systems out there than linux. Check out MULTICS sometime. Note that no one uses it anymore, since it requires special hardware to run.
You will never need these features until you find yourself working with massive multiuser machines or classified processing. It's a government project, go figure.
Read up on the SELinux docs on more info, and why the target audience for windows/desktop linux/macos would never care. Most people making claims about linux's security as opposed to other OS's are comparing it to windows, and in terms of vulnerabilities. That's a whole 'nother ball of wax.
Those who can't do, teach. Those who can't teach either, do tech support.
Where Where?
Those who can't do, teach. Those who can't teach either, do tech support.
Switch to using FAM (File Activity Monitor) on both systems. It's a daemon implemented on top of kqueue (on *BSD) or dnotify/inotify (on Linux). It talks to instances on other machines to work properly across network filesystems. It also abstracts the underlying API for you. It just gives you a file handle to plug into your monitoring loop, and an API to call when it has input. No need to care if it's using kqueue, dnotify/inotify, or (in the worst-case scenario) a timed loop on the backend.
There's your practical answer. If you'd like to know why you can't directly see when a file handle grows with select/poll, read on.
The thing is that regular files and socket/pipes/character devices are treated in a fundamentally different way on Unix systems. Sockets have nonblocking IO and select/poll. Regular files have much less support - a separate, nasty async API on some systems, and inotify/dnotify on Linux/kqueue on BSD for notifications. (Something on IRIX...they built fam there, after all.) This doesn't make a lot of sense and people like DJB have argued that this doesn't have to be, but...well, that's still how it is.
kqueue is no exception. They've grouped a number of things into the same system call and made it more convenient to safely wait for several types of events at the same time, but you still can't treat them in the same way. On Linux the equivalent of kqueue is accomplished through:
The biggest pain there is handling signals and epoll stuff simultaneously in a correct manner. If you need to, I urge you to check out the documentation for my sigsafe library. It describes some things not to do plus a couple good ways: the self-pipe trick (a popular way if you're using select/poll/epoll) and my own sigsafe_* signal call wrappers.
I was running bridging between multiple Qemu instances (around 5), using tun/tap interfaces on a 2.6.9 kernel. There were some problems and I reported them to the netdev mailing list. It was suggested that I try out the then current 2.6.10-rc, and they disappeared.
Here is the URL for my post to the list :
[2.6.9] Networking crash, slightly exotic setup, bridged tap/tun
Have you reported the problems to the netdev mailing list, or possibly the bridge maintainers ? Here are the bridge details from the MAINTAINERS file in the linux kernel source :
and the netdev list
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
Interesting library.
By the way, there is somewhat portable way to do the same thing that doesn't need syscall wrappers or cpu-specific and os-specific assembly language. That is to call dup2 in the signal handler, to replace the fd that's about to be blocked on with a non-blocking pipe writer whose read partner is closed (dup2 is specified as async-signal-safe, and generally is). You can't write and can't read it, so those operations return without blocking or changing the pipe's state. Afterwards you can use dup2 again to restore the original descriptor.
Enjoy :) :)"
-- Jamie "portable code 'r' us
You know, 8 years ago, Solaris was on x86, and all the source code was released. Then Sun thought that they were winning. So they pulled the source code, and they pulled it off x86. Then they withered. Now, they ported back to x86 with a half ass port and license. Cool, that is their choice.
But 5 years ago, I told a friend of mine who is a solaris kernel hacker that Sun (just as you are a Sun employee) would go down for that and other reasons. But now, Sun will stay down due to people like you and McNealy. Learn some humility as well as some reasoning. Until your ZFS is out, it is worthless.
Back in Linux 2.0, I had extended ext2 with many of the capabilities that rfs 4.0 has now. Tsu rejected it, but liked it and suggested that I move it out of the filesystem and make it adopt on top. Made sense. rfs will do the same in the end. At that point, It think that Linux fs will be killing solaris.
Your in-house benchmark in networking showed that Solaris pre-10 was getting creamed by Linux 2.6, so many of the core ideas of Linux networking was adopted into Solaris 10. In fact, Solaris 10 was so late due to the rewriting of the network.
You may continue to act like a MS sales person from the mid 90's, but a number of OSs have fallen before true OSS systems. I suspect that Solaris will simply be another.
I prefer the "u" in honour as it seems to be missing these days.
Also, last time I checked (about a year ago?) fam was, sadly, not using kqueue on FreeBSD. In fact, fam-2.6.9 on my FreeBSD-5.x box is using almost 10% of dual Xeon 450MHz right now... But that is a problem for fam-port maintainers.
In Soviet Washington the swamp drains you.
dnotify is in the production kernels and has been since...before 2.4.x, anyway. It's not as shiny as inotify, but it will do what you want.
I am a bit late to the party but what the hell. On bigger SPARCS Sun also have dynamic system domains which allow you to split the machine up physically into a subset of fault tolerant entities. Unlike LPARS/uPARS on P-series you also get electrical isolation. This coupled with zones gives you virtually as much granularity as you need. Unlike IBM's virtualization, Solaris Zones also work on single CPU X86 machines. Oh, and it's free.
Why hasn't the PC done it, while the Amiga did 20 years ago? Well, the Amiga was designed, while the PC as we know it today evolved, many times in a very ad-hoc manner. Similarly, compare a natural language such as English with one of the many psuedo natural languages like Lojban. Why are things this way? Legacy. PC's are popular because of legacy-technology reasons, and they are also flawed because of their support for this legacy technology. The same goes for natural languages like English, versus designed languages like Lojban.
It would be nice if the kernel had a bug tracker so I could see who's to blame for this stuff...
Try to imagine that I *want* to use it.
"We can confirm that Debian does *not* ship the version with the trojan horse. Our version predates it." [CA-2002-28]
ArsTechnia have done a stunning write up on changes in Tiger, and they report
"Thanks to the kernel hooks that make Spotlight so magically responsive, the Tiger Finder can no longer be surprised. It reflects file system changes instantly, regardless of their source."
In Soviet Washington the swamp drains you.