I've been using the 2.5 series since 2.5.66 or so. The main reasons I recommend 2.6 are:
Greatly improved responsiveness under heavy load -- I no longer notice cpu-intensive tasks like a kernel recompile or the slocate database rebuild cron-job happening in the background. And X isn't even running with higher priority.
Built-in ALSA (Advanced Linux Sound Architecture) -- much improved audio, especially audio recording
Improved ACPI power management and CPU frequency scaling (my main machine is a laptop)
Software suspend (just like hybernate on Windows), again handy for laptop users, or those who like to sleep without listening to the whine of their super mega cooler CPU fan / vacuum cleaner attachment.
Built-in IPSEC support. This is mostly useful for those who need to set up VPN tunnels. I imagine it is more efficient to handle IPSEC inside the TCP/IP stack itself
These are the ones I can think of off the top of my head. I haven't used the built-in IPSEC yet, and software suspend still doesn't work properly on my laptop, but it's not far off. 2.6 will be a pretty sweet series.
I mean really how often do you have to reboot your linux box? This isn't the days of Win95 where you had to reboot daily. The most your should ever have to do on a linux box is Cntrl-Alt-Bkspace to restart X because something went way wrong. If your actually having to reboot your linux box more than once a month your either playing with too many kernels or have a serious hardware problem.
I have a serious hardware problem. I run Linux on my laptop you insensitive clod!
Perhaps someone (or a bunch of people) should download the Slashcode and make a standards-compliant version?
I thought about it before and might just do it eventually. The question is, will it actually be used? A major geek site like Slashdot should really make it a priority to conform to web standards.
Microsoft should stick more to what it's good with, being a user friendly operating system where security isn't a concern for the end user.
Perhaps MS should make a desktop OS only, and leave server software for those who can get it right? Now that would be just typical MS behaviour, wouldn't it?;-P
The truth is, MS will not stop making server applications because 1) there's a lot of money in servers, especially when you sell your server licences per user (client), so if you have 200 desktops you pay more for the same server than if you have 20. Also a tightly integrated, proprietary client-server solution is much better for locking in corporate users.
But for argument's sake, let's look at security on the desktop. Even on the desktop, Microsoft delegates the responsiblity for making a Windows system secure to the end user, who usually isn't knowledgable enough to do anything about it. OTOH, no end user likes to lose data or having to reinstall software. No end user expects their computer being used in attacks against other computers on the Internet. Hence we must have *some* amount of security, and enable it by default.
OK, no software is perfect and there are holes in every operating system. But operating systems shouldn't install with ports open and no firewall by default. If firewalling was enabled on every desktop by default, Blaster would have gone nowhere.
So, to sum up my rant, we need a certain minimum amount of security on every computer that is connected to some kind of network (including of course the Internet).
...except, of course the fact that the ISP does pay for its traffic to the upstream providers. But that's their problem, not the users'. If they advertise their service 'unlimited', then they should be prepared to pay for what they customers use.
Which leaves us with nothing but the argument that a few people are hogging bandwidth from everyone else. There are a lot of things that could be done about that, even by using just some Linux boxen as a traffic shapers.
otherwise they would not have invested some amount of time and energy into its implementation
I don't know about the effort they put into it... If you look at the previous articles about Sitefinder, a number of people pointed out a whole heap of cross-site scripting vulnerablities. While these cannot be used to compromise the server itself, they suggest that the site was coded up in a hurry and without much regard for security -- and that there will probably be other holes in the code.
Wouldn't it be great to see '0W|\|z3d By l337 H4XX0r d00dz' when you mistype a domain name?;-)
I'm sure every script kiddie out there is itching to be the first to deface Sitefinder.
The outrage about Verisign's move has nothing to do with whether or not they're making money on it and everything to do with breaking a system people rely on. It does add oil to the fire that they have commercial motives for doing so, but the point is that DNS is expected to behave a certain way and they have arbitarily changed it without asking anyone (IETF, ICANN, etc). And this broke a lot of systems that relied on DNS's expected behaviour.
And of course there's the principle that as guardians of a tld (and effectively a monopoly), they should not abuse their position -- not that they haven't proven it already that they are simply incapable of doing so. ICANN should really have a "three strikes and you're out" system to deal with practices like this.
I for one would really like to see the OpenNIC nameservers correct Verisign's action. The OpenNIC policy does indeed sound fair, but DNS is a public service that primarily exists for the users, not to provide Verisign with a cash cow.
It might be that Verisign has the right to do this, but they are doing this against the net community's wishes. And there isn't a damn thing users can do about it, which is why the Bind developers took matters into their own hands. I urge OpenNIC to do the same, or at least vote on the issue.
I don't see how DDoS-ing the root servers is going to solve this problem. A successful DoS attack against the root servers will just cause total mayhem as even legitimate domain names won't resolve any more.
Well, actually I do see the point in doing just that, but are we prepared to destroy DNS in order to save it?
Googling for OpenDNS returns OpenNIC on top, because that's exactly what it is. An open and democratic alternate DNS system. You really could at least Google around before coming up with an "original" idea like that;P
IANAWW (I am not a worm writer) but I don't think it's possible to DDoS anything by targeting a single server. When a worm (IIRC it was Code Red) had a payload intended to knock out www.whitehouse.gov, the sysadmins there responded by simply changing the IP address of the site.
OTOH it would be possible to cause a headache to Verisign by writing a worm that attempted to connect to addresses in the form of 'www..com'. But this could only be a payload, not the primary means of spreading as it's hugely inefficient (the worm would have a hard time finding machines to infect, even if it exploited vulnerabilities in both Apache and IIS). Scanning for IP addresses has waaaay better chance for succeeding.
Also if someone did write a successful worm that had a payload like this, it would be much more likely that it brought down all root DNS servers first, making the Net unusable for pretty much anyone.
It will take lots of these, but it beats my previous method of typing abusive nonexistent domainnames like www.couldyoupleasestopactinglikewankersandstopthis.com in my browser...
Wasn't OpenNIC created to prevent exactly this kind of abuse? People might just start using them if VeriSign carries on in this manner...
"The OpenNIC is a user owned and controlled Network Information Center offering a democratic, non-national, alternative to the traditional Top-Level Domain registries.
"Users of the OpenNIC DNS servers, in addition to resolving host names in the Legacy U.S. Government DNS, can resolve host names in the OpenNIC operated namespaces as well as in the namespaces with which we have peering agreements (at this time those are AlterNIC and The Pacific Root).
"Membership in the OpenNIC is open to every user of the Internet. All decisions are made either by a democratically elected administrator or through a direct ballot of the interested members and all decisions, regardless of how they are made, within OpenNIC are appealable to a vote of the general membership."
It sounds a whole lot better than the current system to me...
I have tried the above method with my ISP because I know that they use a transparent proxy (Squid). By telnetting to www.google.com 80, not only did I get redirected to/. by typing
GET http://slashdot.org/ HTTP/1.0
but by typing:
GET / HTTP/1.0<br> Host: slashdot.org
However if I omitted the 'Host' header and simply typed 'GET / HTTP/1.0' I was taken to Google.
The proxy should perform it's own lookup in the first example but not in the second. Isn't this what's causing the problem?
Slashdot Mirror
Nope, sorry, no changes to drivers/video/radeonfb.c. Are either of these bugs the problem you're having? If not, then you should report it here.
I've been using the 2.5 series since 2.5.66 or so. The main reasons I recommend 2.6 are:
These are the ones I can think of off the top of my head. I haven't used the built-in IPSEC yet, and software suspend still doesn't work properly on my laptop, but it's not far off. 2.6 will be a pretty sweet series.
I have a serious hardware problem. I run Linux on my laptop you insensitive clod!
Perhaps someone (or a bunch of people) should download the Slashcode and make a standards-compliant version?
I thought about it before and might just do it eventually. The question is, will it actually be used? A major geek site like Slashdot should really make it a priority to conform to web standards.
Perhaps MS should make a desktop OS only, and leave server software for those who can get it right? Now that would be just typical MS behaviour, wouldn't it? ;-P
The truth is, MS will not stop making server applications because 1) there's a lot of money in servers, especially when you sell your server licences per user (client), so if you have 200 desktops you pay more for the same server than if you have 20. Also a tightly integrated, proprietary client-server solution is much better for locking in corporate users.
But for argument's sake, let's look at security on the desktop. Even on the desktop, Microsoft delegates the responsiblity for making a Windows system secure to the end user, who usually isn't knowledgable enough to do anything about it. OTOH, no end user likes to lose data or having to reinstall software. No end user expects their computer being used in attacks against other computers on the Internet. Hence we must have *some* amount of security, and enable it by default.
OK, no software is perfect and there are holes in every operating system. But operating systems shouldn't install with ports open and no firewall by default. If firewalling was enabled on every desktop by default, Blaster would have gone nowhere.
So, to sum up my rant, we need a certain minimum amount of security on every computer that is connected to some kind of network (including of course the Internet).
...except, of course the fact that the ISP does pay for its traffic to the upstream providers. But that's their problem, not the users'. If they advertise their service 'unlimited', then they should be prepared to pay for what they customers use.
Which leaves us with nothing but the argument that a few people are hogging bandwidth from everyone else. There are a lot of things that could be done about that, even by using just some Linux boxen as a traffic shapers.See the Linux Advanced Routing & Traffic Control Howto for some ideas.
I don't know about the effort they put into it... If you look at the previous articles about Sitefinder, a number of people pointed out a whole heap of cross-site scripting vulnerablities. While these cannot be used to compromise the server itself, they suggest that the site was coded up in a hurry and without much regard for security -- and that there will probably be other holes in the code.
Wouldn't it be great to see '0W|\|z3d By l337 H4XX0r d00dz' when you mistype a domain name? ;-)
I'm sure every script kiddie out there is itching to be the first to deface Sitefinder.
The outrage about Verisign's move has nothing to do with whether or not they're making money on it and everything to do with breaking a system people rely on. It does add oil to the fire that they have commercial motives for doing so, but the point is that DNS is expected to behave a certain way and they have arbitarily changed it without asking anyone (IETF, ICANN, etc). And this broke a lot of systems that relied on DNS's expected behaviour.
And of course there's the principle that as guardians of a tld (and effectively a monopoly), they should not abuse their position -- not that they haven't proven it already that they are simply incapable of doing so. ICANN should really have a "three strikes and you're out" system to deal with practices like this.
I for one would really like to see the OpenNIC nameservers correct Verisign's action. The OpenNIC policy does indeed sound fair, but DNS is a public service that primarily exists for the users, not to provide Verisign with a cash cow.
It might be that Verisign has the right to do this, but they are doing this against the net community's wishes. And there isn't a damn thing users can do about it, which is why the Bind developers took matters into their own hands. I urge OpenNIC to do the same, or at least vote on the issue.
I don't see how DDoS-ing the root servers is going to solve this problem. A successful DoS attack against the root servers will just cause total mayhem as even legitimate domain names won't resolve any more.
Well, actually I do see the point in doing just that, but are we prepared to destroy DNS in order to save it?
Googling for OpenDNS returns OpenNIC on top, because that's exactly what it is. An open and democratic alternate DNS system. You really could at least Google around before coming up with an "original" idea like that ;P
IANAWW (I am not a worm writer) but I don't think it's possible to DDoS anything by targeting a single server. When a worm (IIRC it was Code Red) had a payload intended to knock out www.whitehouse.gov, the sysadmins there responded by simply changing the IP address of the site.
OTOH it would be possible to cause a headache to Verisign by writing a worm that attempted to connect to addresses in the form of 'www..com'. But this could only be a payload, not the primary means of spreading as it's hugely inefficient (the worm would have a hard time finding machines to infect, even if it exploited vulnerabilities in both Apache and IIS). Scanning for IP addresses has waaaay better chance for succeeding.
Also if someone did write a successful worm that had a payload like this, it would be much more likely that it brought down all root DNS servers first, making the Net unusable for pretty much anyone.
It will take lots of these, but it beats my previous method of typing abusive nonexistent domainnames like www.couldyoupleasestopactinglikewankersandstopthis .com in my browser...
Wasn't OpenNIC created to prevent exactly this kind of abuse? People might just start using them if VeriSign carries on in this manner...
It sounds a whole lot better than the current system to me...
I have tried the above method with my ISP because I know that they use a transparent proxy (Squid). By telnetting to www.google.com 80, not only did I get redirected to /. by typing
but by typing:
However if I omitted the 'Host' header and simply typed 'GET / HTTP/1.0' I was taken to Google.
The proxy should perform it's own lookup in the first example but not in the second. Isn't this what's causing the problem?