by Zach Brown
Last month I wrote about digsig, a security module that checks the checksum of a binary before executing it to ensure that no compromised code is run on a given system. Apparently, I was a bit more enthusiastic than various kernel developers, notably Alexander Viro and Pavel Machek. It turns out (and the digsig developers agree with this) that digsig is no more than a temporary security tactic, which script kiddies would be able to work around after a fairly short time. Historically, these sorts of temporary measures never have been adopted into the kernel, precisely because they don't provide a robust solution.
With the 2.6.0-test1 kernel released in early November 2003, Linus Torvalds announced a stability freeze, meaning patches would be accepted only if they fixed data corruption, system crashes or some other serious breakage. Even cleanup patches that don't actually change the behavior of the code are being rejected now. According to Linus, the goal is to start the final preparations for the official 2.6.0 release, at which point he has strongly hinted that he immediately will hand maintainership of the 2.6 tree to Andrew Morton. This is a change from 2.4, where he handed maintainership to Marcelo Tosatti only after several releases. There is still no indication of when the 2.7 tree will fork; it could occur at the same time as the hand-off to Andrew, though certainly not before.
Rusty Russell and Tim Hockin together have produced a patch to raise the number of supported groups under Linux to well over 200. In fact, the patch supports thousands of groups, something various folks (like some of Tim's Samba clients) sometimes want. Linus Torvalds felt that some incarnations of their patch were uglier than others, but apparently he's ready to consider support for that many groups, as long as the implementation doesn't make him retch too hard into his hand.
Ian Pratt and others from the University of Cambridge Computer Laboratory Systems Research Group have produced the first stable release of their Xen virtual machine monitor for the x86 architecture and have ported the 2.4.22 kernel to it as a guest OS. Xen is designed to run multiple operating systems simultaneously on a single computer. Once a kernel is ported to Xen, all user binaries apparently will run unchanged; so in theory any Linux distribution would run under Xen, with a drop-in kernel as the only modification. Currently, it's not possible to run Xen recursively, though various twisted kernel hackers have expressed such an interest.
Eli Billauer has created /dev/frandom, a random number generator that is up to 50 times faster than /dev/urandom, under some tests. Although not intended to be random enough for cryptography (but it might one day become so), it nevertheless is good for scientific simulations, stress tests on algorithms and performing data-wipes. In spite of its various good qualities, it probably will have to live as an external patch for quite a while, as several kernel developers like Nick Piggin feel there is no compelling need to do /dev/frandom in kernel space, because it could be done well enough entirely in user space.
Roman Zippel announced in mid-October 2003 an implementation of the iSCSI specification. Although it's not a complete implementation and uses the deprecated /proc filesystem instead of SysFS for its interface, it apparently is already somewhat usable. Roman has promised to continue maintaining it if there is enough interest, but without help he says it may be slow-going.
by David Bandel
I don't think I've seen any project come as fast or as far as this one has in the three years I've been using it. This system offers full double-entry accounting for almost any business in a large number of languages. I'd be hard-pressed to find a better accounting package. Installation is extremely simple. If you have LaTeX installed, you can output PDF files directly or e-mail your bills or statements. The out-of-the-box configuration is based on the Canadian tax system but easily can be adopted to any other system. One of the best features is that the database uses PostgreSQL. If you need a full accounting package for a business, this is it. Requires: Perl, Perl modules DBI, DBD- (DBD-Pg or DBD-Oracle), PostgreSQL or Oracle, Web server capable of running Perl scripts, Web browser and LaTeX (optional).
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Client-Side Performance
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Peppermint 7 Released
- Sony Settles in Linux Battle
- Libarchive Security Flaw Discovered
- Maru OS Brings Debian to Your Phone
- The Giant Zero, Part 0.x
- Git 2.9 Released
- Snappy Moves to New Platforms
- Profiles and RC Files
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide