UpFront

diff -u, They Said It and more.
diff -u: What's New in Kernel Development

by Zach Brown

Last month I wrote about digsig, a security module that checks the checksum of a binary before executing it to ensure that no compromised code is run on a given system. Apparently, I was a bit more enthusiastic than various kernel developers, notably Alexander Viro and Pavel Machek. It turns out (and the digsig developers agree with this) that digsig is no more than a temporary security tactic, which script kiddies would be able to work around after a fairly short time. Historically, these sorts of temporary measures never have been adopted into the kernel, precisely because they don't provide a robust solution.

With the 2.6.0-test1 kernel released in early November 2003, Linus Torvalds announced a stability freeze, meaning patches would be accepted only if they fixed data corruption, system crashes or some other serious breakage. Even cleanup patches that don't actually change the behavior of the code are being rejected now. According to Linus, the goal is to start the final preparations for the official 2.6.0 release, at which point he has strongly hinted that he immediately will hand maintainership of the 2.6 tree to Andrew Morton. This is a change from 2.4, where he handed maintainership to Marcelo Tosatti only after several releases. There is still no indication of when the 2.7 tree will fork; it could occur at the same time as the hand-off to Andrew, though certainly not before.

Rusty Russell and Tim Hockin together have produced a patch to raise the number of supported groups under Linux to well over 200. In fact, the patch supports thousands of groups, something various folks (like some of Tim's Samba clients) sometimes want. Linus Torvalds felt that some incarnations of their patch were uglier than others, but apparently he's ready to consider support for that many groups, as long as the implementation doesn't make him retch too hard into his hand.

Ian Pratt and others from the University of Cambridge Computer Laboratory Systems Research Group have produced the first stable release of their Xen virtual machine monitor for the x86 architecture and have ported the 2.4.22 kernel to it as a guest OS. Xen is designed to run multiple operating systems simultaneously on a single computer. Once a kernel is ported to Xen, all user binaries apparently will run unchanged; so in theory any Linux distribution would run under Xen, with a drop-in kernel as the only modification. Currently, it's not possible to run Xen recursively, though various twisted kernel hackers have expressed such an interest.

Eli Billauer has created /dev/frandom, a random number generator that is up to 50 times faster than /dev/urandom, under some tests. Although not intended to be random enough for cryptography (but it might one day become so), it nevertheless is good for scientific simulations, stress tests on algorithms and performing data-wipes. In spite of its various good qualities, it probably will have to live as an external patch for quite a while, as several kernel developers like Nick Piggin feel there is no compelling need to do /dev/frandom in kernel space, because it could be done well enough entirely in user space.

Roman Zippel announced in mid-October 2003 an implementation of the iSCSI specification. Although it's not a complete implementation and uses the deprecated /proc filesystem instead of SysFS for its interface, it apparently is already somewhat usable. Roman has promised to continue maintaining it if there is enough interest, but without help he says it may be slow-going.

SQL-Ledger: www.sql-ledger.com

by David Bandel

I don't think I've seen any project come as fast or as far as this one has in the three years I've been using it. This system offers full double-entry accounting for almost any business in a large number of languages. I'd be hard-pressed to find a better accounting package. Installation is extremely simple. If you have LaTeX installed, you can output PDF files directly or e-mail your bills or statements. The out-of-the-box configuration is based on the Canadian tax system but easily can be adopted to any other system. One of the best features is that the database uses PostgreSQL. If you need a full accounting package for a business, this is it. Requires: Perl, Perl modules DBI, DBD- (DBD-Pg or DBD-Oracle), PostgreSQL or Oracle, Web server capable of running Perl scripts, Web browser and LaTeX (optional).

______________________

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix